Skip to content
This repository has been archived by the owner on Jul 11, 2023. It is now read-only.

Commit

Permalink
Update scf helm charts. Bump eirini.
Browse files Browse the repository at this point in the history 
* Update cloud controller templates
* Update uaa chart
* Bump Chart.yaml versions to 2.14.5

[#163054204]

Signed-off-by: Mario Nitchev <marionitchev@gmail.com>
  • Loading branch information
@gdankov @mnitchev
gdankov authored and mnitchev committed Jan 23, 2019
1 parent f6aaf1a commit 8c292dd
Show file tree
Hide file tree
Showing 15 changed files with 241 additions and 27 deletions.
4 changes: 2 additions & 2 deletions scf/helm/cf/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
apiVersion: 2.14.0+cf2.7.0.14.gb19c46f
apiVersion: 2.14.5+cf2.7.0.3.gbc13ddc
description: A Helm chart for SUSE Cloud Foundry
name: cf-opensuse
version: 2.14.0
version: 2.14.5
2 changes: 1 addition & 1 deletion scf/helm/cf/templates/api-group.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -502,7 +502,7 @@ spec:
value: {{if ne (typeOf .Values.env.USE_DIEGO_PRIVILEGED_CONTAINERS) "<nil>"}}{{if has (kindOf .Values.env.USE_DIEGO_PRIVILEGED_CONTAINERS) (list "map" "slice")}}{{.Values.env.USE_DIEGO_PRIVILEGED_CONTAINERS | toJson | quote}}{{else}}{{.Values.env.USE_DIEGO_PRIVILEGED_CONTAINERS | quote}}{{end}}{{else}}{{fail "env.USE_DIEGO_PRIVILEGED_CONTAINERS has not been set"}}{{end}}
- name: "USE_STAGER_PRIVILEGED_CONTAINERS"
value: {{if ne (typeOf .Values.env.USE_STAGER_PRIVILEGED_CONTAINERS) "<nil>"}}{{if has (kindOf .Values.env.USE_STAGER_PRIVILEGED_CONTAINERS) (list "map" "slice")}}{{.Values.env.USE_STAGER_PRIVILEGED_CONTAINERS | toJson | quote}}{{else}}{{.Values.env.USE_STAGER_PRIVILEGED_CONTAINERS | quote}}{{end}}{{else}}{{fail "env.USE_STAGER_PRIVILEGED_CONTAINERS has not been set"}}{{end}}
image: "{{ .Values.kube.registry.hostname }}/{{ .Values.kube.organization }}/scf-api-group:412c592c5279556513c08b601995836980e94a29"
image: "{{ .Values.kube.registry.hostname }}/{{ .Values.kube.organization }}/scf-api-group:3f154733542f825d25d4a7f17bdb5e845f64a716"
lifecycle:
preStop:
exec:
Expand Down
2 changes: 1 addition & 1 deletion scf/helm/cf/templates/cc-clock.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -365,7 +365,7 @@ spec:
value: {{if ne (typeOf .Values.env.USE_DIEGO_PRIVILEGED_CONTAINERS) "<nil>"}}{{if has (kindOf .Values.env.USE_DIEGO_PRIVILEGED_CONTAINERS) (list "map" "slice")}}{{.Values.env.USE_DIEGO_PRIVILEGED_CONTAINERS | toJson | quote}}{{else}}{{.Values.env.USE_DIEGO_PRIVILEGED_CONTAINERS | quote}}{{end}}{{else}}{{fail "env.USE_DIEGO_PRIVILEGED_CONTAINERS has not been set"}}{{end}}
- name: "USE_STAGER_PRIVILEGED_CONTAINERS"
value: {{if ne (typeOf .Values.env.USE_STAGER_PRIVILEGED_CONTAINERS) "<nil>"}}{{if has (kindOf .Values.env.USE_STAGER_PRIVILEGED_CONTAINERS) (list "map" "slice")}}{{.Values.env.USE_STAGER_PRIVILEGED_CONTAINERS | toJson | quote}}{{else}}{{.Values.env.USE_STAGER_PRIVILEGED_CONTAINERS | quote}}{{end}}{{else}}{{fail "env.USE_STAGER_PRIVILEGED_CONTAINERS has not been set"}}{{end}}
image: "{{ .Values.kube.registry.hostname }}/{{ .Values.kube.organization }}/scf-cc-clock:0c06293507ae3cca498a95e9566bb9afa271ebc4"
image: "{{ .Values.kube.registry.hostname }}/{{ .Values.kube.organization }}/scf-cc-clock:f03ee3c630ecafb7a8ef0509d9a75b9ea1082924"
lifecycle:
preStop:
exec:
Expand Down
2 changes: 1 addition & 1 deletion scf/helm/cf/templates/cc-worker.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -369,7 +369,7 @@ spec:
value: {{if ne (typeOf .Values.env.USE_DIEGO_PRIVILEGED_CONTAINERS) "<nil>"}}{{if has (kindOf .Values.env.USE_DIEGO_PRIVILEGED_CONTAINERS) (list "map" "slice")}}{{.Values.env.USE_DIEGO_PRIVILEGED_CONTAINERS | toJson | quote}}{{else}}{{.Values.env.USE_DIEGO_PRIVILEGED_CONTAINERS | quote}}{{end}}{{else}}{{fail "env.USE_DIEGO_PRIVILEGED_CONTAINERS has not been set"}}{{end}}
- name: "USE_STAGER_PRIVILEGED_CONTAINERS"
value: {{if ne (typeOf .Values.env.USE_STAGER_PRIVILEGED_CONTAINERS) "<nil>"}}{{if has (kindOf .Values.env.USE_STAGER_PRIVILEGED_CONTAINERS) (list "map" "slice")}}{{.Values.env.USE_STAGER_PRIVILEGED_CONTAINERS | toJson | quote}}{{else}}{{.Values.env.USE_STAGER_PRIVILEGED_CONTAINERS | quote}}{{end}}{{else}}{{fail "env.USE_STAGER_PRIVILEGED_CONTAINERS has not been set"}}{{end}}
image: "{{ .Values.kube.registry.hostname }}/{{ .Values.kube.organization }}/scf-cc-worker:13cd475ed07bae666687365716d9fe2456be0c96"
image: "{{ .Values.kube.registry.hostname }}/{{ .Values.kube.organization }}/scf-cc-worker:d296d9e1b88c4faa498310cf122cc5a5c66ce092"
lifecycle:
preStop:
exec:
Expand Down
4 changes: 2 additions & 2 deletions scf/helm/uaa/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
apiVersion: 2.14.0+cf2.7.0.14.gb19c46f
apiVersion: 2.14.5+cf2.7.0.3.gbc13ddc
description: A Helm chart for SUSE UAA
name: uaa-opensuse
version: 2.14.0
version: 2.14.5
20 changes: 18 additions & 2 deletions scf/helm/uaa/templates/account-default.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,14 @@ apiVersion: "rbac.authorization.k8s.io/v1beta1"
kind: "RoleBinding"
metadata:
name: "default-configgin-role-binding"
labels:
app.kubernetes.io/component: "default-configgin-role-binding"
skiff-role-name: "default-configgin-role-binding"
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/name: {{ default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" | quote }}
app.kubernetes.io/version: {{ default .Chart.Version .Chart.AppVersion | quote }}
helm.sh/chart: {{ printf "%s-%s" .Chart.Name (.Chart.Version | replace "+" "_") | quote }}
subjects:
- kind: "ServiceAccount"
name: "default"
Expand All @@ -17,13 +25,21 @@ roleRef:
apiVersion: "rbac.authorization.k8s.io/v1"
kind: "ClusterRoleBinding"
metadata:
name: "default-binding-psp"
name: "{{ .Release.Namespace }}-default-binding-psp"
labels:
app.kubernetes.io/component: "{{ .Release.Namespace }}-default-binding-psp"
skiff-role-name: "{{ .Release.Namespace }}-default-binding-psp"
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/name: {{ default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" | quote }}
app.kubernetes.io/version: {{ default .Chart.Version .Chart.AppVersion | quote }}
helm.sh/chart: {{ printf "%s-%s" .Chart.Name (.Chart.Version | replace "+" "_") | quote }}
subjects:
- kind: "ServiceAccount"
name: "default"
namespace: {{ .Release.Namespace }}
roleRef:
kind: "ClusterRole"
name: "psp-role-nonprivileged"
name: "{{ .Release.Namespace }}-psp-role-nonprivileged"
apiGroup: "rbac.authorization.k8s.io"
{{- end }}
10 changes: 9 additions & 1 deletion scf/helm/uaa/templates/auth-clusterrole-nonprivileged.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,15 @@
apiVersion: "rbac.authorization.k8s.io/v1"
kind: "ClusterRole"
metadata:
name: "psp-role-nonprivileged"
name: "{{ .Release.Namespace }}-psp-role-nonprivileged"
labels:
app.kubernetes.io/component: "{{ .Release.Namespace }}-psp-role-nonprivileged"
skiff-role-name: "{{ .Release.Namespace }}-psp-role-nonprivileged"
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/name: {{ default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" | quote }}
app.kubernetes.io/version: {{ default .Chart.Version .Chart.AppVersion | quote }}
helm.sh/chart: {{ printf "%s-%s" .Chart.Name (.Chart.Version | replace "+" "_") | quote }}
rules:
- apiGroups:
- "extensions"
Expand Down
8 changes: 8 additions & 0 deletions scf/helm/uaa/templates/auth-role-configgin-role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,14 @@ apiVersion: "rbac.authorization.k8s.io/v1beta1"
kind: "Role"
metadata:
name: "configgin-role"
labels:
app.kubernetes.io/component: "configgin-role"
skiff-role-name: "configgin-role"
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/name: {{ default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" | quote }}
app.kubernetes.io/version: {{ default .Chart.Version .Chart.AppVersion | quote }}
helm.sh/chart: {{ printf "%s-%s" .Chart.Name (.Chart.Version | replace "+" "_") | quote }}
rules:
- apiGroups:
- ""
Expand Down
73 changes: 67 additions & 6 deletions scf/helm/uaa/templates/mysql.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,19 +46,38 @@ kind: "StatefulSet"
metadata:
name: "mysql"
labels:
app.kubernetes.io/component: "mysql"
skiff-role-name: "mysql"
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/name: {{ default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" | quote }}
app.kubernetes.io/version: {{ default .Chart.Version .Chart.AppVersion | quote }}
helm.sh/chart: {{ printf "%s-%s" .Chart.Name (.Chart.Version | replace "+" "_") | quote }}
spec:
podManagementPolicy: "OrderedReady"
replicas: {{ if and .Values.config.HA (eq (int .Values.sizing.mysql.count) 1) -}} 2 {{- else -}} {{ .Values.sizing.mysql.count }} {{- end }}
selector:
matchLabels:
skiff-role-name: "mysql"
serviceName: "mysql-set"
template:
metadata:
name: "mysql"
labels:
app.kubernetes.io/component: "mysql"
skiff-role-name: "mysql"
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/name: {{ default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" | quote }}
app.kubernetes.io/version: {{ default .Chart.Version .Chart.AppVersion | quote }}
helm.sh/chart: {{ printf "%s-%s" .Chart.Name (.Chart.Version | replace "+" "_") | quote }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
spec:
affinity:
{{- if .Values.sizing.mysql.affinity.nodeAffinity }}
nodeAffinity: {{ toJson .Values.sizing.mysql.affinity.nodeAffinity }}
{{- end }}
containers:
- env:
- name: "KUBERNETES_CLUSTER_DOMAIN"
Expand Down Expand Up @@ -171,7 +190,7 @@ spec:
name: "secrets"
{{- end }}

image: "{{ .Values.kube.registry.hostname }}/{{ .Values.kube.organization }}/uaa-mysql:213c131a8513528d3d8fa8295aacb7586e66b85f"
image: "{{ .Values.kube.registry.hostname }}/{{ .Values.kube.organization }}/uaa-mysql:80b11cab845e3bf30cfa7ddf2cb3d8504295e33b"
lifecycle:
preStop:
exec:
Expand Down Expand Up @@ -233,6 +252,8 @@ spec:
{{- end }}

securityContext:
allowPrivilegeEscalation: false

{{- if has "ALL" .Values.sizing.mysql.capabilities }}
privileged: true
{{- end }}
Expand Down Expand Up @@ -277,6 +298,14 @@ items:
kind: "Service"
metadata:
name: "mysql-set"
labels:
app.kubernetes.io/component: "mysql-set"
skiff-role-name: "mysql-set"
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/name: {{ default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" | quote }}
app.kubernetes.io/version: {{ default .Chart.Version .Chart.AppVersion | quote }}
helm.sh/chart: {{ printf "%s-%s" .Chart.Name (.Chart.Version | replace "+" "_") | quote }}
spec:
clusterIP: "None"
ports:
Expand Down Expand Up @@ -317,11 +346,19 @@ items:
protocol: "TCP"
targetPort: 0
selector:
skiff-role-name: "mysql"
app.kubernetes.io/component: "mysql"
- apiVersion: "v1"
kind: "Service"
metadata:
name: "mysql-mysql-set"
labels:
app.kubernetes.io/component: "mysql-mysql-set"
skiff-role-name: "mysql-mysql-set"
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/name: {{ default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" | quote }}
app.kubernetes.io/version: {{ default .Chart.Version .Chart.AppVersion | quote }}
helm.sh/chart: {{ printf "%s-%s" .Chart.Name (.Chart.Version | replace "+" "_") | quote }}
spec:
clusterIP: "None"
ports:
Expand Down Expand Up @@ -350,11 +387,19 @@ items:
protocol: "TCP"
targetPort: 0
selector:
skiff-role-name: "mysql"
app.kubernetes.io/component: "mysql"
- apiVersion: "v1"
kind: "Service"
metadata:
name: "mysql-mysql"
labels:
app.kubernetes.io/component: "mysql-mysql"
skiff-role-name: "mysql-mysql"
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/name: {{ default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" | quote }}
app.kubernetes.io/version: {{ default .Chart.Version .Chart.AppVersion | quote }}
helm.sh/chart: {{ printf "%s-%s" .Chart.Name (.Chart.Version | replace "+" "_") | quote }}
spec:
ports:
- name: "mysql"
Expand Down Expand Up @@ -382,11 +427,19 @@ items:
protocol: "TCP"
targetPort: 4444
selector:
skiff-role-name: "mysql"
app.kubernetes.io/component: "mysql"
- apiVersion: "v1"
kind: "Service"
metadata:
name: "mysql-proxy-set"
labels:
app.kubernetes.io/component: "mysql-proxy-set"
skiff-role-name: "mysql-proxy-set"
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/name: {{ default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" | quote }}
app.kubernetes.io/version: {{ default .Chart.Version .Chart.AppVersion | quote }}
helm.sh/chart: {{ printf "%s-%s" .Chart.Name (.Chart.Version | replace "+" "_") | quote }}
spec:
clusterIP: "None"
ports:
Expand All @@ -403,11 +456,19 @@ items:
protocol: "TCP"
targetPort: 0
selector:
skiff-role-name: "mysql"
app.kubernetes.io/component: "mysql"
- apiVersion: "v1"
kind: "Service"
metadata:
name: "mysql-proxy"
labels:
app.kubernetes.io/component: "mysql-proxy"
skiff-role-name: "mysql-proxy"
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/name: {{ default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" | quote }}
app.kubernetes.io/version: {{ default .Chart.Version .Chart.AppVersion | quote }}
helm.sh/chart: {{ printf "%s-%s" .Chart.Name (.Chart.Version | replace "+" "_") | quote }}
spec:
ports:
- name: "mysql-proxy"
Expand All @@ -423,5 +484,5 @@ items:
protocol: "TCP"
targetPort: 1936
selector:
skiff-role-name: "mysql"
app.kubernetes.io/component: "mysql"
kind: "List"
6 changes: 6 additions & 0 deletions scf/helm/uaa/templates/registry-secret.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,11 @@ kind: "Secret"
metadata:
name: "registry-credentials"
labels:
app.kubernetes.io/component: "registry-credentials"
skiff-role-name: "registry-credentials"
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/name: {{ default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" | quote }}
app.kubernetes.io/version: {{ default .Chart.Version .Chart.AppVersion | quote }}
helm.sh/chart: {{ printf "%s-%s" .Chart.Name (.Chart.Version | replace "+" "_") | quote }}
type: "kubernetes.io/dockercfg"
Loading

0 comments on commit 8c292dd

Please sign in to comment.