This patch set updates and tests the apiVersion for rbac.authorization.k8s.io
from v1beta1 to v1 in preparation for its removal in k8s 1.20.
Change-Id: I4e68db1f75ff72eee55ecec93bd59c68c179c627
Signed-off-by: Tin Lam <tin@irrational.io>
This updates the deployment scripts for Prometheus to leverage the
feature gate functionality rather than bash generation of the list
of override files to use for alerting rules
Change-Id: Ie497ae930f7cc4db690a4ddc812a92e4491cde93
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This is to fix the issue with ceph-osd initilization when deployed
with wal and db on same disk as pod restart always trying to prepare
the disk.
this ps will make sure to handle the case and skip the ceph-volume prepare
step in case of already deployed osd disk.
Change-Id: I5c37568f342cb4362a0de0a9c11a52b7aea3e147
Removes become: and become_user: when including another role (that
already defines become: true and become_user: root)
Fixes an error occurring in the gates:
ERROR! 'become_user' is not a valid attribute for a IncludeRole
Change-Id: I362eefbe5b09ad64e97b3b541d07db2e6b990613
nginx-ingress-controller 0.26.1 introduces configurable parameters for
streamPort and profilerPort, and changes the default for statusPort.
This change allows those parameters to be configured, while maintaining
compatibility with earlier versions of nginx-ingress.controller. It also
modifies the default status port value from 18080 to 10246.
Reference: https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0261
Change-Id: I88a7315f2ed47c31b8c2862ce1ad47b590b32137
k8s 1.14 first enabled Ingress in the networking.k8s.io/v1beta1 API
group, while still serving it in the extensions/v1beta1 API group. The
extensions/v1beta1 API endpoint is deprecated in 1.16 and scheduled for
removal in 1.20. [0]
ingress-nginx 0.25.0 actually uses the networking.k8s.io/v1beta1 API,
which requires updated RBAC rules. [1]
This change updates the ClusterRole used by the ingress service account
to grant access to Ingress resources via either the extensions/v1beta1
or networking.k8s.io/v1beta1 API, aligning with the static manifests
from the kubernetes/ingress-nginx repo [2]. It does not change the
apiVersion used when creating Ingress resources.
[0] https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/
[1] https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.25.0
[2] 870be3bcd8/deploy/static/mandatory.yaml (L50-L106)
Change-Id: I67d4dbdb3834ca4ac8ce90ec51c8d6414ce80a01
This change adds a non-voting bandit check to openstack-helm-infra
similar to what is ran in the openstack-helm repo.
This check will be made voting in a future change once the current
failures are addressed.
Similarly this check will be modified in a future change to
only be ran when affected python files are changed.
Change-Id: I177940f7b050fbe8882d298628c458bbd935ee89
This disables the keystone-auth single node job and all multinode
periodic and experimental jobs while standing issues with the
kubeadm-aio image deployment are sorted out
Change-Id: I3ce0afba155e923b6dd50f83fa6b529908b9a79b
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This is to update ceph images to Nautilus based images since
ceph cluster is now upgraded to Nautilus.
Change-Id: Ib57f29a4dba89de762a9824ba398ad49b0bd397b
This it to remove "rbd" pool intilization since its not
required as appliction enable in next step does the same.
Change-Id: I07ecdbe417f0156005ebf7cef8fd9e40bace3920
This is to force setting the config values for all moduels since nautilus
version will not let us set them before mgr starts.
Change-Id: I0e370b525b628fce040b33ab2e403b8b71e948cb
Starting in Nautilus, setting pgp_num step is no longer necessary
as long as pgp_num and pg_num currently match, pgp_num will automatically
track any pg_num changes.
More importantly, the adjustment of pgp_num to migrate data and (eventually)
converge to pg_num is done gradually to limit the data migration load on the system.
Change-Id: I491b6eac35b486698c0eef256ca91dac217f8929
This change updates the Ceph charts to use Ceph Nautilus images
built on Ubuntu Bionic instead of Xenial. The mirror that hosts
Ceph packages only provides Nautilus packages for Bionic at
present, so this is necessary for Nautilus deployment.
There are also several configuration and scripting changes
included to provide compatibility with Ceph Nautilus. Most of
these simply allow existing logic to execute for Nautilus
deployments, but some logical changes are required to support
Nautilus as well.
NOTE: The cephfs test has been disabled because it was failing
the gate. This test has passed in multiple dev environments, and
since cephfs isn't used by any openstack-helm-infra components we
don't want this to block getting this change merged. The gate
issue will be investigated and addressed in a subsequent patch
set.
Change-Id: Id2d9d7b35d4dc66e93a0aacc9ea514e85ae13467
This updates the osh-infra-logging single node job to omit the
fluentbit deployment step, as having multiple logging daemonsets
deployed to the single node jobs is causing IO issues. Also, it
was noted that the fluentd-deployment step was missing the
overrides to move the fluentd-deployment release from utilizing a
daemonset to a deployment. This resulted in 3 logging daemons
being deployed to a single host
Change-Id: I4a0c5550e6ea6a331aab0082a975f161e65704bf
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This change implements SASL authentication in the Kafka chart.
Kafka and Exporter credentials are defined in the endpoints section,
while other credentials for producers and consumers can be defined
in the jaas section.
Additionally, a few server settings are provided to enable SASL auth,
and a jvm_options key is introduced. Any options specified here will
be set when starting Kafka, including the location of the jaas file
in this case.
Change-Id: I43469c5bb5734b62cf69be924fe9cf7078e82a9c
Change I7def8df68371deda0b75a685363c8a73b818dd45 removed one
line by mistake passing the openstack release var down to the zuul
jobs, so all jobs are currently running under ocata.
This patch restores the missing line, thus fixing the opensuse jobs
and making sure the other jobs run under the correct release.
Change-Id: Ia7a488928e521de1afb821f141d77d2b0268ff0a
This updates the Elasticsearch chart to make the values keys used
for defining node selectors for the various elasticsearch
components more granular
Change-Id: Ic1ac343b1d6ee48fc7cb456afe4cd9588c4aa13b
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This adds a helm-toolkit util for consuming arbitrary secret env
variables via pod env variables. It also updates the Fluentd chart
to add a release secret that is used to house the secret env
variables defined in the chart's values.yaml. This can be used as
an example to expand to other charts where this functionality is
desired
Change-Id: I9ef606840af92e54b2204e637c58442085e2c748
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This updates the Armada manifests to remove the explicit enabling
of helm tests (as the default armada behavior is now to test by
default) and updates the ceph-osd chart document to set the native
helm wait behavior to false (required for the update-uuid job to
complete successfully)
Change-Id: Ia84f20ce0f38be5f07dedce70b3fbe424a037ba2
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This removes the default dashboards from the Grafana chart and
instead places them in the values_overrides directory, similar to
what was done for the Prometheus rules. As Grafana dashboards
will likely be heavily dependent upon end-user needs, the old
default dashboard configs should only be used as a reference
instead of opinionated defaults that are difficult to override.
The previous defaults made using specialized labels for dashboard
variables difficult, as they were making dangerous assumptions
about deployed namespaces and host fqdns. By removing the defaults
entirely, end users can define their own dashboards to meet their
specialized needs
Change-Id: I7def8df68371deda0b75a685363c8a73b818dd45
Signed-off-by: Steve Wilkerson <sw5822@att.com>
Currently using envsubst to perform substitution of value overrides in
the feature gate caused conflicts as gotpl gets templated into those
overrides. This adds in '%%%REPLACE_${var}%%%' and uses sed to perform
the substitution instead to address the issue.
Change-Id: I9d3d630b53a2f3d828866229a5072bb04440ae15
Signed-off-by: Tin Lam <tin@irrational.io>
This PS updates htk to omit the port used in the url when this
corresponds to the standard ports for the http and https protocols.
Change-Id: I46e2237dde99460fd096bd6fe58fe154b220041f
Signed-off-by: Pete Birley <pete@port.direct>
and incorporate in ceph-osd testing.
This parameter is used by helm test to check if a set % of OSDs
out of the total are considered in & up. Adjusting to 75% and
adding to helm-test.sh for ceph-osd along with more robust
ceph osd validation function
Change-Id: Ib1f37b901f8656f0c6f2ed6a3ec27f0357e82278
This patch set adds the feature gate capability to OpenStack-Helm-Infra
repository without depending on the main OpenStack-Helm repository.
Change-Id: I70b8fac4fd2365f8eedcf50519f125eb34534f2f
Signed-off-by: Tin Lam <tlam@omegaprime.dev>
Signed-off-by: Tin Lam <tin@irrational.io>
