github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
b038355c81ee621ef0bb199c20442879b97eadc1
kubernetes/docs/proposals
History
Kubernetes Submit Queue 52559696e9 Merge pull request #29879 from timstclair/aa-design 
Automatic merge from submit-queue

Update the AppArmor design proposal

3 modifications to the original AppArmor design proposal:

1. Remove the pod-level AppArmor profile specification, since it was unnecessary complexity. I think the typical multi-container case is a main app, some side-cars (e.g. log helpers), and maybe some init containers. All of those containers are likely to have very different permissions needs, so I do not see benefit to the pod-level profile. If there is sufficient demand (i.e. user feedback) for this feature we can add it back.
2. Added a proposal for the beta (and GA) API. Beginning the discussion of this API now will smooth the transition from alpha, and guide the implementation of the internal API.
3. [EDIT] The profile deployment pod will poll the source directories for changes. This change is motivated by the fact that DaemonSets must run with RestartAlways.

/cc @bgrant0607 @erictune @pmorie @pweil-
2016-08-02 23:36:35 -07:00
..
api-group.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
apiserver-watch.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
apparmor.md
Update deploying-profiles section: watch for changes
2016-08-01 14:31:07 -07:00
client-package-structure.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
cluster-deployment.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
container-init.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
container-runtime-interface-v1.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
controller-ref.md
Fix broken verify-munge-docs build by running hack/update-munge-docs.sh.
2016-07-20 18:58:55 -07:00
custom-metrics.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
deploy.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
deployment.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
disk-accounting.md
Merge pull request #26702 from joe2far/fix-broken-links
2016-07-20 15:10:41 -07:00
federated-api-servers.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
federation-high-level-arch.png
Cluster Federation RFC.
2015-04-14 15:57:33 -07:00
federation-lite.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
federation.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
flannel-integration.md
Merge pull request #28814 from lixiaobing10051267/mastercidr
2016-07-21 16:35:48 -07:00
garbage-collection.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
gpu-support.md
Redirect the website to new location in gpu-support.md
2016-07-26 15:33:16 +08:00
high-availability.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
initial-resources.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
job.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
kubelet-eviction.md
Merge pull request #29321 from derekwaynecarr/eviction-proposal-update-flags
2016-07-22 07:55:07 -07:00
kubelet-systemd.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
kubelet-tls-bootstrap.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
Kubemark_architecture.png
Initial kubemark proposal
2015-09-10 09:54:42 +02:00
kubemark.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
local-cluster-ux.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
metrics-plumbing.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
multiple-schedulers.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
network-policy.md
Merge pull request #28902 from ibm-contribs/fix_allow_all
2016-08-02 16:24:12 -07:00
node-allocatable.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
node-allocatable.png
Node Allocatable resources proposal
2015-12-07 16:43:15 -08:00
performance-related-monitoring.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
pleg.png
Proposal: add pod lifecycle event generator for kubelet
2016-01-12 10:16:39 -08:00
pod-cache.png
Proposal: add a runtime pod cache in kubelet
2016-02-04 11:23:38 -08:00
pod-lifecycle-event-generator.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
pod-resource-management.md
Propasal for pod level resource management
2016-07-25 14:27:48 -07:00
pod-security-context.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
protobuf.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
release-notes.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
rescheduler.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
rescheduling.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
resource-metrics-api.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
resource-quota-scoping.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
runtime-client-server.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
runtime-pod-cache.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
scalability-testing.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
scheduledjob.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
secret-configmap-downwarapi-file-mode.md
Fix broken verify-munge-docs build by running hack/update-munge-docs.sh.
2016-07-20 18:58:55 -07:00
security-context-constraints.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
self-hosted-kubelet.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
selinux.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
service-discovery.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
service-external-name.md
Fix broken verify-munge-docs build by running hack/update-munge-docs.sh.
2016-07-20 18:58:55 -07:00
templates.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
volume-ownership-management.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
volume-provisioning.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
volume-selectors.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00
volumes.md
Fix broken warning image link in docs
2016-07-15 10:44:58 +01:00