Enhancement: Support new pod API for AppArmor profiles with Kubernetes 1.30+ #1673

DelusionalOptimist · 2024-03-08T15:15:34Z

Feature Request

Description
KubeArmor supports using AppArmor as an enforcer for protecting Kubernetes pods and nodes.
For pods/pod templates, this is done by adding the annotation container.apparmor.security.beta.kubernetes.io/<container_name>: <profile_ref> till now.

However, AppArmor support is moving to GA 🥳 in the upcoming Kubernetes v1.30 release and the annotation would be soon removed in accordance to K8s' deprecation policy.

Describe the solution you'd like
Once K8s 1.30 is released, support both the new AppArmorProfile field that's being added at pod and container level securityContext, along with the old annotation based mechanism for backward compatibility.

References

AppArmor Support KEP: https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/24-apparmor/

The text was updated successfully, but these errors were encountered:

yp969803 · 2024-05-24T19:11:21Z

/assign

DelusionalOptimist added the enhancement New feature or request label Mar 8, 2024

DelusionalOptimist added the help wanted Extra attention is needed label May 1, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enhancement: Support new pod API for AppArmor profiles with Kubernetes 1.30+ #1673

Enhancement: Support new pod API for AppArmor profiles with Kubernetes 1.30+ #1673

DelusionalOptimist commented Mar 8, 2024

yp969803 commented May 24, 2024

Enhancement: Support new pod API for AppArmor profiles with Kubernetes 1.30+ #1673

Enhancement: Support new pod API for AppArmor profiles with Kubernetes 1.30+ #1673

Comments

DelusionalOptimist commented Mar 8, 2024

Feature Request

yp969803 commented May 24, 2024