Using a custom AppArmor profile

AppArmor lets a system administrator restrict capabilities of a deployed container by using custom profiles. In some cases, you might have to apply a custom profile to your deployed container to customize its capabilities.

To customize the AppArmor profile:

Create the profile on the cluster where you are deploying your migrated container. See the AppArmor documentation for more information.

Edit the deployment_spec.yaml file to add the HC_APPARMOR_PROFILE environment variable with the name of the AppArmor profile:

 spec:
  containers: - 
image: gcr.io/my-project/my-container:v1.0.0
    name: my-container
    env: - 
name: HC_APPARMOR_PROFILE
      value: "apparmor-profile-name"
    securityContext:
      privileged: true
...

See Reviewing generated deployment files for more on editing deployment_spec.yaml .

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-04-10 UTC.

Create a Mobile Website

View Site in Mobile | Classic

Share by: