airship/promenade
Code Issues Proposed changes
5323ca2710
promenade/charts/coredns/values.yaml
KHIYANI, RAHUL (rk0850) 1e4b5e0d45 Add pod/container security context to promenade charts 
This updates the coredns, haproxy and etcd chart to include the pod
security context on the pod template.

This also adds the container security context to set
readOnlyRootFilesystem flag

Change-Id: I9b5b0ea83acd4c5656577d8cbc684a5031ca0111
2020-06-29 17:06:02 -05:00

106 lines
2.2 KiB
YAML
Raw Blame History

conf:
coredns:
corefile: |
.:53 {
errors
health
autopath @kubernetes
kubernetes cluster.local 10.96.0.0/16 10.97.0.0/16 {
pods disabled
fallthrough in-addr.arpa ip6.arpa
upstream 8.8.8.8
upstream 8.8.4.4
}
prometheus :9253
forward . 8.8.8.8 8.8.4.4
cache 30
}
test:
coredns_check_port: 8080
ext_health_check_port: 8282
names_to_resolve:
- kubernetes.default.svc.cluster.local
images:
tags:
coredns: coredns/coredns:1.6.4
test: quay.io/airshipit/promenade:latest
pull_policy: "IfNotPresent"
labels:
coredns:
node_selector_key: coredns
node_selector_value: enabled
service:
name: coredns
ip: 10.96.0.10
pod:
mandatory_access_control:
type: apparmor
coredns:
coredns: runtime/default
coredns-health: runtime/default
coredns-test: runtime/default
security_context:
coredns:
pod:
runAsUser: 65534
container:
coredns:
runAsUser: 0
readOnlyRootFilesystem: true
test:
pod:
runAsUser: 65534
container:
coredns_test:
runAsUser: 0
readOnlyRootFilesystem: true
lifecycle:
upgrades:
# This is only meaningful when deploying as a DaemonSet
daemonsets:
pod_replacement_strategy: RollingUpdate
coredns:
enabled: true
min_ready_seconds: 0
max_unavailable: 30%
termination_grace_period:
coredns:
timeout: 30
resources:
enabled: false
coredns:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
pod_test:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
# This is only meaningful when deploying as a Deployment
replicas:
coredns: 3
monitoring:
prometheus:
enabled: false
coredns:
scrape: true
port: 9253
manifests:
# This chart can deploy CoreDNS as a Deployment, as a DaemonSet, or both
daemonset: false
deployment: true
pod_test: true
View Git Blame Copy Permalink