This adds the release-annotation to the pod spec for the charts in
openstack-helm-infra. This also adds missing configmap annotations
to charts in openstack-helm-infra
Change-Id: Ie23f0c16a7a21d3929e98928db2bbcef69ae6490
Added backoffLimit to exporter-create-sql-user job so that it
keeps retrying to restart the pod incase of an error. Also added
activeDeadlineSeconds for the pod created by this job to terminate
if it does not become ready in one hour.
Change-Id: Ib6214a887f959fed84108884c8d286624d2f164f
This PS udpates the mariadb chart to support changing the root password.
Additionally it moves to use three replicas in the gate
Change-Id: I286ad0b892e5ea2f85636a0c7af58598bcfdaec4
Signed-off-by: Pete Birley <pete@port.direct>
This removes set -x from the templates for the user creation
scripts for the mariadb and postgresql user templates, and it
also removes the set -x from the helm-toolkit job for creating
s3 users. This prevents sensitive credentials from being
displayed to the console when these scripts are run
Change-Id: I0a78d8190fbbae1b300b74ca560d76dedaaf6fc1
The mariadb startup script was trying to optimize the single-replica
case but missed the fact that the variable it was checking was a
string rather than an int.
Converting it to an int before doing the comparison makes it work
as expected.
Change-Id: I8612e9e8ef5ec8ff61ecf0782f262a5feafd501a
Signed-off-by: Chris Friesen <chris.friesen@windriver.com>
This updates the mariadb chart to use the correct auth values for
the mariadb prometheus exporter. The correct credentials to use
are the credentials in the oslo_db endpoint
Change-Id: I2d325167d7ffdf911a56fe97b879cb13b0d4c195
This removes auth credentials from the mariadb exporter endpoint,
as the credentials used for the actual user are consumed from
the oslo_db endpoint instead.
Change-Id: I1419f50b7e0059763588028b55c982ad83446a33
This allows the database administration username to be changed in
addition to the password (the configuration and documentation implies
this is possible, but the current implementation assumes root in a few
places).
Remove some unused env declarations.
Tested with and without Prometheus exporter enabled.
Change-Id: I8a48dac7a84fe583c7dc5ff0644ca14b1e5190d8
This adds a security context to the mysql prometheus exporter pod,
which changes the user from root to the nobody user (uid 99 here)
instead
This also adds the container security context to explicitly set
allowPrivilegeEscalation to false
Change-Id: I5ddebb059e3c31c231fdc4c24190a65f23e37785
This PS implements the helm toolkit function to generate the
Egress in kubernetes network policy manifest based on overrideable values.
It also enbale the K8s network policy at Osh-infra gate.
Change-Id: Icbe2a18c98dba795d15398dcdcac64228f6a7b4c
This PS shares pid namespaces for containers in pods under docker,
bringing running in this runtime inline with other runc based container
backends, allowing the pause process in the pod to act as a reaper.
Change-Id: Ib5fc101d930446d848246eb5ca4d554b756cb91f
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the mariadb chart to both support adoption of a
single instance of mariadb running the bash driven chart, which
did not support reforming a galera cluster by tracking state using
a configmap. Additionally basic logic is added for upgrading the
database as part of the normal rolling update flow.
Change-Id: I412de507112b38d6d2534e89f2a02f84bef3da63
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the MariaDB chart to better support clustering,
using a configmap to track cluster state.
Change-Id: Ifd9c3d63353a9b587384b6f13c0863ecc4fbd956
Signed-off-by: Pete Birley <pete@port.direct>
We see sporadic shutdown hangs that look to be the issue described at
https://jira.mariadb.org/browse/MDEV-15554
Upgrade minor version to address this.
Change-Id: Idf8403b44e871b5a32173bd153a8367519b239ec
This patch set implements the helm toolkit function to generate a
kubernetes network policy manifest based on overrideable values.
This also adds a chart that shuts down all the ingress and egress
traffics in the namespace. This can be used to ensure the
whitelisted network policy works as intended.
Additionally, implementation is done for some infrastructure charts.
Change-Id: I78e87ef3276e948ae4dd2eb462b4b8012251c8c8
Co-Authored-By: Mike Pham <tp6510@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
This PS fixes the error logs in mariadb-server.
Each partition has its own lost+found directory and mysql consider
the directory as a database.
Change-Id: Ibce0dddb5065fd56fa841ebcb91c7c9f15de6c62
Closes-Bug: #1795381
Using a random bootstrap filename means any upgrade (even without
changes) causes MariaDB to churn and restart.
Change-Id: Ieaf577e413f8d672d24bf42c90b6110b52e542f0
This PS updates the server init process to init desired accounts
before serving external requests.
Change-Id: Ida9e3b93ed332a621e0c2fcb39a9870886c9ffe7
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. A follow up ps will add the ability to add arbitary
annotations to the same objects.
Change-Id: Iceedba457a03387f6fc44eb763a00fd57f9d84a5
Signed-off-by: Pete Birley <pete@port.direct>
This moves the mariadb chart to openstack-helm-infra as part of
the effort to move charts to the appropriate repositories
Change-Id: Ife56e28de46c536108cebb4f4cdf6bad2a415289
Story: 2002204
Task: 21725
