Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add seccompProfile.type RuntimeDefault to KEDA deployments for secure-by-default #306

Closed
joebowbeer opened this issue Aug 19, 2022 · 0 comments · Fixed by #307
Closed

Add seccompProfile.type RuntimeDefault to KEDA deployments for secure-by-default #306

joebowbeer opened this issue Aug 19, 2022 · 0 comments · Fixed by #307

Comments

@joebowbeer
Copy link
Contributor

joebowbeer commented Aug 19, 2022
edited
Loading

Add seccompProfile.type RuntimeDefault to Deployments as per PSS/restricted spec.

Use-Case

This would bring the default manifests into compliance with PSS/restricted policies.

The policies currently fail because the containers in the two Deployments are missing an explicit seccompProfile type.

wget https://raw.githubusercontent.com/kyverno/policies/main/pod-security/restricted/restrict-seccomp-strict/restrict-seccomp-strict.yaml
kyverno apply restrict-seccomp-strict.yaml -r \
  <(helm template keda --repo https://kedacore.github.io/charts -n keda)

Specification

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted

NOTE: seccompProfile is only supported in Kubernetes 1.19+
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add seccompProfile joebowbeer/keda-charts
1 participant
@joebowbeer