diff --git a/heat/templates/cron-job-engine-cleaner.yaml b/heat/templates/cron-job-engine-cleaner.yaml index 2dc1ba879a..036b0ac7ee 100644 --- a/heat/templates/cron-job-engine-cleaner.yaml +++ b/heat/templates/cron-job-engine-cleaner.yaml @@ -44,6 +44,11 @@ spec: metadata: labels: {{ tuple $envAll "heat" "engine-cleaner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} +{{ dict "envAll" $envAll "podName" "heat-engine-cleaner" "containerNames" (list "heat-engine-cleaner" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure diff --git a/heat/templates/cron-job-purge-deleted.yaml b/heat/templates/cron-job-purge-deleted.yaml index 5a9c13489e..c9f32f6254 100644 --- a/heat/templates/cron-job-purge-deleted.yaml +++ b/heat/templates/cron-job-purge-deleted.yaml @@ -41,6 +41,9 @@ spec: metadata: labels: {{ tuple $envAll "heat" "purge-deleted" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} +{{ dict "envAll" $envAll "podName" "heat-purge-deleted" "containerNames" (list "init" "heat-purge-deleted" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure diff --git a/heat/values_overrides/apparmor.yaml b/heat/values_overrides/apparmor.yaml index 079abfb04c..eefe2a3b13 100644 --- a/heat/values_overrides/apparmor.yaml +++ b/heat/values_overrides/apparmor.yaml @@ -10,9 +10,15 @@ pod: heat-engine: heat-engine: runtime/default init: runtime/default + heat-engine-cleaner: + heat-engine-cleaner: runtime/default + init: runtime/default heat-domain-ks-user: heat-ks-domain-user: runtime/default init: runtime/default heat-trusts: heat-trusts: runtime/default + init: runtime/default + heat-purge-deleted: + heat-purge-deleted: runtime/default init: runtime/default \ No newline at end of file diff --git a/tools/deployment/apparmor/015-ingress.sh b/tools/deployment/apparmor/015-ingress.sh new file mode 100755 index 0000000000..300b12cbc5 --- /dev/null +++ b/tools/deployment/apparmor/015-ingress.sh @@ -0,0 +1,70 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +#NOTE: Lint and package chart +make ingress + +: ${OSH_INFRA_EXTRA_HELM_ARGS_KUBE_SYSTEM:="$(./tools/deployment/common/get-values-overrides.sh ingress)"} +: ${OSH_INFRA_EXTRA_HELM_ARGS_OPENSTACK:="$(./tools/deployment/common/get-values-overrides.sh ingress)"} +: ${OSH_INFRA_EXTRA_HELM_ARGS_CEPH:="$(./tools/deployment/common/get-values-overrides.sh ingress)"} + +#NOTE: Deploy command +: ${OSH_INFRA_EXTRA_HELM_ARGS:=""} + +#NOTE: Deploy global ingress +tee /tmp/ingress-kube-system.yaml << EOF +deployment: + mode: cluster + type: DaemonSet +network: + host_namespace: true +EOF +helm upgrade --install ingress-kube-system ./ingress \ + --namespace=kube-system \ + --values=/tmp/ingress-kube-system.yaml \ + ${OSH_INFRA_EXTRA_HELM_ARGS} \ + ${OSH_INFRA_EXTRA_HELM_ARGS_INGRESS_KUBE_SYSTEM} + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh kube-system + +#NOTE: Display info +helm status ingress-kube-system + +#NOTE: Deploy namespace ingress +helm upgrade --install ingress-osh-infra ./ingress \ + --namespace=osh-infra \ + ${OSH_INFRA_EXTRA_HELM_ARGS} \ + ${OSH_INFRA_EXTRA_HELM_ARGS_INGRESS_OPENSTACK} + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh osh-infra + +#NOTE: Display info +helm status ingress-osh-infra + +helm upgrade --install ingress-ceph ./ingress \ + --namespace=ceph \ + ${OSH_INFRA_EXTRA_HELM_ARGS} \ + ${OSH_INFRA_EXTRA_HELM_ARGS_INGRESS_CEPH} + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh ceph + +#NOTE: Display info +helm status ingress-ceph diff --git a/zuul.d/jobs-openstack-helm.yaml b/zuul.d/jobs-openstack-helm.yaml index 870829e0c3..c09e178a72 100644 --- a/zuul.d/jobs-openstack-helm.yaml +++ b/zuul.d/jobs-openstack-helm.yaml @@ -275,7 +275,7 @@ - ./tools/deployment/common/install-packages.sh - ./tools/deployment/common/deploy-k8s.sh - ./tools/deployment/common/setup-client.sh - - ./tools/deployment/component/common/ingress.sh + - ./tools/deployment/apparmor/015-ingress.sh - ./tools/deployment/component/common/mariadb.sh - ./tools/deployment/component/common/memcached.sh - ./tools/deployment/component/common/rabbitmq.sh @@ -308,7 +308,7 @@ - ./tools/deployment/common/setup-client.sh - ./tools/deployment/component/ceph/ceph.sh - ./tools/deployment/component/ceph/ceph-ns-activate.sh - - ./tools/deployment/component/common/ingress.sh + - ./tools/deployment/apparmor/015-ingress.sh - ./tools/deployment/component/common/mariadb.sh - ./tools/deployment/component/common/memcached.sh - ./tools/deployment/component/common/rabbitmq.sh