This change updates many of the deployment scripts to properly
handle deploying each service via helm 3 and updates each job
to use the helm v3 install script.
Change-Id: I90a7b59231376b9179439c2554e46449d59b9c15
With the move to helm v3, helm status requires a namespace to be specified, but doing so breaks helm v2 compatability. This change removes the usage of helm serve in openstack-helm-infra's deployment scripts.
Change-Id: I2264d29cd2dad1bc7636de8247ebec7f611a1f16
- Update alertmanger and prometheus discovery port from 6783 to 9094
- Update to support fqdn for discovery hostname
- Add one test alert to Prometheus to test alert pipeline
- update container name from alertmanger to prometheus-alertmanager
Change-Id: Iec5e758e4b576dff01e84591a2440d030d5ff3c4
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: I1882738cf9757c5350a8533876fd37b5920b5235
This change adds in missing network policy overrides for
fluent-daemonset and prometheus-exporter, as well as removes
existing mariadb network policies overrides that were causing
the network policy check job to fail.
Change-Id: Ib7a33f3d14617f9a9fda264f32cde7729a923193
This patch set adds the feature gate capability to OpenStack-Helm-Infra
repository without depending on the main OpenStack-Helm repository.
Change-Id: I70b8fac4fd2365f8eedcf50519f125eb34534f2f
Signed-off-by: Tin Lam <tlam@omegaprime.dev>
Signed-off-by: Tin Lam <tin@irrational.io>
This removes the old fluent-logging chart from network
policy and replaces it with the new fluentbit and fluentd
charts. This will return the network policy gate back to
passing
Change-Id: I060c6c3034fa798a131a053b9d496e5d8781c55d
This adds ingress network policy for the fluent-logging, kibana
and Elasticsearch charts. This leverages the helm-toolkit template
that was used in openstack-helm for the openstack services
Change-Id: I2a89b62f1002851346e9a25de40113078e9c518f
This PS adds a basic sanity test to the mariadb chart, using
mysqlslap.
Change-Id: I7450ea8a66364d123022bc773ee90047f9e69b1c
Signed-off-by: Pete Birley <pete@port.direct>
This adds configuration overrides for a very basic Curator action
that should effectively be a no-op. This is to address periodic
failures seen in the osh-infra-aio-logging job that appear when
the run times coincide with Elastic Curator's cron schedule (every
six hours). This ensures curator actions are defined in cases
where this occurs
Change-Id: Ia2255ada2f32f21888bd4ca96df88496720fd0a5
This adds ingress network policies to kube-state-metrics and
openstack-exporter using the helm-toolikit template. It also
add openstack-exporter to the network policy jobs.
Change-Id: I3bfc2f1e8a35c09e577a046ebd52346de95e5745
This updates the network policy test that gets executed at the
conclusion of the network-policy job. As long as nsenter is used,
we need to account for situations where nsenter executing wget
fails due to invalid credentials. Since this validates the policy
successfully allows ingress traffic while still exiting with an
error code (6 for invalid credentials vs 4 for connection
timeouts), we should consider those scenarios successes.
This also updates the flags used for wget. Instead of using spider
mode, this enables flags for: recursive mode, not creating
directories, and deleting results after execution. This allows for
the testing of exporter endpoint paths explicitly.
Change-Id: I2d51e8ed5a153c2a6796e0df9b3fe5f710a947f9
This updates the script for deploying ldap in the network policy
job to accept ingress traffic from prometheus pods.
This also updates the network policy test to account for return
values with more than one result when checking for a pod to use,
as well as selecting pods by application and component labels
instead of simply grepping for a name (as this could cause issues
with grepping for 'fluentd', when that could return both fluentd
and fluentd-exporter pods, for example)
Change-Id: I12a4029f574ea7d5b250709adef21b07d8cf0220
This PS implements the helm toolkit function to generate the
Egress in kubernetes network policy manifest based on overrideable values.
It also enbale the K8s network policy at Osh-infra gate.
Change-Id: Icbe2a18c98dba795d15398dcdcac64228f6a7b4c
This updates the fluentd buffer output configurations to account
for the restraints of the jobs deploying fluentd. This also
renames the fluentd configuration key from td_agent to fluentd to
reflect the fact we're no longer deploying td-agent
This also updates the Elasticsearch default replicas and overrides
the replica counts in each Elasticsearch deployment to account for
resource constraints
Change-Id: I55dee410eced99c3e1645f7452e4306ad646e601
This organizes the single node gates for osh-infra by function.
This organization aims to improve the single node gates in the
following ways:
1. Reduce number of services deployed in single node jobs
2. Only deploy Ceph for logging job, as Elasticsearch requires
RGW for snapshot repositories.
3. Use NFS for storage for monitoring job, as Ceph is not a
requirement for any of the services here.
4. Remove duplicate services deployed to multiple single node jobs
5. Remove storage from openstack-support job, as the only service
requiring storage is rabbitmq. Rabbitmq is deployed with
storage enabled in the openstack-helm checks/gates.
This also removes the documentation for the single node deployments,
as those deployments do not make sense with this change. This should
be revisited as a follow-on once we have a clear path forward for
the larger gate refactoring work
Change-Id: I46951f76904fa2ab245a202d55f76019b7503362
