Enable Apparmor to ceph client bootstrap Pods

Change-Id: Ia8fd1e50a2478743f0ff625ffdd8801610f05ee1 Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
2020-04-24 15:21:24 +00:00 · 2020-04-24 15:21:24 +00:00 · ccaa11b649
commit ccaa11b649
parent 5bc24e78a4
4 changed files with 12 additions and 1 deletions
--- a/ceph-client/templates/job-bootstrap.yaml
+++ b/ceph-client/templates/job-bootstrap.yaml
@ -31,6 +31,9 @@ spec:
    metadata:
      labels:
 {{ tuple $envAll "ceph" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+      annotations:
+{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "ceph-client-bootstrap" "containerNames" (list "ceph-client-bootstrap" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
    spec:
 {{ dict "envAll" $envAll "application" "bootstrap" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
      serviceAccountName: {{ $serviceAccountName }}
--- a/ceph-client/values_overrides/apparmor.yaml
+++ b/ceph-client/values_overrides/apparmor.yaml
@ -13,4 +13,11 @@ pod:
    ceph-rbd-pool:
      ceph-rbd-pool: runtime/default
      init: runtime/default
+    ceph-client-bootstrap:
+      ceph-client-bootstrap: runtime/default
+      init: runtime/default
+bootstrap:
+  enabled: true
+manifests:
+  job_bootstrap: true

--- a/ceph-mon/templates/job-bootstrap.yaml
+++ b/ceph-mon/templates/job-bootstrap.yaml
@ -33,7 +33,7 @@ spec:
 {{ tuple $envAll "ceph" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
      annotations:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
-{{ dict "envAll" $envAll "podName" "ceph-bootstrap" "containerNames" (list "ceph-bootstrap") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "ceph-bootstrap" "containerNames" (list "ceph-bootstrap" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
    spec:
 {{ dict "envAll" $envAll "application" "bootstrap" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
      serviceAccountName: {{ $serviceAccountName }}
--- a/ceph-mon/values_overrides/apparmor.yaml
+++ b/ceph-mon/values_overrides/apparmor.yaml
@ -10,6 +10,7 @@ pod:
      init: runtime/default
    ceph-bootstrap:
      ceph-bootstrap: runtime/default
+      init: runtime/default
    ceph-storage-keys-generator:
      ceph-storage-keys-generator: runtime/default
      init: runtime/default