Expected behavior
Apparmor is GA starting k8s v1.30. The settings and documentation must be updated.
Screenshots
N/A
System (please complete the following information):
Kubernetes v1.30+
Additional context
Ubuntu and SUSE based distros have Apparmor enabled and that blocks certain QAT plugin functions. In particular, when the plugin tries to write QAT VF IDs to vfio-pci driver. Other plugins are not impacted.
to intel-qat-plugin.yaml is easy but then we loose configurability which we had with the annotation but is that needed? It is possible to configure nodes so that unconfined is not needed so likely some configurability is useful.
Describe the bug QAT plugin Apparmor settings are outdated
To Reproduce See intel-qat-plugin.yaml.
Expected behavior Apparmor is GA starting k8s v1.30. The settings and documentation must be updated.
Screenshots N/A
System (please complete the following information):
Additional context Ubuntu and SUSE based distros have Apparmor enabled and that blocks certain QAT plugin functions. In particular, when the plugin tries to write QAT VF IDs to
vfio-pcidriver. Other plugins are not impacted.Adding
to
intel-qat-plugin.yamlis easy but then we loose configurability which we had with the annotation but is that needed? It is possible to configure nodes so thatunconfinedis not needed so likely some configurability is useful.