This adds a deployment step for postgresql to the single node
monitoring job to validate the exporter works as intended
Change-Id: I2680b3e40ca4466e27daf6145cef064c312a7b57
This moves the pod security policy job to a nonvoting check and
removes it as a gating job. This was overlooked previously. Once
the job has been vetted, we can revisit potentially making it a
voting and gating job
This had been done previously, but was overlooked in a change that
reintroduced the podsecuritypolicy job as a voting check and gate
Change-Id: I604efb9c608da69a04eaf87a54899cea34d7cd59
This patch place in a sample for an init container, generated by
helm toolkit, to load an apparmor profile included in the chart.
Change-Id: I309e3b550fd1d683745c319aa39bcfb96b77ea14
Signed-off-by: Tin Lam <tin@irrational.io>
This moves the pod security policy job to a nonvoting check and
removes it as a gating job. This was overlooked previously. Once
the job has been vetted, we can revisit potentially making it a
voting and gating job
Change-Id: I5d06343f94ae64355bce9d4f7862a8b18b5ea827
This adds ingress network policies to kube-state-metrics and
openstack-exporter using the helm-toolikit template. It also
add openstack-exporter to the network policy jobs.
Change-Id: I3bfc2f1e8a35c09e577a046ebd52346de95e5745
This adds a test for the podsecuritypolicy chart, as well as a script
to reconfigure minikube with PodSecurityPolity enabled when appropriate.
This change doesn't add the PSP chart to the existing tests, because
the psp chart will have secure defaults in the future, which may
interfere with other charts by default; and it doesn't enable the
admission controller broadly, because turning the AC on without
providing a podsecuritypolicy will break k8s functionality.
Change-Id: I9fd14bb118189cd4ead177b79e39aadbc2096b4a
This adds the required services to the openstack-support job to
deploy ceph radosgateway with keystone auth enabled. This expands
coverage for radosgateway helm tests in the openstack-helm-infra
repository
Change-Id: I3a5505ad3d3400563694ef063b4e6777ba34c414
Image files could contain whitespace after carriage return and newline
characters; patch excludes "*.png" files from openstack-helm-lint job.
Change-Id: I6aef5f2f34637f018fd56a3bb8121d5829c600a2
This adds both a periodic and experimental job for deploying Ceph
and the LMA components via Armada. This job will then generate new
passphrases for the LMA components, render an updated manifest for
the LMA components including the new passphrases, then applies the
updated LMA manifest to validate the ability for all deployed
charts to update those passphrases successfully
Change-Id: I966ebeadd3823a087239aa7d198444a084e5d242
This adds both a periodic and experimental job for deploying Ceph
and the LMA components via Armada. This job will then generate a
new release uuid, render an updated manifest for all previously
deployed releases, then apply that manifest to validate the
ability for all deployed charts to update successfully with the
new release uuid annotation
Change-Id: Ic1eed1bd949279f4630fb3964fbb03788536213c
This adds both a periodic and experimental job for deplying Ceph
and the LMA components via Armada to openstack-helm-infra
Change-Id: Ia3b557801d4f4b667d82eb47a6ef1825394ee526
This disables the centos and fedora experimental checks, as they
need work to resolve issues before they can begin to add value
Change-Id: If523a9163426dc4bc78b5e19a000d0d677cb20e4
This adds xxx-job name prefixes to the Selenium jobs for consistency
This will also remove the "|| true" suffix that was added temporarily to
ensure the Kibana selenium job did not error. The fix for the issue
was merged so the quick fix is no longer needed and may prevent an
error when an issue actually occurs.
Change-Id: I16881974cbf618b31813964b17c090dbfe33fe51
This proposes moving the multinode job to a periodic job to
match the approach used in the openstack-helm repo.
This also adds the openstack-exporter to the aio monitoring job as
it was previously missing.
This also proposes moving the aio-logging and aio-monitoring jobs
to voting
Change-Id: Idcd4544e03facdcd2430683b66bd80c79e73a372
This temporarily adds a "|| true" suffix to the kibana
selenium script execution, as we've noticed rare cases where the
tests fail due to the paths not being ready in time. Once we have
a path forward for waiting to ensure the path is ready,
we should allow for periodic failures of the kibana selenium tests
Change-Id: I6c406ad8907cc87425562dee56eec6b8a0502142
This helps verify Kibana is working properly by using
Selenium Webdriver to navigate to different index dashboards
and takes screenshot of each one. It also add the scripts to
the gates for single and multinode deployments.
Change-Id: Ic2c91734d1eaac0ea4e7985bf69082942166715d
This adds scripts using Selenium Webdriver to verify
the dashboards for Gafana, Nagios, and Prometheus are
reachable and functioning as expected. The scripts
create screenshots of each dashboard as well as
pages that can be navigated to.
It also adds the scripts to the gates for the single
and multinode deployments.
Change-Id: I1699e0ba8ff82ce8f59342cc71aad10cff7d2516
This adds a nonvoting check that will deploy two ceph clusters
and then deploy two radosgw instances, each one backed by a unique
ceph cluster. This allows us validate whether we can reliably
deploy multiple ceph clusters, as in the case of tenant-ceph outlined
in openstack-helm specs
Change-Id: I76a416eddcdb3ea2416d475ea8c8756925cd9580
Co-Authored-By: Meghan Heisler <mh783g@att.com>
This adds basic charts for Elastic metricbeat, filebeat,
packetbeat, and elastic APM server. This also adds an experimental
job for deploying the elastic beats along with Elasticsearch and
Kibana
Change-Id: Idcdc1bfa75bcdcaa68801dbb8999f0853652af0f
This removes yet another time the dependency towards OSH repo.
With each repository independant, we can later introduce abstract
jobs that will be re-usable but with a clean dependency map: only
bring jobs from one single location, openstack-helm-infra.
Change-Id: I72844a944cfea5380de25dbd7cf7231c8d39f4ec
This organizes the single node gates for osh-infra by function.
This organization aims to improve the single node gates in the
following ways:
1. Reduce number of services deployed in single node jobs
2. Only deploy Ceph for logging job, as Elasticsearch requires
RGW for snapshot repositories.
3. Use NFS for storage for monitoring job, as Ceph is not a
requirement for any of the services here.
4. Remove duplicate services deployed to multiple single node jobs
5. Remove storage from openstack-support job, as the only service
requiring storage is rabbitmq. Rabbitmq is deployed with
storage enabled in the openstack-helm checks/gates.
This also removes the documentation for the single node deployments,
as those deployments do not make sense with this change. This should
be revisited as a follow-on once we have a clear path forward for
the larger gate refactoring work
Change-Id: I46951f76904fa2ab245a202d55f76019b7503362
Without this patch, there is a dependency between the two
repositories OSH and OSH-infra, which was recently introduced, and
which will cause a circular dependency problem when trying to remove
the duplicated jobs that will appear in OSH.
Change-Id: Ief4461a66f7139ae0650e4a240a3e65800821f78
Required-By: https://review.openstack.org/610481/
Co-Authored-By: Jean-Philippe Evrard <jean-philippe@evrard.me>
This patch set implements the helm toolkit function to generate a
kubernetes network policy manifest based on overrideable values.
This also adds a chart that shuts down all the ingress and egress
traffics in the namespace. This can be used to ensure the
whitelisted network policy works as intended.
Additionally, implementation is done for some infrastructure charts.
Change-Id: I78e87ef3276e948ae4dd2eb462b4b8012251c8c8
Co-Authored-By: Mike Pham <tp6510@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
Without this patch, there is a dependency between the two
repositories OSH and OSH-infra, which will cause a circular
dependency problem when trying to remove the duplicated jobs
that will appear in OSH.
Change-Id: Ibeee0a853d0c1358519b0391c879137d8a214be2
This PS cleans up the scripts for the k8s k8s keystone auth gate.
Change-Id: I248439f9b8ffa372dfaba5acba0c8c587231d901
Signed-off-by: Pete Birley <pete@port.direct>
This move definitions of openstack-helm-infra into
a newly created zuul.d folder.
The advantage is to simplify readability of gating, and
makes it easier for contributors to step into the gating
of the openstack-helm-* projects.
- zuul.d/playbooks will contain all the playbooks used for gating
- zuul.d/nodesets.yaml contains all the specific nodesets
required by OpenStack-Helm* projects
- zuul.d/project.yaml will be defined in each repo, and will
contain the repo's pipelines information (so this repository's
project.yaml only contains openstack-helm-infra pipelines)
- zuul.d/jobs.yaml will contain all the openstack-helm-*
repositories jobs
This patch also introduces a first common 'lint' playbook
and 'openstack-helm-lint' job, showing how a job can be
re-used across repositories without requiring repetition of
job definition/plays in other repositories.
Change-Id: Id055ddac4da4971b1fb13ac075a7659369cd2b24
