[ceph-osd] Update log-runner container for MAC

The log-runner previously was not included in the mandatory access
control (MAC) annotation for the OSD pods, which means it could not
have any AppArmor profile applied to it. This patchset adds that
capability for that container.

Change-Id: I11036789de45c0f8f66b51e15f2cc253e6cb230c
This commit is contained in:
Parsons, Cliff (cp769u) 2021-10-26 18:48:07 +00:00
parent 14b8597558
commit cc793f2144
4 changed files with 4 additions and 2 deletions

View File

@ -15,6 +15,6 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Ceph OSD description: OpenStack-Helm Ceph OSD
name: ceph-osd name: ceph-osd
version: 0.1.32 version: 0.1.33
home: https://github.com/ceph/ceph home: https://github.com/ceph/ceph
... ...

View File

@ -72,7 +72,7 @@ spec:
{{ tuple $envAll "ceph" "osd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} {{ tuple $envAll "ceph" "osd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations: annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "ceph-osd-default" "containerNames" (list "ceph-osd-default" "ceph-init-dirs" "ceph-log-ownership" "osd-init" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} {{ dict "envAll" $envAll "podName" "ceph-osd-default" "containerNames" (list "ceph-osd-default" "log-runner" "ceph-init-dirs" "ceph-log-ownership" "osd-init" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec: spec:
{{ dict "envAll" $envAll "application" "osd" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} {{ dict "envAll" $envAll "application" "osd" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}

View File

@ -4,6 +4,7 @@ pod:
type: apparmor type: apparmor
ceph-osd-default: ceph-osd-default:
ceph-osd-default: runtime/default ceph-osd-default: runtime/default
log-runner: runtime/default
ceph-init-dirs: runtime/default ceph-init-dirs: runtime/default
ceph-log-ownership: runtime/default ceph-log-ownership: runtime/default
osd-init: runtime/default osd-init: runtime/default

View File

@ -33,4 +33,5 @@ ceph-osd:
- 0.1.30 Ceph OSD log-runner container should run as ceph user - 0.1.30 Ceph OSD log-runner container should run as ceph user
- 0.1.31 Helm 3 - Fix Job labels - 0.1.31 Helm 3 - Fix Job labels
- 0.1.32 Update htk requirements - 0.1.32 Update htk requirements
- 0.1.33 Update log-runner container for MAC
... ...