Commit Graph

51 Commits

Author SHA1 Message Date
Gage Hugo 5ad8824fca Retire openstack-helm-addons repository
This change removes the context from the openstack-helm-addons
repository as part of the effort to retire the repo.

Change-Id: I25603f95f54d88293623206b4d56a109d3b3a5c3
2022-07-25 08:49:04 -05:00
Zuul cc264e59f6 Merge "Remove shaker residue" 2021-08-23 17:09:06 +00:00
jh629g 4b3bfbd550 Retire Ranger from OSH-Addons
Ranger is beginning the process
of retirement in openstack, and
will be removed from OSH as a
result.

Change-Id: I4844964c4edbde935de47dad3f689ffa89671ccc
2021-06-29 10:57:08 -05:00
jinyuanliu 275ff71642 Remove shaker residue
About shaker chart, It's been removed.

Change-Id: I75ecd13540db846dd700ff0b6c611c74f462ad72
2021-06-29 10:35:14 +08:00
Gage Hugo ee0201bd7d Remove sonobuoy chart
This change removes the sonobuoy chart from openstack-helm-addons.

Change-Id: Ic9a48f2082c1aa602d903d22f42c1724fd4aec73
2021-06-24 10:51:18 -05:00
Gage Hugo 0145e0f94f Update releasenotes, linting job, and fix gates
This change updates the releasenotes for each chart to their
latest version.

Also updated the linting job to not ignore releasenotes in
order to fix issues in the future.

Also fixes a rust pip dependency in the jobs causing them to
fail.

Change-Id: Iecb103b153a0ff3f3c90077afe856fc060d5988a
2021-04-15 22:28:41 +00:00
jh629g c7816d8397 Complete removal of SSH data in Ranger
Ranger has not used SSH since the
project finished conversions to
python 3.6. The data below is to be
removed, barring user_home and
retry_limit as they are values
which have been co-opted by other
parts of the ranger/ranger-agent
codebase.

Change-Id: If7cd18ddd6f266d58a10bfabd202f9daa4a518bf
2021-01-28 19:17:40 +00:00
jh629g c814dd5dc6 Update Ranger Null Values
Further null values found by helm v3
in openstack-helm-deployments must
be turned into empty strings instead

Change-Id: I83be4bbfd87add83a72f655e8b326250ef6383c9
2021-01-14 22:41:47 +00:00
Gage Hugo aea4bcf726 Add helm3 linter for osh-addons
This change adds a simple helm3 linting check job that will
attempt to lint the charts in osh-addons with helm3. It will
be non-voting for now.

A future change will move this to osh-infra and use the job
from there for the other repos.

Change-Id: I716337005f977c6e936ce8c08ec24b20871f8284
2020-12-17 14:31:08 -06:00
Gage Hugo c89f819ea3 Update default values for overrides
This change updates the values overrides for openstack release
and ubuntu release to train and bionic respectively.

Change-Id: I672f4c83867b6e884ec5ba939512c6186bd080dd
2020-12-08 13:20:57 -06:00
Chi Lo 7e211a6366 Enable TLS for Ranger Agent services call to Openstack Services
This patch enables TLS for Ranger Agent services so that internal
call from Ranger Agent services pods to Openstack services such as
keystone, heat, and mariadb utilizes TLS.

Change-Id: I8a548ff435e8b87783a50c5ce82b5931a3d76a22
2020-08-06 23:24:52 +00:00
Andrii Ostapenko 815deeaa2e Enable templates linting
- braces
- brackets
- colons
- commas
- comments
- hyphens
- indentation
- key-duplicates

with corresponding code changes.

Also disable document-(start|end) rule.

* Unrestrict octal values rule since benefits of file modes readability
  exceed possible issues with yaml 1.2 adoption in future k8s versions.
  These issues will be addressed when/if they occur.

Depends-On: https://review.opendev.org/739600
Change-Id: Ide884ed541898db2ba21a863aff0cea9ec3f75dd
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2020-07-13 17:28:42 +00:00
Chinasubbareddy Mallavarapu 806bb7594c [CEPH] Use loopback devices for ceph osds.
- This is to make use of loopback devices for ceph osds since
support for directory backed osds going to depricate.

- Move to bluestore from filestore for ceph-osds.

Change-Id: I49afabdb23355f57a01b209fe9b3383188ab5aaa
2020-07-08 16:23:48 -05:00
diwakar thyagaraj 7b762a8e23 [FIX] Fix ranger-agent test pod
1)Update ranger-agent SHA to support bionic Images.
 2)Added heat deploy script for ranger deployment.
 3)Created seperate Jobs for ranger and mini-mirror apparmor.

Change-Id: Icecae5bd8f751508ef0417c8cc1a5e3959d44119
Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
2020-06-24 15:38:22 +00:00
dt241s@att.com 768722b1cf Enable Apparmor to Components in Addons
1)Added Apparmor Script andimoved apparmor configurations
to values-overrides to enable optional experimental Jobs.

2)Added Apparmor to mini-mirror,ranger,ranger-agent
 and sonobuy Components.

3)Moved apparmot
Change-Id: I9772d8425aa3d46e1fb0e1a6962ea999e77a6655
2020-06-17 19:30:06 +00:00
Tin Lam 81da77bd7e fix(gate): update script
Update setup script to use pip3. Also, removed the artificial cap for
cmd2 package.

Change-Id: I597f7a455731119178569d8ccfc185e458c4b207
Signed-off-by: Tin Lam <tin@irrational.io>
2020-04-03 13:20:02 -05:00
Zuul 67c2dc7bfa Merge "Remove OSH Authors copyright" 2020-03-20 04:44:49 +00:00
Zuul 42b21c21ff Merge "sonobuoy: add role-exec" 2020-03-11 21:16:52 +00:00
Zuul fcc74560f9 Merge "Enable Docker default AppArmor profile to Ranger" 2020-03-11 20:29:15 +00:00
Prateek Dodda dfb5f4e51f Enable Docker default AppArmor profile to Ranger-Agent
This adds default Apparmor profile to Ranger-Agent.

Change-Id: I795910892b7a331871e67ca3462929e3a93fd226
2020-03-11 12:38:42 -05:00
Prateek Dodda f9d07d49a7 Enable Docker default AppArmor profile to Ranger
This adds default Apparmor profile to Ranger.

Change-Id: I4b86d6303abce261e6ed0dee263af2bf6329b35c
2020-03-09 20:47:29 +00:00
Dustin Specker 2012efb64f sonobuoy: add role-exec
This role enables the readonly serviceaccount to additionally perform
pod/exec within the configured namespace.

Some organizations deploy pods in a particular namespace in Kubernetes
that have a locked down user/CLI that allows examining resources with
readonly access (to prevent any modifications, etc.). This change
enables the Sonobuoy plugins to leverage these pods by executing into
them.

Change-Id: I781248fdd251e7fca31e0ab831326a9f475392cd
2020-03-05 13:03:34 -06:00
Gage Hugo 09b6e52c32 Remove OSH Authors copyright
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.

This change removes all references to this copyright by the
non-existent group and any blank lines underneath.

Change-Id: I631ae4345f18fee70b380867ba8b33af5e3b3254
2020-03-02 14:01:56 -06:00
KAVVA, JAGAN MOHAN REDDY (jk330k) 479f50db8b Enable Docker default AppArmor profile to mini-mirror
This adds default Apparmor profile to mini-mirror.

Change-Id: I4f801580ae7f6f6e59fab38a6742102004ddff05
2020-02-21 19:02:28 +00:00
hosingh000 37b47ca4af Include Ranger Helm Test and Increase timeout
Test will make default call for all 7 services to ensure service running
Increase timeout to 100 second in case services are restarting
Increase timeout to 100 second for health probe to avoid pod restart

Change-Id: Id635d24236238e73b7a8292ee183b88328d621c4
2020-02-20 20:36:10 +00:00
Tin Lam 54c8764732 [Gate] Update gate
The OSH-addons jobs have been outdated for quite some time in comparison to
OSH and OSH-Infra jobs. This patch set updates the jobs to be inline with
the jobs in the other repositories.

Change-Id: I5a75806ab88d18caecff19ae09d094d82e6eafb2
Signed-off-by: Tin Lam <tin@irrational.io>
2020-01-07 19:53:31 +00:00
Steve Wilkerson d6309100d7 Update kubernetes-entrypoint image reference
This updates the kubernetes-entrypoint image reference to consume
the publicly available kubernetes-entrypoint image that is built
and maintained under the airshipit namespace, as the stackanetes
image is no longer actively maintained

Depends-On: https://review.opendev.org/688435

Change-Id: I7f48605f08f574822179d51cd645ded07714d9c3
Signed-off-by: Steve Wilkerson <sw5822@att.com>
2019-11-11 07:34:30 +00:00
Chi Lo 3b9adc2bf0 Health probe for Ranger-agent pods
Health probe for Ranger-agent pods is used for both liveness
and readiness probe.

ranger-agent-api and ranger-agent-engine pods:
- Sends an RPC call with a known method to pod's listener
  queue. Probe is successful if call returns with no error. If
  listener is not reachable or fails to respond in time, returns
  failure to probe.
- Check if the rpc socket status on ranger-agent pods to rabbitmq
  are in established state.

ranger-agent-api pod:
- Launch a call to pod's open interface. Probe is successful if call
  returns; otherwise failure if response has error or timed out.

Change-Id: I7a22fd50d47e58df19b413ed65ab528e2d78d609
2019-10-11 16:12:28 -07:00
Dustin Specker d0100055af fix(sonobuoy): only add apparmor for results-publisher when publishing
Before, if conf.publish_results was false then Helm would fail to
install the Sonobuoy chart because the apparmor annotation was being
added for the results-publisher container, but the container didn't
actually exist because it was disabled.

Now, the apparmor annotation is only included for the results-publisher
container when conf.publish_results is true.

Change-Id: I731b7d03c9699db0fcab61439479796617ebff2a
2019-06-19 16:30:55 -05:00
Dustin Specker 8c614d4ffd Sonobuoy: allow multiple simultaneous chart installations
Manually set Namespace for Sonobuoy's config.json.

Sonobuoy's bug forcing heptio-sonobuoy namespace [1] usage only does not
impact this Helm chart because the config.json is directly controlled
by the `values.yaml` and not Sonobuoy's CLI.

Now multiple instances of this chart may exist at once by specifying
unique namespaces at helm install time.

Modify Sonobuoy test script to install two instances of Sonobuoy Helm
chart. Also install readonly serviceaccount to verify it will work with
more than one instance simultaneously.

[1] https://github.com/heptio/sonobuoy/issues/420

Change-Id: I6d4ecfb812a4312af13abf1e265de495e27967f9
2019-02-26 14:23:36 +00:00
Chris Wedgwood eaa33974a0 Update upgrade host playbook
playbook updated to match osh and match osh-infra

This updates the upgrade host playbook in openstack-helm to match the
playbook used in openstack-helm-infra. The recent addition of adding
an apparmor profile to the Calico chart requires us to do the same
setup on hosts in the openstack-helm jobs before attempting to deploy
Calico.

Change-Id: I0861038231e55a392b002d40476c40698d249260
2018-12-14 19:43:19 +00:00
Deepak Tiwari db16a2a4e4 Add shaker charts and shaker deployment scripts
This is initial draft for adding shaker charts and deployment
scripts.

Change-Id: I5a9e39fcc79dd711bbb01653ba397bc6d2ed24f3
2018-12-05 20:39:42 +00:00
Dustin Specker 5559878087 Store Sonobuoy results in Ceph
This enables persistently storing Sonobuoy tests results tarball
in Ceph (authed with Keystone).

1. Adds job-ks-user and secrety-keystone to create Sonobuoy user in
Keystone
2. Sonobuoy pod has a results-publisher container that waits for
Sonobuoy container to populate test results directory with the tarball
3. results-publisher container creates Swift container for Sonobuoy
results
4. results-publisher adds Sonobuoy test results to Swift container
5. results-publisher sets expiry date on the object to be deleted
after 30 days

Change-Id: Ic2d9fb345dce1101040e60113564e7ecdb2c51ea
2018-11-09 19:25:08 +00:00
Zuul 2b8581dcc2 Merge "Inclusion annotation for upgrade and install chart changes" 2018-10-09 15:08:49 +00:00
hosingh000 1f4b4525fd Inclusion annotation for upgrade and install chart changes
remove default log file usage

Change-Id: I20a052f4e8953e56755dea2e6800f31498a657d2
2018-10-05 03:48:25 +00:00
Dustin Specker f823544adb Add Sonobuoy chart
This adds a Sonobuoy chart that only runs the systemd-logs plugin[1]. The
Sonobuoy pod (tests) are executed as a `helm test`.

This chart must be installed under the heptio-sonobuoy namespace[2]. A node
with the label selector specified in values.yaml (labels.api) must exist
for the Sonobuoy pod to even be created.

Also add an experimental job to test Sonobuoy chart.

[1] https://github.com/heptio/sonobuoy-plugin-systemd-logs
[2] https://github.com/heptio/sonobuoy/issues/420

Change-Id: I613fab635b97a70ac20820e1ececde48952ac2da
2018-10-03 10:52:21 -05:00
Pete Birley 3afa22eebb WIP: fix osh-addons gate
Change-Id: Id964cbefbc0d2886fc4970dde33e102679bf9758
Signed-off-by: Pete Birley <pete@port.direct>
2018-08-21 10:30:10 -05:00
Pete Birley c1a96769e4 Basic addons gate
This PS adds a basic gate, follow on PS's will add
deployment testing.

Change-Id: I9a980ac811f55eb9aba3d2f358a2636d9b0b54c2
Signed-off-by: Pete Birley <pete@port.direct>
2018-05-26 00:29:49 +00:00
Pete Birley 79973b6c47 Gate: Remove legacy gate code
This PS removes the legacy gate code from osh-addons.

Change-Id: I799ceafcc8c5f185e5bc5bac8d2d41a68c8dbf1f
2018-05-17 00:59:22 +00:00
Steve Wilkerson d209db907a Remove elasticsearch, fluentd, kibana from osh-addons
This removes the charts from openstack-helm-addons as they now
reside in osh-infra

Change-Id: I32b35aab6fab8a1f421c720a260e678499980924
2018-02-16 14:45:31 +00:00
Tin Lam 1ade2e91be Gate: migrate to zuul v3
This patch set applies zuul v3 into openstack-helm-addons repository
similar to the other OSH repos.

Change-Id: Icdeaa8dbed381ee4264e1d015b87be700b97ddb0
2018-02-16 00:22:44 +00:00
Pete Birley b683cb0149 Postgres: remove chart
This PS removes the postgres chart as it is now located in OSH.

Change-Id: Iba5cdca8ca5fcbca7de2ceb26485c530e5277a26
2017-10-05 15:22:44 -05:00
Darla Ahlert b3781eabd9 Testing updated Kube and Helm Versions
The gate has been failing due to the outdated Kube
and Helm versions. Updating to get the gate working
again and to match OpenStack-Helm.

Change-Id: I57907675c046984f09728182c98c798325edfee2
2017-08-01 14:19:54 -05:00
Steve Wilkerson da17fa768d Add fluentd helm chart
This introduces an initial helm chart for fluentd. It provides a
functional fluentd deployment to use in conjunction with
elasticsearch and kibana to consume and aggregate logs from all
resource types in a cluster

Change-Id: I3ab1650cb96052d663516c3f42bf639df3c058f6
External-Tracking-Id: OSH-1
Implements: blueprint osh-logging-framework
2017-07-26 09:31:28 -05:00
Steve Wilkerson 3a7da4f59e Helm chart for Kibana
This adds a basic helm chart for kibana. It uses the kolla image
for kibana and includes a templated configuration file to allow
for configuration overrides, similar to the openstack-helm charts

Change-Id: I608e4e48bd5e29f68ead08252853aa3ed08d7a68
External-Tracking-Id: OSH-67
2017-07-20 08:18:53 -05:00
Steve Wilkerson 7b2d810fc9 Update Elasticsearch image and log path
Updates the elasticsearch image to use the kolla 4.0.0 image. It
also updates the log path, as the previously used path wasn't
mounted and was causing the pods to fail due to warnings being
raised and directed to a path that didn't exist.

Change-Id: I3b43d1df0302512a59b305e2785c44b067a0bbf9
2017-07-18 10:39:08 -05:00
Steve Wilkerson b69278a8e3 Elasticsearch Chart
This chart introduces a stateful deployment of elasticsearch for
use as part of a unified logging solution. It also includes a
basic set of helm tests for verifying elasticsearch is ready and
responsive.

Change-Id: I3772246cd38b7e2be728190c6a6908f54c1441d3
Co-Authored-By: Darla Ahlert <da741q@att.com>
External-Tracking-Id: OSH-95
2017-07-03 08:38:06 -05:00
Steve Wilkerson 32c61f3f9f Setup gate to use openstack-helm's helm-toolkit
Clones openstack-helm to retreive helm-toolkit instead of
maintaining a separate helm-toolkit in addons.  This will be
removed once zuul-cloner is leveraged in the addons gate

Change-Id: I7b70709590f547118d2319341300431946a6eaf5
2017-06-30 09:53:05 -05:00
Steve Wilkerson 55cf96b10b Fix Helm/Kubernetes versions for openstack-helm-addons
Bumps the versions of kubernetes and helm to match those of the
AIO in openstack-helm

Change-Id: I7438e67da46437120396bb3a8564d0a98370f736
2017-06-29 16:24:03 -05:00
Steve Wilkerson 88640bf510 Add helm-toolkit back to openstack-helm-addons
This adds helm-toolkit to the openstack-helm-addons repository.
As we look to establish common philosophies and approaches for
developing charts, we should continue to use helm-toolkit as a
common library for template functions

Change-Id: I5ed84afb28bd394d4c307a9fc12377f194cb76c0
2017-06-26 15:30:47 -05:00