Apparmor azure policy configuration for linkerd-proxy/linkerd-init containers #6251
Replies: 2 comments 1 reply
-
|
I think you'd have to set these annotations yourself for now or use a general-purpose Mutating Admission Controller to apply these annotations to your workloads. One alternative would be to use the Linkerd CNI so that you don't need the proxy-init container. |
Beta Was this translation helpful? Give feedback.
-
|
Hi, I added the annotation to application workloads and it is working as expected.How can I apply the same annotation to linkerd-proxy/init containers? When I set below annotation for proxy/init container in Application pod spec it gave error that proxy/init container not found. ++++++++++ container.apparmor.security.beta.kubernetes.io/linkerd-proxy: runtime/default container.apparmor.security.beta.kubernetes.io/linkerd-init: runtime/default ++++++++++ |
Beta Was this translation helpful? Give feedback.
-
|
You should be able to set the Going off your original question, if the container name is needed in the annotation value, then setting
And then install: |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I want to configure Azure Apparmor policy for application pods which runs application as well as linkerd proxy containers.We need to add annotations to container as below. I did the same for application container but not sure how that can be done for linker proxy/init containers..Does linkerd supports custom annotations to be passed during injection?
I saw annotations in below link are the ones supported. Please clarify.
https://linkerd.io/2.10/reference/proxy-configuration/
+++++++++++++++++
AppArmor profiles are specified per-container. To specify the AppArmor profile to run a Pod container with, add an annotation to the Pod's metadata:
container.apparmor.security.beta.kubernetes.io/<container_name>: <profile_ref>
++++++++++++++++++
Beta Was this translation helpful? Give feedback.
All reactions