deployments: qat: add an overlay for Apparmor annotations

Some Ubuntu systems may run with Apparmor LSM policy enformements making the default QAT daemonset to fail with (un)bind errors. This commit adds a sample kustomize overlay to deploy the QAT daemonset with Apparmor uconfined policy. Fixes: #381 Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2025-06-03 03:59:37 +00:00 · 2020-05-30 09:19:05 +03:00 · 2020-05-30 09:19:05 +03:00 · c8ed2bb798
commit c8ed2bb798
parent fdaecd1d98
2 changed files with 13 additions and 0 deletions
--- a/deployments/qat_plugin/overlays/apparmor_unconfined/add-apparmor-unconfined-intel-qat.yaml
+++ b/deployments/qat_plugin/overlays/apparmor_unconfined/add-apparmor-unconfined-intel-qat.yaml
@ -0,0 +1,9 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: intel-qat-plugin
+spec:
+  template:
+    metadata:
+      annotations:
+        container.apparmor.security.beta.kubernetes.io/intel-qat-plugin: unconfined
--- a/deployments/qat_plugin/overlays/apparmor_unconfined/kustomization.yaml
+++ b/deployments/qat_plugin/overlays/apparmor_unconfined/kustomization.yaml
@ -0,0 +1,4 @@
+bases:
+  - ../../base
+patches:
+- add-apparmor-unconfined-intel-qat.yaml