This will ease mirroring capabilities for the docker official images.
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I0f9177b0b83e4fad599ae0c3f3820202bf1d450d
Memcached stats cachedump is enabled by default. Changes in this
pathset provide an option to configure stats cachedump as desired
during deployment i.e. the stats cachedump can be disabled to
prevent user obtaining sensitive info via the cachedump data.
Change-Id: Ic6254f89b1478a414ac275436ddd659b16b75f98
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: I1882738cf9757c5350a8533876fd37b5920b5235
This updates the kubernetes-entrypoint image reference to consume
the publicly available kubernetes-entrypoint image that is built
and maintained under the airshipit namespace, as the stackanetes
image is no longer actively maintained
Change-Id: I5bfdc156ae228ab16da57569ac6b05a9a125cb6a
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This change adds egress rules to the following charts:
- ingress
- memcache
- libvirt
- rabbitmq
These rules will be tightend down in future changes
Change-Id: I6f297d50ca4c06234c7c79986a12cccf3beb5efb
This ps exposes the anti-affinity weight value, including
default, that will be consumed by the updated htk function.
Change-Id: Id8eb303674764ef8b0664f62040723aaf77e0a54
securityContext with readOnlyRootFilesystem is implemented at container
level and leveraged the helm-toolkit snippet
Change-Id: I8b16e9c17154a2bac162f31939b510fcd773126b
Implement a pod security context for the following Memcached resources:
- Memcached server deployment
Change-Id: I8628ceb246e7c435a2ddd20bf1bcecd94db8ea26
This adds the security context to the memcached prometheus
exporter pod, which changes the default user from root to the
nobody user instead
This also adds the container security context to explicitly set
allowPrivilegeEscalation to false
Change-Id: I3401c1a67f17cef49a478be98f9ab42691b84d66
This PS implements the helm toolkit function to generate the
Egress in kubernetes network policy manifest based on overrideable values.
It also enbale the K8s network policy at Osh-infra gate.
Change-Id: Icbe2a18c98dba795d15398dcdcac64228f6a7b4c
This patch set implements the helm toolkit function to generate a
kubernetes network policy manifest based on overrideable values.
This also adds a chart that shuts down all the ingress and egress
traffics in the namespace. This can be used to ensure the
whitelisted network policy works as intended.
Additionally, implementation is done for some infrastructure charts.
Change-Id: I78e87ef3276e948ae4dd2eb462b4b8012251c8c8
Co-Authored-By: Mike Pham <tp6510@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
This PS moves the Memcached chart to OSH-Infra
Story: 2002204
Task: 21727
Change-Id: I47a226ba90a84cddcbf4911af4bf23257827e79e
Signed-off-by: Pete Birley <pete@port.direct>
