This adds a security context to the postgresql exporter, which
changes the pod's user from root to the nobody user instead
This also adds the container security context to set
allowPrivilegeEscalation to false and readOnlyRootFilesystem to true
Change-Id: Ibe49f77ed2d0a588b5abe175318edd1c82a57cca
This PS adds emptydirs backing the /tmp directory in pods, which
is required in most cases for full operation when using a read only
filesystem backing the container.
Additionally some yaml indent issues are resolved.
Change-Id: I8b7f1614da059783254aa6efc09facf23fca3cad
Signed-off-by: Pete Birley <pete@port.direct>
* Postgresql lack the feature of creating databases if not exist
* Add a function to workaround in the restore script.
Change-Id: If451204e3cec573a0dbfe91549a47ee569799a22
* backup script for postgresql
* restore script for postgresql
* cronjob to control backup automation for postgresql
* add parameters to values.yaml
Change-Id: I5eaa82e824c9f361aa667c431cd93058391f2e60
This adds the release-annotation to the pod spec for the charts in
openstack-helm-infra. This also adds missing configmap annotations
to charts in openstack-helm-infra
Change-Id: Ie23f0c16a7a21d3929e98928db2bbcef69ae6490
- Postgres initdb fails running as non-root as it cannot
change the ownership or permission on the PVC mounted
to the container. Update the chart to use a uid 0 init
container for setting ownership before the postgres
container starts.
Change-Id: I648fe7ca3dbc1f6ca6f4513360de2278be7c1ce4
- The deployment resource for the prometheus exporter was missing
the required (by apps/v1) field spec.selector. Add it.
Change-Id: I8afb8541ea1660ee5ca610d7d2b4cfd149d317dc
- Make the default to run the postgres database as the uid 999 which
the default image maps to the 'postgres' user
- If the database is already initialized, before starting postgres
set the 'postgres' database user password to match the declared
intended password
Change-Id: I7b0ea7a86246b098f38ef4c03dd157731f61e066
This removes set -x from the templates for the user creation
scripts for the mariadb and postgresql user templates, and it
also removes the set -x from the helm-toolkit job for creating
s3 users. This prevents sensitive credentials from being
displayed to the console when these scripts are run
Change-Id: I0a78d8190fbbae1b300b74ca560d76dedaaf6fc1
This updates daemonsets and deployments from extensions/v1beta1 to
apps/v1. These templates were either missed or overlooked when
added, and this change brings them up to the same api version used
for all other daemonsets and deployments
Change-Id: I6d2aba7791ad5eabd23785c01aed01d4f8e53d39
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. A follow up ps will add the ability to add arbitary
annotations to the same objects.
Change-Id: Iceedba457a03387f6fc44eb763a00fd57f9d84a5
Signed-off-by: Pete Birley <pete@port.direct>
This moves the postgresql chart to openstack-helm-infra as part of
the effort to move charts to the appropriate repositories
Change-Id: I25c026e5d4c4abe4dd0805047051281911632739
Story: 2002204
Task: 21729