Enable Application Armor to all ceph key-generator pods.

1) Changed the pod name and container name to pick name dynamically for
   osd,mon,mgr and mds.

2) Added Init container for ceph-provisioners.

Change-Id: I3e27d51c055010cff982ddb0951d01ea8adac234
Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>

ceph-mon/templates/job-keyring.yaml

@@ -59,6 +59,8 @@ spec:
     metadata:
       labels:
 {{ tuple $envAll "ceph" $jobName | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+      annotations:
+{{ dict "envAll" $envAll "podName" $jobName "containerNames" (list $jobName "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
 {{ dict "envAll" $envAll "application" "ceph" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       serviceAccountName: {{ $serviceAccountName }}

ceph-mon/values_overrides/apparmor.yaml

@@ -15,6 +15,18 @@ pod:
     ceph-storage-keys-generator:
       ceph-storage-keys-generator: runtime/default
       init: runtime/default
+    ceph-mon-keyring-generator:
+      ceph-mon-keyring-generator: runtime/default
+      init: runtime/default
+    ceph-mgr-keyring-generator:
+      init: runtime/default
+      ceph-mgr-keyring-generator: runtime/default
+    ceph-mds-keyring-generator:
+      init: runtime/default
+      ceph-mds-keyring-generator: runtime/default
+    ceph-osd-keyring-generator:
+      ceph-osd-keyring-generator: runtime/default
+      init: runtime/default
 bootstrap:
   enabled: true
 manifests:

ceph-provisioners/templates/job-cephfs-client-key.yaml

@@ -88,7 +88,7 @@ spec:
       labels:
 {{ tuple $envAll "ceph" "cephfs-client-key-generator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
       annotations:
-{{ dict "envAll" $envAll "podName" "ceph-cephfs-client-key-generator" "containerNames" (list "ceph-storage-keys-generator") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "ceph-cephfs-client-key-generator" "containerNames" (list "ceph-storage-keys-generator" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
 {{ dict "envAll" $envAll "application" "cephfs_client_key_generator" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       serviceAccountName: {{ $serviceAccountName }}

ceph-provisioners/values_overrides/apparmor.yaml

@@ -7,6 +7,7 @@ pod:
       init: runtime/default
     ceph-cephfs-client-key-generator:
       ceph-storage-keys-generator: runtime/default
+      init: runtime/default
     ceph-rbd-provisioner:
       ceph-rbd-provisioner: runtime/default
       init: runtime/default