Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

MM: add security context to the cronjobs that share storage

Browse source 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard 2024-02-23 11:51:20 +01:00
parent 3dbfcfcf84
commit 471f6576d6
No known key found for this signature in database
GPG key ID: 31584CFEB9BF64AD
1 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

12
roles/openshift-apps/mirrormanager/templates/cron-mirrorlist-cache.yml
View file

@ -44,6 +44,8 @@ spec:
- name: data
persistentVolumeClaim:
claimName: mirrorlist-cache
securityContext:
supplementalGroups: [1001280000]
---
# Sync netblocks list once a day
apiVersion: batch/v1
@ -64,7 +66,7 @@ spec:
containers:
- name: mirrormanager
image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest
command: ["/opt/app-root/bin/mm2_get-netblocks", "global", "-o", "/data/global_netblocks.txt"]
command: ["mm2_get-netblocks", "global", "-o", "/data/global_netblocks.txt"]
volumeMounts:
- name: config
mountPath: "/etc/mirrormanager"
@ -78,6 +80,8 @@ spec:
- name: data
persistentVolumeClaim:
claimName: mirrorlist-cache
securityContext:
supplementalGroups: [1001280000]
---
# Run the script for Internet2 netblocks very late to
# make sure the files are all there. The script is
@ -101,7 +105,7 @@ spec:
containers:
- name: mirrormanager
image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest
command: ["/opt/app-root/bin/mm2_get-netblocks", "internet2", "-o", "/data/i2_netblocks.txt"]
command: ["mm2_get-netblocks", "internet2", "-o", "/data/i2_netblocks.txt"]
volumeMounts:
- name: config
mountPath: "/etc/mirrormanager"
@ -115,6 +119,8 @@ spec:
- name: data
persistentVolumeClaim:
claimName: mirrorlist-cache
securityContext:
supplementalGroups: [1001280000]
---
# Amazon EC2 netblocks
apiVersion: batch/v1
@ -135,7 +141,7 @@ spec:
containers:
- name: mirrormanager
image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest
command: ["/opt/app-root/bin/mm2_update-EC2-netblocks"]
command: ["mm2_update-EC2-netblocks"]
volumeMounts:
- name: config
mountPath: "/etc/mirrormanager"