Add apparmor profile to promenade tpl files

Change-Id: I00d5c74e079f72f9837f8502dfa6ca805e2e0e04
2020-07-20 15:23:08 -05:00 · 2020-07-20 15:23:08 -05:00 · dfebe8f55f
parent cb4ae15eb1
commit dfebe8f55f
8 changed files with 11 additions and 0 deletions
--- a/charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl
+++ b/charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl
@ -48,6 +48,7 @@ metadata:
  annotations:
    {{ $envAll | include "kubernetes_apiserver.key_annotation" }}
    {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+{{- dict "envAll" $envAll "podName" "apiserver" "containerNames" (list "apiserver") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
 spec:
  hostNetwork: true
  shareProcessNamespace: true
--- a/charts/apiserver/values.yaml
+++ b/charts/apiserver/values.yaml
@ -270,6 +270,8 @@ pod:
    kube-apiserver:
      init: runtime/default
      apiserver-key-rotate: runtime/default
+    apiserver:
+      apiserver: runtime/default
  security_context:
    kubernetes_apiserver_anchor:
      pod:
--- a/charts/controller_manager/templates/etc/_kubernetes-controller-manager.yaml.tpl
+++ b/charts/controller_manager/templates/etc/_kubernetes-controller-manager.yaml.tpl
@ -24,6 +24,7 @@ metadata:
 {{ tuple $envAll "kubernetes" "controller-manager" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
  annotations:
    {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+{{ dict "envAll" $envAll "podName" "controller-manager" "containerNames" (list "controller-manager") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
 spec:
  hostNetwork: true
  containers:
--- a/charts/controller_manager/values.yaml
+++ b/charts/controller_manager/values.yaml
@ -89,6 +89,8 @@ pod:
    type: apparmor
    kubernetes-controller-manager-anchor:
      anchor: runtime/default
+    controller-manager:
+      controller-manager: runtime/default
  security_context:
    kubernetes:
      pod:
--- a/charts/haproxy/templates/etc/_haproxy.yaml.tpl
+++ b/charts/haproxy/templates/etc/_haproxy.yaml.tpl
@ -25,6 +25,7 @@ metadata:
 {{ tuple $envAll "haproxy" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
  annotations:
    {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+{{ dict "envAll" $envAll "podName" "haproxy" "containerNames" (list "haproxy") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
 spec:
  hostNetwork: true
  containers:
--- a/charts/haproxy/values.yaml
+++ b/charts/haproxy/values.yaml
@ -84,6 +84,8 @@ pod:
      anchor: runtime/default
    kubernetes:
      haproxy-haproxy-test: runtime/default
+    haproxy:
+      haproxy: runtime/default
  security_context:
    haproxy_anchor:
      pod:
--- a/charts/scheduler/templates/etc/_kubernetes-scheduler.yaml.tpl
+++ b/charts/scheduler/templates/etc/_kubernetes-scheduler.yaml.tpl
@ -26,6 +26,7 @@ metadata:
 {{ tuple $envAll "kubernetes" "scheduler" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
  annotations:
    {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+{{ dict "envAll" $envAll "podName" "scheduler" "containerNames" (list "scheduler") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
 spec:
  hostNetwork: true
  containers:
--- a/charts/scheduler/values.yaml
+++ b/charts/scheduler/values.yaml
@ -29,6 +29,7 @@ pod:
    type: apparmor
    scheduler:
      anchor: runtime/default
+      scheduler: runtime/default
  security_context:
    scheduler:
      pod: