From 77b37ca5206854639f8ad41a16bb7b3db1edc360 Mon Sep 17 00:00:00 2001
From: dt241s <dt241s@att.com>
Date: Wed, 27 Feb 2019 14:58:12 -0600
Subject: [PATCH] Add default AppArmor profile to prometheus-alert-manager

Change-Id: I008eeb520af853678078091b838b0b2ca48e026c
---
 prometheus-alertmanager/templates/statefulset.yaml | 1 +
 prometheus-alertmanager/values.yaml                | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/prometheus-alertmanager/templates/statefulset.yaml b/prometheus-alertmanager/templates/statefulset.yaml
index 4f5a6d129..629d049b3 100644
--- a/prometheus-alertmanager/templates/statefulset.yaml
+++ b/prometheus-alertmanager/templates/statefulset.yaml
@@ -44,6 +44,7 @@ spec:
       annotations:
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ dict "envAll" $envAll "podName" "alertmanager" "containerNames" (list "alertmanager") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
       securityContext:
         readOnlyRootFilesystem: true
diff --git a/prometheus-alertmanager/values.yaml b/prometheus-alertmanager/values.yaml
index f3472ad03..8528f712f 100644
--- a/prometheus-alertmanager/values.yaml
+++ b/prometheus-alertmanager/values.yaml
@@ -38,6 +38,10 @@ labels:
     node_selector_value: enabled
 
 pod:
+  mandatory_access_control:
+    type: apparmor
+    alertmanager:
+      alertmanager: localhost/docker-default
   user:
     alertmanager:
       uid: 65534