add dnsPolicy parameter in daemonset-mon.yaml, ceph-mon should have
dnsPolicy ClusterFirstWithHostNet because it use hostNetwork.
Closes-bug: 1713383
Change-Id: I14aba0f5caeb6cb7057aeadb18c60337b130da90
This PS updates the ceph namespace client key script to hard fail
if it cannot get the admin storage key from the namespace ceph is
deployed into.
Change-Id: Ieefe6d800a678d721294561b25bbebc874cfa74d
Use ClusterFirstWithHostNet DNS policy so osd pods can resolve mon address
through host network
Change-Id: I7aaeee1fc26cc1812c210bfe2c0f5b131c4cbd81
Closes-Bug: #1709439
This PS removes the licence header from rendered output from tiller,
significantly reducing the configmap size of charts deployed to the
cluster.
Change-Id: I5d1b246f2068f3b83bf59ba79fe8b88bbc9a6161
This PS adds labels to all jobs in OpenStack-Helm, allowing them to be
found by label searches. This makes management of large clusters using
tools like Armada easier.
Change-Id: I49b2cb7a94fab96958f187ca11e2c2a0c80ff843
ceph clean job tries to delete a secret. but if there's no the secret,
the job falls in CrashLoopBackOff status when helm delete.
Change-Id: I863e43f576408fdcd24997bde9b658c50b0057c1
Closes-bug: 1708597
Currently Ceph namespace job cleaner uses a fixed name. This leads to
helm delete fails to clean up Ceph package. This fix randomizes the job
name to avoid name conflicts.
DocImpact
Closes-Bug: #1707670
Change-Id: I7ac7b7482b945a9a836f6f69df0ef8cebc37bafb
This PS updates the pod affinity function to allow customisation by
operators at the point of deployment.
Change-Id: I8b7b2f584e990e068051d9a6d5cc7b1e1adb5aa5
When trying to re-install ceph chart, the
ceph-namespace-client-key-generator job is not working because of the
already created pvc-ceph-client-key secret.
So it needs to remove the secret when deleting ceph chart.
Closes-Bug: #1705177
Change-Id: I7338a516fe3b9f265953b8b1fddd3dbfb97bafd2
Ceph mon has been changed from a statefulset to a daemonset,
so the PodDisruptionBudget is no longer needed.
Change-Id: I86d46ed2e6377177eff9251d5e4f3bb433eaf250
Ceph's health when running in the single node gate currently
is 'HEALTH_WARN'. This PS adds an extra config option such that
the ceph cluster will not attempt to perform replication when deployed
on a single node, as well as introduces a mvp yaml file for ceph
deployments in the gate.
Change-Id: Ib2ec3345140f541c94da044ff9d77723ea3ee2bd
This enhances the stability and recovery of ceph by leveraging
hostNetworking for monitors as well as OSDs, and enables the
K8S_HOST_NETWORK variable within ceph-docker. This enhancement should
allow recovery of monitors from a complete downed cluster.
Additionally, ceph's generic "ceph-storage" node label has been
split out for mon, mds, and osd.
Co-Authored-By: Larry Rensing <lr699s@att.com>
Change-Id: I27efe5c41d04ab044dccb5f38db897cb041d4723
This moves the set of ceph entrypoint scripts into the helm chart
this allows us to control how the different pods start. Also gives
each script the +x flag to give better insight as to the execution of
entrypoint scripts.
Change-Id: Ib78b8a5d57f653bdb399a1980b34ab5ea25f94cc
This patchset enforces stricter file permission on *-etc configmap and
sets readOnly flag to true in a number of charts.
Change-Id: I233689a5d56dd1352e0d81997a94b4cdd6bed5d2
Signed-off-by: Tin Lam <tin@irrational.io>
This PS unifies and normalises Kubernetes resource allocation and
update strategy across all OpenStack-Helm elements.
Change-Id: Ia41fc453cb5191fa447ca6e1aa0f5b431c939dc8
This PS refactors the ceph chart and secret generation process.
The updated chart replaces the existing "bootstrap" chart.
Additionally, Ceph manifests and deployment guides were modified
accordingly.
Change-Id: I6f5bb88fc0f40cfee8865d9dab83859d765e7537
Co-Authored-By: Larry Rensing <lr699s@att.com>
K8s 1.6 has affinity/antiaffinity funtionalities as a beta feature. This
means we don't need to declare them using annotations. This commit
switches usages of affinity to 1.6 syntax.
Change-Id: Ia68f4ab28a018617bd44b1295fea58cd30eb4a39
This allows ceph to form a reliable quorum under Kubernetes
1.6. There appears to be a minor timing difference in 1.6
compared to previous versions requiring us to annotate the
ceph-mon service with this toleration.
Change-Id: I2bb325c6dc0fc4b3c98eaccd95be36a53b1e8a16
* Add imagePullPolicy to ceph with default
* Add imagePullPolicy to mariadb with default
* Add missing imagePullPolicies to nova with defaults
* Remove malfunctioning daemonset dependency from nova
* Add missing neutron endpoint definition to nova values
* Force v4 networking in ceph. Repeated bootstrapping
is unreliable without this.
* Update cinder dependencies based on testing
* Optonal Horizon NodePort
* Revert iptables stub for nova-api-osapi because
we lack permississions to overwrite /sbin/iptables. We
will continue to run in a privileged security context
until we have a working solution.
The IPs of ceph monitors cannot (or should not) change.
This refactor allows the ceph monitors to act as statefulsets.
It also persists their on disk data to nodeDirs, to allow cluster
wide restarts (in parallel), where previously this would lose
data. This is accompanied by some docker images changes that
ensure that auth for the OSDs is restored/reinserted as auth
data is somehow not persisted to disk at this time.
* A new boolean value controls whether secrets and
the ceph.conf secret ConfigMaps are installed allowing
you to bring-your-own ceph configs. This should
remove the dependency on having to generate secrets
using the common chart if you have installed your own.
* A new boolean value controls whether we install
a storage class as part of the ceph chart install allowing
you to externally manage this
* More of the ceph values have been converted to values
variables, paving the way for a master yaml to provide input
and overrides to many independent "sub" charts without a parent chart
* As of helm 2.0.0, it no longer seems necessary to
copy a "globals.tpl" into each child chart, defines in
child charts now seem to be reliably rendered in the
parent. This was not working correctly in 2.0.0rc2
and so after a lot of testing, the globals define
insertion has been removed from the Makefiles. Also,
includes piped to b64encode are working now, meaning
we no longer have to do Makefile magic to base64
encode successfully. That has been removed. Once
.Files.Get works properly in a child chart context
we can remove all Make help.
* The openstack-base chart has been renamed to common
to better reflect that it is common to everything in
aic-helm, even non-openstack projects like ceph. All
charts now include it as a requirement.
* A first pass at a "cleaner" template directory approach
has been applied to rabbitmq as a test chart. This allows
files such as _start_rabbit to live in their raw form
and organizes files by config vs script in 'etc' or 'bin'
directories. If accepted, will apply to all other charts
for consistency.
