From ae41873341978649c97b226dace763571a5d84f3 Mon Sep 17 00:00:00 2001
From: "KHIYANI, RAHUL (rk0850)" <rk0850@att.com>
Date: Wed, 12 Feb 2020 09:00:51 -0600
Subject: [PATCH] Add  Docker default AppArmor profile to ingress chart

Change-Id: Id4fee2008fd7544ccbf865084949c767013ca3fa
---
 ingress/templates/deployment-error.yaml   | 1 +
 ingress/templates/deployment-ingress.yaml | 1 +
 ingress/values_overrides/apparmor.yaml    | 8 ++++++++
 3 files changed, 10 insertions(+)
 create mode 100644 ingress/values_overrides/apparmor.yaml

diff --git a/ingress/templates/deployment-error.yaml b/ingress/templates/deployment-error.yaml
index 76b81dc8..3fa96da4 100644
--- a/ingress/templates/deployment-error.yaml
+++ b/ingress/templates/deployment-error.yaml
@@ -42,6 +42,7 @@ spec:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-conf.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ dict "envAll" $envAll "podName" "ingress-error-pages" "containerNames" (list "ingress-error-pages") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
 {{ dict "envAll" $envAll "application" "error_pages" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       shareProcessNamespace: true
diff --git a/ingress/templates/deployment-ingress.yaml b/ingress/templates/deployment-ingress.yaml
index b02023c3..79bc7f4e 100644
--- a/ingress/templates/deployment-ingress.yaml
+++ b/ingress/templates/deployment-ingress.yaml
@@ -180,6 +180,7 @@ spec:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-conf.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ dict "envAll" $envAll "podName" "ingress-server" "containerNames" (list "ingress" "ingress-vip") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
 {{ dict "envAll" $envAll "application" "server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       shareProcessNamespace: true
diff --git a/ingress/values_overrides/apparmor.yaml b/ingress/values_overrides/apparmor.yaml
new file mode 100644
index 00000000..8692c5e7
--- /dev/null
+++ b/ingress/values_overrides/apparmor.yaml
@@ -0,0 +1,8 @@
+pod:
+  mandatory_access_control:
+    type: apparmor
+    ingress-error-pages:
+      ingress-error-pages: runtime/default
+    ingress-server:
+      ingress: runtime/default
+      ingess-vip: runtime/default