Add Docker default AppArmor profile to divingbell
This adds default AppArmor profile to divingbell. Also, update to gate script to install ethtool if it is not present. Change-Id: I7abb13a533b596f4db5fe65fdae5eb7fc57ec00a
This commit is contained in:
KAVVA, JAGAN MOHAN REDDY (jk330k)
Anderson, Craig (ca846m)
parent
fe0a034ec7
commit
37594c8d16
@ -73,6 +73,7 @@
|
|||||||
vars:
|
vars:
|
||||||
zuul_osh_infra_relative_path: ../../openstack/openstack-helm-infra/
|
zuul_osh_infra_relative_path: ../../openstack/openstack-helm-infra/
|
||||||
gate_scripts:
|
gate_scripts:
|
||||||
|
- "{{ zuul_osh_infra_relative_path }}./tools/deployment/apparmor/001-setup-apparmor-profiles.sh"
|
||||||
- "{{ zuul_osh_infra_relative_path }}./tools/deployment/common/005-deploy-k8s.sh"
|
- "{{ zuul_osh_infra_relative_path }}./tools/deployment/common/005-deploy-k8s.sh"
|
||||||
- ./tools/gate/scripts/010-build-charts.sh
|
- ./tools/gate/scripts/010-build-charts.sh
|
||||||
- sudo ./tools/gate/scripts/020-test-divingbell.sh
|
- sudo ./tools/gate/scripts/020-test-divingbell.sh
|
||||||
|
|||||||
@ -37,6 +37,7 @@ spec:
|
|||||||
{{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
{{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
annotations:
|
annotations:
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
||||||
|
{{ dict "envAll" $envAll "podName" "divingbell-apparmor" "containerNames" (list "apparmor") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
hostPID: true
|
hostPID: true
|
||||||
|
|||||||
@ -37,6 +37,7 @@ spec:
|
|||||||
{{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
{{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
annotations:
|
annotations:
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
||||||
|
{{ dict "envAll" $envAll "podName" "divingbell-apt" "containerNames" (list "apt") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
hostPID: true
|
hostPID: true
|
||||||
|
|||||||
@ -37,6 +37,7 @@ spec:
|
|||||||
{{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
{{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
annotations:
|
annotations:
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
||||||
|
{{ dict "envAll" $envAll "podName" "divingbell-ethtool" "containerNames" (list "ethtool") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
hostPID: true
|
hostPID: true
|
||||||
|
|||||||
@ -37,6 +37,7 @@ spec:
|
|||||||
{{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
{{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
annotations:
|
annotations:
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
||||||
|
{{ dict "envAll" $envAll "podName" "divingbell-exec" "containerNames" (list "exec") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
hostPID: true
|
hostPID: true
|
||||||
|
|||||||
@ -37,6 +37,7 @@ spec:
|
|||||||
{{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
{{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
annotations:
|
annotations:
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
||||||
|
{{ dict "envAll" $envAll "podName" "divingbell-limits" "containerNames" (list "limits") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
hostPID: true
|
hostPID: true
|
||||||
|
|||||||
@ -37,6 +37,7 @@ spec:
|
|||||||
{{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
{{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
annotations:
|
annotations:
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
||||||
|
{{ dict "envAll" $envAll "podName" "divingbell-mounts" "containerNames" (list "mounts") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
hostPID: true
|
hostPID: true
|
||||||
|
|||||||
@ -37,6 +37,7 @@ spec:
|
|||||||
{{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
{{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
annotations:
|
annotations:
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
||||||
|
{{ dict "envAll" $envAll "podName" "divingbell-perm" "containerNames" (list "perm") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
hostPID: true
|
hostPID: true
|
||||||
|
|||||||
@ -37,6 +37,7 @@ spec:
|
|||||||
{{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
{{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
annotations:
|
annotations:
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
||||||
|
{{ dict "envAll" $envAll "podName" "divingbell-sysctl" "containerNames" (list "sysctl") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
hostPID: true
|
hostPID: true
|
||||||
|
|||||||
@ -37,6 +37,7 @@ spec:
|
|||||||
{{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
{{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
annotations:
|
annotations:
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
||||||
|
{{ dict "envAll" $envAll "podName" "divingbell-uamlite" "containerNames" (list "uamlite") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
hostPID: true
|
hostPID: true
|
||||||
|
|||||||
@ -96,6 +96,26 @@ conf:
|
|||||||
# item: 'core'
|
# item: 'core'
|
||||||
# value: 0
|
# value: 0
|
||||||
pod:
|
pod:
|
||||||
|
mandatory_access_control:
|
||||||
|
type: apparmor
|
||||||
|
divingbell-apparmor:
|
||||||
|
apparmor: runtime/default
|
||||||
|
divingbell-apt:
|
||||||
|
apt: runtime/default
|
||||||
|
divingbell-ethtool:
|
||||||
|
ethtool: runtime/default
|
||||||
|
divingbell-exec:
|
||||||
|
exec: runtime/default
|
||||||
|
divingbell-limits:
|
||||||
|
limits: runtime/default
|
||||||
|
divingbell-mounts:
|
||||||
|
mounts: runtime/default
|
||||||
|
divingbell-perm:
|
||||||
|
perm: runtime/default
|
||||||
|
divingbell-sysctl:
|
||||||
|
sysctl: runtime/default
|
||||||
|
divingbell-uamlite:
|
||||||
|
uamlite: runtime/default
|
||||||
lifecycle:
|
lifecycle:
|
||||||
upgrades:
|
upgrades:
|
||||||
daemonsets:
|
daemonsets:
|
||||||
|
|||||||
@ -281,6 +281,7 @@ EXEC_DIR=/var/${NAME}/exec
|
|||||||
EXPECTED_NUMBER_OF_DAEMONSETS=17
|
EXPECTED_NUMBER_OF_DAEMONSETS=17
|
||||||
type lshw || apt -y install lshw
|
type lshw || apt -y install lshw
|
||||||
type apparmor_parser || apt -y install apparmor
|
type apparmor_parser || apt -y install apparmor
|
||||||
|
type ethtool || apt -y install ethtool
|
||||||
nic_info="$(lshw -class network)"
|
nic_info="$(lshw -class network)"
|
||||||
physical_nic=''
|
physical_nic=''
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user