From efac80f2d2fe18322d9de440976cc66966d04f36 Mon Sep 17 00:00:00 2001
From: "Pai, Radhika (rp592h)" <rp592h@att.com>
Date: Wed, 15 Jul 2020 10:18:05 -0500
Subject: [PATCH] Updated the Node Problem Detector chart

The image for the npd is updated to use from the openstackhelm images
repo rather than the k8 image . The k8 image had some security
vulnerabities.
The version for the image is updated to latest ie v0.8.2.

Added the apparmor file.

Change-Id: I4cb40d8bac0533d516d2105f9589636c81fa4111
---
 .../templates/bin/_node-problem-detector.sh.tpl           | 2 +-
 kubernetes-node-problem-detector/values.yaml              | 2 +-
 .../values_overrides/apparmor.yaml                        | 8 ++++++++
 tools/deployment/apparmor/115-node-problem-detector.sh    | 1 +
 4 files changed, 11 insertions(+), 2 deletions(-)
 create mode 100644 kubernetes-node-problem-detector/values_overrides/apparmor.yaml
 create mode 100644 tools/deployment/apparmor/115-node-problem-detector.sh

diff --git a/kubernetes-node-problem-detector/templates/bin/_node-problem-detector.sh.tpl b/kubernetes-node-problem-detector/templates/bin/_node-problem-detector.sh.tpl
index 86b4ac08f..d0e4e27bc 100644
--- a/kubernetes-node-problem-detector/templates/bin/_node-problem-detector.sh.tpl
+++ b/kubernetes-node-problem-detector/templates/bin/_node-problem-detector.sh.tpl
@@ -15,7 +15,7 @@ limitations under the License.
 
 set -ex
 
-exec /node-problem-detector \
+exec /opt/node-problem-detector/bin/node-problem-detector \
   {{- range $monitor, $monitorConfig := .Values.conf.monitors }}
   {{- if $monitorConfig.enabled }}
   --config.{{$monitor}}={{ include "helm-toolkit.utils.joinListWithComma" $monitorConfig.enabled }} \
diff --git a/kubernetes-node-problem-detector/values.yaml b/kubernetes-node-problem-detector/values.yaml
index 7ddb81eda..898edec3a 100644
--- a/kubernetes-node-problem-detector/values.yaml
+++ b/kubernetes-node-problem-detector/values.yaml
@@ -17,7 +17,7 @@
 ---
 images:
   tags:
-    node_problem_detector: k8s.gcr.io/node-problem-detector:v0.7.0
+    node_problem_detector: docker.io/openstackhelm/node-problem-detector:ubuntu_bionic-20200714
     dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
     image_repo_sync: docker.io/docker:17.07.0
   pull_policy: IfNotPresent
diff --git a/kubernetes-node-problem-detector/values_overrides/apparmor.yaml b/kubernetes-node-problem-detector/values_overrides/apparmor.yaml
new file mode 100644
index 000000000..fc134e69c
--- /dev/null
+++ b/kubernetes-node-problem-detector/values_overrides/apparmor.yaml
@@ -0,0 +1,8 @@
+---
+pod:
+  mandatory_access_control:
+    type: apparmor
+    node-problem-detector:
+      node-problem-detector: runtime/default
+      init: runrtime/default
+...
diff --git a/tools/deployment/apparmor/115-node-problem-detector.sh b/tools/deployment/apparmor/115-node-problem-detector.sh
new file mode 100644
index 000000000..885a5b468
--- /dev/null
+++ b/tools/deployment/apparmor/115-node-problem-detector.sh
@@ -0,0 +1 @@
+../osh-infra-monitoring/075-node-problem-detector.sh
\ No newline at end of file