Enable Apparmor to all osh-infra test pods

Also Changed container names to static.

Change-Id: I51f53b480d18aaa38a9707429f01052ee122e7e9
Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
This commit is contained in:
diwakar thyagaraj 2020-05-13 19:52:33 +00:00
parent 0e6314ff14
commit 163c5aa780
14 changed files with 33 additions and 5 deletions

View File

@ -25,6 +25,7 @@ metadata:
{{ tuple $envAll "ceph-client" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{ tuple $envAll "ceph-client" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
annotations: annotations:
"helm.sh/hook": test-success "helm.sh/hook": test-success
{{ dict "envAll" $envAll "podName" "ceph-client-test" "containerNames" (list "init" "ceph-cluster-helm-test") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec: spec:
{{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }} {{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
restartPolicy: Never restartPolicy: Never

View File

@ -16,6 +16,9 @@ pod:
ceph-client-bootstrap: ceph-client-bootstrap:
ceph-client-bootstrap: runtime/default ceph-client-bootstrap: runtime/default
init: runtime/default init: runtime/default
ceph-client-test:
init: runtime/default
ceph-cluster-helm-test: runtime/default
bootstrap: bootstrap:
enabled: true enabled: true
manifests: manifests:

View File

@ -26,6 +26,7 @@ metadata:
{{ tuple $envAll "ceph-osd" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{ tuple $envAll "ceph-osd" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
annotations: annotations:
"helm.sh/hook": test-success "helm.sh/hook": test-success
{{ dict "envAll" $envAll "podName" "ceph-osd-test" "containerNames" (list "init" "ceph-cluster-helm-test") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec: spec:
{{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }} {{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
restartPolicy: Never restartPolicy: Never

View File

@ -7,3 +7,6 @@ pod:
ceph-log-ownership: runtime/default ceph-log-ownership: runtime/default
osd-init: runtime/default osd-init: runtime/default
init: runtime/default init: runtime/default
ceph-osd-test:
init: runtime/default
ceph-cluster-helm-test: runtime/default

View File

@ -67,6 +67,7 @@ metadata:
{{ tuple $envAll "ceph" "provisioner-test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{ tuple $envAll "ceph" "provisioner-test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
annotations: annotations:
"helm.sh/hook": test-success "helm.sh/hook": test-success
{{ dict "envAll" $envAll "podName" "ceph-provisioner-test" "containerNames" (list "init" "ceph-provisioner-helm-test") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec: spec:
{{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }} {{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
restartPolicy: Never restartPolicy: Never

View File

@ -9,3 +9,6 @@ pod:
ceph-rbd-provisioner: ceph-rbd-provisioner:
ceph-rbd-provisioner: runtime/default ceph-rbd-provisioner: runtime/default
init: runtime/default init: runtime/default
ceph-provisioner-test:
init: runtime/default
ceph-provisioner-helm-test: runtime/default

View File

@ -28,6 +28,7 @@ metadata:
annotations: annotations:
"helm.sh/hook": test-success "helm.sh/hook": test-success
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
{{ dict "envAll" $envAll "podName" "elasticsearch-test" "containerNames" (list "init" "elasticsearch-helm-tests") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec: spec:
{{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }} {{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
serviceAccountName: {{ $serviceAccountName }} serviceAccountName: {{ $serviceAccountName }}
@ -37,7 +38,7 @@ spec:
initContainers: initContainers:
{{ tuple $envAll "tests" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }} {{ tuple $envAll "tests" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
containers: containers:
- name: {{.Release.Name}}-helm-tests - name: elasticsearch-helm-tests
{{ tuple $envAll "helm_tests" | include "helm-toolkit.snippets.image" | indent 6 }} {{ tuple $envAll "helm_tests" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} {{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
{{ dict "envAll" $envAll "application" "test" "container" "helm_tests" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }} {{ dict "envAll" $envAll "application" "test" "container" "helm_tests" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }}

View File

@ -20,3 +20,6 @@ pod:
prometheus-elasticsearch-exporter: prometheus-elasticsearch-exporter:
elasticsearch-exporter: runtime/default elasticsearch-exporter: runtime/default
init: runtime/default init: runtime/default
elasticsearch-test:
init: runtime/default
elasticsearch-helm-tests: runtime/default

View File

@ -28,6 +28,7 @@ metadata:
annotations: annotations:
"helm.sh/hook": test-success "helm.sh/hook": test-success
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
{{ dict "envAll" $envAll "podName" "grafana-test" "containerNames" (list "init" "grafana-selenium-tests") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec: spec:
{{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }} {{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
serviceAccountName: {{ $serviceAccountName }} serviceAccountName: {{ $serviceAccountName }}
@ -37,7 +38,7 @@ spec:
initContainers: initContainers:
{{ tuple $envAll "tests" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }} {{ tuple $envAll "tests" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
containers: containers:
- name: {{.Release.Name}}-selenium-tests - name: grafana-selenium-tests
{{ tuple $envAll "selenium_tests" | include "helm-toolkit.snippets.image" | indent 6 }} {{ tuple $envAll "selenium_tests" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} {{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
{{ dict "envAll" $envAll "application" "test" "container" "helm_tests" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }} {{ dict "envAll" $envAll "application" "test" "container" "helm_tests" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }}

View File

@ -19,3 +19,6 @@ pod:
grafana-set-admin-user: grafana-set-admin-user:
grafana-set-admin-password: runtime/default grafana-set-admin-password: runtime/default
init: runtime/default init: runtime/default
grafana-test:
init: runtime/default
grafana-selenium-tests: runtime/default

View File

@ -29,6 +29,7 @@ metadata:
annotations: annotations:
"helm.sh/hook": test-success "helm.sh/hook": test-success
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
{{ dict "envAll" $envAll "podName" "nagios-test" "containerNames" (list "init" "nagios-helm-tests") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec: spec:
{{ dict "envAll" $envAll "application" "monitoring" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }} {{ dict "envAll" $envAll "application" "monitoring" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
serviceAccountName: {{ $serviceAccountName }} serviceAccountName: {{ $serviceAccountName }}
@ -38,7 +39,7 @@ spec:
initContainers: initContainers:
{{ tuple $envAll "tests" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }} {{ tuple $envAll "tests" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
containers: containers:
- name: {{.Release.Name}}-helm-tests - name: nagios-helm-tests
{{ tuple $envAll "selenium_tests" | include "helm-toolkit.snippets.image" | indent 6 }} {{ tuple $envAll "selenium_tests" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} {{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
{{ dict "envAll" $envAll "application" "monitoring" "container" "helm_tests" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }} {{ dict "envAll" $envAll "application" "monitoring" "container" "helm_tests" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }}

View File

@ -6,3 +6,6 @@ pod:
init: runtime/default init: runtime/default
define-nagios-hosts: runtime/default define-nagios-hosts: runtime/default
apache-proxy: runtime/default apache-proxy: runtime/default
nagios-test:
init: runtime/default
nagios-helm-tests: runtime/default

View File

@ -26,6 +26,7 @@ metadata:
{{ tuple $envAll "prometheus" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{ tuple $envAll "prometheus" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
annotations: annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
{{ dict "envAll" $envAll "podName" "prometheus-test" "containerNames" (list "init" "prometheus-helm-tests") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
"helm.sh/hook": test-success "helm.sh/hook": test-success
spec: spec:
serviceAccountName: {{ $serviceAccountName }} serviceAccountName: {{ $serviceAccountName }}
@ -35,7 +36,7 @@ spec:
initContainers: initContainers:
{{ tuple $envAll "tests" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }} {{ tuple $envAll "tests" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
containers: containers:
- name: {{.Release.Name}}-helm-tests - name: prometheus-helm-tests
{{ tuple $envAll "helm_tests" | include "helm-toolkit.snippets.image" | indent 6 }} {{ tuple $envAll "helm_tests" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} {{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
command: command:

View File

@ -6,3 +6,6 @@ pod:
prometheus-perms: runtime/default prometheus-perms: runtime/default
apache-proxy: runtime/default apache-proxy: runtime/default
init: runtime/default init: runtime/default
prometheus-test:
prometheus-helm-tests: runtime/default
init: runtime/default