diff --git a/app/matrix/prod.jsonnet b/app/matrix/prod.jsonnet index 447fb995..30edabea 100644 --- a/app/matrix/prod.jsonnet +++ b/app/matrix/prod.jsonnet @@ -18,7 +18,7 @@ local postgres = import "../../kube/postgres.libsonnet"; synapseImage: "informatic/synapse:v1.2.1-env-conf-rev2", // https://github.com/Informatic/synapse/tree/env_config (to be upstreamed...) riotImage: "bubuntux/riot-web:v1.3.2", - casProxyImage: "registry.k0.hswaw.net/informatic/oauth2-cas-proxy:0.1.4" + casProxyImage: "registry.k0.hswaw.net/q3k/oauth2-cas-proxy:0.1.4" }, metadata(component):: { diff --git a/cluster/kube/cluster.jsonnet b/cluster/kube/cluster.jsonnet index 89ffdb08..09c3b333 100644 --- a/cluster/kube/cluster.jsonnet +++ b/cluster/kube/cluster.jsonnet @@ -135,6 +135,9 @@ local Cluster(fqdn) = { policies.AllowNamespaceInsecure("kube-system"), # TODO(q3k): fix this? policies.AllowNamespaceInsecure("ceph-waw2"), + policies.AllowNamespaceInsecure("matrix"), + policies.AllowNamespaceInsecure("registry"), + policies.AllowNamespaceInsecure("internet"), ], // Allow all service accounts (thus all controllers) to create secure pods. diff --git a/cluster/kube/lib/registry.libsonnet b/cluster/kube/lib/registry.libsonnet index a791acf8..5272b2de 100644 --- a/cluster/kube/lib/registry.libsonnet +++ b/cluster/kube/lib/registry.libsonnet @@ -64,6 +64,7 @@ local cm = import "cert-manager.libsonnet"; "config.yml": std.manifestYamlDoc({ version: "0.1", log: { + level: "debug", fields: { service: "registry", }, @@ -248,7 +249,7 @@ local cm = import "cert-manager.libsonnet"; }, containers_: { registry: kube.Container("docker-registry") { - image: "registry:2", + image: "registry:2.7.1", args: ["/config/config.yml"], volumeMounts_: { config: { mountPath: "/config" },