From 4c46b2662a61c3a5153671cc24f2b2073c106cc9 Mon Sep 17 00:00:00 2001 From: "dt241s@att.com" Date: Sun, 2 Aug 2020 03:51:26 +0000 Subject: [PATCH] Add Application Armor to Ceph-Provisioners-config test 1) Added to service account name insted of traditional pod name to resolve for dynamic release names. Change-Id: Ibf4c69415e69a7baca2e3b96bcb23851e68d07d8 --- ceph-provisioners/templates/pod-helm-tests.yaml | 2 +- ceph-provisioners/values_overrides/apparmor.yaml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ceph-provisioners/templates/pod-helm-tests.yaml b/ceph-provisioners/templates/pod-helm-tests.yaml index 72e85ffff..8141b282d 100644 --- a/ceph-provisioners/templates/pod-helm-tests.yaml +++ b/ceph-provisioners/templates/pod-helm-tests.yaml @@ -67,7 +67,7 @@ metadata: {{ tuple $envAll "ceph" "provisioner-test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} annotations: "helm.sh/hook": test-success -{{ dict "envAll" $envAll "podName" "ceph-provisioner-test" "containerNames" (list "init" "ceph-provisioner-helm-test") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }} +{{ dict "envAll" $envAll "podName" $serviceAccountName "containerNames" (list "init" "ceph-provisioner-helm-test") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }} spec: {{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }} restartPolicy: Never diff --git a/ceph-provisioners/values_overrides/apparmor.yaml b/ceph-provisioners/values_overrides/apparmor.yaml index e13a067ac..e4e101506 100644 --- a/ceph-provisioners/values_overrides/apparmor.yaml +++ b/ceph-provisioners/values_overrides/apparmor.yaml @@ -14,6 +14,9 @@ pod: ceph-provisioner-test: init: runtime/default ceph-provisioner-helm-test: runtime/default + ceph-osh-infra-config-test: + init: runtime/default + ceph-provisioner-helm-test: runtime/default ceph-provisioners-ceph-ns-key-generator: ceph-storage-keys-generator: runtime/default init: runtime/default