AppArmor (under construction)

Restrict a Container's Access to Resources with AppArmor

Getting Super Powers

Becoming a super hero is a fairly straight forward process:

$ give me super-powers

Super-powers are granted randomly so please submit an issue if you're not happy with yours.

Run each of managed kubernetes

EKS
Switched to context "eks".
❯ kubectl get nodes -o=jsonpath=$'{range .items[*]}{@.metadata.name}: {.status.conditions[?(@.reason=="KubeletReady")].message}\n{end}'
ip-172-31-xxx-xxx.us-east-2.compute.internal: kubelet is posting ready status
ip-172-31-xxx-xxx.us-east-2.compute.internal: kubelet is posting ready status
AKS
Switched to context "aks".
❯ kubectl get nodes -o=jsonpath=$'{range .items[*]}{@.metadata.name}: {.status.conditions[?(@.reason=="KubeletReady")].message}\n{end}'
aks-agentpool-11552782-vmss000002: kubelet is posting ready status. AppArmor enabled
aks-agentpool-11552782-vmss000003: kubelet is posting ready status. AppArmor enabled
GKE
Switched to context "gke_hj-int-20200908_us-central1-c_gke".
❯ kubectl get nodes -o=jsonpath=$'{range .items[*]}{@.metadata.name}: {.status.conditions[?(@.reason=="KubeletReady")].message}\n{end}'
gke-gke-default-pool-4a20fcac-hnhv: kubelet is posting ready status. AppArmor enabled
gke-gke-default-pool-4a20fcac-xuff: kubelet is posting ready status. AppArmor enabled
NKS
Switched to context "nks".
❯ kubectl get nodes -o=jsonpath=$'{range .items[*]}{@.metadata.name}: {.status.conditions[?(@.reason=="KubeletReady")].message}\n{end}'
nks-nks-pool-w-mk1: kubelet is posting ready status. AppArmor enabled
nks-nks-pool-w-mk2: kubelet is posting ready status. AppArmor enabled

Reference Guide

Easy Guide

PreviousNodeNextfalco (under contruction)

Last updated