mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 20:24:09 +00:00
Merge pull request #64276 from wangzhen127/manifests-seccomp
Automatic merge from submit-queue (batch tested with PRs 64276, 64094, 64719, 64766, 64750). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Use default seccomp profile for GCE manifests **What this PR does / why we need it**: This PR sets the default seccomp profile of unprivileged addons to 'docker/default' for GCE manifests. This PR is a followup of #62662. We are using 'docker/default' instead of 'runtime/default' in addons in order to handle node version skew. When seccomp profile is applied automatically by default later, we can remove those annotations. This is PR is part of #39845. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes # **Special notes for your reviewer**: **Release note**: ```release-note NONE ```
This commit is contained in:
commit
e2d997cfea
@ -7,6 +7,9 @@
|
|||||||
"labels": {
|
"labels": {
|
||||||
"tier": "cluster-management",
|
"tier": "cluster-management",
|
||||||
"component": "cluster-autoscaler"
|
"component": "cluster-autoscaler"
|
||||||
|
},
|
||||||
|
"annotations": {
|
||||||
|
"seccomp.security.alpha.kubernetes.io/pod": "docker/default"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"spec": {
|
"spec": {
|
||||||
|
@ -5,6 +5,7 @@ metadata:
|
|||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
annotations:
|
annotations:
|
||||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||||
|
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
|
||||||
labels:
|
labels:
|
||||||
k8s-app: etcd-empty-dir-cleanup
|
k8s-app: etcd-empty-dir-cleanup
|
||||||
spec:
|
spec:
|
||||||
|
@ -5,7 +5,8 @@
|
|||||||
"name":"etcd-server{{ suffix }}",
|
"name":"etcd-server{{ suffix }}",
|
||||||
"namespace": "kube-system",
|
"namespace": "kube-system",
|
||||||
"annotations": {
|
"annotations": {
|
||||||
"scheduler.alpha.kubernetes.io/critical-pod": ""
|
"scheduler.alpha.kubernetes.io/critical-pod": "",
|
||||||
|
"seccomp.security.alpha.kubernetes.io/pod": "docker/default"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"spec":{
|
"spec":{
|
||||||
@ -62,7 +63,7 @@
|
|||||||
"ports": [
|
"ports": [
|
||||||
{ "name": "serverport",
|
{ "name": "serverport",
|
||||||
"containerPort": {{ server_port }},
|
"containerPort": {{ server_port }},
|
||||||
"hostPort": {{ server_port }}
|
"hostPort": {{ server_port }}
|
||||||
},
|
},
|
||||||
{ "name": "clientport",
|
{ "name": "clientport",
|
||||||
"containerPort": {{ port }},
|
"containerPort": {{ port }},
|
||||||
|
@ -5,6 +5,7 @@ metadata:
|
|||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
annotations:
|
annotations:
|
||||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||||
|
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
|
||||||
labels:
|
labels:
|
||||||
k8s-app: gcp-lb-controller
|
k8s-app: gcp-lb-controller
|
||||||
version: v1.1.1
|
version: v1.1.1
|
||||||
|
@ -5,6 +5,7 @@ metadata:
|
|||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
annotations:
|
annotations:
|
||||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||||
|
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
|
||||||
labels:
|
labels:
|
||||||
component: kube-addon-manager
|
component: kube-addon-manager
|
||||||
spec:
|
spec:
|
||||||
|
@ -5,7 +5,8 @@
|
|||||||
"name":"kube-apiserver",
|
"name":"kube-apiserver",
|
||||||
"namespace": "kube-system",
|
"namespace": "kube-system",
|
||||||
"annotations": {
|
"annotations": {
|
||||||
"scheduler.alpha.kubernetes.io/critical-pod": ""
|
"scheduler.alpha.kubernetes.io/critical-pod": "",
|
||||||
|
"seccomp.security.alpha.kubernetes.io/pod": "docker/default"
|
||||||
},
|
},
|
||||||
"labels": {
|
"labels": {
|
||||||
"tier": "control-plane",
|
"tier": "control-plane",
|
||||||
|
@ -5,7 +5,8 @@
|
|||||||
"name":"kube-controller-manager",
|
"name":"kube-controller-manager",
|
||||||
"namespace": "kube-system",
|
"namespace": "kube-system",
|
||||||
"annotations": {
|
"annotations": {
|
||||||
"scheduler.alpha.kubernetes.io/critical-pod": ""
|
"scheduler.alpha.kubernetes.io/critical-pod": "",
|
||||||
|
"seccomp.security.alpha.kubernetes.io/pod": "docker/default"
|
||||||
},
|
},
|
||||||
"labels": {
|
"labels": {
|
||||||
"tier": "control-plane",
|
"tier": "control-plane",
|
||||||
|
@ -5,7 +5,8 @@
|
|||||||
"name":"kube-scheduler",
|
"name":"kube-scheduler",
|
||||||
"namespace": "kube-system",
|
"namespace": "kube-system",
|
||||||
"annotations": {
|
"annotations": {
|
||||||
"scheduler.alpha.kubernetes.io/critical-pod": ""
|
"scheduler.alpha.kubernetes.io/critical-pod": "",
|
||||||
|
"seccomp.security.alpha.kubernetes.io/pod": "docker/default"
|
||||||
},
|
},
|
||||||
"labels": {
|
"labels": {
|
||||||
"tier": "control-plane",
|
"tier": "control-plane",
|
||||||
|
Loading…
Reference in New Issue
Block a user