Allow setting seccomp policy in security context in config.toml
Description
Now that the annotations for seccomp profiles are deprecated in pod annotations and moved to the securityContext, it would be great to be able to configure this option outside of the pod_annotations
section.
Previously I used:
[runners.kubernetes.pod_annotations]
"container.apparmor.security.beta.kubernetes.io/build" = "unconfined"
"container.seccomp.security.alpha.kubernetes.io/build" = "unconfined"
This option is useful for running image builders such as img
or buildkit's buildctl
.
Proposal
Add expanded options to the security_context
config to mirror that of the kubernetes securityContext
object.
Links to related issues and merge requests / references
Edited by Wei K Huang