From cc793f21443b2676e14c7c22377170e2e6926306 Mon Sep 17 00:00:00 2001
From: "Parsons, Cliff (cp769u)" <cp769u@att.com>
Date: Tue, 26 Oct 2021 18:48:07 +0000
Subject: [PATCH] [ceph-osd] Update log-runner container for MAC

The log-runner previously was not included in the mandatory access
control (MAC) annotation for the OSD pods, which means it could not
have any AppArmor profile applied to it. This patchset adds that
capability for that container.

Change-Id: I11036789de45c0f8f66b51e15f2cc253e6cb230c
---
 ceph-osd/Chart.yaml                     | 2 +-
 ceph-osd/templates/daemonset-osd.yaml   | 2 +-
 ceph-osd/values_overrides/apparmor.yaml | 1 +
 releasenotes/notes/ceph-osd.yaml        | 1 +
 4 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/ceph-osd/Chart.yaml b/ceph-osd/Chart.yaml
index 904ec50a4..2a71f42d5 100644
--- a/ceph-osd/Chart.yaml
+++ b/ceph-osd/Chart.yaml
@@ -15,6 +15,6 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Ceph OSD
 name: ceph-osd
-version: 0.1.32
+version: 0.1.33
 home: https://github.com/ceph/ceph
 ...
diff --git a/ceph-osd/templates/daemonset-osd.yaml b/ceph-osd/templates/daemonset-osd.yaml
index 7a349be6e..cdce081b9 100644
--- a/ceph-osd/templates/daemonset-osd.yaml
+++ b/ceph-osd/templates/daemonset-osd.yaml
@@ -72,7 +72,7 @@ spec:
 {{ tuple $envAll "ceph" "osd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
       annotations:
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
-{{ dict "envAll" $envAll "podName" "ceph-osd-default" "containerNames" (list "ceph-osd-default" "ceph-init-dirs" "ceph-log-ownership" "osd-init" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "ceph-osd-default" "containerNames" (list "ceph-osd-default" "log-runner" "ceph-init-dirs" "ceph-log-ownership" "osd-init" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
     spec:
 {{ dict "envAll" $envAll "application" "osd" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
diff --git a/ceph-osd/values_overrides/apparmor.yaml b/ceph-osd/values_overrides/apparmor.yaml
index b9ebcb6c6..36c333a89 100644
--- a/ceph-osd/values_overrides/apparmor.yaml
+++ b/ceph-osd/values_overrides/apparmor.yaml
@@ -4,6 +4,7 @@ pod:
     type: apparmor
     ceph-osd-default:
       ceph-osd-default: runtime/default
+      log-runner: runtime/default
       ceph-init-dirs: runtime/default
       ceph-log-ownership: runtime/default
       osd-init: runtime/default
diff --git a/releasenotes/notes/ceph-osd.yaml b/releasenotes/notes/ceph-osd.yaml
index 9602ebe54..36048dbd6 100644
--- a/releasenotes/notes/ceph-osd.yaml
+++ b/releasenotes/notes/ceph-osd.yaml
@@ -33,4 +33,5 @@ ceph-osd:
   - 0.1.30 Ceph OSD log-runner container should run as ceph user
   - 0.1.31 Helm 3 - Fix Job labels
   - 0.1.32 Update htk requirements
+  - 0.1.33 Update log-runner container for MAC
 ...