External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-05-08 01:47:37 -02:30
Code Issues Packages Projects Releases Wiki Activity

Replace seccomp profile docker/default with runtime/default (#6170)

Browse Source 
Signed-off-by: Wang Zhen <lazybetrayer@gmail.com>
This commit is contained in:
Wang Zhen
2020-05-28 05:02:02 +08:00
committed by GitHub
parent 4fd03b93f7
commit d62836f2ab
14 changed files with 25 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
View File

@@ -22,7 +22,7 @@ spec:
labels:
k8s-app: kube-dns{{ coredns_ordinal_suffix }}
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
spec:
priorityClassName: system-cluster-critical
nodeSelector:

2
roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2
View File

@@ -31,7 +31,7 @@ spec:
k8s-app: dns-autoscaler{{ coredns_ordinal_suffix }}
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ""
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
spec:
priorityClassName: system-cluster-critical
securityContext:

4
roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-psp.yml.j2
View File

@@ -4,8 +4,8 @@ kind: PodSecurityPolicy
metadata:
name: netchecker-agent-hostnet
annotations:
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'runtime/default'
{% if apparmor_enabled %}
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'