Merge pull request #33219 from chrisnegus/dockershim-podsecurity-docs

k8s-ci-robot · web-flow · commit d4bbdb5aa792 · 2022-04-28T08:17:50.000-07:00
Update pod security docs for dockershim removal
diff --git a/content/en/docs/concepts/security/pod-security-policy.md b/content/en/docs/concepts/security/pod-security-policy.md
@@ -658,8 +658,7 @@ added. Capabilities listed in `RequiredDropCapabilities` must not be included in
 
 **DefaultAddCapabilities** - The capabilities which are added to containers by
 default, in addition to the runtime defaults. See the
-[Docker documentation](https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities)
-for the default list of capabilities when using the Docker runtime.
+the documentation for your container runtime for information on working with Linux capabilities.
 
 ### SELinux
 
diff --git a/content/en/examples/policy/restricted-psp.yaml b/content/en/examples/policy/restricted-psp.yaml
@@ -3,6 +3,7 @@ kind: PodSecurityPolicy
 metadata:
   name: restricted
   annotations:
+    # docker/default identifies a profile for seccomp, but it is not particularly tied to the Docker runtime
     seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
     apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
     apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
