feat: added support for security context properties

e2e/fixtures/confidential_container_pod.yml

@@ -18,6 +18,8 @@ spec:
  ports:
  - containerPort: 8000
  name: http
+ securityContext:
+ privileged: true
  nodeSelector:
  kubernetes.io/role: agent
  beta.kubernetes.io/os: linux

go.mod

@@ -4,17 +4,17 @@ go 1.19
 
 require (
  contrib.go.opencensus.io/exporter/ocagent v0.7.0
- github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.4
- github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.0
- github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerinstance/armcontainerinstance/v2 v2.2.0-beta.1
+ github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0
+ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.2
+ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerinstance/armcontainerinstance/v2 v2.3.0
  github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v2 v2.1.0
  github.com/Azure/go-autorest/autorest v0.11.27
  github.com/Azure/go-autorest/autorest/adal v0.9.20
  github.com/BurntSushi/toml v0.3.1
  github.com/cpuguy83/dockercfg v0.3.1
  github.com/dimchansky/utfbom v1.1.1
  github.com/golang/mock v1.6.0
- github.com/google/uuid v1.1.2
+ github.com/google/uuid v1.3.0
  github.com/gorilla/websocket v1.4.2
  github.com/mitchellh/go-homedir v1.1.0
  github.com/patrickmn/go-cache v2.1.0+incompatible
@@ -34,12 +34,12 @@ require (
 )
 
 require (
- github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect
+ github.com/Azure/azure-sdk-for-go/sdk/internal v1.2.0 // indirect
  github.com/Azure/go-autorest v14.2.0+incompatible // indirect
  github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
  github.com/Azure/go-autorest/logger v0.2.1 // indirect
  github.com/Azure/go-autorest/tracing v0.6.0 // indirect
- github.com/AzureAD/microsoft-authentication-library-for-go v0.7.0 // indirect
+ github.com/AzureAD/microsoft-authentication-library-for-go v0.9.0 // indirect
  github.com/NYTimes/gziphandler v1.1.1 // indirect
  github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect
  github.com/beorn7/perks v1.0.1 // indirect
@@ -60,7 +60,7 @@ require (
  github.com/go-openapi/jsonreference v0.20.0 // indirect
  github.com/go-openapi/swag v0.19.14 // indirect
  github.com/gogo/protobuf v1.3.2 // indirect
- github.com/golang-jwt/jwt/v4 v4.4.2 // indirect
+ github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
  github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
  github.com/golang/protobuf v1.5.2 // indirect
  github.com/google/cel-go v0.12.5 // indirect
@@ -82,7 +82,7 @@ require (
  github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
  github.com/modern-go/reflect2 v1.0.2 // indirect
  github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
- github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4 // indirect
+ github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
  github.com/pmezard/go-difflib v1.0.0 // indirect
  github.com/prometheus/client_golang v1.14.0 // indirect
  github.com/prometheus/client_model v0.3.0 // indirect
@@ -106,7 +106,7 @@ require (
  go.uber.org/atomic v1.7.0 // indirect
  go.uber.org/multierr v1.6.0 // indirect
  go.uber.org/zap v1.21.0 // indirect
- golang.org/x/crypto v0.1.0 // indirect
+ golang.org/x/crypto v0.6.0 // indirect
  golang.org/x/net v0.7.0 // indirect
  golang.org/x/oauth2 v0.5.0 // indirect
  golang.org/x/sys v0.5.0 // indirect

go.sum

@@ -47,12 +47,20 @@ contrib.go.opencensus.io/exporter/ocagent v0.7.0/go.mod h1:IshRmMJBhDfFj5Y67nVhM
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.4 h1:pqrAR74b6EoR4kcxF7L7Wg2B8Jgil9UUZtMvxhEFqWo=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.4/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0 h1:rTnT/Jrcm+figWlYz4Ixzt0SJVR2cMC8lvZcimipiEY=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0/go.mod h1:ON4tFdPTwRcgWEaVDrN3584Ef+b7GgSJaXxe5fW9t4M=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.0 h1:t/W5MYAuQy81cvM8VUNfRLzhtKpXhVUAN7Cd7KVbTyc=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.0/go.mod h1:NBanQUfSWiWn3QEpWDTCU0IjBECKOYvl2R8xdRtMtiM=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.2 h1:uqM+VoHjVH6zdlkLF2b6O0ZANcHoj3rO0PoQ3jglUJA=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.2/go.mod h1:twTKAa1E6hLmSDjLhaCkbTMQKc7p/rNLU40rLxGEOCI=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 h1:jp0dGvZ7ZK0mgqnTSClMxa5xuRL7NZgHameVYF6BurY=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.2.0 h1:leh5DwKv6Ihwi+h60uHtn6UWAxBbZ0q8DwQVMzf61zw=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.2.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerinstance/armcontainerinstance/v2 v2.2.0-beta.1 h1:eY6fhA944YceJrJ9OGn1T5iqe5DA2rQ+O1/Gi3P4bXU=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerinstance/armcontainerinstance/v2 v2.2.0-beta.1/go.mod h1:5Q/hN8CkM0y7bBldgIdoPMp9jyBZ1KVeexQvfY2KXw8=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerinstance/armcontainerinstance/v2 v2.3.0 h1:Q9XPAT853fWcdi+QIEVFgUPNAQ61V4/BP8Kdp1maXMY=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerinstance/armcontainerinstance/v2 v2.3.0/go.mod h1:yPIVhMrZITXZHkX2PWOvUxENKeSl5ZOTyhrqOALo8A4=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal v1.0.0 h1:lMW1lD/17LUA5z1XTURo7LcVG2ICBPlyMHjIUrcFZNQ=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v2 v2.1.0 h1:mk57wRUA8fyjFxVcPPGv4shLcWDXPFYokTJL9zJxQtE=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v2 v2.1.0/go.mod h1:mU96hbp8qJDA9OzTV1Ji7wCyPyaqC5kI6ZPsZfJ8sE4=
@@ -75,6 +83,8 @@ github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUM
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
 github.com/AzureAD/microsoft-authentication-library-for-go v0.7.0 h1:VgSJlZH5u0k2qxSpqyghcFQKmvYckj46uymKK5XzkBM=
 github.com/AzureAD/microsoft-authentication-library-for-go v0.7.0/go.mod h1:BDJ5qMFKx9DugEg3+uQSDCdbYPr5s9vBTrL9P8TpqOU=
+github.com/AzureAD/microsoft-authentication-library-for-go v0.9.0 h1:UE9n9rkJF62ArLb1F3DEjRt8O3jLwMWdSoypKV4f3MU=
+github.com/AzureAD/microsoft-authentication-library-for-go v0.9.0/go.mod h1:kgDmCTgBzIEPFElEF+FK0SdjAor06dRq2Go927dnQ6o=
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
@@ -193,6 +203,8 @@ github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzw
 github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQAYs=
 github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
+github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ=
 github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
@@ -275,6 +287,8 @@ github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLe
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
@@ -356,6 +370,8 @@ github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaR
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4 h1:Qj1ukM4GlMWXNdMBuXcXfz/Kw9s1qm0CLY32QxuSImI=
 github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ=
+github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
+github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -489,6 +505,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
+golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
+golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -651,6 +669,7 @@ golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

pkg/provider/aci.go

@@ -304,7 +304,7 @@ func (p *ACIProvider) CreatePod(ctx context.Context, pod *v1.Pod) error {
  cg.Properties.OSType = &os
 
  // get containers
- containers, err := p.getContainers(pod)
+ containers, err := p.getContainers(ctx, pod)
  if err != nil {
  return err
  }
@@ -1001,8 +1001,18 @@ func (p *ACIProvider) getEnvironmentVariables(container v1.Container) []*azaciv2
  return environmentVariable
 }
 
+func isConfidentialSku(pod *v1.Pod) bool {
+ ccePolicy := pod.Annotations[confidentialComputeCcePolicyLabel]
+ containerGroupSku := pod.Annotations[confidentialComputeSkuLabel]
+ if ccePolicy != "" || strings.ToLower(containerGroupSku) == "confidential" {
+ return true
+ }
+ return false
+}
+
 // get InitContainers defined in Pod as []aci.InitContainerDefinition
 func (p *ACIProvider) getInitContainers(ctx context.Context, pod *v1.Pod) ([]*azaciv2.InitContainerDefinition, error) {
+
  initContainers := make([]*azaciv2.InitContainerDefinition, 0, len(pod.Spec.InitContainers))
  for i, initContainer := range pod.Spec.InitContainers {
  err := p.verifyContainer(&initContainer)
@@ -1042,12 +1052,21 @@ func (p *ACIProvider) getInitContainers(ctx context.Context, pod *v1.Pod) ([]*az
  },
  }
 
+ if p.enabledFeatures.IsEnabled(ctx, featureflag.ConfidentialComputeFeature){
+ if isConfidentialSku(pod) {
+ securityContext := p.getSecurityContext(ctx, pod.Spec.SecurityContext, pod.Spec.InitContainers[i].SecurityContext)
+ newInitContainer.Properties.SecurityContext = securityContext
+ } else if !isConfidentialSku(pod) && (pod.Spec.SecurityContext != nil || pod.Spec.InitContainers[i].SecurityContext != nil){
+ return nil, errdefs.InvalidInput("securityContext is only supproted for confidential sku. skipping security context")
+ }
+ }
+
  initContainers = append(initContainers, &newInitContainer)
  }
  return initContainers, nil
 }
 
-func (p *ACIProvider) getContainers(pod *v1.Pod) ([]*azaciv2.Container, error) {
+func (p *ACIProvider) getContainers(ctx context.Context, pod *v1.Pod) ([]*azaciv2.Container, error) {
  containers := make([]*azaciv2.Container, 0, len(pod.Spec.Containers))
 
  podContainers := pod.Spec.Containers
@@ -1173,6 +1192,15 @@ func (p *ACIProvider) getContainers(pod *v1.Pod) ([]*azaciv2.Container, error) {
  aciContainer.Properties.ReadinessProbe = probe
  }
 
+ if p.enabledFeatures.IsEnabled(ctx, featureflag.ConfidentialComputeFeature) {
+ if isConfidentialSku(pod) {
+ securityContext := p.getSecurityContext(ctx, pod.Spec.SecurityContext, podContainers[c].SecurityContext)
+ aciContainer.Properties.SecurityContext = securityContext
+ } else if !isConfidentialSku(pod) && (pod.Spec.SecurityContext != nil || podContainers[c].SecurityContext != nil) {
+ return nil, errdefs.InvalidInput("securityContext is only supproted for confidential sku. skipping security context")
+ }
+ }
+
  containers = append(containers, &aciContainer)
  }
  return containers, nil
@@ -1196,9 +1224,67 @@ func (p *ACIProvider) setConfidentialComputeProperties(ctx context.Context, pod
  } else if strings.ToLower(containerGroupSku) == "confidential" {
  cg.Properties.SKU = &confidentialSku
  l.Infof("setting confidential container group SKU")
+ } else {
+ l.Infof("no annotations for confidential SKU")
+ }
+
+}
+
+
+func getCapabilityStringPtr(capability v1.Capability) *string {
+ capString := string(capability)
+ return &capString
+}
+
+// sets the security context for each container from the pod spec
+func (p *ACIProvider) getSecurityContext(ctx context.Context, podSecurityContext *v1.PodSecurityContext, containerSecurityContext *v1.SecurityContext) *azaciv2.SecurityContextDefinition {
+
+ aciSecurityContext := azaciv2.SecurityContextDefinition{}
+ if podSecurityContext != nil {
+ if podSecurityContext.RunAsUser != nil {
+ user := int32(*podSecurityContext.RunAsUser)
+ aciSecurityContext.RunAsUser = &user
+ }
+ if podSecurityContext.RunAsGroup != nil {
+ group := int32(*podSecurityContext.RunAsGroup)
+ aciSecurityContext.RunAsGroup = &group
+ }
+ aciSecurityContext.SeccompProfile = nil
+ if podSecurityContext.SeccompProfile != nil {
+ log.G(ctx).Warnf("SeccompProfile is currently not supported. Skipping seccomp profile")
+ }
+ }
+
+ if containerSecurityContext != nil {
+ if containerSecurityContext.RunAsUser != nil {
+ user := int32(*containerSecurityContext.RunAsUser)
+ aciSecurityContext.RunAsUser = &user
+ }
+ if containerSecurityContext.RunAsGroup != nil {
+ group := int32(*containerSecurityContext.RunAsGroup)
+ aciSecurityContext.RunAsGroup = &group
+ }
+ aciSecurityContext.Privileged = containerSecurityContext.Privileged
+ aciSecurityContext.AllowPrivilegeEscalation = containerSecurityContext.AllowPrivilegeEscalation
+ if containerSecurityContext.Capabilities != nil {
+ aciSecurityContext.Capabilities = &azaciv2.SecurityContextCapabilitiesDefinition{}
+ add := make([]*string, 0)
+ drop := make([]*string, 0)
+ for i := range containerSecurityContext.Capabilities.Add {
+ add = append(add, getCapabilityStringPtr(containerSecurityContext.Capabilities.Add[i]))
+ }
+ for i := range containerSecurityContext.Capabilities.Drop {
+ drop = append(drop, getCapabilityStringPtr(containerSecurityContext.Capabilities.Drop[i]))
+ }
+ aciSecurityContext.Capabilities.Add = add
+ aciSecurityContext.Capabilities.Drop = drop
+ }
+ if containerSecurityContext.SeccompProfile != nil {
+ log.G(ctx).Warnf("SeccompProfile is currently not supported. Skipping seccomp profile")
+ }
  }
 
- l.Infof("no annotations for confidential SKU")
+ return &aciSecurityContext
 }
 
 func (p *ACIProvider) getGPUSKU(pod *v1.Pod) (azaciv2.GpuSKU, error) {