From f97f56fae5aef2a011fa904a150e14d8a807ea36 Mon Sep 17 00:00:00 2001 From: dt241s Date: Wed, 27 Feb 2019 15:48:44 -0600 Subject: [PATCH] Add default AppArmor profile to prometheus-openstack-exporter Change-Id: I94e95e1f7d785a1d274e1ee3d9f90ffb00e23ea1 --- prometheus-openstack-exporter/templates/deployment.yaml | 2 ++ prometheus-openstack-exporter/values.yaml | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/prometheus-openstack-exporter/templates/deployment.yaml b/prometheus-openstack-exporter/templates/deployment.yaml index 64a7cc7de..1b324a389 100644 --- a/prometheus-openstack-exporter/templates/deployment.yaml +++ b/prometheus-openstack-exporter/templates/deployment.yaml @@ -39,6 +39,8 @@ spec: metadata: labels: {{ tuple $envAll "prometheus-openstack-exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ dict "envAll" $envAll "podName" "prometheus-openstack-exporter" "containerNames" (list "openstack-metrics-exporter") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} spec: {{ dict "envAll" $envAll "application" "openstack_exporter" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} serviceAccountName: {{ $serviceAccountName }} diff --git a/prometheus-openstack-exporter/values.yaml b/prometheus-openstack-exporter/values.yaml index 621cd524b..5fe240925 100644 --- a/prometheus-openstack-exporter/values.yaml +++ b/prometheus-openstack-exporter/values.yaml @@ -38,6 +38,10 @@ labels: node_selector_value: enabled pod: + mandatory_access_control: + type: apparmor + openstack-metrics-exporter: + openstack-metrics-exporter: localhost/docker-default user: openstack_exporter: uid: 65534 @@ -87,7 +91,6 @@ pod: limits: memory: "1024Mi" cpu: "2000m" - dependencies: dynamic: common: