[ceph-osd] Update log-runner container for MAC
The log-runner previously was not included in the mandatory access control (MAC) annotation for the OSD pods, which means it could not have any AppArmor profile applied to it. This patchset adds that capability for that container. Change-Id: I11036789de45c0f8f66b51e15f2cc253e6cb230c
This commit is contained in:
parent
14b8597558
commit
cc793f2144
@ -15,6 +15,6 @@ apiVersion: v1
|
|||||||
appVersion: v1.0.0
|
appVersion: v1.0.0
|
||||||
description: OpenStack-Helm Ceph OSD
|
description: OpenStack-Helm Ceph OSD
|
||||||
name: ceph-osd
|
name: ceph-osd
|
||||||
version: 0.1.32
|
version: 0.1.33
|
||||||
home: https://github.com/ceph/ceph
|
home: https://github.com/ceph/ceph
|
||||||
...
|
...
|
||||||
|
@ -72,7 +72,7 @@ spec:
|
|||||||
{{ tuple $envAll "ceph" "osd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
{{ tuple $envAll "ceph" "osd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
annotations:
|
annotations:
|
||||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
{{ dict "envAll" $envAll "podName" "ceph-osd-default" "containerNames" (list "ceph-osd-default" "ceph-init-dirs" "ceph-log-ownership" "osd-init" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
{{ dict "envAll" $envAll "podName" "ceph-osd-default" "containerNames" (list "ceph-osd-default" "log-runner" "ceph-init-dirs" "ceph-log-ownership" "osd-init" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
||||||
spec:
|
spec:
|
||||||
{{ dict "envAll" $envAll "application" "osd" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
{{ dict "envAll" $envAll "application" "osd" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
||||||
|
@ -4,6 +4,7 @@ pod:
|
|||||||
type: apparmor
|
type: apparmor
|
||||||
ceph-osd-default:
|
ceph-osd-default:
|
||||||
ceph-osd-default: runtime/default
|
ceph-osd-default: runtime/default
|
||||||
|
log-runner: runtime/default
|
||||||
ceph-init-dirs: runtime/default
|
ceph-init-dirs: runtime/default
|
||||||
ceph-log-ownership: runtime/default
|
ceph-log-ownership: runtime/default
|
||||||
osd-init: runtime/default
|
osd-init: runtime/default
|
||||||
|
@ -33,4 +33,5 @@ ceph-osd:
|
|||||||
- 0.1.30 Ceph OSD log-runner container should run as ceph user
|
- 0.1.30 Ceph OSD log-runner container should run as ceph user
|
||||||
- 0.1.31 Helm 3 - Fix Job labels
|
- 0.1.31 Helm 3 - Fix Job labels
|
||||||
- 0.1.32 Update htk requirements
|
- 0.1.32 Update htk requirements
|
||||||
|
- 0.1.33 Update log-runner container for MAC
|
||||||
...
|
...
|
||||||
|
Loading…
Reference in New Issue
Block a user