Skip to content

Instantly share code, notes, and snippets.

@nyrahul

nyrahul/kind-cluster-issue-apparmor.md

Last active September 24, 2023 15:47
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nyrahul/4747d3fe7ef48dc2e6932df74740c024 to your computer and use it in GitHub Desktop.
Save nyrahul/4747d3fe7ef48dc2e6932df74740c024 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
kind-cluster-issue-apparmor.md

Step 1: Create cluster

./create-cluster.sh

Step 2: Install apparmor utilities

# Install apparmor utilites in the kind cluster nodes
docker exec -it cluster01-worker bash -c "apt update && apt install apparmor-utils -y && systemctl restart containerd"
docker exec -it cluster01-control-plane bash -c "apt update && apt install apparmor-utils -y && systemctl restart containerd"

# put calico-typha in apparmor unconfined mode
kubectl patch deploy -n calico-system calico-typha --type=json -p='[{"op": "add", "path": "/spec/template/metadata/annotations/container.apparmor.security.beta.kubernetes.io~1calico-typha", "value": "unconfined"}]'

Step 3: Deploy KubeArmor

karmor install

Step 4: Put KubeArmor-Relay in unconfined mode

kubectl patch deploy -n $(kubectl get deploy -l kubearmor-app=kubearmor-relay -A -o custom-columns=:'{.metadata.namespace}',:'{.metadata.name}') --type=json -p='[{"op": "add", "path": "/spec/template/metadata/annotations/container.apparmor.security.beta.kubernetes.io~1kubearmor-relay-server", "value": "unconfined"}]'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment