From a8a530bec7ceb7b588e3bf31046623b9282c5427 Mon Sep 17 00:00:00 2001 From: "KAVVA, JAGAN MOHAN REDDY (jk330k)" Date: Mon, 22 Jun 2020 11:36:50 -0500 Subject: [PATCH] Enable Docker default AppArmor profile to maas This adds default Apparmor profile to maas-cache container. Change-Id: Ib181189d968e328291b802d1528b33fc74b7873e --- charts/maas/templates/statefulset-region.yaml | 7 ++++++- charts/maas/values.yaml | 1 + 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/charts/maas/templates/statefulset-region.yaml b/charts/maas/templates/statefulset-region.yaml index 3f77ea3..12db3cd 100644 --- a/charts/maas/templates/statefulset-region.yaml +++ b/charts/maas/templates/statefulset-region.yaml @@ -44,7 +44,12 @@ spec: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} -{{ dict "envAll" $envAll "podName" "maas-region" "containerNames" (list "init" "maas-region") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} +{{- $containers := "init maas-region" }} +{{- if .Values.conf.cache.enabled }} +{{- $containers = printf "%s maas-cache" $containers }} +{{- end }} +{{- $containers = splitList " " $containers }} +{{ dict "envAll" $envAll "podName" "maas-region" "containerNames" $containers | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} spec: serviceAccountName: {{ $serviceAccountName }} affinity: diff --git a/charts/maas/values.yaml b/charts/maas/values.yaml index 63535d1..292ad5e 100644 --- a/charts/maas/values.yaml +++ b/charts/maas/values.yaml @@ -308,6 +308,7 @@ pod: init: runtime/default maas-region: maas-region: runtime/default + maas-cache: runtime/default init: runtime/default maas-syslog: syslog: runtime/default