Added capability in the podsecuritypolicy template to bind individual
serviceaccounts to clusterroles to enable enforcing psp at
serviceaccount level.
The idea is that the default psp can be tuned to be restrictive for all
serviceaccounts; and new psp, clusterroles, and clusterrolebindings are
defined to bind specific serviceaccounts or namespaces to permissive
podsecuritypolicies, based on the security requirements of a deployment.
Change-Id: I1b13c0e324b9a756a07d36b6e53786303f4a9f89
This change adds in a helm test to properly test cinder functionality
in the openstack-support zuul check.
Change-Id: Ie4b2b8ef9e56e9745c58ce6dc8858f5f90057b96
This patch currently breaks cinder helm test in the OSH cinder jobs
blocking the gate. Proposing to revert to unblock the jobs.
This reverts commit f59cb11932e30bb607a580c976871cdecd7a714c.
Change-Id: I73012ec6f4c3d751131f1c26eea9266f7abc1809
Currently OSDs are added by the ceph-osd chart with zero weight
and they get reweighted to proper weights in the ceph-client chart
after all OSDs have been deployed. This causes a problem when a
deployment is partially completed and additional OSDs are added
later. In this case the ceph-client chart has already run and the
new OSDs don't ever get weighted correctly. This change weights
OSDs properly as they are deployed instead. As noted in the
script, the noin flag may be set during the deployment to prevent
rebalancing as OSDs are added if necessary.
Added the ability to set and unset Ceph cluster flags in the
ceph-client chart.
Change-Id: Iac50352c857d874f3956776c733d09e0034a0285
This hook is enabled for post-delete and pre-upgrade triggers.
The indices deleted by this hook are Kibana's meta indices
- .kibana
- .kibana_1
- .kibana_2
etc
This is done to get around https://github.com/elastic/kibana/issues/58388
which sometimes prevents Kibana deployments from upgrading successfully.
Change-Id: I99ccc7de20c6dadb5154e4bb714dfd302a694a78
This patchset adds a cinder deployment to the openstack-support
check in order to deploy a service that further exercises ceph
in Zuul.
Change-Id: I722049016d15c5297fdc9666c4472a1c884a7b68
The PS adds kubernetes tolerations for deployments from ceph-client,
ceph-mon, ceph-provisioners and ceph-rgw charts.
Change-Id: If96f5f2058fca6e145e537e95af39089f441ccbb
Initial commit with bootstrapping non-voting configuration
for yamllint. Yamllint checks will be switched from 'warning'
to 'enabled' in subsequent commits together with code adjustments.
Change-Id: Ie372cb9fefb310bd044b4b03064e183f0c8c003b
In catastrophic scenario where grastate.dat cannot be found, it is
better to raise an exception rather than masking it with some
default values that may not be correct. This should now just cause
the pod to crashloop rather than silently failing - potentially allowing
other problems (e.g. bad images) to be exposed.
Change-Id: I4ff927dd85214ea906c20547b020e3fd7b02e2d5
Signed-off-by: Tin Lam <tin@irrational.io>
To meet CNTT certification test requirements, added a few Ceph RGW
configuration properties: rgw_max_attr_name_len,
rgw_max_attrs_num_in_req, rgw_max_attr_size, rgw_swift_versioning_enabled.
Change-Id: Ia92a6f25147270de010cf0feba0cbdabad05459b
Signed-off-by: James Gu <james.gu@att.com>
overrides
This allows for customizing the
indexes required by different deployment targets instead of
assuming all indexes are common for every type of deployment.
Change-Id: Iae9a35462400f7c8612ee7d0b49bfd6a20d3120c
This change updates the Elasticsearch chart for compatibility with
the latest version of the Elasticsearch exporter. There are some
breaking changes between v1.0.1 and v1.1.0 - mainly with how arguments
are handled by the program.
All of the configuration options currently available are now exposed
in values.yaml
Change-Id: I8c71d5f6ed4a8360ad886338adb8ad63471eefd1
In 0.30.0 (busybox inside) the "find" tool doesn't support
"writable" option, so use "perm" instead. Also get rid of
several system calls by means of make all by one command.
Change-Id: Ia4f7bc01fb61f4f32c21c50d8c4e870d0244c868
The PS adds possibility to override device class through
the key in values.yaml. Motivation: In some cases the device driver
is providing incorrect information about the type of device and
automatic detection is setting incorrect device class.
Change-Id: I29eb2d5100f020a20f65686ef85c0975f909b39d
