From 1f5c57d1de732ed3a31469c4a526a34f7d381eff Mon Sep 17 00:00:00 2001
From: Alexander Vlasov <avlasov@mirantis.com>
Date: Tue, 14 May 2019 18:33:21 -0500
Subject: [PATCH] Apply docker-default AppArmorProfile for etcd pod

Change-Id: Ia086ca3d28f1a1e4ac013d0f29018faf027b914e
---
 charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl | 1 +
 charts/etcd/values.yaml                             | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl b/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl
index 29e21e97..263df1bd 100644
--- a/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl
+++ b/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl
@@ -30,6 +30,7 @@ metadata:
 {{ tuple $envAll $applicationName "etcd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   annotations:
     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+{{- dict "envAll" $envAll "podName" .Values.service.name "containerNames" (list "etcd") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
 spec:
   hostNetwork: true
   containers:
diff --git a/charts/etcd/values.yaml b/charts/etcd/values.yaml
index e55bdf1b..e6654421 100644
--- a/charts/etcd/values.yaml
+++ b/charts/etcd/values.yaml
@@ -58,6 +58,7 @@ network:
     enable_node_port: false
 
 service:
+  # requires override for a specific use case e.g. calico-etcd or kubernetes-etcd
   name: example-etcd
   ip: null
 
@@ -142,6 +143,11 @@ pod:
         requests:
           memory: "128Mi"
           cpu: "100m"
+  mandatory_access_control:
+    type: apparmor
+    # requires override for a specific use case e.g. calico-etcd or kubernetes-etcd
+    example-etcd:
+      etcd: localhost/docker-default
 
 jobs:
   etcd_backup: