Currently when users remove KubeArmor with karmor uninstall, by default there pods are left with AppArmor annotations.
This is not desired as it may cause issues in certain cases like:
AppArmor policies were deleted manually
Enforcer was changed to BPF LSM and apparmor was disabled
etc.
They have to use --force flag for the same which is also not documented anywhere.
Improvement
Remove annotations and policies/CR(D)s by default.
If user wants to keep it, they use the --keep-policies flag. (Could use suggestions on the flag name)
rootxrishabh
commented
1 month ago
Description
Currently when users remove KubeArmor with
karmor uninstall, by default there pods are left with AppArmor annotations. This is not desired as it may cause issues in certain cases like:They have to use
--forceflag for the same which is also not documented anywhere.Improvement
Remove annotations and policies/CR(D)s by default. If user wants to keep it, they use the
--keep-policiesflag. (Could use suggestions on the flag name)