Comments (4)
ckotzbauer
commented on July 18, 2024
1
I made it work in a test-environment with a pod-annotation for kured:
container.apparmor.security.beta.kubernetes.io/kured: unconfined
from kured.
andreas-wirth
commented on July 18, 2024
1
That did the trick, thanks. Also do not forget to put this annotation in the right place (inside the template section). And not in the DaemonSet annotations, as I did 😄
from kured.
ckotzbauer
commented on July 18, 2024
Thanks for opening this issue. Do you have an active apparmor installation on your host?
from kured.
andreas-wirth
commented on July 18, 2024
Thanks for the hint, apparmor is actually set to enabled as default on aks, I was not aware. Also seems like MS does not really have a good approach to easily initialise apparmor profiles on node scale-up. Here they suggest using a daemonset, I guess something like this implementation.
How are you dealing with this issue? Or are you just not using apparmor?
Not sure how other cloud providers handle apparmor configuration, but a short hint in the kured docs about it might be useful.
from kured.
Related Issues (20)
- [Bug] The new dockerhub yaml is broken, ServiceAccount is declared twice HOT 2
- Add Support for Kubernetes 1.28.0
- Unable to receive teams notification. We have the http_proxy as environment variable in kured pod HOT 4
- HashiCorp license change to BSL HOT 2
- Lock TTL not being honored HOT 5
- Build fails on aarch64
- Kured pods crash looping on clusters running Cilium Network plugin HOT 2
- Kured pods are not deployed to all nodes having taints on it in AKS ckuster HOT 3
- KURED supportability of the 6.2 kernel version HOT 2
- kured cordon node before checking if just 1 up HOT 8
- [DOC] Make Control Plane use kured
- AKS Node not rebooted with lock held for not existing node HOT 11
- If a sentinel command is configured, it runs every minute. HOT 8
- path-based reboot mechanism HOT 5
- Reboot delay between two nodes HOT 4
- Retry reboot when the node is NotReady and still has SchedulingDisabled after the first reboot HOT 3
- Cron schedule for node reboots HOT 10
- nsenter permission denied errors on 1.15.0 with signal reboot set HOT 3
- Make nsenter in reboot command optional HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kured.