Enable Apparmor to Nova components
Change-Id: Icefa9c91899110d7560dae7e73f9dd932e88e3fa
This commit is contained in:
		 dt241s@att.com
					dt241s@att.com
				
			
				
					committed by
					
						 diwakar thyagaraj
						diwakar thyagaraj
					
				
			
			
				
	
			
			
			 diwakar thyagaraj
						diwakar thyagaraj
					
				
			
						parent
						
							5763f146c9
						
					
				
				
					commit
					ef1f5ec153
				
			| @@ -45,7 +45,7 @@ spec: | ||||
|       annotations: | ||||
| {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} | ||||
|         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} | ||||
| {{ dict "envAll" $envAll "podName" "nova-compute-default" "containerNames" (list "nova-compute") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} | ||||
| {{ dict "envAll" $envAll "podName" "nova-compute-default" "containerNames" (list "nova-compute" "init" "nova-compute-init" "nova-compute-vnc-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} | ||||
|     spec: | ||||
|       serviceAccountName: {{ $serviceAccountName }} | ||||
| {{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} | ||||
|   | ||||
| @@ -45,6 +45,7 @@ spec: | ||||
| {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} | ||||
|         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} | ||||
|         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} | ||||
| {{ dict "envAll" $envAll "podName" "nova-api-metadata" "containerNames" (list "nova-api-metadata-init" "nova-api" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} | ||||
|     spec: | ||||
|       serviceAccountName: {{ $serviceAccountName }} | ||||
| {{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} | ||||
|   | ||||
| @@ -45,6 +45,7 @@ spec: | ||||
| {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} | ||||
|         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} | ||||
|         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} | ||||
| {{ dict "envAll" $envAll "podName" "nova-api-osapi" "containerNames" (list "nova-osapi" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} | ||||
|     spec: | ||||
|       serviceAccountName: {{ $serviceAccountName }} | ||||
| {{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} | ||||
|   | ||||
| @@ -45,6 +45,7 @@ spec: | ||||
| {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} | ||||
|         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} | ||||
|         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} | ||||
| {{ dict "envAll" $envAll "podName" "nova-conductor" "containerNames" (list "nova-conductor" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} | ||||
|     spec: | ||||
|       serviceAccountName: {{ $serviceAccountName }} | ||||
| {{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} | ||||
|   | ||||
| @@ -45,6 +45,7 @@ spec: | ||||
| {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} | ||||
|         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} | ||||
|         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} | ||||
| {{ dict "envAll" $envAll "podName" "nova-consoleauth" "containerNames" (list "nova-consoleauth" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} | ||||
|     spec: | ||||
|       serviceAccountName: {{ $serviceAccountName }} | ||||
| {{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} | ||||
|   | ||||
| @@ -45,6 +45,7 @@ spec: | ||||
| {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} | ||||
|         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} | ||||
|         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} | ||||
| {{ dict "envAll" $envAll "podName" "nova-novncproxy" "containerNames" (list "nova-novncproxy" "nova-novncproxy-init-assets" "nova-novncproxy-init" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} | ||||
|     spec: | ||||
|       serviceAccountName: {{ $serviceAccountName }} | ||||
| {{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} | ||||
|   | ||||
| @@ -45,6 +45,7 @@ spec: | ||||
| {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} | ||||
|         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} | ||||
|         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} | ||||
| {{ dict "envAll" $envAll "podName" "nova-scheduler" "containerNames" (list "nova-scheduler" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} | ||||
|     spec: | ||||
|       serviceAccountName: {{ $serviceAccountName }} | ||||
| {{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} | ||||
|   | ||||
| @@ -31,6 +31,8 @@ spec: | ||||
|     metadata: | ||||
|       labels: | ||||
| {{ tuple $envAll "nova" "cell-setup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} | ||||
|       annotations: | ||||
| {{ dict "envAll" $envAll "podName" "nova-cell-setup" "containerNames" (list "nova-cell-setup-init" "nova-cell-setup") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} | ||||
|     spec: | ||||
|       serviceAccountName: {{ $serviceAccountName }} | ||||
|       restartPolicy: OnFailure | ||||
|   | ||||
| @@ -3,5 +3,32 @@ pod: | ||||
|     type: apparmor | ||||
|     nova-compute-default: | ||||
|       nova-compute: runtime/default | ||||
|       init: runtime/default | ||||
|       nova-compute-init: runtime/default | ||||
|       nova-compute-vnc-init: runtime/default | ||||
|     nova-placement: | ||||
|       nova-placement-api: runtime/default | ||||
|     nova-api-metadata: | ||||
|       nova-api-metadata-init: runtime/default | ||||
|       nova-api: runtime/default | ||||
|       init: runtime/default | ||||
|     nova-api-osapi: | ||||
|       nova-osapi: runtime/default | ||||
|       init: runtime/default | ||||
|     nova-conductor: | ||||
|       nova-conductor: runtime/default | ||||
|       init: runtime/default | ||||
|     nova-consoleauth: | ||||
|       nova-consoleauth: runtime/default | ||||
|       init: runtime/default | ||||
|     nova-novncproxy: | ||||
|       nova-novncproxy: runtime/default | ||||
|       nova-novncproxy-init-assets: runtime/default | ||||
|       nova-novncproxy-init: runtime/default | ||||
|       init: runtime/default | ||||
|     nova-scheduler: | ||||
|       nova-scheduler: runtime/default | ||||
|       init: runtime/default | ||||
|     nova-cell-setup: | ||||
|       nova-cell-setup: runtime/default | ||||
|       nova-cell-setup-init: runtime/default | ||||
		Reference in New Issue
	
	Block a user