From 8617c8c1e0ea5fc55d652ccd2a8c2eedf16f69ad Mon Sep 17 00:00:00 2001 From: "KHIYANI, RAHUL (rk0850)" Date: Thu, 30 Apr 2020 09:57:35 -0500 Subject: [PATCH] Ingress: Add apparmor profile to ingress init container Change-Id: I2217a8ab8c76b8f6a14f477c3159e4133ef186f9 --- ingress/templates/deployment-error.yaml | 2 +- ingress/values_overrides/apparmor.yaml | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ingress/templates/deployment-error.yaml b/ingress/templates/deployment-error.yaml index 3fa96da4e..9b8184089 100644 --- a/ingress/templates/deployment-error.yaml +++ b/ingress/templates/deployment-error.yaml @@ -42,7 +42,7 @@ spec: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} configmap-etc-hash: {{ tuple "configmap-conf.yaml" . | include "helm-toolkit.utils.hash" }} -{{ dict "envAll" $envAll "podName" "ingress-error-pages" "containerNames" (list "ingress-error-pages") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} +{{ dict "envAll" $envAll "podName" "ingress-error-pages" "containerNames" (list "init" "ingress-error-pages") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} spec: {{ dict "envAll" $envAll "application" "error_pages" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} shareProcessNamespace: true diff --git a/ingress/values_overrides/apparmor.yaml b/ingress/values_overrides/apparmor.yaml index 5f35e7a5e..bfddceee6 100644 --- a/ingress/values_overrides/apparmor.yaml +++ b/ingress/values_overrides/apparmor.yaml @@ -2,7 +2,8 @@ pod: mandatory_access_control: type: apparmor ingress-error-pages: + init: runtime/default ingress-error-pages: runtime/default ingress-server: ingress: runtime/default - ingress-vip: runtime/default \ No newline at end of file + ingress-vip: runtime/default