diff --git a/prometheus-openstack-exporter/templates/deployment.yaml b/prometheus-openstack-exporter/templates/deployment.yaml index dc5bb8d85..5c4ff8887 100644 --- a/prometheus-openstack-exporter/templates/deployment.yaml +++ b/prometheus-openstack-exporter/templates/deployment.yaml @@ -39,6 +39,8 @@ spec: metadata: labels: {{ tuple $envAll "prometheus-openstack-exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ dict "envAll" $envAll "podName" "prometheus-openstack-exporter" "containerNames" (list "openstack-metrics-exporter") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} spec: securityContext: readOnlyRootFilesystem: true diff --git a/prometheus-openstack-exporter/values.yaml b/prometheus-openstack-exporter/values.yaml index 899d56dd8..012195703 100644 --- a/prometheus-openstack-exporter/values.yaml +++ b/prometheus-openstack-exporter/values.yaml @@ -38,6 +38,10 @@ labels: node_selector_value: enabled pod: + mandatory_access_control: + type: apparmor + openstack-metrics-exporter: + openstack-metrics-exporter: localhost/docker-default user: openstack_exporter: uid: 65534 @@ -87,7 +91,6 @@ pod: limits: memory: "1024Mi" cpu: "2000m" - dependencies: dynamic: common: