ADD openstack chart with values_overrides
* rabbitmq
* mariadb
* memcached
* keystone
* heat
* glance
This adds umbrella chart that references other charts via
symlink and include global values.
Because chart valeus_overrides yaml apply to the main chart,
the umbrella chart has a chart-scoped replacement
ADD openstack.sh deploy script
This script deploys all components with a single release.
ADD corresponding release notes
CHG wait-for-pods-sh to accept timeout arguement
CHG get-values-overrides.sh to modify file path for subchart
Change-Id: I25cd9d6785c61540d6329657c0358f27299d3647
The glance-api pod has a terminationGracePeriodSeconds
of 600s(10min) and the others services has 30s. This high
terminationGracePeriodSeconds may cause timeout in some
cases and there is no reason for this high
terminationGracePeriodSeconds.
The terminationGracePeriodSeconds has been introduced on
https://review.opendev.org/c/openstack/openstack-helm/+/469974
but there is no explanation why it is too high.
Story: 2009959
Task: 44926
Signed-off-by: Arthur Luz de Avila <arthur.luzdeavila@windriver.com>
Change-Id: I9f9092e48c4f4ecf5a145dc42dbafe4f96cfa91c
This changes use the helm-toolkit template for toleration
in openstack services
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Story: 2009276
Task: 43531
Depends-On: I168837f962465d1c89acc511b7bf4064ac4b546c
Change-Id: Ifa05d9adb69ed46177ba2e7e1707d2e46eff62e4
Glance registry was deprecated in Queens and removed in Stein.
This change removes glance-registry settings and templates
from the glance chart. Also removed the overrides from older
releases that are no longer actively supported and tested.
Change-Id: I704d844b9ab96daa73ec42e29cded31fbbe3f720
If labels are not specified on a Job, kubernetes defaults them
to include the labels of their underlying Pod template. Helm 3
injects metadata into all resources [0] including a
`app.kubernetes.io/managed-by: Helm` label. Thus when kubernetes
sees a Job's labels they are no longer empty and thus do not get
defaulted to the underlying Pod template's labels. This is a
problem since Job labels are depended on by
- Armada pre-upgrade delete hooks
- Armada wait logic configurations
- kubernetes-entrypoint dependencies
Thus, for Job templates previously missed, this adds labels matching
the underlying Pod template to retain the same labels that were
present with Helm 2.
[0]: https://github.com/helm/helm/pull/7649
Change-Id: Ie438b449a3d9853d786215d40a39c32d164e9950
If labels are not specified on a Job, kubernetes defaults them
to include the labels of their underlying Pod template. Helm 3
injects metadata into all resources [0] including a
`app.kubernetes.io/managed-by: Helm` label. Thus when kubernetes
sees a Job's labels they are no longer empty and thus do not get
defaulted to the underlying Pod template's labels. This is a
problem since Job labels are depended on by
- Armada pre-upgrade delete hooks
- Armada wait logic configurations
- kubernetes-entrypoint dependencies
Thus for each Job template this adds labels matching the
underlying Pod template to retain the same labels that were
present with Helm 2.
[0]: https://github.com/helm/helm/pull/7649
Change-Id: Ib5a7eb494fb776d74e1edc767b9522b02453b19d
Chart upgrading was failing due to some immutable fields in job are needed to upgrade. So, we have added the helm.sh/hook annotations with post-install and post-upgrade values. As for hook-weight annotations, we have added these to control the flow of the jobs with hook creation as the jobs are dependent. Like, db-init jobs need to run before db-sync and so on. Also helm3_hook value is introduced in values.yaml, which can be used to disable helm hook if needed.
Change-Id: Idb4b992b4061f4a014570b7933a585df1a096299
Mount rabbitmq TLS secret to openstack services which support internal
TLS. Once internal TLS support is added to other service, the TLSed
rabbitmq support should be added.
Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/795188
Change-Id: I9aa272e365f846746f2e06aa7b7010db730e17df
In the Victoria cycle oslo.policy decided to change all default policies
to yaml format. Today on openstack-helm we have a mix of json and yaml
on projects and, after having a bad time debugging policies that should
have beeing mounted somewhere but was being mounted elsewhere, I'm
proposing this change so we can unify the delivery method for all
policies across components on yaml (that is supported for quite some
time). This will also avoid having problems in the future as the
services move from json to yaml.
[1] https://specs.openstack.org/openstack/oslo-specs/specs/victoria/policy-json-to-yaml.html
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: Id170bf184e44fd77cd53929d474582022a5b6d4f
This is to fix the ceph version checks for enabling the applications
on newly created pools for openstack services like cinder and glance.
Change-Id: I2c007f728180cf7753255463ebf2f8dc5dc6fa5b
When using a helm3 to deploy , it fails
Helm3 no more support rbac.authorization.k8s.io/v1beta1 , but v1 can
support helm2 and helm3.
This change optimized deployment.
Change-Id: I107d6e965ca00a6d8b766e91573be2c9aeb4f782
'function' keyword is a bash extension and not recognizable by sh.
Change-Id: I96205e337a28e12f3e3d06ca99e5f04e0f9a38f4
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This patch set add CA certificate to glance storage init and also
converts the nginx.sh script to shell script.
Change-Id: If3e0cd194af7ed3e15668df799b2b9026e0135d8
This corrects an issue with glance registry ingress failing due to a
name mismatch. This also provides a proper glance registry public secret that was
missing.
Change-Id: Ibe3d5ca774365b7f4df01940884953fc0181394f
Signed-off-by: Tin Lam <tin@irrational.io>
This updates the Glance chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: I0a164ed48dd11780b4fdbb8be6b492fb45efe0aa
This updates the Glance chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: I49ac688fa9cb73ddbc215198c74fae26f503cb51
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: Ia035037e000f1bf95202fc07b8cd1ad0fc019094
This reverts commit 1c85fdc390.
Do not use randomly generated strings in configmaps as this leads to
whole helm release redeployment even no values are changed. The random
items have to be generated outside of helm chart and provided via
values.
Also previous behaviour didn't allow to use cache during rolling upgrade
as new pods were spawned with new key.
Change-Id: I423611b18fca0d65e2e721a9c6a0c3d8df0813d2
- Change all tests to support Nautilus,Mimic and Luminous releases
- Update ceph-config-helper image
Change-Id: I557b1efa12529d0ee51d4c5b9d4beb4abf1b0574
Glance provide default list of metadata definitions in /etc/glance/metadefs
directory. The patch adds job that will load those defaults definitions.
The job is enabled by default.
Change-Id: Ib3ab20a9a7f73b568b029b06101cf4e5e2473716
The patch sets allowed_origin in cors section to have ability to
operate along with CSRF operations and direct upload in horizon dashboard.
Change-Id: Icdd9aa97d24c5bf3cc42d3cd1dfd5b2f7adbefc9
The patch fixes issue when ingress for glance registry is created
when manifests:ingress_registry is set to false.
Change-Id: I8e54c73b3924ea292e18aa1e837d0e10b51e3876
This PS updates the charts to use the htk function recently introduced
to allow oslo.messaging clients ans servers to directly hit their
backends rather than using either DNS or K8S svc based routing.
Depends-On: I5150a64bd29fa062e30496c1f2127de138322863
Change-Id: I458b4313c57fc50c8181cedeca9919670487926a
Signed-off-by: Pete Birley <pete@port.direct>
This PS enables the use of simple logging options if desired.
Change-Id: If6ea420c6ed595b3b6b6eedf99a0bf26a20b6abf
Signed-off-by: Pete Birley <pete@port.direct>
This patch make the db sync job template follows the same pattern
that other templates utilize the variables to make in a predictable
pattern.
Change-Id: Idbedd046c6b4fd001cf63004ffac792173a5778b
Story: 2005754
Task: 33457
This PS adds emptydirs backing the /tmp directory in pods, which
is required in most cases for full operation when using a read only
filesystem backing the container.
Additionally some yaml indent issues are resolved.
Change-Id: I9df8f70e913b911ff755600fa2f669d9c5dcb928
Signed-off-by: Pete Birley <pete@port.direct>
This change adds the keystonemiddleware audit paste filter[0]
and enables it for the glance-api and glance-registry services.
This provides the ability to audit API requests for glance.
[0] https://docs.openstack.org/keystonemiddleware/latest/audit.html
Change-Id: I3b42717dbc11257c21b27e7c68dedc3283e1bd34
Implement container security context for the following Glance resources:
- Glance server deployment
Change-Id: I32b63226f5f2bcfff09f0b6760f5475ef7d1b5b5
