You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was expecting that it doesn't block anything by default since it is in audit mode.
However KubeArmor is interfering with Longhorn application which is trying to mount a volume. It is running in a privileged pod. The pod is not associated to any Deployment, DaemonSet, or StatefulSets.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I just deployed KubeArmor to my Kubernetes cluster with the default parameters following the documentation.
I did not deployed any policy yet.
Based on this configuration:
I was expecting that it doesn't block anything by default since it is in audit mode.
However KubeArmor is interfering with Longhorn application which is trying to mount a volume. It is running in a privileged pod. The pod is not associated to any Deployment, DaemonSet, or StatefulSets.
I detailed the error and the logs over here: longhorn/longhorn#11153
dmesg mention that apparmor is blocking a ptrace call but I don't see any block in KubeArmor log.
Is this the normal behaviour of KubeArmor?
I tried to exclude the namespace with the -untrackedNs parameter but it is still blocked.
I also tried to deploy a policy with all capabilities and file system access to /dev, /proc without any success.
Any suggestions?
Thanks for your assistance.
Beta Was this translation helpful? Give feedback.
All reactions