forked from hswaw/hscloud
cluster/kube: emergency fixes after evition
Some pods got evicted. Some of them broke. - postgres in matrix and nginx in internet because of the new policies (chown issues) - cas proxy in matrix because apparently the image was not reuploaded to the regsitry after ceph-waw1 died, and another node didn't have it - registry because it had a weak image pin an downgraded to some broken version on another node Change-Id: I836036872629843c8ede1b7f67982112c90d71f0master
parent
db2a2a029f
commit
5f3a5e0310
|
@ -18,7 +18,7 @@ local postgres = import "../../kube/postgres.libsonnet";
|
||||||
|
|
||||||
synapseImage: "informatic/synapse:v1.2.1-env-conf-rev2", // https://github.com/Informatic/synapse/tree/env_config (to be upstreamed...)
|
synapseImage: "informatic/synapse:v1.2.1-env-conf-rev2", // https://github.com/Informatic/synapse/tree/env_config (to be upstreamed...)
|
||||||
riotImage: "bubuntux/riot-web:v1.3.2",
|
riotImage: "bubuntux/riot-web:v1.3.2",
|
||||||
casProxyImage: "registry.k0.hswaw.net/informatic/oauth2-cas-proxy:0.1.4"
|
casProxyImage: "registry.k0.hswaw.net/q3k/oauth2-cas-proxy:0.1.4"
|
||||||
},
|
},
|
||||||
|
|
||||||
metadata(component):: {
|
metadata(component):: {
|
||||||
|
|
|
@ -135,6 +135,9 @@ local Cluster(fqdn) = {
|
||||||
policies.AllowNamespaceInsecure("kube-system"),
|
policies.AllowNamespaceInsecure("kube-system"),
|
||||||
# TODO(q3k): fix this?
|
# TODO(q3k): fix this?
|
||||||
policies.AllowNamespaceInsecure("ceph-waw2"),
|
policies.AllowNamespaceInsecure("ceph-waw2"),
|
||||||
|
policies.AllowNamespaceInsecure("matrix"),
|
||||||
|
policies.AllowNamespaceInsecure("registry"),
|
||||||
|
policies.AllowNamespaceInsecure("internet"),
|
||||||
],
|
],
|
||||||
|
|
||||||
// Allow all service accounts (thus all controllers) to create secure pods.
|
// Allow all service accounts (thus all controllers) to create secure pods.
|
||||||
|
|
|
@ -64,6 +64,7 @@ local cm = import "cert-manager.libsonnet";
|
||||||
"config.yml": std.manifestYamlDoc({
|
"config.yml": std.manifestYamlDoc({
|
||||||
version: "0.1",
|
version: "0.1",
|
||||||
log: {
|
log: {
|
||||||
|
level: "debug",
|
||||||
fields: {
|
fields: {
|
||||||
service: "registry",
|
service: "registry",
|
||||||
},
|
},
|
||||||
|
@ -248,7 +249,7 @@ local cm = import "cert-manager.libsonnet";
|
||||||
},
|
},
|
||||||
containers_: {
|
containers_: {
|
||||||
registry: kube.Container("docker-registry") {
|
registry: kube.Container("docker-registry") {
|
||||||
image: "registry:2",
|
image: "registry:2.7.1",
|
||||||
args: ["/config/config.yml"],
|
args: ["/config/config.yml"],
|
||||||
volumeMounts_: {
|
volumeMounts_: {
|
||||||
config: { mountPath: "/config" },
|
config: { mountPath: "/config" },
|
||||||
|
|
Loading…
Reference in New Issue