This adds a ceph developer gate to openstack-helm-infra, which
depends on ceph moving to openstack-helm-infra. This also replaces
the NFS backed storage for the multinode gate with ceph instead
Change-Id: I11268463aa037a2e037217a2dbc89c7432c0d277
This continues the work of moving infrastructure related services
out of openstack-helm, by moving the ceph charts to openstack
helm infra instead.
Change-Id: I306ccd9d494f72a7946a7850f96d5c22f36eb8a0
Helm now tries to update the stable repo when running helm init
by default. This ps adds the flag to prevent this, which is required
when running in airgapped, and some corporate, environments.
This PS adds a previously misssed instance.
Change-Id: I9095863d46e320b6ea486d3837e6aa3c4298046e
Signed-off-by: Pete Birley <pete@port.direct>
This PS bumps the k8s version to that of the current release.
Change-Id: Ife6edac83f6e7639d6142d64aff458450a2e58ff
Signed-off-by: Pete Birley <pete@port.direct>
This PS restores voting to the keystone gate.
Depends-On: https://review.openstack.org/#/c/590018
Change-Id: I62eab2629ca1ff1ae906368dd0556dc0f5235a32
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates helm toolkit, and effected charts in
openstack-helm-infra to use Secrets rather than configmaps for
application configuration, as they in many cases contain sensitive data.
Change-Id: Idd17812437465368e92c9fec0d5b634bbf6dc23a
Signed-off-by: Pete Birley <pete@port.direct>
Helm now tries to update the stable repo when running helm init
by default. This ps adds the flag to prevent this, which is required
when running in airgapped, and some corporate, environments.
Change-Id: I38c487f88d17e9429c30cb03bf2d0f3652f1db99
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves to use the Helm 2.10 release, which brings in a version
of sprig that supports TLS certificate creation from defined CAs.
Change-Id: I80233f8f31727c80bcd667cfa0d851488da39588
Signed-off-by: Pete Birley <pete@port.direct>
This removes the min_block_duration and max_block_duration flags
from the Prometheus chart, as the suggested best practice is to
use the defaults (2h min, 10% of retention time as max).
This also updates the scrape target configuration for cadvisor to
match the upstream example endpoint for kubernetes versions 1.7.3
and later
Change-Id: I200969d6c4da9d17d0a7d3a34a114ccc5f5ee70f
This PS adds releasenotes to EXCLUDES in the Makefile so that
it is not treated as a chart. This change is a part of [0],
required to make that patchset run in the gates.
[0] Ib9253611df08257f2b418a0d9e5e817a232c011b
Change-Id: I335a08a0add647b17d9438b0c561f556b6130e66
Needed-By: Ib9253611df08257f2b418a0d9e5e817a232c011b
This updates the grafana dashboards to use a default refresh
value of 5m to prevent dashboards with intensive queries (like the
container dashboard) from submitting frequent, expensive requests
to Prometheus
This also removes the override to disable the ingress service for
grafana in the developer deployment script, as it was overlooked
when enabling ingresses after the ingress chart was introduced
Change-Id: I0958a3978cec25a1350172cbe75996f1346858c5
This updates Fluentd to use the stable v1.2 debian fluentd
image instead of the kolla image. This images comes bundled
with the elasticsearch plugin, and provides more
flexibility in configuring the buffer behavior of the output
plugins
Change-Id: Id446ef1e050f5d9c005c94dae661cf9ae88fffea
This updates the Prometheus version to 2.3.2, which includes a fix
for memory leak issues with the kubernetes client and also adds a
dashboard for evaluating prometheus rule evaluation performance
Change-Id: I7b9e7bee114fa149db3733c0dacfefae36be7fa8
This filters out fluentd's logs for collection, as this can result
in infinite loops as fluentd will try to process the events in its
own logs repeatedly
Change-Id: I85cce909b6917901b964cb5cc479403143c4d211
Changing the chart to accept plain certificates rather than a base64
encoded string. The chart will handle the base64 encoding internally.
Change-Id: I3cd0710652b1b731fa4bcd9e92dd59ce2c436eb6
Using a node selector can not run the fluent-bit or node-exporter
on the master node. So, This PS changes the scheduling to use
either taint/toleration or the node selector.
Change-Id: I0ca80a6e645b7047469288697387f0f5bf111345
This adds authentication to Prometheus with an apache reverse
proxy, similar to elasticsearch, kibana and nagios. This adds an
admin user and password via htpasswd along with adding ldap
support.
This required modifying the grafana chart to configure the
prometheus datasource's basic auth credentials in the data sources
provisioning configuration file by checking whether basic auth is
enabled and injecting the username/password defined in the
corresponding endpoint definition.
This also modifies the nagios chart to use the authenticated
endpoint for prometheus, which is required for nagios to
successfully query the prometheus endpoint for its service
checking mechanism
Change-Id: Ia4ccc3c44a89b2c56594be1f4cc28ac07169bf8c
This PS updates the keysteone endpoints section used in the
webhook authenticator and the prometheus exporter.
Depends-On: https://review.openstack.org/#/c/588651
Change-Id: Ia2df0ec1b783705f7e2ac164a8729d61962e2bc8
Signed-off-by: Pete Birley <pete@port.direct>
This bumps testing of fedora to 28, and allows openstack-infra to
delete fedora-27 nodes.
Change-Id: Idd38b1e4721b7f53e20ccbc665cb16762ba6132b
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This fixes two issues with the Ceph dashboards in Grafana: the
first fix addresses an incorrect heading for Utilized Capacity in
the ceph cluster dashboard (was reporting utilized as available),
and the second fix addresses the Pool Usage gauge to accurately
reflect the percentage of the pool used (was incorrectly
multiplying the percentage result by 100 a second time, resulting
in large and inaccurate results)
Change-Id: I024a555cdb82ee181eb414337b84e7ad62717c97
This PS updates the tls secret manifest to allow non-public endpoints
to be specified.
Change-Id: I47606e5c8db87fac07febb114334ded710f56ed5
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the ansible roles to update the user used with
the tiller image used for bootstrapping to allow access to approprate
config files used. This is required for use with the current master
tiller image, which no longer deffaults to the root user.
Change-Id: I61f28a2ebeecb22eb66e0394417b0af3a9116483
Signed-off-by: Pete Birley <pete@port.direct>
In most cases, the ingress controller's nodeSelector key and value
are "node-role.kubernetes.io/ingress" and "true".
Using quote to treat the nodeSelector value as a string.
Change-Id: Ie1745629b90795e4d888d85f35565e6d6350e09b
