From 39e1020c5876298ea5457105d263da918b50308e Mon Sep 17 00:00:00 2001
From: Dalton Hubble <dghubble@gmail.com>
Date: Mon, 15 Oct 2018 23:24:27 -0700
Subject: [PATCH] Add docker/default seccomp to control plane and addons

* Annotate pods, deployments, and daemonsets to start containers
with the Docker runtime's default seccomp profile
* Overrides Kubernetes default behavior which started containers
with seccomp=unconfined
* https://docs.docker.com/engine/security/seccomp/#pass-a-profile-for-a-container
---
 container-linux/kubernetes/bootkube.tf | 2 +-
 fedora-atomic/kubernetes/bootkube.tf   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/container-linux/kubernetes/bootkube.tf b/container-linux/kubernetes/bootkube.tf
index bc28a56e0..6a7b8504a 100644
--- a/container-linux/kubernetes/bootkube.tf
+++ b/container-linux/kubernetes/bootkube.tf
@@ -1,6 +1,6 @@
 # Self-hosted Kubernetes assets (kubeconfig, manifests)
 module "bootkube" {
-  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=f7c2f8d590dcca0cb9bd4de15d765cad29109455"
+  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=2437023c1050609b749850e9b2301a6f00713680"
 
   cluster_name                    = "${var.cluster_name}"
   api_servers                     = ["${var.k8s_domain_name}"]
diff --git a/fedora-atomic/kubernetes/bootkube.tf b/fedora-atomic/kubernetes/bootkube.tf
index 323b02818..83bbe1b70 100644
--- a/fedora-atomic/kubernetes/bootkube.tf
+++ b/fedora-atomic/kubernetes/bootkube.tf
@@ -1,6 +1,6 @@
 # Self-hosted Kubernetes assets (kubeconfig, manifests)
 module "bootkube" {
-  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=f7c2f8d590dcca0cb9bd4de15d765cad29109455"
+  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=2437023c1050609b749850e9b2301a6f00713680"
 
   cluster_name          = "${var.cluster_name}"
   api_servers           = ["${var.k8s_domain_name}"]