derekpoindexter
commented
1 year ago The migration action for 1.25 clusters is to move away from the deprecated annotations and instead use the pod fields. The link we had in the docs was more for system admins to set cluster wide defaults and uses kind clusters as an example. Which is something we set for you.
A more helpful link for you to update your pods or deployments is here - https://kubernetes.io/docs/tutorials/security/seccomp/#create-pod-that-uses-the-container-runtime-default-seccomp-profile
I've updated the docs to point to this example.
On the page for https://cloud.ibm.com/docs/containers?topic=containers-cs_versions_125 , it mentions a link to https://kubernetes.io/docs/tutorials/security/seccomp/. That link doesn't provide the necessary information for configuring SecComp against an IKS cluster, only for local KinD clusters.
IKS provides the Kubernetes nodes and needs to tell what seccomp profiles it makes available by default on its nodes for pod definitions to reference. Note how OpenShift has this document https://docs.openshift.com/container-platform/4.8/security/seccomp-profiles.html#configuring-default-seccomp-profile_configuring-seccomp-profiles , we need something similar for IKS.