Kubernetes added the official `securityContext.seccompProfile` support in Kubernetes 1.19.
Seccomp is still disabled by default.
The legacy `container.seccomp.security.alpha.kubernetes.io/<PODNAME>` annotation has been deprecated and will be unsupported in Kubernetes 1.25.
https://kubernetes.io/docs/tutorials/security/seccomp/
A test cluster can be created with the following minikube command:
```
minikube start --feature-gates SeccompDefault=true --extra-config kubelet.seccomp-default=true
```
Related to moby/buildkit PR 2782
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This allows the parent cgroup to be customised, which allows resource
limits to be imposed on build containers separately from "user"
containers.
Signed-off-by: David Scott <dave@recoil.org>
- ./_site/engine/reference/commandline/buildx_build/index.html
* linking to internal hash #--buildkitd-flags-flags that does not exist (line 904)
<a href="/engine/reference/commandline/buildx_create/#--buildkitd-flags-flags"></a>
- ./_site/engine/reference/commandline/buildx_create/index.html
* linking to internal hash #--buildkitd-flags-flags that does not exist (line 350)
<a href="#--buildkitd-flags-flags"></a>
* linking to internal hash #--config-file that does not exist (line 336)
<a href="#--config-file"></a>
* linking to internal hash #--config-file that does not exist (line 336)
<a href="/engine/reference/commandline/buildx_build/#--load"></a>
* linking to internal hash #--load that does not exist (line 369)
<a href="/engine/reference/commandline/buildx_build/#--load"></a>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Put the flag descriptions/examples under an "examples"
section (used at docs.docker.com), and rephrase the
headings to be more consistent with other pages in the
docker documentation.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Use the usage output of `--help` for each subcommand, to make
sure all flags/options are included on the page, and to make
it easier to keep docs in sync.
Note that the usage output is only used when reading these
docs on GitHub; docs.docker.com only consumes the "description"
and "example" sections (when present), and generates flag information
and usage output from source
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
CrazyMax