From ccfd614141fdf31f517f69225e011ed9c05d2b5d Mon Sep 17 00:00:00 2001
From: Randeep Jalli <rj2083@att.com>
Date: Fri, 5 Apr 2019 13:13:08 -0400
Subject: [PATCH] This commit adds docker-default apparmor profile for
 prometheus-node-exporter.

Change-Id: Ie8660e206280184eb5f4c03b7dd54047436c16ba
---
 prometheus-node-exporter/values.yaml          |  4 --
 .../apparmor/060-prometheus-node-exporter.sh  | 38 +++++++++++++++++++
 zuul.d/jobs.yaml                              |  2 +
 3 files changed, 40 insertions(+), 4 deletions(-)
 create mode 100755 tools/deployment/apparmor/060-prometheus-node-exporter.sh

diff --git a/prometheus-node-exporter/values.yaml b/prometheus-node-exporter/values.yaml
index 31eacd0375..faa17706fe 100644
--- a/prometheus-node-exporter/values.yaml
+++ b/prometheus-node-exporter/values.yaml
@@ -37,10 +37,6 @@ labels:
     node_selector_value: enabled
 
 pod:
-  mandatory_access_control:
-    type: apparmor
-    node-exporter:
-      node-exporter: localhost/docker-default
   affinity:
     anti:
       type:
diff --git a/tools/deployment/apparmor/060-prometheus-node-exporter.sh b/tools/deployment/apparmor/060-prometheus-node-exporter.sh
new file mode 100755
index 0000000000..b7b6ab4bfc
--- /dev/null
+++ b/tools/deployment/apparmor/060-prometheus-node-exporter.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# Copyright 2019 The Openstack-Helm Authors.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+set -xe
+
+#NOTE: Lint and package chart
+make prometheus-node-exporter
+
+#NOTE: Deploy command
+tee /tmp/prometheus-node-exporter.yaml << EOF
+pod:
+  mandatory_access_control:
+    type: apparmor
+    node-exporter:
+      node-exporter: localhost/docker-default
+EOF
+helm upgrade --install prometheus-node-exporter ./prometheus-node-exporter \
+    --namespace=kube-system \
+    --values=/tmp/prometheus-node-exporter.yaml
+
+#NOTE: Wait for deploy
+./tools/deployment/common/wait-for-pods.sh kube-system
+
+#NOTE: Validate Deployment info
+helm status prometheus-node-exporter
diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml
index 0dba3106f3..214d86f4e4 100644
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@@ -209,9 +209,11 @@
         - ./tools/deployment/apparmor/001-setup-apparmor-profiles.sh
         - ./tools/deployment/apparmor/005-deploy-k8s.sh
         - ./tools/deployment/apparmor/040-memcached.sh
+        - ./tools/deployment/apparmor/060-prometheus-node-exporter.sh
         - ./tools/deployment/apparmor/080-prometheus-process-exporter.sh
         - ./tools/deployment/apparmor/020-ceph.sh
 
+
 - job:
     name: openstack-helm-infra-openstack-support
     parent: openstack-helm-infra-functional