Allow Calico resources such as NetworkPolicy, GlobalNetworkPolicy,
WorkloadEndpoint, etc to be specified using values.
To avoid the complexities of list management with helm we use a
dictionary that contains a relative priority and set of objects
(called rules).
For example:
network:
policy:
someName:
priority: 0
rules:
- apiVersion: projectcalico.org/v3
... some useful resource object ...
- apiVersion: projectcalico.org/v3
... some other useful resource object ...
someOtherName:
priority: 1
rules:
- apiVersion: projectcalico.org/v3
... rules that come later ...
lastSetOfRules:
priority: 9
rules:
- apiVersion: projectcalico.org/v3
... rules that come last ... maybe hostendpoints ...
By having named groups of rules each with it's own priority you can
update, delete and amend individual sets of rules without provided you
set the appropriate "priority" value.
Change-Id: Id441350bcc8b95a91ef4d1b89d1bc3c417f50b13
This removes yet another time the dependency towards OSH repo.
With each repository independant, we can later introduce abstract
jobs that will be re-usable but with a clean dependency map: only
bring jobs from one single location, openstack-helm-infra.
Change-Id: I72844a944cfea5380de25dbd7cf7231c8d39f4ec
Use the 'docker-nfs' namespace to back the docker registry. This
means we can delete the registry namespace without causing IO lockups.
Change-Id: I1706dd96653598dcfbb81904fde8c0bf92294b06
Having storage (backend) components in their own namespace means we
can delete the namespaces containing the openstack without causing
system hangs which occur when storage is remove whilst in use.
Change-Id: Ie489709b08929f25cf0e626a8541620a06506b8b
By default use rbd-nbd (librbd) instead of krbd.
Applying this change on existing nodes will
require reboots.
Change-Id: I81829fb8666541e856ab402128a5192984b6fe05
This updates the fluentd buffer output configurations to account
for the restraints of the jobs deploying fluentd. This also
renames the fluentd configuration key from td_agent to fluentd to
reflect the fact we're no longer deploying td-agent
This also updates the Elasticsearch default replicas and overrides
the replica counts in each Elasticsearch deployment to account for
resource constraints
Change-Id: I55dee410eced99c3e1645f7452e4306ad646e601
This organizes the single node gates for osh-infra by function.
This organization aims to improve the single node gates in the
following ways:
1. Reduce number of services deployed in single node jobs
2. Only deploy Ceph for logging job, as Elasticsearch requires
RGW for snapshot repositories.
3. Use NFS for storage for monitoring job, as Ceph is not a
requirement for any of the services here.
4. Remove duplicate services deployed to multiple single node jobs
5. Remove storage from openstack-support job, as the only service
requiring storage is rabbitmq. Rabbitmq is deployed with
storage enabled in the openstack-helm checks/gates.
This also removes the documentation for the single node deployments,
as those deployments do not make sense with this change. This should
be revisited as a follow-on once we have a clear path forward for
the larger gate refactoring work
Change-Id: I46951f76904fa2ab245a202d55f76019b7503362
Without this patch, there is a dependency between the two
repositories OSH and OSH-infra, which was recently introduced, and
which will cause a circular dependency problem when trying to remove
the duplicated jobs that will appear in OSH.
Change-Id: Ief4461a66f7139ae0650e4a240a3e65800821f78
Required-By: https://review.openstack.org/610481/
Co-Authored-By: Jean-Philippe Evrard <jean-philippe@evrard.me>
This removes the fluentbit sidecars from the ceph-mon and ceph-osd
charts. Instead, we mount /var/log/ceph as a hostpath, and use the
fluentbit daemonset to target the mounted log files instead
This also updates the fluentd configuration to better handle the
correct configuration type for flush_interval (time vs int), as
well as updates the fluentd elasticsearch output values to help
address the gate failures resulting from the Elasticsearch bulk
endpoints failing
Change-Id: If3f2ff6371f267ed72379de25ff463079ba4cddc
This is to update the mgr liveness script to use admin socket
instead of resolving ceph mon fqdn
Change-Id: Id95f78afef44103a834312d0667d49947ee803a4
Co-Authored-By: Jean-Charles Lopez <jl970p@att.com>
This patch set changes the keystone in the k8s-keystone-auth to
be backed by LDAP. It also updates the test to use the LDAP users
instead of created users in the database.
Co-Authored-By: Samuel Pilla <sp516w@att.com>
Change-Id: Ia34dac51b36a300068ad5fd936c48b0f30821a52
Signed-off-by: Tin Lam <tin@irrational.io>
This PS document use of and fixes the anti-affinity function to
properly support hard anti affinity.
Change-Id: I2ec643d7720036b34fc249a2e230b3bed3aac41f
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves to use the hostname, not the pod name for the
instances specific config sections.
Change-Id: If2bc60c9f4f12038e8aa70fbd33a009cdf652b75
Signed-off-by: Pete Birley <pete@port.direct>
This patch set renames the existing apparmor annotation
function to a more generic MAC (Mandatory Access Control)
name to be flexible enough to handle other MAC annotations
in the future.
Change-Id: I98a34484cebc2b420ad8f2664e4aaa84cfb9dca1
This updates the Grafana Ceph dashboards to use templating to
determine which ceph-mgr to use for displaying ceph related
metrics. This required setting the appropriate labels on the
ceph-mgr service to be able to distinguish between releases
Change-Id: Id2eceacadc5b6366d7bc6668bc16ccf5ba878e4a
We see sporadic shutdown hangs that look to be the issue described at
https://jira.mariadb.org/browse/MDEV-15554
Upgrade minor version to address this.
Change-Id: Idf8403b44e871b5a32173bd153a8367519b239ec
This PS resores the kubeadm-aio image to a functioning state, by
updating the requests package.
Change-Id: I706a8ca5661a8e773386c8d82c049e2a9a04e94e
Signed-off-by: Pete Birley <pete@port.direct>
This updates the Nagios image to include an update to the
Elasticsearch plugin that adds the appropriate headers to the
request sent to Elasticsearch. As Elasticsearch >=6.0 no longer
tries to determine the request data type, we need to explicitly
tell Elasticsearch the request body is JSON. Since we use
Elasticsearch 5.6.4 as default, this change will make the
deprecation warnings for the 6.0 breaking change go away.
Change-Id: I0dbd8859ca8d0bd0893832b4edd92742e575598b
This patch set implements the helm toolkit function to generate a
kubernetes network policy manifest based on overrideable values.
This also adds a chart that shuts down all the ingress and egress
traffics in the namespace. This can be used to ensure the
whitelisted network policy works as intended.
Additionally, implementation is done for some infrastructure charts.
Change-Id: I78e87ef3276e948ae4dd2eb462b4b8012251c8c8
Co-Authored-By: Mike Pham <tp6510@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
Without this patch, there is a dependency between the two
repositories OSH and OSH-infra, which will cause a circular
dependency problem when trying to remove the duplicated jobs
that will appear in OSH.
Change-Id: Ibeee0a853d0c1358519b0391c879137d8a214be2
