This patchset enforces stricter file permission on *-etc configmap and
sets readOnly flag to true in a number of charts.
Change-Id: I233689a5d56dd1352e0d81997a94b4cdd6bed5d2
Signed-off-by: Tin Lam <tin@irrational.io>
This PS removes the duplicate command key in the Neutron DB-Job
manifest and corrects the rally pod permisions.
Change-Id: I97b9a9ab54609696ac763f3a319f6df78fe5d73c
This PS unifies and normalises Kubernetes resource allocation and
update strategy across all OpenStack-Helm elements.
Change-Id: Ia41fc453cb5191fa447ca6e1aa0f5b431c939dc8
This PS moves keystone credentials to the endpoints section within
the values.yaml, and also adds a 'secrets' key, allowing standardiation
of secrets and credential management across OpenStack-Helm.
Change-Id: I86a21e625afd822379ac11351603b2c606a3769f
gen-oslo-openstack-helm generated configuration file templates in
incorrect form, causing setting mulitple values in Values.yaml to
produce something like:
foo=barfoo=baz
This commit fixes this in the generator and updates config file
templates to generate configs correctly:
foo=bar
foo=baz
Change-Id: Iea661dcf1710987b2e111d7141ba888f01c44a50
Closes-Bug: 1699581
This patch removes unused `/var/cache/cinder` volume that is mounted for
each of Cinder services. I suppose it was added to serve as value of
`signing_dir` option from keystonemiddleware and is used to cache PKI
tokens. We're however never setting the option to that value and the
option was deprecated in Ocata, so we should be fine to remove it.
In case someone still wanted to use `signing_dir` config option, he can
easily confiure it back using config and volumes overrides.
Related-Bug: 1702072
Change-Id: I03460151e01293b19a864528561c80cab1a72114
This PS adds soft anti-affinity to all pods in OS-H. By doing so
resiliancy is improved by attempting to ensure that pods are created
on seperate nodes.
Change-Id: I0c1092498f7a1e44218ef785ca3f73fa9f49819c
This PS disables debug logging for all services that had it on, and
removes the key from the default values.yaml. It does however ensure
that the mvp values has the appropriate key to make turning debugging
on simple.
Change-Id: I8ed84d531971cbd7984f029abbebb373af4c7311
Add rally tests in cinder helm chart.
It only test create a volume because volume driver is fake_driver.
Change-Id: Iba5df74df427a414c70dda6baf9bc7e775b1716d
Partial-Implements: blueprint implement-helm-test-for-charts
This PS refactors the ceph chart and secret generation process.
The updated chart replaces the existing "bootstrap" chart.
Additionally, Ceph manifests and deployment guides were modified
accordingly.
Change-Id: I6f5bb88fc0f40cfee8865d9dab83859d765e7537
Co-Authored-By: Larry Rensing <lr699s@att.com>
The existing entrypoint logic used static names to reolve dependencies.
This prevented the service names, and thus the hostnames of services
being altered. This PS resolves that issue by looking up the service name
from the endpoints specified in the values for a chart.
Partial-Implements: blueprint enhance-entrypoint-dependency-checking
External-Tracking-Id: OSH-21
Change-Id: Ib49490f332f8cd88e98c50d9335dfd314a170936
The dependencies for cinder had a typo, so volume was specified twice
while backup was missed. This PS fixes that.
Change-Id: I97b94fe7cb2ceacdfc3e961c7c1eb8f5ddda26ad
This PS sets the default modetype of mounts from *-bin configmaps
to 0555, and removes the then unnecessary commands from the manifests.
Change-Id: I93ce0facb06affdf362a58f8520e69ba94ea3034
With 1.6, init containers are officially part of the kubernetes
API. This changes the format of the helm template for the
entrypoint container from json to yaml, and updates the
charts accordingly.
Co-Authored-By: Pete Birley <pete@port.direct>
Change-Id: I569566ce4b031d107af2d38483040a26210bec45
This PS add Barbican support, and moves all potentially container
specific logic into the service start script from the api manifests.
Also fixes a permissions issue with the nova-api, which incorrectly
had the NET_ADMIN capability.
Change-Id: I18fc1ea5d7aa70ea7dabb829361a3da57e905100
This commit adds the bootstrap framework to Cinder.
- If volume type already exists do not recreate
- Create volume types as defined in Values.conf.backends
- Create additional volume types defined in Values.bootstrap,
available backends must be defined in Values.conf.backends
Change-Id: I577df7bf50d66c8ef70e74466a0bf1c4c221ca68
Partially implements: https://blueprints.launchpad.net/openstack-helm/+spec/service-bootstrap
This commit adds graceful termination to all existing charts.
It also adds a setting in the values.yaml file for clarity and
the ability to override if wished.
Change-Id: I42025e4be86d248be467c1d2f0980f864c4d440e
cinder-backup binary is responsible for backing up volumes and snapshots
as well as restoring them. Without this service being deployed, we
cannot use those features.
This commit introduces the service into OpenStack-Helm.
Change-Id: I4ff5a56a77e5e10471a653ee1fbc3837de48ad38
This commit is based on how Nova got its configuration overrides
implemented.
An important thing here is support for setting multiple Cinder backends
(e.g. Ceph cluster + NFS) in the values.yaml. This was required as Cinder
accepts backend configurations only in [<backend_id>] sections in the
cinder.conf.
Please note that autogeneration of ceph.conf and
ceph.client.<rbd_user>.keyring works only for a backend named "rbd1".
In case you want to add another RBD backend, you need to mount those
files by yourself. Commit ehancing this is planned to follow shortly.
Change-Id: Ifb58a85300bbfbb9e63d6b3bfc2ad19a99d2c9d4
This PS moves the container start commands to scripts. This brings
the service into alignment with other ones in OpenStack-Helm, and enables
easier debugging and modifcation of the launch commands for services.
Change-Id: Iff08c9fdaf34efeee3dea2c4b859b0a4e77bc9a9
This PS updates the way helm-toolkit functions are named to
reference the full path they are loacted at. This should make
development and debugging easier. Addtionally unused functions
have been pruned as well.
Change-Id: I03c553f1d01bccc70c86768b416b147c90d9b2f0
With pod disruption budget set it is not possible to drain nodes
and perform other expected operations. This PS changes the default
value to 0, restoring the typically expected operation of pods.
Change-Id: I43ef35638c98caee2cf567487173399157000ada
Addresses consistency issues that appear with autoincrement fields in
the existing chart, as demonstrated in [1]. It should allow automatic
recovery of 2 out of the 3 (default) cluster members.
It does not address automatic recovery of a complete shutdown of all
cluster nodes.
[1] https://review.openstack.org/#/c/465977/
Change-Id: I84c86e1862f03a6d381bf219b821ea3636049f0b
This PS adds a default pod disruption budget for cinder-api to
ensure at least one replica is running.
Change-Id: I8f1fc41dc527d16cf1099de51e36d8b7f7ae9ba8
This PS standardizes configmap mounts across all charts to be named
<project>-etc or <project>-bin. This reduces the amount of volumes
listed in each file.
Change-Id: Idbaf495fa243bb9ea0f6ad755ca4f899d5fc0d6f
OpenStack Foundation started serving project mascots files on
openstack.org. This commit adds URLs to those files as chart icons for
OpenStack projects.
Change-Id: I2482174cd1d9a0f32df91d7d81974a0dc37f5c4d
This PS updates the chart.yaml to be consistent across the repo, and
changes the description to make clear that they are the OpenStack-Helm
derived versions of the charts while using `helm search`.
Change-Id: Iac3cfd2cddba7130b28a65c3d353712c8a3aa02b
Currently cinder doesn't include the template for adding
rootwrap. As we look to include additional backends, we'll require
rootwrap.conf to be present for cinder function properly
Change-Id: Id8af3637edca12bc54edc9e25f5f88b2ef0cc410
