["FEAT"] Support for K8s deployments

[angonz]

Is your feature request related to a problem? Please describe.
Codejail plugin currently does not work out of the box in K8s deployments because it requires the apparmor profiles to be set in the nodes

Describe the solution you'd like
I would like the plugin to set the apparmor profiles in the K8s nodes transparently for the user.

Describe alternatives you've considered
There is a previous discussion in the old Tutor forum.
The Kubernets documentation mentions three alternatives to address this problem.
The DaemonSet approach seems to be the most appropriate for this case.

Additional context
As nodes depend on the underlying infrastructure, it can be a challenge to make something general.

[angonz]

I have opened a support request in AWS, and this is their response:

	EKS worker nodes by default, are built off Amazon Linux 2 which is a RHEL based with AppArmor set to off.  We do not ship with SELinux enabled for ease of use for all general customers. Ubuntu AMIs which are also available are supported by Canocial - by default they also ship with AppArmor turned off likely for the same reasons. 

	Unfortunately, AWS Support is not able to officially support AppArmor - if you choose to run them you would need to manage and troubleshoot yourself should you encounter any issues. By policy, AWS Support is only able to support official latest EKS AMIs without modification. 

	For this reason we recommend customers if going down the SELinux/AppArmor path to ensure they have adequate operation experience with them and to build their own custom AMI with their kernel security solution of choice embedded following the links below:

		[https://aws.amazon.com/premiumsupport/knowledge-center/eks-custom-linux-ami/ ](https://aws.amazon.com/premiumsupport/knowledge-center/eks-custom-linux-ami/) 
		[https://github.com/awslabs/amazon-eks-ami ](https://github.com/awslabs/amazon-eks-ami) 

	Note: Custom AMIs are also unfortunately as per our policy, out of scope of support.

[MoisesGSalas]

Thanks @angonz, I suspected that the default AMI didn't have AppArmor support, but I was hoping that at least the Ubuntu one shipped by Canonical would include it.

This situation is a bit tricky and we'll need some time to think this through. Also, I wonder if the same problem applies to other providers (Digital Ocean, Azure).

[MaferMazu]

@MoisesGSalas @angonz, is this still happening?

[MoisesGSalas]

This no longer should be an issue since: v14.1.0 of the tutor plugin. I'm going to close this issue since it wasn't really a problem of the codejailservice and rather of the tutor-plugin. The corresponding issue in the plugin repository is: eduNEXT/tutor-contrib-codejail#24

PS: If you are confused about the difference between https://github.com/eduNEXT/codejailservice/ and https://github.com/eduNEXT/tutor-contrib-codejail/. Imagine that they are analogous to https://github.com/openedx/edx-notes-api and https://github.com/overhangio/tutor-notes/

[ladew222]

I am still having this issue. Is this still a known issue?