Assigning RuntimeDefault
AppArmor profile to pods/containers when strict security is enabled breaks on hosts w/o AppArmor
#1120
Labels
bug
Something isn't working
The operator assigns the special
RuntimeDefault
AppArmor profile on pods and containers when strict security is enabled. On any hosts where AppArmor is not enabled, the pod will be rejected by kubelet's AppArmor admission handler, with the error "Cannot enforce AppArmor: AppArmor is not enabled on the host". This needs to be made configurable, as not all clusters will have AppArmor enabled on all hosts.The text was updated successfully, but these errors were encountered: