Add apparmor profile to promenade tpl files
Change-Id: I00d5c74e079f72f9837f8502dfa6ca805e2e0e04
This commit is contained in:
parent
cb4ae15eb1
commit
dfebe8f55f
|
@ -48,6 +48,7 @@ metadata:
|
||||||
annotations:
|
annotations:
|
||||||
{{ $envAll | include "kubernetes_apiserver.key_annotation" }}
|
{{ $envAll | include "kubernetes_apiserver.key_annotation" }}
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
||||||
|
{{- dict "envAll" $envAll "podName" "apiserver" "containerNames" (list "apiserver") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
shareProcessNamespace: true
|
shareProcessNamespace: true
|
||||||
|
|
|
@ -270,6 +270,8 @@ pod:
|
||||||
kube-apiserver:
|
kube-apiserver:
|
||||||
init: runtime/default
|
init: runtime/default
|
||||||
apiserver-key-rotate: runtime/default
|
apiserver-key-rotate: runtime/default
|
||||||
|
apiserver:
|
||||||
|
apiserver: runtime/default
|
||||||
security_context:
|
security_context:
|
||||||
kubernetes_apiserver_anchor:
|
kubernetes_apiserver_anchor:
|
||||||
pod:
|
pod:
|
||||||
|
|
|
@ -24,6 +24,7 @@ metadata:
|
||||||
{{ tuple $envAll "kubernetes" "controller-manager" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
{{ tuple $envAll "kubernetes" "controller-manager" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||||
annotations:
|
annotations:
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
||||||
|
{{ dict "envAll" $envAll "podName" "controller-manager" "containerNames" (list "controller-manager") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
containers:
|
containers:
|
||||||
|
|
|
@ -89,6 +89,8 @@ pod:
|
||||||
type: apparmor
|
type: apparmor
|
||||||
kubernetes-controller-manager-anchor:
|
kubernetes-controller-manager-anchor:
|
||||||
anchor: runtime/default
|
anchor: runtime/default
|
||||||
|
controller-manager:
|
||||||
|
controller-manager: runtime/default
|
||||||
security_context:
|
security_context:
|
||||||
kubernetes:
|
kubernetes:
|
||||||
pod:
|
pod:
|
||||||
|
|
|
@ -25,6 +25,7 @@ metadata:
|
||||||
{{ tuple $envAll "haproxy" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
{{ tuple $envAll "haproxy" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||||
annotations:
|
annotations:
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
||||||
|
{{ dict "envAll" $envAll "podName" "haproxy" "containerNames" (list "haproxy") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
containers:
|
containers:
|
||||||
|
|
|
@ -84,6 +84,8 @@ pod:
|
||||||
anchor: runtime/default
|
anchor: runtime/default
|
||||||
kubernetes:
|
kubernetes:
|
||||||
haproxy-haproxy-test: runtime/default
|
haproxy-haproxy-test: runtime/default
|
||||||
|
haproxy:
|
||||||
|
haproxy: runtime/default
|
||||||
security_context:
|
security_context:
|
||||||
haproxy_anchor:
|
haproxy_anchor:
|
||||||
pod:
|
pod:
|
||||||
|
|
|
@ -26,6 +26,7 @@ metadata:
|
||||||
{{ tuple $envAll "kubernetes" "scheduler" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
{{ tuple $envAll "kubernetes" "scheduler" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||||
annotations:
|
annotations:
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
||||||
|
{{ dict "envAll" $envAll "podName" "scheduler" "containerNames" (list "scheduler") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
containers:
|
containers:
|
||||||
|
|
|
@ -29,6 +29,7 @@ pod:
|
||||||
type: apparmor
|
type: apparmor
|
||||||
scheduler:
|
scheduler:
|
||||||
anchor: runtime/default
|
anchor: runtime/default
|
||||||
|
scheduler: runtime/default
|
||||||
security_context:
|
security_context:
|
||||||
scheduler:
|
scheduler:
|
||||||
pod:
|
pod:
|
||||||
|
|
Loading…
Reference in New Issue