mirror of
https://github.com/optim-enterprises-bv/kubernetes.git
synced 2025-11-01 02:38:12 +00:00
0b5547f462
Automatic merge from submit-queue AppArmor PodSecurityPolicy support Implements the AppArmor PodSecurityPolicy support based on the alpha API proposed [here](https://github.com/kubernetes/kubernetes/blob/master/docs/proposals/apparmor.md#pod-security-policy) This implementation deviates from the original proposal in one way: it adds a separate option for specifying a default profile: ``` apparmor.security.alpha.kubernetes.io/defaultProfileName ``` This has several advantages over the original proposal: - The default is explicit, rather than implicit on the ordering - The default can be specified without constraining the allowed profiles - The allowed profiles can be restricted without specifying a default (requires every pod to explicitly set a profile) The E2E cluster does not currently enable the PodSecurityPolicy, so I will submit E2E tests in a separate PR. /cc @dchen1107 @pweil- @sttts @jfrazelle @Amey-D