airship
/
drydock
Code Issues Proposed changes
Browse Source

Add Docker default AppArmor profile to drydock 

Change-Id: I50be2f08e69123afbef136683134abffc4e44197
changes/19/705119/18
Prateek Dodda 1 year ago
parent
2a02bc9b3f
commit
67716a7841
4 changed files with 16 additions and 5 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -5
      .zuul.yaml
  2. +1
    -0
      charts/drydock/templates/deployment.yaml
  3. +4
    -0
      charts/drydock/values.yaml
  4. +7
    -0
      tools/gate/playbooks/omni_test.yaml

+ 4
- 5
.zuul.yaml View File

@ -23,14 +23,12 @@
- airship-drydock-chart-build-latest-htk
- airship-drydock-docker-build-gate-ubuntu_xenial
- airship-drydock-docker-build-gate-ubuntu_bionic
gate:
jobs:
- airship-drydock-omni-test
- airship-drydock-chart-build-gate
- airship-drydock-docker-build-gate-ubuntu_xenial
- airship-drydock-docker-build-gate-ubuntu_bionic
post:
jobs:
- airship-drydock-docker-publish-ubuntu_xenial
@ -41,7 +39,7 @@
name: airship-drydock-single-node
nodes:
- name: primary
label: ubuntu-xenial
label: ubuntu-bionic
- job:
name: airship-drydock-omni-test
@ -49,7 +47,9 @@
Run a set of lightweight lints and tests
(pep8, Helm chart lint, Sphinx build, Python unit tests, Bandit scan)
run: tools/gate/playbooks/omni_test.yaml
timeout: 900
required-projects:
- openstack/openstack-helm-infra
timeout: 3600
nodeset: airship-drydock-single-node
- job:
@ -141,7 +141,6 @@
commit: true
static:
- latest
- secret:
name: airship_drydock_quay_creds
data:


+ 1
- 0
charts/drydock/templates/deployment.yaml View File

@ -37,6 +37,7 @@ spec:
{{ $labels | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
{{ dict "envAll" $envAll "podName" "drydock-api" "containerNames" (list "drydock-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:


+ 4
- 0
charts/drydock/values.yaml View File

@ -58,6 +58,10 @@ network:
nginx.ingress.kubernetes.io/rewrite-target: /
pod:
mandatory_access_control:
type: apparmor
drydock-api:
drydock-api: runtime/default
security_context:
drydock:
pod:


+ 7
- 0
tools/gate/playbooks/omni_test.yaml View File

@ -47,3 +47,10 @@
target: run_drydock
register: result
become: true
- name: Setup Apparmor
shell: |
set -xe;
./tools/deployment/apparmor/001-setup-apparmor-profiles.sh
args:
chdir: "{{ zuul.projects['opendev.org/openstack/openstack-helm-infra'].src_dir }}"
executable: /bin/bash

Write Preview
Loading…
Cancel
Save