cluster/kube: emergency fixes after evition
Some pods got evicted. Some of them broke.
- postgres in matrix and nginx in internet because of the new policies
(chown issues)
- cas proxy in matrix because apparently the image was not reuploaded
to the regsitry after ceph-waw1 died, and another node didn't have it
- registry because it had a weak image pin an downgraded to some
broken version on another node
Change-Id: I836036872629843c8ede1b7f67982112c90d71f0
diff --git a/cluster/kube/cluster.jsonnet b/cluster/kube/cluster.jsonnet
index 89ffdb0..09c3b33 100644
--- a/cluster/kube/cluster.jsonnet
+++ b/cluster/kube/cluster.jsonnet
@@ -135,6 +135,9 @@
policies.AllowNamespaceInsecure("kube-system"),
# TODO(q3k): fix this?
policies.AllowNamespaceInsecure("ceph-waw2"),
+ policies.AllowNamespaceInsecure("matrix"),
+ policies.AllowNamespaceInsecure("registry"),
+ policies.AllowNamespaceInsecure("internet"),
],
// Allow all service accounts (thus all controllers) to create secure pods.