openstack/openstack-helm-infra
Code Issues Proposed changes

Adding default apparmor profile to mariadb complete pods

Browse Source 
Change-Id: I9a62b36c8cda0a6eaf8ac6b40f138b2706c63d15
This commit is contained in:
KHIYANI, RAHUL (rk0850) 2020-02-19 10:31:37 -06:00 committed by Rahul Khiyani
parent 304dc14ff8
commit d50371be9b
5 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mariadb/templates/cron-job-backup-mariadb.yaml
View File

@ -35,6 +35,8 @@ spec:
metadata: metadata:
labels: labels:
{{ tuple $envAll "mariadb-backup" "backup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} {{ tuple $envAll "mariadb-backup" "backup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ dict "envAll" $envAll "podName" "mariadb-backup" "containerNames" (list "mariadb-backup") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec: spec:
template: template:
metadata: metadata:

3
mariadb/templates/monitoring/prometheus/exporter-job-create-user.yaml
View File

@ -30,6 +30,9 @@ spec:
metadata: metadata:
labels: labels:
{{ tuple $envAll "prometheus-mysql-exporter" "create-sql-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} {{ tuple $envAll "prometheus-mysql-exporter" "create-sql-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
{{ dict "envAll" $envAll "podName" "prometheus-mysql-exporter" "containerNames" (list "exporter-create-sql-user") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec: spec:
shareProcessNamespace: true shareProcessNamespace: true
serviceAccountName: {{ $serviceAccountName }} serviceAccountName: {{ $serviceAccountName }}

1
mariadb/templates/pod-test.yaml
View File

@ -30,6 +30,7 @@ metadata:
annotations: annotations:
"helm.sh/hook": test-success "helm.sh/hook": test-success
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
{{ dict "envAll" $envAll "podName" "mariadb-test" "containerNames" (list "mariadb-mariadb-test") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec: spec:
shareProcessNamespace: true shareProcessNamespace: true
serviceAccountName: {{ $serviceAccountName }} serviceAccountName: {{ $serviceAccountName }}

5
mariadb/values_overrides/apparmor.yaml
View File

@ -7,8 +7,13 @@ pod:
ingress: runtime/default ingress: runtime/default
mariadb-server: mariadb-server:
mariadb: runtime/default mariadb: runtime/default
mariadb-backup:
mariadb-backup: runtime/default
mariadb-test:
mariadb-mariadb-test: runtime/default
prometheus-mysql-exporter: prometheus-mysql-exporter:
mysql-exporter: runtime/default mysql-exporter: runtime/default
exporter-create-sql-user: runtime/default
monitoring: monitoring:
prometheus: prometheus:

3
tools/deployment/apparmor/030-mariadb.sh
View File

@ -33,3 +33,6 @@ helm upgrade --install mariadb ./mariadb \
#NOTE: Validate Deployment info #NOTE: Validate Deployment info
helm status mariadb helm status mariadb
#NOTE: Validate the deployment
helm test mariadb