set seccompProfile to RuntimeDefault unless defined

Question

set seccompProfile to RuntimeDefault unless defined

NissesSenap opened this issue 2 years ago · comments

Use OPA to automatically set seccompProfile in all pods to RuntimeDefault unless a seccompProfile is defined.

apiVersion: v1
kind: Pod
metadata:
  name: default-pod
  labels:
    app: default-pod
spec:
  securityContext:
    seccompProfile:
      type: RuntimeDefault
  containers:
  - name: test-container
    image: hashicorp/http-echo:0.2.3
    args:
    - "-text=just made some more syscalls!"
    securityContext:
      allowPrivilegeEscalation: false

If no seccompProfile is defined the default value is Unconfined but it isn't shown in a pod by default.