You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We use the SecurityContext definition from the Kubernetes API. From what I can see, appArmorProfile was added in Kubernetes 1.30, and we haven't yet upgraded to its API libraries. The reason is that they require Go 1.22, and we still support 1.21 as per #2757.
@swiatekm-sumo Thanks for the feedback, that's very helpful!
I've actually found the problem when I tried to update Cilium to version 1.15.5 which uses appArmorProfile instead of annotations.
The init containers from Cilium can't start because opentelemetry-operator modifies the pod yaml sent to kube-apiserver.
Is there a way to exclude the pod YAML from being mutated by the webhook? (With an annotation maybe?)
I don't think there's a way to do that, unfortunately. It's not so much that the operator modifies the Pod, but rather deserializes the Pod data into a struct that doesn't have the appArmor field, so the field is effectively ignored and the operator isn't even aware it exists. Best you can do if you want to solve this in the short term, would be to fork the operator, update the API libraries, and build with Go 1.22.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description: Add appArmorProfile in securityContext definitions so it is not removed by openteletry-operator
Link to tracking Issue(s): #3036
Testing: None
Documentation: None