An earlier change [0] removed the older cinder v1 and v2 endpoint
definitions from values.yaml. If older APIs are required, they can be
enabled using overrides, but the ks-service job only creates a volumev3
endpoint.
This change updates the ks-service job to create all endpoints defined
in .Values.endpoints that have "volume" in their name. Note that several
settings are hardcoded to use volumev3, so this change would mostly
useful in enabling v2 in addition to v3.
0: https://review.opendev.org/c/openstack/openstack-helm/+/817310
Change-Id: I26594668ff26ed3f28e207f341b28a139b514e1c
This is to add public/private visibility option
and project level access list to a volume type while creating.
Change-Id: Id33c8c9f10e60fcdb4b6c49e69f3b5d8f11850c6
This changes use the helm-toolkit template for toleration
in openstack services
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Story: 2009276
Task: 43531
Depends-On: I168837f962465d1c89acc511b7bf4064ac4b546c
Change-Id: Id63d0950fd8b7ff9592cbfe196b95739dc0b1380
This change removes the cinder v1 and v2 endpoint definitions
from the default values in the cinder chart.
Change-Id: I0ee35ad71c76df157e2c670a7899e4b6c1b91e46
If labels are not specified on a Job, kubernetes defaults them
to include the labels of their underlying Pod template. Helm 3
injects metadata into all resources [0] including a
`app.kubernetes.io/managed-by: Helm` label. Thus when kubernetes
sees a Job's labels they are no longer empty and thus do not get
defaulted to the underlying Pod template's labels. This is a
problem since Job labels are depended on by
- Armada pre-upgrade delete hooks
- Armada wait logic configurations
- kubernetes-entrypoint dependencies
Thus for each Job template this adds labels matching the
underlying Pod template to retain the same labels that were
present with Helm 2.
[0]: https://github.com/helm/helm/pull/7649
Change-Id: Ib5a7eb494fb776d74e1edc767b9522b02453b19d
This PS adds the rabbitmq secret volume + mount for the audit
usage cronjob, as it was previously missing and the job's command(s)
were failing when run.
In addition, add labels to the CronJob's metadata, so that it can
be picked up for pre-delete hooks.
Change-Id: I0a2ed0655702b4e41cc12d3908b9aed141e6f0d2
During upgrade, the Cinder pods go through the upgrade
process. Sometimes, the pods are unavailable to handle
the requests in bootstrap even the Cinder services are
up. This patchset gives the bootstrap job additional
attempt to finish the tasks
Change-Id: Ie7bd8909f1c93b76b2242748318f892a6ff9c53d
Chart upgrading was failing due to some immutable fields are needed to upgrade before the jobs can be upgraded. For solving this issue, we
have added the helm.sh/hook annotations with post-install and post-upgrade values.
As for hook-weight annotations, we have added these to control the flow of the jobs with hook creation as the jobs are dependent. Like,
db-init jobs need to run before db-sync and so on.
helm3_hook values is added so that hook can be disabled from the values files.
Change-Id: Idfcc0479d152286ecd144502d80732094c9e43ea
Mount rabbitmq TLS secret to openstack services which support internal
TLS. Once internal TLS support is added to other service, the TLSed
rabbitmq support should be added.
Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/795188
Change-Id: I9aa272e365f846746f2e06aa7b7010db730e17df
This is to fix the ceph version checks for enabling the applications
on newly created pools for openstack services like cinder and glance.
Change-Id: I2c007f728180cf7753255463ebf2f8dc5dc6fa5b
If ClusterFirstWithHostNet does not exist, it will cause the communication between services to fail.
Change-Id: Iadac1d570e0aac1aee3361792319d825bcadc83c
When using iscsi in both cinder and nova multipath tooling access is not
currently available. This commit provides the host system access to
configure and control multipath.
This commit has been tested in our own production systems however this
is my first commit into Openstack-Helm so please review carefully and
provide me guidance on what I might be able to do better.
Change-Id: I4f017f67a5d80b9c931e2ee1653062aa503a7fd9
Verification is added to Cinder volume type creation logic
under Values.bootstrap to make sure the volume_backend_name is
configured in Values.conf.backends.
Change-Id: I1b9b1eaac8df861d28d4121477de148dba6a2dbf
When using a helm3 to deploy , it fails. Helm3 no more support rbac.authorization.k8s.io/v1beta1 , but v1 can support helm2 and helm3.
Change-Id: Ie4e1c79c2b2513318d1b7d6a13712921a6c2a6cb
Bidirectional mount propagation doesn't work as expected,
HostToContainer does and is the safer option for now.
Change-Id: Ia0b0ab1a74991745cd74d3629d23f86bd8ff5296
This patchset added the necessary hostPath, hostIpc and
hostNetwork to enable the volume backup for iSCSI based
Cinder volumes.
Change-Id: Ief3cc723650a6c42e24dfd6159c0de6f81e56fce
This PS enables iscsi actions to work correctly in cinder
volume - enabling things like conversion of glance images
to cinder volumes (required for nova-boot-from-volume)
Change-Id: I63521ff9609ad89485a843bc0fbddb00e38dccc8
Signed-off-by: Pete Birley <pete@port.direct>
Bring in option to be able to create and send service
tokens to prevent long-running job failures (default is OFF).
Change-Id: I5e5707001687e464386696b9c8d80ad8b2977e97
In this patchset, comfigmap of ceph.conf and secret of
cinder user keyring is created for externally managed ceph
Cinder backend.
Change-Id: Ie76bf207a7d42bd70a6be2648e060122f7daf5ad
This is to add support for external ceph cluster as second backend
for cinder.
prerequisite:
- create ceph.conf for external ceph cluster as configmap
- create cinder2 user and keyring on external ceph cluster
- create keyring of user cinder2 as a secret
now point configmap and secret created as prerequisite under
values.ceph_client.external_ceph section
also we need to add second backend under values.conf.backends section
with all the details of external ceph cluster.
Change-Id: I8df9f1da7208304f479dbb70b19af97fb01cd38f
This updates the cinder chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: Ia6e3c56087bae6f8c86db688404c6ce3a1d5d99d
- braces
- brackets
- colons
- commas
- comments
- hyphens
- indentation
- key-duplicates
with corresponding code changes.
Also disable enforcement for document-(start|end) rules and
disables warnings to increase readability.
* Unrestrict octal values rule since benefits of file modes readability
exceed possible issues with yaml 1.2 adoption in future k8s versions.
These issues will be addressed when/if they occur.
Change-Id: Ic5e327cf40c4b09c90738baff56419a6cef132da
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This updates the Cinder chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: If17af3e3dba188a43ed11a0d5757fcae9f5358e8
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: Ia035037e000f1bf95202fc07b8cd1ad0fc019094
Co-Authored by gage Hugo <gagehugo@gmail.com>.
This Patchset creates Zuul Gate Jobs for apparmor to support Cinder.
Change-Id: I7705512a3b50560b183e19f0868be40078241cdd
In this patchset, the iSCSI protocol support is added
to enable Cinder to use iSCSI based storage backends.
Bootable volumes are not supported, only VM attached
volumes are supported for this initial patchset.
Change-Id: I1b35290b62d2cebae4bd8be62126a53f230ac6c0
Cinder default format of policy file is changed from
"json" to "yaml" in stein. This patch set modifies
Cinder chart templates to load policies in yaml format.
Change-Id: I28f3d5be6609cd28bbc1ce8e5fc1d1cf4730b760
This reverts commit 1c85fdc390.
Do not use randomly generated strings in configmaps as this leads to
whole helm release redeployment even no values are changed. The random
items have to be generated outside of helm chart and provided via
values.
Also previous behaviour didn't allow to use cache during rolling upgrade
as new pods were spawned with new key.
Change-Id: I423611b18fca0d65e2e721a9c6a0c3d8df0813d2
The gotpl script that determines if a cinder backend is ceph-backed
is not properly handling additional backends that does not have the
driver "cinder.volume.drivers.rbd.RBDDriver". This patch set fixes
the gotpl so it no longer causes a rendering problem.
Change-Id: I902e82301019531832afebce7a1e2f0b28bac8f3
Signed-off-by: Tin Lam <tin@irrational.io>
- Change all tests to support Nautilus,Mimic and Luminous releases
- Update ceph-config-helper image
Change-Id: I557b1efa12529d0ee51d4c5b9d4beb4abf1b0574
This PS makes the image conversion directory an emptydir, so that
we can use read only containers and sill convert images from glance
into volumes.
Change-Id: Id3cda737895451c2261bf9adfe54995db28c2f63
Signed-off-by: Pete Birley <pete@port.direct>
