Closed andreas-wirth closed 7 months ago
Thanks for opening this issue. Do you have an active apparmor installation on your host?
Thanks for the hint, apparmor is actually set to enabled as default on aks, I was not aware. Also seems like MS does not really have a good approach to easily initialise apparmor profiles on node scale-up. Here they suggest using a daemonset, I guess something like this implementation.
How are you dealing with this issue? Or are you just not using apparmor? Not sure how other cloud providers handle apparmor configuration, but a short hint in the kured docs about it might be useful.
I made it work in a test-environment with a pod-annotation for kured:
container.apparmor.security.beta.kubernetes.io/kured: unconfined
That did the trick, thanks. Also do not forget to put this annotation in the right place (inside the template section). And not in the DaemonSet annotations, as I did 😄
Hi all, I tried the new signal reboot method introduced with kured 1.15.0. However something is off with my configuration and the process does not have the permission to reboot, causing the fatal error
Signal of SIGRTMIN+5 failed: permission denied
. (I also tried to reboot from the pod withkill -s 39 1
, same result) This is my daemonset configuration:I had a look at #814 where the feature was introduced and also checked the capabilities of my kured process, which seem to be fine:
I am running on AKS 1.27.3 with Ubuntu 2204 node images.
I hope someone has an idea whats wrong, otherwise I will be stuck with the traditional reboot approach :(
Thanks in advance!