Handling AppArmor profiles on the host system (e.g. LDAP) #1611
Unanswered
schnatterer
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
After using k3d daily for years, I recently faced my first challenge when running an app: LDAP (caused by AppArmor and nested containerization).
My LDAP pod failed to start with permission denied errors when the startup script used slapadd. These would not go away, even as root.
Eventually found out that my host system (ubuntu) has an AppArmor profile for slapd.
However, I was unable to ignore it via k8s' annotation or securityContext setting for unconfined AppArmor profile.
Presumably, this is a limitation of k3d running in a container itself, leading to kubelet lacking privilege to modify AppArmor profiles on host.
BTW: The same happens when using KIND, so it is not a k3d-exclusive issue.
Anyway, here is my workaround (to be executed on the host) 😱
Anyone ever had similar problems and have a better solution?
Beta Was this translation helpful? Give feedback.
All reactions