tortoise icon indicating copy to clipboard operation
tortoise copied to clipboard
verified publisher icon mercari

Tortoise mutating webhook removes appArmorProfile from pod spec

Open randytqwjp opened this issue 1 year ago • 4 comments

Kubernetes v1.30 deprecates enabling appArmor through annotations and enables it via securitycontext. Tortoise seems to remove this securitycontext through the mutating webhook {"configuration":"tortoise-mutating-webhook-configuration","webhook":"mpod.kb.io","patch":[{"op":"remove","path":"/spec/containers/0/securityContext/appArmorProfile"},

randytqwjp avatar Sep 30 '24 06:09 randytqwjp

@sanposhiho I suspect this could be due to underlying libs like container runtime being out of date causing the field to be securitycontext field to be dropped. An upgrade to support kubernetes v1.30 would require a major version upgrade for kubebuilder https://github.com/kubernetes-sigs/kubebuilder/releases?q=v3&expanded=true

randytqwjp avatar Sep 30 '24 06:09 randytqwjp

Yeah, we don't touch security context in our webhooks directly ourselves, so it should be caused by underlying dependencies like kubebuilder.

sanposhiho avatar Sep 30 '24 06:09 sanposhiho

Will do next week.

lchavey avatar Oct 17 '24 07:10 lchavey

@randytqwjp so, was it solved by upgrading kubebuilder after all?

sanposhiho avatar Dec 31 '24 02:12 sanposhiho