Closed NissesSenap closed 2 years ago
Use OPA to automatically set seccompProfile in all pods to RuntimeDefault unless a seccompProfile is defined.
apiVersion: v1 kind: Pod metadata: name: default-pod labels: app: default-pod spec: securityContext: seccompProfile: type: RuntimeDefault containers: - name: test-container image: hashicorp/http-echo:0.2.3 args: - "-text=just made some more syscalls!" securityContext: allowPrivilegeEscalation: false
If no seccompProfile is defined the default value is Unconfined but it isn't shown in a pod by default.
Unconfined
Use OPA to automatically set seccompProfile in all pods to RuntimeDefault unless a seccompProfile is defined.
If no seccompProfile is defined the default value is
Unconfinedbut it isn't shown in a pod by default.