18 Commits

Author SHA1 Message Date
RAHUL KHIYANI
2ddb43f525 Postgresql: Fix security context
This PS fixes the use of the security context macros for the
postgresql chart

Change-Id: I7d5080686e98837b95297b9a33e7241c79193830
2019-05-14 22:12:38 +00:00
Zuul
309bc587d5 Merge "Add restore postgresql script to the configmap-bin" 2019-05-01 17:38:37 +00:00
Zuul
66f4b08b15 Merge "Add Create database if not exist to postgres restore" 2019-05-01 17:32:34 +00:00
Koffi Nogbe
b1a4059ce7 Add restore postgresql script to the configmap-bin
* Adding file restore_postgresql.sh to the configmap-bin

Change-Id: I57cfa8f0b22be49be43bcdb93b8ac363a8ae6472
Signed-off-by: Koffi Nogbe <kn4078@att.com>
2019-04-26 11:18:11 -04:00
Rahul Khiyani
7aaae02f1d Postgresql-exporter: Add security context for pod/container
This adds a security context to the postgresql exporter, which
changes the pod's user from root to the nobody user instead

This also adds the container security context to set
allowPrivilegeEscalation to false and readOnlyRootFilesystem to true

Change-Id: Ibe49f77ed2d0a588b5abe175318edd1c82a57cca
2019-04-21 03:17:57 +00:00
Pete Birley
2abf62ff4d OSH-Infra: Add emptydirs for tmp
This PS adds emptydirs backing the /tmp directory in pods, which
is required in most cases for full operation when using a read only
filesystem backing the container.

Additionally some yaml indent issues are resolved.

Change-Id: I8b7f1614da059783254aa6efc09facf23fca3cad
Signed-off-by: Pete Birley <pete@port.direct>
2019-04-20 20:50:59 +00:00
Koffi Nogbe
211ce288ca Add Create database if not exist to postgres restore
* Postgresql lack the feature of creating databases if not exist
  * Add a function to workaround in the restore script.

Change-Id: If451204e3cec573a0dbfe91549a47ee569799a22
2019-04-09 12:59:20 -04:00
Koffi Nogbe
ed93f3dc69 Add postgresql backup capability to postgresql chart
* backup script for postgresql
  * restore script for postgresql
  * cronjob to control backup automation for postgresql
  * add parameters to values.yaml

Change-Id: I5eaa82e824c9f361aa667c431cd93058391f2e60
2019-03-24 14:48:42 -04:00
Steve Wilkerson
84f30ec103 Add release-annotation to pod spec, add missing annotations
This adds the release-annotation to the pod spec for the charts in
openstack-helm-infra. This also adds missing configmap annotations
to charts in openstack-helm-infra

Change-Id: Ie23f0c16a7a21d3929e98928db2bbcef69ae6490
2019-03-21 09:10:48 -05:00
Scott Hussey
73a360f19a (postgresql) Use root init container for chown
- Postgres initdb fails running as non-root as it cannot
  change the ownership or permission on the PVC mounted
  to the container. Update the chart to use a uid 0 init
  container for setting ownership before the postgres
  container starts.

Change-Id: I648fe7ca3dbc1f6ca6f4513360de2278be7c1ce4
2019-03-13 22:41:36 +00:00
Scott Hussey
0be9b28f60 (postgres) Fix deployment for prometheus exporter
- The deployment resource for the prometheus exporter was missing
  the required (by apps/v1) field spec.selector. Add it.

Change-Id: I8afb8541ea1660ee5ca610d7d2b4cfd149d317dc
2019-03-07 13:44:15 -06:00
Scott Hussey
43a93e2cbd (postgresql) Add Helm test
- Add a Helm test for testing DDL and DML for Postgres

Change-Id: Ib34ea48abf836ae52b909b30fdb8275d80a3c559
2019-03-06 06:36:51 +00:00
Scott Hussey
4a505e213c (postgresql) set db admin password at startup
- Make the default to run the postgres database as the uid 999 which
  the default image maps to the 'postgres' user

- If the database is already initialized, before starting postgres
  set the 'postgres' database user password to match the declared
  intended password

Change-Id: I7b0ea7a86246b098f38ef4c03dd157731f61e066
2019-03-05 18:38:41 +00:00
Zuul
7578ba5a4b Merge "Remove set -x from exporter scripts and htk s3 user script" 2019-02-23 03:05:31 +00:00
Steve Wilkerson
70e5769900 Remove set -x from exporter scripts and htk s3 user script
This removes set -x from the templates for the user creation
scripts for the mariadb and postgresql user templates, and it
also removes the set -x from the helm-toolkit job for creating
s3 users. This prevents sensitive credentials from being
displayed to the console when these scripts are run

Change-Id: I0a78d8190fbbae1b300b74ca560d76dedaaf6fc1
2019-02-19 14:42:17 -06:00
Steve Wilkerson
7387ecd71c Updated missed daemonsets and deployments to apps/v1
This updates daemonsets and deployments from extensions/v1beta1 to
apps/v1.  These templates were either missed or overlooked when
added, and this change brings them up to the same api version used
for all other daemonsets and deployments

Change-Id: I6d2aba7791ad5eabd23785c01aed01d4f8e53d39
2019-02-19 08:19:45 -06:00
Pete Birley
bb3ff98d53 Add release uuid to pods and rc objects
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. A follow up ps will add the ability to add arbitary
annotations to the same objects.

Change-Id: Iceedba457a03387f6fc44eb763a00fd57f9d84a5
Signed-off-by: Pete Birley <pete@port.direct>
2018-09-13 05:35:35 +00:00
Steve Wilkerson
8bbd80e197 Postgresql: Move chart to openstack-helm-infra
This moves the postgresql chart to openstack-helm-infra as part of
the effort to move charts to the appropriate repositories

Change-Id: I25c026e5d4c4abe4dd0805047051281911632739
Story: 2002204
Task: 21729
2018-09-09 10:20:08 -06:00