Add docs for rootless with apparmour on ubuntu 24.04+

[brandond]

Thanks, that worked, I needed to create an apparmour profile for the k3s binary specifically

which k3s
/home/ubuntu/bin/k3s

Above command tells us where k3s is located on the machine
Then go ahead and create a file in the folder /etc/apparmor.d

sudo vi /etc/apparmor.d/home.ubuntu.bin.k3s

include <tunables/global>

profile k3s /home/ubuntu/bin/k3s flags=(default_allow) {
  userns,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/k3s>
}

If you look carefully, the path to the binary is mentioned in the profile k3s /home/ubuntu/bin/k3s line, ensure it’s the actual path to the binary

Now we need to test and enable it

sudo apparmor_parser -r /etc/apparmor.d/home.ubuntu.bin.k3s

# confirm working, it should return a match to the profile you created
sudo apparmor_status | grep k3s

# ensures apparmour starts on reboot
sudo systemctl enable apparmor
sudo systemctl restart apparmor

Additionally ensure the following:

# enable ipv4 forwarding
sudo sysctl -w net.ipv4.ip_forward=1

# required by rootless k3s to function properly
sudo apt-get install -y uidmap fuse-overlayfs

Originally posted by @louisnow in #12711