New kubernetes-entrypoint version was released. K8s-entrypoint
authors maintain images at Quay. The image uses CoreOS, which
is more lightweight than the current Ubuntu image, so it
should lessen the burden on the infrastructure.
Change-Id: Id8c2a4d065550ffbd64476377247cccf213b58e1
Partial-Implements: blueprint entrypoint-namespaces
This devref is covering the existing OpenStack-Helm neutron
architecture and proposal for introducing multiple SDNs.
Added linuxbridge usage docs.
Change-Id: If6c8753d85ea2bd2fd7df77e84b5e61bf64dc507
Implements: blueprint support-linux-bridge-on-neutron
Co-Authored-By: Gage Hugo <gagehugo@gmail.com>
Implemented Kubernetes jobs to drop a database for an OpenStack service
on deletion of Helm chart. This job is configurable to be enabled or
disabled in the values.yaml file for each chart.
Change-Id: Ia1a0834cb43c7e883aaf507a7c7683fa1cf4e838
This PS removes the pregenerated config templates producing using
the hacked oslo-genconfig tool. This results in both a much smaller
codebase and also more readable configuration by removing the
requirement to specify settings via oslo namespaced references.
This initial PS applies only to Keystone, A follow up will extend to
all remaining services.
Partially implements: blueprint remove-pregenerated-config-templates
See: https://blueprints.launchpad.net/openstack-helm/+spec/remove-pregenerated-config-templates
Change-Id: I3ced7ad02c703c767925a17b1a18f6158a878e83
This PS enables the following backends for glance:
* PVC
* RBD
* RadosGW (direct)
* Swift
It also moves the creation of the RBD pool when required to a storage
init job. This job also creates credentials as required for glance to
use when accessing the required backend, rather than using the admin
keyring.
Change-Id: I90fead961ff73a9263826acc794128fa73ead2e1
This PS implements the ceph radosgw and also provides keystone
intergration, allowing ceph to provide a swift like service if
desired for object storage.
In addtion it updates the endpoint lookups to use valid yaml when
dealing with keystone services with a '-' in their name.
Change-Id: I9162ad657df2f77c1bc1afa93a8b999894b1b470
Creation of one source of truth for kubeadm-aio docs. The kubeadm-aio
README now links to developer all-in-one document.
Change-Id: I9e405036e50cfd5336e0e6ce901d5e5d6850fae4
Closes-Bug: #1711727
This PS moves OpenVSwitch into its own chart - decoupling it from neutron,
both making it easier to deploy and use seperately and permitting
use of other network backends.
Partially implements: blueprint split-nova-and-neutron-infra
Change-Id: Ifd637136b950ddf1ba1c26ce76c9bbdeafc232c3
This PS moves libvirt into its own chart - decoupling it from nova,
both making it easier to deploy and use seperately and permitting
use of other compute backends.
Partially implements: blueprint split-nova-and-neutron-infra
Change-Id: I06237157244c3cdb5503eafa01229d061b1614f0
This patch set removes the "local/CHART" references in the documentation
and replaces it with a reference to a local path. This was already
updated in gate script.
Change-Id: I1753cb500cbe448a43ede85168d71596de4e08b8
Closes-Bug: #1711733
This outlines the foundation for a logging, monitoring and
alerting platform for openstack-helm. It should result in a
path forward for the technical requirements and the proper
default configurations to provide operational benefits
The goal is to gain feedback and consensus on the path forward
for these services
Change-Id: I069c2ad860d265fab8155972b19a71021685f2ce
Keystone is using keys to encrypt credentials saved into the database.
The mechanism is very similar to fernet tokens. This commit implements a
job setting key repository up and rotate job for those keys. All is
based on implementation of fernet tokens.
Change-Id: I88faf1d02d2b317563e8603cebba542f8b133c6a
Closes-Bug: 1693807
Keystone supports (and that's a default setting since Ocata) using
non-persistent fernet tokens instead of UUID tokens written into the DB.
This setting is in some cases better in terms of performance and
manageability (no more tokens DB table cleanups). OpenStack-Helm should
be able to support it.
General issue with fernet tokens is that keys used to encrypt them need
to be persistent and shared accross the cluster. Moreover "rotate"
operation generates a new key, so key repository will change over time.
This commit implements fernet tokens support by:
* A 'keystone-fernet-keys' secret is created to serve as keys repository.
* New fernet-setup Job will populate secret with initial keys.
* New fernet-rotate CronJob will be run periodically (weekly by default)
and perform key rotation operation and update the secret.
* Secret is attached to keystone-api pods in /etc/keystone/fernet-tokens
directory.
Turns out k8s is updating secrets attached to pods automatically, so
because of Keystone's fernet tokens implementation, we don't need to
worry about synchronization of the key repository. Everything should be
fine unless fernet-rotate job will run before all of the pods will
notice the change in the secret. As in real-world scenario you would
rotate your keys no more often than once an hour, this should be totally
fine.
Implements: blueprint keystone-fernet-tokens
Change-Id: Ifc84b8c97e1a85d30eb46260582d9c58220fbf0a
Adds the specs/ directory to openstack-helm for housing future
specifications for the project. It also includes an appropriate
README with directions for drafting specs, links to the openstack
resources for bp+spec lifecycle, and a template for use in
drafting specifications
Change-Id: Ice23447b358b520a8b4fb703fc836e8f09fa34d1
This enhances the stability and recovery of ceph by leveraging
hostNetworking for monitors as well as OSDs, and enables the
K8S_HOST_NETWORK variable within ceph-docker. This enhancement should
allow recovery of monitors from a complete downed cluster.
Additionally, ceph's generic "ceph-storage" node label has been
split out for mon, mds, and osd.
Co-Authored-By: Larry Rensing <lr699s@att.com>
Change-Id: I27efe5c41d04ab044dccb5f38db897cb041d4723
This PS move s the replicas key to be under the pod key in the values.
It brings further consolation of related configuration params to be
nested under common keys across all charts.
Change-Id: I420b06debd0a62ba5d83497be43ff6c49c49d339
This PS updates the Multinode Doc for Ceph deployemnt now that we
have bootstrap capability within the chart.
Change-Id: I40110db926bbbcbfb5a08300784e6a9735d32955
This PS deletes superfluous documentation and empty files from
the troubleshooting section, and also updates some of the docs
regarding persistent storage troubleshooting.
Change-Id: I60876e40ffe1a1f88ac6c761e8bf10beee92c2a0
This clarifies some of the steps in the kubeadm-aio guide, which
includes: adding minimum suggested system specs, commands to
verify success of a helm chart installation, and general clean up
and reformatting of the docs
Change-Id: I3f8cac9de7940970754e09bedf4d1d37022e7255
Adds basic expectations and explanations of openstack-helms
testing and gating approaches. This will continue to be expanded
upon but serves to provide a base on which to build
Change-Id: I689446b7124c4e11a92c73ef04e95d1840c6dc0a
