cluster/kube: emergency fixes after evition

Some pods got evicted. Some of them broke. - postgres in matrix and nginx in internet because of the new policies (chown issues) - cas proxy in matrix because apparently the image was not reuploaded to the regsitry after ceph-waw1 died, and another node didn't have it - registry because it had a weak image pin an downgraded to some broken version on another node Change-Id: I836036872629843c8ede1b7f67982112c90d71f0
2019-09-25 02:51:51 +02:00 · 2019-09-25 02:51:51 +02:00 · 5f3a5e0310
parent db2a2a029f
commit 5f3a5e0310
3 changed files with 6 additions and 2 deletions
--- a/app/matrix/prod.jsonnet
+++ b/app/matrix/prod.jsonnet
@ -18,7 +18,7 @@ local postgres = import "../../kube/postgres.libsonnet";

        synapseImage: "informatic/synapse:v1.2.1-env-conf-rev2", // https://github.com/Informatic/synapse/tree/env_config (to be upstreamed...)
        riotImage: "bubuntux/riot-web:v1.3.2",
-        casProxyImage: "registry.k0.hswaw.net/informatic/oauth2-cas-proxy:0.1.4"
+        casProxyImage: "registry.k0.hswaw.net/q3k/oauth2-cas-proxy:0.1.4"
    },

    metadata(component):: {
--- a/cluster/kube/cluster.jsonnet
+++ b/cluster/kube/cluster.jsonnet
@ -135,6 +135,9 @@ local Cluster(fqdn) = {
        policies.AllowNamespaceInsecure("kube-system"),
        # TODO(q3k): fix this?
        policies.AllowNamespaceInsecure("ceph-waw2"),
+        policies.AllowNamespaceInsecure("matrix"),
+        policies.AllowNamespaceInsecure("registry"),
+        policies.AllowNamespaceInsecure("internet"),
    ],

    // Allow all service accounts (thus all controllers) to create secure pods.
--- a/cluster/kube/lib/registry.libsonnet
+++ b/cluster/kube/lib/registry.libsonnet
@ -64,6 +64,7 @@ local cm = import "cert-manager.libsonnet";
                "config.yml": std.manifestYamlDoc({
                    version: "0.1",
                    log: {
+                        level: "debug",
                        fields: {
                            service: "registry",
                        },
@ -248,7 +249,7 @@ local cm = import "cert-manager.libsonnet";
                        },
                        containers_: {
                            registry: kube.Container("docker-registry") {
-                                image: "registry:2",
+                                image: "registry:2.7.1",
                                args: ["/config/config.yml"],
                                volumeMounts_: {
                                    config: { mountPath: "/config" },