Images are often powerful tool to communicate when making a doc.
This PS hopely adds sphinxcontrib-blockdig to documentation tool.
Please give me feedback if this is right way to add it.
Some examples are:
https://docs.openstack.org/infra/zuul/user/gating.html
Change-Id: I7e8d8322df4bcc651e43e28d68ea5128660c592c
According to "code conventions" [1], do not use "-y" option.
Instead, use apt-get install package, yum install package,
or zypper install package.
[1] https://docs.openstack.org/doc-contrib-guide/writing-style/
code-conventions.html
Change-Id: I002607baadb90c8b0da4332a9eb7ca8e6f598f9f
Since OSH is an official project and the documentation is published
to docs.o.o, this patch set updates the conf.py to update the theme
to be inline with other openstack projects.
Change-Id: I8e4a8d9e1d2098ef074c3d9503c5c81297f513a7
A few doc edits so that they're in sync with the OSH
mission statement, helm-toolkit conventions,
and project doc location.
Change-Id: I33ccc39cd84fab3b537ad93970c21cf9065044e9
Pass the service namespace to kubernetes-entrypoint in
order to support dependencies between namespaces.
Add documentation about endpoint/service namespaces.
Change-Id: I208c3240e9f2c8900323595f7b0e488bef5cb1fc
Implements: blueprint entrypoint-namespaces
One line in the glance installation command in the
multinode docs is missing the \ character at the end
Change-Id: Ice0ca01c9a00499e8ddc4da28add15bb102dd819
Update Kubernetes AIO install guide fixing nova
install examples. Also add language around
pulling the AIO container versus building.
Change-Id: Ib9d1c21f1a75e00b5f0ddaafd73e1741193b8717
Added an example resolv.conf file to the multinode doc, along
with descriptions and instuctions for persistence across reboots.
Change-Id: If1eb71ff1862f2662f297ccac8b75fedd46cf89c
This ourlines the log forwarding and aggregation architecture
for openstack-helm, especially leveraging fluentbit and fluentd
combined. It should result in a path forward for the technical
requirements and the proper default configurations to work on
the implementation.
parent specification: https://review.openstack.org/#/c/482687/
Implements: blueprint osh-logging-framework
Change-Id: I0a38b91309f90fda6c64a44b01a733e94b6741da
New kubernetes-entrypoint version was released. K8s-entrypoint
authors maintain images at Quay. The image uses CoreOS, which
is more lightweight than the current Ubuntu image, so it
should lessen the burden on the infrastructure.
Change-Id: Id8c2a4d065550ffbd64476377247cccf213b58e1
Partial-Implements: blueprint entrypoint-namespaces
This devref is covering the existing OpenStack-Helm neutron
architecture and proposal for introducing multiple SDNs.
Added linuxbridge usage docs.
Change-Id: If6c8753d85ea2bd2fd7df77e84b5e61bf64dc507
Implements: blueprint support-linux-bridge-on-neutron
Co-Authored-By: Gage Hugo <gagehugo@gmail.com>
Implemented Kubernetes jobs to drop a database for an OpenStack service
on deletion of Helm chart. This job is configurable to be enabled or
disabled in the values.yaml file for each chart.
Change-Id: Ia1a0834cb43c7e883aaf507a7c7683fa1cf4e838
This PS removes the pregenerated config templates producing using
the hacked oslo-genconfig tool. This results in both a much smaller
codebase and also more readable configuration by removing the
requirement to specify settings via oslo namespaced references.
This initial PS applies only to Keystone, A follow up will extend to
all remaining services.
Partially implements: blueprint remove-pregenerated-config-templates
See: https://blueprints.launchpad.net/openstack-helm/+spec/remove-pregenerated-config-templates
Change-Id: I3ced7ad02c703c767925a17b1a18f6158a878e83
This PS enables the following backends for glance:
* PVC
* RBD
* RadosGW (direct)
* Swift
It also moves the creation of the RBD pool when required to a storage
init job. This job also creates credentials as required for glance to
use when accessing the required backend, rather than using the admin
keyring.
Change-Id: I90fead961ff73a9263826acc794128fa73ead2e1
This PS implements the ceph radosgw and also provides keystone
intergration, allowing ceph to provide a swift like service if
desired for object storage.
In addtion it updates the endpoint lookups to use valid yaml when
dealing with keystone services with a '-' in their name.
Change-Id: I9162ad657df2f77c1bc1afa93a8b999894b1b470
Creation of one source of truth for kubeadm-aio docs. The kubeadm-aio
README now links to developer all-in-one document.
Change-Id: I9e405036e50cfd5336e0e6ce901d5e5d6850fae4
Closes-Bug: #1711727
This PS moves OpenVSwitch into its own chart - decoupling it from neutron,
both making it easier to deploy and use seperately and permitting
use of other network backends.
Partially implements: blueprint split-nova-and-neutron-infra
Change-Id: Ifd637136b950ddf1ba1c26ce76c9bbdeafc232c3
This PS moves libvirt into its own chart - decoupling it from nova,
both making it easier to deploy and use seperately and permitting
use of other compute backends.
Partially implements: blueprint split-nova-and-neutron-infra
Change-Id: I06237157244c3cdb5503eafa01229d061b1614f0
This patch set removes the "local/CHART" references in the documentation
and replaces it with a reference to a local path. This was already
updated in gate script.
Change-Id: I1753cb500cbe448a43ede85168d71596de4e08b8
Closes-Bug: #1711733
This outlines the foundation for a logging, monitoring and
alerting platform for openstack-helm. It should result in a
path forward for the technical requirements and the proper
default configurations to provide operational benefits
The goal is to gain feedback and consensus on the path forward
for these services
Change-Id: I069c2ad860d265fab8155972b19a71021685f2ce
Keystone is using keys to encrypt credentials saved into the database.
The mechanism is very similar to fernet tokens. This commit implements a
job setting key repository up and rotate job for those keys. All is
based on implementation of fernet tokens.
Change-Id: I88faf1d02d2b317563e8603cebba542f8b133c6a
Closes-Bug: 1693807
Keystone supports (and that's a default setting since Ocata) using
non-persistent fernet tokens instead of UUID tokens written into the DB.
This setting is in some cases better in terms of performance and
manageability (no more tokens DB table cleanups). OpenStack-Helm should
be able to support it.
General issue with fernet tokens is that keys used to encrypt them need
to be persistent and shared accross the cluster. Moreover "rotate"
operation generates a new key, so key repository will change over time.
This commit implements fernet tokens support by:
* A 'keystone-fernet-keys' secret is created to serve as keys repository.
* New fernet-setup Job will populate secret with initial keys.
* New fernet-rotate CronJob will be run periodically (weekly by default)
and perform key rotation operation and update the secret.
* Secret is attached to keystone-api pods in /etc/keystone/fernet-tokens
directory.
Turns out k8s is updating secrets attached to pods automatically, so
because of Keystone's fernet tokens implementation, we don't need to
worry about synchronization of the key repository. Everything should be
fine unless fernet-rotate job will run before all of the pods will
notice the change in the secret. As in real-world scenario you would
rotate your keys no more often than once an hour, this should be totally
fine.
Implements: blueprint keystone-fernet-tokens
Change-Id: Ifc84b8c97e1a85d30eb46260582d9c58220fbf0a
