Merge "Add Apparmor for prometheus os exporter ks-user Job"

2020-07-08 14:18:25 +00:00 · 2020-07-08 14:18:25 +00:00 · 1a70211147
commit 1a70211147
parent b8ec250d01 cc020bdfca
7 changed files with 53 additions and 5 deletions
--- a/prometheus-openstack-exporter/templates/job-ks-user.yaml
+++ b/prometheus-openstack-exporter/templates/job-ks-user.yaml
@ -27,6 +27,8 @@ spec:
    metadata:
      labels:
 {{ tuple $envAll "prometheus-openstack-exporter" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
      annotations:
 {{ dict "envAll" $envAll "podName" "prometheus-openstack-exporter-ks-user" "containerNames" (list "prometheus-openstack-exporter-ks-user" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
    spec:
 {{ dict "envAll" $envAll "application" "ks_user" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
      serviceAccountName: {{ $serviceAccountName }}
--- a/prometheus-openstack-exporter/values.yaml
+++ b/prometheus-openstack-exporter/values.yaml
@ -20,7 +20,7 @@ images:
    prometheus_openstack_exporter: docker.io/openstackhelm/prometheus-openstack-exporter:ubuntu_bionic-20191017
    dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
    image_repo_sync: docker.io/docker:17.07.0
-    ks_user: docker.io/openstackhelm/heat:newton-ubuntu_xenial
+    ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic
  pull_policy: IfNotPresent
  local_registry:
    active: false
--- a/prometheus-openstack-exporter/values_overrides/apparmor.yaml
+++ b/prometheus-openstack-exporter/values_overrides/apparmor.yaml
@ -5,4 +5,17 @@ pod:
    prometheus-openstack-exporter:
      openstack-metrics-exporter: runtime/default
      init: runtime/default
    prometheus-openstack-exporter-ks-user:
      prometheus-openstack-exporter-ks-user: runtime/default
      init: runtime/default
 manifests:
  job_ks_user: true
 dependencies:
  static:
    prometheus_openstack_exporter:
      jobs:
        - prometheus-openstack-exporter-ks-user
      services:
        - endpoint: internal
          service: identity
 ...
--- a/tools/deployment/apparmor/030-mariadb.sh
+++ b/tools/deployment/apparmor/030-mariadb.sh
@ -23,6 +23,7 @@ make mariadb
 : ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
 helm upgrade --install mariadb ./mariadb \
    --namespace=osh-infra \
    --set monitoring.prometheus.enabled=true  \
    ${OSH_INFRA_EXTRA_HELM_ARGS} \
    ${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB}
--- a/tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
+++ b/tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
@ -1 +0,0 @@
 ../osh-infra-monitoring/100-openstack-exporter.sh
--- a/tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
+++ b/tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
@ -0,0 +1,33 @@
 #!/bin/bash
 #    Licensed under the Apache License, Version 2.0 (the "License"); you may
 #    not use this file except in compliance with the License. You may obtain
 #    a copy of the License at
 #
 #         http://www.apache.org/licenses/LICENSE-2.0
 #
 #    Unless required by applicable law or agreed to in writing, software
 #    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 #    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 #    License for the specific language governing permissions and limitations
 #    under the License.
 set -xe
 #NOTE: Lint and package chart
 make prometheus-openstack-exporter
 : ${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_OPENSTACK_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-openstack-exporter)"}
 #NOTE: Deploy command
 helm upgrade --install prometheus-openstack-exporter \
    ./prometheus-openstack-exporter \
    --namespace=openstack \
     ${OSH_INFRA_EXTRA_HELM_ARGS} \
     ${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_OPENSTACK_EXPORTER}
 #NOTE: Wait for deploy
 ./tools/deployment/common/wait-for-pods.sh openstack
 #NOTE: Validate Deployment info
 helm status prometheus-openstack-exporter
--- a/tools/deployment/openstack-support/110-openstack-exporter.sh
+++ b/tools/deployment/openstack-support/110-openstack-exporter.sh
@ -16,14 +16,14 @@ set -xe
 #NOTE: Lint and package chart
 make prometheus-openstack-exporter
 : ${OSH_INFRA_EXTRA_HELM_ARGS_OS_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-openstack-exporter)"}
 #NOTE: Deploy command
 : ${OSH_EXTRA_HELM_ARGS:=""}
 helm upgrade --install prometheus-openstack-exporter \
    ./prometheus-openstack-exporter \
    --namespace=openstack \
-    ${OSH_EXTRA_HELM_ARGS} \
+    ${OSH_INFRA_EXTRA_HELM_ARGS_OS_EXPORTER}
    ${OSH_EXTRA_HELM_ARGS_OS_EXPORTER}
 #NOTE: Wait for deploy
 ./tools/deployment/common/wait-for-pods.sh openstack
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@ -288,7 +288,6 @@
        - ./tools/deployment/apparmor/050-prometheus-alertmanager.sh
        - ./tools/deployment/apparmor/055-prometheus.sh
        - ./tools/deployment/apparmor/060-prometheus-node-exporter.sh
        - ./tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
        - ./tools/deployment/apparmor/075-prometheus-process-exporter.sh
        - ./tools/deployment/apparmor/080-grafana.sh
        - ./tools/deployment/apparmor/085-rabbitmq.sh
@ -356,6 +355,7 @@
        - ./tools/deployment/openstack-support/070-mariadb.sh
        - ./tools/deployment/openstack-support/080-setup-client.sh
        - ./tools/deployment/openstack-support/090-keystone.sh
        - ./tools/deployment/openstack-support/110-openstack-exporter.sh
        - ./tools/deployment/apparmor/140-ceph-radosgateway.sh
 - job:
		`@ -1 +0,0 @@`
			`../osh-infra-monitoring/100-openstack-exporter.sh`