This change removes the netpol values from the keystone/ldap script,
those are now part of the appropriate chart and can be deployed as such.
This also fixes the path to the ldap domain config override that was
pointing to a file that no longer exists.
Change-Id: Id01af23c5308edabf635ccd321721ff104fd58e3
This PS udpates the nova compute start script to account for cases where
there may be multiple default routes to the outside world.
Change-Id: Ibd051c2577a0ab67aa2a5284fc9ccab799c28953
Signed-off-by: Pete Birley <pete@port.direct>
Implement container security context for the following Nova resources:
- Neutron metadata_agent
- Neutron ovs_agent
Change-Id: If8246450f8ebd62a0c5999f832ec59796355ee78
Add ubuntu bionic barbican images for Stein.
Also policy rules changes due to https://review.opendev.org/#/c/609606
Change-Id: I36957c859bf065541ac4ce07e03c01fc020ff4af
As network policy jobs in zuul are moved to be run by the feature gate,
usage of them in old scripts should be taken out to avoid confusion and
potential problem where netpol cause unexpected connection failure. This
patch set removes the remanant of these netpol's.
Change-Id: I1ce86d27ca4f708b17d848d742ba840156d4ef6c
Signed-off-by: Tin Lam <tin@irrational.io>
As all feature specific value overrides are moved into the component's
values_overrides folder to be used by zuul's feature gate, the old
overrides should be removed to reduce confusion as they are unused.
Change-Id: Ieaf35a8147061da356fdfa46c73673457af1f3d1
Signed-off-by: Tin Lam <tin@irrational.io>
Move Barbican Network Policies into a dedicated
override. Configure magnum to have the access to
Barbican.
Change-Id: Iad0f69666a28fabedd49b266c8a9de1ec3410dd6
For k8s 1.16+, the extensions/v1beta1 has been replaced by
apps/v1 for DaemonSet. This patch set updates documents in
the OpenStack-Helm repository.
Change-Id: I8512b9f3202b2bf56b77408aca8d239daab32add
Signed-off-by: Tin Lam <tin@irrational.io>
Pods for some of the CronJobs do not have correct
application and component labels applied, they are
unable to start if Network Policies are enabled.
Change-Id: Ie4eed0e9829419b4b2e40e9b712b73a86d6fc3d2
This change updates the tests container image
to one which installs python3.
The selenium-test.py template file has been refactored
to match the structure of the selenium tests in
openstack-helm-infra/tools/gate/selenium
Change-Id: I568bea8d715ea28b8e750215d166ba1b04e4172d
A recently introduced readiness probe for neutron-ovs-agent makes use of
an OVSDB table entry 'dpdk_initialized' which does not exist in OVS
versions preceeding v2.10.0. This patch changes the readiness probe to
exit successfully if this table entry does not exit. Thereby it does not
give any guarantees for older versions of OVS, but at least allows the
readiness probe to pass.
Change-Id: Ic77c6bdd60730c1a7c5e55fdb4afc6db938f0ddb
This updates the kubernetes-entrypoint image reference to consume
the publicly available kubernetes-entrypoint image that is built
and maintained under the airshipit namespace, as the stackanetes
image is no longer actively maintainedy
Depends-On: https://review.opendev.org/688435
Change-Id: I8e76cdcc9d4db8975b330e97169754a2a407341f
Signed-off-by: Steve Wilkerson <sw5822@att.com>
Neutron plugins (for ex. TaaS) using their own rootwrap filters install
those filter files in /var/lib/openstack/etc/neutron/rootwrap.d directory.
Therefore this path should be added to neutron values.conf file to let
these plugins function correctly.
Change-Id: Ia76153b50e2e22cb606b8c0f811119b3f71217d2
Added new X-Content-Type-Options: nosniff header to make sure the browser
does not try to detect a different Content-Type than what is actually
sent (can lead to XSS)
Added new Header and set X-Permitted-Cross-Domain-Policies: "none"
Change-Id: I6f89ffb44ad805039c4074889a7c15fbef6fc95e
This updates the ceph-config-helper image for the ubuntu distro
based jobs to use an image that includes kubernetes 1.16.2
Change-Id: If063db5e6f0abfab10cd0195b3633c41d8ed560f
Signed-off-by: Steve Wilkerson <sw5822@att.com>
Some configuration when enable will explicitly set headers, for this
to work the header module should be enabled.
Change-Id: If549d4c6924c990d1a48bca193935ed9a2ed6864
This patch set adds in default horizon ingress overrides.
Change-Id: I5a7e8197b84bc5f1ad94d5d6a1d0662257404994
Signed-off-by: Tin Lam <tin@irrational.io>
This patch adds a deployment guide for installing Openstack Helm
with OVS-DPDK
Co-Authored-By: Georg Kunz <georg.kunz@ericsson.com>
Change-Id: Ic8078537a7317c4132e4b11494e0d827365109d9
In daemonset-compute.yaml, it uses a wrong application name
Bug introduced in commit-id:9b42e8a1c0e68404bf13487dbfb699b1bd0e4c01
Change-Id: I614dc9d52d6dd7b346aa0b3f5e0012686de93ced
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
This patch set is one of many to migrate existing code/script to be
python-3 compatible as python-2 is sunsetting in January of 2020.
Change-Id: I337069203a3273e9aba6a37294ee3c25e5b4870a
Signed-off-by: Tin Lam <tin@irrational.io>
The current configuration expects VF & bonding info by default. This patch
set removes the need to configure them for every deployment.
Change-Id: Id546c113b2d3c42591a0326ee8cd442cccc73578
Python psutil library has not been consistent in behavior
a. gives trucated process names at times
b. the truncated names sometimes contain path to Python instead
of the program name Python runs
Change-Id: I99b77a4c28761a2187e59be4e562d5893ef3caa9
For simplification of deployment and maintenance, reduce the number
of scripts that do usually the same.
The important part is that when user wants to do multinode deployment,
OSH_DEPLOY_MULTINODE variable must be set before executing the script.
For now multinone script still stays, only to invoke the common one,
but in future it would be better to remove multinode scripts completely
and let user call the common script with the right argument.
Change-Id: I4dca159827581cbe8d6ded3be85e732acbf60ed1
This PS adds octavia chart and its deployment scripts.
Blueprint name : openstack-helm-octavia
- Deployments : api, worker, housekeeping
- Daemonset : health-manager
- health-manager daemonset creates o-hm device on each controller node.
- This is for multi node deployment.
- 180-create-resource-for-octavia.sh : Create openstack resources
(network, sec groups, flavor, keypair, image for development)
- 190-create-octavia-certs.sh : Create certificates to use Octavia
(the certs is passed into pod using secret and volume for development)
- 200-octavia.sh : Deploy Octavia chart
Note: This chart doesn't include amphora image itself and its build.
Change-Id: I0bb7dfc7c15d77287c05a8542347e19fc269aba4
Signed-off-by: hagun.kim <hagun.kim@samsung.com>
