Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
by default instead of 1.0.0 which is v1 formatted and
not supported any more by docker.
Change-Id: I6349a57494ed8b1e3c4b618f5bd82705bef42f7a
On containerd v1.7+ openvswitch restarts when
containerd is restarted. To prevent this add tini
and run OVS as a child process.
Change-Id: I382dc2db12ca387b6d32304315bbee35d8e00562
Add option to define an extra command (or commands via multiline yaml
value) that will run at the end of the poststart script. Specific
deployments can benefit from extra cleanup/checks.
Change-Id: I7c26292dc65dc0bfd4374b1f5577696fca89140f
Sometimes the poststart function on a pod restart
completes too quickly, resulting in chown command
running on the incorrect file.
Change-Id: I2eca5b148f13c48314501c955723bf759ffaa4fc
This change includes back the the helm-toolkit snippet:
kubernetes_pod_rbac_serviceaccount to the openvswitch Daemonset
definition, since it is responsible for creating the POD's
ServiceAccount which contains imagePullSecrets that enable the POD to
retrieve images from private registries.
Originally openvswitch chart had two daemonset definitions: for the
db and for the server, but recently both were merged into a single
daemonset [1] and the template inclusion was dropped during this merge
[1] 73e2b3322d
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Change-Id: I8e8e165956db2714563733a78baf156ab20b696a
This propose to make sure the exist of
`/run/openvswitch/ovs-vswitchd.${PID}.ctl`
before we do chown command with it.
Change-Id: Icdcfa5684c2a5e610805f6dec9391a4947b213d4
This fixes for cases file not yet generated from start(), but already
required on poststart() in openvswitch-vswitchd.sh.
Add wait condition until file exists.
Change-Id: Iae041046fd6e7e7f991b4cd1aa101c97bcaa150c
There is no usecase in which ovs-db and ovs-vswitchd run on
different nodes.
In terms of version upgrade, ovs-db and ovs-vswitchd should be
upgraded together in every node.
This commit deploys ovs-db and ovs-vswitchd in one daemonset.
Change-Id: I791b9f7abfd3ca838dc2adfaa6c606bb1c88d19d
Based on spec in openstack-helm repo,
support-OCI-image-registry-with-authentication-turned-on.rst
Each Helm chart can configure an OCI image registry and
credentials to use. A Kubernetes secret is then created with these
info. Service Accounts then specify an imagePullSecret specifying
the Secret with creds for the registry. Then any pod using one
of these ServiceAccounts may pull images from an authenticated
container registry.
Change-Id: Iebda4c7a861aa13db921328776b20c14ba346269
This adds taint toleration support for openstack jobs
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: I0f6d98297e973f420cb363a8e6eb5e00bdfd4bb4
This change updates the helm-toolkit path in each chart as part
of the move to helm v3. This is due to a lack of helm serve.
Change-Id: I011e282616bf0b5a5c72c1db185c70d8c721695e
This will ease mirroring capabilities for the docker official images.
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I0f9177b0b83e4fad599ae0c3f3820202bf1d450d
Currently ovs liveness and readiness probes commands are statically
defined in the templates, this change allow them to be change
as needed. This helps with debuging and making quick adjustment.
Change-Id: I75b4b5a335b75a52f4efbd4ba4ed007106aba4fa
For any host mounts that include /var/lib/kubelet, use HostToContainer
mountPropagation, which avoids creating extra references to mounts in
other containers.
Affects the following resources:
* ingress deployment
* openvswitch-vswitchd daemonset
Change-Id: I5964c595210af60d54158e6f7c962d5abe77fc2f
Enabling ability to automate testing and auto promotion.
Unpinning ovs, mariadb and node-problem-detector images.
Change-Id: I6256452d575d23f84f4fd5c728437b0e4e9423f3
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
Since we introduced chart version check in gates, requirements are not
satisfied with strict check of 0.1.0
Change-Id: I15950b735b4f8566bc0018fe4f4ea9ba729235fc
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
Added chart lint in zuul CI to enhance the stability for charts.
Fixed some lint errors in the current charts.
Change-Id: I9df4024c7ccf8b3510e665fc07ba0f38871fcbdb
Unrestrict octal values rule since benefits of file modes readability
exceed possible issues with yaml 1.2 adoption in future k8s versions.
These issues will be addressed when/if they occur.
Also ensure osh-infra is a required project for lint job, that matters
when running job against another project.
Change-Id: Ic5e327cf40c4b09c90738baff56419a6cef132da
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This commit rewrites lint job to make template linting available.
Currently yamllint is run in warning mode against all templates
rendered with default values. Duplicates detected and issues will be
addressed in subsequent commits.
Also all y*ml files are added for linting and corresponding code changes
are made. For non-templates warning rules are disabled to improve
readability. Chart and requirements yamls are also modified in the name
of consistency.
Change-Id: Ife6727c5721a00c65902340d95b7edb0a9c77365
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: I1882738cf9757c5350a8533876fd37b5920b5235
This adds Apparmor profile to Openvswitch. This change also refactors
the apparmor job to utilize the feature gates system instead of relying
on separate scripts
Change-Id: Ie53162cfdea5553191d3b5dbdfec195e4001b255
Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
When DPDK is enbaled, configuring CPU resource limits
through Kubernetes affects packet throughput adversely.
DPDK PMD cores could not get 100% busy.
They need to be configured by isolating them in host grub
and later through PMD core mask.
Change-Id: Ia80880302b9c5c02fdb1c00cb62f6640860e898e
A recently introduced readiness probe for OVS with DPDK makes use of an
OVSDB table entry 'dpdk_initialized' which does not exist in OVS
versions preceeding v2.10.0. This patch changes the readiness probe to
exit successfully if this table entry does not exit.
Change-Id: I1776ac4bf736220267a49042f1b7092f3cf5ed16
This updates charts that consume images built from osh-images to
use tags other than the :latest tags. This will be followed up
with the definition of jobs to allow for vetting out of updated
images, as reliance on :latest tags assumes any change merged into
osh-images will result in functionally correct behavior (which has
shown to not be the case traditionally)
Change-Id: I181aa56ed187604dc7583d8081e53cc69eb27310
Signed-off-by: Steve Wilkerson <sw5822@att.com>
The openvswitch-vswitchd pod should not start until there is a Ready
openvswitch-vswitchd-db pod on the same node. This change adds the
appropriate dependency to cause it to wait.
Change-Id: I5c827971c99639d2f1c3a24a1761524b3a165421
This updates the kubernetes-entrypoint image reference to consume
the publicly available kubernetes-entrypoint image that is built
and maintained under the airshipit namespace, as the stackanetes
image is no longer actively maintained
Change-Id: I5bfdc156ae228ab16da57569ac6b05a9a125cb6a
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This change makes sure that "ovs-vsctl get Open_vSwitch .
dpdk_initialized" is true before making the pod ready
Change-Id: Ie88f74a1e7a84afb3fbca55b500009255b4f6991
This change adds network policy overrides for multiple infra
services for the openstack-helm network policy gate.
Change-Id: If051ec1749cb9ed1e289f0cf82a8876371e36531