aboutsummaryrefslogtreecommitdiff
path: root/cmd
diff options
context:
space:
mode:
authorPeter Hunt <pehunt@redhat.com>2020-01-03 10:15:03 -0500
committerPeter Hunt <pehunt@redhat.com>2020-01-03 13:27:17 -0500
commitb6792b61de7706ad6019a98db23c2a62753b1bde (patch)
tree75c4b9c1f428103b1b52565fcbba9607e186272a /cmd
parent50b44463760a224cd72e0920f03ed2041689bc63 (diff)
downloadpodman-b6792b61de7706ad6019a98db23c2a62753b1bde.tar.gz
podman-b6792b61de7706ad6019a98db23c2a62753b1bde.tar.bz2
podman-b6792b61de7706ad6019a98db23c2a62753b1bde.zip
play kube: make seccomp handling better conform to k8s
Add flag --seccomp-profile-root in play kube to allow users to specify where to look for seccomp profiles update tests Signed-off-by: Peter Hunt <pehunt@redhat.com>
Diffstat (limited to 'cmd')
-rw-r--r--cmd/podman/cliconfig/config.go13
-rw-r--r--cmd/podman/play_kube.go3
2 files changed, 10 insertions, 6 deletions
diff --git a/cmd/podman/cliconfig/config.go b/cmd/podman/cliconfig/config.go
index e81756808..282d90d0b 100644
--- a/cmd/podman/cliconfig/config.go
+++ b/cmd/podman/cliconfig/config.go
@@ -308,12 +308,13 @@ type HealthCheckValues struct {
type KubePlayValues struct {
PodmanCommand
- Authfile string
- CertDir string
- Creds string
- Quiet bool
- SignaturePolicy string
- TlsVerify bool
+ Authfile string
+ CertDir string
+ Creds string
+ Quiet bool
+ SignaturePolicy string
+ TlsVerify bool
+ SeccompProfileRoot string
}
type PodCreateValues struct {
diff --git a/cmd/podman/play_kube.go b/cmd/podman/play_kube.go
index fc9f2d5b6..2028d2ef4 100644
--- a/cmd/podman/play_kube.go
+++ b/cmd/podman/play_kube.go
@@ -28,6 +28,8 @@ var (
},
Example: `podman play kube demo.yml`,
}
+ // https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/
+ defaultSeccompRoot = "/var/lib/kubelet/seccomp"
)
func init() {
@@ -46,6 +48,7 @@ func init() {
flags.StringVar(&playKubeCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
flags.StringVar(&playKubeCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
flags.BoolVar(&playKubeCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+ flags.StringVar(&playKubeCommand.SeccompProfileRoot, "seccomp-profile-root", defaultSeccompRoot, "Directory path for seccomp profiles")
markFlagHidden(flags, "signature-policy")
}
}