Use a privileged DaemonSet to install custom seccomp profiles on all current and future nodes in an OpenShift cluster.
A DaemonSet runs on every node and copies seccomp profile JSON files from a ConfigMap to /var/lib/kubelet/seccomp on each node's host filesystem. This makes the profiles available for use by pods via securityContext.seccompProfile.localhostProfile.
oc create namespace seccomp-profile-installeroc apply -k k8s-seccomp-profile-installer/overlays/nerc-ocp-prod/Check that pods are running on all nodes:
oc get pods -n seccomp-profile-installer -o wideVerify the profile exists on a node:
oc debug node/<node-name> -- chroot /host ls -la /var/lib/kubelet/seccomp/