This PS adds the ability to change the admin user credentials
and erlang session cookie. To do so requires `--recreate-pods` to
be passed to helm on a release upgrade.
Change-Id: Ib04ad43a7c303a8ddc31fd0de288a2f7f3294a12
Signed-off-by: Pete Birley <pete@port.direct>
This PS improves the robustnes of the RabbitMQ clustering logic
to support reforming the cluster following recreation of all pods,
and wait for the cluster to fully form before continuing in case
of an upgrade.
This ability was lost with the introduction of the following PS,
which prevented reformation of the cluster from scratch.
* https://review.openstack.org/#/c/637337/
Change-Id: I99d32fbd3c56dde492717a7850b61001fa8f7fb5
Signed-off-by: Pete Birley <pete@port.direct>
This updates the kubernetes version used when deploying via
kubeadm and minikube to v1.13.4
This required updating the apiVersion in the kubeadm configuration
file template, as well as removing the --cadvisor-port flag from
the kubelet args, as this has been removed entirely
Change-Id: I3088b65ece0a5c9c5ef2669247ac293d6a6f66ed
This PS adds a test to ensure the correct number of members in a
cluster.
Change-Id: I52d0fcc473322fb9a754e95a2977a5c2cfad6b45
Signed-off-by: Pete Birley <pete@port.direct>
This updates the Redis helm test to use the redislabs/redis-py
image instead of the base ubuntu image, which allows for cleaning
up of the helm test entrypoint script. This was done to address
routine failures in the multinode periodic jobs, eg:
http://zuul.openstack.org/build/49a9627901514eeda40906c146b9a551
Change-Id: Ida0fd39d2c6d3908aca4cdb42d3a271c39ecc601
securityContext with readOnlyRootFilesystem is implemented at container
level and leveraged the helm-toolkit snippet
Change-Id: I98ca4211e0e236beb3dfe0e11cf5bb10a91b16a6
securityContext with readOnlyRootFilesystem is implemented at container
level and leveraged the helm-toolkit snippet
Change-Id: I8b16e9c17154a2bac162f31939b510fcd773126b
This moves the pod security policy job to a nonvoting check and
removes it as a gating job. This was overlooked previously. Once
the job has been vetted, we can revisit potentially making it a
voting and gating job
This had been done previously, but was overlooked in a change that
reintroduced the podsecuritypolicy job as a voting check and gate
Change-Id: I604efb9c608da69a04eaf87a54899cea34d7cd59
Added backoffLimit to exporter-create-sql-user job so that it
keeps retrying to restart the pod incase of an error. Also added
activeDeadlineSeconds for the pod created by this job to terminate
if it does not become ready in one hour.
Change-Id: Ib6214a887f959fed84108884c8d286624d2f164f
Provide support to add annotations to the podsecuritypolicy. This will
allow to add annotations related to seccomp and apparmor in psp.
Change-Id: I78718ae1f60e8ebee8ac8ba86145bb9ae26491d5
This patch place in a sample for an init container, generated by
helm toolkit, to load an apparmor profile included in the chart.
Change-Id: I309e3b550fd1d683745c319aa39bcfb96b77ea14
Signed-off-by: Tin Lam <tin@irrational.io>
The stats are generated by divingbell job and node-exporter picks
the stats from the host file system.
Change-Id: I0f73a6f3ca7e9d045832435410933bd630a8c686
This adds configuration overrides for a very basic Curator action
that should effectively be a no-op. This is to address periodic
failures seen in the osh-infra-aio-logging job that appear when
the run times coincide with Elastic Curator's cron schedule (every
six hours). This ensures curator actions are defined in cases
where this occurs
Change-Id: Ia2255ada2f32f21888bd4ca96df88496720fd0a5
This updates the metricbeat and filebeat daemonset templates to
include both the appropriate node selector definitions as well as
the ability to enable tolerations for the daemonsets in the same
manner as fluentbit and the node exporter
Change-Id: I474c4361c86287f05ab6078c1f81d671e902598d
Without setting the coordination driver, the gnocchi worker will
battle against other workers for jobs. This commit updates to use
memcached as gnocchi's coordinator.
This commit also removes the gnocchi upgrade option "--create-legacy-
resource-types" in the chart which creates ceilometer resource types.
The resource types creation is done by the ceilometer side during
ceilometer-upgrade. The option was already removed since gnocchi 4.0.0.
The missing image for gnocchi_resources_cleaner is added in this commit.
Change-Id: I19b6a4da21d1fe9816759b836b73a14bacd373a8
Signed-off-by: Angie Wang <angie.wang@windriver.com>
This PS extends the gate scripts to allow ceph to be deployed from
a workstation external to the k8s cluster.
Change-Id: I09b9a11747bab32c19637d8dd076b8caa3b89445
Signed-off-by: Pete Birley <pete@port.direct>
This PS makes some minor changes to the minikube k8s script to
make shellcheck happy
Change-Id: Ic5972d7de20b73aee0b019143ba778d6f1ff9271
Signed-off-by: Pete Birley <pete@port.direct>
Currently both 'deployment:rgw_keystone_user_and_endpoints`
and 'conf: rgw_ks' are used and set to true to deploy
ceph-rgw with keystone integration.
Going forward, we should only use `conf: rgw_ks: enabled: true`
to deploy ceph-rgw with keystone integration.
Change-Id: I17aecd4f977ed897bb0771edc9acafd4479777d1
- Postgres initdb fails running as non-root as it cannot
change the ownership or permission on the PVC mounted
to the container. Update the chart to use a uid 0 init
container for setting ownership before the postgres
container starts.
Change-Id: I648fe7ca3dbc1f6ca6f4513360de2278be7c1ce4
This uses the ceph luminous repository temporarily until the
issues seen recently with the mimic repository are sorted out and
addressed
Change-Id: Ic079fd2b3e948f37b9362bb221af45605230b19a
This PS udpates the mariadb chart to support changing the root password.
Additionally it moves to use three replicas in the gate
Change-Id: I286ad0b892e5ea2f85636a0c7af58598bcfdaec4
Signed-off-by: Pete Birley <pete@port.direct>
This moves the pod security policy job to a nonvoting check and
removes it as a gating job. This was overlooked previously. Once
the job has been vetted, we can revisit potentially making it a
voting and gating job
Change-Id: I5d06343f94ae64355bce9d4f7862a8b18b5ea827
This updates Helm from version v2.12.3 to v2.13.0.
The `merge` function has changed behavior, and is now called
`mergeOverwrite`.
Change-Id: Ie3364256c8abb714b748b3bf3658bd6cd1e3ce35
