openstack/openstack-helm-infra
Code Issues Proposed changes

Add docker-default apparmor profile for prometheus process exporter.

Browse Source 
Change-Id: Iaa1eb80074c280ff00cc599105b598130132cc26
This commit is contained in:
Randeep Jalli 2019-04-05 13:36:07 -04:00
parent c98f7a7f05
commit 26faa8a66d
3 changed files with 39 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
prometheus-process-exporter/values.yaml
View File

@ -37,10 +37,6 @@ labels:
node_selector_value: enabled node_selector_value: enabled
pod: pod:
mandatory_access_control:
type: apparmor
process-exporter:
process-exporter: localhost/docker-default
affinity: affinity:
anti: anti:
type: type:

38
tools/deployment/apparmor/080-prometheus-process-exporter.sh Executable file
View File

@ -0,0 +1,38 @@
#!/bin/bash
# Copyright 2019 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make prometheus-process-exporter
#NOTE: Deploy command
tee /tmp/prometheus-process-exporter.yaml << EOF
pod:
mandatory_access_control:
type: apparmor
process-exporter:
process-exporter: localhost/docker-default
EOF
helm upgrade --install prometheus-process-exporter ./prometheus-process-exporter \
--namespace=kube-system \
--values=/tmp/prometheus-process-exporter.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
#NOTE: Validate Deployment info
helm status prometheus-process-exporter

2
zuul.d/jobs.yaml
View File

@ -209,7 +209,7 @@
- ./tools/deployment/apparmor/001-setup-apparmor-profiles.sh - ./tools/deployment/apparmor/001-setup-apparmor-profiles.sh
- ./tools/deployment/apparmor/005-deploy-k8s.sh - ./tools/deployment/apparmor/005-deploy-k8s.sh
- ./tools/deployment/apparmor/040-memcached.sh - ./tools/deployment/apparmor/040-memcached.sh
- ./tools/deployment/apparmor/050-libvirt.sh - ./tools/deployment/apparmor/080-prometheus-process-exporter.sh
- job: - job:
name: openstack-helm-infra-openstack-support name: openstack-helm-infra-openstack-support