From 610159a4fd473b9ff98a9511ef18f059902f1e98 Mon Sep 17 00:00:00 2001
From: Hemachandra Reddy <hr858f@att.com>
Date: Fri, 7 Aug 2020 16:30:52 +0000
Subject: [PATCH] Adds apparmor profile to Placement pods

Change-Id: I075ec8351faa44b3d133b4bc1182213bd6527588
---
 placement/templates/deployment.yaml      | 1 +
 placement/values_overrides/apparmor.yaml | 8 ++++++++
 2 files changed, 9 insertions(+)
 create mode 100644 placement/values_overrides/apparmor.yaml

diff --git a/placement/templates/deployment.yaml b/placement/templates/deployment.yaml
index 55154203d4..3924df4163 100644
--- a/placement/templates/deployment.yaml
+++ b/placement/templates/deployment.yaml
@@ -45,6 +45,7 @@ spec:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ dict "envAll" $envAll "podName" "placement-api" "containerNames" (list "placement-api" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
       serviceAccountName: {{ $serviceAccountName }}
       affinity:
diff --git a/placement/values_overrides/apparmor.yaml b/placement/values_overrides/apparmor.yaml
new file mode 100644
index 0000000000..ee883ac067
--- /dev/null
+++ b/placement/values_overrides/apparmor.yaml
@@ -0,0 +1,8 @@
+---
+pod:
+  mandatory_access_control:
+    type: apparmor
+    placement-api:
+      placement-api: runtime/default
+      init: runtime/default
+...