diff --git a/alerta/templates/deployment.yaml b/alerta/templates/deployment.yaml index faf4dcc7a..ead406322 100644 --- a/alerta/templates/deployment.yaml +++ b/alerta/templates/deployment.yaml @@ -35,7 +35,7 @@ spec: labels: {{ tuple $envAll "alerta" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} annotations: -{{ dict "envAll" $envAll "podName" "alerta" "containerNames" (list "alerta" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} +{{ dict "envAll" $envAll "podName" "alerta" "containerNames" (list "alerta") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} spec: diff --git a/alerta/values_overrides/apparmor.yaml b/alerta/values_overrides/apparmor.yaml new file mode 100644 index 000000000..c90f05e71 --- /dev/null +++ b/alerta/values_overrides/apparmor.yaml @@ -0,0 +1,7 @@ +--- +pod: + mandatory_access_control: + type: apparmor + alerta: + alerta: runtime/default +... diff --git a/prometheus-blackbox-exporter/values.yaml b/prometheus-blackbox-exporter/values.yaml index e7e84edc1..e0b6087cb 100644 --- a/prometheus-blackbox-exporter/values.yaml +++ b/prometheus-blackbox-exporter/values.yaml @@ -55,10 +55,6 @@ pod: blackbox_exporter: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - mandatory_access_control: - type: apparmor - prometheus-blackbox-exporter: - blackbox-exporter: runtime/default replicas: prometheus_blackbox_exporter: 1 annotations: diff --git a/prometheus-blackbox-exporter/values_overrides/apparmor.yaml b/prometheus-blackbox-exporter/values_overrides/apparmor.yaml new file mode 100644 index 000000000..12a3ce86a --- /dev/null +++ b/prometheus-blackbox-exporter/values_overrides/apparmor.yaml @@ -0,0 +1,7 @@ +--- +pod: + mandatory_access_control: + type: apparmor + prometheus-blackbox-exporter: + blackbox-exporter: runtime/default +... diff --git a/tools/deployment/apparmor/070-prometheus-openstack-exporter.sh b/tools/deployment/apparmor/065-prometheus-openstack-exporter.sh similarity index 100% rename from tools/deployment/apparmor/070-prometheus-openstack-exporter.sh rename to tools/deployment/apparmor/065-prometheus-openstack-exporter.sh diff --git a/tools/deployment/apparmor/070-prometheus-blackbox-exporter.sh b/tools/deployment/apparmor/070-prometheus-blackbox-exporter.sh new file mode 100755 index 000000000..0a09d1885 --- /dev/null +++ b/tools/deployment/apparmor/070-prometheus-blackbox-exporter.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +#NOTE: Lint and package chart +make prometheus-blackbox-exporter + +: ${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_BLACKBOX_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-blackbox-exporter)"} + +#NOTE: Deploy command +helm upgrade --install prometheus-blackbox-exporter \ + ./prometheus-blackbox-exporter \ + --namespace=openstack \ + ${OSH_INFRA_EXTRA_HELM_ARGS} \ + ${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_BLACKBOX_EXPORTER} + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh openstack + +#NOTE: Validate Deployment info +helm status prometheus-blackbox-exporter diff --git a/tools/deployment/apparmor/175-alerta.sh b/tools/deployment/apparmor/175-alerta.sh deleted file mode 120000 index 2f584fc72..000000000 --- a/tools/deployment/apparmor/175-alerta.sh +++ /dev/null @@ -1 +0,0 @@ -../common/alerta.sh \ No newline at end of file diff --git a/tools/deployment/apparmor/175-alerta.sh b/tools/deployment/apparmor/175-alerta.sh new file mode 100755 index 000000000..e01e2842b --- /dev/null +++ b/tools/deployment/apparmor/175-alerta.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +#NOTE: Lint and package chart +make alerta + +#NOTE: Deploy command +: ${OSH_INFRA_EXTRA_HELM_ARGS:=""} +: ${OSH_INFRA_EXTRA_HELM_ARGS_ALERTA:="$(./tools/deployment/common/get-values-overrides.sh alerta)"} + +helm upgrade --install alerta ./alerta \ + --namespace=osh-infra \ + ${OSH_INFRA_EXTRA_HELM_ARGS} \ + ${OSH_INFRA_EXTRA_HELM_ARGS_ALERTA} + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh osh-infra + +#NOTE: Validate Deployment info +helm status alerta diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 12f4de1a9..97e22ec00 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -289,6 +289,7 @@ - ./tools/deployment/apparmor/050-prometheus-alertmanager.sh - ./tools/deployment/apparmor/055-prometheus.sh - ./tools/deployment/apparmor/060-prometheus-node-exporter.sh + - ./tools/deployment/apparmor/070-prometheus-blackbox-exporter.sh - ./tools/deployment/apparmor/075-prometheus-process-exporter.sh - ./tools/deployment/apparmor/080-grafana.sh - ./tools/deployment/apparmor/085-rabbitmq.sh