This patchset enforces stricter file permission on *-etc configmap and
sets readOnly flag to true in a number of charts.
Change-Id: I233689a5d56dd1352e0d81997a94b4cdd6bed5d2
Signed-off-by: Tin Lam <tin@irrational.io>
This PS updates the novnc proxy manifest to use the labels and
anti-affinity functions introduced to OS-H while it was in review.
It also drops some unrequired privs from the pod.
Change-Id: I24dce2079ac8aed2e05ce03832cefe0e8ca7f595
This PS unifies and normalises Kubernetes resource allocation and
update strategy across all OpenStack-Helm elements.
Change-Id: Ia41fc453cb5191fa447ca6e1aa0f5b431c939dc8
This PS moves keystone credentials to the endpoints section within
the values.yaml, and also adds a 'secrets' key, allowing standardiation
of secrets and credential management across OpenStack-Helm.
Change-Id: I86a21e625afd822379ac11351603b2c606a3769f
This PS adds a novncproxy deployment on nova chart and fixes a bug
about keystone memcached configration.
Change-Id: I44a8571e7da2dc4a431631e6e3a96b16e7242fd3
Closes-Bug: #1698033
Implements: blueprint add-novncproxy
gen-oslo-openstack-helm generated configuration file templates in
incorrect form, causing setting mulitple values in Values.yaml to
produce something like:
foo=barfoo=baz
This commit fixes this in the generator and updates config file
templates to generate configs correctly:
foo=bar
foo=baz
Change-Id: Iea661dcf1710987b2e111d7141ba888f01c44a50
Closes-Bug: 1699581
This PS adds soft anti-affinity to all pods in OS-H. By doing so
resiliancy is improved by attempting to ensure that pods are created
on seperate nodes.
Change-Id: I0c1092498f7a1e44218ef785ca3f73fa9f49819c
Kubernetes 1.6 introduced the ability to declare an update
strategy for daemonsets. As weve made >1.6 a requirement, we
should adopt the ability to update our daemonsets just as we do
with deployments. This brings the daemonset templates in our
charts in line with other patterns developed.
Change-Id: I317560b24d65274b69bec2df4f6225f1255b7ae6
This PS refactors the ceph chart and secret generation process.
The updated chart replaces the existing "bootstrap" chart.
Additionally, Ceph manifests and deployment guides were modified
accordingly.
Change-Id: I6f5bb88fc0f40cfee8865d9dab83859d765e7537
Co-Authored-By: Larry Rensing <lr699s@att.com>
This PS adds 'helm test' functionality using Rally to Nova
Change-Id: Ie53c42636b58e36c22a9260c67a7981183d741d3
Partial-Implements: blueprint implement-helm-test-for-charts
External-Tracking-Id: OSH-89
The existing entrypoint logic used static names to reolve dependencies.
This prevented the service names, and thus the hostnames of services
being altered. This PS resolves that issue by looking up the service name
from the endpoints specified in the values for a chart.
Partial-Implements: blueprint enhance-entrypoint-dependency-checking
External-Tracking-Id: OSH-21
Change-Id: Ib49490f332f8cd88e98c50d9335dfd314a170936
The policy.yaml was not mounted into pods in Nova, or its location
specified correctly in the default values, this PS resolves that.
Change-Id: Ie4d1b8414f626ac4b5fdc232644d5e8a3a99d8bb
This PS sets the default modetype of mounts from *-bin configmaps
to 0555, and removes the then unnecessary commands from the manifests.
Change-Id: I93ce0facb06affdf362a58f8520e69ba94ea3034
This PS removes the requirement for the Nova Metadata API to run with
NET_ADMIN capabilities, and also enables lightwight images without
iptables present to be used.
This has no effect on operation if Neutron is used for networking.
Change-Id: Ie69c74240ca7fd054e3c897c2bf8ebc8ec5c1377
With 1.6, init containers are officially part of the kubernetes
API. This changes the format of the helm template for the
entrypoint container from json to yaml, and updates the
charts accordingly.
Co-Authored-By: Pete Birley <pete@port.direct>
Change-Id: I569566ce4b031d107af2d38483040a26210bec45
When trying to install nova chart with Ceph enabled, libvirtd pod isn't
starting. It's because container is executing virsh commands before
libvirtd process is up. _libvirt.sh.tpl script needs to be fixed to
start the process first and then execute the commands.
Closes-Bug: #1691384
Change-Id: Icd5f31a5fbeb5985ed19213aeb236a25f600b18c
This PS add Barbican support, and moves all potentially container
specific logic into the service start script from the api manifests.
Also fixes a permissions issue with the nova-api, which incorrectly
had the NET_ADMIN capability.
Change-Id: I18fc1ea5d7aa70ea7dabb829361a3da57e905100
This commit adds graceful termination to all existing charts.
It also adds a setting in the values.yaml file for clarity and
the ability to override if wished.
Change-Id: I42025e4be86d248be467c1d2f0980f864c4d440e
This PS updates the way helm-toolkit functions are named to
reference the full path they are loacted at. This should make
development and debugging easier. Addtionally unused functions
have been pruned as well.
Change-Id: I03c553f1d01bccc70c86768b416b147c90d9b2f0
With pod disruption budget set it is not possible to drain nodes
and perform other expected operations. This PS changes the default
value to 0, restoring the typically expected operation of pods.
Change-Id: I43ef35638c98caee2cf567487173399157000ada
Addresses consistency issues that appear with autoincrement fields in
the existing chart, as demonstrated in [1]. It should allow automatic
recovery of 2 out of the 3 (default) cluster members.
It does not address automatic recovery of a complete shutdown of all
cluster nodes.
[1] https://review.openstack.org/#/c/465977/
Change-Id: I84c86e1862f03a6d381bf219b821ea3636049f0b
This PS adds a default pod disruption budget for nova-api-osapi
and nova-api-metadata to ensure at least one replica of each pod
is running.
Change-Id: I5ab626f24b899ed34240731bfe075be1df7228c5
This PS standardizes configmap mounts across all charts to be named
<project>-etc or <project>-bin. This reduces the amount of volumes
listed in each file.
Change-Id: Idbaf495fa243bb9ea0f6ad755ca4f899d5fc0d6f
OpenStack Foundation started serving project mascots files on
openstack.org. This commit adds URLs to those files as chart icons for
OpenStack projects.
Change-Id: I2482174cd1d9a0f32df91d7d81974a0dc37f5c4d
This PS brings in an MVP config for Nova.
The changes to the Libvirt also permit operation on
RHEL family distros.
Closes-Bug: 1683195
Change-Id: I4ce8c9bd53164f1be719271e095edc31e2f3ae4b
This PS moves the container start commands to scripts, which makes
debugging and overriding of container launch params easier.
Change-Id: Ibf5cda2218111360183b8a5eb993c717be84076c
This commit update the volume mounts in pods to ensure:
* Config files and scripts are mounted readonly
* volume mounts added for bootstrap job
Co-Authored-By: Larry Rensing <lr699s@att.com>
Change-Id: I1e89419858c0f72b705ad9b7968ec01bfaab5740
Removing domain_name from nova.conf in neutron section. domain_name and
project_name cannot be declared in the same section in the same time
for keystone auth.
Otherwise the exception is raised:
AuthorizationFailure: Authentication cannot be scoped to multiple targets.
Pick one of: project, domain, trust or unscoped
Change-Id: I55072d3662a9bfeb76725e5f0b4612b68e980605
This PS updates the chart.yaml to be consistent across the repo, and
changes the description to make clear that they are the OpenStack-Helm
derived versions of the charts while using `helm search`.
Change-Id: Iac3cfd2cddba7130b28a65c3d353712c8a3aa02b
This PS moves Nova to Kolla produced and published images:
* This is part of a larger effort to move to a single image source
* Stackenetes Newton images do not run with the systemd cgroup driver
in my testing.
Change-Id: I10fff6e9f2977104726c8a2f34090a86e524b661
