Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add seccompProfile.type RuntimeDefault for secure-by-default #3561

Closed
joebowbeer opened this issue Aug 17, 2022 · 0 comments · Fixed by #3562
Closed

Add seccompProfile.type RuntimeDefault for secure-by-default #3561

joebowbeer opened this issue Aug 17, 2022 · 0 comments · Fixed by #3562
Labels
feature-request All issues for new features that have not been committed to needs-discussion

Comments

@joebowbeer
Copy link
Contributor

joebowbeer commented Aug 17, 2022

Proposal

Add seccompProfile.type RuntimeDefault to Deployments as per PSS/restricted spec:

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted

Use-Case

This would bring the default manifests into compliance with PSS/restricted policies.

The policies currently fail because the containers in the two Deployments are missing an explicit seccompProfile type.

kustomize build https://github.com/kyverno/policies//pod-security | \
  kyverno apply --policy-report -r \
  <(kustomize build https://github.com/kedacore/keda//config/default) \
  -

Anything else?

seccompProfile is supported in Kubernetes 1.19+

Relates to kedacore/charts#306

@joebowbeer joebowbeer added feature-request All issues for new features that have not been committed to needs-discussion labels Aug 17, 2022
@joebowbeer joebowbeer changed the title Add secompProfile.type RuntimeDefault for secure-by-default Add seccompProfile.type RuntimeDefault for secure-by-default Aug 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature-request All issues for new features that have not been committed to needs-discussion
Projects
Archived in project
Development

Successfully merging a pull request may close this issue.

1 participant