Enable Application Armor to all ceph key-generator pods.
1) Changed the pod name and container name to pick name dynamically for osd,mon,mgr and mds. 2) Added Init container for ceph-provisioners. Change-Id: I3e27d51c055010cff982ddb0951d01ea8adac234 Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
This commit is contained in:
parent
6df4dfe727
commit
5d50433362
@ -59,6 +59,8 @@ spec:
|
|||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
{{ tuple $envAll "ceph" $jobName | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
{{ tuple $envAll "ceph" $jobName | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
|
annotations:
|
||||||
|
{{ dict "envAll" $envAll "podName" $jobName "containerNames" (list $jobName "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
||||||
spec:
|
spec:
|
||||||
{{ dict "envAll" $envAll "application" "ceph" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
{{ dict "envAll" $envAll "application" "ceph" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
||||||
serviceAccountName: {{ $serviceAccountName }}
|
serviceAccountName: {{ $serviceAccountName }}
|
||||||
|
@ -15,6 +15,18 @@ pod:
|
|||||||
ceph-storage-keys-generator:
|
ceph-storage-keys-generator:
|
||||||
ceph-storage-keys-generator: runtime/default
|
ceph-storage-keys-generator: runtime/default
|
||||||
init: runtime/default
|
init: runtime/default
|
||||||
|
ceph-mon-keyring-generator:
|
||||||
|
ceph-mon-keyring-generator: runtime/default
|
||||||
|
init: runtime/default
|
||||||
|
ceph-mgr-keyring-generator:
|
||||||
|
init: runtime/default
|
||||||
|
ceph-mgr-keyring-generator: runtime/default
|
||||||
|
ceph-mds-keyring-generator:
|
||||||
|
init: runtime/default
|
||||||
|
ceph-mds-keyring-generator: runtime/default
|
||||||
|
ceph-osd-keyring-generator:
|
||||||
|
ceph-osd-keyring-generator: runtime/default
|
||||||
|
init: runtime/default
|
||||||
bootstrap:
|
bootstrap:
|
||||||
enabled: true
|
enabled: true
|
||||||
manifests:
|
manifests:
|
||||||
|
@ -88,7 +88,7 @@ spec:
|
|||||||
labels:
|
labels:
|
||||||
{{ tuple $envAll "ceph" "cephfs-client-key-generator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
{{ tuple $envAll "ceph" "cephfs-client-key-generator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
annotations:
|
annotations:
|
||||||
{{ dict "envAll" $envAll "podName" "ceph-cephfs-client-key-generator" "containerNames" (list "ceph-storage-keys-generator") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
{{ dict "envAll" $envAll "podName" "ceph-cephfs-client-key-generator" "containerNames" (list "ceph-storage-keys-generator" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
||||||
spec:
|
spec:
|
||||||
{{ dict "envAll" $envAll "application" "cephfs_client_key_generator" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
{{ dict "envAll" $envAll "application" "cephfs_client_key_generator" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
||||||
serviceAccountName: {{ $serviceAccountName }}
|
serviceAccountName: {{ $serviceAccountName }}
|
||||||
|
@ -7,6 +7,7 @@ pod:
|
|||||||
init: runtime/default
|
init: runtime/default
|
||||||
ceph-cephfs-client-key-generator:
|
ceph-cephfs-client-key-generator:
|
||||||
ceph-storage-keys-generator: runtime/default
|
ceph-storage-keys-generator: runtime/default
|
||||||
|
init: runtime/default
|
||||||
ceph-rbd-provisioner:
|
ceph-rbd-provisioner:
|
||||||
ceph-rbd-provisioner: runtime/default
|
ceph-rbd-provisioner: runtime/default
|
||||||
init: runtime/default
|
init: runtime/default
|
||||||
|
Loading…
Reference in New Issue
Block a user