Change the release of Ceph from 12.2.3 (Luminous) to latest 13.2.2
(Mimic). Additionally use supported RHEL/Centos Images rather then
Ubuntu images, which are now considered deprecated by Redhat.
- Uplift all Ceph images to the latest 13.2.2 ceph-container images.
- RadosGW by default will now use the Beast backend.
- RadosGW has relaxed settings enabled for S3 naming conventions.
- Increased RadosGW resource limits due to backend change.
- All Luminous specific tests now test for both Luminous/Mimic.
- Gate scripts will remove all none required ceph packages. This is
required to not conflict with the pid/gid that the Redhat container
uses.
Change-Id: I9c00f3baa6c427e6223596ade95c65c331e763fb
This updates the helm-toolkit manifest template and scipts for
creating an S3 bucket and linking it to a user. This moves away
from the previous python implementation that used rgwadmin, and
instead uses s3cmd for a cleaner approach that can support more
recent versions of ceph
Change-Id: I305062a5daa063bfe21a12448d7a3957bca00bf4
This removes unused pod-etc-apache volumes from the charts that
use an apache sidecar container as a reverse proxy.
Change-Id: Ibafff3b53f9d3c20f5aed30d40ee6470cb515a8a
This adds a security context to the mysql prometheus exporter pod,
which changes the user from root to the nobody user (uid 99 here)
instead
This also adds the container security context to explicitly set
allowPrivilegeEscalation to false
Change-Id: I5ddebb059e3c31c231fdc4c24190a65f23e37785
This adds the security context to the memcached prometheus
exporter pod, which changes the default user from root to the
nobody user instead
This also adds the container security context to explicitly set
allowPrivilegeEscalation to false
Change-Id: I3401c1a67f17cef49a478be98f9ab42691b84d66
This adds the security context snipper to the alertmanager pod.
This changes the default user from root to the nobody user instead
This also adds the container security context to explicitly set
allowPrivilegeEscalation to false
Change-Id: Ie4423c57e871a03ab4baea346ac777c9f2ca3e2e
This adds the security context snippet for the elasticsearch
prometheus exporter pod. This changes the pod's user from root to
the nobody user instead
This also adds the container security context to explicitly set
allowPrivilegeEscalation to false
Change-Id: If692fccaf4dd362b28fecb4656036289a3a97122
This updates the kube-state-metrics chart to include the pod
security context on the pod template. This changes the pod's
user from root to the nobody user instead
This also adds the container security context to explicitly set
allowPrivilegeEscalation to false
Change-Id: I17748b299a6e7a394cae63a0e713c49fbf68b4eb
This PS fixes a typo in the cephfs provisioner name, which was being given the
same key as rbd to look for.
Change-Id: I84dc541a103fc61feb1998ab41edd602c17e2b6f
Signed-off-by: Pete Birley <pete@port.direct>
This updates the Grafana chart to include the pod security context
on the grafana pod. This changes the pod's user from root to the
grafana user instead
Change-Id: Id64853640f1941001b83566865defe93227b4291
Use Kibana REST API to create Kibana index patterns and set a default
index pattern.
Script calling Kibana REST API is executed using a Job, and the specific
index patterns are configurable in values.yaml.
Change-Id: I1ca6dd9609e6d62d1ce749ee09e1490d51659709
This adds an input to Fluentbit for capturing all qemu instance
logs in /var/log/libvirt/qemu/, and adds an Elasticsearch output
for those entries
Change-Id: I0802023f9861a5944e7989fd5469133c325349e7
- Split off duplicate code across multiple bash scripts into a common
file.
- Simplify the way journals are detected for block devices.
- Cleanup unused portions of the code.
- Standardize the syntax across all the code.
- Use sgdisk for zapping disks rather then ceph-disk.
Change-Id: I13e4a89cab3ee454dd36b5cdedfa2f341bf50b87
This modifies the libvirt chart to write logs directly to the
host by default. This also modifies the fluentbit and fluentd
charts to capture libvirt logs from the host and index them into
Elasticsearch
Change-Id: I0bbc49d2c0d4cf4895f797e48f309f308ffd021f
Under POD restart conditions there is a race condition with lsblk
causing the helm chart to zap a fully working OSD disk. We refactor
the code to remove this requirement.
Additonally the new automatic journal partitioning code has a race
condition in which the same journal partition could be picked twice
for OSDs on the same node. To resolve this we share a common tmp
directory from the node to all of the OSD pods on that node.
Change-Id: I807074c4c5e54b953b5c0efa4c169763c5629062
- If a rule set in the network policy override for the calico
chart is empty, it causes the calico-settings job to fail. This
safety valve should handle the empty list gracefully.
Change-Id: I4b8a39941f05a8eb86734ff129b2d73830883236
Ceph upstream bug: https://tracker.ceph.com/issues/21142 is
impacting the availability of our sites in pipeline. Add an option
to reset the past interval metadata time on an OSDs PG to solve for
this issue if it occurs.
Change-Id: I1fe0bee6ce8aa402c241f1ad457bbf532945a530
Set rgw_override_bucket_index_max_shards to 8 (default: 0)
By default create 8 shards per a bucket with Ceph RagosGW. This allows
up to ~800k-1M objects to be in a bucket before seeing performance slow-
downs. The only downside to this change is that a directory listing for
a bucket may take slightly longer to finish.
Change-Id: I96c7ac81501a41d29927e102a6029bf432bd3d21
