Currently using envsubst to perform substitution of value overrides in
the feature gate caused conflicts as gotpl gets templated into those
overrides. This adds in '%%%REPLACE_${var}%%%' and uses sed to perform
the substitution instead to address the issue.
Change-Id: I9d3d630b53a2f3d828866229a5072bb04440ae15
Signed-off-by: Tin Lam <tin@irrational.io>
The patch fixes typo in PUBLISH_PORT and adds quotes for
PUBLISH_PORT because of the fact that it is string values
otherwise it leads to the error below:
error updating the release: rpc error: code = Unknown desc = release
rabbitmq failed: Deployment in version "v1" cannot be handled as
a Deployment: v1.Deployment.Spec: v1.DeploymentSpec.Template: v1.PodTemplateSpec.Spec:
v1.PodSpec.Containers: []v1.Container: v1.Container.Env: []v1.EnvVar: v1.EnvVar.Value:
ReadString: expects " or n, but found 9, error found in #10 byte of ...|,"value":9095},{"nam|...,
bigger context ...|value":"no_sort"},{"name":"PUBLISH_PORT","value":9095},{"name":"LOG_LEVEL","value":"info"},{"name":"|...
Change-Id: I027c91ee48df8eb5b4b2bf3fd28036b8eca47238
This patch set places logic to generate kubernetes egress network policy
rule based on the dependencies specified in values.yaml. This also sets
up the necessary default network policy for the OSH gate.
Change-Id: I1ac649cc9debb5d1f4ea0a32f506dcda4d8b8536
Signed-off-by: Tin Lam <tin@irrational.io>
This change replaces direct references to the exporter port
in values.yaml with calls to helm-toolkit lookup functions.
The referenced port number under the network key is removed,
as the helm-toolkit function will return the port number under
the endpoints key.
Change-Id: Ib6f533c49af5a88fca377920d28d5468d7387892
Trivial change. This patch set cleans up a python script.
- Move the comment to a helm-template comment so the python comments do
not get rendered by helm.
- Remove an unused python module.
Change-Id: Id287ddae8904d2cfa88725277bb97cf027a942c3
Signed-off-by: Tin Lam <tin@irrational.io>
The patch adds Network Policy ingress rules for RabbitMQ
and Prometheus RabbitMQ exporter.
It also fixes name generation for network policies,
to make sure they do not contain a prohibited '_' symbol,
which may appear in some label names.
Change-Id: I9821983b61d90e73e62c5ac669eefeb4ba9999d2
This updates the kubernetes-entrypoint image reference to consume
the publicly available kubernetes-entrypoint image that is built
and maintained under the airshipit namespace, as the stackanetes
image is no longer actively maintained
Change-Id: I5bfdc156ae228ab16da57569ac6b05a9a125cb6a
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This change adds network policy overrides for multiple infra
services for the openstack-helm network policy gate.
Change-Id: If051ec1749cb9ed1e289f0cf82a8876371e36531
This change adds egress rules to the following charts:
- ingress
- memcache
- libvirt
- rabbitmq
These rules will be tightend down in future changes
Change-Id: I6f297d50ca4c06234c7c79986a12cccf3beb5efb
This change makes rabbitmq container run with the rabbitmq user
instead of the root user. As the rabbitmq user doesn't have write
access to '/run' directory, the templates are updated to use the
'/tmp' directory instead which the rabbitmq user has write access
to.
Change-Id: Ia35c3f741fefe3172c93bb042bf8d26bf7672cfc
This PS udpated the reset node function to leave the assets generated
via init containers in place when resetting the node.
Change-Id: Iac52ca82e95bb372dbcbca0eeea3b262215e9c12
Signed-off-by: Pete Birley <pete@port.direct>
When upgrading/reconfiguring a rabbit cluster its possible that the nodes
will not return the cluster status for some time, this ps allows us to
cope with this much more gracefully than simply crashing a few times, before
proceeding.
Change-Id: Ibf525df9e3a9362282f70e5dbb136430734181fd
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the cluster wait job to prune any extra nodes from
the cluster if scaling down.
Change-Id: I58d22121a07cd99448add62502582a6873776622
Signed-off-by: Pete Birley <pete@port.direct>
This PS extends the rabbit startup locgic to ensure nodes have
actually joined the cluster on startup.
Change-Id: Ib876d9abd89209d0a7972983bdf4daacf5f8f582
Signed-off-by: Pete Birley <pete@port.direct>
This works well for python2, but things will become
messy when py3 will be the default.
This, at the same time, ensures the KeyErrors are
properly logged, with a way to debug them.
Change-Id: If5d8007bece9ccbff481187e757968e7d1b6f651
This PS updates the rabbitmq chart, to allow clients to connect directly
to backend servers, and also introduces a htk function to produce
the appropriate transport_url used by oslo.messaging to take advantage
of this functionaility.
Change-Id: I5150a64bd29fa062e30496c1f2127de138322863
Signed-off-by: Pete Birley <pete@port.direct>
This updates the rabbitmq chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem to true
Change-Id: I68aa4b49bf6301e1b1004a526151fa0ab4b197b4
In an Edge environment without a distributed storage environment, it
should be able to store rabbitmq data in the local path as well.
This patch added an option to use it in a more diverse environment.
Change-Id: Ia3c0dfaa58c237e424197f1406bd66fb991bea18
Story: 2005753
Task: 33455
We now have a process for OSH-images image building,
using Zuul, so we should point the images by default to those
images, instead of pointing to stale images.
Without this, the osh-images build process is completely not
in use (and completely opaque to deployers), and updating the
osh-images process or patching its code has no impact on OSH.
This should fix it.
Change-Id: Ic00bd98c151669dc2485cd88e0e8c2ab05445959
This ps exposes the anti-affinity weight value, including
default, that will be consumed by the updated htk function.
Change-Id: Id8eb303674764ef8b0664f62040723aaf77e0a54
This PS adds emptydirs backing the /tmp directory in pods, which
is required in most cases for full operation when using a read only
filesystem backing the container.
Additionally some yaml indent issues are resolved.
Change-Id: I8b7f1614da059783254aa6efc09facf23fca3cad
Signed-off-by: Pete Birley <pete@port.direct>
This adds a job that will query the Elasticsearch HTTP cat API to
determine whether the desired number of nodes have been discovered
via the Zen discovery mechanism to be included in the cluster.
This aims to address issues seen when upgrading Elasticsearch,
where the snapshot repository job may trigger due to endpoints
from older pods being present. This new job will be the dependency
required by the snapshot repository job to ensure the ES cluster
has the desired number of nodes before attempting to register a
snapshot repository or interact with the cluster
Change-Id: I94fbbfdec7ca66d04acca9558e56dca3b2bc7d52
This PS updates the rabbitmq chart to make cluster formation
more robust, with the previous implementation it was possible
to form multiple descrete clusters within a single deployment
of the chart (eg if a network partition existed during formation)
Change-Id: Ie241d29230419ff829d9fbb22fa1a01275926903
Signed-off-by: Pete Birley <pete@port.direct>
This PS fixes the dependency checks tor the tests and wait job.
Change-Id: I09301083bfc2d0218298a8c5e0dd4957bef11c42
Signed-off-by: Pete Birley <pete@port.direct>
Now that we explicity declare there is no need to define the default
username and password.
Change-Id: I95e41c411c2a86ae527283d5dc13b8a1f65b513a
Signed-off-by: Pete Birley <pete@port.direct>
This adds the release-annotation to the pod spec for the charts in
openstack-helm-infra. This also adds missing configmap annotations
to charts in openstack-helm-infra
Change-Id: Ie23f0c16a7a21d3929e98928db2bbcef69ae6490
This PS adds the ability to change the admin user credentials
and erlang session cookie. To do so requires `--recreate-pods` to
be passed to helm on a release upgrade.
Change-Id: Ib04ad43a7c303a8ddc31fd0de288a2f7f3294a12
Signed-off-by: Pete Birley <pete@port.direct>
This PS improves the robustnes of the RabbitMQ clustering logic
to support reforming the cluster following recreation of all pods,
and wait for the cluster to fully form before continuing in case
of an upgrade.
This ability was lost with the introduction of the following PS,
which prevented reformation of the cluster from scratch.
* https://review.openstack.org/#/c/637337/
Change-Id: I99d32fbd3c56dde492717a7850b61001fa8f7fb5
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds a test to ensure the correct number of members in a
cluster.
Change-Id: I52d0fcc473322fb9a754e95a2977a5c2cfad6b45
Signed-off-by: Pete Birley <pete@port.direct>
This PS increases the feedback give by the rabbitmq test pod
Change-Id: If8aa713017eccaf100c6186cd569a6a0f4b021e9
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves the readyness check to simply checking if the ampq
port is open, both simplifying it and also correctly indicating if
the process is ready to serve requests.
Change-Id: I38416c8bf3b242fa344875da13f81e5bbc1983c7
Signed-off-by: Pete Birley <pete@port.direct>
This PS implements the helm toolkit function to generate the
Egress in kubernetes network policy manifest based on overrideable values.
It also enbale the K8s network policy at Osh-infra gate.
Change-Id: Icbe2a18c98dba795d15398dcdcac64228f6a7b4c
This patch set implements the helm toolkit function to generate a
kubernetes network policy manifest based on overrideable values.
This also adds a chart that shuts down all the ingress and egress
traffics in the namespace. This can be used to ensure the
whitelisted network policy works as intended.
Additionally, implementation is done for some infrastructure charts.
Change-Id: I78e87ef3276e948ae4dd2eb462b4b8012251c8c8
Co-Authored-By: Mike Pham <tp6510@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
This updates the helm test pod templates in the charts with helm
tests defined. This change includes the addition of:
- Generate test pod cluster roles and role bindings
- Generate service accounts for test pods
- Add node selectors to the test pods
- Add service accounts to the test pods
- Addition of entrypoint container to the test pods
- Indentation fix for rabbitmq test pod template
Change-Id: I9a0dd8a1a87bfe5eaf1362e92b37bc004f9c2cdb
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. A follow up ps will add the ability to add arbitary
annotations to the same objects.
Change-Id: Iceedba457a03387f6fc44eb763a00fd57f9d84a5
Signed-off-by: Pete Birley <pete@port.direct>
In most cases, the ingress controller's nodeSelector key and value
are "node-role.kubernetes.io/ingress" and "true".
Using quote to treat the nodeSelector value as a string.
Change-Id: Ie1745629b90795e4d888d85f35565e6d6350e09b
