Apparmor: Update to use the runtime default profile
This moves from using the docker profile to the default runtime profile - which allows container engines other than docker to work out of the box. Change-Id: Ica5a48f8c43b90f07969b41e10dc472a772b5b43 Signed-off-by: Pete Birley <pete@port.direct>
This commit is contained in:
Pete Birley
parent
f1ffb7dbdb
commit
641bb04d4a
@ -136,7 +136,7 @@ pod:
|
|||||||
mandatory_access_control:
|
mandatory_access_control:
|
||||||
type: apparmor
|
type: apparmor
|
||||||
calico-node:
|
calico-node:
|
||||||
calico-node: localhost/docker-default
|
calico-node: runtime/default
|
||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
dynamic:
|
dynamic:
|
||||||
|
|||||||
@ -139,11 +139,11 @@ pod:
|
|||||||
mandatory_access_control:
|
mandatory_access_control:
|
||||||
type: apparmor
|
type: apparmor
|
||||||
elasticsearch-master:
|
elasticsearch-master:
|
||||||
elasticsearch-master: localhost/docker-default
|
elasticsearch-master: runtime/default
|
||||||
elasticsearch-data:
|
elasticsearch-data:
|
||||||
elasticsearch-data: localhost/docker-default
|
elasticsearch-data: runtime/default
|
||||||
elasticsearch-client:
|
elasticsearch-client:
|
||||||
elasticsearch-client: localhost/docker-default
|
elasticsearch-client: runtime/default
|
||||||
security_context:
|
security_context:
|
||||||
exporter:
|
exporter:
|
||||||
pod:
|
pod:
|
||||||
|
|||||||
@ -194,7 +194,7 @@ pod:
|
|||||||
mandatory_access_control:
|
mandatory_access_control:
|
||||||
type: apparmor
|
type: apparmor
|
||||||
ceph-osd-default:
|
ceph-osd-default:
|
||||||
ceph-osd-default: localhost/docker-default
|
ceph-osd-default: runtime/default
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
for CHART in ceph-mon ceph-client ceph-provisioners; do
|
for CHART in ceph-mon ceph-client ceph-provisioners; do
|
||||||
|
|||||||
@ -30,7 +30,7 @@ pod:
|
|||||||
mandatory_access_control:
|
mandatory_access_control:
|
||||||
type: apparmor
|
type: apparmor
|
||||||
memcached:
|
memcached:
|
||||||
memcached: localhost/docker-default
|
memcached: runtime/default
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# NOTE: Deploy command
|
# NOTE: Deploy command
|
||||||
|
|||||||
@ -25,7 +25,7 @@ pod:
|
|||||||
mandatory_access_control:
|
mandatory_access_control:
|
||||||
type: apparmor
|
type: apparmor
|
||||||
alertmanager:
|
alertmanager:
|
||||||
alertmanager: localhost/docker-default
|
alertmanager: runtime/default
|
||||||
storage:
|
storage:
|
||||||
enabled: false
|
enabled: false
|
||||||
EOF
|
EOF
|
||||||
|
|||||||
@ -25,7 +25,7 @@ pod:
|
|||||||
mandatory_access_control:
|
mandatory_access_control:
|
||||||
type: apparmor
|
type: apparmor
|
||||||
node-exporter:
|
node-exporter:
|
||||||
node-exporter: localhost/docker-default
|
node-exporter: runtime/default
|
||||||
EOF
|
EOF
|
||||||
helm upgrade --install prometheus-node-exporter ./prometheus-node-exporter \
|
helm upgrade --install prometheus-node-exporter ./prometheus-node-exporter \
|
||||||
--namespace=kube-system \
|
--namespace=kube-system \
|
||||||
|
|||||||
@ -32,7 +32,7 @@ pod:
|
|||||||
mandatory_access_control:
|
mandatory_access_control:
|
||||||
type: apparmor
|
type: apparmor
|
||||||
prometheus-openstack-exporter:
|
prometheus-openstack-exporter:
|
||||||
openstack-metrics-exporter: localhost/docker-default
|
openstack-metrics-exporter: runtime/default
|
||||||
EOF
|
EOF
|
||||||
helm upgrade --install prometheus-openstack-exporter ./prometheus-openstack-exporter \
|
helm upgrade --install prometheus-openstack-exporter ./prometheus-openstack-exporter \
|
||||||
--namespace=openstack \
|
--namespace=openstack \
|
||||||
|
|||||||
@ -25,7 +25,7 @@ pod:
|
|||||||
mandatory_access_control:
|
mandatory_access_control:
|
||||||
type: apparmor
|
type: apparmor
|
||||||
process-exporter:
|
process-exporter:
|
||||||
process-exporter: localhost/docker-default
|
process-exporter: runtime/default
|
||||||
EOF
|
EOF
|
||||||
helm upgrade --install prometheus-process-exporter ./prometheus-process-exporter \
|
helm upgrade --install prometheus-process-exporter ./prometheus-process-exporter \
|
||||||
--namespace=kube-system \
|
--namespace=kube-system \
|
||||||
|
|||||||
@ -31,11 +31,11 @@ pod:
|
|||||||
mandatory_access_control:
|
mandatory_access_control:
|
||||||
type: apparmor
|
type: apparmor
|
||||||
elasticsearch-master:
|
elasticsearch-master:
|
||||||
elasticsearch-master: localhost/docker-default
|
elasticsearch-master: runtime/default
|
||||||
elasticsearch-data:
|
elasticsearch-data:
|
||||||
elasticsearch-data: localhost/docker-default
|
elasticsearch-data: runtime/default
|
||||||
elasticsearch-client:
|
elasticsearch-client:
|
||||||
elasticsearch-client: localhost/docker-default
|
elasticsearch-client: runtime/default
|
||||||
replicas:
|
replicas:
|
||||||
data: 1
|
data: 1
|
||||||
master: 2
|
master: 2
|
||||||
|
|||||||
@ -23,7 +23,7 @@ pod:
|
|||||||
mandatory_access_control:
|
mandatory_access_control:
|
||||||
type: apparmor
|
type: apparmor
|
||||||
fluentbit:
|
fluentbit:
|
||||||
fluentbit: localhost/docker-default
|
fluentbit: runtime/default
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
#NOTE: Deploy command
|
#NOTE: Deploy command
|
||||||
|
|||||||
@ -29,7 +29,7 @@ pod:
|
|||||||
mandatory_access_control:
|
mandatory_access_control:
|
||||||
type: apparmor
|
type: apparmor
|
||||||
fluentd:
|
fluentd:
|
||||||
fluentd: localhost/docker-default
|
fluentd: runtime/default
|
||||||
conf:
|
conf:
|
||||||
fluentd:
|
fluentd:
|
||||||
template: |
|
template: |
|
||||||
|
|||||||
@ -25,9 +25,9 @@ pod:
|
|||||||
mandatory_access_control:
|
mandatory_access_control:
|
||||||
type: apparmor
|
type: apparmor
|
||||||
openvswitch-vswitchd:
|
openvswitch-vswitchd:
|
||||||
openvswitch-vswitchd: localhost/docker-default
|
openvswitch-vswitchd: runtime/default
|
||||||
openvswitch-db:
|
openvswitch-db:
|
||||||
openvswitch-db: localhost/docker-default
|
openvswitch-db: runtime/default
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
#NOTE: Deploy command
|
#NOTE: Deploy command
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user