WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-01 22:11:01 +08:00
Code Issues Packages Projects Releases Wiki Activity
43,401 Commits 9 Branches 0 Tags
7aa7553b84af5dc8efa78e9d8a4e50dde369052d
Commit Graph

54 Commits

Author SHA1 Message Date
Aurélien Bompard
f3517ab537 Escape jinja template chars when necessary 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-01-14 17:25:50 +01:00
Ryan Lerch
098a9fedf2 openshift/project - rename yaml/yml templates to .j2 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-14 08:37:30 +10:00
Ryan Lerch
01ace51513 [ansible-lint] prefix variable names for openshift/project role 
ansible-lint requires that variables for roles are prefixed with the
name of the role. This commit prefixes the rvariables for the
openshift/project role with project_ as required by ansible-lint

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2024-12-03 10:48:44 +01:00
Adam Williamson
4194cafaf4 prometheusRules - try going back to exactly how it was before yamllint 
...i.e. without a comment before it to suppress yamllint. Maybe
that doesn't work either?

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2024-11-30 11:28:52 -08:00
Adam Williamson
501cb25519 Revert "openshift: try and fix an error caused by yamllint cleanup" 
This reverts commit 054bc753ac.
It doesn't seem to help. No idea why prometheusRules is blowing
up now, then :(
 2024-11-30 11:08:05 -08:00
Adam Williamson
054bc753ac openshift: try and fix an error caused by yamllint cleanup 
It looks like these #jinja2 comments don't work with a space
between the # and the jinja2, or something. I'm getting errors
on this template when trying to run an openshift playbook ATM.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2024-11-30 10:58:05 -08:00
Ryan Lerch
89f6f1fc32 Fix majority of remaining yamllint warnings and errors 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2024-11-28 17:31:45 +10:00
Aurélien Bompard
33c98f7467 Allow appowners to create pods in MirrorManager 
Ref: https://discussion.fedoraproject.org/t/openshift-permissions-for-appowners/133816

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2024-10-16 12:22:27 +02:00
Siteshwar Vashisht
021c8fe152 ocp_monitoring: remove repeat_interval field 
Signed-off-by: Siteshwar Vashisht <svashisht@redhat.com>
 2023-11-23 18:23:58 +01:00
Kevin Fenzi
dfeac79e65 openshift: fix copypasta in crd 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-02-13 16:01:15 -08:00
Kevin Fenzi
f7ceb69349 openshift: more fixes to crds 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-02-13 15:59:01 -08:00
Kevin Fenzi
ba7a6248bb openshift: use correct crd for projects 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-02-13 15:53:28 -08:00
Kevin Fenzi
b1aeba28dc openshift-apps: adjust appowners for more picky oc client 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-02-13 11:08:07 -08:00
Francois Andrieu
953f2e5c4a ocp_monitoring: fix cronjob alert rule 2023-02-05 22:52:10 +00:00
Francois Andrieu
1304f93460 ocp_monitoring: allows a separate list of alert recipients 2023-02-05 22:49:44 +00:00
Francois Andrieu
caa4f85ed2 ocp_monitoring: move rules to openshift/project role 2023-01-27 00:08:30 +00:00
Francois Andrieu
66726137ae websites: add alerts for pod/job/build errors 2023-01-25 22:41:39 +00:00
Francois Andrieu
911bb8ac4f openshift: allow appowner to start a rollout 2021-04-28 21:32:05 +00:00
Francois Andrieu
492fe4f671 openshift: update egressPolicy for iad2 2021-04-03 18:44:31 +00:00
Adam Saleh
7bbb860d52 Add more privileges to appowners on staging. 2021-03-15 16:13:37 +01:00
Luca BRUNO
9c64952e3b openshift/rbac: allow project owners to cancel-builds 
This tweaks project-owners RBAC to allow updating a build, in order
to make `cancel-build` work.

Ref: https://pagure.io/fedora-infrastructure/issue/8005
Signed-off-by: Luca BRUNO <luca.bruno@coreos.com>
 2020-04-24 21:34:11 +02:00
Patrick Uiterwijk
66cda5eb15 Make it possible to disallow any internal communications 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 20:33:11 +02:00
Patrick Uiterwijk
bbaa0f409b openshift/project: fix if condition 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-09 13:54:16 +02:00
Patrick Uiterwijk
72ac044a5e openshift/project: simplify egresspolicy - different env db won't allow access anyway 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-09 13:41:55 +02:00
Patrick Uiterwijk
eac122c543 openshift/project: define default egress policy to prevent fas db access 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-09 13:32:55 +02:00
Patrick Uiterwijk
878988d92d Revert "Disable auto-update for appowners role" 
This reverts commit 10c88b0933.
 2018-12-08 20:02:53 +01:00
Patrick Uiterwijk
10c88b0933 Disable auto-update for appowners role 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-12-04 07:55:27 +01:00
Kevin Fenzi
6c24a3e84b add rollbacks to app owners in openshift 2018-11-15 22:13:13 +00:00
Patrick Uiterwijk
864f2e1372 Fix up the appowners binding to use the namespace-local one 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-13 10:39:56 +02:00
Mikolaj Izdebski
bbdceb24c6 Allow appowners to run builds (create buildconfigs/instantiate) 2018-08-23 20:27:59 +00:00
Mikolaj Izdebski
c0b53f5bd8 Reorganize os appowners role yaml 2018-08-23 20:25:29 +00:00
Kevin Fenzi
53b40839ff update apiGroups 2018-08-23 19:54:54 +00:00
Patrick Uiterwijk
8f7596d509 Deploymentconfigs/logs has been moved to the openshift.io group 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-07-04 14:04:17 +02:00
Patrick Uiterwijk
2ef2b46a37 Openshift build logs have moved to another namespace. Allow that 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-04-16 21:26:28 +00:00
Patrick Uiterwijk
692ddc2f78 Some objects got promoted in kubernetes 1.8 to core 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-03-09 23:29:57 +01:00
Patrick Uiterwijk
78ff12f828 Update openshift role to use namespace-local roles 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-03-09 22:53:23 +01:00
Patrick Uiterwijk
b3ae5a8957 This is a 'create' on 'pods/attach', not 'attach' on 'pods' 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-12-15 17:15:23 +00:00
Patrick Uiterwijk
984d230e7a Allow appowners to attach to pods (Fixes #6548) 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-12-15 15:39:00 +00:00
Patrick Uiterwijk
b188cef81b Turns out that the subjects: thing is just informational 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-11-01 00:16:39 +00:00
Patrick Uiterwijk
363a554afb Allow openshift appowners in staging access to exec pods 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-23 16:03:43 +00:00
Patrick Uiterwijk
c591f490b8 Make appowners in staging more powerful 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-13 00:04:08 +00:00
Patrick Uiterwijk
b1f0cd0a55 Make this rerunnable 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-09 00:58:34 +00:00
Patrick Uiterwijk
de19d64c1c Add link to upstream bug for record 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 20:50:03 +00:00
Patrick Uiterwijk
cba7d519d4 Silly me, ClusterRoles are separate objects 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 20:45:48 +00:00
Patrick Uiterwijk
e0f9332d86 Turns out that namespace-local roles are broken pre openshift 3.6 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 20:42:44 +00:00
Patrick Uiterwijk
8347455e74 I thought I learned last week that roles need their namespace specified... 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 19:57:59 +00:00
Patrick Uiterwijk
1ad53acd23 And *this* is plural. Man, singular and plural are hard 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 19:57:04 +00:00
Patrick Uiterwijk
f51408ac1a Remove project-level admins 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2017-10-08 21:45:40 +02:00
Patrick Uiterwijk
65f21ee450 Allow specifying appowners for projects 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2017-10-08 21:45:19 +02:00
Dan Callaghan
0a9f8119cb Revert "trying to fix "field is immutable" error from oc apply" 
This reverts commit 336d4e71ce.
It didn't help.
 2017-09-29 20:55:15 +10:00