securityContext:
seccompProfile:
localhostProfile: custom-profile.json
type: Localhost
securityContext:
seccompProfile:
localhostProfile: profiles/custom-profile.json
type: Localhost
Why former has to be done ? above says profile so I created profile folder and copied. This is working but marked incorrect.
Pretty sure it won’t work: the localhostProfile needs to point to the profile, relative to /var/lib/kubelet/seccomp. The second example fails because there is in fact no file at /var/lib/kubelet/seccomp/profiles/custom-profile.json; this you can see by doing kubectl -n omega describe pod omega-app, which produces the error
Error: failed to create containerd container: cannot load seccomp profile “/var/lib/kubelet/seccomp/profiles/custom-profile.json”: open /var/lib/kubelet/seccomp/profiles/custom-profile.json: no such file or directory
The grader makes a choice for making the config file match where the file is, rather than changing where the file is so it matches the config file. This is not uncommon; the grader will not cover every possible way of answering the questions. It’s quite possible that the actual exam won’t either; it doesn’t pay to be fancy sometimes.