Assigning RuntimeDefault AppArmor profile to pods/containers when strict security is enabled breaks on hosts w/o AppArmor
#1120
Labels
bug
Something isn't working
Comments
jfroy
changed the title
jfroy
changed the title
RuntimeDefault AppArmor profile to pods/containers when strict security is enabled breaks on hosts w/o AppArmor
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The operator assigns the special
RuntimeDefaultAppArmor profile on pods and containers when strict security is enabled. On any hosts where AppArmor is not enabled, the pod will be rejected by kubelet's AppArmor admission handler, with the error "Cannot enforce AppArmor: AppArmor is not enabled on the host". This needs to be made configurable, as not all clusters will have AppArmor enabled on all hosts.The text was updated successfully, but these errors were encountered: