This change refactors the apparmor job to utilize the feature
gates system instead of relying on separate scripts.
Change-Id: I51b36c1972ff3ee8d4366bf2d5027e433721d740
The current podsecuritypolicy job has not been passing for quite
a while. Disable it for now until it's fixed to avoid wasting
infra resources.
Change-Id: I14b184cf03e625cbbaa829a4de101dc2142a7e27
These charts bootstraps a metacontroller on a
Kubernetes cluster using the Helm package manager.
This enables you to deploy custom controllers as
service + deployment pairs. A DaemonJobController
chart bootstraps the CompositeController and register
DaemonJob CRD, the daemonjob controller executes
DaemonJob(CR's) in kubernetes Cluster.
Change-Id: Ic946f564ea1cf07e89c90a598e59230dc240950c
This chart provides default configuration objects for a
kubernetes namespace.
Change-Id: If1b1545956064bb0897c8d67d9f13ef606ed2ba3
Signed-off-by: Pete Birley <pete@port.direct>
This change addresses the results that were found when running
bandit against the templated python files in the various charts.
This also makes the bandit gate only run when python template
files are changed as well as makes the job voting.
Change-Id: Ia158f5f9d6d791872568dafe8bce69575fece5aa
This change adds a means of introducing new storage classes
and local persistent volumes.
Change-Id: I340c75f3d0a1678f3149f3cf62e4ab104823cc49
Co-Authored-By: Steven Fitzpatrick <steven.fitzpatrick@att.com>
This updates the Elastic Beats charts to 7.1.0 to keep them
aligned with the Kibana and Elasticsearch chart versions, which
is required for compatibility
This also updates the experimental job to use the single node
minikube deployment as opposed to the standard 5 node multinode
deployment
Change-Id: I4baba6ca2ea2f3785f11905138b67979a4501caa
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This change adds in missing network policy overrides for
fluent-daemonset and prometheus-exporter, as well as removes
existing mariadb network policies overrides that were causing
the network policy check job to fail.
Change-Id: Ib7a33f3d14617f9a9fda264f32cde7729a923193
This change adds a non-voting bandit check to openstack-helm-infra
similar to what is ran in the openstack-helm repo.
This check will be made voting in a future change once the current
failures are addressed.
Similarly this check will be modified in a future change to
only be ran when affected python files are changed.
Change-Id: I177940f7b050fbe8882d298628c458bbd935ee89
This disables the keystone-auth single node job and all multinode
periodic and experimental jobs while standing issues with the
kubeadm-aio image deployment are sorted out
Change-Id: I3ce0afba155e923b6dd50f83fa6b529908b9a79b
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This updates the osh-infra-logging single node job to omit the
fluentbit deployment step, as having multiple logging daemonsets
deployed to the single node jobs is causing IO issues. Also, it
was noted that the fluentd-deployment step was missing the
overrides to move the fluentd-deployment release from utilizing a
daemonset to a deployment. This resulted in 3 logging daemons
being deployed to a single host
Change-Id: I4a0c5550e6ea6a331aab0082a975f161e65704bf
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This proposes adding a kafka chart to osh-infra that aligns
with the design patterns laid out by the other charts in osh-infra
and osh.
danielqsj's kafka-exporter image is leveraged to deploy a prometheus
exporter for kafka alongside the main application if enabled in
values.yaml
Change-Id: I5997b0994fc3aef9bd1b222c373cc3a013112566
Co-Authored-By: Meghan Heisler <mh783g@att.com>
This updates the Grafana chart to support the definition of
multiple datasources. This moves to defining a template in the
chart's values.yaml file that allows for inline gotpl for
defining an arbitrary number of datasources. This also updates the
grafana dashboards to include a selector for the Prometheus
datasource to use via a drop down selector. This is vetted out in
the federated monitoring job
Change-Id: I55171fed5c2b343130d135d0b42bc96ff11c4712
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This makes the keystone-auth job nonvoting, until adequate work
can be done to help make the job more reliable. At the moment,
this job seems to be responsible for the majority of the gate job
failures due to what seems to be limitations with the single node
nodesets available
Change-Id: I08f1f10b79e9a5fd82ef7c6d887a03ccb55cceed
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This adds the experimental jobs back to osh-infra, as they were
erroneously disabled via comments in a previously merged change
Change-Id: Id92c24223f8c22f1a0ff82b62c222b2920ecd929
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This updates the Prometheus chart to support federation. This
moves to defining the Prometheus configuration file via a template
in the values.yaml file instead of through raw yaml. This allows
for overriding the chart's default configuration wholesale, as
this would be required for a hierarchical federated setup. This
also strips out all of the default rules defined in the chart for
the same reason. There are example rules defined for the various
aspects of OSH's infrastructure in the prometheus/values_overrides
directory that are executed as part of the normal CI jobs. This
also adds a nonvoting federated-monitoring job that vets out the
ability to federate prometheus in a hierarchical fashion with
extremely basic overrides
Change-Id: I0f121ad5e4f80be4c790dc869955c6b299ca9f26
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This removes the elasticsearch-ldap.sh script from the single node
osh-infra-logging job, as this step does not provide any real
value and is tightly coupled to the elasticsearch version used.
This sort of validation should be reserved for smoke tests in
future helm tests for charts
Change-Id: I7ca4805a8809568cb09c8bab6c239c008528fd6a
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This proposes adding a zookeeper chart to osh-infra that aligns
with the design patterns laid out by the other charts in osh-infra
and osh.
Change-Id: I25edc58fc951e7f81f7275ade6cf9c97e0afae02
Signed-off-by: Steve Wilkerson <sw5822@att.com>
Co-Authored-By: Steven Fitzpatrick <steven.fitzpatrick@att.com>
This disables the cephfs provisioner in the multinode
periodic jobs. It seems the helm tests for the ceph
provisioner chart that test cephfs fail more often than
not in the multinode jobs while passing reliably in the
single node check and gate jobs. As cephfs is still
gated, disabling the cephfs provisioner in the periodic
jobs allows for further investigation into this issue
without causing potential regressions
Change-Id: I36e68cc2e446afac8769fb9ab753105909341f24
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This adds the ability to tolerate failures of the selenium tests
in our jobs, as we intermittenly see these tests fail. The failure
of these tests should not necessarily indicate failure of the job
overall, so this change prevents exactly that
Change-Id: I4f97fad96f63d42fdb3bb5b8958dbed3dfd7dfc7
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This removes the old fluent-logging chart from network
policy and replaces it with the new fluentbit and fluentd
charts. This will return the network policy gate back to
passing
Change-Id: I060c6c3034fa798a131a053b9d496e5d8781c55d
Job openstack-helm-infra uses role named "start-zuul-console" that is part
of another project named "zuul/zuul-jobs". If this job is
ever used by another project as "parent job", it would fail, because
wouldn't find the role in any of the default pathes. This patch adds the
roles from zuul/zuul-jobs project, to the job that uses these roles from
the project
Change-Id: Ib3b7e0e43008b7a4f394b49b75529bfde9780d2f
