K8sPSPSeccomp Constraint Uses Deprecated Annotation
K8sPSPSeccomp
constraint checks that seccomp.security.alpha.kubernetes.io/pod
and container.seccomp.security.alpha.kubernetes.io/[name]
are set. However, this feature was removed in Kubernetes 1.25 in favor of the native setting spec.securityContext.seccompProfile.type
. This effectively makes this constraint useless, as violations may actually have a matching profile set.
This constraint should be updated to check spec.securityContext.seccompProfile.type
instead.