Add apparmor profile to promenade tpl files
Change-Id: I00d5c74e079f72f9837f8502dfa6ca805e2e0e04
This commit is contained in:
parent
cb4ae15eb1
commit
dfebe8f55f
|
@ -48,6 +48,7 @@ metadata:
|
|||
annotations:
|
||||
{{ $envAll | include "kubernetes_apiserver.key_annotation" }}
|
||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
||||
{{- dict "envAll" $envAll "podName" "apiserver" "containerNames" (list "apiserver") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
|
||||
spec:
|
||||
hostNetwork: true
|
||||
shareProcessNamespace: true
|
||||
|
|
|
@ -270,6 +270,8 @@ pod:
|
|||
kube-apiserver:
|
||||
init: runtime/default
|
||||
apiserver-key-rotate: runtime/default
|
||||
apiserver:
|
||||
apiserver: runtime/default
|
||||
security_context:
|
||||
kubernetes_apiserver_anchor:
|
||||
pod:
|
||||
|
|
|
@ -24,6 +24,7 @@ metadata:
|
|||
{{ tuple $envAll "kubernetes" "controller-manager" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||
annotations:
|
||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
||||
{{ dict "envAll" $envAll "podName" "controller-manager" "containerNames" (list "controller-manager") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
|
|
|
@ -89,6 +89,8 @@ pod:
|
|||
type: apparmor
|
||||
kubernetes-controller-manager-anchor:
|
||||
anchor: runtime/default
|
||||
controller-manager:
|
||||
controller-manager: runtime/default
|
||||
security_context:
|
||||
kubernetes:
|
||||
pod:
|
||||
|
|
|
@ -25,6 +25,7 @@ metadata:
|
|||
{{ tuple $envAll "haproxy" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||
annotations:
|
||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
||||
{{ dict "envAll" $envAll "podName" "haproxy" "containerNames" (list "haproxy") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
|
|
|
@ -84,6 +84,8 @@ pod:
|
|||
anchor: runtime/default
|
||||
kubernetes:
|
||||
haproxy-haproxy-test: runtime/default
|
||||
haproxy:
|
||||
haproxy: runtime/default
|
||||
security_context:
|
||||
haproxy_anchor:
|
||||
pod:
|
||||
|
|
|
@ -26,6 +26,7 @@ metadata:
|
|||
{{ tuple $envAll "kubernetes" "scheduler" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||
annotations:
|
||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
||||
{{ dict "envAll" $envAll "podName" "scheduler" "containerNames" (list "scheduler") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
|
|
|
@ -29,6 +29,7 @@ pod:
|
|||
type: apparmor
|
||||
scheduler:
|
||||
anchor: runtime/default
|
||||
scheduler: runtime/default
|
||||
security_context:
|
||||
scheduler:
|
||||
pod:
|
||||
|
|
Loading…
Reference in New Issue