Promenade: Add Docker default AppArmor profile to controller_manager anchor
Also added AppArmor to promenade genesis gates in order to test apparmor changes to promenade charts Change-Id: Ib393306dabf40ef9817072aaa9824c22e60626dc
This commit is contained in:
parent
6db4c70e9e
commit
41c5bb8e23
|
@ -59,6 +59,8 @@
|
||||||
Deploy airship promenade genesis
|
Deploy airship promenade genesis
|
||||||
run: tools/zuul/playbooks/deploy-promenade.yaml
|
run: tools/zuul/playbooks/deploy-promenade.yaml
|
||||||
post-run: tools/zuul/playbooks/debug-report.yaml
|
post-run: tools/zuul/playbooks/debug-report.yaml
|
||||||
|
required-projects:
|
||||||
|
- openstack/openstack-helm-infra
|
||||||
timeout: 3600
|
timeout: 3600
|
||||||
nodeset: airship-promenade-single-node-bionic
|
nodeset: airship-promenade-single-node-bionic
|
||||||
|
|
||||||
|
@ -67,6 +69,8 @@
|
||||||
description: |
|
description: |
|
||||||
Deploy airship promenade genesis with containerd
|
Deploy airship promenade genesis with containerd
|
||||||
run: tools/zuul/playbooks/deploy-promenade-containerd.yaml
|
run: tools/zuul/playbooks/deploy-promenade-containerd.yaml
|
||||||
|
required-projects:
|
||||||
|
- openstack/openstack-helm-infra
|
||||||
timeout: 3600
|
timeout: 3600
|
||||||
nodeset: airship-promenade-single-node-bionic
|
nodeset: airship-promenade-single-node-bionic
|
||||||
|
|
||||||
|
|
|
@ -42,6 +42,7 @@ spec:
|
||||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
|
{{ dict "envAll" $envAll "podName" "kubernetes-controller-manager-anchor" "containerNames" (list "anchor") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
||||||
spec:
|
spec:
|
||||||
{{ dict "envAll" $envAll "application" "kubernetes" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
{{ dict "envAll" $envAll "application" "kubernetes" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
|
|
|
@ -85,6 +85,10 @@ dependencies:
|
||||||
controller_manager:
|
controller_manager:
|
||||||
|
|
||||||
pod:
|
pod:
|
||||||
|
mandatory_access_control:
|
||||||
|
type: apparmor
|
||||||
|
kubernetes-controller-manager-anchor:
|
||||||
|
anchor: runtime/default
|
||||||
security_context:
|
security_context:
|
||||||
kubernetes:
|
kubernetes:
|
||||||
pod:
|
pod:
|
||||||
|
|
|
@ -22,6 +22,14 @@
|
||||||
- name: Install docker
|
- name: Install docker
|
||||||
command: apt-get install docker.io resolvconf -y
|
command: apt-get install docker.io resolvconf -y
|
||||||
|
|
||||||
|
- name: Setup Apparmor
|
||||||
|
shell: |
|
||||||
|
set -xe;
|
||||||
|
./tools/deployment/apparmor/001-setup-apparmor-profiles.sh
|
||||||
|
args:
|
||||||
|
chdir: "{{ zuul.projects['opendev.org/openstack/openstack-helm-infra'].src_dir }}"
|
||||||
|
executable: /bin/bash
|
||||||
|
|
||||||
- name: Generate configuration files
|
- name: Generate configuration files
|
||||||
shell: |
|
shell: |
|
||||||
set -xe;
|
set -xe;
|
||||||
|
|
|
@ -22,6 +22,14 @@
|
||||||
- name: Install docker
|
- name: Install docker
|
||||||
command: apt-get install docker.io resolvconf -y
|
command: apt-get install docker.io resolvconf -y
|
||||||
|
|
||||||
|
- name: Setup Apparmor
|
||||||
|
shell: |
|
||||||
|
set -xe;
|
||||||
|
./tools/deployment/apparmor/001-setup-apparmor-profiles.sh
|
||||||
|
args:
|
||||||
|
chdir: "{{ zuul.projects['opendev.org/openstack/openstack-helm-infra'].src_dir }}"
|
||||||
|
executable: /bin/bash
|
||||||
|
|
||||||
- name: Generate configuration files
|
- name: Generate configuration files
|
||||||
shell: |
|
shell: |
|
||||||
set -xe;
|
set -xe;
|
||||||
|
|
Loading…
Reference in New Issue