-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add default seccomp profile for Managed/Core Components #2116
Labels
Comments
How important is this @Strigix ? |
It gets more important the closer we are to deprecating PSP. |
@TheoBrigitte I think we're done as we have no policy violations on 19.1.0 release anymore |
TheoBrigitte
changed the title
Managed/Core Components need default seccomp profile set.
Add default seccomp profile for Managed/Core Components
Nov 10, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
From @Strigix
As part of the roadmap issue #259
Managed applications and core components need to have a default seccomp profile set.
Some repositories have already gotten the required changes. For team Atlas the ones we'd like you ask you to do are:
Step by step you'll need to at at least:
Here's an example for step 1 and 2:
giantswarm/node-operator@d0c8f18
Here's an example for step 3:
giantswarm/dns-operator-route53@e751393
NOTE: These are the volumes allowed by the restricted PSP as an example, your applications might not need them all, or needs others. We've seen most issues with the volumes Secrets, Projected, and ConfigMap.
The text was updated successfully, but these errors were encountered: