-
Notifications
You must be signed in to change notification settings - Fork 362
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: handle pod deletion in kubearmor controller #1952
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ae3d494
to
ac30593
Compare
03e8a60
to
d325cfd
Compare
65bf9a2
to
ed093ba
Compare
ed093ba
to
253ace0
Compare
1b3d1fe
to
f75dec9
Compare
41de99a
to
bd40643
Compare
rksharma95
previously approved these changes
Feb 21, 2025
daemon1024
reviewed
Feb 24, 2025
2e8c49e
to
175a15c
Compare
daemon1024
approved these changes
Feb 24, 2025
Signed-off-by: Aryan-sharma11 <aryan1126.sharma@gmail.com>
Signed-off-by: Aryan-sharma11 <aryan1126.sharma@gmail.com>
Signed-off-by: Aryan-sharma11 <aryan1126.sharma@gmail.com>
Signed-off-by: Aryan-sharma11 <aryan1126.sharma@gmail.com>
Loading status checks…
Signed-off-by: Aryan-sharma11 <aryan1126.sharma@gmail.com>
175a15c
to
4687a1f
Compare
rksharma95
approved these changes
Feb 24, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Purpose of PR?:
Fixes #1935
Does this PR introduce a breaking change?
No
Changes included
1) Handle pod restarts
"kubearmor.kubernetes.io/restartedAt"
to trigger a rolling restart for all the pods.annotateExisiting
flag which will be false by default that implies that Policy enforcement might not work for already existing pods in nodes with Apparmor enforcer, user has to explicitly set it to true for annotation of already existing pods in the cluster2) NodeWatcher
3) Pod Mutation
This will help us in optimising our annotation handling for hybrid clusters (AppArmor + BPFLSM enforcer) thereby improving overall controller performance
ref