This updates the barbican chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: Ibb85435c1fa9fe577bc7a14d97e0acaf9b9513a2
- This is to make use of loopback devices for ceph osds since
support for directory backed osds going to depricate.
- Move to bluestore from filestore for ceph-osds.
Change-Id: Ia95c9ceb81f7d253dd582a2e753a6ed8fe60a04d
The current overrides do not function correctly, and should have
been setup with a multistring. This change corrects this to
deploy right in nova.
Change-Id: If709ea5d18399dc0d135351c2bdcdbd324663ad7
ironic conductor does not allow to have the enabled_drivers
configuration value from stein version.
If we set values for enabled_drivers, the service raised errors.
Change-Id: I5b299ab691013836d5eb2169f95b12805a27b4e8
Release overrides are not applied in component script if invoked from
developer ceph one because OSH_EXTRA_HELM_ARGS_NOVA is not empty.
Change-Id: Ic4eb1cf6115b740b59922272a789e37b683cb44e
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
We're running compute kit jobs on the edge of current flavor
capabilities and actually exceeding it with TLS enabled.
With this change compute kit TLS commit successfully pass check
jobs.
Change-Id: Ide1a1600f2e19fcb91ec7d90c8f316283b2d9697
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
OSH requires pip3 to install the openstackclient, and a recent
change in infra made the images no longer contain
pip by default. This change adds python3-pip in order to address
this.
Change-Id: I32febc7194ced6ab88794c6ac9fa2aa373909827
This patch set updates some default horizon settings to be more secured.
Change-Id: I7849cb0e9819d9e5cf4e149634e2bebee75a1c7f
Signed-off-by: Tin Lam <tin@irrational.io>
If the test pod still exists, then the new test run
fails with ERROR: pods "abc-test" already exists
So, Removing remaining test pods before new test run
Change-Id: I447d2b56b1419086b99df47b6605d0a95e1a9239
Closes-Bug: #1882030
Replace user with desginate as this key is explicitly used by
helm-toolkit functions.
Update more places that were not touched by [0]
[0] https: //review.opendev.org/#/c/715146/
Change-Id: Id8daba95e51fe97222b94eba95944856b7f5dd5a
This patch set adds in two additional parameters to:
a. establish ownership between certificate and secret so secrets can be
cleaned up when the certificate is deleted as part of a helm release
b. add the ability to always issue new tls.key as part of the key
rotation when the secret gets regenerated for any reason.
This also adds linebreaks for readability.
Change-Id: Id40d504251bbd98c32a7d9baa3dbe9858ad495cb
Signed-off-by: Tin Lam <tin@irrational.io>
Switch to openstackdocstheme 2.2.1 version. Using
this version will allow especially:
* Linking from HTML to PDF document
* Allow parallel building of documents
* Fix some rendering problems
Update Sphinx version as well.
Disable openstackdocs_auto_name to use 'project' variable as name.
Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: I46021aa93e28242d0f7dc9d80f598538247a6df5
There is a reference error in the parameter "client_interface" in the "_
nova-console-compute-init.sh.tpl" file, now fix it.
Change-Id: I0b1bdd348e1f424afda9aa2183c0e876afd12968
Some nova settings for huge_page reservation can be needed when
deploying things like ovs-dpdk to avoid running out of memory.
This change adds in the values override for setting huge_page
reservations as an example to use when overriding nova values.
Change-Id: I9ee13d3a8bcaabf50a449cb2566cfb0fe8212484
In a recent apparmor security patch [0], additional annotations were
added to the cronjobs that were incorrectly indented. While helm v2
seems fairly tolerant and ignores these errors, running this usig helm
v3 seems to cause rendering problems as we are placing incorrect key
and value pair into the spec: field. This patch set corrects this.
[0] https://review.opendev.org/#/c/725727/8
Change-Id: I9aae94bc0a68318b2c16fedbc973f7a0a2a3729e
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set updates the cert-manager.io version from v1alpha2 to
v1alpha3.
Change-Id: Ib9904f9f2c1f3fa426c852b012307cf7aed266e7
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set places in a placement database migration script to
upgrade an installation from one without the placement service to one
with the placement service.
Change-Id: I1a9abb4999beac26b140a8302665f5c63901e71d
Signed-off-by: Tin Lam <tin@irrational.io>
