diff --git a/create-pv.sh b/create-pv.sh new file mode 100755 index 0000000..7b22d3e --- /dev/null +++ b/create-pv.sh @@ -0,0 +1,4 @@ +kubectl apply -f pv-apim-audit.yaml +kubectl apply -f pv-apim-events.yaml +kubectl apply -f pv-apim-opentraffic.yaml +kubectl apply -f pv-apim-payloads.yaml diff --git a/delete-pv.sh b/delete-pv.sh new file mode 100755 index 0000000..ada6e2b --- /dev/null +++ b/delete-pv.sh @@ -0,0 +1,4 @@ +kubectl delete -f pv-apim-audit.yaml +kubectl delete -f pv-apim-events.yaml +kubectl delete -f pv-apim-opentraffic.yaml +kubectl delete -f pv-apim-payloads.yaml diff --git a/pv-apim-audit.yaml b/pv-apim-audit.yaml new file mode 100644 index 0000000..faaa60e --- /dev/null +++ b/pv-apim-audit.yaml @@ -0,0 +1,13 @@ +kind: PersistentVolume +apiVersion: v1 +metadata: + name: apim-audit +spec: + capacity: + storage: 1Gi + nfs: + server: 192.168.0.105 + path: /nfs/NFS/ocp/apim-audit + storageClassName: nfs-csi + accessModes: + - ReadWriteMany diff --git a/pv-apim-events.yaml b/pv-apim-events.yaml new file mode 100644 index 0000000..34c67a8 --- /dev/null +++ b/pv-apim-events.yaml @@ -0,0 +1,13 @@ +kind: PersistentVolume +apiVersion: v1 +metadata: + name: apim-events +spec: + capacity: + storage: 1Gi + nfs: + server: 192.168.0.105 + path: /nfs/NFS/ocp/apim-events + storageClassName: nfs-csi + accessModes: + - ReadWriteMany diff --git a/pv-apim-opentraffic.yaml b/pv-apim-opentraffic.yaml new file mode 100644 index 0000000..7b53c8b --- /dev/null +++ b/pv-apim-opentraffic.yaml @@ -0,0 +1,13 @@ +kind: PersistentVolume +apiVersion: v1 +metadata: + name: apim-opentraffic +spec: + capacity: + storage: 8Gi + nfs: + server: 192.168.0.105 + path: /nfs/NFS/ocp/apim-opentraffic + storageClassName: nfs-csi + accessModes: + - ReadWriteOnce diff --git a/pv-apim-payloads.yaml b/pv-apim-payloads.yaml new file mode 100644 index 0000000..a579060 --- /dev/null +++ b/pv-apim-payloads.yaml @@ -0,0 +1,13 @@ +kind: PersistentVolume +apiVersion: v1 +metadata: + name: apim-payloads +spec: + capacity: + storage: 16Gi + nfs: + server: 192.168.0.105 + path: /nfs/NFS/ocp/apim-payloads + storageClassName: nfs-csi + accessModes: + - ReadWriteOnce diff --git a/values-override.yaml b/values-override.yaml index bf22154..1f517c6 100644 --- a/values-override.yaml +++ b/values-override.yaml @@ -19,10 +19,12 @@ global: - ReadWriteMany capacity: 1Gi volumeName: apim-events + storageClassName: nfs-csi - name: payloads enabled: true usedBy: - traffic + storageClassName: nfs-csi accessModes: - ReadWriteOnce capacity: 16Gi @@ -33,6 +35,7 @@ global: - anm - apimgr - traffic + storageClassName: nfs-csi accessModes: - ReadWriteMany capacity: 1Gi @@ -71,13 +74,14 @@ global: - traffic - anm - apimgr + storageClassName: nfs-csi accessModes: - ReadWriteOnce capacity: 8Gi volumeName: apim-opentraffic initContainers: securityContext: - runAsNonRoot: false + runAsNonRoot: true database: host: mysql.metrics.svc.cluster.local metrics: @@ -110,7 +114,7 @@ anm: memory: "1Gi" cpu: "250m" securityContext: - runAsNonRoot: false + runAsNonRoot: true route: enabled: true annotations: @@ -181,7 +185,7 @@ apimgr: memory: "0.5Gi" cpu: 0.5 securityContext: - runAsNonRoot: false + runAsNonRoot: true route: enabled: true annotations: @@ -294,7 +298,7 @@ apitraffic: targetCPUUtilizationPercentage: 80 replicaCount: 2 securityContext: - runAsNonRoot: false + runAsNonRoot: true oauth: enabled: true type: ClusterIP @@ -573,7 +577,7 @@ aga: allowPrivilegeEscalation: false #NOTE readOnlyRootFilesystem should be left to false # readOnlyRootFilesystem: false - runAsNonRoot: false + runAsNonRoot: true service: type: ClusterIP ports: