Remove apparmor annotations

Remove apparmor annotations. With k8s 1.36+ apparmor is implemented via security_context instead of annotations. Users are expected to add the appropriate values downstream. The htk snippets are in place. Change-Id: I7bc5e965bbbb8d6667702e0879f4a952582f9f89 Signed-off-by: Ritchie, Frank (fr801x) <fr801x@att.com>
2025-08-08 13:09:03 -04:00
parent e736cebc13
commit 3e034be6d5
11 changed files with 0 additions and 81 deletions
--- a/charts/apiserver-webhook/values.yaml
+++ b/charts/apiserver-webhook/values.yaml
@@ -202,11 +202,6 @@ network_policy:
      - {}

 pod:
-  mandatory_access_control:
-    type: apparmor
-    apiserver-webhook:
-      apiserver: runtime/default
-      webhook: runtime/default
  security_context:
    apiserver_webhook:
      pod:
--- a/charts/apiserver/values.yaml
+++ b/charts/apiserver/values.yaml
@@ -271,15 +271,6 @@ endpoints:
      #     key: null

 pod:
-  mandatory_access_control:
-    type: apparmor
-    kubernetes_apiserver_anchor:
-      anchor: runtime/default
-    kube-apiserver:
-      init: runtime/default
-      apiserver-key-rotate: runtime/default
-    apiserver:
-      apiserver: runtime/default
  security_context:
    kubernetes_apiserver_anchor:
      pod:
--- a/charts/calico/values.yaml
+++ b/charts/calico/values.yaml
@@ -132,10 +132,6 @@ pod:
    disruption_budget:
      controllers:
        min_available: 0
-  mandatory_access_control:
-    type: apparmor
-    calico-node:
-      calico-node: runtime/default

 dependencies:
  dynamic:
--- a/charts/controller_manager/values.yaml
+++ b/charts/controller_manager/values.yaml
@@ -77,12 +77,6 @@ dependencies:
  controller_manager:

 pod:
-  mandatory_access_control:
-    type: apparmor
-    kubernetes-controller-manager-anchor:
-      anchor: runtime/default
-    controller-manager:
-      controller-manager: runtime/default
  security_context:
    kubernetes:
      pod:
--- a/charts/coredns/values.yaml
+++ b/charts/coredns/values.yaml
@@ -42,12 +42,6 @@ service:
  ip: 10.96.0.10

 pod:
-  mandatory_access_control:
-    type: apparmor
-    coredns:
-      coredns: runtime/default
-      coredns-health: runtime/default
-      coredns-test: runtime/default
  security_context:
    coredns:
      pod:
--- a/charts/etcd/values.yaml
+++ b/charts/etcd/values.yaml
@@ -284,17 +284,6 @@ pod:
        limits:
          memory: "1024Mi"
          cpu: "2000m"
-  mandatory_access_control:
-    type: apparmor
-    # requires override for a specific use case e.g. calico-etcd or kubernetes-etcd
-    etcd:
-      etcd: runtime/default
-    etcd-anchor:
-      etcdctl: runtime/default
-    etcd-test:
-      etcd-test: runtime/default
-    etcd-backup:
-      etcd-backup: runtime/default
  env:
    etcd:
      # can be used for tuning, e.g. https://etcd.io/docs/v3.4.0/tuning/
--- a/charts/haproxy/values.yaml
+++ b/charts/haproxy/values.yaml
@@ -67,15 +67,6 @@ endpoints:
    port: 6553

 pod:
-  mandatory_access_control:
-    type: apparmor
-    haproxy-anchor:
-      haproxy-perms: runtime/default
-      anchor: runtime/default
-    kubernetes:
-      haproxy-haproxy-test: runtime/default
-    haproxy:
-      haproxy: runtime/default
  security_context:
    haproxy_anchor:
      pod:
--- a/charts/promenade/values.yaml
+++ b/charts/promenade/values.yaml
@@ -191,14 +191,6 @@ pod:
        promenade_api_test:
          readOnlyRootFilesystem: true
          allowPrivilegeEscalation: false
-  mandatory_access_control:
-    type: apparmor
-    promenade-api:
-      promenade-util: runtime/default
-      promenade-api: runtime/default
-    promenade:
-      init: runtime/default
-      promenade-api-test: runtime/default
  affinity:
    anti:
      type:
--- a/charts/scheduler/values.yaml
+++ b/charts/scheduler/values.yaml
@@ -20,11 +20,6 @@ labels:
    node_selector_value: enabled

 pod:
-  mandatory_access_control:
-    type: apparmor
-    scheduler:
-      anchor: runtime/default
-      scheduler: runtime/default
  security_context:
    scheduler:
      pod:
--- a/examples/containerd/armada-resources.yaml
+++ b/examples/containerd/armada-resources.yaml
@@ -363,12 +363,6 @@ data:
  upgrade:
    no_hooks: true
  values:
-    pod:
-      # Disables AppArmor for the calico-node in the gate
-      mandatory_access_control:
-        type: apparmor
-        calico-node:
-          calico-node: null
    conf:
      cni_network_config:
        name: k8s-pod-network
--- a/examples/gate/armada-resources.yaml
+++ b/examples/gate/armada-resources.yaml
@@ -251,12 +251,6 @@ data:
  upgrade:
    no_hooks: true
  values:
-    pod:
-      # Disables AppArmor for calico-etcd
-      mandatory_access_control:
-        type: apparmor
-        example-etcd:
-          etcd: null
    anchor:
      etcdctl_endpoint: 10.96.232.136
    labels:
@@ -369,12 +363,6 @@ data:
  upgrade:
    no_hooks: true
  values:
-    pod:
-      # Disables AppArmor for calico
-      mandatory_access_control:
-        type: apparmor
-        calico-node:
-          calico-node: null
    conf:
      cni_network_config:
        name: k8s-pod-network