Merge "Add Apparmor for prometheus os exporter ks-user Job"

2020-07-08 14:18:25 +00:00 · 2020-07-08 14:18:25 +00:00 · 1a70211147
commit 1a70211147
parent b8ec250d01 cc020bdfca
7 changed files with 53 additions and 5 deletions
--- a/prometheus-openstack-exporter/templates/job-ks-user.yaml
+++ b/prometheus-openstack-exporter/templates/job-ks-user.yaml
@ -27,6 +27,8 @@ spec:
    metadata:
      labels:
 {{ tuple $envAll "prometheus-openstack-exporter" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+      annotations:
+{{ dict "envAll" $envAll "podName" "prometheus-openstack-exporter-ks-user" "containerNames" (list "prometheus-openstack-exporter-ks-user" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
    spec:
 {{ dict "envAll" $envAll "application" "ks_user" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
      serviceAccountName: {{ $serviceAccountName }}
--- a/prometheus-openstack-exporter/values.yaml
+++ b/prometheus-openstack-exporter/values.yaml
@ -20,7 +20,7 @@ images:
    prometheus_openstack_exporter: docker.io/openstackhelm/prometheus-openstack-exporter:ubuntu_bionic-20191017
    dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
    image_repo_sync: docker.io/docker:17.07.0
-    ks_user: docker.io/openstackhelm/heat:newton-ubuntu_xenial
+    ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic
  pull_policy: IfNotPresent
  local_registry:
    active: false
--- a/prometheus-openstack-exporter/values_overrides/apparmor.yaml
+++ b/prometheus-openstack-exporter/values_overrides/apparmor.yaml
@ -5,4 +5,17 @@ pod:
    prometheus-openstack-exporter:
      openstack-metrics-exporter: runtime/default
      init: runtime/default
+    prometheus-openstack-exporter-ks-user:
+      prometheus-openstack-exporter-ks-user: runtime/default
+      init: runtime/default
+manifests:
+  job_ks_user: true
+dependencies:
+  static:
+    prometheus_openstack_exporter:
+      jobs:
+        - prometheus-openstack-exporter-ks-user
+      services:
+        - endpoint: internal
+          service: identity
 ...
--- a/tools/deployment/apparmor/030-mariadb.sh
+++ b/tools/deployment/apparmor/030-mariadb.sh
@ -23,6 +23,7 @@ make mariadb
 : ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
 helm upgrade --install mariadb ./mariadb \
    --namespace=osh-infra \
+    --set monitoring.prometheus.enabled=true  \
    ${OSH_INFRA_EXTRA_HELM_ARGS} \
    ${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB}

--- a/tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
+++ b/tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
@ -1 +0,0 @@
-../osh-infra-monitoring/100-openstack-exporter.sh
--- a/tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
+++ b/tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
@ -0,0 +1,33 @@
+#!/bin/bash
+
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+set -xe
+
+#NOTE: Lint and package chart
+make prometheus-openstack-exporter
+
+: ${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_OPENSTACK_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-openstack-exporter)"}
+
+#NOTE: Deploy command
+helm upgrade --install prometheus-openstack-exporter \
+    ./prometheus-openstack-exporter \
+    --namespace=openstack \
+     ${OSH_INFRA_EXTRA_HELM_ARGS} \
+     ${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_OPENSTACK_EXPORTER}
+
+#NOTE: Wait for deploy
+./tools/deployment/common/wait-for-pods.sh openstack
+
+#NOTE: Validate Deployment info
+helm status prometheus-openstack-exporter
--- a/tools/deployment/openstack-support/110-openstack-exporter.sh
+++ b/tools/deployment/openstack-support/110-openstack-exporter.sh
@ -16,14 +16,14 @@ set -xe

 #NOTE: Lint and package chart
 make prometheus-openstack-exporter
+: ${OSH_INFRA_EXTRA_HELM_ARGS_OS_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-openstack-exporter)"}

 #NOTE: Deploy command
 : ${OSH_EXTRA_HELM_ARGS:=""}
 helm upgrade --install prometheus-openstack-exporter \
    ./prometheus-openstack-exporter \
    --namespace=openstack \
-    ${OSH_EXTRA_HELM_ARGS} \
-    ${OSH_EXTRA_HELM_ARGS_OS_EXPORTER}
+    ${OSH_INFRA_EXTRA_HELM_ARGS_OS_EXPORTER}
 #NOTE: Wait for deploy
 ./tools/deployment/common/wait-for-pods.sh openstack

--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@ -288,7 +288,6 @@
        - ./tools/deployment/apparmor/050-prometheus-alertmanager.sh
        - ./tools/deployment/apparmor/055-prometheus.sh
        - ./tools/deployment/apparmor/060-prometheus-node-exporter.sh
-        - ./tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
        - ./tools/deployment/apparmor/075-prometheus-process-exporter.sh
        - ./tools/deployment/apparmor/080-grafana.sh
        - ./tools/deployment/apparmor/085-rabbitmq.sh
@ -356,6 +355,7 @@
        - ./tools/deployment/openstack-support/070-mariadb.sh
        - ./tools/deployment/openstack-support/080-setup-client.sh
        - ./tools/deployment/openstack-support/090-keystone.sh
+        - ./tools/deployment/openstack-support/110-openstack-exporter.sh
        - ./tools/deployment/apparmor/140-ceph-radosgateway.sh

 - job:
				`@ -1 +0,0 @@`
				`../osh-infra-monitoring/100-openstack-exporter.sh`