This PS adds vhost management to rabbitmq jobs. It also prevents
sensitive information being displayed in the management job, and
removes the 'administrator' tag from service users.
Change-Id: Id337f763c5e4776bce7269676a8a2dc54dc2e5f8
This patch set addresses the comments left in [0] by fixing the header
information in the python template file and adding logic to query the
domain specific logic.
[0]https://review.openstack.org/#/c/559191/
Change-Id: I656d7ac8158f9b40246ac739e4dc4fc88e1e43da
Signed-off-by: Tin Lam <tin@irrational.io>
This patch set provides PATCH capability for ldap-backed domain config,
and prevents silent failure if the configuration contains erroneous
setting. This also moves from loading .conf files into DB directly,
and uses the API endpoints.
Change-Id: I17a19046fa96e0f3e8fb029c156ba79c924a0097
Signed-off-by: Tin Lam <tin@irrational.io>
This PS allows arbitary hostnames to be used for public endpoints,
provided the resolve externally to the ingress controllers.
Change-Id: I44411687f756968d00178d487af66c2393e6bde0
This patch set performs non-critical polish fix to [0].
[0] https://review.openstack.org/#/c/552171/
Change-Id: I5bbb64d5af65782665fd659886e55e25bac61452
Signed-off-by: Tin Lam <tin@irrational.io>
This version is already being used by some charts, so this brings the
rest of the charts in line and allows them to use a new feature,
pod dependencies, that this version provides.
Change-Id: Ie8289eb09b31cd8f98c2c5b4dd5bbe469078e6d8
This patch set adds TLS support for keystone LDAP.
External-tracking: OSH#555
Change-Id: Ice32a31a712b8534a5d1a8f90a8a203710bdb9a9
Signed-off-by: Tin Lam <tin@irrational.io>
This PS consolidates the Ingress controller service, that is used
to resolve internal requests to public endpoints correctly, to
helm-toolkit.
Change-Id: If7c7deca1b8289a32709f7dc7c936883469aadfe
This PS reduces the number of processes spawned by services, as
with Kubernetes load distribution can be better managed by a larger
number of single threaded pods (up to a certain point) and doing so
also provides both increased avilibility, leading to smoother rolling
updates. In addtion when running single replicas resource consuption
is reduced.
Change-Id: Ifb7494a0804913d843a072e10d26c6ec53c3bd16
Cronjob resource is deprecated in batch/v2alpha1 from
k8s 1.8 and batch/v1beta1 is enabled by default. All the
CronJobs are already using batch/v1beta1 but there is condition
to check if api version have batch/v2alpha1.
Remove the api version constraint on batch/v2alpha1
Partial-Bug: #1753524
Change-Id: I7eeb7d6cc2630311ec5d613b9e059824daae0620
This PS moves static dependencies under a 'static' key to allow
expansion to cover dynamic dependencies.
Change-Id: I38990b93aa79fa1f70af6f2c78e5e5c61c63f32c
This PS moves the default image in OSH for most services to use LOCI
and also provides a Kolla gate for newton openstack.
Change-Id: Ice6cb9f89bc3ce6e8280e580d215aedda9e71904
This PS removes the user managemnt from the rally driven helm tests
which allows LDAP and other read only sources being used to validate
service functionality, in addition to reducing false -ve results in
the Zuul gates.
Change-Id: I1cc0e99bf74d578648b3cd40eaf60c1804044d88
This PS moves all credentials for OpenStack services from 'user' to
the service name. This allows a single yaml snippet to articulate
the credentials for a deployment.
Change-Id: Ic720109f2ba854561b23767cb480bcae91f74b6b
This PS updates the image used in the ingress controller and
adds UDP/TCP proxying. In addition the chart has been given
a spring clean to better match other OSH charts.
Change-Id: Ib892b82c4657c42e7531a2ce81746398e7bd4df5
This PS allows the ingress rules to be dynamicly driven from the
values.yaml, permitting the ingress cotnroller to ba changed and
custom rules to be applied: eg whitelisting of clients.
Change-Id: Ica6b4692ff9b6b77d1efe6bae212a1227e56ca66
This updates the names of the helm test pods to give all services
in OSH-infra/OSH a uniform '{{ .Release.Name }}-test' name, which
allows for easier gathering of test results across all deployed
services
Change-Id: I24df7a18d32b99d1ffaad19647ef724316e2fe20
This PS makes the service-specific images for Keystone have
explicit names, allowing simple over-riding of images for an
entire site.
Change-Id: I0b50d07fc0c2e00ab7803dd4c986c8a26e25ea49
External traffic policy "local" would be preffered when openstack
service is accessed from external via node port. This option has an
effect only when service node port is enabled.
Change-Id: Ic68cfc59dc39dc842d4790deffa70efe433dd7a6
This PS updates the values file layout for images to allow simple
parsing of the images in use by charts, allowing them to be queried
and modified much more simply. By moving the image tags to a 'tags'
key, we can extend the options used simply to accomodate extra
options simply (eg prefixing the tag for use with an internal
registry) or pre-pulling the images to reduce chart deploy failure.
Change-Id: I9ec1dbb00d997ab6cb021bf0b698f7aae740e95d
