From 564cada4ad0ad873dbde17199ad945839d0ae8eb Mon Sep 17 00:00:00 2001
From: "dt241s@att.com" <diwakar.chitoor.thyagaraj@att.com>
Date: Sun, 2 Aug 2020 03:17:31 +0000
Subject: [PATCH] Add Application Armor to elastic-apm

Change-Id: Id1e6b70db03f71b87539f6e3e466f39d8440b773
---
 elastic-apm-server/templates/deployment.yaml      | 1 +
 elastic-apm-server/values_overrides/apparmor.yaml | 8 ++++++++
 2 files changed, 9 insertions(+)
 create mode 100644 elastic-apm-server/values_overrides/apparmor.yaml

diff --git a/elastic-apm-server/templates/deployment.yaml b/elastic-apm-server/templates/deployment.yaml
index e962726c0..be1f5bf83 100644
--- a/elastic-apm-server/templates/deployment.yaml
+++ b/elastic-apm-server/templates/deployment.yaml
@@ -66,6 +66,7 @@ spec:
       annotations:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ dict "envAll" $envAll "podName" "elastic-apm-server" "containerNames" (list "elastic-apm-server" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
       replicas: {{ .Values.pod.replicas.elastic_apm_server }}
       serviceAccountName: {{ $serviceAccountName }}
diff --git a/elastic-apm-server/values_overrides/apparmor.yaml b/elastic-apm-server/values_overrides/apparmor.yaml
new file mode 100644
index 000000000..70b0988d7
--- /dev/null
+++ b/elastic-apm-server/values_overrides/apparmor.yaml
@@ -0,0 +1,8 @@
+---
+pod:
+  mandatory_access_control:
+    type: apparmor
+    elastic-apm-server:
+      init: runtime/default
+      elastic-apm-server: runtime/default
+...