Attention: Deprecation notice for Bintray, JCenter, GoCenter and ChartCenter. Learn More

gitlab/apparmor

Chart version: 0.2.0
Api version: v1
App version: 0.1.0
AppArmor profile loader for Kubernetes
application
Chart Type
Active
Status
Unknown
License
339
Downloads
https://charts.gitlab.io
Set me up:
helm repo add center https://repo.chartcenter.io
Install Chart:
helm install apparmor center/gitlab/apparmor
Versions (0)

AppArmor Loader

Overview

Helm chart based on the following repository: https://github.com/kubernetes/kubernetes/tree/master/test/images/apparmor-loader.

This chart also supports Pod Security Policies deployment so you could activate loaded profiles across multiple pods.

At the moment, there is a limitation on updating and deleting profiles.

Profiles

Profiles can be added by overwriting profiles as the following:

profiles:
  profile-one: |-
    profile profile-one {
      file,
    }
  profile-two: |-
    profile profile-two {
      umount,
    }

PodSecurityPolicy

PodSecurityPolicies can be added by setting securityPolicies as the following:

securityPolicies:
  example:
    defaultProfile: profile-one
    allowedProfiles:
    - profile-one
    - profile-two
    spec:
      privileged: false
      seLinux:
        rule: RunAsAny
      supplementalGroups:
        rule: RunAsAny
      runAsUser:
        rule: RunAsAny
      fsGroup:
        rule: RunAsAny
      volumes:
        - '*'

Further information

More information on the AppArmor profile language can be found in: - Quick guide - Full reference - Policy layout