Allow restricting container syscalls for Kuberhealthy pods in Helm chart #1109
Labels
do-not-close
Prevents issues from being automatically closed if stale
feature request
A request for a specific feature to be added to Kuberhealthy
good first issue
Good for newcomers
Comments
erichstoekl
added
the
feature request
|
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment on the issue or this will be closed in 15 days. |
|
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment on the issue or this will be closed in 15 days. |
|
This issue was closed because it has been stalled for 15 days with no activity. Please reopen and comment on the issue if you believe it should stay open. |
integrii
added
do-not-close
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature you would like and why you want it
Cluster administrators may wish to take advantage of
seccompProfilein order to restrict the syscalls that the kuberhealthy-spawned containers are able to make. Details of whatseccompProfiledoes and how to enable it are documented here: https://kubernetes.io/docs/tutorials/security/seccomp/For example, some clusters may enforce
seccompProfileon all pods deployed to the cluster in order to meet security or compliance goals.It would be helpful if the helm chart is capable of allowing for
seccompProfileconfiguration.PR
PR is submitted for this issue as #1110
The text was updated successfully, but these errors were encountered: