fix: remove SeccompProfile

It seems that built-in SCCs (except `privileged`) don't allow to set the seccomp profile [1]. Until this is fixed in OpenShift, we should leave it to the default (which is already `RuntimeDefault`). [1] openshift/cluster-kube-apiserver-operator#1325 Signed-off-by: Simon Pasquier <[email protected]>
simonpasquier · Jun 16, 2022 · 38a91e9 · 38a91e9
1 parent 83567e0
commit 38a91e9
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 6 deletions.
diff --git a/pkg/controllers/monitoring/monitoring-stack/alertmanager.go b/pkg/controllers/monitoring/monitoring-stack/alertmanager.go
@@ -71,9 +71,6 @@ func newAlertmanager(
 				FSGroup:      pointer.Int64(AlertmanagerUserFSGroupID),
 				RunAsNonRoot: pointer.Bool(true),
 				RunAsUser:    pointer.Int64(AlertmanagerUserFSGroupID),
-				SeccompProfile: &corev1.SeccompProfile{
-					Type: corev1.SeccompProfileTypeRuntimeDefault,
-				},
 			},
 		},
 	}

diff --git a/pkg/controllers/monitoring/monitoring-stack/components.go b/pkg/controllers/monitoring/monitoring-stack/components.go
@@ -179,9 +179,6 @@ func newPrometheus(
 					FSGroup:      pointer.Int64(PrometheusUserFSGroupID),
 					RunAsNonRoot: pointer.Bool(true),
 					RunAsUser:    pointer.Int64(PrometheusUserFSGroupID),
-					SeccompProfile: &corev1.SeccompProfile{
-						Type: corev1.SeccompProfileTypeRuntimeDefault,
-					},
 				},
 				RemoteWrite:    config.RemoteWrite,
 				ExternalLabels: config.ExternalLabels,