set dualstack appArmorProfile

Azure · Jan 22, 2025 · f1fb957 · f1fb957
1 parent 62581c0
commit f1fb957
Showing 1 changed file with 9 additions and 4 deletions.
diff --git a/test/integration/manifests/cilium/v1.16/cilium-agent/templates/daemonset-dualstack.yaml b/test/integration/manifests/cilium/v1.16/cilium-agent/templates/daemonset-dualstack.yaml
@@ -17,10 +17,6 @@ spec:
   template:
     metadata:
       annotations:
-        container.apparmor.security.beta.kubernetes.io/apply-sysctl-overwrites: unconfined
-        container.apparmor.security.beta.kubernetes.io/cilium-agent: unconfined
-        container.apparmor.security.beta.kubernetes.io/clean-cilium-state: unconfined
-        container.apparmor.security.beta.kubernetes.io/mount-cgroup: unconfined
         prometheus.io/port: "9962"
         prometheus.io/scrape: "true"
       creationTimestamp: null
@@ -43,6 +39,9 @@ spec:
                 operator: In
                 values:
                 - linux
+      securityContext:
+        appArmorProfile:
+          type: Unconfined
       containers:
       - args:
         - --config-dir=/tmp/cilium/config-map
@@ -97,6 +96,8 @@ spec:
           timeoutSeconds: 5
         resources: {}
         securityContext:
+          appArmorProfile: 
+            type: Unconfined
           capabilities:
             add:
             - CHOWN
@@ -192,6 +193,8 @@ spec:
         name: mount-cgroup
         resources: {}
         securityContext:
+          appArmorProfile: 
+            type: Unconfined
           capabilities:
             add:
             - SYS_ADMIN
@@ -224,6 +227,8 @@ spec:
         name: apply-sysctl-overwrites
         resources: {}
         securityContext:
+          appArmorProfile: 
+            type: Unconfined
           capabilities:
             add:
             - SYS_ADMIN