openstack/openstack-helm-infra
Code Issues Proposed changes

This commit adds docker-default apparmor profile for prometheus-node-exporter.

Browse Source 
Change-Id: Ie8660e206280184eb5f4c03b7dd54047436c16ba
This commit is contained in:
Randeep Jalli 2019-04-05 13:13:08 -04:00 committed by Chris Wedgwood
parent 5e1ecd9840
commit ccfd614141
3 changed files with 40 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
prometheus-node-exporter/values.yaml
View File

@ -37,10 +37,6 @@ labels:
node_selector_value: enabled
pod:
mandatory_access_control:
type: apparmor
node-exporter:
node-exporter: localhost/docker-default
affinity:
anti:
type:

38
tools/deployment/apparmor/060-prometheus-node-exporter.sh Executable file
View File

@ -0,0 +1,38 @@
#!/bin/bash
# Copyright 2019 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make prometheus-node-exporter
#NOTE: Deploy command
tee /tmp/prometheus-node-exporter.yaml << EOF
pod:
mandatory_access_control:
type: apparmor
node-exporter:
node-exporter: localhost/docker-default
EOF
helm upgrade --install prometheus-node-exporter ./prometheus-node-exporter \
--namespace=kube-system \
--values=/tmp/prometheus-node-exporter.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
#NOTE: Validate Deployment info
helm status prometheus-node-exporter

2
zuul.d/jobs.yaml
View File

@ -209,9 +209,11 @@
- ./tools/deployment/apparmor/001-setup-apparmor-profiles.sh
- ./tools/deployment/apparmor/005-deploy-k8s.sh
- ./tools/deployment/apparmor/040-memcached.sh
- ./tools/deployment/apparmor/060-prometheus-node-exporter.sh
- ./tools/deployment/apparmor/080-prometheus-process-exporter.sh
- ./tools/deployment/apparmor/020-ceph.sh
- job:
name: openstack-helm-infra-openstack-support
parent: openstack-helm-infra-functional