Skip to content

Commit

Permalink
:sparkling: adding comment one the scaffolds to warn users about the …
Browse files Browse the repository at this point in the history 
…seccomp spec field usage
  • Loading branch information
Camila Macedo committed Jun 13, 2022
1 parent eea565c commit 565e293
Show file tree
Hide file tree
Showing 8 changed files with 50 additions and 12 deletions.
9 changes: 7 additions & 2 deletions pkg/plugins/common/kustomize/v1/scaffolds/internal/templates/config/manager/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,8 +72,13 @@ spec:
spec:
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
# TODO(user): For common cases that do not require escalating privileges
# it is recommended ensure that all your Pods/Containers are restrictive.
# On this case, you can uncomment the following code. However, if you are looking
# for to built projects which must work on old Kubernetes versions < 1.19 or
# on vendors versions which are NOT supporting this field (i.e. Openshift < 4.11 ).
# seccompProfile:
# type: RuntimeDefault
containers:
- command:
- /manager
Expand Down
4 changes: 4 additions & 0 deletions pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/manager/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,10 @@ spec:
spec:
securityContext:
runAsNonRoot: true
# Note: Do no use the seccompProfile if you are looking for
# to support old Kubernetes versions < 1.19 or distribute
# your solutions on vendors versions which are not supporting
# it like Openshift versions < 4.11.
seccompProfile:
type: RuntimeDefault
containers:
Expand Down
9 changes: 7 additions & 2 deletions testdata/project-v3-addon/config/manager/manager.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,13 @@ spec:
spec:
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
# TODO(user): For common cases that do not require escalating privileges
# it is recommended ensure that all your Pods/Containers are restrictive.
# On this case, you can uncomment the following code. However, if you are looking
# for to built projects which must work on old Kubernetes versions < 1.19 or
# on vendors versions which are NOT supporting this field (i.e. Openshift < 4.11 ).
# seccompProfile:
# type: RuntimeDefault
containers:
- command:
- /manager
Expand Down
9 changes: 7 additions & 2 deletions testdata/project-v3-config/config/manager/manager.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,13 @@ spec:
spec:
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
# TODO(user): For common cases that do not require escalating privileges
# it is recommended ensure that all your Pods/Containers are restrictive.
# On this case, you can uncomment the following code. However, if you are looking
# for to built projects which must work on old Kubernetes versions < 1.19 or
# on vendors versions which are NOT supporting this field (i.e. Openshift < 4.11 ).
# seccompProfile:
# type: RuntimeDefault
containers:
- command:
- /manager
Expand Down
9 changes: 7 additions & 2 deletions testdata/project-v3-multigroup/config/manager/manager.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,13 @@ spec:
spec:
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
# TODO(user): For common cases that do not require escalating privileges
# it is recommended ensure that all your Pods/Containers are restrictive.
# On this case, you can uncomment the following code. However, if you are looking
# for to built projects which must work on old Kubernetes versions < 1.19 or
# on vendors versions which are NOT supporting this field (i.e. Openshift < 4.11 ).
# seccompProfile:
# type: RuntimeDefault
containers:
- command:
- /manager
Expand Down
9 changes: 7 additions & 2 deletions testdata/project-v3-v1beta1/config/manager/manager.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,13 @@ spec:
spec:
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
# TODO(user): For common cases that do not require escalating privileges
# it is recommended ensure that all your Pods/Containers are restrictive.
# On this case, you can uncomment the following code. However, if you are looking
# for to built projects which must work on old Kubernetes versions < 1.19 or
# on vendors versions which are NOT supporting this field (i.e. Openshift < 4.11 ).
# seccompProfile:
# type: RuntimeDefault
containers:
- command:
- /manager
Expand Down
4 changes: 4 additions & 0 deletions testdata/project-v3-with-kustomize-v2/config/manager/manager.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,10 @@ spec:
spec:
securityContext:
runAsNonRoot: true
# Note: Do no use the seccompProfile if you are looking for
# to support old Kubernetes versions < 1.19 or distribute
# your solutions on vendors versions which are not supporting
# it like Openshift versions < 4.11.
seccompProfile:
type: RuntimeDefault
containers:
Expand Down
9 changes: 7 additions & 2 deletions testdata/project-v3/config/manager/manager.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,13 @@ spec:
spec:
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
# TODO(user): For common cases that do not require escalating privileges
# it is recommended ensure that all your Pods/Containers are restrictive.
# On this case, you can uncomment the following code. However, if you are looking
# for to built projects which must work on old Kubernetes versions < 1.19 or
# on vendors versions which are NOT supporting this field (i.e. Openshift < 4.11 ).
# seccompProfile:
# type: RuntimeDefault
containers:
- command:
- /manager
Expand Down

0 comments on commit 565e293

Please sign in to comment.