From d2e48fc13131954b4c5ef7dc55a80204bc1a0367 Mon Sep 17 00:00:00 2001 From: diwakar thyagaraj Date: Mon, 11 May 2020 14:26:04 +0000 Subject: [PATCH] Enable Apparmor to openvswitch init pods Change-Id: Ib71f7e4a2ea21efaa648ddf13a8ee3378609deb2 Signed-off-by: diwakar thyagaraj --- openvswitch/templates/daemonset-ovs-db.yaml | 2 +- openvswitch/templates/daemonset-ovs-vswitchd.yaml | 2 +- openvswitch/values_overrides/apparmor.yaml | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/openvswitch/templates/daemonset-ovs-db.yaml b/openvswitch/templates/daemonset-ovs-db.yaml index 780e8c87a..dcbae8b88 100644 --- a/openvswitch/templates/daemonset-ovs-db.yaml +++ b/openvswitch/templates/daemonset-ovs-db.yaml @@ -54,7 +54,7 @@ spec: annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} -{{ dict "envAll" $envAll "podName" "openvswitch-db" "containerNames" (list "openvswitch-db" "openvswitch-db-perms") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} +{{ dict "envAll" $envAll "podName" "openvswitch-db" "containerNames" (list "openvswitch-db" "openvswitch-db-perms" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} spec: shareProcessNamespace: true serviceAccountName: {{ $serviceAccountName }} diff --git a/openvswitch/templates/daemonset-ovs-vswitchd.yaml b/openvswitch/templates/daemonset-ovs-vswitchd.yaml index 8c6849b46..dc2647e07 100644 --- a/openvswitch/templates/daemonset-ovs-vswitchd.yaml +++ b/openvswitch/templates/daemonset-ovs-vswitchd.yaml @@ -62,7 +62,7 @@ spec: annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} -{{ dict "envAll" $envAll "podName" "openvswitch-vswitchd" "containerNames" (list "openvswitch-vswitchd" "openvswitch-vswitchd-modules") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} +{{ dict "envAll" $envAll "podName" "openvswitch-vswitchd" "containerNames" (list "openvswitch-vswitchd" "openvswitch-vswitchd-modules" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} spec: shareProcessNamespace: true serviceAccountName: {{ $serviceAccountName }} diff --git a/openvswitch/values_overrides/apparmor.yaml b/openvswitch/values_overrides/apparmor.yaml index 193d29aa5..ddf3d37bc 100644 --- a/openvswitch/values_overrides/apparmor.yaml +++ b/openvswitch/values_overrides/apparmor.yaml @@ -5,6 +5,8 @@ pod: openvswitch-vswitchd: openvswitch-vswitchd: runtime/default openvswitch-vswitchd-modules: runtime/default + init: runtime/default openvswitch-db: openvswitch-db: runtime/default - openvswitch-db-perms: runtime/default \ No newline at end of file + openvswitch-db-perms: runtime/default + init: runtime/default \ No newline at end of file