mirror of
https://github.com/holos-run/holos.git
synced 2026-03-20 01:04:59 +00:00
6b156e9883
This patch adds the `pod-security.kubernetes.io/enforce: privileged` label to the ceph-system namespace. The Namespace resources are managed all over the map, it would be a good idea to consolidate the PlatformNamespaces data into one well known place for the entire platform. Eschewing for now.
27 lines
1.0 KiB
CUE
27 lines
1.0 KiB
CUE
package holos
|
|
|
|
// PlatformNamespace is a namespace to manage for Secret provisioning, SecretStore, etc...
|
|
#PlatformNamespace: {
|
|
name: string
|
|
labels?: {[string]: string}
|
|
}
|
|
|
|
// #PlatformNamespaces is a list of namespaces to manage across the platform.
|
|
#PlatformNamespaces: [...#PlatformNamespace]
|
|
|
|
// #CredsRefresher defines attributes for the external secrets credential refresher job.
|
|
#CredsRefresher: {
|
|
// name is the name of the job, component, and related resources.
|
|
name: "eso-creds-refresher"
|
|
// namespace is the namespace where the job runs.
|
|
namespace: "holos-system"
|
|
// project is the gcp project id hosting the provisioner cluster.
|
|
project: #InputKeys.gcpProjectID
|
|
// projectNumber is the gcp project number hosting the provisioner cluster.
|
|
projectNumber: #InputKeys.gcpProjectNumber
|
|
// iamsa is the iam service account email address.
|
|
iamServiceAccount: name + "@" + project + ".iam.gserviceaccount.com"
|
|
// region is the region of the provisioner cluster
|
|
region: string | *"us-central1" @tag(region, type=string)
|
|
}
|