Apparmor: Update to use the runtime default profile

This moves from using the docker profile to the default runtime profile - which allows container engines other than docker to work out of the box. Change-Id: Ica5a48f8c43b90f07969b41e10dc472a772b5b43 Signed-off-by: Pete Birley <pete@port.direct>
2020-01-13 13:03:17 -06:00 · 2020-01-13 13:03:17 -06:00 · 641bb04d4a
commit 641bb04d4a
parent f1ffb7dbdb
12 changed files with 17 additions and 17 deletions
--- a/calico/values.yaml
+++ b/calico/values.yaml
@ -136,7 +136,7 @@ pod:
  mandatory_access_control:
    type: apparmor
    calico-node:
-      calico-node: localhost/docker-default
+      calico-node: runtime/default

 dependencies:
  dynamic:
--- a/elasticsearch/values.yaml
+++ b/elasticsearch/values.yaml
@ -139,11 +139,11 @@ pod:
  mandatory_access_control:
    type: apparmor
    elasticsearch-master:
-      elasticsearch-master: localhost/docker-default
+      elasticsearch-master: runtime/default
    elasticsearch-data:
-      elasticsearch-data: localhost/docker-default
+      elasticsearch-data: runtime/default
    elasticsearch-client:
-      elasticsearch-client: localhost/docker-default
+      elasticsearch-client: runtime/default
  security_context:
    exporter:
      pod:
--- a/tools/deployment/apparmor/020-ceph.sh
+++ b/tools/deployment/apparmor/020-ceph.sh
@ -194,7 +194,7 @@ pod:
  mandatory_access_control:
    type: apparmor
    ceph-osd-default:
-      ceph-osd-default: localhost/docker-default
+      ceph-osd-default: runtime/default
 EOF

 for CHART in ceph-mon ceph-client ceph-provisioners; do
--- a/tools/deployment/apparmor/040-memcached.sh
+++ b/tools/deployment/apparmor/040-memcached.sh
@ -30,7 +30,7 @@ pod:
  mandatory_access_control:
    type: apparmor
    memcached:
-      memcached: localhost/docker-default
+      memcached: runtime/default
 EOF

 # NOTE: Deploy command
--- a/tools/deployment/apparmor/050-prometheus-alertmanager.sh
+++ b/tools/deployment/apparmor/050-prometheus-alertmanager.sh
@ -25,7 +25,7 @@ pod:
  mandatory_access_control:
    type: apparmor
    alertmanager:
-      alertmanager: localhost/docker-default
+      alertmanager: runtime/default
 storage:
  enabled: false
 EOF
--- a/tools/deployment/apparmor/060-prometheus-node-exporter.sh
+++ b/tools/deployment/apparmor/060-prometheus-node-exporter.sh
@ -25,7 +25,7 @@ pod:
  mandatory_access_control:
    type: apparmor
    node-exporter:
-      node-exporter: localhost/docker-default
+      node-exporter: runtime/default
 EOF
 helm upgrade --install prometheus-node-exporter ./prometheus-node-exporter \
    --namespace=kube-system \
--- a/tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
+++ b/tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
@ -32,7 +32,7 @@ pod:
  mandatory_access_control:
    type: apparmor
    prometheus-openstack-exporter:
-      openstack-metrics-exporter: localhost/docker-default
+      openstack-metrics-exporter: runtime/default
 EOF
 helm upgrade --install prometheus-openstack-exporter ./prometheus-openstack-exporter \
    --namespace=openstack \
--- a/tools/deployment/apparmor/080-prometheus-process-exporter.sh
+++ b/tools/deployment/apparmor/080-prometheus-process-exporter.sh
@ -25,7 +25,7 @@ pod:
  mandatory_access_control:
    type: apparmor
    process-exporter:
-      process-exporter: localhost/docker-default
+      process-exporter: runtime/default
 EOF
 helm upgrade --install prometheus-process-exporter ./prometheus-process-exporter \
    --namespace=kube-system \
--- a/tools/deployment/apparmor/090-elasticsearch.sh
+++ b/tools/deployment/apparmor/090-elasticsearch.sh
@ -31,11 +31,11 @@ pod:
  mandatory_access_control:
    type: apparmor
    elasticsearch-master:
-      elasticsearch-master: localhost/docker-default
+      elasticsearch-master: runtime/default
    elasticsearch-data:
-      elasticsearch-data: localhost/docker-default
+      elasticsearch-data: runtime/default
    elasticsearch-client:
-      elasticsearch-client: localhost/docker-default
+      elasticsearch-client: runtime/default
  replicas:
    data: 1
    master: 2
--- a/tools/deployment/apparmor/100-fluentbit.sh
+++ b/tools/deployment/apparmor/100-fluentbit.sh
@ -23,7 +23,7 @@ pod:
  mandatory_access_control:
    type: apparmor
    fluentbit:
-      fluentbit: localhost/docker-default
+      fluentbit: runtime/default
 EOF

 #NOTE: Deploy command
--- a/tools/deployment/apparmor/110-fluentd-daemonset.sh
+++ b/tools/deployment/apparmor/110-fluentd-daemonset.sh
@ -29,7 +29,7 @@ pod:
  mandatory_access_control:
    type: apparmor
    fluentd:
-      fluentd: localhost/docker-default
+      fluentd: runtime/default
 conf:
  fluentd:
    template: |
--- a/tools/deployment/apparmor/120-openvswitch.sh
+++ b/tools/deployment/apparmor/120-openvswitch.sh
@ -25,9 +25,9 @@ pod:
  mandatory_access_control:
    type: apparmor
    openvswitch-vswitchd:
-      openvswitch-vswitchd: localhost/docker-default
+      openvswitch-vswitchd: runtime/default
    openvswitch-db:
-      openvswitch-db: localhost/docker-default
+      openvswitch-db: runtime/default
 EOF

 #NOTE: Deploy command