diff --git a/charts/drydock/templates/deployment.yaml b/charts/drydock/templates/deployment.yaml index 8ea6f206..6857294f 100644 --- a/charts/drydock/templates/deployment.yaml +++ b/charts/drydock/templates/deployment.yaml @@ -37,7 +37,7 @@ spec: {{ $labels | indent 8 }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} -{{ dict "envAll" $envAll "podName" "drydock-api" "containerNames" (list "drydock-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} +{{ dict "envAll" $envAll "podName" "drydock-api" "containerNames" (list "init" "drydock-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} spec: diff --git a/charts/drydock/templates/job-drydock-db-init.yaml b/charts/drydock/templates/job-drydock-db-init.yaml index 6d97609f..a3306737 100644 --- a/charts/drydock/templates/job-drydock-db-init.yaml +++ b/charts/drydock/templates/job-drydock-db-init.yaml @@ -29,6 +29,11 @@ spec: template: metadata: labels: + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} +{{ dict "envAll" $envAll "podName" "drydock-db-init" "containerNames" (list "init" "drydock-db-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} {{ tuple $envAll "drydock" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} spec: serviceAccountName: {{ $serviceAccountName }} diff --git a/charts/drydock/templates/job-drydock-db-sync.yaml b/charts/drydock/templates/job-drydock-db-sync.yaml index 5c4aeb59..1a162561 100644 --- a/charts/drydock/templates/job-drydock-db-sync.yaml +++ b/charts/drydock/templates/job-drydock-db-sync.yaml @@ -29,6 +29,11 @@ spec: template: metadata: labels: + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} +{{ dict "envAll" $envAll "podName" "drydock-db-sync" "containerNames" (list "init" "drydock-db-sync") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} {{ tuple $envAll "drydock" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} spec: serviceAccountName: {{ $serviceAccountName }} diff --git a/charts/drydock/templates/tests/test-drydock-api.yaml b/charts/drydock/templates/tests/test-drydock-api.yaml index 4bdc37a3..174f1c78 100644 --- a/charts/drydock/templates/tests/test-drydock-api.yaml +++ b/charts/drydock/templates/tests/test-drydock-api.yaml @@ -21,10 +21,11 @@ Test that the API is up and the health endpoint returns a 2XX code */}} apiVersion: v1 kind: Pod metadata: - name: "{{ .Release.Name }}-api-test" + name: drydock-api-test annotations: "helm.sh/hook": "test-success" {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ dict "envAll" $envAll "podName" "drydock-api-test" "containerNames" (list "drydock-api-test") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }} labels: {{ tuple $envAll "drydock" "api-test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} spec: @@ -32,7 +33,7 @@ spec: nodeSelector: {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} containers: - - name: "{{ .Release.Name }}-api-test" + - name: drydock-api-test env: - name: 'DRYDOCK_URL' value: {{ tuple "physicalprovisioner" "internal" "api" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | quote }} diff --git a/charts/drydock/templates/tests/test-drydock-auth.yaml b/charts/drydock/templates/tests/test-drydock-auth.yaml index 06253a85..0894dcfb 100644 --- a/charts/drydock/templates/tests/test-drydock-auth.yaml +++ b/charts/drydock/templates/tests/test-drydock-auth.yaml @@ -22,10 +22,11 @@ requests */}} apiVersion: v1 kind: Pod metadata: - name: "{{ .Release.Name }}-auth-test" + name: drydock-auth-test annotations: helm.sh/hook: "test-success" {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ dict "envAll" $envAll "podName" "drydock-auth-test" "containerNames" (list "drydock-auth-test") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }} labels: {{ tuple $envAll "drydock" "auth-test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} spec: @@ -33,7 +34,7 @@ spec: nodeSelector: {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} containers: - - name: "{{ .Release.Name }}-auth-test" + - name: drydock-auth-test env: - name: 'DRYDOCK_URL' value: {{ tuple "physicalprovisioner" "internal" "api" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | quote }} diff --git a/charts/drydock/values.yaml b/charts/drydock/values.yaml index d0abad35..54d5f43f 100644 --- a/charts/drydock/values.yaml +++ b/charts/drydock/values.yaml @@ -61,7 +61,18 @@ pod: mandatory_access_control: type: apparmor drydock-api: + init: runtime/default drydock-api: runtime/default + drydock-db-init: + init: runtime/default + drydock-db-init: runtime/default + drydock-db-sync: + init: runtime/default + drydock-db-sync: runtime/default + drydock-api-test: + drydock-api-test: runtime/default + drydock-auth-test: + drydock-auth-test: runtime/default security_context: drydock: pod: