From fe6424e2b15d0cd451632413b5fe0fc6516c9587 Mon Sep 17 00:00:00 2001
From: Camila Macedo <cmacedo@redhat.com>
Date: Mon, 13 Jun 2022 13:33:57 +0100
Subject: [PATCH] :sparkling: adding comment one the scaffolds to warn users
 about the seccomp spec field usage

---
 .../internal/templates/config/manager/config.go        | 10 ++++++++--
 .../internal/templates/config/manager/config.go        | 10 ++++++++--
 testdata/project-v3-addon/config/manager/manager.yaml  | 10 ++++++++--
 testdata/project-v3-config/config/manager/manager.yaml | 10 ++++++++--
 .../project-v3-multigroup/config/manager/manager.yaml  | 10 ++++++++--
 .../project-v3-v1beta1/config/manager/manager.yaml     | 10 ++++++++--
 .../config/manager/manager.yaml                        | 10 ++++++++--
 testdata/project-v3/config/manager/manager.yaml        | 10 ++++++++--
 8 files changed, 64 insertions(+), 16 deletions(-)

diff --git a/pkg/plugins/common/kustomize/v1/scaffolds/internal/templates/config/manager/config.go b/pkg/plugins/common/kustomize/v1/scaffolds/internal/templates/config/manager/config.go
index 8ff3038cac9..7e9a5b69baf 100644
--- a/pkg/plugins/common/kustomize/v1/scaffolds/internal/templates/config/manager/config.go
+++ b/pkg/plugins/common/kustomize/v1/scaffolds/internal/templates/config/manager/config.go
@@ -72,8 +72,14 @@ spec:
     spec:
       securityContext:
         runAsNonRoot: true
-        seccompProfile:
-          type: RuntimeDefault
+        # TODO(user): For common cases that do not require escalating privileges
+        # it is recommended to ensure that all your Pods/Containers are restrictive.
+        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted    
+        # Please uncomment the following code if you are NOT looking 
+        # for to built projects which must work on old Kubernetes versions < 1.19 or 
+        # on vendors versions which are NOT supporting this field by default (i.e. Openshift < 4.11 ).
+        # seccompProfile:
+        #   type: RuntimeDefault
       containers:
       - command:
         - /manager
diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/manager/config.go b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/manager/config.go
index 8ff3038cac9..7e9a5b69baf 100644
--- a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/manager/config.go
+++ b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/manager/config.go
@@ -72,8 +72,14 @@ spec:
     spec:
       securityContext:
         runAsNonRoot: true
-        seccompProfile:
-          type: RuntimeDefault
+        # TODO(user): For common cases that do not require escalating privileges
+        # it is recommended to ensure that all your Pods/Containers are restrictive.
+        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted    
+        # Please uncomment the following code if you are NOT looking 
+        # for to built projects which must work on old Kubernetes versions < 1.19 or 
+        # on vendors versions which are NOT supporting this field by default (i.e. Openshift < 4.11 ).
+        # seccompProfile:
+        #   type: RuntimeDefault
       containers:
       - command:
         - /manager
diff --git a/testdata/project-v3-addon/config/manager/manager.yaml b/testdata/project-v3-addon/config/manager/manager.yaml
index d857a2f90f7..075d0c9e1c9 100644
--- a/testdata/project-v3-addon/config/manager/manager.yaml
+++ b/testdata/project-v3-addon/config/manager/manager.yaml
@@ -26,8 +26,14 @@ spec:
     spec:
       securityContext:
         runAsNonRoot: true
-        seccompProfile:
-          type: RuntimeDefault
+        # TODO(user): For common cases that do not require escalating privileges
+        # it is recommended to ensure that all your Pods/Containers are restrictive.
+        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted    
+        # Please uncomment the following code if you are NOT looking 
+        # for to built projects which must work on old Kubernetes versions < 1.19 or 
+        # on vendors versions which are NOT supporting this field by default (i.e. Openshift < 4.11 ).
+        # seccompProfile:
+        #   type: RuntimeDefault
       containers:
       - command:
         - /manager
diff --git a/testdata/project-v3-config/config/manager/manager.yaml b/testdata/project-v3-config/config/manager/manager.yaml
index e6ba8de7902..58ac6060136 100644
--- a/testdata/project-v3-config/config/manager/manager.yaml
+++ b/testdata/project-v3-config/config/manager/manager.yaml
@@ -26,8 +26,14 @@ spec:
     spec:
       securityContext:
         runAsNonRoot: true
-        seccompProfile:
-          type: RuntimeDefault
+        # TODO(user): For common cases that do not require escalating privileges
+        # it is recommended to ensure that all your Pods/Containers are restrictive.
+        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted    
+        # Please uncomment the following code if you are NOT looking 
+        # for to built projects which must work on old Kubernetes versions < 1.19 or 
+        # on vendors versions which are NOT supporting this field by default (i.e. Openshift < 4.11 ).
+        # seccompProfile:
+        #   type: RuntimeDefault
       containers:
       - command:
         - /manager
diff --git a/testdata/project-v3-multigroup/config/manager/manager.yaml b/testdata/project-v3-multigroup/config/manager/manager.yaml
index d857a2f90f7..075d0c9e1c9 100644
--- a/testdata/project-v3-multigroup/config/manager/manager.yaml
+++ b/testdata/project-v3-multigroup/config/manager/manager.yaml
@@ -26,8 +26,14 @@ spec:
     spec:
       securityContext:
         runAsNonRoot: true
-        seccompProfile:
-          type: RuntimeDefault
+        # TODO(user): For common cases that do not require escalating privileges
+        # it is recommended to ensure that all your Pods/Containers are restrictive.
+        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted    
+        # Please uncomment the following code if you are NOT looking 
+        # for to built projects which must work on old Kubernetes versions < 1.19 or 
+        # on vendors versions which are NOT supporting this field by default (i.e. Openshift < 4.11 ).
+        # seccompProfile:
+        #   type: RuntimeDefault
       containers:
       - command:
         - /manager
diff --git a/testdata/project-v3-v1beta1/config/manager/manager.yaml b/testdata/project-v3-v1beta1/config/manager/manager.yaml
index d857a2f90f7..075d0c9e1c9 100644
--- a/testdata/project-v3-v1beta1/config/manager/manager.yaml
+++ b/testdata/project-v3-v1beta1/config/manager/manager.yaml
@@ -26,8 +26,14 @@ spec:
     spec:
       securityContext:
         runAsNonRoot: true
-        seccompProfile:
-          type: RuntimeDefault
+        # TODO(user): For common cases that do not require escalating privileges
+        # it is recommended to ensure that all your Pods/Containers are restrictive.
+        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted    
+        # Please uncomment the following code if you are NOT looking 
+        # for to built projects which must work on old Kubernetes versions < 1.19 or 
+        # on vendors versions which are NOT supporting this field by default (i.e. Openshift < 4.11 ).
+        # seccompProfile:
+        #   type: RuntimeDefault
       containers:
       - command:
         - /manager
diff --git a/testdata/project-v3-with-kustomize-v2/config/manager/manager.yaml b/testdata/project-v3-with-kustomize-v2/config/manager/manager.yaml
index d857a2f90f7..075d0c9e1c9 100644
--- a/testdata/project-v3-with-kustomize-v2/config/manager/manager.yaml
+++ b/testdata/project-v3-with-kustomize-v2/config/manager/manager.yaml
@@ -26,8 +26,14 @@ spec:
     spec:
       securityContext:
         runAsNonRoot: true
-        seccompProfile:
-          type: RuntimeDefault
+        # TODO(user): For common cases that do not require escalating privileges
+        # it is recommended to ensure that all your Pods/Containers are restrictive.
+        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted    
+        # Please uncomment the following code if you are NOT looking 
+        # for to built projects which must work on old Kubernetes versions < 1.19 or 
+        # on vendors versions which are NOT supporting this field by default (i.e. Openshift < 4.11 ).
+        # seccompProfile:
+        #   type: RuntimeDefault
       containers:
       - command:
         - /manager
diff --git a/testdata/project-v3/config/manager/manager.yaml b/testdata/project-v3/config/manager/manager.yaml
index d857a2f90f7..075d0c9e1c9 100644
--- a/testdata/project-v3/config/manager/manager.yaml
+++ b/testdata/project-v3/config/manager/manager.yaml
@@ -26,8 +26,14 @@ spec:
     spec:
       securityContext:
         runAsNonRoot: true
-        seccompProfile:
-          type: RuntimeDefault
+        # TODO(user): For common cases that do not require escalating privileges
+        # it is recommended to ensure that all your Pods/Containers are restrictive.
+        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted    
+        # Please uncomment the following code if you are NOT looking 
+        # for to built projects which must work on old Kubernetes versions < 1.19 or 
+        # on vendors versions which are NOT supporting this field by default (i.e. Openshift < 4.11 ).
+        # seccompProfile:
+        #   type: RuntimeDefault
       containers:
       - command:
         - /manager