Enable Apparmor to init container for Nova

Change-Id: Id0e2b5ae7d1b8361542408ebf634ebf9d3241f9e Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
2020-05-08 18:15:23 +00:00 · 2020-05-08 18:15:23 +00:00 · 71200c3fa6
parent 0477d80cbc
commit 71200c3fa6
3 changed files with 5 additions and 3 deletions
--- a/nova/templates/deployment-placement.yaml
+++ b/nova/templates/deployment-placement.yaml
@ -43,7 +43,7 @@ spec:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
-{{ dict "envAll" $envAll "podName" "nova-placement" "containerNames" (list "nova-placement-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "nova-placement" "containerNames" (list "nova-placement-api" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
--- a/nova/templates/job-cell-setup.yaml
+++ b/nova/templates/job-cell-setup.yaml
@ -30,7 +30,7 @@ spec:
      labels:
 {{ tuple $envAll "nova" "cell-setup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
      annotations:
-{{ dict "envAll" $envAll "podName" "nova-cell-setup" "containerNames" (list "nova-cell-setup-init" "nova-cell-setup") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "nova-cell-setup" "containerNames" (list "nova-cell-setup-init" "nova-cell-setup" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
--- a/nova/values_overrides/apparmor.yaml
+++ b/nova/values_overrides/apparmor.yaml
@ -8,6 +8,7 @@ pod:
      nova-compute-vnc-init: runtime/default
    nova-placement:
      nova-placement-api: runtime/default
+      init: runtime/default
    nova-api-metadata:
      nova-api-metadata-init: runtime/default
      nova-api: runtime/default
@ -31,4 +32,5 @@ pod:
      init: runtime/default
    nova-cell-setup:
      nova-cell-setup: runtime/default
-      nova-cell-setup-init: runtime/default
+      nova-cell-setup-init: runtime/default
+      init: runtime/default