CadolesKube/typhoon
7
0
Fork 0
mirror of https://github.com/puppetmaster/typhoon.git synced 2025-08-12 19:44:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add docker/default seccomp to control plane and addons

Browse Source 
* Annotate pods, deployments, and daemonsets to start containers
with the Docker runtime's default seccomp profile
* Overrides Kubernetes default behavior which started containers
with seccomp=unconfined
* https://docs.docker.com/engine/security/seccomp/#pass-a-profile-for-a-container
This commit is contained in:
Dalton Hubble
2018-10-15 23:24:27 -07:00
parent 8f0d2b5db4
commit 5eb4078d68
26 changed files with 43 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES.md
View File

@ -11,6 +11,8 @@ Notable changes between versions.
* Single-controller clusters continue to run 2 replicas as before
* Raise default CoreDNS replica count to the larger of 2 or the number of controller nodes ([#313](https://github.com/poseidon/typhoon/pull/313))
* Add AntiAffinity preferred rule to favor spreading CoreDNS pods
* Annotate Kubernetes control plane and addons to start containers with the Docker runtime's default seccomp profile ([#319](https://github.com/poseidon/typhoon/pull/319))
* Override Kubernetes default behavior that starts containers with seccomp=unconfined
#### Azure