This updates the Calico-etcd chart to include the pod
security context on the pod template
This also adds the container security context to set
readOnlyRootFilesystem to true
Change-Id: I10ff398d7a552d5287d841ca39c77ea097f7e67e
This adds ingress network policy for the fluent-logging, kibana
and Elasticsearch charts. This leverages the helm-toolkit template
that was used in openstack-helm for the openstack services
Change-Id: I2a89b62f1002851346e9a25de40113078e9c518f
This updates the ceph-provisioners chart to include the pod
security context on the pod template
This also adds the container security context to set allowPrivilegeEscalation
to false and readOnlyRootFilesystem to true
Change-Id: Iee49ffe17f2cd08fc978461269b654d3b2cb4406
This updates the tiller chart to include the pod
security context on the pod template
This also adds the container security context to set
allowPrivilegeEscalation to false
Change-Id: Ic0d87ba2e933444ebe8a6d59d7bb74aae81a051d
I believe when we have set the readOnly flag at pod without HTK functionality the changes were not reflected. That is why it passed the gate.
Later with HTK functionality the gates never passed and I have tested that in various ways and finally I had to unset the readOnly flag
This reverts commit 598040bea05737ea1ee2460ba8675ed7c061e63a.
Change-Id: Icf8d3cc60045926ab60b9735ee1e8202c15df9d5
This PS temporaily removes the mysql_upgrade logic as it breaks
mariabackup as currently implemented.
Change-Id: I1f74d104b004ddb641d354dfee82557b18c3677a
Signed-off-by: Pete Birley <pete@port.direct>
Trivial fix. This patch set fixes inconsistent indentations in YAML file.
Change-Id: I98ed9680d93f9c21e44b7da8462c9ce3607350bd
Signed-off-by: Tin Lam <tin@irrational.io>
This indents the closing {{ end }} for the check for executing the
Elasticsearch test that checks the snapshot repositories
Change-Id: I77ebb1af7ee648cc9787665bfb81dfbb1a30663a
This allows to pass a new env var into shell scripts, for value
overrides, with Zuul's help (value_overrides can be part of the
job definition).
Change-Id: Ia5dcecb73f4b872fd8fb65d3cd0bf69c19addf07
In order to align with ceph-provisioner storageclass
.Values we need to update ceph-mon .Values and tenant-
ceph scripts
Change-Id: I36fb07de9e791ac33cf0b4c38b3e4d63337d3e72
Story: storageclass schema changes
Signed-off-by: kranthi guttikonda <kranthi.guttikonda@att.com>
Signed-off-by: kranthikirang <kranthi.guttikonda@b-yond.com>
This adds the selector.matchLabel key to the packetbeat daemonset
and the elastic-apm-server deployment templates as it's a required
field for apps/v1
Change-Id: Idcc639b49b34579508e77a03f814dcf45ecf667c
This PS updates the htk k8s-entrypoint container macro to add security
context, with a set of defaults to allow operation with existing charts.
Change-Id: Ib41600e2e3c848ae0d62181ad7e01f3cf00a26a0
Signed-off-by: Pete Birley <pete@port.direct>
This PS removes some unused CLI options and functions from the backup
script.
Change-Id: Ie7abb3bda0689afa0d128552a85c985e1653552f
Signed-off-by: Pete Birley <pete@port.direct>
This PS cleans up the default values file, and also allows some
aspects of the mysql exporter's operation to be configured.
Change-Id: I577e3237ca0bfe3665e7a57cf2a9364baea7c24a
Signed-off-by: Pete Birley <pete@port.direct>
This PS fixes the backup job to have an appropriate init container
and service account.
Change-Id: I93d7ba93c9846508262951efba0d6034f6341ae8
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the logic terminating mysqld to catch when it has
exited prior to waiting for it to do so.
Change-Id: Iefea71b7c49e5cfc01bdf8b80644990d78f2e910
Signed-off-by: Pete Birley <pete@port.direct>
This addresses slight issues with the ceph-osd, ceph-provisioners,
and ceph-rgw charts. Those issues include:
- Remove duplicate test: key in ceph-osd dependencies
- Add missing image repo sync job to ceph-provisioner and rgw
- Use correct job name for image repo sync dependencies in charts
- Remove incorrect keystone service dependency for ceph-rgw, as
the keystone jobs are dependent on the keystone service
This also updates the ceph-rgw chart to use dynamic dependencies
based on whether keystone auth or s3 auth is used
Change-Id: Id3b3f289bdd4ca4d1b2e9b6267b12427e422a08d
This PS adds a basic sanity test to the mariadb chart, using
mysqlslap.
Change-Id: I7450ea8a66364d123022bc773ee90047f9e69b1c
Signed-off-by: Pete Birley <pete@port.direct>
This updates the apparmor job to only use the docker default
profile for memcached, as the custom apparmor profiles used didnt
allow for a successful deployment. This also updates the libvirt
overrides, as the current change to use daemonset-overrides
required updating the container name.
Co-authored-by: wilkers.steve@gmail.com
Co-authored-by: ld366r@att.com
Change-Id: I00cb4c62a38e0e1178e45b4e34c946b3b53da6d5
