This PS cleans up the scripts for the k8s k8s keystone auth gate.
Change-Id: I248439f9b8ffa372dfaba5acba0c8c587231d901
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates and moves the vmbc image to osh infra.
Change-Id: I9f8d21df8974d1484d9f087ee296fede2a87e545
Signed-off-by: Pete Birley <pete@port.direct>
This PS fixes the libvirt image, buy removing the ubuntu-cloud
archive repo and pinning to a good version.
Change-Id: I5097d8893b92d020f7a5a1cb5925dec0b01d4da2
Signed-off-by: Pete Birley <pete@port.direct>
This commit adds falco daemonset of the node for behavioral activity
monitor designed to detect anomalous activity.
Change-Id: I783a2acc03592471c81a8a54e1dc0df140b34a42
This PS moves to use k8s 1.10.8, which includes a couple of fixes
for PVC mounts.
* https://github.com/kubernetes/kubernetes/pull/66863
Change-Id: Ica30950a8200f5755897b51fd2b4d24c69a10e61
Signed-off-by: Pete Birley <pete@port.direct>
This PS removes the unused helm chart deployment role and playbook.
Change-Id: I01c58a628589ec35af2557c8cc93ea47fe084089
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves to run the Libvirt process as a transient unit
on the host, free fom k8s controlled cgroups. In addition it
also uses the cloud archive provided libvirt/qemu packages.
Change-Id: Idfe9ae6f072acd86f877df0c3dfe3db4c20902d6
Signed-off-by: Pete Birley <pete@port.direct>
This adds inputs for kernel logs on the host, as well as dockerd
and kubelet logs via the systemd plugin. This also adds a filter
for adding the hostname to the kernel log events, for renaming the
fields for systemd logs as kibana can not visualize fields that
begin with an underscore, and adds elasticsearch indexes for both
kernel and systemd logs
Change-Id: I026470dd45a971047f1e5bd1cd49bd0889589d12
This ps adds the ability to use the ceph radosgw s3 api for
snapshot repositories. It removes the ability to use a RWM pvc, as
the radosgw solution provides a more robust approach for storing
index snapshots
Change-Id: Ie56ac41ccdc61bfadcac52b400cceb35403e9fae
This PS fixes the permissions for the upstream resolv.conf used by the
dns redirector.
Change-Id: Ieef113a6e7b72767318516c63cf48dcac202cf4d
Signed-off-by: Pete Birley <pete@port.direct>
This attempts to trim down the dev-deploy gates until further
gate refactoring is complete. This disables the elasticsearch and
fluentd exporters and removes the openstack exporter from the
single node deployment gates to ease the load on nodepool vms
Change-Id: If211511e8f52fe39d293966abbd7e62b45b65970
We only need to restart network manager if disabling dns management.
Change-Id: Idfdf68678a68c2808527de4226ff91e9ea5f8d67
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the dns redirect pod deployment to support a persistant
set of customised upstream nameservers to be used.
Change-Id: Ib163f8ed9ceadca69b56cd5f146ffd194d98cdc3
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the gate to permit running on the current LTS ubuntu
release.
Change-Id: I7e32a4ab0dc79e4b5f7a16f8a8cb5e9ee182ee08
Signed-off-by: Pete Birley <pete@port.direct>
This moves the libvirt chart to openstack-helm-infra as part of
the effort to move charts to their appropriate repositories
Change-Id: I02ce197f8d100da74c086d84e2f9d2b902a69e97
Story: 2002204
Task: 21723
This moves the openvswitch chart to openstack-helm-infra as part of
the effort to move charts to their appropriate repositories
Change-Id: I6e00231b8de54c01bc9bb31e0433753a9f281542
Story: 2002204
Task: 21730
This moves the mariadb chart to openstack-helm-infra as part of
the effort to move charts to the appropriate repositories
Change-Id: Ife56e28de46c536108cebb4f4cdf6bad2a415289
Story: 2002204
Task: 21725
As part of the effort to move the supporting infrastructure
services to openstack-helm-infra, this adds a gate that will be
used for those services specifically
Change-Id: Id7c5649330eb41a0017a740ade9465fd66abb32f
This adds the process exporter to both the developer and multinode
gates, along with adding the relevant deployment steps to the docs
Change-Id: I85d5c398fbbb62145c9bb4e3a885e9a774725e5a
This PS adds a function to generate tls certificates from a
CA. It also adds a script to generate a snakeoil ca for dev
and future gating work.
Change-Id: Ic94a9ab5fa3ebb912b507008a6b2f78e16dade67
Signed-off-by: Pete Birley <pete@port.direct>
This adds a ceph developer gate to openstack-helm-infra, which
depends on ceph moving to openstack-helm-infra. This also replaces
the NFS backed storage for the multinode gate with ceph instead
Change-Id: I11268463aa037a2e037217a2dbc89c7432c0d277
This PS bumps the k8s version to that of the current release.
Change-Id: Ife6edac83f6e7639d6142d64aff458450a2e58ff
Signed-off-by: Pete Birley <pete@port.direct>
Helm now tries to update the stable repo when running helm init
by default. This ps adds the flag to prevent this, which is required
when running in airgapped, and some corporate, environments.
Change-Id: I38c487f88d17e9429c30cb03bf2d0f3652f1db99
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves to use the Helm 2.10 release, which brings in a version
of sprig that supports TLS certificate creation from defined CAs.
Change-Id: I80233f8f31727c80bcd667cfa0d851488da39588
Signed-off-by: Pete Birley <pete@port.direct>
This updates the grafana dashboards to use a default refresh
value of 5m to prevent dashboards with intensive queries (like the
container dashboard) from submitting frequent, expensive requests
to Prometheus
This also removes the override to disable the ingress service for
grafana in the developer deployment script, as it was overlooked
when enabling ingresses after the ingress chart was introduced
Change-Id: I0958a3978cec25a1350172cbe75996f1346858c5
Changing the chart to accept plain certificates rather than a base64
encoded string. The chart will handle the base64 encoding internally.
Change-Id: I3cd0710652b1b731fa4bcd9e92dd59ce2c436eb6
This PS updates the ansible roles to update the user used with
the tiller image used for bootstrapping to allow access to approprate
config files used. This is required for use with the current master
tiller image, which no longer deffaults to the root user.
Change-Id: I61f28a2ebeecb22eb66e0394417b0af3a9116483
Signed-off-by: Pete Birley <pete@port.direct>
This PS bumps the version of k8s used in the gates to 1.10.6
Change-Id: I396fe0c0e276d17eb52bfe289a464b7008b8d4d2
Signed-off-by: Pete Birley <pete@port.direct>
This deploys the ingress chart in the openstack-helm-infra dev
and multinode gates, which allows for enabling ingresses in the
charts where defined
Change-Id: I055c7b02d9af68f6e3c5eda33d69dd0b8b1b70ca
