From 469b31356ddb71698281bb1bd8990a8c05757368 Mon Sep 17 00:00:00 2001 From: dt241s Date: Wed, 27 Feb 2019 14:21:17 -0600 Subject: [PATCH] Add default AppArmor profile to prometheus-node-exporter Change-Id: Icb407f5271581979d3a2869b776013ba478c9487 --- prometheus-node-exporter/templates/daemonset.yaml | 2 ++ prometheus-node-exporter/values.yaml | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/prometheus-node-exporter/templates/daemonset.yaml b/prometheus-node-exporter/templates/daemonset.yaml index 93724cc56..48ede2838 100644 --- a/prometheus-node-exporter/templates/daemonset.yaml +++ b/prometheus-node-exporter/templates/daemonset.yaml @@ -51,6 +51,8 @@ spec: metadata: labels: {{ tuple $envAll "node_exporter" "metrics" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ dict "envAll" $envAll "podName" "node-exporter" "containerNames" (list "node-exporter") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} namespace: {{ .Values.endpoints.node_metrics.namespace }} spec: securityContext: diff --git a/prometheus-node-exporter/values.yaml b/prometheus-node-exporter/values.yaml index 59105125e..31eacd037 100644 --- a/prometheus-node-exporter/values.yaml +++ b/prometheus-node-exporter/values.yaml @@ -37,6 +37,10 @@ labels: node_selector_value: enabled pod: + mandatory_access_control: + type: apparmor + node-exporter: + node-exporter: localhost/docker-default affinity: anti: type: @@ -87,7 +91,6 @@ pod: operator: Exists - key: node-role.kubernetes.io/node operator: Exists - dependencies: dynamic: common: