Difference between revisions of "StarlingX/Containers/Applications/app-security-profiles-operator"
< StarlingX | Containers | Applications
m (→Prerequisites) |
m (→Installation) |
||
| Line 13: | Line 13: | ||
=== Installation === | === Installation === | ||
Installation steps are mentioned [https://docs.starlingx.io/security/kubernetes/install-security-profiles-operator-1b2f9a0f0108.html here]. | Installation steps are mentioned [https://docs.starlingx.io/security/kubernetes/install-security-profiles-operator-1b2f9a0f0108.html here]. | ||
| − | After installation please verify if 'spod' is running on each host | + | After installation please verify if 'spod' pod is running on each host where application pods can be scheduled. |
| + | |||
=== Create a profile === | === Create a profile === | ||
To apply a profile on each host, create an [https://docs.starlingx.io/security/kubernetes/profile-management-a8df19c86a5d.html AppArmorProfile resource] . | To apply a profile on each host, create an [https://docs.starlingx.io/security/kubernetes/profile-management-a8df19c86a5d.html AppArmorProfile resource] . | ||
Verify if the profile is added on each host using aa-status command. | Verify if the profile is added on each host using aa-status command. | ||
Latest revision as of 07:34, 25 July 2024
Contents
Application: app-security-profiles-operator
Source
Building
- From the Debian Build environment:
build-pkgs [-c] -p stx-security-profiles-operator-helm
Testing
Prerequisites
AppArmor should be enabled on the host(s) (described in enable-disable-apparmor-on-a-host), where workloads need to be protected using AppArmor.
Installation
Installation steps are mentioned here. After installation please verify if 'spod' pod is running on each host where application pods can be scheduled.
Create a profile
To apply a profile on each host, create an AppArmorProfile resource . Verify if the profile is added on each host using aa-status command.
