Kubernetes Seccomp Operator
This project is the starting point for the Seccomp Operator, an out-of-tree Kubernetes enhancement which aims to make managing and applying seccomp profiles more easy and straight forward in Kubernetes.
About
The motivation behind the project can be found in the corresponding RFC.
Related Kubernetes Enhancement Proposals (KEPs) which have direct influence on this project:
- Promote seccomp to GA
- Add ConfigMap support for seccomp custom profiles
- Add KEP to create seccomp built-in profiles and add complain mode
Next to those KEPs, here are existing approaches for security profiles in the Kubernetes world:
- AppArmor Loader
- OpenShift's Machine config operator, in charge of file management and security profiles on hosts
- seccomp-config
The project tries to not overlap with those existing implementations to provide valuable additions in a more secure Kubernetes context. We created a MindMup Mind-Map to get a better feeling about the current situation around the operator and seccomp support in Kubernetes in general:
Community, discussion, contribution, and support
Learn how to engage with the Kubernetes community on the community page.
You can reach the maintainers of this project at:
Code of conduct
Participation in the Kubernetes community is governed by the Kubernetes Code of Conduct.