From 5f59695ad4f8b6e69185e93b93321ddca25cde5f Mon Sep 17 00:00:00 2001 From: diwakar thyagaraj Date: Tue, 7 Jul 2020 20:38:58 +0000 Subject: [PATCH] Enable apparmor to Ceph post-apply pods Logs : https://storage.gra.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_d16/739849/5/experimental/openstack-helm-infra-apparmor/d167181/primary/objects/namespaced/ceph/pods/ceph-osd-post-apply-zr55t.yaml Change-Id: Ic5d4fe83ad16a7fc551162275ee3aa34c543ec18 Signed-off-by: diwakar thyagaraj --- ceph-osd/templates/job-post-apply.yaml | 3 +++ ceph-osd/values_overrides/apparmor.yaml | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/ceph-osd/templates/job-post-apply.yaml b/ceph-osd/templates/job-post-apply.yaml index 48f7e486f..4134dee05 100644 --- a/ceph-osd/templates/job-post-apply.yaml +++ b/ceph-osd/templates/job-post-apply.yaml @@ -75,6 +75,9 @@ spec: metadata: labels: {{ tuple $envAll "ceph-upgrade" "post-apply" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} +{{ dict "envAll" $envAll "podName" "ceph-osd-post-apply" "containerNames" (list "ceph-osd-post-apply" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} spec: {{ dict "envAll" $envAll "application" "post_apply" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} serviceAccountName: {{ $serviceAccountName }} diff --git a/ceph-osd/values_overrides/apparmor.yaml b/ceph-osd/values_overrides/apparmor.yaml index c0559ef51..b9ebcb6c6 100644 --- a/ceph-osd/values_overrides/apparmor.yaml +++ b/ceph-osd/values_overrides/apparmor.yaml @@ -11,4 +11,11 @@ pod: ceph-osd-test: init: runtime/default ceph-cluster-helm-test: runtime/default + ceph-osd-post-apply: + ceph-osd-post-apply: runtime/default + init: runtime/default + lifecycle: + upgrades: + daemonsets: + pod_replacement_strategy: OnDelete ...