Add apparmor annotation function
This patch set adds helm toolkit functions to annotate apparmor profile in the container's metadata section. Change-Id: Ib0ca04e8b8527194778afb8053046797abdfdb98 Signed-off-by: Tin Lam <tin@irrational.io>
This commit is contained in:
Tin Lam
parent
bc1afb87d7
commit
515b6697d3
@ -0,0 +1,49 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017-2018 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
abstract: |
|
||||||
|
Renders apparmor annotations for a list of containers driven by values.yaml.
|
||||||
|
values: |
|
||||||
|
pod:
|
||||||
|
apparmor:
|
||||||
|
myPodName:
|
||||||
|
myContainerName: localhost/myAppArmor
|
||||||
|
mySecondContainerName: localhost/secondProfile # optional
|
||||||
|
myThirdContainerName: localhost/thirdProfile # optional
|
||||||
|
usage: |
|
||||||
|
{{ dict "envAll" . "podName" "myPodName" "containerNames" (list "myContainerName" "mySecondContainerName" "myThirdContainerName") | include "helm-toolkit.snippets.kubernetes_apparmor_annotation" }}
|
||||||
|
return: |
|
||||||
|
container.apparmor.security.beta.kubernetes.io/myContainerName: localhost/myAppArmor
|
||||||
|
container.apparmor.security.beta.kubernetes.io/mySecondContainerName: localhost/secondProfile
|
||||||
|
container.apparmor.security.beta.kubernetes.io/myThirdContainerName: localhost/thirdProfile
|
||||||
|
note: |
|
||||||
|
The number of container underneath is a variable arguments. It loops through
|
||||||
|
all the container names specified.
|
||||||
|
*/}}
|
||||||
|
{{- define "helm-toolkit.snippets.kubernetes_apparmor_annotation" -}}
|
||||||
|
{{- $envAll := index . "envAll" -}}
|
||||||
|
{{- $podName := index . "podName" -}}
|
||||||
|
{{- $containerNames := index . "containerNames" -}}
|
||||||
|
{{- if hasKey (index $envAll.Values.pod "apparmor") $podName -}}
|
||||||
|
{{- range $name := $containerNames -}}
|
||||||
|
{{- $apparmorProfile := index $envAll.Values.pod.apparmor $podName $name -}}
|
||||||
|
{{- if $apparmorProfile }}
|
||||||
|
container.apparmor.security.beta.kubernetes.io/{{ $name }}: {{ $apparmorProfile }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
Loading…
x
Reference in New Issue
Block a user