This patch place in a sample for an init container, generated by
helm toolkit, to load an apparmor profile included in the chart.
Change-Id: I309e3b550fd1d683745c319aa39bcfb96b77ea14
Signed-off-by: Tin Lam <tin@irrational.io>
This adds configuration overrides for a very basic Curator action
that should effectively be a no-op. This is to address periodic
failures seen in the osh-infra-aio-logging job that appear when
the run times coincide with Elastic Curator's cron schedule (every
six hours). This ensures curator actions are defined in cases
where this occurs
Change-Id: Ia2255ada2f32f21888bd4ca96df88496720fd0a5
This PS extends the gate scripts to allow ceph to be deployed from
a workstation external to the k8s cluster.
Change-Id: I09b9a11747bab32c19637d8dd076b8caa3b89445
Signed-off-by: Pete Birley <pete@port.direct>
This PS makes some minor changes to the minikube k8s script to
make shellcheck happy
Change-Id: Ic5972d7de20b73aee0b019143ba778d6f1ff9271
Signed-off-by: Pete Birley <pete@port.direct>
This uses the ceph luminous repository temporarily until the
issues seen recently with the mimic repository are sorted out and
addressed
Change-Id: Ic079fd2b3e948f37b9362bb221af45605230b19a
This PS udpates the mariadb chart to support changing the root password.
Additionally it moves to use three replicas in the gate
Change-Id: I286ad0b892e5ea2f85636a0c7af58598bcfdaec4
Signed-off-by: Pete Birley <pete@port.direct>
This updates Helm from version v2.12.3 to v2.13.0.
The `merge` function has changed behavior, and is now called
`mergeOverwrite`.
Change-Id: Ie3364256c8abb714b748b3bf3658bd6cd1e3ce35
This adds ingress network policies to kube-state-metrics and
openstack-exporter using the helm-toolikit template. It also
add openstack-exporter to the network policy jobs.
Change-Id: I3bfc2f1e8a35c09e577a046ebd52346de95e5745
This adds a test for the podsecuritypolicy chart, as well as a script
to reconfigure minikube with PodSecurityPolity enabled when appropriate.
This change doesn't add the PSP chart to the existing tests, because
the psp chart will have secure defaults in the future, which may
interfere with other charts by default; and it doesn't enable the
admission controller broadly, because turning the AC on without
providing a podsecuritypolicy will break k8s functionality.
Change-Id: I9fd14bb118189cd4ead177b79e39aadbc2096b4a
We need to change from osh-infra to openstack
because ceph-openstack-config release runs in openstack namespace.
Change-Id: I28b57abf02d2437569c7c7c8d75ec8ba19d84311
There is no "make {package}" line in 030-ceph.sh file.
It causes a failure to execute the shell script.
Change-Id: If787abd7711a02313b6a2acae8a888b5609f27df
This adds the required services to the openstack-support job to
deploy ceph radosgateway with keystone auth enabled. This expands
coverage for radosgateway helm tests in the openstack-helm-infra
repository
Change-Id: I3a5505ad3d3400563694ef063b4e6777ba34c414
This PS moves the readyness check to simply checking if the ampq
port is open, both simplifying it and also correctly indicating if
the process is ready to serve requests.
Change-Id: I38416c8bf3b242fa344875da13f81e5bbc1983c7
Signed-off-by: Pete Birley <pete@port.direct>
This updates the kubernetes version used when deploying via
kubeadm to v1.12.2, which matches what is deployed via minikube
for the single node jobs
This required updating the apiVersion in the kubeadm configuration
file template, as well as removing the --cadvisor-port flag from
the kubelet args, as this has been removed entirely
Change-Id: I26573de35529ce44e91e6d4d4530f608b8cee476
This updates the network policy test that gets executed at the
conclusion of the network-policy job. As long as nsenter is used,
we need to account for situations where nsenter executing wget
fails due to invalid credentials. Since this validates the policy
successfully allows ingress traffic while still exiting with an
error code (6 for invalid credentials vs 4 for connection
timeouts), we should consider those scenarios successes.
This also updates the flags used for wget. Instead of using spider
mode, this enables flags for: recursive mode, not creating
directories, and deleting results after execution. This allows for
the testing of exporter endpoint paths explicitly.
Change-Id: I2d51e8ed5a153c2a6796e0df9b3fe5f710a947f9
This change adds a job to the Grafana chart that allows for the
changing of the grafana admin user password if required, as
Grafana only allows the changing of this password via the
grafana-admin CLI or via an http call that requires both the old
and new password
Change-Id: I59a5d26edc4aa4da16e80c5454ecdebbae3a1d15
This executes the helm tests for the single node jobs in
openstack-helm-infra for rabbitmq, elasticsearch, fluent-logging,
prometheus, and grafana.
Change-Id: I0109cfbe6adeb9e24d513c8313d964323634b8da
This updates the helm-toolkit script for creating rgw s3 users
to first check if a user exists, then create the user if it does
not exist or modify the user's keys if it does exist. This is
accomplished by using jq to identify all existing access keys for
the specified user, removing those key pairs using the access key,
then modifies the existing user with the supplied access/secret
key pair for the given user
This also updates the ceph-rgw chart to use the helm-toolkit s3
user script for creating the admin s3 user instead of using a
similar script defined directly in the ceph-rgw chart
Change-Id: I575b66415d44db7bb752102e45595305d86e623b
At some point the bootrap job was partially removed from the ceph
osd chart, this PS resores it.
Change-Id: I2f51deda64b299fe980e1f191b860bfe173e6aca
Signed-off-by: Pete Birley <pete@port.direct>
This adds both a periodic and experimental job for deploying Ceph
and the LMA components via Armada. This job will then generate new
passphrases for the LMA components, render an updated manifest for
the LMA components including the new passphrases, then applies the
updated LMA manifest to validate the ability for all deployed
charts to update those passphrases successfully
Change-Id: I966ebeadd3823a087239aa7d198444a084e5d242
This adds both a periodic and experimental job for deploying Ceph
and the LMA components via Armada. This job will then generate a
new release uuid, render an updated manifest for all previously
deployed releases, then apply that manifest to validate the
ability for all deployed charts to update successfully with the
new release uuid annotation
Change-Id: Ic1eed1bd949279f4630fb3964fbb03788536213c
- Support using custom client params for S3 configurations
- Move common tuning for S3 and Keystone into there own
configuration option
- Cleanup the rgw helm tests, since copying the ceph admin key is
no longer required
- Cleanup duplicate portions of the code for configuring the RGW
backend and frontend port
- Add an rgw helm test check for the osh-infra-logging gates
Change-Id: I46dbb4c45b0b96f5cf555077e49d2e09a1171424
This adds both a periodic and experimental job for deplying Ceph
and the LMA components via Armada to openstack-helm-infra
Change-Id: Ia3b557801d4f4b667d82eb47a6ef1825394ee526
This updates the mariadb chart to use the correct auth values for
the mariadb prometheus exporter. The correct credentials to use
are the credentials in the oslo_db endpoint
Change-Id: I2d325167d7ffdf911a56fe97b879cb13b0d4c195
This removes the elasticsearch query clause json file check from
the single node monitoring job, as it's become a bit unreliable.
Instead, we'll rely on the periodic multinode job to validate this
works as intended
Change-Id: I8d33a2625d5d666af280467dc21d76ed0302f837
This updates the script for deploying ldap in the network policy
job to accept ingress traffic from prometheus pods.
This also updates the network policy test to account for return
values with more than one result when checking for a pod to use,
as well as selecting pods by application and component labels
instead of simply grepping for a name (as this could cause issues
with grepping for 'fluentd', when that could return both fluentd
and fluentd-exporter pods, for example)
Change-Id: I12a4029f574ea7d5b250709adef21b07d8cf0220