Skip to content

Commit

Permalink
Merge pull request #214 from tapis-project/dev
Browse files Browse the repository at this point in the history 
Dev
  • Loading branch information
@mpackard
mpackard authored May 24, 2023
2 parents bda24e9 + a33a69c commit 2a6d347
Show file tree
Hide file tree
Showing 8 changed files with 24 additions and 4 deletions.
4 changes: 3 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,9 @@ Notable changes between versions.
## 1.3.7

- [Authenticator: 1.3.3 to 1.3.4 (authenticator & authenticator-migrations)](https://github.com/tapis-project/authenticator/blob/prod/CHANGELOG.md)
- [Globus Proxy: 1.3.0 to 1.3.1](https://github.com/tapis-project/globus-proxy/blob/dev/CHANGELOG.md)
- [Notifications: 1.3.3 to 1.3.4 (notifications, notifications-dispatcher)](https://github.com/tapis-project/tapis-notifications/blob/1.3.4/CHANGELOG.md)
- [Globus Proxy: 1.3.0 to 1.3.1 (globus-proxy)](https://github.com/tapis-project/globus-proxy/blob/dev/CHANGELOG.md)
- Added optional `skadmin_sk_privileged_sa` var to skadmin component to enable Kubernetes privilege separation.

## 1.3.6

Expand Down
3 changes: 2 additions & 1 deletion playbooks/roles/monitoring/templates/kube/burndown
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,5 @@ kubectl delete -f monitoring-config.yml
kubectl delete -f apps
kubectl delete -f stern-fluentd


#Jobs
kubectl delete -f monitor-init-user.yml
4 changes: 2 additions & 2 deletions playbooks/roles/notifications/defaults/main/images.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
notifications_postgres_image: postgres:12.4
notifications_pgadmin_image: dpage/pgadmin4:6.20
notifications_rabbitmq_image: rabbitmq:3.8.11-management
notifications_api_image: tapis/notifications:1.3.3
notifications_dispatcher_image: tapis/notifications-dispatcher:1.3.3
notifications_api_image: tapis/notifications:1.3.4
notifications_dispatcher_image: tapis/notifications-dispatcher:1.3.4
5 changes: 5 additions & 0 deletions playbooks/roles/skadmin/defaults/main/vars.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,9 @@ skadmin_initLoad_jwtsigning_tenants:
- admin
- dev

# Set this to a different service account name (other than your default) to be used for for certain sk processes.
# This service account should be created in Kubernetes outside of Tapis Deployer.
skadmin_sk_privileged_sa: null



3 changes: 3 additions & 0 deletions playbooks/roles/skadmin/templates/kube/renew-sk-secret/renew-sk-secret.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ metadata:
spec:
template:
spec:
{% if skadmin_sk_privileged_sa is not none %}
serviceAccountName: {{ skadmin_sk_privileged_sa }}
{% endif %}
restartPolicy: Never
containers:
- name: renew-sk-secret
Expand Down
3 changes: 3 additions & 0 deletions playbooks/roles/skadmin/templates/kube/sk-admin-init.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ metadata:
spec:
template:
spec:
{% if skadmin_sk_privileged_sa is not none %}
serviceAccountName: {{ skadmin_sk_privileged_sa }}
{% endif %}
restartPolicy: Never
containers:
- name: sk-admin-init
Expand Down
3 changes: 3 additions & 0 deletions playbooks/roles/skadmin/templates/kube/sk-presetup-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ metadata:
spec:
template:
spec:
{% if skadmin_sk_privileged_sa is not none %}
serviceAccountName: {{ skadmin_sk_privileged_sa }}
{% endif %}
restartPolicy: Never
containers:
- name: sk-presetup-test
Expand Down
3 changes: 3 additions & 0 deletions playbooks/roles/skadmin/templates/kube/sk-presetup.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ metadata:
spec:
template:
spec:
{% if skadmin_sk_privileged_sa is not none %}
serviceAccountName: {{ skadmin_sk_privileged_sa }}
{% endif %}
restartPolicy: Never
containers:
- name: sk-presetup
Expand Down

0 comments on commit 2a6d347

Please sign in to comment.