This PS adjusts list of dependences needed to get syncronized with Shipyard project:
- lock sphinx with 3.3.1 version for doc generation
- updated deckhand reference
- adjusted other python dependences
Change-Id: I5b0a60a2c0709a37d65cb8258bf8c79631c94f00
add focal dockerfile
update zuul jobs for focal
update tox for tox4 changes
update all requirements to latest and match deckhand
update cfssl from R1.2 to v1.6.3
fixed local gates for focal
updated examples promenade manifests to run on focal
Change-Id: I2af4043784766d36588c6f738053ad66e7b89a90
This ps makes following changes to upgrade kubernetes from v1.17.3
to v1.18.6.
- Updated all references to k8s images to 1.18.6
- Updated command options and api object and versions based on
k8s 1.18 release notes:
https://kubernetes.io/docs/setup/release/notes/
- Uplifted uwsgi to 2.0.19.1 to align with other airship
components, and to bring in fixes and improvements.
- Added build-essentials and python3-dev packages to pass the zull
gate, which was looking for a c compiler.
Change-Id: I1160d1e6e2f02a0524043641b9296ea39edb301e
The current Promenade image is vulnerable to several CVEs:
CVE-2019-3462
CVE-2018-16865
CVE-2018-16864
Which Ubuntu 16.04/18.04 addresses.
This patchset makes the following changes:
1. Adds new distro specific dockerfiles for xenial/bionic.
2. Updates gates to be specific about the ubuntu image being
checked.
3. Updates .zuul.yaml checks/gates/post jobs for xenial/bionic.
4. Updates build-image.sh docker build for specific dockerfile
specified in config.sh (IMAGE_PROMENADE_DISTRO).
Change-Id: I89e5297a3baa8c2d2c142e5e29932476fc628398
Readthedocs failed to render Promenade exceptions with error:
> WARNING: autodoc: failed to import exception 'xxx' from module
> 'promenade'; the following exception was raised: No module
> named 'falcon'
Trying to add Promenade requirements to the installed requirements list,
so that Readthedocs has all modules, including those needed for the
Promenade itself.
Unify docs building by utilizing Zuul docs-on-readthedocs template job.
Cosmetic readability changes:
1. combined all Makefile .PHONY targets into one
2. merged multiple LABEL instructions in Dockerfile into one
Change-Id: I731ee3426a631fa765f13ba7091dcb4b9ebd0353
Arbitrary labels could be added as `make` parameter `LABEL=`, which is used in
att-comdev/cicd Jenkins pipelines.
Sample parameter:
'LABEL=org.label-schema.vcs-url=${GERRIT_CHANGE_URL} \
--label org.label-schema.base-image=${base_sha256}'
Sample usage:
See Jenkinsfile files under images/ directory in att-comdev/cicd repo.
In addition to that, if `COMMIT` variable is undefined when invoking `make`, we
use result of `git rev-parse HEAD` command, which should output latest git
commit ID.
[0] https://github.com/att-comdev/cicd
Change-Id: If4e3425ac92f654f1bff046f20535e619a7e595c
1) Use OCI Image Specs for labels instead of custom 'commit-id=xxxxx'
or legacy "Label Schema"
2) Fix missing git commit id labels on images (.revision)
3) Add human-readable title (.title) of the image, URL (.url), and
a few other properties (annotations) according to the latest Specs
4) Unify docker-image-build.yaml playbook with other Airship-*
components
Change-Id: I89afed3bf6a1f9fa92391d605bb6b3c871e58126
This introduces a new document called `EncryptionPolicy` to configure
this behavior. It currently only supports using symmetric encryption
with `GPG`, but that should be available on all Ubuntu systems (which is
what we currently support) and should also be fairly reliable.
Change-Id: I06d4faa119b736773df0d8cbf0e7a23fd98edcdf
Depends-On: https://review.openstack.org/#/c/602175/
This also makes a corresponding update to the Makefile to address a bug
with which $(HELM) is being used that was exposed during local testing.
Change-Id: I08da45c1f232960c58ab482053befed83da6fdd6
l is to let user customize the base image of the component
by passing FROM=myimage during the build process. This would let any
project leveraging Airship ensure that the base image is matching the
security requirements for that project and still use the same Dockerfile.
This will also ease the control of the /etc/apt/source.list
and thereby the result of apt-get update/upgrade procedure.
2. The above goal is achievable by using docker-ce feature such as:
ARG FROM="defaultbaseimage:xx"
FROM ${FROM}
For this reason, the installation of docker.io in the Zuul gating is beeing
replaced by docker-ce.
3. Third Goal is to bring consistency with the other compoenents leveraging
Helm such as the openstack-helm and potentially use bindep the same way
the LOCI images are to ensure
4. The new syntax in the Dockerfile is still commented out until the associated
image builder have been updated to use docker-ce as they have been for the LOCI
images.
Change-Id: Ie5ae836221dc3cb9bdafc6e5e6670f914d3d1bb4
This patchset renames the tox.ini jobs:
* coverage => cover
* lint => pep8
* unit => py35
to comply with OpenStack standards [0].
[0] e.g. 04469a5181/tox.ini (L119)
Change-Id: I1a542c5e36f29d3788df8a5ebdce3cbe49ab4046
- Update Makefile to more closely match UCP standards
- Add resource limits to any Pods missing them
Change-Id: Ia791a6b207c2baca7dd3141be71aef513c916661
openstack-helm-infra/helm-toolkit is not yet ready. This:
* Removes references to openstack-helm-infra in examples and tests.
* Eliminates unneeded project tmp directory.
Change-Id: If2dfca60bea13f30124ddb82838ff0f4097c21be
* remove old files
* sketch of non-bootkube genesis
* add basic chroot/bootstrap script
* cleanup kubectl/kubelet fetching
* fix cni bin asset path
* add non-pod asset loader
* add example ca
* refactor key gen/distribution
* flannel up on genesis
* refactor some code toward join
* WIP: last commit working on "self-hosted, helm-managed"
* first pass at consolidating config for vanilla deploy
* refactor cli a bit
* use provided cluster ca
* separate genesis and join scripts
* add basic etcd joining
* actually run the proxy everywhere
* update readme
* enable kubelet service
* add pki most places
* use consistent sa keypair
* use quay.io/attcomdev/promenade
* fix typo in n3
* tls everywhere in kubernetes
* tls for etcd
* remove currently unused files