- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 169 for SeccompProfile (0.53 sec)
-
pkg/kubelet/kuberuntime/helpers_linux_test.go
podSc: &v1.PodSecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeLocalhost}}, expectedError: "localhostProfile must be set if seccompProfile type is Localhost.", }, { description: "container seccomp profile set to SeccompProfileTypeLocalhost with empty LocalhostProfile returns error", containerSc: &v1.SecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeLocalhost}},
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 24 18:25:29 UTC 2024 - 16.6K bytes - Viewed (0) -
manifests/charts/istio-operator/templates/deployment.yaml
drop: - ALL privileged: false readOnlyRootFilesystem: true runAsNonRoot: true {{- if .Values.operator.seccompProfile }} seccompProfile: {{ toYaml .Values.operator.seccompProfile | trim | indent 14 }} {{- end }} {{- if .Values.imagePullPolicy }} imagePullPolicy: {{ .Values.imagePullPolicy }} {{- end }} resources:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Aug 25 19:10:42 UTC 2023 - 2.6K bytes - Viewed (0) -
staging/src/k8s.io/client-go/applyconfigurations/core/v1/podsecuritycontext.go
FSGroupChangePolicy *corev1.PodFSGroupChangePolicy `json:"fsGroupChangePolicy,omitempty"` SeccompProfile *SeccompProfileApplyConfiguration `json:"seccompProfile,omitempty"` AppArmorProfile *AppArmorProfileApplyConfiguration `json:"appArmorProfile,omitempty"` }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed May 29 22:40:29 UTC 2024 - 8.1K bytes - Viewed (0) -
pkg/kubelet/kuberuntime/helpers.go
if containerSecContext != nil && containerSecContext.SeccompProfile != nil { return fieldSeccompProfile(containerSecContext.SeccompProfile, m.seccompProfileRoot, fallbackToRuntimeDefault) } // when container seccomp is not defined, try to apply from pod field if podSecContext != nil && podSecContext.SeccompProfile != nil { return fieldSeccompProfile(podSecContext.SeccompProfile, m.seccompProfileRoot, fallbackToRuntimeDefault) }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed May 22 02:01:31 UTC 2024 - 12K bytes - Viewed (0) -
pkg/kubelet/kuberuntime/kuberuntime_sandbox_test.go
pod := newTestPod() if podFieldProfile != nil { pod.Spec.SecurityContext = &v1.PodSecurityContext{ SeccompProfile: podFieldProfile, } } if containerFieldProfile != nil { pod.Spec.Containers[0].SecurityContext = &v1.SecurityContext{ SeccompProfile: containerFieldProfile, } }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 24 18:25:29 UTC 2024 - 14.3K bytes - Viewed (0) -
staging/src/k8s.io/api/core/v1/annotation_key_constants.go
// to all containers of a pod. // Deprecated: set a pod security context `seccompProfile` field. SeccompPodAnnotationKey string = "seccomp.security.alpha.kubernetes.io/pod" // SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied // to one container of a pod. // Deprecated: set a container security context `seccompProfile` field.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Mar 06 18:46:31 UTC 2024 - 8.6K bytes - Viewed (0) -
pkg/apis/core/annotation_key_constants.go
// to all containers of a pod. // Deprecated: set a pod security context `seccompProfile` field. SeccompPodAnnotationKey string = "seccomp.security.alpha.kubernetes.io/pod" // SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied // to one container of a pod. // Deprecated: set a container security context `seccompProfile` field.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Mar 06 18:46:31 UTC 2024 - 8.7K bytes - Viewed (0) -
manifests/charts/istio-cni/templates/daemonset.yaml
# There does not appear to be a more granular capability for this. - SYS_ADMIN {{- if .Values.cni.seccompProfile }} seccompProfile: {{ toYaml .Values.cni.seccompProfile | trim | indent 14 }} {{- end }} command: ["install-cni"] args: {{- if .Values.global.logging.level }}
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 17 21:52:29 UTC 2024 - 7.9K bytes - Viewed (0) -
manifests/charts/istio-control/istio-discovery/templates/deployment.yaml
readOnlyRootFilesystem: true runAsNonRoot: true capabilities: drop: - ALL {{- if .Values.pilot.seccompProfile }} seccompProfile: {{ toYaml .Values.pilot.seccompProfile | trim | indent 14 }} {{- end }} volumeMounts: - name: istio-token mountPath: /var/run/secrets/tokens readOnly: true
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 30 20:24:06 UTC 2024 - 9K bytes - Viewed (0) -
manifests/charts/istio-operator/values.yaml
resources: limits: cpu: 200m memory: 256Mi requests: cpu: 50m memory: 128Mi # Set to `type: RuntimeDefault` to use the default profile if available. seccompProfile: {} # Node labels for pod assignment nodeSelector: {} # Tolerations for pod assignment tolerations: [] # Affinity for pod assignment affinity: {}
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jan 10 05:10:03 UTC 2024 - 1.4K bytes - Viewed (0)