Skip to content

Commit

Permalink
Sync
Browse files Browse the repository at this point in the history
  • Loading branch information
@tnozicka
tnozicka committed Jul 29, 2024
1 parent 748e189 commit db74ccf
Show file tree
Hide file tree
Showing 30 changed files with 260 additions and 43 deletions.
14 changes: 7 additions & 7 deletions assets/monitoring/grafana/v1alpha1/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,9 +123,9 @@ spec:
securityContext:
allowPrivilegeEscalation: false
privileged: false
runAsNonRoot: true
runAsUser: 472
runAsGroup: 472
# runAsNonRoot: true
# runAsUser: 472
# runAsGroup: 472
capabilities:
drop:
- ALL
Expand Down Expand Up @@ -158,9 +158,9 @@ spec:
emptyDir:
sizeLimit: 100Mi
securityContext:
runAsNonRoot: true
runAsUser: 472
runAsGroup: 472
fsGroup: 472
# runAsNonRoot: true
# runAsUser: 472
# runAsGroup: 472
# fsGroup: 472
seccompProfile:
type: RuntimeDefault
4 changes: 2 additions & 2 deletions assets/monitoring/prometheus/v1/prometheus.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ spec:
serviceAccountName: "{{ .scyllaDBMonitoringName }}-prometheus"
securityContext:
runAsNonRoot: true
runAsUser: 65534
fsGroup: 65534
# runAsUser: 65534
# fsGroup: 65534
web:
pageTitle: "ScyllaDB Prometheus"
tlsConfig:
Expand Down
6 changes: 6 additions & 0 deletions deploy/manager/dev/50_scyllacluster.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,9 @@ spec:
requests:
cpu: 10m
memory: 100Mi
placement:
tolerations:
- key: role
operator: Equal
value: scylla-clusters
effect: NoSchedule
6 changes: 6 additions & 0 deletions deploy/manager/prod/50_scyllacluster.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,9 @@ spec:
requests:
cpu: 1
memory: 200Mi
placement:
tolerations:
- key: role
operator: Equal
value: scylla-clusters
effect: NoSchedule
41 changes: 29 additions & 12 deletions deploy/operator.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,12 @@ rules:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -96,6 +102,7 @@ rules:
resources:
- statefulsets
- daemonsets
- daemonsets/finalizers
- deployments
verbs:
- create
Expand All @@ -115,7 +122,9 @@ rules:
- scylla.scylladb.com
resources:
- scyllaclusters
- scyllaclusters/finalizers
- scylladbmonitorings
- scylladbmonitorings/finalizers
verbs:
- create
- delete
Expand All @@ -139,6 +148,7 @@ rules:
- ""
resources:
- configmaps
- configmaps/finalizers
verbs:
- create
- delete
Expand Down Expand Up @@ -175,6 +185,8 @@ rules:
- scylla.scylladb.com
resources:
- nodeconfigs
- nodeconfigs/status
- nodeconfigs/finalizers
verbs:
- create
- delete
Expand Down Expand Up @@ -210,18 +222,6 @@ rules:
- patch
- update
- watch
- apiGroups:
- scylla.scylladb.com
resources:
- nodeconfigs/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- batch
resources:
Expand Down Expand Up @@ -284,6 +284,14 @@ rules:
- patch
- update
- delete
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- use

---
apiVersion: v1
Expand Down Expand Up @@ -5094,6 +5102,7 @@ rules:
- ""
resources:
- configmaps
- configmaps/finalizers
verbs:
- get
- list
Expand Down Expand Up @@ -5123,6 +5132,14 @@ rules:
- scyllaclusters
verbs:
- get
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- use

---
apiVersion: rbac.authorization.k8s.io/v1
Expand Down
32 changes: 20 additions & 12 deletions deploy/operator/00_clusterrole_def.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,12 @@ rules:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -86,6 +92,7 @@ rules:
resources:
- statefulsets
- daemonsets
- daemonsets/finalizers
- deployments
verbs:
- create
Expand All @@ -105,7 +112,9 @@ rules:
- scylla.scylladb.com
resources:
- scyllaclusters
- scyllaclusters/finalizers
- scylladbmonitorings
- scylladbmonitorings/finalizers
verbs:
- create
- delete
Expand All @@ -129,6 +138,7 @@ rules:
- ""
resources:
- configmaps
- configmaps/finalizers
verbs:
- create
- delete
Expand Down Expand Up @@ -165,6 +175,8 @@ rules:
- scylla.scylladb.com
resources:
- nodeconfigs
- nodeconfigs/status
- nodeconfigs/finalizers
verbs:
- create
- delete
Expand Down Expand Up @@ -200,18 +212,6 @@ rules:
- patch
- update
- watch
- apiGroups:
- scylla.scylladb.com
resources:
- nodeconfigs/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- batch
resources:
Expand Down Expand Up @@ -274,3 +274,11 @@ rules:
- patch
- update
- delete
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- use
9 changes: 9 additions & 0 deletions deploy/operator/00_scyllacluster_member_clusterrole_def.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ rules:
- ""
resources:
- configmaps
- configmaps/finalizers
verbs:
- get
- list
Expand Down Expand Up @@ -53,3 +54,11 @@ rules:
- scyllaclusters
verbs:
- get
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- use
2 changes: 1 addition & 1 deletion examples/eks/nodeconfig-alpha.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ spec:
type: xfs
mounts:
- device: /dev/md/nvmes
mountPoint: /mnt/persistent-volumes
mountPoint: /var/mnt/persistent-volumes
unsupportedOptions:
- prjquota
raids:
Expand Down
2 changes: 1 addition & 1 deletion examples/gke/nodeconfig-alpha.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ spec:
type: xfs
mounts:
- device: /dev/md/nvmes
mountPoint: /mnt/persistent-volumes
mountPoint: /var/mnt/persistent-volumes
unsupportedOptions:
- prjquota
raids:
Expand Down
3 changes: 2 additions & 1 deletion examples/monitoring/v1alpha1/scylladbmonitoring.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,13 @@ spec:
resources:
requests:
storage: 1Gi
storageClassName: scylladb-local-xfs
grafana:
exposeOptions:
webInterface:
ingress:
ingressClassName: haproxy
dnsDomains:
- test-grafana.test.svc.cluster.local
- example-grafana.test.svc.cluster.local
annotations:
haproxy-ingress.github.io/ssl-passthrough: "true"
13 changes: 13 additions & 0 deletions examples/third-party/haproxy-ingress/10_haproxy-ingress.role.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: haproxy-ingress
rules:
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- use
0 ...aproxy-ingress/10_clusterrolebinding.yaml → ...aproxy-ingress/20_clusterrolebinding.yaml
View file
File renamed without changes.
12 changes: 12 additions & 0 deletions examples/third-party/haproxy-ingress/20_haproxy-ingress.rolebinding.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: haproxy-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: haproxy-ingress
subjects:
- kind: ServiceAccount
name: haproxy-ingress
namespace: haproxy-ingress
0 ...xy-ingress/10_prometheus.rolebinding.yaml → ...xy-ingress/20_prometheus.rolebinding.yaml
View file
File renamed without changes.
0 ...xy-ingress/10_haproxy-ingress.deploy.yaml → ...xy-ingress/50_haproxy-ingress.deploy.yaml
View file
File renamed without changes.
0 ...ss/10_ingress-default-backend.deploy.yaml → ...ss/50_ingress-default-backend.deploy.yaml
View file
File renamed without changes.
5 changes: 5 additions & 0 deletions ...haproxy-ingress/10_prometheus.deploy.yaml → ...haproxy-ingress/50_prometheus.deploy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,13 @@ spec:
volumeMounts:
- mountPath: /etc/prometheus/config
name: prometheus-cfg
- name: prometheus
mountPath: /prometheus
serviceAccountName: prometheus
volumes:
- configMap:
name: prometheus-cfg
name: prometheus-cfg
- name: prometheus
emptyDir:
sizeLimit: 10Mi
6 changes: 3 additions & 3 deletions examples/third-party/prometheus-operator/50_operator.deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,12 +64,12 @@ spec:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 65532
# runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
# runAsUser: 65532
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
runAsUser: 65534
# runAsUser: 65534
serviceAccountName: prometheus-operator
8 changes: 8 additions & 0 deletions hack/.ci/manifests/namespaces/local-csi-driver/10_provisioner_clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,14 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: scylladb:csi-external-provisioner
rules:
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- use
- apiGroups:
- ""
resources:
Expand Down
Loading

0 comments on commit db74ccf

Please sign in to comment.