From 26faa8a66d9c2290a350494fe12e0d379c5acd36 Mon Sep 17 00:00:00 2001 From: Randeep Jalli Date: Fri, 5 Apr 2019 13:36:07 -0400 Subject: [PATCH] Add docker-default apparmor profile for prometheus process exporter. Change-Id: Iaa1eb80074c280ff00cc599105b598130132cc26 --- prometheus-process-exporter/values.yaml | 4 -- .../080-prometheus-process-exporter.sh | 38 +++++++++++++++++++ zuul.d/jobs.yaml | 2 +- 3 files changed, 39 insertions(+), 5 deletions(-) create mode 100755 tools/deployment/apparmor/080-prometheus-process-exporter.sh diff --git a/prometheus-process-exporter/values.yaml b/prometheus-process-exporter/values.yaml index 84e7dfbaa..3ea73f5c8 100644 --- a/prometheus-process-exporter/values.yaml +++ b/prometheus-process-exporter/values.yaml @@ -37,10 +37,6 @@ labels: node_selector_value: enabled pod: - mandatory_access_control: - type: apparmor - process-exporter: - process-exporter: localhost/docker-default affinity: anti: type: diff --git a/tools/deployment/apparmor/080-prometheus-process-exporter.sh b/tools/deployment/apparmor/080-prometheus-process-exporter.sh new file mode 100755 index 000000000..939930ba9 --- /dev/null +++ b/tools/deployment/apparmor/080-prometheus-process-exporter.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +#NOTE: Lint and package chart +make prometheus-process-exporter + +#NOTE: Deploy command +tee /tmp/prometheus-process-exporter.yaml << EOF +pod: + mandatory_access_control: + type: apparmor + process-exporter: + process-exporter: localhost/docker-default +EOF +helm upgrade --install prometheus-process-exporter ./prometheus-process-exporter \ + --namespace=kube-system \ + --values=/tmp/prometheus-process-exporter.yaml + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh kube-system + +#NOTE: Validate Deployment info +helm status prometheus-process-exporter diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 280007d32..bdf7d7bb5 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -209,7 +209,7 @@ - ./tools/deployment/apparmor/001-setup-apparmor-profiles.sh - ./tools/deployment/apparmor/005-deploy-k8s.sh - ./tools/deployment/apparmor/040-memcached.sh - - ./tools/deployment/apparmor/050-libvirt.sh + - ./tools/deployment/apparmor/080-prometheus-process-exporter.sh - job: name: openstack-helm-infra-openstack-support