Support seccomp profiles for kubernetes executors
What does this MR do?
Adds support for seccomp_type
and seccomp_profile
to kubernetes executor configuration.
Why was this MR needed?
Folks need to be able to set the seccomp configuration. We'd like to do so in order to configure buildkitd as an available service to runner pods. (Note our objective will require an additional MR for service-level security context settings, which I'm also working on.)
What's the best way to test this MR?
Configure a kubernetes runner with the seccomp_*
fields, run a job, and while the job is running, verify that the relevant container spec (either init, build, helper, or service) for the Pod
object has a SeccompProfile
section with corresponding values.