Enable usage of calicoq utility
Also make previously mandatory requirement for exact match of calicoctl version and cluster version optional and set this verification as disabled by default. Image update commits: https://review.opendev.org/#/c/673915/ https://review.gerrithub.io/c/att-comdev/cicd/+/463828 Change-Id: I4dca1a4b075e5183ebf068c9aee59b55b0939881
This commit is contained in:
parent
9744eae699
commit
413f2e2591
@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
|
|||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
nobody ALL = (root) NOPASSWD: /usr/bin/socat -d -v -s -t0 -T0 -u \
|
nobody ALL=SETENV: NOPASSWD: /usr/bin/socat -d -v -s -t0 -T0 -u \
|
||||||
UNIX-RECV\:/dev/log\,reuseaddr stdout, \
|
UNIX-RECV\:/dev/log\,reuseaddr stdout, \
|
||||||
/usr/local/bin/calicoctl-utility-rootwrap /etc/calicoctl/rootwrap.conf *, \
|
/usr/local/bin/calicoctl-utility-rootwrap /etc/calicoctl/rootwrap.conf *, \
|
||||||
/usr/local/bin/calicoctl version
|
/usr/local/bin/calicoctl version
|
||||||
|
@ -15,4 +15,4 @@ See the License for the specific language governing permissions and
|
|||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
sudo /usr/local/bin/calicoctl-utility-rootwrap /etc/calicoctl/rootwrap.conf $*
|
sudo -E /usr/local/bin/calicoctl-utility-rootwrap /etc/calicoctl/rootwrap.conf $*
|
||||||
|
@ -94,7 +94,13 @@ spec:
|
|||||||
readinessProbe:
|
readinessProbe:
|
||||||
exec:
|
exec:
|
||||||
command:
|
command:
|
||||||
|
{{- if .Values.conf.utility.match_versions }}
|
||||||
- /usr/local/bin/version_check.sh
|
- /usr/local/bin/version_check.sh
|
||||||
|
{{- else }}
|
||||||
|
- sudo
|
||||||
|
- calicoctl
|
||||||
|
- version
|
||||||
|
{{- end }}
|
||||||
initialDelaySeconds: 5
|
initialDelaySeconds: 5
|
||||||
periodSeconds: 15
|
periodSeconds: 15
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
|
@ -170,6 +170,7 @@ conf:
|
|||||||
|
|
||||||
calicoctl_version_00: RegExpFilter, calicoctl, root, calicoctl, version
|
calicoctl_version_00: RegExpFilter, calicoctl, root, calicoctl, version
|
||||||
calicoctl_version_01: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, version
|
calicoctl_version_01: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, version
|
||||||
|
calicoq_00: CommandFilter, calicoq, root
|
||||||
calicoctl_rootwrap:
|
calicoctl_rootwrap:
|
||||||
DEFAULT:
|
DEFAULT:
|
||||||
# Configuration for calicoctl-rootwrap
|
# Configuration for calicoctl-rootwrap
|
||||||
@ -197,6 +198,9 @@ conf:
|
|||||||
# Set to true for development sites,
|
# Set to true for development sites,
|
||||||
# Set to false otherwise
|
# Set to false otherwise
|
||||||
always_log_user: true
|
always_log_user: true
|
||||||
|
# Specify whether we need to check for exact match of calicoctl and cluster
|
||||||
|
# versions during readiness probe
|
||||||
|
match_versions: false
|
||||||
|
|
||||||
manifests:
|
manifests:
|
||||||
configmap_bin: true
|
configmap_bin: true
|
||||||
|
Loading…
Reference in New Issue
Block a user