Add default AppArmor profile to prometheus-process-exporter

Change-Id: If4d02d8d3b3f40d824063c14c7879ef9ee5f0a09
2019-02-27 15:46:28 -06:00 · 2019-02-27 15:46:28 -06:00 · f86189414d
parent 6a1a46a8ce
commit f86189414d
2 changed files with 6 additions and 1 deletions
--- a/prometheus-process-exporter/templates/daemonset.yaml
+++ b/prometheus-process-exporter/templates/daemonset.yaml
@ -50,6 +50,8 @@ spec:
    metadata:
      labels:
 {{ tuple $envAll "process_exporter" "metrics" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+      annotations:
+{{ dict "envAll" $envAll "podName" "process-exporter" "containerNames" (list "process-exporter") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
    spec:
      securityContext:
        readOnlyRootFilesystem: true
--- a/prometheus-process-exporter/values.yaml
+++ b/prometheus-process-exporter/values.yaml
@ -37,6 +37,10 @@ labels:
    node_selector_value: enabled

 pod:
+  mandatory_access_control:
+    type: apparmor
+    process-exporter:
+      process-exporter: localhost/docker-default
  affinity:
    anti:
      type:
@ -87,7 +91,6 @@ pod:
        operator: Exists
      - key: node-role.kubernetes.io/node
        operator: Exists
-
 dependencies:
  dynamic:
    common: