I have a doubt regarding the appArmor question in CKS challenge 1.
here’s my deployment spec:
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: alpha-xyz
name: alpha-xyz
namespace: alpha
spec:
selector:
matchLabels:
app: alpha-xyz
template:
labels:
app: alpha-xyz
spec:
containers:
- image: docker.io/library/nginx:alpine
name: nginx
securityContext:
appArmorProfile:
localhostProfile: custom-nginx
type: Localhost
And I can see the policy getting applied on the pod when I describe the pod but the diagram still shows a red mark on Policy to pod.
I have loaded the profile correctly and I can see it in apparmor_status as well.