This page mentions the following as part of the Secure computing section:
Seccomp is also a Linux kernel security module, and is natively supported by the Docker runtime used by AKS nodes.
I was under the impression AKS no longer uses Docker but containerd as the underlying runtime, it seems like this information is outdated?
Another, minor, point of feedback are the steps outlined as part of To see seccomp in action, create a filter that prevents changing permissions on a file.. Perhaps it would be best to link to initiatives such as the https://github.com/kubernetes-sigs/security-profiles-operator in order to managed seccomp profiles?
schaffererin
commented
1 week ago
Type of issue
Outdated article
Feedback
This page mentions the following as part of the Secure computing section:
Seccomp is also a Linux kernel security module, and is natively supported by the Docker runtime used by AKS nodes.
I was under the impression AKS no longer uses Docker but containerd as the underlying runtime, it seems like this information is outdated?
Another, minor, point of feedback are the steps outlined as part of To see seccomp in action, create a filter that prevents changing permissions on a file.. Perhaps it would be best to link to initiatives such as the https://github.com/kubernetes-sigs/security-profiles-operator in order to managed seccomp profiles?
Kind regards, Garnaalkroket
Page URL
https://learn.microsoft.com/en-us/azure/aks/operator-best-practices-cluster-security?tabs=azure-cli
Content source URL
https://github.com/MicrosoftDocs/azure-aks-docs/blob/main/articles/aks/operator-best-practices-cluster-security.md
Author
@schaffererin
Document Id
ef933650-5c49-de38-62c0-23afaeb1716f