airship
/
promenade
Code Issues Proposed changes
1,038 Commits 3 Branches 0 Tags 11 MiB
Commit Graph

12 Commits

Author SHA1 Message Date
KHIYANI, RAHUL (rk0850) 880c6503c8 Add security context template for promenade charts 
This changes adds security context template at pod level to
set run as user value

This also adds security context template at container level to
set readOnly-fs flag

Change-Id: Iba720e687218987cfefe7a9f08630fb11e8eac12
 2020-07-22 05:24:50 +00:00
KHIYANI, RAHUL (rk0850) dfebe8f55f Add apparmor profile to promenade tpl files 
Change-Id: I00d5c74e079f72f9837f8502dfa6ca805e2e0e04
 2020-07-20 15:23:08 -05:00
Scott Hussey 2ebe527fb1 (haproxy) Fix syntax error in haproxy anchor 
- The config check statement in the haproxy static pod
  had a syntax error.

Change-Id: I4c27eed37c83d8b3382143f2c8940bc62d0180ba
 2019-09-27 16:02:13 -05:00
Scott Hussey 479d3cc402 (haproxy) Additional config safeguards 
- Some reported cases that the haproxy config was corrupted during
  node reboots. Attempt to add additional safeguards of coordination
  between the anchor and the service pod.

- Support nulling out a default entry in the service list

- Add additional log statements in the anchor

Change-Id: Ie673c50e1037d5dff2b9f67b14032e188183a5d9
 2019-09-13 08:31:43 -05:00
BARTRA, RICK 19169bb458 Run haproxy pod with the nobody user (65534) 
To be able to run with the nobody user, an init container
is used in the haproxy-anchor pod to change the ownership and
permissions of '/host/etc/promenade/haproxy'. Security conext
was included in 'etc/kubernetes/manifests/haproxy.yaml' and
'promenade/schemas/Genesis.yaml' schema was updated to included
run_as_user property for haproxy pod.

Change-Id: Id248face0be43c417284ceb781997634a9c4dd5e
 2019-09-11 16:18:30 -05:00
Hussey, Scott (sh8121) 41e21e1a6e (haproxy) Add rationality check to config 
- When the anchor provides a new haproxy config file
  to the running haproxy, add a reasonable check that
  the new config is valid:
    - Is it a valid config file per haproxy
    - Does it contain the expected number of frontends

- Update helm version for linting to 2.14.1

Change-Id: I7a49deb372831c44f05c7baa870735c515519cb2
 2019-06-10 11:01:13 -05:00
Sean Eagan 184d114062 Move to tiller 2.14.0 
This version fixes manifest validation [0], so a couple invalid
manifests are fixed in this patchset as well.

[0]: 32d7f1a3fc

Change-Id: I0cbdf21cf016271bef2d8a541687ce3ab28081ce
 2019-05-20 14:17:46 -05:00
Matt McEuen eae60aba15 Add release uuid to pods and rc objects (prom) 
This PS adds the ability to attach a release uuid to pods and rc
objects as desired.  This can be used, for example, to force an
artificial manifest change in CICD scenarios, for upgradability
testing purposes.

Change-Id: I8d0ffac306258f940c63799e86e7e26b5c2c5add
 2018-10-16 12:43:32 -05:00
Aaron Sheffield e84939c574 Add readOnlyRootFilesystem to HAProxy and CoreDNS. 
- Added security context readOnlyRootFilesystem as true.

Change-Id: I84ea5a17f84bebac795e7ed72a7dff530ef081bb
 2018-08-21 13:25:47 -05:00
anthony.lin 6e81ed7b40 Update Labels - Application/Component 
1) Kubernetes Template (Bootstrap)
2) Other charts within Promenade Repo

Change-Id: I872802112587bdff84d3630a5b2542dc4b3f77f8
 2018-05-30 22:56:15 +08:00
Scott Hussey ccd372a974 Resource limits on Promenade charts 
- Update Makefile to more closely match UCP standards
- Add resource limits to any Pods missing them

Change-Id: Ia791a6b207c2baca7dd3141be71aef513c916661
 2018-03-29 08:52:56 -04:00
Mark Burnett ff3787c2ad Use HAProxy for apiserver discovery 
This removes the reliance on coredns for APIserver discovery, allowing
a simpler configuration that is compatible with corednx 1.0.x

Change-Id: Ia3b7b5627c16ec47af6b0d6d5e8dee2674e9b1ee
 2018-02-08 14:30:35 -06:00