From 2ae6f9200a44ad93ac83305ecedb4ad36632f6b8 Mon Sep 17 00:00:00 2001
From: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
Date: Thu, 13 Aug 2020 21:54:13 +0000
Subject: [PATCH] Enable Apparmor to Placement db-migrate Jobs

Change-Id: I15141ff74cbc731238d634fb11995d21234327ba
Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
---
 placement/templates/job-db-migrate.yaml  | 2 ++
 placement/values_overrides/apparmor.yaml | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/placement/templates/job-db-migrate.yaml b/placement/templates/job-db-migrate.yaml
index 7178498f9c..99d75e74b2 100644
--- a/placement/templates/job-db-migrate.yaml
+++ b/placement/templates/job-db-migrate.yaml
@@ -29,6 +29,8 @@ spec:
     metadata:
       labels:
 {{ tuple $envAll "placement" $service  | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+      annotations:
+{{ dict "envAll" $envAll "podName" "placement-db-migrate" "containerNames" (list "placement-mysql-migration" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
       serviceAccountName: {{ $serviceAccountName }}
       restartPolicy: OnFailure
diff --git a/placement/values_overrides/apparmor.yaml b/placement/values_overrides/apparmor.yaml
index ee883ac067..84ca7507d0 100644
--- a/placement/values_overrides/apparmor.yaml
+++ b/placement/values_overrides/apparmor.yaml
@@ -5,4 +5,10 @@ pod:
     placement-api:
       placement-api: runtime/default
       init: runtime/default
+    placement-db-migrate:
+      init: runtime/default
+      placement-mysql-migration: runtime/default
+
+manifests:
+  job_db_migrate: true
 ...