From 897f596185f2a2926df7c68c8b04ef78d1ccbb2f Mon Sep 17 00:00:00 2001 From: "DODDA, PRATEEK" Date: Fri, 26 Jun 2020 11:08:56 -0500 Subject: [PATCH] Enabling Apparmor profile to deckhand init containers Remove OSH Authors copyright The current copyright refers to a non-existent group "openstack helm authors" with often out-of-date references that are confusing when adding a new file to the repo. This change removes all references to this copyright by the non-existent group and any blank lines underneath. Change-Id: Ib0b21b33d8bf91ea6da4c2421cc81355cf2b23b1 --- charts/deckhand/templates/deployment.yaml | 3 +-- charts/deckhand/templates/job-db-init.yaml | 3 +++ charts/deckhand/templates/job-db-sync.yaml | 3 +++ charts/deckhand/templates/tests/test-deckhand-api.yaml | 5 +++-- charts/deckhand/values.yaml | 9 +++++++++ 5 files changed, 19 insertions(+), 4 deletions(-) diff --git a/charts/deckhand/templates/deployment.yaml b/charts/deckhand/templates/deployment.yaml index 6c3c3d8d..517b2456 100644 --- a/charts/deckhand/templates/deployment.yaml +++ b/charts/deckhand/templates/deployment.yaml @@ -1,5 +1,4 @@ {{/* -# Copyright 2017 The Openstack-Helm Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -40,7 +39,7 @@ spec: {{ $labels | indent 8 }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} -{{ dict "envAll" $envAll "podName" "deckhand-api" "containerNames" (list "deckhand-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} +{{ dict "envAll" $envAll "podName" "deckhand-api" "containerNames" (list "init" "deckhand-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} spec: diff --git a/charts/deckhand/templates/job-db-init.yaml b/charts/deckhand/templates/job-db-init.yaml index 5646f073..9eea456a 100644 --- a/charts/deckhand/templates/job-db-init.yaml +++ b/charts/deckhand/templates/job-db-init.yaml @@ -32,6 +32,9 @@ spec: metadata: labels: {{ tuple $envAll "deckhand" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} +{{ dict "envAll" $envAll "podName" "deckhand-db-init" "containerNames" (list "init" "deckhand-db-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure diff --git a/charts/deckhand/templates/job-db-sync.yaml b/charts/deckhand/templates/job-db-sync.yaml index e8f164ac..d1a39352 100644 --- a/charts/deckhand/templates/job-db-sync.yaml +++ b/charts/deckhand/templates/job-db-sync.yaml @@ -32,6 +32,9 @@ spec: metadata: labels: {{ tuple $envAll "deckhand" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} +{{ dict "envAll" $envAll "podName" "deckhand-db-sync" "containerNames" (list "init" "deckhand-db-sync") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure diff --git a/charts/deckhand/templates/tests/test-deckhand-api.yaml b/charts/deckhand/templates/tests/test-deckhand-api.yaml index d959e37e..95dab0e7 100644 --- a/charts/deckhand/templates/tests/test-deckhand-api.yaml +++ b/charts/deckhand/templates/tests/test-deckhand-api.yaml @@ -22,10 +22,11 @@ Test the Deckhand API, to ensure that the health endpoint is active and able to apiVersion: v1 kind: Pod metadata: - name: "{{ .Release.Name }}-deckhand-api-test" + name: deckhand-api-test annotations: "helm.sh/hook": "test-success" {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ dict "envAll" $envAll "podName" "deckhand-api-test" "containerNames" (list "deckhand-api-test") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }} labels: {{ tuple $envAll "deckhand" "api-test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} spec: @@ -33,7 +34,7 @@ spec: nodeSelector: {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} containers: - - name: "{{ .Release.Name }}-deckhand-api-test" + - name: deckhand-api-test env: - name: 'DECKHAND_URL' value: {{ tuple "deckhand" "internal" "api" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | quote }} diff --git a/charts/deckhand/values.yaml b/charts/deckhand/values.yaml index 36218469..7850e289 100644 --- a/charts/deckhand/values.yaml +++ b/charts/deckhand/values.yaml @@ -328,7 +328,16 @@ pod: mandatory_access_control: type: apparmor deckhand-api: + init: runtime/default deckhand-api: runtime/default + deckhand-db-init: + init: runtime/default + deckhand-db-init: runtime/default + deckhand-db-sync: + init: runtime/default + deckhand-db-sync: runtime/default + deckhand-api-test: + deckhand-api-test: runtime/default security_context: deckhand: pod: