Add Apparmor for prometheus os exporter ks-user Job
1) Updated docker image for heat to point to Stein and Bionic 2) Enabled Apparmor Job for prometheus-openstack exporter. Change-Id: I1ee8acb848ece3c334b087309d452d5137ea0798 Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
This commit is contained in:
parent
2b4cf6a2d9
commit
cc020bdfca
@ -27,6 +27,8 @@ spec:
|
||||
metadata:
|
||||
labels:
|
||||
{{ tuple $envAll "prometheus-openstack-exporter" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
annotations:
|
||||
{{ dict "envAll" $envAll "podName" "prometheus-openstack-exporter-ks-user" "containerNames" (list "prometheus-openstack-exporter-ks-user" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
||||
spec:
|
||||
{{ dict "envAll" $envAll "application" "ks_user" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
|
@ -20,7 +20,7 @@ images:
|
||||
prometheus_openstack_exporter: docker.io/openstackhelm/prometheus-openstack-exporter:ubuntu_bionic-20191017
|
||||
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
|
||||
image_repo_sync: docker.io/docker:17.07.0
|
||||
ks_user: docker.io/openstackhelm/heat:newton-ubuntu_xenial
|
||||
ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic
|
||||
pull_policy: IfNotPresent
|
||||
local_registry:
|
||||
active: false
|
||||
|
@ -5,4 +5,17 @@ pod:
|
||||
prometheus-openstack-exporter:
|
||||
openstack-metrics-exporter: runtime/default
|
||||
init: runtime/default
|
||||
prometheus-openstack-exporter-ks-user:
|
||||
prometheus-openstack-exporter-ks-user: runtime/default
|
||||
init: runtime/default
|
||||
manifests:
|
||||
job_ks_user: true
|
||||
dependencies:
|
||||
static:
|
||||
prometheus_openstack_exporter:
|
||||
jobs:
|
||||
- prometheus-openstack-exporter-ks-user
|
||||
services:
|
||||
- endpoint: internal
|
||||
service: identity
|
||||
...
|
||||
|
@ -23,6 +23,7 @@ make mariadb
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
|
||||
helm upgrade --install mariadb ./mariadb \
|
||||
--namespace=osh-infra \
|
||||
--set monitoring.prometheus.enabled=true \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS} \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB}
|
||||
|
||||
|
@ -1 +0,0 @@
|
||||
../osh-infra-monitoring/100-openstack-exporter.sh
|
33
tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
Executable file
33
tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
Executable file
@ -0,0 +1,33 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make prometheus-openstack-exporter
|
||||
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_OPENSTACK_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-openstack-exporter)"}
|
||||
|
||||
#NOTE: Deploy command
|
||||
helm upgrade --install prometheus-openstack-exporter \
|
||||
./prometheus-openstack-exporter \
|
||||
--namespace=openstack \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS} \
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_OPENSTACK_EXPORTER}
|
||||
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh openstack
|
||||
|
||||
#NOTE: Validate Deployment info
|
||||
helm status prometheus-openstack-exporter
|
@ -16,14 +16,14 @@ set -xe
|
||||
|
||||
#NOTE: Lint and package chart
|
||||
make prometheus-openstack-exporter
|
||||
: ${OSH_INFRA_EXTRA_HELM_ARGS_OS_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-openstack-exporter)"}
|
||||
|
||||
#NOTE: Deploy command
|
||||
: ${OSH_EXTRA_HELM_ARGS:=""}
|
||||
helm upgrade --install prometheus-openstack-exporter \
|
||||
./prometheus-openstack-exporter \
|
||||
--namespace=openstack \
|
||||
${OSH_EXTRA_HELM_ARGS} \
|
||||
${OSH_EXTRA_HELM_ARGS_OS_EXPORTER}
|
||||
${OSH_INFRA_EXTRA_HELM_ARGS_OS_EXPORTER}
|
||||
#NOTE: Wait for deploy
|
||||
./tools/deployment/common/wait-for-pods.sh openstack
|
||||
|
||||
|
@ -285,7 +285,6 @@
|
||||
- ./tools/deployment/apparmor/050-prometheus-alertmanager.sh
|
||||
- ./tools/deployment/apparmor/055-prometheus.sh
|
||||
- ./tools/deployment/apparmor/060-prometheus-node-exporter.sh
|
||||
- ./tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
|
||||
- ./tools/deployment/apparmor/075-prometheus-process-exporter.sh
|
||||
- ./tools/deployment/apparmor/080-grafana.sh
|
||||
- ./tools/deployment/apparmor/085-rabbitmq.sh
|
||||
@ -353,6 +352,7 @@
|
||||
- ./tools/deployment/openstack-support/070-mariadb.sh
|
||||
- ./tools/deployment/openstack-support/080-setup-client.sh
|
||||
- ./tools/deployment/openstack-support/090-keystone.sh
|
||||
- ./tools/deployment/openstack-support/110-openstack-exporter.sh
|
||||
- ./tools/deployment/apparmor/140-ceph-radosgateway.sh
|
||||
|
||||
- job:
|
||||
|
Loading…
Reference in New Issue
Block a user