Expose the early logging level for calico-node.
Use conf.node.FELIX_LOGSEVERITYSCREEN to set logging level in
BGPConfiguration and FelixConfiguration (whilst this is an odd
name/location it backwards compatible and will in most cases set
things as expected).
Change-Id: I70c3028423eddb4721456f645c4475da4af7ced5
This PS implements the helm toolkit function to generate the
Egress in kubernetes network policy manifest based on overrideable values.
It also enbale the K8s network policy at Osh-infra gate.
Change-Id: Icbe2a18c98dba795d15398dcdcac64228f6a7b4c
Random job names mean `helm upgrade` or indeed anything looks for
changes from rendered templates will see changes when there are none
causing churn and restarts.
Change-Id: I59e6a60d6c4c601c5c8cecbd8238af6b7c5f389e
This reverts commit 75e0c2d0f526d29ea947e03e3d1ea2ea34a48881.
This commit was blocking chart upgrades.
Change-Id: I15aa5f507beeeadd04a0bddec241f5dd7ca272c9
This fixes the hasKey call in the pod security context snippet
template, as the call requires 2 args: a map and a key. This
addresses the problem by indexing the provided map on the
application key, before passing it to the hasKey call
Change-Id: I95264c933b51e2a8e38f63faa1e239bb3c1ebfda
This PS shares pid namespaces for containers in pods under docker,
bringing running in this runtime inline with other runc based container
backends, allowing the pause process in the pod to act as a reaper.
Change-Id: I70965a62b585de31fb953ba98189a84021dba1cb
Signed-off-by: Pete Birley <pete@port.direct>
This PS shares pid namespaces for containers in pods under docker,
bringing running in this runtime inline with other runc based container
backends, allowing the pause process in the pod to act as a reaper.
Change-Id: I1e511b1cd11a4b2f4818a772a91e8a8dfd342be3
Signed-off-by: Pete Birley <pete@port.direct>
This PS shares pid namespaces for containers in pods under docker,
bringing running in this runtime inline with other runc based container
backends, allowing the pause process in the pod to act as a reaper.
Change-Id: I43bea4cd9e91f9d27a846879dfc329cfa26f8ee7
Signed-off-by: Pete Birley <pete@port.direct>
- Use whole disk /dev/sdc format.
- Don't specify partition and let ceph-osd util create
and manage partition.
- On an OSD disk failure, during manintanance window,
Journal partition for failed OSD should be deleted.
This will allow ceph-osd util to reuse space for new partition.
- Disk partition count num will continue to
increase as more OSD fails.
Change-Id: I87522db8cabebe8cb103481cdb65fc52f2ce2b07
This adds the Decode_Field_As configuration key to the docker
parser for fluentbit. This is required to escape utf-8 encoded
characters appropriately in the log field
Change-Id: Ie2600cfe22045e3ab651fddf61ed2f676ab8a1d5
This adds a simple check to the Elasticsearch snapshot repo job
that will cause the job to fail if the repository isn't added
successfully
Change-Id: I9dca6ef545b43c52a37542319fa2f706b174c44b
This updates the Elasticsearch helm test to execute a clean on the
test index before attempting to create it, in cases where a
stranded test index may exist
Change-Id: I87533f94f6ea55b0b2f929543f8d3e75baa81bed
This ps allows multiple ceph test pods to be present in cluster with
more than one ceph deployment.
Change-Id: Ib8be8fc58e3a374dfcf6845988668433cf43655a
Signed-off-by: Pete Birley <pete@port.direct>
This ps allows multiple ceph test pods to be present in cluster with
more than one ceph deployment.
Change-Id: I002a8b4681d97ed6ab95af23e1938870c28f5a83
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the sleep function to not require dumb-init to be
present in images.
Change-Id: I9ee7270f2c101a3a85b2aecd01097a70014ea4a6
Signed-off-by: Pete Birley <pete@port.direct>
This PS removes the server headers from client responses, as per
security guidelines.
Change-Id: I351f396e8e735e1d13f00c661b9c4068664d934a
Signed-off-by: Pete Birley <pete@port.direct>
This patch set adds in a helm-toolkit function to render the
securityContext in the chart.
Change-Id: Id0fe9b75432076d0b87e89dcaa5a4b88487972aa
Signed-off-by: Tin Lam <tin@irrational.io>
The minimium requirements for a Ceph OSD have changed in the latest
Luminous release to accomodate Bluestore changes. We need to support
these changes as we look into upgrading Ceph to the latest Luminous
and beyond releases.
Change-Id: I3eddffe73cfd188ff012db7c74702de6921711e7
- Adds AppArmor profile to the privileged pod
using kubernetes_manadatory_access_control_annotation.
- Added apparmor install to the gate jobs.
Change-Id: I8b53e0b8ddc2695fa278481edf5688efa23ab06b
This removes the default Curator action configuration. As these
values will potentially be merged with any supplied overrides, it
could result in undesirable behavior. As a result, we should leave
the existing defaults commented out as a reference instead.
Change-Id: Idaf1dc8f3e476f1189058b69b841588a15deb7cd
This PS shares pid namespaces for containers in pods under docker,
bringing running in this runtime inline with other runc based container
backends, allowing the pause process in the pod to act as a reaper.
Change-Id: Ib5fc101d930446d848246eb5ca4d554b756cb91f
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the ceph failure domain overrides to support
dynamic configuration based on host/label based overrides.
Also fixes typo identified in the following ps for directories:
* https://review.openstack.org/#/c/623670/1
Change-Id: Ia449be23353083f9a77df2b592944571c907e277
Signed-off-by: Pete Birley <pete@port.direct>
Small typo in the logic filtering of the failure domain type for
an OSD pod. This wasn't initially found since it didn't break any
expected behavior tests.
Change-Id: I2b895bbc83c6c71fffe1a0db357b120b3ffb7f56
This adds a nonvoting check that will deploy two ceph clusters
and then deploy two radosgw instances, each one backed by a unique
ceph cluster. This allows us validate whether we can reliably
deploy multiple ceph clusters, as in the case of tenant-ceph outlined
in openstack-helm specs
Change-Id: I76a416eddcdb3ea2416d475ea8c8756925cd9580
Co-Authored-By: Meghan Heisler <mh783g@att.com>
