Adding said label, that's already defined, to the deployments themselves.
This will enable Armada to properly wait for certain percentages of the
deployment replicas to be ready prior to proceeding. Prior to this change,
there wasn't a way to select these deployments via labels.
Change-Id: I4d8e479eb40e4395a4e3b79bbc9df651aa4e12e7
For any host mounts that include /var/lib/kubelet, use HostToContainer
mountPropagation, which avoids creating extra references to mounts in
other containers.
Affects the following resources:
* maas-ingress deployment
Change-Id: I8f8239dc868e30d0203cb994b0eb6a615f40d87b
This updates the maas chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag
Change-Id: I1eba6ab3a7c27ddcb3e8ddc8e743b91dc5e521c3
Uplifts the ingress-nginx-controller image to 0.26.1, including the
required chart modifications for RBAC, new options for stream and
profiler ports, and a change in the default status port from 18080
to 10246.
Change-Id: Ia0b33a739ea180de45b7e3920968d12ea651a573
'apps/v1beta1' apiVersion for Deployment has been deprecated.
'extensions/v1beta1' apiVersion for Ingress resource has been deprecated.
This PS aligns towards the effort in moving to k8s 1.16.
Reference: https://v1-14.docs.kubernetes.io/docs/setup/release/notes/#deprecations
Change-Id: Ied31e4e136fb9bf0343d609cf75bd1b7028d6f66
Run the maas-ingress and maas-ingress-vip containers with the
'www-data' (33) user
Run the maas-ingress-errors container with the error-page image [0],
from [1] which already runs as nobody user.
[0] Dockerfile.404-server-with-metrics
[1] https://github.com/kubernetes/ingress-gce
Change-Id: Idf3791a958017d512bb3f5015b59452e2831b1b3
- If the error pages service doesn't have endpoints, ingress
will start up a default service. Allow the port for this
service to be tunable.
Change-Id: I3f60a7cb47570459da99fcd854c453e81330b052
- Some residual static configuration was left in the MAAS ingress
deployment template. Update it to render the ingress ports from
endpoints and also to remove the TCP forwarder for the MAAS
region API and instead use a standard Ingress resource.
Change-Id: I7764d48ea919147503e9bf2521c52cb6f0028538
- Create two replicas of rack and region pods
- Use required anti-affinity between rack pods
- Remove the MAAS ingress controller from the rack pod
and into dedicated deployment
- Update rack registration script to harvest the systemid
from the underlying host when available
Change-Id: I41e21b7bb5256d04b37a70fbd2088c617b5d239a