Allow user to add and use Pod Security policy
Follow-up from #218441 (closed) which provided AppArmor profiles loading and integration on deployment/pod level. The missing piece is integrating AppArmor profiles as default or allowed list on a cluster level.
Proposed solution
-
Allow users to add Pod Security Policies (which might be associated to a AppAmor profile or not) into their k8s. -
Allow users to use the existing PSP.
Implementation Plan
-
update the apparmor
chart to support a user-defined PDP (see example) -
create documentation with examples