From 3df037e53cf3d22e47187086c0083849caf5cf5d Mon Sep 17 00:00:00 2001 From: Arthur Date: Sun, 11 Feb 2024 16:52:27 -0500 Subject: [PATCH] chore: OKD Upgrade and Stackrox Net Policy Update --- kubernetes/homeassistant/base/statefulset.yaml | 2 +- kubernetes/nextcloud/base/cronjob.yaml | 2 +- kubernetes/nextcloud/base/preview-cronjob.yaml | 2 +- kubernetes/nextcloud/base/statefulset.yaml | 2 +- kubernetes/quay/base/postgres/clair/network-policy.yaml | 4 ++-- kubernetes/quay/base/postgres/quay/network-policy.yaml | 4 ++-- kubernetes/stackrox-central/base/postgres/network-policy.yaml | 2 +- kubernetes/stackrox-central/base/postgres/postgres.yaml | 4 ++-- kubernetes/unifi-network-application/base/statefulset.yaml | 2 +- okd/okd-configuration/overlays/okd/cluster-version.yaml | 4 ++-- 10 files changed, 14 insertions(+), 14 deletions(-) diff --git a/kubernetes/homeassistant/base/statefulset.yaml b/kubernetes/homeassistant/base/statefulset.yaml index cf64d9e48..7786d36d8 100644 --- a/kubernetes/homeassistant/base/statefulset.yaml +++ b/kubernetes/homeassistant/base/statefulset.yaml @@ -46,7 +46,7 @@ spec: value: "1" containers: - name: homeassistant - image: homeassistant/home-assistant:2024.1.4@sha256:b5bcbcad4669e4e6b3ef7d7c8c841268d06c0eb83ad6b64aaca12cb85e9e204c + image: homeassistant/home-assistant:2024.2.1@sha256:5808ca4b75d89950a705119370198c53f83ab7de3c3632e2948e1305d27d649d securityContext: allowPrivilegeEscalation: true seccompProfile: diff --git a/kubernetes/nextcloud/base/cronjob.yaml b/kubernetes/nextcloud/base/cronjob.yaml index 503be5c24..1aad10058 100644 --- a/kubernetes/nextcloud/base/cronjob.yaml +++ b/kubernetes/nextcloud/base/cronjob.yaml @@ -51,7 +51,7 @@ spec: claimName: nextcloud-data containers: - name: nextcloud-cron - image: nextcloud:28.0.1-apache@sha256:3d17745d388ac65fe0572ff3f1e45a868ad6c8e74ea98e03762feda9f0603fff + image: nextcloud:28.0.2-apache@sha256:0d231d59967d997141be8016c41df5e05f03137abbf741a8f0be2c0a8af80cf6 command: - /bin/sh - "-c" diff --git a/kubernetes/nextcloud/base/preview-cronjob.yaml b/kubernetes/nextcloud/base/preview-cronjob.yaml index 09d63a134..7dd51260c 100644 --- a/kubernetes/nextcloud/base/preview-cronjob.yaml +++ b/kubernetes/nextcloud/base/preview-cronjob.yaml @@ -52,7 +52,7 @@ spec: runAsUser: 33 containers: - name: nextcloud-preview - image: nextcloud:28.0.1-apache@sha256:3d17745d388ac65fe0572ff3f1e45a868ad6c8e74ea98e03762feda9f0603fff + image: nextcloud:28.0.2-apache@sha256:0d231d59967d997141be8016c41df5e05f03137abbf741a8f0be2c0a8af80cf6 command: - /bin/sh - -c diff --git a/kubernetes/nextcloud/base/statefulset.yaml b/kubernetes/nextcloud/base/statefulset.yaml index eb12722f0..b678e755b 100644 --- a/kubernetes/nextcloud/base/statefulset.yaml +++ b/kubernetes/nextcloud/base/statefulset.yaml @@ -43,7 +43,7 @@ spec: runAsUser: 33 containers: - name: nextcloud - image: nextcloud:28.0.1-apache@sha256:3d17745d388ac65fe0572ff3f1e45a868ad6c8e74ea98e03762feda9f0603fff + image: nextcloud:28.0.2-apache@sha256:0d231d59967d997141be8016c41df5e05f03137abbf741a8f0be2c0a8af80cf6 securityContext: runAsGroup: 33 runAsUser: 33 diff --git a/kubernetes/quay/base/postgres/clair/network-policy.yaml b/kubernetes/quay/base/postgres/clair/network-policy.yaml index d7cc61dea..818364b9a 100644 --- a/kubernetes/quay/base/postgres/clair/network-policy.yaml +++ b/kubernetes/quay/base/postgres/clair/network-policy.yaml @@ -45,7 +45,7 @@ spec: - from: - namespaceSelector: matchLabels: - kubernetes.io/metadata.name: postgres + kubernetes.io/metadata.name: quay podSelector: matchLabels: postgres-operator.crunchydata.com/cluster: clair @@ -53,7 +53,7 @@ spec: - to: - namespaceSelector: matchLabels: - kubernetes.io/metadata.name: postgres + kubernetes.io/metadata.name: quay podSelector: matchLabels: postgres-operator.crunchydata.com/cluster: clair diff --git a/kubernetes/quay/base/postgres/quay/network-policy.yaml b/kubernetes/quay/base/postgres/quay/network-policy.yaml index 30e5b106d..252cf1d91 100644 --- a/kubernetes/quay/base/postgres/quay/network-policy.yaml +++ b/kubernetes/quay/base/postgres/quay/network-policy.yaml @@ -57,7 +57,7 @@ spec: - from: - namespaceSelector: matchLabels: - kubernetes.io/metadata.name: postgres + kubernetes.io/metadata.name: quay podSelector: matchLabels: postgres-operator.crunchydata.com/cluster: quay @@ -65,7 +65,7 @@ spec: - to: - namespaceSelector: matchLabels: - kubernetes.io/metadata.name: postgres + kubernetes.io/metadata.name: quay podSelector: matchLabels: postgres-operator.crunchydata.com/cluster: quay diff --git a/kubernetes/stackrox-central/base/postgres/network-policy.yaml b/kubernetes/stackrox-central/base/postgres/network-policy.yaml index f83286319..177db3cf0 100644 --- a/kubernetes/stackrox-central/base/postgres/network-policy.yaml +++ b/kubernetes/stackrox-central/base/postgres/network-policy.yaml @@ -44,7 +44,7 @@ spec: - from: - namespaceSelector: matchLabels: - kubernetes.io/metadata.name: postgres + kubernetes.io/metadata.name: stackrox podSelector: matchLabels: postgres-operator.crunchydata.com/cluster: stackrox diff --git a/kubernetes/stackrox-central/base/postgres/postgres.yaml b/kubernetes/stackrox-central/base/postgres/postgres.yaml index 258b59773..33cf9156a 100644 --- a/kubernetes/stackrox-central/base/postgres/postgres.yaml +++ b/kubernetes/stackrox-central/base/postgres/postgres.yaml @@ -1,6 +1,6 @@ # StackroxDB Tweak # alter user stackrox createdb; -# alter user stackrox superuser +# alter user stackrox superuser; # PSQL 15 Public Scheme Tweak # \c stackrox # GRANT CREATE ON SCHEMA public TO stackrox; @@ -65,7 +65,7 @@ spec: - ReadWriteOnce resources: requests: - storage: 15Gi + storage: 5Gi name: "" replicas: 2 resources: diff --git a/kubernetes/unifi-network-application/base/statefulset.yaml b/kubernetes/unifi-network-application/base/statefulset.yaml index d8c93abb7..bcedfbbe3 100644 --- a/kubernetes/unifi-network-application/base/statefulset.yaml +++ b/kubernetes/unifi-network-application/base/statefulset.yaml @@ -25,7 +25,7 @@ spec: serviceAccountName: unifi-network-application containers: - name: unifi-network-application - image: linuxserver/unifi-network-application:8.0.28@sha256:e673a6100ef8de6ec5e3d8b7bd48f1d1940466f74801048c046a471f5219f551 + image: linuxserver/unifi-network-application:8.0.28-ls28@sha256:53b3734cad2a2c18297a2e4e17c29dec05061767f3187561c3ed483b4762fedc securityContext: runAsNonRoot: false privileged: true diff --git a/okd/okd-configuration/overlays/okd/cluster-version.yaml b/okd/okd-configuration/overlays/okd/cluster-version.yaml index eff0b3c1f..461b9002d 100644 --- a/okd/okd-configuration/overlays/okd/cluster-version.yaml +++ b/okd/okd-configuration/overlays/okd/cluster-version.yaml @@ -9,6 +9,6 @@ spec: clusterID: desiredUpdate: force: false - image: quay.io/openshift/okd@sha256:5e5a19e1e9b880ad4692530571130dae3165058198bfef8711342a5b44f6659d - version: 4.15.0-0.okd-2024-01-27-070424 + image: quay.io/openshift/okd@sha256:e13d5f24fc0347b51f1144e7f5bb03b48a99b43d3de0a260af171bf7e39a30f7 + version: 4.15.0-0.okd-2024-02-10-035534 upstream: https://amd64.origin.releases.ci.openshift.org/graph