Commit Graph

29 Commits

Author SHA1 Message Date
Sergiy Markin 97e3721a03 Sync requirements with shipyard
This PS adjusts list of dependences needed to get syncronized with Shipyard project:

- lock sphinx with 3.3.1 version for doc generation
- updated deckhand reference
- adjusted other python dependences

Change-Id: I5b0a60a2c0709a37d65cb8258bf8c79631c94f00
2023-04-27 19:47:55 +00:00
Sergiy Markin 32ad8a96b0 [focal] Python modules sync with Airship project
- uplifted/downgraded some python modules
- fixed falcon.API deprecation - -> falcon.App
- uplifted deckhand reference for python deps
- fixed formatting style  using yapf linter
- added bindep role and bindep.txt file with required deps
- fixed quai docker image publishing
- re-enabled openstack-tox-py38 gate job

Change-Id: I0e248182efad75630721a1291bc86a5edc79c22a
2023-04-21 06:09:14 +00:00
Wahlstedt, Walter (ww229g) 8ce937a9f7 updates for focal
add focal dockerfile
update zuul jobs for focal
update tox for tox4 changes
update all requirements to latest and match deckhand
update cfssl from R1.2 to v1.6.3
fixed local gates for focal
updated examples promenade manifests to run on focal

Change-Id: I2af4043784766d36588c6f738053ad66e7b89a90
2023-02-27 12:11:07 -05:00
Sean Eagan 9d696ca0a4 Use helm 3 in chart build
`helm serve` is removed in helm 3 so this moves
to using local `file://` dependencies [0] instead.

[0]: https://helm.sh/docs/chart_best_practices/dependencies/#repository-urls

Signed-off-by: Sean Eagan <seaneagan1@gmail.com>
Change-Id: Ia45c57e0cccac477f6ff59a254d03d6fcec14bef
2021-09-30 16:57:05 -05:00
Chris Wedgwood 2f2a8727f9 Makefile; clean should include .tox
Change-Id: I31b33fa9aa235055c0427aa4e46e7e159ea88a10
2020-12-08 12:21:44 -06:00
Mahmoudi, Ahmad (am495p) c302a083a6 Upgrade k8s from v1.17.3 to v1.18.6
This ps makes following changes to upgrade kubernetes from v1.17.3
to v1.18.6.
  - Updated all references to k8s images to 1.18.6
  - Updated command options and api object and versions based on
    k8s 1.18 release notes:
      https://kubernetes.io/docs/setup/release/notes/
  - Uplifted uwsgi to 2.0.19.1 to align with other airship
    components, and to bring in fixes and improvements.
  - Added build-essentials and python3-dev packages to pass the zull
    gate, which was looking for a c compiler.

Change-Id: I1160d1e6e2f02a0524043641b9296ea39edb301e
2020-08-19 15:56:45 +00:00
anthony.bellino 0e8b5cfe59 Uplift Promenade image to address CVEs
The current Promenade image is vulnerable to several CVEs:
CVE-2019-3462
CVE-2018-16865
CVE-2018-16864

Which Ubuntu 16.04/18.04 addresses.
This patchset makes the following changes:
1. Adds new distro specific dockerfiles for xenial/bionic.
2. Updates gates to be specific about the ubuntu image being
   checked.
3. Updates .zuul.yaml checks/gates/post jobs for xenial/bionic.
4. Updates build-image.sh docker build for specific dockerfile
   specified in config.sh (IMAGE_PROMENADE_DISTRO).

Change-Id: I89e5297a3baa8c2d2c142e5e29932476fc628398
2020-05-28 16:09:40 +00:00
Vladimir Maliaev d0d0e8be36 Adjust plugin cri parameters
Switch docker repo to use docker-ce package

See:
https://www.docker.com/blog/changes-dockerproject-org-apt-yum-repositories/

Change format of parameters for plugin cri configuration
to be able to use version = 2

See:
https://github.com/containerd/cri/blob/master/docs/config.md

Use python3.6 instead of python3.5 in tests

Change-Id: Ie56c0a7a344ea78c9f348fbf0e77617399815a7e
2020-03-26 05:02:37 +00:00
Roman Gorshunov d12927a156 Fix: Promenade Exceptions docs rendering on RTD
Readthedocs failed to render Promenade exceptions with error:
> WARNING: autodoc: failed to import exception 'xxx' from module
> 'promenade'; the following exception was raised: No module
> named 'falcon'

Trying to add Promenade requirements to the installed requirements list,
so that Readthedocs has all modules, including those needed for the
Promenade itself.

Unify docs building by utilizing Zuul docs-on-readthedocs template job.

Cosmetic readability changes:
1. combined all Makefile .PHONY targets into one
2. merged multiple LABEL instructions in Dockerfile into one

Change-Id: I731ee3426a631fa765f13ba7091dcb4b9ebd0353
2019-08-27 22:57:15 +02:00
Roman Gorshunov 16744e5c75 Minor: meaningful default label
Making default label meaningful and conformant to "key=value" requirement.

Change-Id: I67f52063b1ac0413155ee96248318180a1ea6ad6
2018-11-08 19:32:19 +01:00
Roman Gorshunov ef26b1dcc8 Fix: adding back the possibility to add arbitrary labels
Arbitrary labels could be added as `make` parameter `LABEL=`, which is used in
att-comdev/cicd Jenkins pipelines.

Sample parameter:
'LABEL=org.label-schema.vcs-url=${GERRIT_CHANGE_URL} \
--label org.label-schema.base-image=${base_sha256}'

Sample usage:
See Jenkinsfile files under images/ directory in att-comdev/cicd repo.

In addition to that, if `COMMIT` variable is undefined when invoking `make`, we
use result of `git rev-parse HEAD` command, which should output latest git
commit ID.

[0] https://github.com/att-comdev/cicd

Change-Id: If4e3425ac92f654f1bff046f20535e619a7e595c
2018-10-24 18:28:52 +02:00
Zuul 20f27f6281 Merge "Fix: git commit id labels on images" 2018-10-16 11:51:26 +00:00
Roman Gorshunov 02c5f2943e Fix: git commit id labels on images
1) Use OCI Image Specs for labels instead of custom 'commit-id=xxxxx'
   or legacy "Label Schema"
2) Fix missing git commit id labels on images (.revision)
3) Add human-readable title (.title) of the image, URL (.url), and
   a few other properties (annotations) according to the latest Specs
4) Unify docker-image-build.yaml playbook with other Airship-*
   components

Change-Id: I89afed3bf6a1f9fa92391d605bb6b3c871e58126
2018-09-21 03:31:13 +02:00
Mark Burnett 8bc8c7c028 Implement encryption for genesis/join scripts
This introduces a new document called `EncryptionPolicy` to configure
this behavior.  It currently only supports using symmetric encryption
with `GPG`, but that should be available on all Ubuntu systems (which is
what we currently support) and should also be fairly reliable.

Change-Id: I06d4faa119b736773df0d8cbf0e7a23fd98edcdf
Depends-On: https://review.openstack.org/#/c/602175/
2018-09-14 11:32:12 -05:00
Mark Burnett 0233c30ffb Update tiller version to 2.10.0
This also makes a corresponding update to the Makefile to address a bug
with which $(HELM) is being used that was exposed during local testing.

Change-Id: I08da45c1f232960c58ab482053befed83da6fdd6
2018-08-30 15:54:07 -05:00
Jerome Brette 5232d17a2a Update Dockerfile to allow override of FROM variable
l is to let user customize the base image of the component
by passing FROM=myimage during the build process. This would let any
project leveraging Airship ensure that the base image is matching the
security requirements for that project and still use the same Dockerfile.
This will also ease the control of the /etc/apt/source.list
and thereby the result of apt-get update/upgrade procedure.
2. The above goal is achievable by using docker-ce feature such as:
ARG FROM="defaultbaseimage:xx"
FROM ${FROM}
For this reason, the installation of docker.io in the Zuul gating is beeing
replaced by docker-ce.
3. Third Goal is to bring consistency with the other compoenents leveraging
Helm such as the openstack-helm and potentially use bindep the same way
the LOCI images are to ensure
4. The new syntax in the Dockerfile is still commented out until the associated
image builder have been updated to use docker-ce as they have been for the LOCI
images.

Change-Id: Ie5ae836221dc3cb9bdafc6e5e6670f914d3d1bb4
2018-07-24 21:11:35 +00:00
Felipe Monteiro ed65d983f7 [trivial] Rename tox jobs for zuul
This patchset renames the tox.ini jobs:

* coverage => cover
* lint => pep8
* unit => py35

to comply with OpenStack standards [0].

[0] e.g. 04469a5181/tox.ini (L119)

Change-Id: I1a542c5e36f29d3788df8a5ebdce3cbe49ab4046
2018-06-06 15:12:54 +00:00
Scott Hussey 59a03d5997 (zuul) Add basic gating
- Add gate for PEP8 linting
- Add gate for Helm chart linting
- Add gate for Bandit security scanning
- Add gate for document generation
- Add gate for unit tests

Change-Id: I7a9358a021dd3268eeede134fbcd68f791b83472
2018-06-01 08:48:42 -05:00
Mark Burnett 38efdf4a53 Add make tests entrypoint
* Fixes some gate script lint issues

Change-Id: I333c7144d0cfc0af42f7f58faf651050e726fbf8
2018-05-03 11:57:20 -05:00
Scott Hussey 88681e754a Missing resource limits on apiserver pod
- Add resource limits to the static defintion for the
  apiserver pod

Change-Id: I473c67e53da148f92441563187d6e026cf697582
2018-04-03 10:15:29 -05:00
Scott Hussey ccd372a974 Resource limits on Promenade charts
- Update Makefile to more closely match UCP standards
- Add resource limits to any Pods missing them

Change-Id: Ia791a6b207c2baca7dd3141be71aef513c916661
2018-03-29 08:52:56 -04:00
Mark Burnett 4d7df8610a Fix: revert to openstack-helm/helm-toolkit
openstack-helm-infra/helm-toolkit is not yet ready.  This:

* Removes references to openstack-helm-infra in examples and tests.
* Eliminates unneeded project tmp directory.

Change-Id: If2dfca60bea13f30124ddb82838ff0f4097c21be
2017-11-02 10:16:28 -05:00
Mark Burnett b09c69a18a Add initial Makefile
This add target a target for building and linting charts.

Change-Id: Ie349436d8bf50929e26ed43cc53fdc599a2acd9d
2017-10-31 12:46:23 -05:00
Mark Burnett fce98459a6 Basic HA kubernetes deployment (#7)
* remove old files

* sketch of non-bootkube genesis

* add basic chroot/bootstrap script

* cleanup kubectl/kubelet fetching

* fix cni bin asset path

* add non-pod asset loader

* add example ca

* refactor key gen/distribution

* flannel up on genesis

* refactor some code toward join

* WIP: last commit working on "self-hosted, helm-managed"

* first pass at consolidating config for vanilla deploy

* refactor cli a bit

* use provided cluster ca

* separate genesis and join scripts

* add basic etcd joining

* actually run the proxy everywhere

* update readme

* enable kubelet service

* add pki most places

* use consistent sa keypair

* use quay.io/attcomdev/promenade

* fix typo in n3

* tls everywhere in kubernetes

* tls for etcd

* remove currently unused files
2017-06-15 20:57:22 -07:00
Aric Renzo d7666e5690 Adding clarifications to Makefile 2017-05-26 11:56:31 -04:00
Aric Renzo ec91a70e39 Image prefetch refactoring 2017-05-26 11:35:08 -04:00
Aric Renzo f3b0aa0124 enable or diable image prefetching 2017-05-25 15:11:11 -04:00
Mark Burnett 37d5763f52 replace wget with curl 2017-05-24 09:50:37 -05:00
Mark Burnett 5969987ad9 Add initial containerized version 2017-05-23 13:44:32 -05:00