To enforce the AppArmor profile on Kubernetes we must load the profile onto the nodes. On a local installation we use the init task to load the profile on the host. The strategy in Kubernetes is to use a DaemonSet and use a dummy job for the init task.
This also includes three additional settings for choosing whether you want to run codejail in secure mode or skip the init job:
CODEJAIL_ENFORCE_APPARMOR
CODEJAIL_ENABLE_K8S_DAEMONSET
CODEJAIL_SKIP_INIT
The directory containing the init task was renamed to 'codejail-apparmor' to make it conformant with Kubernetes naming.
Description
Add the patches needed to deploy on Kubernetes.
To enforce the AppArmor profile on Kubernetes we must load the profile onto the nodes. On a local installation we use the init task to load the profile on the host. The strategy in Kubernetes is to use a DaemonSet and use a dummy job for the init task.
This also includes three additional settings for choosing whether you want to run codejail in secure mode or skip the init job:
CODEJAIL_ENFORCE_APPARMORCODEJAIL_ENABLE_K8S_DAEMONSETCODEJAIL_SKIP_INITThe directory containing the init task was renamed to 'codejail-apparmor' to make it conformant with Kubernetes naming.