This updates the sonobuoy chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Depends-On: https://review.opendev.org/740119/
Change-Id: I0964c9809402635c9a7049b61fb954a4ebf01bb1
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: I631ae4345f18fee70b380867ba8b33af5e3b3254
Currently, results are stored using an emptyDir volume. This change adds
support for storing results using a customizable hostPath. When storing
results in a hostPath, results can still be obtained form the hostPath
while result publishing is disabled.
Change-Id: Ibd01da23a8e74a54f500429cf0ba8ca72f2ac77d
Before, if conf.publish_results was false then Helm would fail to
install the Sonobuoy chart because the apparmor annotation was being
added for the results-publisher container, but the container didn't
actually exist because it was disabled.
Now, the apparmor annotation is only included for the results-publisher
container when conf.publish_results is true.
Change-Id: I731b7d03c9699db0fcab61439479796617ebff2a
Manually set Namespace for Sonobuoy's config.json.
Sonobuoy's bug forcing heptio-sonobuoy namespace [1] usage only does not
impact this Helm chart because the config.json is directly controlled
by the `values.yaml` and not Sonobuoy's CLI.
Now multiple instances of this chart may exist at once by specifying
unique namespaces at helm install time.
Modify Sonobuoy test script to install two instances of Sonobuoy Helm
chart. Also install readonly serviceaccount to verify it will work with
more than one instance simultaneously.
[1] https://github.com/heptio/sonobuoy/issues/420
Change-Id: I6d4ecfb812a4312af13abf1e265de495e27967f9
This change enables operators to disable results publishing where Swift
and Ceph may not be setup.
This configuration option does not prevent deploying other resources
such as ks-user. The operator will want to disable those via the
`manifests` dictionary in `values.yaml`.
Change-Id: I00be7d51309889fcaf3b2a9756e38dcf49c31312
This enables persistently storing Sonobuoy tests results tarball
in Ceph (authed with Keystone).
1. Adds job-ks-user and secrety-keystone to create Sonobuoy user in
Keystone
2. Sonobuoy pod has a results-publisher container that waits for
Sonobuoy container to populate test results directory with the tarball
3. results-publisher container creates Swift container for Sonobuoy
results
4. results-publisher adds Sonobuoy test results to Swift container
5. results-publisher sets expiry date on the object to be deleted
after 30 days
Change-Id: Ic2d9fb345dce1101040e60113564e7ecdb2c51ea
This adds a Sonobuoy chart that only runs the systemd-logs plugin[1]. The
Sonobuoy pod (tests) are executed as a `helm test`.
This chart must be installed under the heptio-sonobuoy namespace[2]. A node
with the label selector specified in values.yaml (labels.api) must exist
for the Sonobuoy pod to even be created.
Also add an experimental job to test Sonobuoy chart.
[1] https://github.com/heptio/sonobuoy-plugin-systemd-logs
[2] https://github.com/heptio/sonobuoy/issues/420
Change-Id: I613fab635b97a70ac20820e1ececde48952ac2da
Gage Hugo