Jia:
Need help with 2 questions
- When we have an existing pod and we want to modify it, we do kubectl get <podname> -o yaml > some.yaml
This some.yaml has too much extra data also suppose we tend to just change the serviceaccountName but we also have the volumeMount we get by default due to default serviceaccountoken and forgot to remove it… whats the best way to modify the existing pod and how to extract just the relevant data ? - in mock1, question 4 it says run the pod on node01 and i had given nodeName in metadata but answer doesnt has it… how does the seccomp profile detects on which localhost to run the seccomp if nodeName is not given
answer given under /var/answers is
controlplane $ cat /var/answers/answer4.md
#Copy the audit.json seccomp profile to /var/lib/kubelet/seccomp/profiles in node01:
$ mv /root/audit.json /var/lib/kubelet/seccomp/profiles
# Recreate the pod using the below YAML File
apiVersion: v1
kind: Pod
metadata:
labels:
run: nginx
name: audit-nginx
spec:
securityContext:
seccompProfile:
type: Localhost
localhostProfile: profiles/audit.json
containers:
- image: nginx
name: nginx
controlplane $