cheshire
/
hscloud
forked from hswaw/hscloud
1
0
Fork 0
Code Pull Requests Activity

cluster/kube: emergency fixes after evition 

Some pods got evicted. Some of them broke.

  - postgres in matrix and nginx in internet because of the new policies
    (chown issues)
  - cas proxy in matrix because apparently the image was not reuploaded
    to the regsitry after ceph-waw1 died, and another node didn't have it
  - registry because it had a weak image pin an downgraded to some
    broken version on another node

Change-Id: I836036872629843c8ede1b7f67982112c90d71f0
master
q3k 2019-09-25 02:51:51 +02:00
parent db2a2a029f
commit 5f3a5e0310
3 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/matrix/prod.jsonnet
View File

@ -18,7 +18,7 @@ local postgres = import "../../kube/postgres.libsonnet";
synapseImage: "informatic/synapse:v1.2.1-env-conf-rev2", // https://github.com/Informatic/synapse/tree/env_config (to be upstreamed...) synapseImage: "informatic/synapse:v1.2.1-env-conf-rev2", // https://github.com/Informatic/synapse/tree/env_config (to be upstreamed...)
riotImage: "bubuntux/riot-web:v1.3.2", riotImage: "bubuntux/riot-web:v1.3.2",
casProxyImage: "registry.k0.hswaw.net/informatic/oauth2-cas-proxy:0.1.4" casProxyImage: "registry.k0.hswaw.net/q3k/oauth2-cas-proxy:0.1.4"
}, },
metadata(component):: { metadata(component):: {

3
cluster/kube/cluster.jsonnet
View File

@ -135,6 +135,9 @@ local Cluster(fqdn) = {
policies.AllowNamespaceInsecure("kube-system"), policies.AllowNamespaceInsecure("kube-system"),
# TODO(q3k): fix this? # TODO(q3k): fix this?
policies.AllowNamespaceInsecure("ceph-waw2"), policies.AllowNamespaceInsecure("ceph-waw2"),
policies.AllowNamespaceInsecure("matrix"),
policies.AllowNamespaceInsecure("registry"),
policies.AllowNamespaceInsecure("internet"),
], ],
// Allow all service accounts (thus all controllers) to create secure pods. // Allow all service accounts (thus all controllers) to create secure pods.

3
cluster/kube/lib/registry.libsonnet
View File

@ -64,6 +64,7 @@ local cm = import "cert-manager.libsonnet";
"config.yml": std.manifestYamlDoc({ "config.yml": std.manifestYamlDoc({
version: "0.1", version: "0.1",
log: { log: {
level: "debug",
fields: { fields: {
service: "registry", service: "registry",
}, },
@ -248,7 +249,7 @@ local cm = import "cert-manager.libsonnet";
}, },
containers_: { containers_: {
registry: kube.Container("docker-registry") { registry: kube.Container("docker-registry") {
image: "registry:2", image: "registry:2.7.1",
args: ["/config/config.yml"], args: ["/config/config.yml"],
volumeMounts_: { volumeMounts_: {
config: { mountPath: "/config" }, config: { mountPath: "/config" },