From f86189414d38a0643a6038fb0565a083a4f85f2e Mon Sep 17 00:00:00 2001
From: dt241s <dt241s@att.com>
Date: Wed, 27 Feb 2019 15:46:28 -0600
Subject: [PATCH] Add default AppArmor profile to prometheus-process-exporter

Change-Id: If4d02d8d3b3f40d824063c14c7879ef9ee5f0a09
---
 prometheus-process-exporter/templates/daemonset.yaml | 2 ++
 prometheus-process-exporter/values.yaml              | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/prometheus-process-exporter/templates/daemonset.yaml b/prometheus-process-exporter/templates/daemonset.yaml
index 72d3f2b90..d71db7f4f 100644
--- a/prometheus-process-exporter/templates/daemonset.yaml
+++ b/prometheus-process-exporter/templates/daemonset.yaml
@@ -50,6 +50,8 @@ spec:
     metadata:
       labels:
 {{ tuple $envAll "process_exporter" "metrics" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+      annotations:
+{{ dict "envAll" $envAll "podName" "process-exporter" "containerNames" (list "process-exporter") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
       securityContext:
         readOnlyRootFilesystem: true
diff --git a/prometheus-process-exporter/values.yaml b/prometheus-process-exporter/values.yaml
index 78c0ae2fc..84e7dfbaa 100644
--- a/prometheus-process-exporter/values.yaml
+++ b/prometheus-process-exporter/values.yaml
@@ -37,6 +37,10 @@ labels:
     node_selector_value: enabled
 
 pod:
+  mandatory_access_control:
+    type: apparmor
+    process-exporter:
+      process-exporter: localhost/docker-default
   affinity:
     anti:
       type:
@@ -87,7 +91,6 @@ pod:
         operator: Exists
       - key: node-role.kubernetes.io/node
         operator: Exists
-
 dependencies:
   dynamic:
     common: