Using a custom AppArmor profile
AppArmor lets a system administrator restrict capabilities of a deployed container by using custom profiles. In some cases, you might have to apply a custom profile to your deployed container to customize its capabilities.
To customize the AppArmor profile:
Create the profile on the cluster where you are deploying your migrated container. See the AppArmor documentation for more information.
deployment_spec.yamlfile to add the
HC_APPARMOR_PROFILEenvironment variable with the name of the AppArmor profile:
spec: containers: - image: gcr.io/my-project/my-container:v1.0.0 name: my-container env: - name: HC_APPARMOR_PROFILE value: "apparmor-profile-name" securityContext: privileged: true ...
See Reviewing generated deployment files for more on editing