Skip to content

feat: apparmor-profiles: native app-armor fields#1424

Open
stek29 wants to merge 1 commit intokyverno:mainfrom
stek29:restrict-apparmor-profiles-native
Open

feat: apparmor-profiles: native app-armor fields#1424
stek29 wants to merge 1 commit intokyverno:mainfrom
stek29:restrict-apparmor-profiles-native

Conversation

@stek29
Copy link

@stek29 stek29 commented Jan 30, 2026

Related Issue(s)

#1413

Description

Kubernetes 1.30 introduced native AppArmor field in the seccomp, but up to Kubernetes 1.34 the apiserver was still setting legacy annotations on Pods from those fields.

Support those native fileds but check old annotations for backwards compatibility.

Checklist

  • I have read the policy contribution guidelines.
  • I have added test manifests and resources covering both positive and negative tests that prove this policy works as intended.
  • I have added the artifacthub-pkg.yml file and have verified it is complete and correct.

@stek29
feat: apparmor-profiles: native app-armor fields
d0c9953 
Kubernetes 1.30 introduced native AppArmor field in the seccomp, but up to Kubernetes 1.34 the apiserver was still setting legacy annotations on Pods from those fields.

Support those native fileds but check old annotations for backwards compatibility.

Fixes kyverno#1413.

Signed-off-by: Viktor Oreshkin <imselfish@stek29.rocks>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stek29