Add Docker default AppArmor profile to armada

Change-Id: Iee43dfd56ecf5e4d18f93872b58359851c73d55f

charts/armada/templates/deployment-api.yaml

@@ -105,6 +105,7 @@ spec:
 {{ $labels | indent 8 }}
       annotations:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "armada-api" "containerNames" (list "armada-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
 {{ tuple $prometheus_annotations | include "helm-toolkit.snippets.prometheus_pod_annotations" | indent 8 }}

charts/armada/values.yaml

@@ -226,6 +226,10 @@ monitoring:
       port: 8000
 
 pod:
+  mandatory_access_control:
+    type: apparmor
+    armada-api:
+      armada-api: runtime/default
   probes:
     armada:
       api:

tools/gate/playbooks/airskiff-deploy.yaml

@@ -31,6 +31,12 @@
       args:
         chdir: "{{ zuul.projects['opendev.org/airship/treasuremap'].src_dir }}"
 
+    - name: Setup Apparmor
+      shell: |
+        ./tools/deployment/airskiff/developer/015-setup-apparmor.sh
+      args:
+        chdir: "{{ zuul.projects['opendev.org/airship/treasuremap'].src_dir }}"
+
     - name: Deploy Kubernetes with Minikube
       shell: |
         ./tools/deployment/airskiff/developer/010-deploy-k8s.sh