From c86684c91a0260f0dd0193c054dc340f18329926 Mon Sep 17 00:00:00 2001 From: "Egorov, Stanislav (se6518)" Date: Tue, 17 Sep 2019 12:42:05 -0700 Subject: [PATCH] Run haproxy as nobody Aligned with changes in promenade repo: https://review.opendev.org/#/c/657879/ Change-Id: Ia1d5ddabc47390f12557032b1716734cfcbcd540 --- global/profiles/genesis.yaml | 2 ++ global/schemas/promenade/Genesis/v1.yaml | 7 +++++++ global/software/config/versions.yaml | 20 ++++++++++---------- 3 files changed, 19 insertions(+), 10 deletions(-) diff --git a/global/profiles/genesis.yaml b/global/profiles/genesis.yaml index 4d194d6d1..9fa2075cf 100644 --- a/global/profiles/genesis.yaml +++ b/global/profiles/genesis.yaml @@ -101,6 +101,8 @@ data: - --requestheader-allowed-names='aggregator' armada: target_manifest: cluster-bootstrap + haproxy: + run_as_user: 65534 labels: dynamic: - beta.kubernetes.io/fluentd-ds-ready=true diff --git a/global/schemas/promenade/Genesis/v1.yaml b/global/schemas/promenade/Genesis/v1.yaml index ac02401d4..95b50c3f8 100644 --- a/global/schemas/promenade/Genesis/v1.yaml +++ b/global/schemas/promenade/Genesis/v1.yaml @@ -92,6 +92,13 @@ data: items: $ref: '#/definitions/file' + haproxy: + type: object + properties: + run_as_user: + type: integer + additionalProperties: false + hostname: $ref: '#/definitions/hostname' diff --git a/global/software/config/versions.yaml b/global/software/config/versions.yaml index 17e39a05e..a7eb7131d 100644 --- a/global/software/config/versions.yaml +++ b/global/software/config/versions.yaml @@ -4,7 +4,7 @@ data: kubernetes: apiserver: location: https://opendev.org/airship/promenade - reference: 42b8febcedd002e0d9c6a9c51367373849e5fc69 + reference: e32f52b52455d0660e7666d9535eab3966af8e5b subpath: charts/apiserver type: git apiserver-htk: @@ -25,7 +25,7 @@ data: type: git etcd: location: https://opendev.org/airship/promenade - reference: 42b8febcedd002e0d9c6a9c51367373849e5fc69 + reference: e32f52b52455d0660e7666d9535eab3966af8e5b subpath: charts/etcd type: git etcd-htk: @@ -35,7 +35,7 @@ data: type: git controller-manager: location: https://opendev.org/airship/promenade - reference: 42b8febcedd002e0d9c6a9c51367373849e5fc69 + reference: e32f52b52455d0660e7666d9535eab3966af8e5b subpath: charts/controller_manager type: git controller-manager-htk: @@ -45,7 +45,7 @@ data: type: git coredns: location: https://opendev.org/airship/promenade - reference: 42b8febcedd002e0d9c6a9c51367373849e5fc69 + reference: e32f52b52455d0660e7666d9535eab3966af8e5b subpath: charts/coredns type: git coredns-htk: @@ -55,7 +55,7 @@ data: type: git etcd: location: https://opendev.org/airship/promenade - reference: 42b8febcedd002e0d9c6a9c51367373849e5fc69 + reference: e32f52b52455d0660e7666d9535eab3966af8e5b subpath: charts/etcd type: git etcd-htk: @@ -65,7 +65,7 @@ data: type: git haproxy: location: https://opendev.org/airship/promenade - reference: 42b8febcedd002e0d9c6a9c51367373849e5fc69 + reference: e32f52b52455d0660e7666d9535eab3966af8e5b subpath: charts/haproxy type: git haproxy-htk: @@ -85,7 +85,7 @@ data: type: git proxy: location: https://opendev.org/airship/promenade - reference: 42b8febcedd002e0d9c6a9c51367373849e5fc69 + reference: e32f52b52455d0660e7666d9535eab3966af8e5b subpath: charts/proxy type: git proxy-htk: @@ -95,7 +95,7 @@ data: type: git scheduler: location: https://opendev.org/airship/promenade - reference: 42b8febcedd002e0d9c6a9c51367373849e5fc69 + reference: e32f52b52455d0660e7666d9535eab3966af8e5b subpath: charts/scheduler type: git scheduler-htk: @@ -473,7 +473,7 @@ data: type: git promenade: location: https://opendev.org/airship/promenade - reference: 42b8febcedd002e0d9c6a9c51367373849e5fc69 + reference: e32f52b52455d0660e7666d9535eab3966af8e5b subpath: charts/promenade type: git promenade-htk: @@ -640,7 +640,7 @@ data: postgresql: {} promenade: monitoring_image: busybox:1.28.3 - promenade: quay.io/airshipit/promenade:42b8febcedd002e0d9c6a9c51367373849e5fc69 + promenade: quay.io/airshipit/promenade:e32f52b52455d0660e7666d9535eab3966af8e5b rabbitmq: {} shipyard: airflow: quay.io/airshipit/airflow:c21555fce0d4f9dffce219d1be70e5d5cebca2a7-ubuntu_xenial