Add Docker default AppArmor profile to armada
Change-Id: Iee43dfd56ecf5e4d18f93872b58359851c73d55f
This commit is contained in:
parent
6d6bdf76bd
commit
825e123fb9
|
@ -105,6 +105,7 @@ spec:
|
||||||
{{ $labels | indent 8 }}
|
{{ $labels | indent 8 }}
|
||||||
annotations:
|
annotations:
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
||||||
|
{{ dict "envAll" $envAll "podName" "armada-api" "containerNames" (list "armada-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
||||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
{{ tuple $prometheus_annotations | include "helm-toolkit.snippets.prometheus_pod_annotations" | indent 8 }}
|
{{ tuple $prometheus_annotations | include "helm-toolkit.snippets.prometheus_pod_annotations" | indent 8 }}
|
||||||
|
|
|
@ -226,6 +226,10 @@ monitoring:
|
||||||
port: 8000
|
port: 8000
|
||||||
|
|
||||||
pod:
|
pod:
|
||||||
|
mandatory_access_control:
|
||||||
|
type: apparmor
|
||||||
|
armada-api:
|
||||||
|
armada-api: runtime/default
|
||||||
probes:
|
probes:
|
||||||
armada:
|
armada:
|
||||||
api:
|
api:
|
||||||
|
|
|
@ -31,6 +31,12 @@
|
||||||
args:
|
args:
|
||||||
chdir: "{{ zuul.projects['opendev.org/airship/treasuremap'].src_dir }}"
|
chdir: "{{ zuul.projects['opendev.org/airship/treasuremap'].src_dir }}"
|
||||||
|
|
||||||
|
- name: Setup Apparmor
|
||||||
|
shell: |
|
||||||
|
./tools/deployment/airskiff/developer/015-setup-apparmor.sh
|
||||||
|
args:
|
||||||
|
chdir: "{{ zuul.projects['opendev.org/airship/treasuremap'].src_dir }}"
|
||||||
|
|
||||||
- name: Deploy Kubernetes with Minikube
|
- name: Deploy Kubernetes with Minikube
|
||||||
shell: |
|
shell: |
|
||||||
./tools/deployment/airskiff/developer/010-deploy-k8s.sh
|
./tools/deployment/airskiff/developer/010-deploy-k8s.sh
|
||||||
|
|
Loading…
Reference in New Issue