This change adds two network policy zuul checks, one for the compute-kit,
and one for cinder/ceph, to test network policy for each OpenStack
service. These checks will be non-voting initially.
The network policy rules for each service will initially allow all
traffic. These ingress/egress rules will be defined in future changes
to only explicitly allow traffic between services that are explicitly
allowed to communicate, other traffic will be denied.
Depends-On: https://review.opendev.org/#/c/685130/
Change-Id: Ide2998ebb2af2832f24ca7abc398a82e4a6d70e3
This change removes the network policy overrides that are set in
the common memcache setup script. These override will be implemented
in a future change as part of the rest of the network policy work.
Change-Id: I8954b6d88a650a576208e33b6e6e6ef00bdbef66
This PS indroduces a simpler way to incorp over-rides into gate
runs, and also ensures that they are scoped to a single chart, rather
than all of the charts deployed within a gate run.
Depends-On: https://review.opendev.org/666957
Change-Id: I49edf52cc1fc5ec60ee9754c28880c9c0c54492e
Signed-off-by: Pete Birley <pete@port.direct>
This updates the single node jobs to use the recently
added minikube deployment, with the intent to reduce
overall runtime for the single node jobs
Change-Id: I6efdbf890d86bf916cef2d1a3b7eba1f6132c2f9
This begins the reordering of the openstack-helm gates. This
deprecates the single node checks/gates that deployed the entire
stack in favor of single node checks/gates that are focused on
deploying charts with only their dependencies to reduce the
number of checks/gates required for a particular change. This also
moves the armada check to experimental, and moves the multinode
checks/gates to run as periodics. This will be followed up by
additional efforts to streamline these changes and incorporate
previous work targeting the same.
Change-Id: I63b87aceefc79a7a42c325669f2b4e3abb0c961c
This patch set updates the gate to by default uses network policy
for all components and enforces them in Openstack-helm.
Change-Id: I70c90b5808075797f02670f21481a4f968205325
Depends-On: I78e87ef3276e948ae4dd2eb462b4b8012251c8c8
Co-Authored-By: Mike Pham <tp6510@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
This updates the make command for the osh-infra charts in the
deployment scripts to account for the charts residing in
openstack-helm-infra instead of the openstack-helm working
directory
Change-Id: I9f492e586f69b0caf908366a9cae2b55da0d4cfc
adding "--ignore-installed" option to pip command
allow the script to be executed on centOS 7.5.
Story: #2003603
Change-Id: Ibb756b3b658993eb999d4a07e35c76b5811913fe
This PS disables the v2 keystone API, and finishes the migration to
full v3 support.
Change-Id: I3021ebe0bee668db9f28e7fb18e2d4b26172f209
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves to use port 80 by default for the keystone
asdmin endpoint, and adjusts paths accordingly.
Change-Id: Iccae704dadc17eba269e857301654782f64763c9
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves the Memcached chart to OSH-Infra
Story: 2002204
Task: 21727
Depends-On: https://review.openstack.org/#/c/585553
Change-Id: Iabf15db6d14df7e6b7246f8abb9d2e97f6d96172
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds support for TLS on over-ridden fqdn's for public
endpoints for core OpenStack Services. Currently this implementation
is limited, in that it does not provide support for dynamicly loading
CAs into the containers, or specifying them manually via configuration.
As a result only well known or CA's added manually to containers will
be recognised.
Change-Id: I8f1b699af29cbed2d83ad91bb6840dccce8c5146
Depends-On: I535f38a8d92c01280d79926a1f0acd06984aabbf
Signed-off-by: Tin Lam <tin@irrational.io>
Signed-off-by: Pete Birley <pete@port.direct>
The python "cmd2" package installs version 0.9+ on Python 2.7,
which only support Python 3.4+. This causes a dependency error in
the gate due to issue outlined in [0]. We will pre-install a
capped version of "cmd2" that would work with Python 2.7.
[0] https://github.com/python-cmd2/cmd2/issues/421
Depends-On: I34cbde65b74efc2805bd7785f84878783d2badbf
Change-Id: I35c5b1cf2253bd3ab953745a795be8ac42668053
Signed-off-by: Tin Lam <tin@irrational.io>
This PS stops pulling the charts default images, as the make file
target cannot target over-rides - resulting in longer gate runs with
twice as many images pulled than required in some cases.
Change-Id: I2a49ab0e8034b0aadc2c06cc347f7d76ef71784a
This PS allows the neutron and nova charts to dynamicly adapt to
various backends.
Depends-On: I0ec13f45fd4561fec59d08b08eb78390a3866156
Change-Id: I1891af4b0e49237e229ff5e61e907dc3e413cf87
This PS moves the default image in OSH for most services to use LOCI
and also provides a Kolla gate for newton openstack.
Change-Id: Ice6cb9f89bc3ce6e8280e580d215aedda9e71904
This PS updates the multinode deploy scripts to show output in the
gates, stop proxying the kubedns service, and use a pvc to back mariadb.
Change-Id: I78caf3f15e4c5ca33eaa1e592e8df958f13be90b
This PS moves to namespace specific ingress controllers, and a
cluster wide ingress controller that acts as the external front
door to the cluster. The cluster ingress controller will also
be able to create a dummy interface that can be announced via the
OpenStack-Helm-Infra Calico chart.
The ability to exercise the edge VIP feature is currently only
demonstrated in the single node gate and guide, as it requires
additional configuration, or hardware to set up the routes in
a multinode env.
Change-Id: I8b823b93465f2e90aaabcca9ec9b783d34539e07
This PS adds a 5 node basic gate for OSH, using the same format as the
dev-deploy guide. Follow on commits will:
* Remove redundant gate scripts
* Add documentation, in the same format as the AIO guide
* Add all remaining services in OSH
* Enable Helm test for all services
Change-Id: I7b72dc4777e88cae2b8a4d842c41a17a526079a2
Depends-On: Ie9b23174fade3df4a87f2b771ea654e2081b4f4e
