For any host mounts that include /var/lib/kubelet, use HostToContainer
mountPropagation, which avoids creating extra references to mounts in
other containers.
Affects the following resources:
* ingress deployment
* openvswitch-vswitchd daemonset
Change-Id: I5964c595210af60d54158e6f7c962d5abe77fc2f
Enabling ability to automate testing and auto promotion.
Unpinning ovs, mariadb and node-problem-detector images.
Change-Id: I6256452d575d23f84f4fd5c728437b0e4e9423f3
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
Since we introduced chart version check in gates, requirements are not
satisfied with strict check of 0.1.0
Change-Id: I15950b735b4f8566bc0018fe4f4ea9ba729235fc
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
Added chart lint in zuul CI to enhance the stability for charts.
Fixed some lint errors in the current charts.
Change-Id: I9df4024c7ccf8b3510e665fc07ba0f38871fcbdb
Unrestrict octal values rule since benefits of file modes readability
exceed possible issues with yaml 1.2 adoption in future k8s versions.
These issues will be addressed when/if they occur.
Also ensure osh-infra is a required project for lint job, that matters
when running job against another project.
Change-Id: Ic5e327cf40c4b09c90738baff56419a6cef132da
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This commit rewrites lint job to make template linting available.
Currently yamllint is run in warning mode against all templates
rendered with default values. Duplicates detected and issues will be
addressed in subsequent commits.
Also all y*ml files are added for linting and corresponding code changes
are made. For non-templates warning rules are disabled to improve
readability. Chart and requirements yamls are also modified in the name
of consistency.
Change-Id: Ife6727c5721a00c65902340d95b7edb0a9c77365
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: I1882738cf9757c5350a8533876fd37b5920b5235
This adds Apparmor profile to Openvswitch. This change also refactors
the apparmor job to utilize the feature gates system instead of relying
on separate scripts
Change-Id: Ie53162cfdea5553191d3b5dbdfec195e4001b255
Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
When DPDK is enbaled, configuring CPU resource limits
through Kubernetes affects packet throughput adversely.
DPDK PMD cores could not get 100% busy.
They need to be configured by isolating them in host grub
and later through PMD core mask.
Change-Id: Ia80880302b9c5c02fdb1c00cb62f6640860e898e
A recently introduced readiness probe for OVS with DPDK makes use of an
OVSDB table entry 'dpdk_initialized' which does not exist in OVS
versions preceeding v2.10.0. This patch changes the readiness probe to
exit successfully if this table entry does not exit.
Change-Id: I1776ac4bf736220267a49042f1b7092f3cf5ed16
This updates charts that consume images built from osh-images to
use tags other than the :latest tags. This will be followed up
with the definition of jobs to allow for vetting out of updated
images, as reliance on :latest tags assumes any change merged into
osh-images will result in functionally correct behavior (which has
shown to not be the case traditionally)
Change-Id: I181aa56ed187604dc7583d8081e53cc69eb27310
Signed-off-by: Steve Wilkerson <sw5822@att.com>
The openvswitch-vswitchd pod should not start until there is a Ready
openvswitch-vswitchd-db pod on the same node. This change adds the
appropriate dependency to cause it to wait.
Change-Id: I5c827971c99639d2f1c3a24a1761524b3a165421
This updates the kubernetes-entrypoint image reference to consume
the publicly available kubernetes-entrypoint image that is built
and maintained under the airshipit namespace, as the stackanetes
image is no longer actively maintained
Change-Id: I5bfdc156ae228ab16da57569ac6b05a9a125cb6a
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This change makes sure that "ovs-vsctl get Open_vSwitch .
dpdk_initialized" is true before making the pod ready
Change-Id: Ie88f74a1e7a84afb3fbca55b500009255b4f6991
This change adds network policy overrides for multiple infra
services for the openstack-helm network policy gate.
Change-Id: If051ec1749cb9ed1e289f0cf82a8876371e36531
Setup Cgroup to use to break out of Kubernetes defined groups for ovs-dpdk pods.
All the cores on the server are added to the cpuset, pmd_cpu_mask and lcore_mask
will choose the right ones for ovs-dpdk from all the cores.
Co-Authored-By: Phil Sphicas <ps3910@att.com>
Change-Id: Ia840647e3fc09480b826b3075b2585daefa638b3
This commit enables overriding liveness/readiness probes
configurations for openvswitch pods from values.yaml
Change-Id: I4ec2b9e88bf8ed57e8ac9293f333969b63cef335
We can select if we want an image with dpdk support by adding:
FEATURE_GATES=dpdk
That way we can reuse the same script for different distros by using
openstack-helm/tools/deployment/common/get-values-overrides.sh
Change-Id: Ia2c53556be650899fdd67c1ec06f5c68ae63c9d4
Signed-off-by: Manuel Buil <mbuil@suse.com>
The tag is pointing to a libvirt image. It should point to the
openvswitch image
Change-Id: If95a7b9cce2cadcb644389c28799fff48572c549
Signed-off-by: Manuel Buil <mbuil@suse.com>
Extending the Openvswitch chart with support for DPDK. In order to
enable DPDK support, set the dpdk:enabled option to true in value.yaml.
Prerequisites for successfully running OVS with DPDK: the host OS must
to have hugepages enabled.
Co-Authored-By: Rihab Banday <rihab.banday@ericsson.com>
Change-Id: I9649832511ba7c7ba7c391555d60171ef9264110
This change allows the openvswitch to interact with SDN controller
(e.g., ONOS, ODL) through 6640 port.
Story: 2005763
Task: 33473
Change-Id: Ifcbb6a157c230fa729d295ef0d3fb9a16fff60a2
We now have a process for OSH-images image building,
using Zuul, so we should point the images by default to those
images, instead of pointing to stale images.
Without this, the osh-images build process is completely not
in use (and completely opaque to deployers), and updating the
osh-images process or patching its code has no impact on OSH.
This should fix it.
Change-Id: Ic00bd98c151669dc2485cd88e0e8c2ab05445959
This PS updates to use security context macros from HTK, in line
with other charts.
Change-Id: I5ca0af17eccc4856baef871cf199554aad075ebe
Signed-off-by: Pete Birley <pete@port.direct>
This PS improves the securityu options for the ovs-db pod
by specifying running as a non-root user, using read only
filesystems for the containers and also preventing
privilege escalation. A subsequent ps will move to use the
helm toolkit functions that allow the control of these params.
Change-Id: I94fbf5b851be68f6fb4a1f9809ad12776e8a80b3
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds emptydirs backing the /tmp directory in pods, which
is required in most cases for full operation when using a read only
filesystem backing the container.
Additionally some yaml indent issues are resolved.
Change-Id: I8b7f1614da059783254aa6efc09facf23fca3cad
Signed-off-by: Pete Birley <pete@port.direct>
I believe when we have set the readOnly flag at pod without HTK functionality the changes were not reflected. That is why it passed the gate.
Later with HTK functionality the gates never passed and I have tested that in various ways and finally I had to unset the readOnly flag
This reverts commit 598040bea05737ea1ee2460ba8675ed7c061e63a.
Change-Id: Icf8d3cc60045926ab60b9735ee1e8202c15df9d5
This adds the release-annotation to the pod spec for the charts in
openstack-helm-infra. This also adds missing configmap annotations
to charts in openstack-helm-infra
Change-Id: Ie23f0c16a7a21d3929e98928db2bbcef69ae6490
