This updates the mariadb chart to use the correct auth values for
the mariadb prometheus exporter. The correct credentials to use
are the credentials in the oslo_db endpoint
Change-Id: I2d325167d7ffdf911a56fe97b879cb13b0d4c195
This removes auth credentials from the mariadb exporter endpoint,
as the credentials used for the actual user are consumed from
the oslo_db endpoint instead.
Change-Id: I1419f50b7e0059763588028b55c982ad83446a33
This allows the database administration username to be changed in
addition to the password (the configuration and documentation implies
this is possible, but the current implementation assumes root in a few
places).
Remove some unused env declarations.
Tested with and without Prometheus exporter enabled.
Change-Id: I8a48dac7a84fe583c7dc5ff0644ca14b1e5190d8
This adds a security context to the mysql prometheus exporter pod,
which changes the user from root to the nobody user (uid 99 here)
instead
This also adds the container security context to explicitly set
allowPrivilegeEscalation to false
Change-Id: I5ddebb059e3c31c231fdc4c24190a65f23e37785
This PS implements the helm toolkit function to generate the
Egress in kubernetes network policy manifest based on overrideable values.
It also enbale the K8s network policy at Osh-infra gate.
Change-Id: Icbe2a18c98dba795d15398dcdcac64228f6a7b4c
This PS shares pid namespaces for containers in pods under docker,
bringing running in this runtime inline with other runc based container
backends, allowing the pause process in the pod to act as a reaper.
Change-Id: Ib5fc101d930446d848246eb5ca4d554b756cb91f
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the mariadb chart to both support adoption of a
single instance of mariadb running the bash driven chart, which
did not support reforming a galera cluster by tracking state using
a configmap. Additionally basic logic is added for upgrading the
database as part of the normal rolling update flow.
Change-Id: I412de507112b38d6d2534e89f2a02f84bef3da63
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the MariaDB chart to better support clustering,
using a configmap to track cluster state.
Change-Id: Ifd9c3d63353a9b587384b6f13c0863ecc4fbd956
Signed-off-by: Pete Birley <pete@port.direct>
We see sporadic shutdown hangs that look to be the issue described at
https://jira.mariadb.org/browse/MDEV-15554
Upgrade minor version to address this.
Change-Id: Idf8403b44e871b5a32173bd153a8367519b239ec
This patch set implements the helm toolkit function to generate a
kubernetes network policy manifest based on overrideable values.
This also adds a chart that shuts down all the ingress and egress
traffics in the namespace. This can be used to ensure the
whitelisted network policy works as intended.
Additionally, implementation is done for some infrastructure charts.
Change-Id: I78e87ef3276e948ae4dd2eb462b4b8012251c8c8
Co-Authored-By: Mike Pham <tp6510@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
This PS fixes the error logs in mariadb-server.
Each partition has its own lost+found directory and mysql consider
the directory as a database.
Change-Id: Ibce0dddb5065fd56fa841ebcb91c7c9f15de6c62
Closes-Bug: #1795381
Using a random bootstrap filename means any upgrade (even without
changes) causes MariaDB to churn and restart.
Change-Id: Ieaf577e413f8d672d24bf42c90b6110b52e542f0
This PS updates the server init process to init desired accounts
before serving external requests.
Change-Id: Ida9e3b93ed332a621e0c2fcb39a9870886c9ffe7
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. A follow up ps will add the ability to add arbitary
annotations to the same objects.
Change-Id: Iceedba457a03387f6fc44eb763a00fd57f9d84a5
Signed-off-by: Pete Birley <pete@port.direct>
This moves the mariadb chart to openstack-helm-infra as part of
the effort to move charts to the appropriate repositories
Change-Id: Ife56e28de46c536108cebb4f4cdf6bad2a415289
Story: 2002204
Task: 21725
