How to enable seccomp feature during Istio installation?

Hi Team,

I’m looking for the recommended way how to enable seccomp feature during Istio installation based on the istioctl operator / istioctl installation methods. The default configuration settings applied by Istio do not enable this feature.
Please advise how to enable seccomp profile for the operator deployment.

Many thanks


I would be also interested in some official seccomp profiles with the recommended permissions for the different non-privileged containers (discovery/istio-proxy/istio-validation).

Does Istio collect and provide that information anywhere? Or is there a good way to obtain it using a profiler like SPO? For instance, how could I exercise every relevant code path (while running under an audit profile)?