- Oct 19, 2022
-
-
Sheogorath authoredThis patch enables explicit pod security standards on all infrastructure namespaces.
-
Sheogorath authored
-
Sheogorath authored
-
Sheogorath authored
-
- Oct 17, 2022
-
-
Sheogorath authored
-
Sheogorath authored
-
Sheogorath authored
-
Sheogorath authored
-
Sheogorath authored
-
Sheogorath authored
-
Sheogorath authored
-
Sheogorath authored
-
Sheogorath authored
-
Sheogorath authored
-
Botaniker (Bot) authored -
Botaniker (Bot) authored
-
Botaniker (Bot) authored
-
Botaniker (Bot) authored
-
Botaniker (Bot) authored
-
Botaniker (Bot) authored
-
Botaniker (Bot) authored
-
Botaniker (Bot) authored
-
Sheogorath authored
This patch enforces the Kubernetes baseline security from the new Pod security standards (PSS) for all apps namespaces. While not considered ideal, it'll help to improve security and also provide warnings where to adjust existing workloads to fit the restricted PSS. References: https://kubernetes.io/docs/concepts/security/pod-security-standards/
-
Sheogorath authored
This patch resolves some downtime of forecastle and oauth pods, after enforcing the new Pod Security Standards. Given that restricted requires explicit definition of a lot of fields, this shall be sorted ober time, and not on the Spot. References: https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
-
- Oct 15, 2022
-
-
Sheogorath authored
-
- Oct 14, 2022
-
-
Sheogorath authored
This patch adjusts the missing or wrong serviceAccountName for some oauth2-proxy deployments.
-
Sheogorath authored
This patch instructs the helm chart to deploy the aggreation role, to allow the namespace admin role to create and manage postgres clusters.
-
- Oct 13, 2022
-
-
Botaniker (Bot) authored
-
Sheogorath authored
This patch increases the resource requests and limits for the Prometheus Operator Pods, after flying too close the sun, which resulted in an unexpected crashing of the Pod due to, too many ServiceMonitor objects.
-
Sheogorath authored
This patch renames a bunch of service accounts and role bindings, that were previously individual to the namespace, now using `flux-reconciler` everywhere with idential permissions. Further adjustments needed to make it a shared resource, currently the requirement to have the namespace in the rolebinding makes this hard. Have to investigate.
-
Sheogorath authored
This patch enables the creation of aggreated cluster role permissions, which will allow namespace admins, entities with the cluster role admin as a rolebinding, to create prometheus-operator resources.
-
Sheogorath authored
This patch adds namespace definitions, in order to resolve the Kubernetes objects properly. This will allow the expected patching to work.
-
Sheogorath authored
This was moved to base app instead.
-
Sheogorath authored
-
Sheogorath authored
-
Sheogorath authored
This patch removes the custom reconciler role and replaces it with the general admin ClusterRole, this helps to restrict access to only the save namespace resources.
-
Sheogorath authored
-
Sheogorath authored
This patch adds a shelly exporter based on json-exporter, collects various metrics for the shelly plugs and can be used by adding the plugs as targets. References: https://shelly-api-docs.shelly.cloud/ https://github.com/prometheus-community/json_exporter https://artifacthub.io/packages/helm/prometheus-community/prometheus-json-exporter
-
- Oct 12, 2022
-
-
Botaniker (Bot) authored
-
- Oct 11, 2022
-
-
Sheogorath authored
-