From ae278c674e13349d9e36e34258f8b563ceb1c253 Mon Sep 17 00:00:00 2001
From: "KHIYANI, RAHUL (rk0850)" <rk0850@att.com>
Date: Wed, 3 Jun 2020 10:37:49 -0500
Subject: [PATCH] Ingress: add apparmor profile to ingress init containers

concat is not available in helm 14.1, using work around
to emulate this functionality.

Change-Id: Iccbc5de567be1c899b7f5d47cf43b6e962c27e91
---
 ingress/templates/deployment-ingress.yaml | 5 +++--
 ingress/values_overrides/apparmor.yaml    | 2 ++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/ingress/templates/deployment-ingress.yaml b/ingress/templates/deployment-ingress.yaml
index 0df5c0f8d..6fa223eb2 100644
--- a/ingress/templates/deployment-ingress.yaml
+++ b/ingress/templates/deployment-ingress.yaml
@@ -178,10 +178,11 @@ spec:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-conf.yaml" . | include "helm-toolkit.utils.hash" }}
-{{- $containers := (list "init" "ingress") }}
+{{- $containers := "init ingress" }}
 {{- if and .Values.network.host_namespace .Values.network.vip.manage }}
-{{- $containers = append $containers "ingress-vip" }}
+{{- $containers = printf "%s ingress-vip-kernel-modules ingress-vip-init ingress-vip" $containers }}
 {{- end }}
+{{- $containers = splitList " " $containers }}
 {{ dict "envAll" $envAll "podName" "ingress-server" "containerNames" $containers | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
 {{ dict "envAll" $envAll "application" "server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
diff --git a/ingress/values_overrides/apparmor.yaml b/ingress/values_overrides/apparmor.yaml
index 11ae3c11b..c89fb3c93 100644
--- a/ingress/values_overrides/apparmor.yaml
+++ b/ingress/values_overrides/apparmor.yaml
@@ -7,6 +7,8 @@ pod:
       ingress-error-pages: runtime/default
     ingress-server:
       init: runtime/default
+      ingress-vip-kernel-modules: runtime/default
+      ingress-vip-init: runtime/default
       ingress: runtime/default
       ingress-vip: runtime/default
 ...