AppArmor (under construction)

Restrict a Container's Access to Resources with AppArmor

Getting Super Powers

Becoming a super hero is a fairly straight forward process:

$ give me super-powers

Super-powers are granted randomly so please submit an issue if you're not happy with yours.

Run each of managed kubernetes

EKS

Switched to context "eks".
❯ kubectl get nodes -o=jsonpath=$'{range .items[*]}{@.metadata.name}: {.status.conditions[?(@.reason=="KubeletReady")].message}\n{end}'
ip-172-31-xxx-xxx.us-east-2.compute.internal: kubelet is posting ready status
ip-172-31-xxx-xxx.us-east-2.compute.internal: kubelet is posting ready status

AKS

Switched to context "aks".
❯ kubectl get nodes -o=jsonpath=$'{range .items[*]}{@.metadata.name}: {.status.conditions[?(@.reason=="KubeletReady")].message}\n{end}'
aks-agentpool-11552782-vmss000002: kubelet is posting ready status. AppArmor enabled
aks-agentpool-11552782-vmss000003: kubelet is posting ready status. AppArmor enabled

GKE

Switched to context "gke_hj-int-20200908_us-central1-c_gke".
❯ kubectl get nodes -o=jsonpath=$'{range .items[*]}{@.metadata.name}: {.status.conditions[?(@.reason=="KubeletReady")].message}\n{end}'
gke-gke-default-pool-4a20fcac-hnhv: kubelet is posting ready status. AppArmor enabled
gke-gke-default-pool-4a20fcac-xuff: kubelet is posting ready status. AppArmor enabled

NKS

Switched to context "nks".
❯ kubectl get nodes -o=jsonpath=$'{range .items[*]}{@.metadata.name}: {.status.conditions[?(@.reason=="KubeletReady")].message}\n{end}'
nks-nks-pool-w-mk1: kubelet is posting ready status. AppArmor enabled
nks-nks-pool-w-mk2: kubelet is posting ready status. AppArmor enabled

Reference Guide

Restrict a Container's Access to Resources with AppArmorKubernetes

QuickProfileLanguage · Wiki · AppArmor / apparmorGitLab

Easy Guide

AppArmor 란 무엇이며 Ubuntu를 어떻게 안전하게 유지합니까? - TheFastCode

AppArmor - Community Help Wiki