This updates the maas chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag
Change-Id: I1eba6ab3a7c27ddcb3e8ddc8e743b91dc5e521c3
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. This can be used, for example, to force an
artificial manifest change in CICD scenarios, for upgradability
testing purposes.
Change-Id: I994f9eb9cd75947ee36276a542fa23cc547065e0
This PS updates the maas chart to support modern helm toolkits.
Change-Id: Id70343afdec622dc84b89b0d7f496e9ef498ea6b
Signed-off-by: Pete Birley <pete@port.direct>
- Fully support Postgres configuration
in the endpoints stanza
- Add RBAC support to the region and rack
pods
- Add custom RBAC for export API key job
to allow secret creation
Change-Id: I9d0b63ac329bb0b9539b14123c5e16ad3cd1c9f0
For better security use Kubernetes secrets
to set environmental variables for the
bootstrapping job
- Create secret manifest for the MaaS admin user
- Update job-bootstrap-admin-user to use secret for environment
setup
- Update job-export-api-key to source admin username
from secret
- Update job-import to source admin username
from secret
Change-Id: I0ea5a5517c5a90f481c459e836f081f3d2744dad