fix(snitch): use DirectoryOrCreate for apparmor mount in Snitch

AppArmor mount is optional in snitch, we should move to creating the directory to aviod deployment failures Signed-off-by: daemon1024 <[email protected]>
kubearmor · Jun 24, 2024 · 7e9f139 · 7e9f139
1 parent 9ce5979
commit 7e9f139
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/pkg/KubeArmorOperator/common/defaults.go b/pkg/KubeArmorOperator/common/defaults.go
@@ -159,6 +159,7 @@ var ContainerRuntimeSocketMap = map[string][]string{
 }
 
 var HostPathDirectory = corev1.HostPathDirectory
+var HostPathDirectoryOrCreate = corev1.HostPathDirectoryOrCreate
 var HostPathSocket = corev1.HostPathSocket
 var HostPathFile = corev1.HostPathFile
 

diff --git a/pkg/KubeArmorOperator/internal/controller/resources.go b/pkg/KubeArmorOperator/internal/controller/resources.go
@@ -207,7 +207,6 @@ func genSnitchServiceAccount() *corev1.ServiceAccount {
 
 func deploySnitch(nodename string, runtime string) *batchv1.Job {
 	job := batchv1.Job{}
-	var HostPathDirectoryOrCreate = corev1.HostPathDirectoryOrCreate
 	job = *addOwnership(&job).(*batchv1.Job)
 	ttls := int32(100)
 	job.GenerateName = "kubearmor-snitch-"
@@ -307,7 +306,7 @@ func deploySnitch(nodename string, runtime string) *batchv1.Job {
 						VolumeSource: corev1.VolumeSource{
 							HostPath: &corev1.HostPathVolumeSource{
 								Path: "/etc/apparmor.d/",
-								Type: &common.HostPathDirectory,
+								Type: &common.HostPathDirectoryOrCreate,
 							},
 						},
 					},
@@ -334,7 +333,7 @@ func deploySnitch(nodename string, runtime string) *batchv1.Job {
 						VolumeSource: corev1.VolumeSource{
 							HostPath: &corev1.HostPathVolumeSource{
 								Path: "/var/lib/kubelet/seccomp",
-								Type: &HostPathDirectoryOrCreate,
+								Type: &common.HostPathDirectoryOrCreate,
 							},
 						},
 					},