airship
/
promenade
Code Issues Proposed changes

apiserver-webhook: Add Apparmor runtime default to apiserver-webhook 

Change-Id: Ib2376030a2e694c2b359a4bbffdc0bd968ec6310
This commit is contained in:
KHIYANI, RAHUL (rk0850) 2020-04-09 10:48:23 -05:00 committed by Rahul Khiyani
parent bb8dd7af48
commit 8463e61eb7
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
charts/apiserver-webhook/templates/deployment.yaml
View File

@ -117,6 +117,7 @@ spec:
{{ tuple $envAll "kubernetes-keystone-webhook" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
{{ dict "envAll" $envAll "podName" "apiserver-webhook" "containerNames" (list "apiserver" "webhook") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:

5
charts/apiserver-webhook/values.yaml
View File

@ -202,6 +202,11 @@ network_policy:
- {}
pod:
mandatory_access_control:
type: apparmor
apiserver-webhook:
apiserver: runtime/default
webhook: runtime/default
security_context:
apiserver_webhook:
pod: