Adds seccomp annotation function in helm toolkit.
This function can be used by charts to add seccomp
annotations in containers metadata section.
Change-Id: Icf36f1e4aff36fec8a9eefaff06d12984aeb7a78
Implement a pod security context for the following Memcached resources:
- Memcached server deployment
Change-Id: I8628ceb246e7c435a2ddd20bf1bcecd94db8ea26
This updates the script used to register the elasticsearch
snapshot repositories. It will first gather a list of all
currently registered repositories, then check for the existence
of each configured repository. If the repository exists, the job
will not attempt to register the repository again. If it doesn't
exist, the job will then register the desired repository
Change-Id: I2cfd3c44f1b2b4a54c9b07be79c2c87af77c540e
This PS updates the kubernetes_pod_security_context snippet, and adds a
macro for container securityContexts
'kubernetes_container_security_context.
Change-Id: I8b9c7b72f836efaf6c9dc3ad20fd8462b0d06d77
Signed-off-by: Pete Birley <pete@port.direct>
- Make the default to run the postgres database as the uid 999 which
the default image maps to the 'postgres' user
- If the database is already initialized, before starting postgres
set the 'postgres' database user password to match the declared
intended password
Change-Id: I7b0ea7a86246b098f38ef4c03dd157731f61e066
This is to resolve name conflicts of reources in case of multiple
releases required for single deployment of ceph cluster
Change-Id: Ibee5550db788ea57879837b010e22a24240237bf
Remove overrides that are already set or raised higher in the
Mimic release of Ceph for RGW.
rgw_thread_pool_size is now by default using 512
objecter_inflight_ops is now also set to 24576 by default for RGW
Change-Id: I982f6bc08954864afa5ad29923707e1bf64ba9fa
This adds a test for the podsecuritypolicy chart, as well as a script
to reconfigure minikube with PodSecurityPolity enabled when appropriate.
This change doesn't add the PSP chart to the existing tests, because
the psp chart will have secure defaults in the future, which may
interfere with other charts by default; and it doesn't enable the
admission controller broadly, because turning the AC on without
providing a podsecuritypolicy will break k8s functionality.
Change-Id: I9fd14bb118189cd4ead177b79e39aadbc2096b4a
