kubectl icon indicating copy to clipboard operation
kubectl copied to clipboard

Published 20 hours ago verified publisher icon kubernetes

Display used seccomp profile on `kubectl describe`

Open saschagrunert opened this issue 3 years ago • 15 comments

What would you like to be added:

Determining the used seccomp profile for a container is a non-trivial task in Kubernetes. The security context features a dedicated SeccompProfile field: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#seccompprofile-v1-core There are also the deprecated seccomp annotations. Both, annotations as well as the field are available per pod and per container. This also means that containers can overwrite the pod values, whereas the container values get inherited by the pod if not set.

This logic could be built into kubectl describe, making it easy for users to determine the used seccomp profile of a container.

cc @sftim

saschagrunert avatar Oct 20 '21 09:10 saschagrunert

/triage accepted /priority backlog /good-first-issue

This work would need to done in https://github.com/kubernetes/kubernetes/blob/91ff1f9840278ec9c58089d891d6d594e5055bab/staging/src/k8s.io/kubectl/pkg/describe/describe.go#L692.

eddiezane avatar Nov 10 '21 17:11 eddiezane

@eddiezane: This request has been marked as suitable for new contributors.

Guidelines

Please ensure that the issue body includes answers to the following questions:

  • Why are we solving this issue?
  • To address this issue, are there any code changes? If there are code changes, what needs to be done in the code and what places can the assignee treat as reference points?
  • Does this issue have zero to low barrier of entry?
  • How can the assignee reach out to you for help?

For more details on the requirements of such an issue, please see here and ensure that they are met.

If this request no longer meets these requirements, the label can be removed by commenting with the /remove-good-first-issue command.

In response to this:

/triage accepted /priority backlog /good-first-issue

This work would need to done in https://github.com/kubernetes/kubernetes/blob/91ff1f9840278ec9c58089d891d6d594e5055bab/staging/src/k8s.io/kubectl/pkg/describe/describe.go#L692.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Nov 10 '21 17:11 k8s-ci-robot

/assign @ncapps

eddiezane avatar Nov 10 '21 17:11 eddiezane

@eddiezane: GitHub didn't allow me to assign the following users: ncapps.

Note that only kubernetes members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. For more information please see the contributor guide

In response to this:

/assign @ncapps

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Nov 10 '21 17:11 k8s-ci-robot

/assign @ncapps

ncapps avatar Nov 10 '21 17:11 ncapps

Hi @ncapps , are you still working on this? If not, would you mind giving it out to one of my friend who is a newcomer ? Thanks!!!

@williamyeh

lauchokyip avatar Feb 02 '22 16:02 lauchokyip

I apologize for the delay. Feel free to pick this up @williamyeh

ncapps avatar Feb 02 '22 17:02 ncapps

/assign

williamyeh avatar Feb 02 '22 18:02 williamyeh

/sig security

sftim avatar Feb 18 '22 15:02 sftim

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar May 19 '22 16:05 k8s-triage-robot

/remove-lifecycle stale

williamyeh avatar May 20 '22 20:05 williamyeh

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Aug 18 '22 21:08 k8s-triage-robot

/remove-lifecycle stale

williamyeh avatar Aug 19 '22 04:08 williamyeh

@williamyeh are you still working on this? If not, can I take this?

vinamra28 avatar Oct 14 '22 12:10 vinamra28

@vinamra28 Hi I have it almost done, will submit a PR soon, thanks

williamyeh avatar Oct 15 '22 03:10 williamyeh