Add Docker default AppArmor profile to ingress chart

Change-Id: Id4fee2008fd7544ccbf865084949c767013ca3fa

ingress/templates/deployment-error.yaml

@@ -42,6 +42,7 @@ spec:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-conf.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ dict "envAll" $envAll "podName" "ingress-error-pages" "containerNames" (list "ingress-error-pages") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
 {{ dict "envAll" $envAll "application" "error_pages" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       shareProcessNamespace: true

ingress/templates/deployment-ingress.yaml

@@ -180,6 +180,7 @@ spec:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-conf.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ dict "envAll" $envAll "podName" "ingress-server" "containerNames" (list "ingress" "ingress-vip") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
 {{ dict "envAll" $envAll "application" "server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       shareProcessNamespace: true

ingress/values_overrides/apparmor.yaml

@@ -0,0 +1,8 @@
+pod:
+  mandatory_access_control:
+    type: apparmor
+    ingress-error-pages:
+      ingress-error-pages: runtime/default
+    ingress-server:
+      ingress: runtime/default
+      ingess-vip: runtime/default