airship
/
maas
Code Issues Proposed changes
222 Commits 1 Branch 0 Tags 3.4 MiB
Commit Graph

7 Commits

Author SHA1 Message Date
Ritchie, Frank (fr801x) 906f9a5f15 Change pathtype to prefix 
Due to cve-2022-4886 the default pathType for an ingress should be
either "Exact" or "Prefix". This allows for more strict path validation by
the admission controller.

Change-Id: I1089bd5c893685fe3b2bcd6868da2f2b761e144f
 2024-01-29 10:58:42 -05:00
Phil Sphicas 666567eae5 Update chart to use stable Kubernetes APIs 
Update the MAAS chart to use non-deprecated APIs [0], specifically
addressing the following resource types:
* ClusterRole
* ClusterRoleBinding
* Ingress
* Role
* Rolebinding

The APIs being migrated to are available in v1.19 or earlier. As of this
change, v1.19 is the oldest supported Kubernetes version, slated for EOL
on 2021-10-28. [1]

Also includes an HTK uplift that includes updated Ingress templates. [2]

0: https://kubernetes.io/docs/reference/using-api/deprecation-guide/
1: https://kubernetes.io/releases/
2: https://review.opendev.org/c/openstack/openstack-helm-infra/+/813115

Change-Id: I5e78f1ab094666538ed419a78f6966a2ba295d6a
 2021-10-18 11:52:30 -07:00
Phil Sphicas 1147e9689e MAAS chart fixes: ingress apiversion, serviceNames 
This change fixes a few issues with the MAAS chart:

1. Removes extraneous serviceName from maas-ingress-errors Deployment
2. Adds missing serviceName to maas-syslog StatefulSet
3. Moves maas-region-api Ingress object back under extensions/v1beta1
   Similar to: https://review.opendev.org/691701/

Change-Id: I83156c0e255ad17bbac024daba293490980414ee
 2019-11-12 08:46:22 -08:00
Kumar, Nishant (nk613n) f0ac0a62c2 [Ingress] Change apiVersion for Ingress and Deployment Resource 
'apps/v1beta1' apiVersion for Deployment has been deprecated.
'extensions/v1beta1' apiVersion for Ingress resource has been deprecated.

This PS aligns towards the effort in moving to k8s 1.16.

Reference: https://v1-14.docs.kubernetes.io/docs/setup/release/notes/#deprecations

Change-Id: Ied31e4e136fb9bf0343d609cf75bd1b7028d6f66
 2019-10-07 10:20:58 -04:00
Samuel Pilla 217e6ca544 Additional Rules for optional MAAS api only 
Adds Ingress rules to turn off MAAS gui access if desired.

Change-Id: Ib2d212e10c68e279fcc76bc1cdf1293eff14de5f
 2019-04-03 12:55:54 -05:00
Scott Hussey a833b682db (security) Optionally only allow MAAS api access 
- MAAS does not allow you to turn off the gui which
  may be desired in some scenarios. Use Ingress rules
  to do so optionally.

Change-Id: I22f637ebd2dbbd7c552fd4644bcf27cc9b9661d8
 2019-02-04 11:25:44 -06:00
Scott Hussey 74af40376b MAAS support for pod mobility 
Upgrades to the MAAS chart to allow for the Pods
running the rack and region services to work across
all control plane hosts.

Change-Id: I84c856599a1122a2b4a64242a7cea357887b0462
 2018-10-23 08:19:53 -05:00