Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add seccompProfile.type RuntimeDefault for secure-by-default #3561

Closed
joebowbeer opened this issue Aug 17, 2022 · 0 comments · Fixed by #3562
Closed

Add seccompProfile.type RuntimeDefault for secure-by-default #3561

joebowbeer opened this issue Aug 17, 2022 · 0 comments · Fixed by #3562
Labels
feature-request All issues for new features that have not been committed to needs-discussion

Comments

@joebowbeer
Copy link
Contributor

joebowbeer commented Aug 17, 2022
edited
Loading

Proposal

Add seccompProfile.type RuntimeDefault to Deployments as per PSS/restricted spec:

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted

Use-Case

This would bring the default manifests into compliance with PSS/restricted policies.

The policies currently fail because the containers in the two Deployments are missing an explicit seccompProfile type.

kustomize build https://github.com/kyverno/policies//pod-security | \
  kyverno apply --policy-report -r \
  <(kustomize build https://github.com/kedacore/keda//config/default) \
  -

Anything else?

seccompProfile is supported in Kubernetes 1.19+

Relates to kedacore/charts#306
@joebowbeer joebowbeer added feature-request All issues for new features that have not been committed to needs-discussion labels Aug 17, 2022
@joebowbeer joebowbeer changed the title Add secompProfile.type RuntimeDefault for secure-by-default Add seccompProfile.type RuntimeDefault for secure-by-default Aug 17, 2022
@joebowbeer joebowbeer mentioned this issue Aug 17, 2022
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request All issues for new features that have not been committed to needs-discussion
Projects
Roadmap - KEDA Core
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add seccompProfile joebowbeer/keda
1 participant
@joebowbeer