English
Deutsch
Español – América Latina
Français
Indonesia
Italiano
Português – Brasil
中文 – 简体
中文 – 繁體
日本語
한국어

Using a custom AppArmor profile

AppArmor lets a system administrator restrict capabilities of a deployed container by using custom profiles. In some cases, you might have to apply a custom profile to your deployed container to customize its capabilities.

To customize the AppArmor profile:

Create the profile on the cluster where you are deploying your migrated container. See the AppArmor documentation for more information.

Edit the deployment_spec.yaml file to add the HC_APPARMOR_PROFILE environment variable with the name of the AppArmor profile:

  spec 
 : 
  
 containers 
 : 
  
 - 
  
 image 
 : 
  
 gcr 
 . 
 io 
 /my-project/ 
 my 
 - 
 container 
 : 
 v1 
 . 
 0.0 
  
 name 
 : 
  
 my 
 - 
 container 
  
 env 
 : 
  
 - 
  
 name 
 : 
  
 HC_APPARMOR_PROFILE 
  
 value 
 : 
  
 "apparmor-profile-name" 
  
 securityContext 
 : 
  
 privileged 
 : 
  
 true 
 ...

See Reviewing generated deployment files for more on editing deployment_spec.yaml .

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-09-04 UTC.

Create a Mobile Website

View Site in Mobile | Classic

Share by: