Adds support for TLS on overriden fqdns for public endpoints for
the services that have them in openstack-helm-infra. Currently this
implementation is limited, in that it does not provide support for
dynamically loading CAs into the containers, or specifying them manually
via configuration. As a result only well known or CA's added manually
to containers will be recognised.
Change-Id: I4ab4bbe24b6544b64cd365467e8efb2a421ac3f4
This moves to define the datasources provisioned by grafana via
a template defined in the values.yaml. This allows us to define
multiple datasource types that can be mapped directly to the
corresponding entries in endpoints, which enables us to generate
the data source urls via endpoint lookups rather than hardcoding
this. This is the first step to support multiple data sources in
a singular grafana deployment
Change-Id: Iac7f4b1e07aaf83ae4d2a0c923cd06817f0d8c0d
This updates the LDAP configuration for grafana, using a template
defined in the values.yaml file. Using the template allows us to
dynamically define LDAP configuration values, such as the bind dn,
search base and group search base paths, the password, and the
LDAP fqdn. This also updates the volume mount for the
provisioning directory to be defined by the configuration value in
the values.yaml file
Change-Id: I1e4866d1189cf40b08b3443dc725646a1b76094c
This adds missing readiness probes to the following charts in
openstack-helm-infra: elasticsearch, fluent-logging, kibana,
nagios, prometheus-kube-state-metrics, prometheus-node-exporter,
and prometheus-openstack-exporter
Change-Id: I6a2635b08667c31eadb1b05ba848c658935a17e5
This PS updates the tls functions to be yaml safe for the service
name.
Change-Id: I535f38a8d92c01280d79926a1f0acd06984aabbf
Signed-off-by: Pete Birley <pete@port.direct>
This updates the ordering of the basic auth providers in the
elasticsearch and nagios chart to check the file provider first
before going out to check the configured ldap server.
Change-Id: I47ff8a1c7b2cefa8425914c5d4d7a76aa8d43216
Signed-off-by: Steve Wilkerson <wilkers.steve@gmail.com>
This changes the keystone webhook check back to voting once the
helm-toolkit manifest changes are merged in, and depends on the
openstack-helm patchset that introduces the changes the manifest
change required for this check to pass
Depends-On: https://review.openstack.org/576001
Change-Id: I337fe6d57a978e5b92d5bb5ae844e16bb8082609
Signed-off-by: Steve Wilkerson <wilkers.steve@gmail.com>
This modifies the manifest files to include volume mounts for
the logging configuration file, which is required for the jobs
in the charts to function
This also makes the keystone-webhook job nonvting, as the htk
changes will break the osh-charts required for the keystone
webhook job. The change to add the required fixes can be found
here: https://review.openstack.org/#/c/576001/.
Needed-By: https://review.openstack.org/576001
Change-Id: I543c01c5560570fd67c42fe2f9a060e888532935
Signed-off-by: Steve Wilkerson <wilkers.steve@gmail.com>
This patch set cleans up inflight patch [1] by moving helm-toolkit
changes to OSH-infra per [0].
[0] https://review.openstack.org/#/c/558065/
[1] https://review.openstack.org/#/c/566350/
Change-Id: Ifdf3a1d11f2a7cb424476d57d407a224b1ab80eb
Needed-by: I8f1b699af29cbed2d83ad91bb6840dccce8c5146
Signed-off-by: Tin Lam <tin@irrational.io>
Signed-off-by: Pete Birley <pete@port.direct>
With the latest change to keystone regarding default roles, this
change moves all instances of the member role to be set as
"member", from any deviations in casing or characters.
Change-Id: I9f49fb562239047763c88fcb09a13d891b80d60a
This PS adds support for testing fqdn over-rides in zuul gates.
When enabled it will direct requests to a configurable domain to
the default ip of the primary node.
Change-Id: I3d9a4a0bf06532caf0f544d44027493622f4ae5b
Signed-off-by: Pete Birley <pete@port.direct>
Upgrades the kubernetes version to v1.10.5 from v1.10.4.
Change-Id: Ic2a1f73c935136135e587945180e67ac928f8178
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set loads the proxy environment variable when executing helm
init as it attempts to reach out to an external address to load the
stable repo. If this is executed with in a corporate environment that
requires a proxy, this would fail without the needed envvars.
Change-Id: I8b1b1efb15352934eb8f2a0b0214e486eea80d46
Signed-off-by: Tin Lam <tin@irrational.io>
This reverts commit ad5d4259c45940bf4ddd150aad37c5b8d1aabba6.
We need to revert this - as until the charts are updated OSH is broken.
Change-Id: I58db4c0bf7bdccd8ba7cd1e63af00ff1f01c343a
This modifies the manifest files to include volume mounts for
the logging configuration file, which is required for the jobs
in the charts to function
This also makes the keystone-webhook job nonvting, as the htk
changes will break the osh-charts required for the keystone
webhook job. The change to add the required fixes can be found
here: https://review.openstack.org/#/c/576001/.
Once that change is merged, we can move the keystone-webhook job
back to a voting job
Change-Id: I6ae59e2736624fff5b072e89b6043b23bc8b7f5d
When the system is restarted, the helm service is not running,
which results in the failure of the helm command.
Change-Id: I476b7f2e8fc0948d0fb04f51d852080281c265bf
This PS updates the openrc functions to use the internal interface by
default for keystone actions performed within the cluster.
Change-Id: I491618d9fd473917e2034a315f292db746f0d7cc
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the rally test runner script to allow the keystone
endpoint interface to be defined.
Change-Id: I88d7446c6bbb85090929be1728a308886cb41a74
Signed-off-by: Pete Birley <pete@port.direct>
This PS removes the use of the `quote and truncate` approach to
suppress output from gotpl actions in templates and replaces it
with the recommended practice of defining `$_` instead.
Change-Id: I5fedc3471dcbecef37d2fe1302bf9760b3163467
Signed-off-by: Pete Birley <pete@port.direct>
This PS udpate the dependency mixin function to permit cases where
the mixin is disabled by passing a null value as the key to use
for resolution.
Change-Id: Idcade7eebed317852b70392431ed02a352241c9b
Signed-off-by: Pete Birley <pete@port.direct>
This changes the default image for kube-state-metrics to use the
bitnami image instead of the coreos image. This allows us to
override the image entrypoint, as the Alpine based image used
previously did not easily allow us to do so. Adding this also
makes creating a common prometheus exporter deployment template
easier, as it reduces the functional differences between exporter
charts and templates
Change-Id: I6c4aac36f563fcb15f52640bc6f9913b45b4358a
This PS moves to use the current ga version for kubernetes daemonsets,
additionally any remaining deployments that were using the
`extensions/v1beta1` have been updated to `apps/v1`.
Story: 2002205
Task: 21735
Change-Id: If9703162dc472af1e6096bf2b9062802fd5ce8ab
Signed-off-by: Pete Birley <pete@port.direct>
This moves the Fedora job in openstack-helm-infra to an
experimental check until the issues with Fedora can be resolved
Change-Id: I5080351e3e12f2759b7fc9d73f361918d19041f6
This updates the node-exporter chart to provide the mechanism
for overriding the default image's entrypoint, which brings it in
line with the other charts
Change-Id: Ia8f6a306a6f72d7dba37e5c5736e0f5a11ad1bf0
This PS moves to use the current API version for kubernetes rcs'
that were previously using `apps/v1beta1`.
Story: 2002205
Task: 21735
Change-Id: Icb4e7aa2392da6867427a58926be2da6f424bd56
Signed-off-by: Pete Birley <pete@port.direct>
This updates the resources and the apigroups in the clusterrole
for kube-state-metrics to reflect the additional collectors that
are included in the image we use
Change-Id: I4b1c1779598e6488e4e1c8def18ad767d5d5fab4
This patch set will allow the docker setting to take effect even if
docker is already installed. The proxy setting will take effect as
long as the proxy variables are in place.
Change-Id: I1df812001d37d094fc3a31bea9e13d1488277a67
Signed-off-by: Tin Lam <tin@irrational.io>
This adds a basic check for capacity utilization for persistent
volume claims. To accomplish this, it adds a basic alerting rule
to prometheus that triggers after a persistent volume's usage
exceeds 80%, and triggers 5 minutes after that state has been
reached. In addition, there is a service check added to the
nagios chart that will query Prometheus to check if the alarm
for that threshhold is firing for any of the volume claims.
Change-Id: I862c860ac479a715733202f679bb151885d7aa7c
This PS simply moves functions within the chart to their correct location.
Change-Id: Ia3d693713903d226a864dcdcf9884dee67f07d2b
Signed-off-by: Pete Birley <pete@port.direct>
This PS simply moves functions within the chart to their correct location.
Change-Id: Ia5ac02a25a76ff759160cc352404b71b4208b216
Signed-off-by: Pete Birley <pete@port.direct>
