Create an "Enforce on all Pods" option for Seccomp Profile Bindings #1868
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
Comments
CoreyCook8
added
the
kind/feature
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What would you like to be added:
Logic would be added to the Handle function to look for a container name
*for example and then apply the seccomp profile to the pod.This could could be scaled back through webhookOptions if there are exceptions within a namespace.
Why is this needed:
Profile Bindings are good for enforcing specific seccomp profiles on specific containers.
Applying a default seccomp profile is not realistic with the way they are set up currently.
User story covered
As a developer, I would like to define a default seccomp profile to be applied to each pod in my namespace so that I can ensure the pods running in my cluster are secure without having to make profile bindings for each container.
The text was updated successfully, but these errors were encountered: