Implement container security context for the following Horizon resources:
- Horizon server deployment
Change-Id: I8202cd011f4c4f73d778c5f0ad2648440e259e5d
Implement container security context for the following Glance resources:
- Glance server deployment
Change-Id: I32b63226f5f2bcfff09f0b6760f5475ef7d1b5b5
This PS extends the gate scripts to allow ceph to be deployed from
a workstation external to the k8s cluster.
Change-Id: I4940de18a53fb79c905fd307a04a1d19833e79b7
Signed-off-by: Pete Birley <pete@port.direct>
This PS allows rabbit compoents, eg other rabbit servers, tests, and jobs
to connect to rabbit.
Change-Id: I61cca52072940e31c093e4895a1c6406b15456bf
Signed-off-by: Pete Birley <pete@port.direct>
This adds the test timeout field to all charts with helm tests
defined in the OSH Armada manifest, and also updates the release
timeouts for releases known to take longer than usual
This also updates chart overrides to achieve parity between the
standard multinode job and the Armada periodic jobs to reduce the
potential for issues arising from configuration deltas
Change-Id: Id9ba223fbd35ee213db346bbc230a844632e15d2
Implement container security context for the following Keystone resources:
- Keystone server deployment
Change-Id: Ia68b5ebe4d76e0405d67224d976fee013cc02d0b
Implement container security context for the following Cinder resources:
- Cinder server deployment
Change-Id: Ic319fc8ccfea4c8d640ceecd0bbc93912173d172
If user wants to add an extra volumeMounts/volume to a pod,
amd uses override values e.g. like this
pod:
mounts:
nova_placement:
init_container: null
nova_placement:
volumeMounts:
- name: nova-etc
...
helm template parser complains with
Warning: The destination item 'nova_placement' is a table and ignoring the source 'nova_placement' as it has a non-table value of: <nil>
So when we create empty values for such keys in values.yaml, the source
will be present and warning does not need to be shown.
Change-Id: Ib8dc53c3a54e12014025de8fafe16fbe9721c0da
The armada update password job was attempting to invoke a script
that didn't exist for sourcing the passwords. This updates the
path appropriately
Change-Id: Ieb0b85c18ed4f2a589ee3a3ba251317350dc4b81
This specification proposes support for deploying openstack services
using OSH with OCI image registry which has authentication turned on.
Change-Id: I26e34a5a39c06e9d481af58c15fb930d3fe9b1ef
Implements: blueprint support-oci-image-registry-with-authentication-turned-on
Signed-off-by: Angie Wang <angie.wang@windriver.com>
In a previous patch set (https://review.openstack.org/#/c/629300/),
the "allowPrivilegeEscalation" flag was set to false for one of the
init containers, but it was intended to be used for the glance-api
container.
Change-Id: If2d83d82a720d7a1a39729bbf3bddc226af3ba20
fernet-manage:
- filter used to return a list on python2 but on python3 it returns
an iterator which has no len method
- Coherce the keys var into a list so we can run len on it on both
versions
update-endpoint:
- ConfigParser is called configparser on python3
- try/catch and import the proper configparser
Change-Id: I8296074f4d20e47afe0c7aea41bf21999685aecd
Previously, when adding interfaces to an ovs bridge we would set the
link state to up. Some environments assume this is the case so
restore that behavior.
This fixes the problem where external (public) IPs for routers and VMs
no longer respond.
Change-Id: I59e21bd5cde7e239320125e9a7e0a33adae578a8
Health_probe for neutron pods accomplish both liveness and
readiness probe.
Neutron DHCP/L3/OVS agents:
Sends an RPC call with a non-existence method to agent’s queue.
Assumes no other agent subscribed to tunnel-update queue other
than OVS. Probe is success if agent returns with NoSuchMethod
error.
Neutron Metadata agent:
Sends a message to Unix Domain Socket opened by Metadata agent.
Probe is success if agent returns with HTTP status 404.
In both the cases, if agent is not reachable or fails to
respond in time, returns failure to probe.
Readiness probe for Neutron L3/DHCP/Metadata/SRIOV agents
Following are the operations executed on the pod as part of
readiness probe on the neutron agents:
- Check if the agent process is up and running.
- Retrieve the sockets associated with the process from the /proc fs.
- Check the status of tcp sockets related to Rabbitmq communication.
- Check the reachability of the rabbitmq message bus from the agent.
- For SRIOV Agent, check if VFs are configured properly for the
configured NICs in sriov_agent.ini conf file
Change-Id: Ib99ceaabbad1d1e0faf34cc74314da9aa688fa0a
