[ceph-osd] Update log-runner container for MAC

The log-runner previously was not included in the mandatory access control (MAC) annotation for the OSD pods, which means it could not have any AppArmor profile applied to it. This patchset adds that capability for that container. Change-Id: I11036789de45c0f8f66b51e15f2cc253e6cb230c
2021-10-26 18:48:07 +00:00 · 2021-10-26 18:48:07 +00:00 · cc793f2144
parent 14b8597558
commit cc793f2144
4 changed files with 4 additions and 2 deletions
--- a/ceph-osd/Chart.yaml
+++ b/ceph-osd/Chart.yaml
@ -15,6 +15,6 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Ceph OSD
 name: ceph-osd
-version: 0.1.32
+version: 0.1.33
 home: https://github.com/ceph/ceph
 ...
--- a/ceph-osd/templates/daemonset-osd.yaml
+++ b/ceph-osd/templates/daemonset-osd.yaml
@ -72,7 +72,7 @@ spec:
 {{ tuple $envAll "ceph" "osd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
      annotations:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
-{{ dict "envAll" $envAll "podName" "ceph-osd-default" "containerNames" (list "ceph-osd-default" "ceph-init-dirs" "ceph-log-ownership" "osd-init" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+{{ dict "envAll" $envAll "podName" "ceph-osd-default" "containerNames" (list "ceph-osd-default" "log-runner" "ceph-init-dirs" "ceph-log-ownership" "osd-init" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
    spec:
 {{ dict "envAll" $envAll "application" "osd" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
--- a/ceph-osd/values_overrides/apparmor.yaml
+++ b/ceph-osd/values_overrides/apparmor.yaml
@ -4,6 +4,7 @@ pod:
    type: apparmor
    ceph-osd-default:
      ceph-osd-default: runtime/default
+      log-runner: runtime/default
      ceph-init-dirs: runtime/default
      ceph-log-ownership: runtime/default
      osd-init: runtime/default
--- a/releasenotes/notes/ceph-osd.yaml
+++ b/releasenotes/notes/ceph-osd.yaml
@ -33,4 +33,5 @@ ceph-osd:
  - 0.1.30 Ceph OSD log-runner container should run as ceph user
  - 0.1.31 Helm 3 - Fix Job labels
  - 0.1.32 Update htk requirements
+  - 0.1.33 Update log-runner container for MAC
 ...