You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I installed SPO and followed the documentation regarding an example installation of an AppArmor Profile. I am running Kubernetes 1.30.0. If I use the securityContext clause, it has no effect. Even more, after Pod creation, its content is deleted. If I use the deprecated annotation, I get an error telling me The Pod "testpod2" is invalid: metadata.annotations[container.apparmor.security.beta.kubernetes.io/testpod2]: Invalid value: test-profile: invalid AppArmor profile name: test-profile
What you expected to happen:
I'd expect, after preparing everything by the book to have a Pod running with an AppArmor Profile.
How to reproduce it (as minimally and precisely as possible):
When I would like to create this Pod, it looks like this:
Warning: metadata.annotations[container.apparmor.security.beta.kubernetes.io/testpod2]: deprecated since v1.30; use the "appArmorProfile" field instead
The Pod "testpod2" is invalid: metadata.annotations[container.apparmor.security.beta.kubernetes.io/testpod2]: Invalid value: "test-profile": invalid AppArmor profile name: "test-profile"
If I remove the annotation and uncomment the securityContext, the Pod will be created, but no AppArmor Profile is active. And if I check the deployed Pod, it looks like this then:
Others:
Kuberntes 1.30.0. Nodes created with QEMU/KVM. Example Kernel vom Master0 Node: Linux master0-k8s.lan 6.1.0-15-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.66-1 (2023-12-09) x86_64 GNU/Linux
Here's what I get, when I check for AppArmor from withing the Pod:
What happened:
I installed SPO and followed the documentation regarding an example installation of an AppArmor Profile. I am running Kubernetes 1.30.0. If I use the securityContext clause, it has no effect. Even more, after Pod creation, its content is deleted. If I use the deprecated annotation, I get an error telling me
The Pod "testpod2" is invalid: metadata.annotations[container.apparmor.security.beta.kubernetes.io/testpod2]: Invalid value: test-profile: invalid AppArmor profile name: test-profile
What you expected to happen:
I'd expect, after preparing everything by the book to have a Pod running with an AppArmor Profile.
How to reproduce it (as minimally and precisely as possible):
I've installed SPO via OLM:
I then applied the patch and created an example Profile, as documented in: https://github.com/kubernetes-sigs/security-profiles-operator/blob/main/installation-usage.md#create-an-apparmor-profile
I can verify that up to this point, all is fine:
Here is my simple Pod yaml used in a first test:
When I would like to create this Pod, it looks like this:
If I remove the annotation and uncomment the securityContext, the Pod will be created, but no AppArmor Profile is active. And if I check the deployed Pod, it looks like this then:
Anything else we need to know?:
Environment:
Cloud provider or hardware configuration:
OS (e.g:
cat /etc/os-release
): Debian 12Kernel (e.g.
uname -a
): Host, running Node VMs:Linux cluster 6.8.12-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.8.12-1 (2024-05-31) x86_64 GNU/Linux
Others:
Kuberntes 1.30.0. Nodes created with QEMU/KVM. Example Kernel vom Master0 Node:
Linux master0-k8s.lan 6.1.0-15-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.66-1 (2023-12-09) x86_64 GNU/Linux
Here's what I get, when I check for AppArmor from withing the Pod:
And here's what I see regarding loaded Profiles on each Node:
The text was updated successfully, but these errors were encountered: