Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add AppArmor feature gate #31473

Merged
merged 1 commit into from Aug 27, 2016
Merged

Add AppArmor feature gate #31473

merged 1 commit into from Aug 27, 2016

Conversation

timstclair
Copy link

@timstclair timstclair commented Aug 25, 2016
edited by k8s-oncall

Add option to disable AppArmor via a feature gate. This PR treats AppArmor as Beta, and thus depends on #31471 (I will remove do-not-merge once that merges).

Note that disabling AppArmor means that pods with AppArmor annotations will be rejected in validation. It does not mean that the components act as though AppArmor was never implemented. This is by design, because we want to make it difficult to accidentally run a Pod with an AppArmor annotation without AppArmor protection.

/cc @dchen1107

This change is Reviewable

@timstclair timstclair added this to the v1.4 milestone Aug 25, 2016
@timstclair timstclair added the do-not-merge DEPRECATED. Indicates that a PR should not merge. Label can only be manually applied/removed. label Aug 25, 2016
@k8s-github-robot k8s-github-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. release-note-label-needed labels Aug 25, 2016
@j3ffml
Copy link
Contributor

j3ffml commented Aug 26, 2016

lgtm, thanks

@timstclair
Copy link
Author

I think we might need some more discussion around moving to beta. I'll update this to alpha for now, and assuming this merges first update the beta PR to bump this file as well.

@timstclair timstclair added release-note-none Denotes a PR that doesn't merit a release note. and removed do-not-merge DEPRECATED. Indicates that a PR should not merge. Label can only be manually applied/removed. release-note-label-needed labels Aug 26, 2016
@timstclair
Copy link
Author

Changed to alpha (still enabled by default). Removed do-not-merge. PTAL.

@j3ffml j3ffml added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 26, 2016
@k8s-bot
Copy link

k8s-bot commented Aug 26, 2016

GCE e2e build/test passed for commit 9bde6f0.

@timstclair timstclair mentioned this pull request Aug 26, 2016
Open
19 tasks
@apelisse
Copy link
Member

@pwittrock @timstclair Hi, I wanted to clarify does this fix a bug and why it should be in 1.4? Thanks

@apelisse apelisse added the do-not-merge DEPRECATED. Indicates that a PR should not merge. Label can only be manually applied/removed. label Aug 26, 2016
@j3ffml
Copy link
Contributor

j3ffml commented Aug 26, 2016

@apelisse, it adds explicit toggle for a feature that is new in 1.4. It should go in if #31471 goes in.

@apelisse apelisse removed the do-not-merge DEPRECATED. Indicates that a PR should not merge. Label can only be manually applied/removed. label Aug 26, 2016
@apelisse
Copy link
Member

Thanks @jlowdermilk , makes sense to me :-)

@k8s-github-robot
Copy link

@k8s-bot test this [submit-queue is verifying that this PR is safe to merge]

@k8s-bot
Copy link

k8s-bot commented Aug 27, 2016

GCE e2e build/test passed for commit 9bde6f0.

@k8s-github-robot
Copy link

Automatic merge from submit-queue

@k8s-github-robot k8s-github-robot merged commit cefc4c3 into kubernetes:master Aug 27, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@j3ffml j3ffml

Labels
area/security lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
v1.4
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@timstclair @j3ffml @k8s-bot @apelisse @k8s-github-robot @googlebot @tallclair