From dfebe8f55f6e717e082a0ec49668139145ddf756 Mon Sep 17 00:00:00 2001
From: "KHIYANI, RAHUL (rk0850)" <rk0850@att.com>
Date: Mon, 20 Jul 2020 15:23:08 -0500
Subject: [PATCH] Add apparmor profile to promenade tpl files

Change-Id: I00d5c74e079f72f9837f8502dfa6ca805e2e0e04
---
 charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl   | 1 +
 charts/apiserver/values.yaml                                    | 2 ++
 .../templates/etc/_kubernetes-controller-manager.yaml.tpl       | 1 +
 charts/controller_manager/values.yaml                           | 2 ++
 charts/haproxy/templates/etc/_haproxy.yaml.tpl                  | 1 +
 charts/haproxy/values.yaml                                      | 2 ++
 charts/scheduler/templates/etc/_kubernetes-scheduler.yaml.tpl   | 1 +
 charts/scheduler/values.yaml                                    | 1 +
 8 files changed, 11 insertions(+)

diff --git a/charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl b/charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl
index b0cfc2d1..f38a40c9 100644
--- a/charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl
+++ b/charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl
@@ -48,6 +48,7 @@ metadata:
   annotations:
     {{ $envAll | include "kubernetes_apiserver.key_annotation" }}
     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+{{- dict "envAll" $envAll "podName" "apiserver" "containerNames" (list "apiserver") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
 spec:
   hostNetwork: true
   shareProcessNamespace: true
diff --git a/charts/apiserver/values.yaml b/charts/apiserver/values.yaml
index bff5f2f7..7366a32c 100644
--- a/charts/apiserver/values.yaml
+++ b/charts/apiserver/values.yaml
@@ -270,6 +270,8 @@ pod:
     kube-apiserver:
       init: runtime/default
       apiserver-key-rotate: runtime/default
+    apiserver:
+      apiserver: runtime/default
   security_context:
     kubernetes_apiserver_anchor:
       pod:
diff --git a/charts/controller_manager/templates/etc/_kubernetes-controller-manager.yaml.tpl b/charts/controller_manager/templates/etc/_kubernetes-controller-manager.yaml.tpl
index ffb5244c..886bc5ff 100644
--- a/charts/controller_manager/templates/etc/_kubernetes-controller-manager.yaml.tpl
+++ b/charts/controller_manager/templates/etc/_kubernetes-controller-manager.yaml.tpl
@@ -24,6 +24,7 @@ metadata:
 {{ tuple $envAll "kubernetes" "controller-manager" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   annotations:
     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+{{ dict "envAll" $envAll "podName" "controller-manager" "containerNames" (list "controller-manager") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
 spec:
   hostNetwork: true
   containers:
diff --git a/charts/controller_manager/values.yaml b/charts/controller_manager/values.yaml
index 8181c4ff..f285f5e9 100644
--- a/charts/controller_manager/values.yaml
+++ b/charts/controller_manager/values.yaml
@@ -89,6 +89,8 @@ pod:
     type: apparmor
     kubernetes-controller-manager-anchor:
       anchor: runtime/default
+    controller-manager:
+      controller-manager: runtime/default
   security_context:
     kubernetes:
       pod:
diff --git a/charts/haproxy/templates/etc/_haproxy.yaml.tpl b/charts/haproxy/templates/etc/_haproxy.yaml.tpl
index bfab7718..402feb7d 100644
--- a/charts/haproxy/templates/etc/_haproxy.yaml.tpl
+++ b/charts/haproxy/templates/etc/_haproxy.yaml.tpl
@@ -25,6 +25,7 @@ metadata:
 {{ tuple $envAll "haproxy" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   annotations:
     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+{{ dict "envAll" $envAll "podName" "haproxy" "containerNames" (list "haproxy") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
 spec:
   hostNetwork: true
   containers:
diff --git a/charts/haproxy/values.yaml b/charts/haproxy/values.yaml
index 7d68ecc4..64ac72d6 100644
--- a/charts/haproxy/values.yaml
+++ b/charts/haproxy/values.yaml
@@ -84,6 +84,8 @@ pod:
       anchor: runtime/default
     kubernetes:
       haproxy-haproxy-test: runtime/default
+    haproxy:
+      haproxy: runtime/default
   security_context:
     haproxy_anchor:
       pod:
diff --git a/charts/scheduler/templates/etc/_kubernetes-scheduler.yaml.tpl b/charts/scheduler/templates/etc/_kubernetes-scheduler.yaml.tpl
index aef3baba..79309bfc 100644
--- a/charts/scheduler/templates/etc/_kubernetes-scheduler.yaml.tpl
+++ b/charts/scheduler/templates/etc/_kubernetes-scheduler.yaml.tpl
@@ -26,6 +26,7 @@ metadata:
 {{ tuple $envAll "kubernetes" "scheduler" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   annotations:
     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+{{ dict "envAll" $envAll "podName" "scheduler" "containerNames" (list "scheduler") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
 spec:
   hostNetwork: true
   containers:
diff --git a/charts/scheduler/values.yaml b/charts/scheduler/values.yaml
index 69698233..6961704b 100644
--- a/charts/scheduler/values.yaml
+++ b/charts/scheduler/values.yaml
@@ -29,6 +29,7 @@ pod:
     type: apparmor
     scheduler:
       anchor: runtime/default
+      scheduler: runtime/default
   security_context:
     scheduler:
       pod: