From e85a32d463de6e3d7371ba35c67042aeda4b9d82 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Tue, 8 Dec 2020 13:00:14 -0500 Subject: [PATCH 1/2] Fix typo in deployment template --- installer/roles/kubernetes/templates/deployment.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installer/roles/kubernetes/templates/deployment.yml.j2 b/installer/roles/kubernetes/templates/deployment.yml.j2 index 512e801643..daf67744f6 100644 --- a/installer/roles/kubernetes/templates/deployment.yml.j2 +++ b/installer/roles/kubernetes/templates/deployment.yml.j2 @@ -4,7 +4,7 @@ kind: ServiceAccount metadata: name: {{ kubernetes_serviceaccount_name }} namespace: {{ kubernetes_namespace }} -{% if kubernetes_service_account_is defined %} +{% if kubernetes_service_account_annotations is defined %} annotations: {% for key, value in kubernetes_service_account_annotations.items() %} {{ key }}: "{{ value }}" From 8788c904c8dcd6e83521887b3450b09bf7037ca5 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Tue, 8 Dec 2020 13:06:00 -0500 Subject: [PATCH 2/2] Revert: Force containers in k8s to run under root group This reverts most of: https://github.com/ansible/awx/commit/423df6618d1f5484ea428dcd32371e67bb4c49d4 Since https://github.com/sclorg/redis-container/pull/62 is now shipped downstream --- installer/roles/kubernetes/templates/deployment.yml.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/installer/roles/kubernetes/templates/deployment.yml.j2 b/installer/roles/kubernetes/templates/deployment.yml.j2 index daf67744f6..03b09c0d3b 100644 --- a/installer/roles/kubernetes/templates/deployment.yml.j2 +++ b/installer/roles/kubernetes/templates/deployment.yml.j2 @@ -116,8 +116,6 @@ spec: app: {{ kubernetes_deployment_name }} spec: serviceAccountName: {{ kubernetes_serviceaccount_name }} - securityContext: - fsGroup: 0 terminationGracePeriodSeconds: 10 {% if custom_venvs is defined %} {% set trusted_hosts = "" %}