mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-19 01:40:13 +00:00
Originally from: https://github.com/kubernetes/contrib/tree/master/apparmor/loader Moving the code here to prevent bit-rot and to be sure we can recreate or update the images on demand. Moving it here also ensures we can use the common harness to build the multi-arch manifests needed for running the apparmor e2e test can run on multiple architectures. Change-Id: Idece17c494fc944c0aaef64805d2f0e3c4d7fb28
20 lines
572 B
YAML
20 lines
572 B
YAML
# The example Pod utilizing the profile loaded by the sample daemon.
|
|
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: nginx-apparmor
|
|
# Note that the Pod does not need to be in the same namespace as the loader.
|
|
labels:
|
|
app: nginx
|
|
annotations:
|
|
# Tell Kubernetes to apply the AppArmor profile "k8s-nginx".
|
|
# Note that this is ignored if the Kubernetes node is not running version 1.4 or greater.
|
|
container.apparmor.security.beta.kubernetes.io/nginx: localhost/k8s-nginx
|
|
spec:
|
|
containers:
|
|
- name: nginx
|
|
image: nginx
|
|
ports:
|
|
- containerPort: 80
|