Core Components/Managed applications need to have a default seccomp profile set.

[gawertm]

As part of the roadmap issue #259
Managed applications and core components need to have a default seccomp profile set.

Some repositories have already gotten the required changes. For team Rocket the one we'd like you ask you to do is:

• cluster-api-provider-cloud-director

Generally speaking step by step you'll need to at at least:

1. Set seccompprofile on RuntimeDefault in container and pod security context
2. Allow the use of said profiles in the PSP
3. Allow the use of the proper volumes in the PSP (Otherwise pods will have trouble running see: Add Seccomp default profile to managed apps and core components #259 (comment))

However, depending on the repository and nature of the component/application, this might differ.

Here's an example for step 1 and 2:
giantswarm/node-operator@d0c8f18

Here's an example for step 3:
giantswarm/dns-operator-route53@e751393

NOTE: These are the volumes allowed by the restricted PSP as an example, your applications might not need them all, or needs others. We've seen most issues with the volumes Secrets, Projected, and ConfigMap.

[jkremser]

done for cluster-api-provider-cloud-director-app