From fc331e51249c37651c9ed1377a3b659637cb5864 Mon Sep 17 00:00:00 2001
From: NarlaSandeepNarlaSaibaba <nn597f@att.com>
Date: Mon, 20 Jan 2020 03:06:01 -0600
Subject: [PATCH]  Add  Docker default AppArmor profile to promenade

Change-Id: Ic3983f963ae5003445642f842a9c550cf49d4d34
---
 .zuul.yaml                                     | 3 +--
 charts/promenade/templates/deployment-api.yaml | 1 +
 charts/promenade/values.yaml                   | 4 ++++
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/.zuul.yaml b/.zuul.yaml
index 8cd2c97d..1ec5d152 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -46,7 +46,7 @@
     name: airship-promenade-single-node
     nodes:
       - name: primary
-        label: ubuntu-xenial
+        label: ubuntu-bionic
 - nodeset:
     name: airship-promenade-single-node-bionic
     nodes:
@@ -130,7 +130,6 @@
       - ^etc/.*$
       - ^tests/.*$
       - ^tools/.*$
-
 - job:
     name: airship-docker-build-post
     run: tools/zuul/playbooks/docker-image-build.yaml
diff --git a/charts/promenade/templates/deployment-api.yaml b/charts/promenade/templates/deployment-api.yaml
index e4b5374d..57033d33 100644
--- a/charts/promenade/templates/deployment-api.yaml
+++ b/charts/promenade/templates/deployment-api.yaml
@@ -41,6 +41,7 @@ spec:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ dict "envAll" $envAll "podName" "promenade-api" "containerNames" (list "promenade-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
 {{ dict "envAll" $envAll "application" "promenade" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       affinity:
diff --git a/charts/promenade/values.yaml b/charts/promenade/values.yaml
index c850123e..6ce6bd2a 100644
--- a/charts/promenade/values.yaml
+++ b/charts/promenade/values.yaml
@@ -182,6 +182,10 @@ pod:
         promenade_api:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
+  mandatory_access_control:
+    type: apparmor
+    promenade-api:
+      promenade-api: runtime/default
   affinity:
     anti:
       type: