This updates the heat chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: I7ba17382059dfc23ab125a49b2b302166915c350
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: Ia035037e000f1bf95202fc07b8cd1ad0fc019094
This PS adds emptydirs backing the /tmp directory in pods, which
is required in most cases for full operation when using a read only
filesystem backing the container.
Additionally some yaml indent issues are resolved.
Change-Id: I9df8f70e913b911ff755600fa2f669d9c5dcb928
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. A follow up ps will add the ability to add arbitary
annotations to the same objects.
Depends-On: Iceedba457a03387f6fc44eb763a00fd57f9d84a5
Change-Id: I324680f10263c1aefca2be9056e70d0ff22fcaf0
Signed-off-by: Pete Birley <pete@port.direct>
When removing helm-toolkit from OSH and swithcing to use the
toolkit from OSH-Infra, the image declaration function was missed.
Depends-On: I2f2012590d81ffcb159d49d8a76eedd4441744cd
Change-Id: I0f1118bb748f3fe1b6bb73acfc00e77c5cca9c7d
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds the local registry image managment to OSH from OSH-Infra.
With this the delta between helm-toolkits in the Repo's is removed,
allowing the toolkit from OSH-Infra to be used and the one from OSH
to be depreciated.
Change-Id: If5e218cf7df17261fe5ef249d281f9d9637e2f6a
Co-Authored-By: Pete Birley <pete@port.direct>
This patch set allows for searching the trustee user in a specified
domain rather than just the "default" domain.
Change-Id: I53ee6816e02c25e577244015fe5aea0870e0fd32
Signed-off-by: Tin Lam <tin@irrational.io>
This PS moves static dependencies under a 'static' key to allow
expansion to cover dynamic dependencies.
Change-Id: I38990b93aa79fa1f70af6f2c78e5e5c61c63f32c
This PS moves all credentials for OpenStack services from 'user' to
the service name. This allows a single yaml snippet to articulate
the credentials for a deployment.
Change-Id: Ic720109f2ba854561b23767cb480bcae91f74b6b
This PS updates the values file layout for images to allow simple
parsing of the images in use by charts, allowing them to be queried
and modified much more simply. By moving the image tags to a 'tags'
key, we can extend the options used simply to accomodate extra
options simply (eg prefixing the tag for use with an internal
registry) or pre-pulling the images to reduce chart deploy failure.
Change-Id: I9ec1dbb00d997ab6cb021bf0b698f7aae740e95d
This PS removes the modified oslo-genconfig from heat.
Partially implements: blueprint remove-pregenerated-config-templates
Change-Id: Ib4a5e1c41874e3a2eb15b5002538a2193f07ab04
There are serveral issues with default settings of [trustee] section in
heat.conf:
1. Keystone trust isn't added for admin user (heat-trust should be
admin's user trustee to make it possible for admin to create stacks).
2. Keystone is adding role "admin" in domain "heat". This blocks
creation of correct trust in Keystone as role names are duplicated.
Please note that adding this role is not necessary for Heat to work
correctly.
This commit solves the issues by:
1. Creating a job that will add a Keystone trust between admin and
heat-trust users. This allows admin to create Heat stacks.
2. Removes adding a new role in a domain in _ks-domain-user.sh.tpl
script.
Additionally, as _ks-domain-user.sh.tpl is only really used by Heat
chart, this commit also removes it from configmap-bin in Barbican,
Magnum, Mistral and Senlin charts. Those charts must have been
copy-pasted from Heat chart and don't need to include this file.
Also I fix a bug introduced by I86a21e625afd822379ac11351603b2c606a3769f
that renamded heat-domain user to heat-trust and created two users with
the same name.
Change-Id: I303d9bc2aa1796f21bedc6ecdc85a4b3f6c68504
Closes-Bug: 1696462
