In the first challenge, when trying to create the deployment with AppArmor, I get the following error:
It seems that the kubernetes version that is installed on the node, doesn’t support AppArmor at all, seems like it gets supported only in 1.30:
More issues with that lab:
- kubectl bash completion is not installed nor the k alias.
Steps to fix:
echo 'alias k=kubectl' >>~/.bashrc
kubectl completion bash | sudo tee /etc/bash_completion.d/kubectl > /dev/null
source ~/.bashrc
- Trivy doesn’t work all time, when I opened this ticket it didn’t, now it does.
Also its version is very old (0.16.0, current one is: 0.53.0) and because of that the “–severity” flag doesn’t work.
- Sometimes, right after clicking “Check” I am thrown to the page that asks me if there were any content issues or if I want to retry the lab without allowing me enough time to see what I did right and where I was wrong.
Please advise regarding the main issue - the lack of support in AppArmor profile in the pod spec
First, sorry for the delay: my availability is extremely limited this week, but I’ll pop in on this one.
The version of K8s running in the challenge is pretty old – v1.23 – and the new syntax for AppArmor will not work here. Using the annotation only should work here, however.
For the other issues:
- completion isn’t configured on challenge 1. If you want it, you can manually configure it, as per the docs.
- Not sure what the status of trivy is here; the reasons for rate limiting kicking in has to do with how a lab is networked, although I’d be surprised if we’ve fixed the challenges for this yet.
Thanks for your response.
Any idea what causes the failure in this question? I added the AppArmor annotation only as you advised:
Not sure what the red arrow indicates, since the UI also indicates that the AA profile is loaded in the pod. My availability today is limited; I’ll try and check the lab tomorrow.
When I click the red arrow, it shows me the following message:
Don’t know. I tried the lab today; I got it to pass, including on this point.
Hey Camelel, are you using annotations or securitycontext?
