This updates the helm-toolkit manifest template and scipts for
creating an S3 bucket and linking it to a user. This moves away
from the previous python implementation that used rgwadmin, and
instead uses s3cmd for a cleaner approach that can support more
recent versions of ceph
Change-Id: I305062a5daa063bfe21a12448d7a3957bca00bf4
This PS fixes a typo in the cephfs provisioner name, which was being given the
same key as rbd to look for.
Change-Id: I84dc541a103fc61feb1998ab41edd602c17e2b6f
Signed-off-by: Pete Birley <pete@port.direct>
This updates the Grafana chart to include the pod security context
on the grafana pod. This changes the pod's user from root to the
grafana user instead
Change-Id: Id64853640f1941001b83566865defe93227b4291
Use Kibana REST API to create Kibana index patterns and set a default
index pattern.
Script calling Kibana REST API is executed using a Job, and the specific
index patterns are configurable in values.yaml.
Change-Id: I1ca6dd9609e6d62d1ce749ee09e1490d51659709
This adds an input to Fluentbit for capturing all qemu instance
logs in /var/log/libvirt/qemu/, and adds an Elasticsearch output
for those entries
Change-Id: I0802023f9861a5944e7989fd5469133c325349e7
- Split off duplicate code across multiple bash scripts into a common
file.
- Simplify the way journals are detected for block devices.
- Cleanup unused portions of the code.
- Standardize the syntax across all the code.
- Use sgdisk for zapping disks rather then ceph-disk.
Change-Id: I13e4a89cab3ee454dd36b5cdedfa2f341bf50b87
This modifies the libvirt chart to write logs directly to the
host by default. This also modifies the fluentbit and fluentd
charts to capture libvirt logs from the host and index them into
Elasticsearch
Change-Id: I0bbc49d2c0d4cf4895f797e48f309f308ffd021f
Under POD restart conditions there is a race condition with lsblk
causing the helm chart to zap a fully working OSD disk. We refactor
the code to remove this requirement.
Additonally the new automatic journal partitioning code has a race
condition in which the same journal partition could be picked twice
for OSDs on the same node. To resolve this we share a common tmp
directory from the node to all of the OSD pods on that node.
Change-Id: I807074c4c5e54b953b5c0efa4c169763c5629062
- If a rule set in the network policy override for the calico
chart is empty, it causes the calico-settings job to fail. This
safety valve should handle the empty list gracefully.
Change-Id: I4b8a39941f05a8eb86734ff129b2d73830883236
Ceph upstream bug: https://tracker.ceph.com/issues/21142 is
impacting the availability of our sites in pipeline. Add an option
to reset the past interval metadata time on an OSDs PG to solve for
this issue if it occurs.
Change-Id: I1fe0bee6ce8aa402c241f1ad457bbf532945a530
Set rgw_override_bucket_index_max_shards to 8 (default: 0)
By default create 8 shards per a bucket with Ceph RagosGW. This allows
up to ~800k-1M objects to be in a bucket before seeing performance slow-
downs. The only downside to this change is that a directory listing for
a bucket may take slightly longer to finish.
Change-Id: I96c7ac81501a41d29927e102a6029bf432bd3d21
Expose the early logging level for calico-node.
Use conf.node.FELIX_LOGSEVERITYSCREEN to set logging level in
BGPConfiguration and FelixConfiguration (whilst this is an odd
name/location it backwards compatible and will in most cases set
things as expected).
Change-Id: I70c3028423eddb4721456f645c4475da4af7ced5
This PS implements the helm toolkit function to generate the
Egress in kubernetes network policy manifest based on overrideable values.
It also enbale the K8s network policy at Osh-infra gate.
Change-Id: Icbe2a18c98dba795d15398dcdcac64228f6a7b4c
Random job names mean `helm upgrade` or indeed anything looks for
changes from rendered templates will see changes when there are none
causing churn and restarts.
Change-Id: I59e6a60d6c4c601c5c8cecbd8238af6b7c5f389e
This reverts commit 75e0c2d0f526d29ea947e03e3d1ea2ea34a48881.
This commit was blocking chart upgrades.
Change-Id: I15aa5f507beeeadd04a0bddec241f5dd7ca272c9
This fixes the hasKey call in the pod security context snippet
template, as the call requires 2 args: a map and a key. This
addresses the problem by indexing the provided map on the
application key, before passing it to the hasKey call
Change-Id: I95264c933b51e2a8e38f63faa1e239bb3c1ebfda
This PS shares pid namespaces for containers in pods under docker,
bringing running in this runtime inline with other runc based container
backends, allowing the pause process in the pod to act as a reaper.
Change-Id: I70965a62b585de31fb953ba98189a84021dba1cb
Signed-off-by: Pete Birley <pete@port.direct>
This PS shares pid namespaces for containers in pods under docker,
bringing running in this runtime inline with other runc based container
backends, allowing the pause process in the pod to act as a reaper.
Change-Id: I1e511b1cd11a4b2f4818a772a91e8a8dfd342be3
Signed-off-by: Pete Birley <pete@port.direct>
This PS shares pid namespaces for containers in pods under docker,
bringing running in this runtime inline with other runc based container
backends, allowing the pause process in the pod to act as a reaper.
Change-Id: I43bea4cd9e91f9d27a846879dfc329cfa26f8ee7
Signed-off-by: Pete Birley <pete@port.direct>
