This patch set updates and tests the apiVersion for rbac.authorization.k8s.io
from v1beta1 to v1 in preparation for its removal in k8s 1.20.
Change-Id: I4e68db1f75ff72eee55ecec93bd59c68c179c627
Signed-off-by: Tin Lam <tin@irrational.io>
This adds a helm-toolkit util for consuming arbitrary secret env
variables via pod env variables. It also updates the Fluentd chart
to add a release secret that is used to house the secret env
variables defined in the chart's values.yaml. This can be used as
an example to expand to other charts where this functionality is
desired
Change-Id: I9ef606840af92e54b2204e637c58442085e2c748
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This PS updates htk to omit the port used in the url when this
corresponds to the standard ports for the http and https protocols.
Change-Id: I46e2237dde99460fd096bd6fe58fe154b220041f
Signed-off-by: Pete Birley <pete@port.direct>
This patch set add command to clean up a rally environment after a helm
test's execution is completed.
Change-Id: I652ee4930e7afb8b278250a0432086a2963a528c
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set places logic to generate kubernetes egress network policy
rule based on the dependencies specified in values.yaml. This also sets
up the necessary default network policy for the OSH gate.
Change-Id: I1ac649cc9debb5d1f4ea0a32f506dcda4d8b8536
Signed-off-by: Tin Lam <tin@irrational.io>
This updates the ingress objects to move them back to the
extensions API. While 1.16 moves them under the networking
api, they're still rendered and deployed as extensions/ objects.
This move prevents issues from arising where older versions of
kubernetes might still be deployed during an upgrade, as the
move to the networking API is nonfunctional at this time
Change-Id: I814bbc833b5b9f79f34aefc60b9c1f9890bca826
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This updates the kubernetes-entrypoint image reference to consume
the publicly available kubernetes-entrypoint image that is built
and maintained under the airshipit namespace, as the stackanetes
image is no longer actively maintained
Change-Id: I5bfdc156ae228ab16da57569ac6b05a9a125cb6a
Signed-off-by: Steve Wilkerson <sw5822@att.com>
Remove code that restricted daemonset pods to single containers.
Container names will default to name from helm chart template.
Required for nova cold migrations to work.
Story: 2003876
Task: 26735
Change-Id: Icce660415d43baefbbf768a785c5dedf04ea2930
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
This updates the kubeadm and minikube Kubernetes deployments to
deploy version 1.16.2
Change-Id: I324f9665a24c9383c59376fb77cdb853facd0f18
Signed-off-by: Steve Wilkerson <sw5822@att.com>
The network policy helm toolkit function currently produces an
incorrectly indented policyTypes in the network policy manifest.
This patch set redresses that and also removes some additional
blank lines in the manifest.
Change-Id: I0a4d5735a1a0ff13c317ffd95688973cc1cc3dfd
Signed-off-by: Tin Lam <tin@irrational.io>
Some configuration options that with older openstack releases
were multistrings have now changed to csv values under a single
key, this change makes that simple to accomodate.
Change-Id: Id941a1e56e4a852d764084c958c13588b8e3ed85
Signed-off-by: Pete Birley <pete@port.direct>
Fixes an issue where dependencies are leaking from one resource to
another by ensuring that `envAll.Values.__dep` is reset each time.
Change-Id: I34a4b2fa70d608b2c69bdf18275e439f96976229
Closes-Bug: #1845538
This PS adds the ability to attach a release uuid to pods objects.
Implements: Ability to attach release_uuid to ephemeral pods
Change-Id: I0ebade75e18eced99fe16ba434558264b1793e88
This patch enhances the HTK job manifest functions so that each job can
be configured to use the desired backoffLimit and activeDeadlineSeconds,
and can mount the command/script from either a configMap or a secret
instead of being confined to using only configMaps.
Change-Id: I5231e53b98e3e55e3e93070876d8694f37ad642d
Revert 833d426da8e4b049277ca9847830f6e6beee40c3
https://review.opendev.org/#/c/667022 introduced a regression in the
overrides functionality, which caused the corresponding gate test to
fail. This "fixed" a problem by breaking the override capability.
This patchset reverts the previous to restore override functionality and
make gates green again. Deep copy is added in order to resolve the
original problem that 667022 attempted to resolve.
Change-Id: I6c052c0fabe0067612d6a3d9d3bfac4df59202d7
This adds a basic helm-toolkit snippet template for adding
kubernetes liveness and readiness probes to a container. This adds
flexibility by defining the probes contents via values overrides
wholesale
Change-Id: I0862ae59c87b8c0c4e2412030b1801bceb3e3c99
Signed-off-by: Pete Birley <pete@port.direct>
root_conf area is used for host-specific configuration and overwritten in
each round of loop. It causes that all hosts will share same properties.
This makes use each host's own area in the loop.
Task: 34282
Story: 2005936
Change-Id: I0afb0b32ab80456aa3439b4221f2a95ca05ddf24
- When using the TLS certificate generation macro, optionally
support base64 encoding values for direct inclusion in a Kubernetes
secret. The default is to maintain current behavior for backward
compatibility.
Change-Id: Ib62af4e5738cbc853a18e0d2a14c6103784e7370
We currently do not provide any env or secrets for the
default domain id for keystone
This makes it so we provide both like any other vars
Change-Id: I00c68026af25d8c5af37fcb3a6e1bb0e2da13e1e
This PS updates the rabbitmq chart, to allow clients to connect directly
to backend servers, and also introduces a htk function to produce
the appropriate transport_url used by oslo.messaging to take advantage
of this functionaility.
Change-Id: I5150a64bd29fa062e30496c1f2127de138322863
Signed-off-by: Pete Birley <pete@port.direct>
This patch simplifies the resource snippet in helm-toolkit to allow for
specifying hugepage limits. Specifically, this patch replaces the
individual checks for specific system resources (e.g., cpu, memory) by
just copying over the entire resource component as defined in a
values.yaml or a corresponding overwrite.
This change is a prerequisite for enable hugepage handling in other
charts such as openvswitch or postgresql.
Change-Id: I786ff6c7aa5fb6b08b54d2e21878551e5e1e3818
This is to remove invalid key "userSecretName" for
cephfs storageclass as we are having toruble to provision
a pvc with cephfs storageclass with "userSecretName" key .
Failed to provision volume with StorageClass
"cephfs": invalid option "userSecretName"
Change-Id: Ide52987c9f8ef8fc2327bf30747395e70dc05f99
This change creates a snippet in helm-toolkit for specifying
the maxUnavailable and maxSurge values under rollingUpdate for
statefulsets. This can be utilized then by charts that contain
statefulsets.
Change-Id: I6f48cf1d2faf78b56103525771e3d4c3ecdc6db6
Currently the weight value is hardcoded for anti-affinity type
preferredDuringSchedulingIgnoredDuringExecution. This ps updates
the htk function to retrieve the weight value from the configured
setting if it exists, or default to use the original hardcoded
value of 10 if it is not set (for backward compatibility).
Change-Id: I98c8b05ed7861c9c17e9c32569f53bde6ac2579d
The changes made will take care of
1. block/allow all ingress
2. block/allow all egress
3. define spec->policyType based on policy type
and/or ingress/egress rules present in values.yaml
4. supports more labels to spec->podSeclector
5. copy the rules as is defined under ingress/egress.
Change-Id: Id437ee4de8d964b48540638ab8dff3199c3cb5ff
This PS updates the helm test script to remove the rally user by
default following a test run.
Change-Id: I5a28244f8f8bd8ef485cb45cc922601d631adff1
Depends-On: https://review.openstack.org/#/c/643206/
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds emptydirs backing the /tmp directory in pods, which
is required in most cases for full operation when using a read only
filesystem backing the container.
Additionally some yaml indent issues are resolved.
Change-Id: I8b7f1614da059783254aa6efc09facf23fca3cad
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the htk k8s-entrypoint container macro to add security
context, with a set of defaults to allow operation with existing charts.
Change-Id: Ib41600e2e3c848ae0d62181ad7e01f3cf00a26a0
Signed-off-by: Pete Birley <pete@port.direct>