Currently Ceph namespace job cleaner uses a fixed name. This leads to
helm delete fails to clean up Ceph package. This fix randomizes the job
name to avoid name conflicts.
DocImpact
Closes-Bug: #1707670
Change-Id: I7ac7b7482b945a9a836f6f69df0ef8cebc37bafb
This PS updates the pod affinity function to allow customisation by
operators at the point of deployment.
Change-Id: I8b7b2f584e990e068051d9a6d5cc7b1e1adb5aa5
When trying to re-install ceph chart, the
ceph-namespace-client-key-generator job is not working because of the
already created pvc-ceph-client-key secret.
So it needs to remove the secret when deleting ceph chart.
Closes-Bug: #1705177
Change-Id: I7338a516fe3b9f265953b8b1fddd3dbfb97bafd2
Ceph mon has been changed from a statefulset to a daemonset,
so the PodDisruptionBudget is no longer needed.
Change-Id: I86d46ed2e6377177eff9251d5e4f3bb433eaf250
Ceph's health when running in the single node gate currently
is 'HEALTH_WARN'. This PS adds an extra config option such that
the ceph cluster will not attempt to perform replication when deployed
on a single node, as well as introduces a mvp yaml file for ceph
deployments in the gate.
Change-Id: Ib2ec3345140f541c94da044ff9d77723ea3ee2bd
This enhances the stability and recovery of ceph by leveraging
hostNetworking for monitors as well as OSDs, and enables the
K8S_HOST_NETWORK variable within ceph-docker. This enhancement should
allow recovery of monitors from a complete downed cluster.
Additionally, ceph's generic "ceph-storage" node label has been
split out for mon, mds, and osd.
Co-Authored-By: Larry Rensing <lr699s@att.com>
Change-Id: I27efe5c41d04ab044dccb5f38db897cb041d4723
This moves the set of ceph entrypoint scripts into the helm chart
this allows us to control how the different pods start. Also gives
each script the +x flag to give better insight as to the execution of
entrypoint scripts.
Change-Id: Ib78b8a5d57f653bdb399a1980b34ab5ea25f94cc
This patchset enforces stricter file permission on *-etc configmap and
sets readOnly flag to true in a number of charts.
Change-Id: I233689a5d56dd1352e0d81997a94b4cdd6bed5d2
Signed-off-by: Tin Lam <tin@irrational.io>
This PS unifies and normalises Kubernetes resource allocation and
update strategy across all OpenStack-Helm elements.
Change-Id: Ia41fc453cb5191fa447ca6e1aa0f5b431c939dc8
This PS refactors the ceph chart and secret generation process.
The updated chart replaces the existing "bootstrap" chart.
Additionally, Ceph manifests and deployment guides were modified
accordingly.
Change-Id: I6f5bb88fc0f40cfee8865d9dab83859d765e7537
Co-Authored-By: Larry Rensing <lr699s@att.com>
K8s 1.6 has affinity/antiaffinity funtionalities as a beta feature. This
means we don't need to declare them using annotations. This commit
switches usages of affinity to 1.6 syntax.
Change-Id: Ia68f4ab28a018617bd44b1295fea58cd30eb4a39
This allows ceph to form a reliable quorum under Kubernetes
1.6. There appears to be a minor timing difference in 1.6
compared to previous versions requiring us to annotate the
ceph-mon service with this toleration.
Change-Id: I2bb325c6dc0fc4b3c98eaccd95be36a53b1e8a16
* Add imagePullPolicy to ceph with default
* Add imagePullPolicy to mariadb with default
* Add missing imagePullPolicies to nova with defaults
* Remove malfunctioning daemonset dependency from nova
* Add missing neutron endpoint definition to nova values
* Force v4 networking in ceph. Repeated bootstrapping
is unreliable without this.
* Update cinder dependencies based on testing
* Optonal Horizon NodePort
* Revert iptables stub for nova-api-osapi because
we lack permississions to overwrite /sbin/iptables. We
will continue to run in a privileged security context
until we have a working solution.
The IPs of ceph monitors cannot (or should not) change.
This refactor allows the ceph monitors to act as statefulsets.
It also persists their on disk data to nodeDirs, to allow cluster
wide restarts (in parallel), where previously this would lose
data. This is accompanied by some docker images changes that
ensure that auth for the OSDs is restored/reinserted as auth
data is somehow not persisted to disk at this time.
* A new boolean value controls whether secrets and
the ceph.conf secret ConfigMaps are installed allowing
you to bring-your-own ceph configs. This should
remove the dependency on having to generate secrets
using the common chart if you have installed your own.
* A new boolean value controls whether we install
a storage class as part of the ceph chart install allowing
you to externally manage this
* More of the ceph values have been converted to values
variables, paving the way for a master yaml to provide input
and overrides to many independent "sub" charts without a parent chart
* As of helm 2.0.0, it no longer seems necessary to
copy a "globals.tpl" into each child chart, defines in
child charts now seem to be reliably rendered in the
parent. This was not working correctly in 2.0.0rc2
and so after a lot of testing, the globals define
insertion has been removed from the Makefiles. Also,
includes piped to b64encode are working now, meaning
we no longer have to do Makefile magic to base64
encode successfully. That has been removed. Once
.Files.Get works properly in a child chart context
we can remove all Make help.
* The openstack-base chart has been renamed to common
to better reflect that it is common to everything in
aic-helm, even non-openstack projects like ceph. All
charts now include it as a requirement.
* A first pass at a "cleaner" template directory approach
has been applied to rabbitmq as a test chart. This allows
files such as _start_rabbit to live in their raw form
and organizes files by config vs script in 'etc' or 'bin'
directories. If accepted, will apply to all other charts
for consistency.
* Made values.yaml consistent throughout charts. Removed any globals
references in subcharts as these are difficult to override. Only
ports should be in globals to build URLs which can come as part
of a future commit. The hostname endpoint aspect of a service
will come from openstack-base/_hosts.tpl and the port
would come from the chart itself as a global so other charts
can reference the port to build a complete URL. Putting the
hostnames themselves as globals in individual charts makes it
difficult to make a sweeping top level FQDN change.
* Cleaned up yaml requirements and incorporated a new _common.tpl
that is distributed to all charts to allow common endpoint naming
while still retaining the ability to install individual charts.
* Fixed keystone URL generation during bootstrap as a correct
URL is critical given keystone uses this to construct all
subsequent URLs in the request. Also allow controlling the
default endpoint version and scheme.
* Added missing NAMESPACE declaration to keystone deployment
as this is required for entrypoint to discover resources
not in the 'default' namespace.
* Refactored all nodeSelector values to be consistent throughout
all charts
This large commit refactors mariadb and creates a utils and
openstack chart to facilitate installing all openstack
elemenets and supporting infrastructure.
