Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 32 for SeccompProfile (0.54 sec)

  2. github.com/istio/istio

    releasenotes/notes/40115.yaml 

    apiVersion: release-notes/v2
kind: feature
area: installation
issue:
- 39791
releaseNotes:
- |
  **Added** `seccompProfile` fields to set the `seccompProfile` field in container
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue Aug 16 23:57:10 UTC 2022
    - 262 bytes
    - Viewed (0)
  3. github.com/istio/istio

    manifests/charts/istio-operator/templates/deployment.yaml 

                  drop:
              - ALL
            privileged: false
            readOnlyRootFilesystem: true
            runAsNonRoot: true
{{- if .Values.operator.seccompProfile }}
            seccompProfile:
{{ toYaml .Values.operator.seccompProfile | trim | indent 14 }}
{{- end }}
{{- if .Values.imagePullPolicy }}
          imagePullPolicy: {{ .Values.imagePullPolicy }}
{{- end }}
          resources:
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Fri Aug 25 19:10:42 UTC 2023
    - 2.6K bytes
    - Viewed (0)
  4. github.com/kubernetes/kubernetes

    staging/src/k8s.io/client-go/applyconfigurations/core/v1/podsecuritycontext.go 

    	FSGroupChangePolicy      *corev1.PodFSGroupChangePolicy                   `json:"fsGroupChangePolicy,omitempty"`
	SeccompProfile           *SeccompProfileApplyConfiguration                `json:"seccompProfile,omitempty"`
	AppArmorProfile          *AppArmorProfileApplyConfiguration               `json:"appArmorProfile,omitempty"`
}
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed May 29 22:40:29 UTC 2024
    - 8.1K bytes
    - Viewed (0)
  5. github.com/kubernetes/kubernetes

    cluster/addons/metadata-agent/stackdriver/metadata-agent.yaml 

      namespace: kube-system
spec:
  selector:
    matchLabels:
      app: metadata-agent
  template:
    metadata:
      labels:
        app: metadata-agent
    spec:
      securityContext:
        seccompProfile:
          type: RuntimeDefault
      serviceAccountName: metadata-agent
      priorityClassName: system-node-critical
      nodeSelector:
        kubernetes.io/os: linux
      containers:
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Thu Aug 13 07:45:36 UTC 2020
    - 3.5K bytes
    - Viewed (0)
  6. github.com/kubernetes/kubernetes

    hack/testdata/pod-restricted-runtime-default.yaml 

    apiVersion: v1
kind: Pod
metadata:
  labels:
    run: target
  name: target
spec:
  securityContext:
    seccompProfile: 
      type: RuntimeDefault
  containers:
  - image: busybox
    name: target
    command: ["/bin/sh", "-c", "sleep 100"]
    securityContext:
        runAsUser: 1000
        runAsGroup: 1000
        runAsNonRoot: true
        allowPrivilegeEscalation: false
        capabilities:
          drop:
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed May 24 11:16:49 UTC 2023
    - 437 bytes
    - Viewed (0)
  7. github.com/kubernetes/kubernetes

    hack/testdata/pod-restricted-localhost.yaml 

    apiVersion: v1
kind: Pod
metadata:
  labels:
    run: target
  name: target
spec:
  securityContext:
    seccompProfile: 
      type: Localhost
      localhostProfile: dummy.json
  containers:
  - image: busybox
    name: target
    command: ["/bin/sh", "-c", "sleep 100"]
    securityContext:
        runAsUser: 1000
        runAsGroup: 1000
        runAsNonRoot: true
        allowPrivilegeEscalation: false
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed May 24 11:16:49 UTC 2023
    - 467 bytes
    - Viewed (0)
  8. github.com/kubernetes/kubernetes

    staging/src/k8s.io/api/core/v1/annotation_key_constants.go 

    	// to all containers of a pod.
	// Deprecated: set a pod security context `seccompProfile` field.
	SeccompPodAnnotationKey string = "seccomp.security.alpha.kubernetes.io/pod"

	// SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied
	// to one container of a pod.
	// Deprecated: set a container security context `seccompProfile` field.
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed Mar 06 18:46:31 UTC 2024
    - 8.6K bytes
    - Viewed (0)
  9. github.com/kubernetes/kubernetes

    pkg/apis/core/annotation_key_constants.go 

    	// to all containers of a pod.
	// Deprecated: set a pod security context `seccompProfile` field.
	SeccompPodAnnotationKey string = "seccomp.security.alpha.kubernetes.io/pod"

	// SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied
	// to one container of a pod.
	// Deprecated: set a container security context `seccompProfile` field.
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed Mar 06 18:46:31 UTC 2024
    - 8.7K bytes
    - Viewed (0)
  10. github.com/istio/istio

    manifests/charts/istio-cni/templates/daemonset.yaml 

                  # There does not appear to be a more granular capability for this.
              - SYS_ADMIN
{{- if .Values.cni.seccompProfile }}
            seccompProfile:
{{ toYaml .Values.cni.seccompProfile | trim | indent 14 }}
{{- end }}
          command: ["install-cni"]
          args:
            {{- if .Values.global.logging.level }}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Fri May 17 21:52:29 UTC 2024
    - 7.9K bytes
    - Viewed (0)
  11. github.com/istio/istio

    manifests/charts/istio-control/istio-discovery/templates/deployment.yaml 

                readOnlyRootFilesystem: true
            runAsNonRoot: true
            capabilities:
              drop:
              - ALL
{{- if .Values.pilot.seccompProfile }}
            seccompProfile:
{{ toYaml .Values.pilot.seccompProfile | trim | indent 14 }}
{{- end }}
          volumeMounts:
          - name: istio-token
            mountPath: /var/run/secrets/tokens
            readOnly: true
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu May 30 20:24:06 UTC 2024
    - 9K bytes
    - Viewed (0)
Back to top