Support custom Seccomp Profiles

[Neumann-Nils]

Description

This pull request introduces support for custom Seccomp profiles. A user can create/provide his Seccomp profile and karydia will distribute and maintain it on all nodes in the cluster. Moreover, karydia will enforce the Seccomp profile on all created pods/containers.

Note: This draft pull request is just to get feedback. This implementation includes one workaround that keeps the pods of the daemonset alive such that they will not restart over and over again (a daemonset does not yet support restartPolicy: Never). This is described in issue #163.

Checklist

Before submitting this PR, please make sure:

• [x] you have documented new or changed features

[Neumann-Nils]

You can use the following Seccomp profile to test it (try chmod +x /bin):

placeholder_seccomp.json:

{
 "defaultAction": "SCMP_ACT_ALLOW",
 "architectures": [
   "SCMP_ARCH_X86_64",
   "SCMP_ARCH_X86",
   "SCMP_ARCH_X32"
 ],
 "syscalls": [
   {
     "names": [
       "chmod"
     ],
     "action": "SCMP_ACT_ERRNO",
     "args": [],
     "comment": "",
     "includes": {},
     "excludes": {}
   }
 ]
}

Just copy this file into install/charts/custom-seccomp-profiles/ and change seccompProfile: "localhost/placeholder_seccomp.json“ in the "values.yaml". Thus, this profile will be applied to all created pods and containers.