cluster/kube: emergency fixes after evition Some pods got evicted. Some of them broke. - postgres in matrix and nginx in internet because of the new policies (chown issues) - cas proxy in matrix because apparently the image was not reuploaded to the regsitry after ceph-waw1 died, and another node didn't have it - registry because it had a weak image pin an downgraded to some broken version on another node Change-Id: I836036872629843c8ede1b7f67982112c90d71f0

commit: 5f3a5e0310146e3dd863ed3e69c6e63f02c4b2fd [log] [tgz]
author: Sergiusz Bazanski <q3k@hackerspace.pl> Wed Sep 25 02:51:51 2019 +0200
committer: Sergiusz Bazanski <q3k@hackerspace.pl> Wed Sep 25 02:58:15 2019 +0200
tree: 1ddb615ac7af78afa76911de282b773bd72b7278
parent: db2a2a029fdd5d64b312eb97cd611d2b8caaa56b [diff] [blame]
diff --git a/cluster/kube/cluster.jsonnet b/cluster/kube/cluster.jsonnet
index 89ffdb0..09c3b33 100644
--- a/cluster/kube/cluster.jsonnet
+++ b/cluster/kube/cluster.jsonnet

@@ -135,6 +135,9 @@
         policies.AllowNamespaceInsecure("kube-system"),
         # TODO(q3k): fix this?
         policies.AllowNamespaceInsecure("ceph-waw2"),
+        policies.AllowNamespaceInsecure("matrix"),
+        policies.AllowNamespaceInsecure("registry"),
+        policies.AllowNamespaceInsecure("internet"),
     ],
 
     // Allow all service accounts (thus all controllers) to create secure pods.
commit	5f3a5e0310146e3dd863ed3e69c6e63f02c4b2fd	[log] [tgz]
author	Sergiusz Bazanski <q3k@hackerspace.pl>	Wed Sep 25 02:51:51 2019 +0200
committer	Sergiusz Bazanski <q3k@hackerspace.pl>	Wed Sep 25 02:58:15 2019 +0200
tree	1ddb615ac7af78afa76911de282b773bd72b7278
parent	db2a2a029fdd5d64b312eb97cd611d2b8caaa56b [diff] [blame]