This changes use the helm-toolkit template for toleration
in openstack services
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Story: 2009276
Task: 43531
Depends-On: I168837f962465d1c89acc511b7bf4064ac4b546c
Change-Id: I30ca8050e02a5deeec52319d45025f4af7139059
If labels are not specified on a Job, kubernetes defaults them
to include the labels of their underlying Pod template. Helm 3
injects metadata into all resources [0] including a
`app.kubernetes.io/managed-by: Helm` label. Thus when kubernetes
sees a Job's labels they are no longer empty and thus do not get
defaulted to the underlying Pod template's labels. This is a
problem since Job labels are depended on by
- Armada pre-upgrade delete hooks
- Armada wait logic configurations
- kubernetes-entrypoint dependencies
Thus for each Job template this adds labels matching the
underlying Pod template to retain the same labels that were
present with Helm 2.
[0]: https://github.com/helm/helm/pull/7649
Change-Id: Ib5a7eb494fb776d74e1edc767b9522b02453b19d
The default of 'domain_config_dir' in keystone is '/etc/keystone/domains'.
This patch adds the missing slash.
Change-Id: I30523ec3fd3144811a76b9078e915eff4ffa2b66
Keystone may communicate with other components that do not support TLS. This
patchset makes keystone more flexible and enable it to communicate successfully
with such components
Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/800097
Change-Id: I5c697c1748b62a81b43e7b0d6c7f89d374a50d94
This updates the Keystone chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: I0e00571d4060cca914d1bdb4f36e736fa8501130
This updates the Keystone chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true.
Change-Id: I2ac3a4efa6798e263de19f0db444f37c5236d121
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: Ia035037e000f1bf95202fc07b8cd1ad0fc019094
This PS enables the use of simple logging options if desired.
Change-Id: If6ea420c6ed595b3b6b6eedf99a0bf26a20b6abf
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds emptydirs backing the /tmp directory in pods, which
is required in most cases for full operation when using a read only
filesystem backing the container.
Additionally some yaml indent issues are resolved.
Change-Id: I9df8f70e913b911ff755600fa2f669d9c5dcb928
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves openstack components in OSH to use secrets to store
potentially sensitive config information.
Depends-On: https://review.openstack.org/#/c/593732
Change-Id: I9bab586c03597effea0e48a58c69efff3f980a92
Signed-off-by: Pete Birley <pete@port.direct>
This introduces a mechanism for generating the logging.conf
file for the openstack services via the values. This allows us to
define loggers, handlers, and formatters for the services and the
modules they're composed of.
This also allows us to take advantage of the oslo fluent handler
and formatter. The fluent handler and formatter give us the
following benefits: sending logs directly to fluentd instead of
routed to stdout/stderr and then through fluentbit to fluentd,
project specific tags on the logged events (enables us to define
more robust filters in fluentd for aggregation if required),
full traceback support, and additional metadata (modules that
created logged event, etc)
Depends-On: https://review.openstack.org/577796
Change-Id: I63340ce6b03191d93a74d9ac6947f0b49b8a1a39
When removing helm-toolkit from OSH and swithcing to use the
toolkit from OSH-Infra, the image declaration function was missed.
Depends-On: I2f2012590d81ffcb159d49d8a76eedd4441744cd
Change-Id: I0f1118bb748f3fe1b6bb73acfc00e77c5cca9c7d
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds the local registry image managment to OSH from OSH-Infra.
With this the delta between helm-toolkits in the Repo's is removed,
allowing the toolkit from OSH-Infra to be used and the one from OSH
to be depreciated.
Change-Id: If5e218cf7df17261fe5ef249d281f9d9637e2f6a
Co-Authored-By: Pete Birley <pete@port.direct>
This patch set provides PATCH capability for ldap-backed domain config,
and prevents silent failure if the configuration contains erroneous
setting. This also moves from loading .conf files into DB directly,
and uses the API endpoints.
Change-Id: I17a19046fa96e0f3e8fb029c156ba79c924a0097
Signed-off-by: Tin Lam <tin@irrational.io>
This PS moves static dependencies under a 'static' key to allow
expansion to cover dynamic dependencies.
Change-Id: I38990b93aa79fa1f70af6f2c78e5e5c61c63f32c
