Skip to content

Commit 9a33641

Browse files
yairsappiryairsappir
committed
moved app armor to _helpers
1 parent 9ad04b2 commit 9a33641

File tree

3 files changed

+10
-11
lines changed

3 files changed

+10
-11
lines changed

wiz-outpost-lite/templates/_helpers.tpl

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -102,6 +102,13 @@ container-registry -> outpost-lite-runner-container-registry
102102
{{- $values = merge $values $.Values.openshiftOverrides }}
103103
{{- end }}
104104
105+
{{/* Add apparmor pod annotation if given */}}
106+
{{- if ne $values.podAnnotationsApparmor "" }}
107+
{{- $key := printf "container.apparmor.security.beta.kubernetes.io/%s-%s" $.Chart.Name $runner }}
108+
{{- $appArmor := dict $key $values.podAnnotationsApparmor }}
109+
{{- $values = merge $values (dict "podAnnotations" $appArmor) }}
110+
{{- end }}
111+
105112
{{- if hasKey $values "containerSecurityContextOverride"}}
106113
{{- $values = set $values "containerSecurityContext" $values.containerSecurityContextOverride }}
107114
{{- end }}

wiz-outpost-lite/templates/deployment.yaml

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -18,9 +18,6 @@ spec:
1818
{{- with .Values.podAnnotations }}
1919
{{- toYaml . | nindent 8 }}
2020
{{- end }}
21-
{{- if .Values.podAnnotationsApparmor.enabled }}
22-
container.apparmor.security.beta.kubernetes.io/{{ printf "%s-%s" .Chart.Name .runner }}: unconfined
23-
{{- end }}
2421
labels:
2522
{{- include "wiz-outpost-lite.selectorLabels" . | nindent 8 }}
2623
{{- with .Values.labels }}

wiz-outpost-lite/values.yaml

Lines changed: 3 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -33,8 +33,7 @@ fullnameOverride: ""
3333

3434
podAnnotations: {}
3535

36-
podAnnotationsApparmor:
37-
enabled: false
36+
podAnnotationsApparmor: ""
3837

3938
resources:
4039
limits:
@@ -94,8 +93,7 @@ modules:
9493
enabled: false
9594
image:
9695
name: outpost-lite-runner-vcs
97-
podAnnotationsApparmor:
98-
enabled: true
96+
podAnnotationsApparmor: unconfined
9997
containerSecurityContext:
10098
capabilities:
10199
add:
@@ -104,8 +102,7 @@ modules:
104102
type: spc_t
105103
container-registry:
106104
enabled: false
107-
podAnnotationsApparmor:
108-
enabled: true
105+
podAnnotationsApparmor: unconfined
109106
containerSecurityContext:
110107
capabilities:
111108
add:
@@ -114,8 +111,6 @@ modules:
114111
type: spc_t
115112
remediation:
116113
enabled: false
117-
podAnnotationsApparmor:
118-
enabled: false
119114
serviceAccount:
120115
create: true
121116
podSecurityContext:

0 commit comments

Comments
 (0)