)]}'
{"elasticsearch/values.yaml":[{"author":{"_account_id":30777,"name":"Steven Fitzpatrick","email":"steven@fitzpatrick.wtf","username":"sf280x"},"change_message_id":"f1892bbd417b8d2b645250085e11a8e24ec7f6be","unresolved":false,"context_lines":[{"line_number":154,"context_line":"          readOnlyRootFilesystem: true"},{"line_number":155,"context_line":"    client:"},{"line_number":156,"context_line":"      pod:"},{"line_number":157,"context_line":"        runAsUser: 65534"},{"line_number":158,"context_line":"      container:"},{"line_number":159,"context_line":"        memory_map_increase:"},{"line_number":160,"context_line":"          privileged: true"}],"source_content_type":"text/x-yaml","patch_set":7,"id":"3fa7e38b_ebafcc79","line":157,"range":{"start_line":157,"start_character":8,"end_line":157,"end_character":24},"updated":"2020-02-04 06:45:21.000000000","message":"I think this setting is conflicting with the \u0027privileged: true\u0027 and possibly other settings used in the pod and container security contexts below.","commit_id":"6645dba12d5b5ea631d059b018ef51b2b70b07cf"},{"author":{"_account_id":17591,"name":"Steve Wilkerson","email":"wilkers.steve@gmail.com","username":"srwilkers"},"change_message_id":"2cfcb3d0f82c862794bfd42405248ea51c5d475b","unresolved":false,"context_lines":[{"line_number":154,"context_line":"          readOnlyRootFilesystem: true"},{"line_number":155,"context_line":"    client:"},{"line_number":156,"context_line":"      pod:"},{"line_number":157,"context_line":"        runAsUser: 65534"},{"line_number":158,"context_line":"      container:"},{"line_number":159,"context_line":"        memory_map_increase:"},{"line_number":160,"context_line":"          privileged: true"}],"source_content_type":"text/x-yaml","patch_set":7,"id":"3fa7e38b_418cb880","line":157,"range":{"start_line":157,"start_character":8,"end_line":157,"end_character":24},"in_reply_to":"3fa7e38b_ebafcc79","updated":"2020-02-04 16:27:10.000000000","message":"You\u0027re spot on.","commit_id":"6645dba12d5b5ea631d059b018ef51b2b70b07cf"},{"author":{"_account_id":30777,"name":"Steven Fitzpatrick","email":"steven@fitzpatrick.wtf","username":"sf280x"},"change_message_id":"f1892bbd417b8d2b645250085e11a8e24ec7f6be","unresolved":false,"context_lines":[{"line_number":170,"context_line":"          readOnlyRootFilesystem: false"},{"line_number":171,"context_line":"    master:"},{"line_number":172,"context_line":"      pod:"},{"line_number":173,"context_line":"        runAsUser: 65534"},{"line_number":174,"context_line":"      container:"},{"line_number":175,"context_line":"        memory_map_increase:"},{"line_number":176,"context_line":"          privileged: true"}],"source_content_type":"text/x-yaml","patch_set":7,"id":"3fa7e38b_8bc41844","line":173,"range":{"start_line":173,"start_character":8,"end_line":173,"end_character":24},"updated":"2020-02-04 06:45:21.000000000","message":"Here too","commit_id":"6645dba12d5b5ea631d059b018ef51b2b70b07cf"},{"author":{"_account_id":30777,"name":"Steven Fitzpatrick","email":"steven@fitzpatrick.wtf","username":"sf280x"},"change_message_id":"f1892bbd417b8d2b645250085e11a8e24ec7f6be","unresolved":false,"context_lines":[{"line_number":202,"context_line":"          readOnlyRootFilesystem: true"},{"line_number":203,"context_line":"    data:"},{"line_number":204,"context_line":"      pod:"},{"line_number":205,"context_line":"        runAsUser: 65534"},{"line_number":206,"context_line":"      container:"},{"line_number":207,"context_line":"        memory_map_increase:"},{"line_number":208,"context_line":"          privileged: true"}],"source_content_type":"text/x-yaml","patch_set":7,"id":"3fa7e38b_4bbe20b0","line":205,"range":{"start_line":205,"start_character":8,"end_line":205,"end_character":24},"updated":"2020-02-04 06:45:21.000000000","message":"Here too","commit_id":"6645dba12d5b5ea631d059b018ef51b2b70b07cf"}],"mariadb/values.yaml":[{"author":{"_account_id":17591,"name":"Steve Wilkerson","email":"wilkers.steve@gmail.com","username":"srwilkers"},"change_message_id":"2cfcb3d0f82c862794bfd42405248ea51c5d475b","unresolved":false,"context_lines":[{"line_number":85,"context_line":"        runAsUser: 65534"},{"line_number":86,"context_line":"      container:"},{"line_number":87,"context_line":"        server:"},{"line_number":88,"context_line":"          allowPrivilegeEscalation: false"},{"line_number":89,"context_line":"          readOnlyRootFilesystem: false"},{"line_number":90,"context_line":"    error_pages:"},{"line_number":91,"context_line":"      pod:"}],"source_content_type":"text/x-yaml","patch_set":7,"id":"3fa7e38b_0186c060","line":88,"range":{"start_line":88,"start_character":10,"end_line":88,"end_character":41},"updated":"2020-02-04 16:27:10.000000000","message":"This change references Elasticsearch.  Why are you changing security context configuration for mariadb?","commit_id":"6645dba12d5b5ea631d059b018ef51b2b70b07cf"},{"author":{"_account_id":29161,"name":"Rahul Khiyani","email":"rahul.khiyani@att.com","username":"rk0850"},"change_message_id":"d79167c87d7b5a74be41512e986ac3d551c8269f","unresolved":false,"context_lines":[{"line_number":85,"context_line":"        runAsUser: 65534"},{"line_number":86,"context_line":"      container:"},{"line_number":87,"context_line":"        server:"},{"line_number":88,"context_line":"          allowPrivilegeEscalation: false"},{"line_number":89,"context_line":"          readOnlyRootFilesystem: false"},{"line_number":90,"context_line":"    error_pages:"},{"line_number":91,"context_line":"      pod:"}],"source_content_type":"text/x-yaml","patch_set":7,"id":"3fa7e38b_c8a43a4f","line":88,"range":{"start_line":88,"start_character":10,"end_line":88,"end_character":41},"in_reply_to":"3fa7e38b_0186c060","updated":"2020-02-05 15:20:43.000000000","message":"Sorry, I missed to update commit message.","commit_id":"6645dba12d5b5ea631d059b018ef51b2b70b07cf"},{"author":{"_account_id":30777,"name":"Steven Fitzpatrick","email":"steven@fitzpatrick.wtf","username":"sf280x"},"change_message_id":"f1892bbd417b8d2b645250085e11a8e24ec7f6be","unresolved":false,"context_lines":[{"line_number":85,"context_line":"        runAsUser: 65534"},{"line_number":86,"context_line":"      container:"},{"line_number":87,"context_line":"        server:"},{"line_number":88,"context_line":"          runAsUser: 0"},{"line_number":89,"context_line":"          readOnlyRootFilesystem: false"},{"line_number":90,"context_line":"    error_pages:"},{"line_number":91,"context_line":"      pod:"}],"source_content_type":"text/x-yaml","patch_set":8,"id":"3fa7e38b_cb7bf0f0","side":"PARENT","line":88,"range":{"start_line":88,"start_character":10,"end_line":88,"end_character":22},"updated":"2020-02-04 06:45:21.000000000","message":"It seems like (in 2018 at least) common to run ingress containers as user 0. Someone suggested user user 33 instead which might work.\n\nhttps://github.com/kubernetes/ingress-nginx/issues/2855#issuecomment-413887032\n\nAlso for some reason, when mariadb-ingress is deployed in the zuul check it\u0027s using an outdated image. Per the ingress chart values.yaml, it should be on v0.23.0 Maybe this is interfering?\n\nhttps://zuul.opendev.org/t/openstack/build/0e3f8bcecdb0469bae6f6d2da72b1a8d/log/primary/objects/namespaced/osh-infra/deployment/mariadb-ingress.txt#42","commit_id":"3dd0eb0cdf54387447f07a4ec6be9582c457a1a8"}],"nagios/values.yaml":[{"author":{"_account_id":17591,"name":"Steve Wilkerson","email":"wilkers.steve@gmail.com","username":"srwilkers"},"change_message_id":"2cfcb3d0f82c862794bfd42405248ea51c5d475b","unresolved":false,"context_lines":[{"line_number":211,"context_line":"  security_context:"},{"line_number":212,"context_line":"    monitoring:"},{"line_number":213,"context_line":"      pod:"},{"line_number":214,"context_line":"        runAsUser: 65534"},{"line_number":215,"context_line":"      container:"},{"line_number":216,"context_line":"        apache_proxy:"},{"line_number":217,"context_line":"          readOnlyRootFilesystem: false"}],"source_content_type":"text/x-yaml","patch_set":7,"id":"3fa7e38b_61ec5428","line":214,"range":{"start_line":214,"start_character":19,"end_line":214,"end_character":24},"updated":"2020-02-04 16:27:10.000000000","message":"This is also not Elasticsearch.","commit_id":"6645dba12d5b5ea631d059b018ef51b2b70b07cf"},{"author":{"_account_id":29161,"name":"Rahul Khiyani","email":"rahul.khiyani@att.com","username":"rk0850"},"change_message_id":"d79167c87d7b5a74be41512e986ac3d551c8269f","unresolved":false,"context_lines":[{"line_number":211,"context_line":"  security_context:"},{"line_number":212,"context_line":"    monitoring:"},{"line_number":213,"context_line":"      pod:"},{"line_number":214,"context_line":"        runAsUser: 65534"},{"line_number":215,"context_line":"      container:"},{"line_number":216,"context_line":"        apache_proxy:"},{"line_number":217,"context_line":"          readOnlyRootFilesystem: false"}],"source_content_type":"text/x-yaml","patch_set":7,"id":"3fa7e38b_a85f7e4a","line":214,"range":{"start_line":214,"start_character":19,"end_line":214,"end_character":24},"in_reply_to":"3fa7e38b_61ec5428","updated":"2020-02-05 15:20:43.000000000","message":"same here","commit_id":"6645dba12d5b5ea631d059b018ef51b2b70b07cf"},{"author":{"_account_id":17591,"name":"Steve Wilkerson","email":"wilkers.steve@gmail.com","username":"srwilkers"},"change_message_id":"40c9d5dc9c19c10cb4b3c86b5fd3bc4151b04f08","unresolved":false,"context_lines":[{"line_number":211,"context_line":"  security_context:"},{"line_number":212,"context_line":"    monitoring:"},{"line_number":213,"context_line":"      pod:"},{"line_number":214,"context_line":"        runAsUser: 65534"},{"line_number":215,"context_line":"      container:"},{"line_number":216,"context_line":"        apache_proxy:"},{"line_number":217,"context_line":"          readOnlyRootFilesystem: false"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"3fa7e38b_74f486d0","line":214,"range":{"start_line":214,"start_character":19,"end_line":214,"end_character":24},"updated":"2020-02-13 04:03:05.000000000","message":"This will not work, as the Apache sidecar serving the reverse proxy for Nagios has to run as the root user.  The only way to circumvent this is to change the standard port (80) being served by the reverse proxy","commit_id":"f2f8dc917742f67d23cbcaf3c09460ae603ca41d"}]}