Comments (4)
I made it work in a test-environment with a pod-annotation for kured:
container.apparmor.security.beta.kubernetes.io/kured: unconfined
from kured.
That did the trick, thanks. Also do not forget to put this annotation in the right place (inside the template section). And not in the DaemonSet annotations, as I did 😄
from kured.
Thanks for opening this issue. Do you have an active apparmor installation on your host?
from kured.
Thanks for the hint, apparmor is actually set to enabled as default on aks, I was not aware. Also seems like MS does not really have a good approach to easily initialise apparmor profiles on node scale-up. Here they suggest using a daemonset, I guess something like this implementation.
How are you dealing with this issue? Or are you just not using apparmor?
Not sure how other cloud providers handle apparmor configuration, but a short hint in the kured docs about it might be useful.
from kured.
Related Issues (20)
- [Bug] The new dockerhub yaml is broken, ServiceAccount is declared twice HOT 2
- Add Support for Kubernetes 1.28.0
- Unable to receive teams notification. We have the http_proxy as environment variable in kured pod HOT 4
- HashiCorp license change to BSL HOT 2
- Lock TTL not being honored HOT 5
- Build fails on aarch64
- Kured pods crash looping on clusters running Cilium Network plugin HOT 2
- Kured pods are not deployed to all nodes having taints on it in AKS ckuster HOT 3
- KURED supportability of the 6.2 kernel version HOT 2
- kured cordon node before checking if just 1 up HOT 8
- [DOC] Make Control Plane use kured
- AKS Node not rebooted with lock held for not existing node HOT 11
- If a sentinel command is configured, it runs every minute. HOT 8
- path-based reboot mechanism HOT 5
- Reboot delay between two nodes HOT 4
- Retry reboot when the node is NotReady and still has SchedulingDisabled after the first reboot HOT 3
- Cron schedule for node reboots HOT 10
- nsenter permission denied errors on 1.15.0 with signal reboot set HOT 3
- Make nsenter in reboot command optional HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kured.