summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.openstack.org>2018-11-02 20:29:19 +0000
committerGerrit Code Review <review@openstack.org>2018-11-02 20:29:19 +0000
commit2b2bb68ab694ab01c728eb2c250be9a2de758619 (patch)
tree9282380ff079186b3a6d68758fe9ce3ef29c5bc0
parentcfb8aa498c294c2adbc369ba5aaee19b49550d22 (diff)
parent6638b47cb9d0958786b2783618857ef86ab81d9e (diff)
Merge "Share process namespaces with exec probes"
-rw-r--r--charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl1
-rw-r--r--charts/coredns/templates/deployment.yaml1
-rw-r--r--charts/proxy/templates/daemonset.yaml1
-rw-r--r--examples/basic/Genesis.yaml1
-rw-r--r--examples/basic/Kubelet.yaml1
-rw-r--r--examples/basic/PKICatalog.yaml5
-rw-r--r--examples/basic/armada-resources.yaml23
7 files changed, 6 insertions, 27 deletions
diff --git a/charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl b/charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl
index 0d2f36d..1d43331 100644
--- a/charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl
+++ b/charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl
@@ -24,6 +24,7 @@ metadata:
24{{ tuple $envAll "kubernetes" "apiserver" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} 24{{ tuple $envAll "kubernetes" "apiserver" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
25spec: 25spec:
26 hostNetwork: true 26 hostNetwork: true
27 shareProcessNamespace: true
27 containers: 28 containers:
28 - name: apiserver 29 - name: apiserver
29 image: {{ .Values.images.tags.apiserver }} 30 image: {{ .Values.images.tags.apiserver }}
diff --git a/charts/coredns/templates/deployment.yaml b/charts/coredns/templates/deployment.yaml
index e83f761..c87d1a2 100644
--- a/charts/coredns/templates/deployment.yaml
+++ b/charts/coredns/templates/deployment.yaml
@@ -42,6 +42,7 @@ spec:
42 configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} 42 configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
43 spec: 43 spec:
44 serviceAccountName: coredns 44 serviceAccountName: coredns
45 shareProcessNamespace: true
45 tolerations: 46 tolerations:
46 - key: "CriticalAddonsOnly" 47 - key: "CriticalAddonsOnly"
47 operator: "Exists" 48 operator: "Exists"
diff --git a/charts/proxy/templates/daemonset.yaml b/charts/proxy/templates/daemonset.yaml
index 4c991f1..f1172b4 100644
--- a/charts/proxy/templates/daemonset.yaml
+++ b/charts/proxy/templates/daemonset.yaml
@@ -32,6 +32,7 @@ spec:
32 scheduler.alpha.kubernetes.io/critical-pod: '' 32 scheduler.alpha.kubernetes.io/critical-pod: ''
33 spec: 33 spec:
34 hostNetwork: true 34 hostNetwork: true
35 shareProcessNamespace: true
35 dnsPolicy: Default 36 dnsPolicy: Default
36 tolerations: 37 tolerations:
37 - key: node-role.kubernetes.io/master 38 - key: node-role.kubernetes.io/master
diff --git a/examples/basic/Genesis.yaml b/examples/basic/Genesis.yaml
index 7bade7d..9079fa9 100644
--- a/examples/basic/Genesis.yaml
+++ b/examples/basic/Genesis.yaml
@@ -17,6 +17,7 @@ data:
17 - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds,NodeRestriction 17 - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds,NodeRestriction
18 - --service-cluster-ip-range=10.96.0.0/16 18 - --service-cluster-ip-range=10.96.0.0/16
19 - --endpoint-reconciler-type=lease 19 - --endpoint-reconciler-type=lease
20 - --feature-gates=PodShareProcessNamespace=true
20 # NOTE(mark-burnett): This flag is removed in Kubernetes 1.11 21 # NOTE(mark-burnett): This flag is removed in Kubernetes 1.11
21 - --repair-malformed-updates=false 22 - --repair-malformed-updates=false
22 armada: 23 armada:
diff --git a/examples/basic/Kubelet.yaml b/examples/basic/Kubelet.yaml
index 6464a4e..60074cd 100644
--- a/examples/basic/Kubelet.yaml
+++ b/examples/basic/Kubelet.yaml
@@ -16,6 +16,7 @@ data:
16 - --node-status-update-frequency=5s 16 - --node-status-update-frequency=5s
17 - --serialize-image-pulls=false 17 - --serialize-image-pulls=false
18 - --anonymous-auth=false 18 - --anonymous-auth=false
19 - --feature-gates=PodShareProcessNamespace=true
19 - --v=3 20 - --v=3
20 images: 21 images:
21 pause: gcr.io/google_containers/pause-amd64:3.0 22 pause: gcr.io/google_containers/pause-amd64:3.0
diff --git a/examples/basic/PKICatalog.yaml b/examples/basic/PKICatalog.yaml
index fda5234..b1d0a13 100644
--- a/examples/basic/PKICatalog.yaml
+++ b/examples/basic/PKICatalog.yaml
@@ -63,11 +63,6 @@ data:
63 common_name: armada 63 common_name: armada
64 groups: 64 groups:
65 - system:masters 65 - system:masters
66 kubelet:
67 description: CA for Kubernetes node interactions
68 certificates:
69 - document_name: apiserver-kubelet-client
70 common_name: apiserver-kubelet-client
71 kubernetes-etcd: 66 kubernetes-etcd:
72 description: Certificates for Kubernetes's etcd servers 67 description: Certificates for Kubernetes's etcd servers
73 certificates: 68 certificates:
diff --git a/examples/basic/armada-resources.yaml b/examples/basic/armada-resources.yaml
index 8b49fea..f39b7a8 100644
--- a/examples/basic/armada-resources.yaml
+++ b/examples/basic/armada-resources.yaml
@@ -682,28 +682,6 @@ metadata:
682 - 682 -
683 src: 683 src:
684 schema: deckhand/CertificateAuthority/v1 684 schema: deckhand/CertificateAuthority/v1
685 name: kubelet
686 path: .
687 dest:
688 path: .values.secrets.kubelet.tls.ca
689 -
690 src:
691 schema: deckhand/Certificate/v1
692 name: apiserver-kubelet-client
693 path: .
694 dest:
695 path: .values.secrets.kubelet.tls.cert
696 -
697 src:
698 schema: deckhand/CertificateKey/v1
699 name: apiserver-kubelet-client
700 path: .
701 dest:
702 path: .values.secrets.kubelet.tls.key
703
704 -
705 src:
706 schema: deckhand/CertificateAuthority/v1
707 name: kubernetes-etcd 685 name: kubernetes-etcd
708 path: . 686 path: .
709 dest: 687 dest:
@@ -746,6 +724,7 @@ data:
746 - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds,NodeRestriction 724 - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds,NodeRestriction
747 - --service-cluster-ip-range=10.96.0.0/16 725 - --service-cluster-ip-range=10.96.0.0/16
748 - --endpoint-reconciler-type=lease 726 - --endpoint-reconciler-type=lease
727 - --feature-gates=PodShareProcessNamespace=true
749 # NOTE(mark-burnett): This flag is removed in Kubernetes 1.11 728 # NOTE(mark-burnett): This flag is removed in Kubernetes 1.11
750 - --repair-malformed-updates=false 729 - --repair-malformed-updates=false
751 apiserver: 730 apiserver: