diff options
| author | Kubernetes Submit Queue <k8s-merge-robot@users.noreply.github.com> | 2016-08-02 23:36:35 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-08-02 23:36:35 -0700 |
| commit | d6039caa0b411cc457d8fb64e85bdbc5352b0b10 (patch) | |
| tree | 4953d1e0b31b7b86da4419166857b7dabe65411e /runtime-client-server.md | |
| parent | 8fc0b285d41a09948045c7e3bcf1ae1dd2ac4715 (diff) | |
| parent | e746c93d0136346225e8550773c7abcb2a4fef52 (diff) | |
Merge pull request #29879 from timstclair/aa-design
Automatic merge from submit-queue
Update the AppArmor design proposal
3 modifications to the original AppArmor design proposal:
1. Remove the pod-level AppArmor profile specification, since it was unnecessary complexity. I think the typical multi-container case is a main app, some side-cars (e.g. log helpers), and maybe some init containers. All of those containers are likely to have very different permissions needs, so I do not see benefit to the pod-level profile. If there is sufficient demand (i.e. user feedback) for this feature we can add it back.
2. Added a proposal for the beta (and GA) API. Beginning the discussion of this API now will smooth the transition from alpha, and guide the implementation of the internal API.
3. [EDIT] The profile deployment pod will poll the source directories for changes. This change is motivated by the fact that DaemonSets must run with RestartAlways.
/cc @bgrant0607 @erictune @pmorie @pweil-
Diffstat (limited to 'runtime-client-server.md')
0 files changed, 0 insertions, 0 deletions