If labels are not specified on a Job, kubernetes defaults them
to include the labels of their underlying Pod template. Helm 3
injects metadata into all resources [0] including a
`app.kubernetes.io/managed-by: Helm` label. Thus when kubernetes
sees a Job's labels they are no longer empty and thus do not get
defaulted to the underlying Pod template's labels. This is a
problem since Job labels are depended on by
- Armada pre-upgrade delete hooks
- Armada wait logic configurations
- kubernetes-entrypoint dependencies
Thus for each Job template this adds labels matching the
underlying Pod template to retain the same labels that were
present with Helm 2.
[0]: https://github.com/helm/helm/pull/7649
Change-Id: I3b6b25fcc6a1af4d56f3e2b335615074e2f04b6d
It appears having `args:` without `command:` causes some combinations
of kubernetes & container runtimes to not work as expected.
Change-Id: Id9d692632066de410ca5f13bbfe13d1899b93819
This updates the chart to include the pod security context
on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: Icb7a9de4d98bac1f0bcf6181b6e88695f4b09709
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: I1882738cf9757c5350a8533876fd37b5920b5235
This change must enable postgresql-exporter to push additional metrics
(like replication_lag) which are derived using a SQL query against Postgres DB.
(Co-Author: Steven Fitzpatrick)
Change-Id: I78dc433a3782b48155ab293cb5afe90b3bc0ef1f
This adds a security context to the postgresql exporter, which
changes the pod's user from root to the nobody user instead
This also adds the container security context to set
allowPrivilegeEscalation to false and readOnlyRootFilesystem to true
Change-Id: Ibe49f77ed2d0a588b5abe175318edd1c82a57cca
This PS adds emptydirs backing the /tmp directory in pods, which
is required in most cases for full operation when using a read only
filesystem backing the container.
Additionally some yaml indent issues are resolved.
Change-Id: I8b7f1614da059783254aa6efc09facf23fca3cad
Signed-off-by: Pete Birley <pete@port.direct>
- The deployment resource for the prometheus exporter was missing
the required (by apps/v1) field spec.selector. Add it.
Change-Id: I8afb8541ea1660ee5ca610d7d2b4cfd149d317dc
This removes set -x from the templates for the user creation
scripts for the mariadb and postgresql user templates, and it
also removes the set -x from the helm-toolkit job for creating
s3 users. This prevents sensitive credentials from being
displayed to the console when these scripts are run
Change-Id: I0a78d8190fbbae1b300b74ca560d76dedaaf6fc1
This updates daemonsets and deployments from extensions/v1beta1 to
apps/v1. These templates were either missed or overlooked when
added, and this change brings them up to the same api version used
for all other daemonsets and deployments
Change-Id: I6d2aba7791ad5eabd23785c01aed01d4f8e53d39
This moves the postgresql chart to openstack-helm-infra as part of
the effort to move charts to the appropriate repositories
Change-Id: I25c026e5d4c4abe4dd0805047051281911632739
Story: 2002204
Task: 21729
