Enable Apparmor to ceph client bootstrap Pods

Change-Id: Ia8fd1e50a2478743f0ff625ffdd8801610f05ee1 Signed-off-by: diwakar thyagaraj <[email protected]>
hossein-alit · Apr 29, 2020 · ccaa11b · ccaa11b
1 parent 5bc24e7
commit ccaa11b
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 1 deletion.
diff --git a/ceph-client/templates/job-bootstrap.yaml b/ceph-client/templates/job-bootstrap.yaml
@@ -31,6 +31,9 @@ spec:
  metadata:
  labels:
 {{ tuple $envAll "ceph" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+ annotations:
+{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "ceph-client-bootstrap" "containerNames" (list "ceph-client-bootstrap" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
  spec:
 {{ dict "envAll" $envAll "application" "bootstrap" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
  serviceAccountName: {{ $serviceAccountName }}

diff --git a/ceph-client/values_overrides/apparmor.yaml b/ceph-client/values_overrides/apparmor.yaml
@@ -13,4 +13,11 @@ pod:
  ceph-rbd-pool:
  ceph-rbd-pool: runtime/default
  init: runtime/default
+ ceph-client-bootstrap:
+ ceph-client-bootstrap: runtime/default
+ init: runtime/default
+bootstrap:
+ enabled: true
+manifests:
+ job_bootstrap: true
 
diff --git a/ceph-mon/templates/job-bootstrap.yaml b/ceph-mon/templates/job-bootstrap.yaml
@@ -33,7 +33,7 @@ spec:
 {{ tuple $envAll "ceph" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
  annotations:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
-{{ dict "envAll" $envAll "podName" "ceph-bootstrap" "containerNames" (list "ceph-bootstrap") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "ceph-bootstrap" "containerNames" (list "ceph-bootstrap" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
  spec:
 {{ dict "envAll" $envAll "application" "bootstrap" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
  serviceAccountName: {{ $serviceAccountName }}

diff --git a/ceph-mon/values_overrides/apparmor.yaml b/ceph-mon/values_overrides/apparmor.yaml
@@ -10,6 +10,7 @@ pod:
  init: runtime/default
  ceph-bootstrap:
  ceph-bootstrap: runtime/default
+ init: runtime/default
  ceph-storage-keys-generator:
  ceph-storage-keys-generator: runtime/default
  init: runtime/default