🦠 ocp 4.11 deploy 🦠 #147
Merged
🦠 ocp 4.11 deploy 🦠 #147
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
the only breaking change appears to be CRW -> devspaces Operator renaming -- PodSecurity "restricted:v1.24" Changes to PSP brings up the following would violate PodSecurity "restricted:v1.24 warnings (1) ldap group sync ~/git/openshift-management ⎇ master#edf0e91$ helm upgrade cronjob-ldap-group-sync ...
Release "cronjob-ldap-group-sync" does not exist. Installing it now.
W0827 13:13:31.916574 1084014 warnings.go:70] batch/v1beta1 CronJob is deprecated in v1.21+, unavailable in v1.25+; use batch/v1 CronJob
W0827 13:13:32.276515 1084014 warnings.go:70] batch/v1beta1 CronJob is deprecated in v1.21+, unavailable in v1.25+; use batch/v1 CronJob
W0827 13:13:32.276552 1084014 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "cronjob-ldap-group-sync" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "cronjob-ldap-group-sync" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "cronjob-ldap-group-sync" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "cronjob-ldap-group-sync" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
NAME: cronjob-ldap-group-sync
LAST DEPLOYED: Sat Aug 27 13:13:31 2022
NAMESPACE: cluster-ops
STATUS: deployed
REVISION: 1
TEST SUITE: None(2) tl500-base chart tl500-base ⎇ main#2c40a76 $ helm upgrade --install tl500-base . \
--namespace tl500 --create-namespace --timeout=20m
Release "tl500-base" does not exist. Installing it now.
W0827 13:15:09.349655 1085985 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "job" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "job" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "job" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "job" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0827 13:15:17.326350 1085985 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "controller" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "controller" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "controller" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "controller" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0827 13:15:17.343673 1085985 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tl500-teamsters" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tl500-teamsters" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tl500-teamsters" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tl500-teamsters" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0827 13:15:18.666634 1085985 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "crd-check" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "crd-check" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "crd-check" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "crd-check" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") |
|
Teamsters regression Testing Looks Good create-ateam create -> success
create-ateam create Tests run: 9
create-ateam create Failed tests: 0
create-ateam create All tests passed. |
|
I ❤️ Teamster |
|
Related: rht-labs/tech-exercise#232 |
|
I have adjusted values-4.11.yaml to work with base values.yaml files as both are evaluated by helm when you want 4.11 deployment: |
|
One small thing, what happened with |
LOLZ ! i deleted it ;) thanx .. yeah my mistake, reverted it. its the only file that fails when doing helm template cause of the ldap injection |
|
OK i am gonna merge this and convert RHPDS to 4.11 as the test bed ... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Deploy TL500 to OpenShift 4.11
I have added new values-v4.11.yaml files and config that has the extra config for DevSpaces
so all you have to do for 4.11 is use those files (the default values.yaml is still read) when deploying the charts (README has also been updated to reflect this)