Add default AppArmor profile to prometheus-alert-manager

Change-Id: I008eeb520af853678078091b838b0b2ca48e026c

prometheus-alertmanager/templates/statefulset.yaml

@@ -44,6 +44,7 @@ spec:
       annotations:
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ dict "envAll" $envAll "podName" "alertmanager" "containerNames" (list "alertmanager") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
       securityContext:
         readOnlyRootFilesystem: true

prometheus-alertmanager/values.yaml

@@ -38,6 +38,10 @@ labels:
     node_selector_value: enabled
 
 pod:
+  mandatory_access_control:
+    type: apparmor
+    alertmanager:
+      alertmanager: localhost/docker-default
   user:
     alertmanager:
       uid: 65534