Add docker/default seccomp to control plane and addons

* Annotate pods, deployments, and daemonsets to start containers with the Docker runtime's default seccomp profile * Overrides Kubernetes default behavior which started containers with seccomp=unconfined * https://docs.docker.com/engine/security/seccomp/#pass-a-profile-for-a-container
2025-07-21 18:01:32 +02:00 · 2018-10-15 23:24:27 -07:00
parent 8f0d2b5db4
commit 5eb4078d68
26 changed files with 43 additions and 9 deletions
--- a/addons/nginx-ingress/google-cloud/default-backend/deployment.yaml
+++ b/addons/nginx-ingress/google-cloud/default-backend/deployment.yaml
@ -14,6 +14,8 @@ spec:
      labels:
        name: default-backend
        phase: prod
+      annotations:
+        seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
    spec:
      containers:
        - name: default-backend