This change removes the context from the openstack-helm-addons
repository as part of the effort to retire the repo.
Change-Id: I25603f95f54d88293623206b4d56a109d3b3a5c3
Ranger is beginning the process
of retirement in openstack, and
will be removed from OSH as a
result.
Change-Id: I4844964c4edbde935de47dad3f689ffa89671ccc
This change updates the releasenotes for each chart to their
latest version.
Also updated the linting job to not ignore releasenotes in
order to fix issues in the future.
Also fixes a rust pip dependency in the jobs causing them to
fail.
Change-Id: Iecb103b153a0ff3f3c90077afe856fc060d5988a
Ranger has not used SSH since the
project finished conversions to
python 3.6. The data below is to be
removed, barring user_home and
retry_limit as they are values
which have been co-opted by other
parts of the ranger/ranger-agent
codebase.
Change-Id: If7cd18ddd6f266d58a10bfabd202f9daa4a518bf
Further null values found by helm v3
in openstack-helm-deployments must
be turned into empty strings instead
Change-Id: I83be4bbfd87add83a72f655e8b326250ef6383c9
This change adds a simple helm3 linting check job that will
attempt to lint the charts in osh-addons with helm3. It will
be non-voting for now.
A future change will move this to osh-infra and use the job
from there for the other repos.
Change-Id: I716337005f977c6e936ce8c08ec24b20871f8284
This change updates the values overrides for openstack release
and ubuntu release to train and bionic respectively.
Change-Id: I672f4c83867b6e884ec5ba939512c6186bd080dd
This patch enables TLS for Ranger Agent services so that internal
call from Ranger Agent services pods to Openstack services such as
keystone, heat, and mariadb utilizes TLS.
Change-Id: I8a548ff435e8b87783a50c5ce82b5931a3d76a22
- This is to make use of loopback devices for ceph osds since
support for directory backed osds going to depricate.
- Move to bluestore from filestore for ceph-osds.
Change-Id: I49afabdb23355f57a01b209fe9b3383188ab5aaa
1)Update ranger-agent SHA to support bionic Images.
2)Added heat deploy script for ranger deployment.
3)Created seperate Jobs for ranger and mini-mirror apparmor.
Change-Id: Icecae5bd8f751508ef0417c8cc1a5e3959d44119
Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
Update setup script to use pip3. Also, removed the artificial cap for
cmd2 package.
Change-Id: I597f7a455731119178569d8ccfc185e458c4b207
Signed-off-by: Tin Lam <tin@irrational.io>
This role enables the readonly serviceaccount to additionally perform
pod/exec within the configured namespace.
Some organizations deploy pods in a particular namespace in Kubernetes
that have a locked down user/CLI that allows examining resources with
readonly access (to prevent any modifications, etc.). This change
enables the Sonobuoy plugins to leverage these pods by executing into
them.
Change-Id: I781248fdd251e7fca31e0ab831326a9f475392cd
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: I631ae4345f18fee70b380867ba8b33af5e3b3254
Test will make default call for all 7 services to ensure service running
Increase timeout to 100 second in case services are restarting
Increase timeout to 100 second for health probe to avoid pod restart
Change-Id: Id635d24236238e73b7a8292ee183b88328d621c4
The OSH-addons jobs have been outdated for quite some time in comparison to
OSH and OSH-Infra jobs. This patch set updates the jobs to be inline with
the jobs in the other repositories.
Change-Id: I5a75806ab88d18caecff19ae09d094d82e6eafb2
Signed-off-by: Tin Lam <tin@irrational.io>
This updates the kubernetes-entrypoint image reference to consume
the publicly available kubernetes-entrypoint image that is built
and maintained under the airshipit namespace, as the stackanetes
image is no longer actively maintained
Depends-On: https://review.opendev.org/688435
Change-Id: I7f48605f08f574822179d51cd645ded07714d9c3
Signed-off-by: Steve Wilkerson <sw5822@att.com>
Health probe for Ranger-agent pods is used for both liveness
and readiness probe.
ranger-agent-api and ranger-agent-engine pods:
- Sends an RPC call with a known method to pod's listener
queue. Probe is successful if call returns with no error. If
listener is not reachable or fails to respond in time, returns
failure to probe.
- Check if the rpc socket status on ranger-agent pods to rabbitmq
are in established state.
ranger-agent-api pod:
- Launch a call to pod's open interface. Probe is successful if call
returns; otherwise failure if response has error or timed out.
Change-Id: I7a22fd50d47e58df19b413ed65ab528e2d78d609
Before, if conf.publish_results was false then Helm would fail to
install the Sonobuoy chart because the apparmor annotation was being
added for the results-publisher container, but the container didn't
actually exist because it was disabled.
Now, the apparmor annotation is only included for the results-publisher
container when conf.publish_results is true.
Change-Id: I731b7d03c9699db0fcab61439479796617ebff2a
Manually set Namespace for Sonobuoy's config.json.
Sonobuoy's bug forcing heptio-sonobuoy namespace [1] usage only does not
impact this Helm chart because the config.json is directly controlled
by the `values.yaml` and not Sonobuoy's CLI.
Now multiple instances of this chart may exist at once by specifying
unique namespaces at helm install time.
Modify Sonobuoy test script to install two instances of Sonobuoy Helm
chart. Also install readonly serviceaccount to verify it will work with
more than one instance simultaneously.
[1] https://github.com/heptio/sonobuoy/issues/420
Change-Id: I6d4ecfb812a4312af13abf1e265de495e27967f9
playbook updated to match osh and match osh-infra
This updates the upgrade host playbook in openstack-helm to match the
playbook used in openstack-helm-infra. The recent addition of adding
an apparmor profile to the Calico chart requires us to do the same
setup on hosts in the openstack-helm jobs before attempting to deploy
Calico.
Change-Id: I0861038231e55a392b002d40476c40698d249260
This enables persistently storing Sonobuoy tests results tarball
in Ceph (authed with Keystone).
1. Adds job-ks-user and secrety-keystone to create Sonobuoy user in
Keystone
2. Sonobuoy pod has a results-publisher container that waits for
Sonobuoy container to populate test results directory with the tarball
3. results-publisher container creates Swift container for Sonobuoy
results
4. results-publisher adds Sonobuoy test results to Swift container
5. results-publisher sets expiry date on the object to be deleted
after 30 days
Change-Id: Ic2d9fb345dce1101040e60113564e7ecdb2c51ea
This adds a Sonobuoy chart that only runs the systemd-logs plugin[1]. The
Sonobuoy pod (tests) are executed as a `helm test`.
This chart must be installed under the heptio-sonobuoy namespace[2]. A node
with the label selector specified in values.yaml (labels.api) must exist
for the Sonobuoy pod to even be created.
Also add an experimental job to test Sonobuoy chart.
[1] https://github.com/heptio/sonobuoy-plugin-systemd-logs
[2] https://github.com/heptio/sonobuoy/issues/420
Change-Id: I613fab635b97a70ac20820e1ececde48952ac2da
This PS adds a basic gate, follow on PS's will add
deployment testing.
Change-Id: I9a980ac811f55eb9aba3d2f358a2636d9b0b54c2
Signed-off-by: Pete Birley <pete@port.direct>
This patch set applies zuul v3 into openstack-helm-addons repository
similar to the other OSH repos.
Change-Id: Icdeaa8dbed381ee4264e1d015b87be700b97ddb0
The gate has been failing due to the outdated Kube
and Helm versions. Updating to get the gate working
again and to match OpenStack-Helm.
Change-Id: I57907675c046984f09728182c98c798325edfee2
This introduces an initial helm chart for fluentd. It provides a
functional fluentd deployment to use in conjunction with
elasticsearch and kibana to consume and aggregate logs from all
resource types in a cluster
Change-Id: I3ab1650cb96052d663516c3f42bf639df3c058f6
External-Tracking-Id: OSH-1
Implements: blueprint osh-logging-framework
This adds a basic helm chart for kibana. It uses the kolla image
for kibana and includes a templated configuration file to allow
for configuration overrides, similar to the openstack-helm charts
Change-Id: I608e4e48bd5e29f68ead08252853aa3ed08d7a68
External-Tracking-Id: OSH-67
Updates the elasticsearch image to use the kolla 4.0.0 image. It
also updates the log path, as the previously used path wasn't
mounted and was causing the pods to fail due to warnings being
raised and directed to a path that didn't exist.
Change-Id: I3b43d1df0302512a59b305e2785c44b067a0bbf9
This chart introduces a stateful deployment of elasticsearch for
use as part of a unified logging solution. It also includes a
basic set of helm tests for verifying elasticsearch is ready and
responsive.
Change-Id: I3772246cd38b7e2be728190c6a6908f54c1441d3
Co-Authored-By: Darla Ahlert <da741q@att.com>
External-Tracking-Id: OSH-95
Clones openstack-helm to retreive helm-toolkit instead of
maintaining a separate helm-toolkit in addons. This will be
removed once zuul-cloner is leveraged in the addons gate
Change-Id: I7b70709590f547118d2319341300431946a6eaf5
This adds helm-toolkit to the openstack-helm-addons repository.
As we look to establish common philosophies and approaches for
developing charts, we should continue to use helm-toolkit as a
common library for template functions
Change-Id: I5ed84afb28bd394d4c307a9fc12377f194cb76c0