* Give kube-proxy a blanket toleration
* Replace scheduler.alpha.kubernetes.io/critical-pod annotation with
priorityClassName: system-node-critical
Change-Id: I810333913c09531eefa1ded014fe090d4cca7f7d
The kubernetes-etcd pods are leaving behind zombie processes and
setting 'shareProcessNamespace: true' eliminates that problem.
When you enable process namespace sharing for a Pod, Kubernetes uses a
single process namespace for all the containers in that Pod. The
Kubernetes Pod infrastructure container becomes PID 1 and automatically
reaps orphaned processes. [0]
[0]https://cloud.google.com/solutions/best-practices-for-building-containers#solution_2_enable_process_namespace_sharing_in_kubernetes
Change-Id: I61566fb71258baafa709b0e5367c71f13e980f6f
This updates the coredns, haproxy and etcd chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag
Change-Id: I9b5b0ea83acd4c5656577d8cbc684a5031ca0111
During bootstrap process kubernetes node is not ready due to missed CNI.
It will be installed later but for a few daemonsets it's critical.
They can't start pods and looping in a while.
Workaround is here: add tolerations.
Change-Id: Ib3c361949ea4e452d599aa7a3a2b7827541b7bac
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. This can be used, for example, to force an
artificial manifest change in CICD scenarios, for upgradability
testing purposes.
Change-Id: I8d0ffac306258f940c63799e86e7e26b5c2c5add
This allows the helm test to run for calico-etcd during bootstrapping.
This is necesssary, because Armada now runs helm test by default.
Change-Id: I903b2074e45247ab8bb776e601823c4ccce265e3
This adds stability to etcd and enables cleaner waiting by tiller during
deployment of the Kubernetes apiserver and etcd.
* Adds second auxiliary etcd process.
* Enables "sequenced" for remaining ChartGroups.
* Removes unused disks from test VMs.
* Add readiness and liveness probes for kubernetes components
Change-Id: I6f83bb912f76b0ec35503723b417ba45d69e39c5
Phil Sphicas