Merge pull request #33219 from chrisnegus/dockershim-podsecurity-docs

Update pod security docs for dockershim removal
2022-04-28 08:17:50 -07:00 · 2022-04-28 08:17:50 -07:00 · d4bbdb5aa7
parent 27d1959c22 a34a0567f9
commit d4bbdb5aa7
2 changed files with 2 additions and 2 deletions
--- a/content/en/docs/concepts/security/pod-security-policy.md
+++ b/content/en/docs/concepts/security/pod-security-policy.md
@ -658,8 +658,7 @@ added. Capabilities listed in `RequiredDropCapabilities` must not be included in

 **DefaultAddCapabilities** - The capabilities which are added to containers by
 default, in addition to the runtime defaults. See the
-[Docker documentation](https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities)
-for the default list of capabilities when using the Docker runtime.
+the documentation for your container runtime for information on working with Linux capabilities.

 ### SELinux

--- a/content/en/examples/policy/restricted-psp.yaml
+++ b/content/en/examples/policy/restricted-psp.yaml
@ -3,6 +3,7 @@ kind: PodSecurityPolicy
 metadata:
  name: restricted
  annotations:
+    # docker/default identifies a profile for seccomp, but it is not particularly tied to the Docker runtime
    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
    apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'