Enable Apparmor to osh test Pods

Change-Id: I0a67f66cc4ed8a1e3a5c3c458b7c1521f9169160
Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
This commit is contained in:
diwakar thyagaraj 2020-05-14 15:59:48 +00:00
parent 7cdec41ca8
commit 477602f2e7
15 changed files with 51 additions and 16 deletions

View File

@ -31,6 +31,7 @@ metadata:
annotations:
"helm.sh/hook": test-success
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
{{ dict "envAll" $envAll "podName" "barbican-test" "containerNames" (list "init" "barbican-test") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
nodeSelector:
@ -39,7 +40,7 @@ spec:
initContainers:
{{ tuple $envAll "tests" $mounts_barbican_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: {{.Release.Name}}-barbican-test
- name: barbican-test
{{ tuple $envAll "scripted_test" | include "helm-toolkit.snippets.image" | indent 6 }}
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}

View File

@ -5,4 +5,7 @@ pod:
barbican-api:
barbican-api: runtime/default
init: runtime/default
barbican-test:
init: runtime/default
barbican-test: runtime/default
...

View File

@ -30,6 +30,7 @@ metadata:
annotations:
"helm.sh/hook": test-success
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
{{ dict "envAll" $envAll "podName" "cinder-test" "containerNames" (list "init" "cinder-test" "cinder-test-ks-user") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec:
restartPolicy: Never
nodeSelector:
@ -37,7 +38,7 @@ spec:
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
- name: {{ .Release.Name }}-test-ks-user
- name: cinder-test-ks-user
{{ tuple $envAll "ks_user" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
command:
@ -61,7 +62,7 @@ spec:
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.test.role | quote }}
containers:
- name: {{ .Release.Name }}-test
- name: cinder-test
{{ tuple $envAll "test" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
env:

View File

@ -22,4 +22,8 @@ pod:
cinder-backup-storage-init:
cinder-backup-storage-init: runtime/default
init: runtime/default
cinder-test:
init: runtime/default
cinder-test: runtime/default
cinder-test-ks-user: runtime/default
...

View File

@ -29,6 +29,7 @@ metadata:
{{ tuple $envAll "glance" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
annotations:
"helm.sh/hook": test-success
{{ dict "envAll" $envAll "podName" "glance-test" "containerNames" (list "init" "glance-test" "glance-test-ks-user") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec:
nodeSelector:
{{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
@ -36,7 +37,7 @@ spec:
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
- name: {{ .Release.Name }}-test-ks-user
- name: glance-test-ks-user
{{ tuple $envAll "ks_user" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
command:
@ -60,7 +61,7 @@ spec:
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.test.role | quote }}
containers:
- name: {{ .Release.Name }}-test
- name: glance-test
{{ tuple $envAll "test" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
env:

View File

@ -15,6 +15,10 @@ pod:
glance-storage-init:
init: runtime/default
glance-storage-init: runtime/default
glance-test:
init: runtime/default
glance-test: runtime/default
glance-test-ks-user: runtime/default
manifests:
deployment_registry: true
...

View File

@ -30,6 +30,7 @@ metadata:
annotations:
"helm.sh/hook": test-success
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
{{ dict "envAll" $envAll "podName" "horizon-test" "containerNames" (list "init" "horizon-test") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec:
restartPolicy: Never
serviceAccountName: {{ $serviceAccountName }}
@ -38,7 +39,7 @@ spec:
initContainers:
{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
containers:
- name: {{ .Release.Name }}-test
- name: horizon-test
{{ tuple $envAll "test" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
command:

View File

@ -8,4 +8,7 @@ pod:
horizon-db-sync:
horizon-db-sync: runtime/default
init: runtime/default
horizon-test:
init: runtime/default
horizon-test: runtime/default
...

View File

@ -30,6 +30,7 @@ metadata:
annotations:
"helm.sh/hook": test-success
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
{{ dict "envAll" $envAll "podName" "keystone-test" "containerNames" (list "init" "keystone-test" "keystone-test-ks-user") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec:
restartPolicy: Never
nodeSelector:
@ -37,7 +38,7 @@ spec:
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
- name: {{ .Release.Name }}-test-ks-user
- name: keystone-test-ks-user
{{ tuple $envAll "ks_user" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
command:
@ -61,7 +62,7 @@ spec:
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.test.role | quote }}
containers:
- name: {{ .Release.Name }}-test
- name: keystone-test
{{ tuple $envAll "test" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
env:

View File

@ -13,4 +13,8 @@ pod:
keystone-domain-manage:
keystone-domain-manage: runtime/default
keystone-domain-manage-init: runtime/default
keystone-test:
init: runtime/default
keystone-test: runtime/default
keystone-test-ks-user: runtime/default
...

View File

@ -31,6 +31,7 @@ metadata:
{{ tuple $envAll "neutron" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
annotations:
"helm.sh/hook": test-success
{{ dict "envAll" $envAll "podName" "neutron-test" "containerNames" (list "init" "neutron-test" "neutron-test-ks-user") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec:
nodeSelector:
{{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
@ -38,7 +39,7 @@ spec:
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
- name: {{ .Release.Name }}-test-ks-user
- name: neutron-test-ks-user
{{ tuple $envAll "ks_user" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
command:
@ -96,7 +97,7 @@ spec:
mountPath: /tmp/pod-tmp
{{ end }}
containers:
- name: {{ .Release.Name }}-test
- name: neutron-test
{{ tuple $envAll "test" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
env:

View File

@ -31,4 +31,8 @@ pod:
neutron-server:
neutron-server: runtime/default
init: runtime/default
neutron-test:
init: runtime/default
neutron-test: runtime/default
neutron-test-ks-user: runtime/default
...

View File

@ -30,6 +30,7 @@ metadata:
annotations:
"helm.sh/hook": test-success
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
{{ dict "envAll" $envAll "podName" "nova-test" "containerNames" (list "init" "nova-test" "nova-test-ks-user") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec:
nodeSelector:
{{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
@ -37,7 +38,7 @@ spec:
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
- name: {{ .Release.Name }}-test-ks-user
- name: nova-test-ks-user
{{ tuple $envAll "ks_user" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
command:
@ -61,7 +62,7 @@ spec:
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.test.role | quote }}
containers:
- name: {{ .Release.Name }}-test
- name: nova-test
{{ tuple $envAll "test" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
env:

View File

@ -35,4 +35,8 @@ pod:
nova-cell-setup: runtime/default
nova-cell-setup-init: runtime/default
init: runtime/default
nova-test:
init: runtime/default
nova-test: runtime/default
nova-test-ks-user: runtime/default
...

View File

@ -15,9 +15,14 @@
# under the License.
set -xe
export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm-infra"}"}"
#NOTE: Lint and package chart
make ingress
make -C ${HELM_CHART_ROOT_PATH} ingress
#NOTE: Deploy command
: ${OSH_EXTRA_HELM_ARGS:=""}
cd ${HELM_CHART_ROOT_PATH}
export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm-infra"}"}"
@ -25,9 +30,6 @@ export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../open
: ${OSH_INFRA_EXTRA_HELM_ARGS_OPENSTACK:="$(./tools/deployment/common/get-values-overrides.sh ingress)"}
: ${OSH_INFRA_EXTRA_HELM_ARGS_CEPH:="$(./tools/deployment/common/get-values-overrides.sh ingress)"}
#NOTE: Deploy command
: ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
#NOTE: Deploy global ingress
tee /tmp/ingress-kube-system.yaml << EOF
deployment: