Add Apparmor for prometheus os exporter ks-user Job

1) Updated docker image for heat to point to Stein and Bionic
 2) Enabled Apparmor Job for prometheus-openstack exporter.

Change-Id: I1ee8acb848ece3c334b087309d452d5137ea0798
Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
This commit is contained in:
diwakar thyagaraj 2020-06-30 20:51:50 +00:00
parent 2b4cf6a2d9
commit cc020bdfca
7 changed files with 53 additions and 5 deletions

View File

@ -27,6 +27,8 @@ spec:
metadata:
labels:
{{ tuple $envAll "prometheus-openstack-exporter" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ dict "envAll" $envAll "podName" "prometheus-openstack-exporter-ks-user" "containerNames" (list "prometheus-openstack-exporter-ks-user" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "ks_user" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
serviceAccountName: {{ $serviceAccountName }}

View File

@ -20,7 +20,7 @@ images:
prometheus_openstack_exporter: docker.io/openstackhelm/prometheus-openstack-exporter:ubuntu_bionic-20191017
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: docker.io/docker:17.07.0
ks_user: docker.io/openstackhelm/heat:newton-ubuntu_xenial
ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic
pull_policy: IfNotPresent
local_registry:
active: false

View File

@ -5,4 +5,17 @@ pod:
prometheus-openstack-exporter:
openstack-metrics-exporter: runtime/default
init: runtime/default
prometheus-openstack-exporter-ks-user:
prometheus-openstack-exporter-ks-user: runtime/default
init: runtime/default
manifests:
job_ks_user: true
dependencies:
static:
prometheus_openstack_exporter:
jobs:
- prometheus-openstack-exporter-ks-user
services:
- endpoint: internal
service: identity
...

View File

@ -23,6 +23,7 @@ make mariadb
: ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
helm upgrade --install mariadb ./mariadb \
--namespace=osh-infra \
--set monitoring.prometheus.enabled=true \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB}

View File

@ -1 +0,0 @@
../osh-infra-monitoring/100-openstack-exporter.sh

View File

@ -0,0 +1,33 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make prometheus-openstack-exporter
: ${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_OPENSTACK_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-openstack-exporter)"}
#NOTE: Deploy command
helm upgrade --install prometheus-openstack-exporter \
./prometheus-openstack-exporter \
--namespace=openstack \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_OPENSTACK_EXPORTER}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack
#NOTE: Validate Deployment info
helm status prometheus-openstack-exporter

View File

@ -16,14 +16,14 @@ set -xe
#NOTE: Lint and package chart
make prometheus-openstack-exporter
: ${OSH_INFRA_EXTRA_HELM_ARGS_OS_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-openstack-exporter)"}
#NOTE: Deploy command
: ${OSH_EXTRA_HELM_ARGS:=""}
helm upgrade --install prometheus-openstack-exporter \
./prometheus-openstack-exporter \
--namespace=openstack \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_OS_EXPORTER}
${OSH_INFRA_EXTRA_HELM_ARGS_OS_EXPORTER}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack

View File

@ -285,7 +285,6 @@
- ./tools/deployment/apparmor/050-prometheus-alertmanager.sh
- ./tools/deployment/apparmor/055-prometheus.sh
- ./tools/deployment/apparmor/060-prometheus-node-exporter.sh
- ./tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
- ./tools/deployment/apparmor/075-prometheus-process-exporter.sh
- ./tools/deployment/apparmor/080-grafana.sh
- ./tools/deployment/apparmor/085-rabbitmq.sh
@ -353,6 +352,7 @@
- ./tools/deployment/openstack-support/070-mariadb.sh
- ./tools/deployment/openstack-support/080-setup-client.sh
- ./tools/deployment/openstack-support/090-keystone.sh
- ./tools/deployment/openstack-support/110-openstack-exporter.sh
- ./tools/deployment/apparmor/140-ceph-radosgateway.sh
- job: