New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add AppArmor feature gate #31473
Add AppArmor feature gate #31473
Conversation
lgtm, thanks |
I think we might need some more discussion around moving to beta. I'll update this to alpha for now, and assuming this merges first update the beta PR to bump this file as well. |
Changed to alpha (still enabled by default). Removed |
GCE e2e build/test passed for commit 9bde6f0. |
@pwittrock @timstclair Hi, I wanted to clarify does this fix a bug and why it should be in 1.4? Thanks |
Thanks @jlowdermilk , makes sense to me :-) |
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
GCE e2e build/test passed for commit 9bde6f0. |
Automatic merge from submit-queue |
Add option to disable AppArmor via a feature gate. This PR treats AppArmor as Beta, and thus depends on #31471 (I will remove
do-not-merge
once that merges).Note that disabling AppArmor means that pods with AppArmor annotations will be rejected in validation. It does not mean that the components act as though AppArmor was never implemented. This is by design, because we want to make it difficult to accidentally run a Pod with an AppArmor annotation without AppArmor protection.
/cc @dchen1107
This change is