This patchset enables and moves the securityContext: runAsUser to the pod
level, and uses a non-root user (UID != 0) wherever applicable.
Depends-On: I95264c933b51e2a8e38f63faa1e239bb3c1ebfda
Change-Id: I81f6e11fe31ab7333a3805399b2e5326ec1e06a7
Signed-off-by: Tin Lam <tin@irrational.io>
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. A follow up ps will add the ability to add arbitary
annotations to the same objects.
Depends-On: Iceedba457a03387f6fc44eb763a00fd57f9d84a5
Change-Id: I324680f10263c1aefca2be9056e70d0ff22fcaf0
Signed-off-by: Pete Birley <pete@port.direct>
This is make ceph configmap and admin keyring secret names using
in storage init scripts to be read from chart values as we may
have two ceph clusters gets activated in one namespace and
each ceph clsuter will have its own configmap and admin secret names.
Change-Id: I84d94f3ac21e602c50619e456ff327ae1da53622
When removing helm-toolkit from OSH and swithcing to use the
toolkit from OSH-Infra, the image declaration function was missed.
Depends-On: I2f2012590d81ffcb159d49d8a76eedd4441744cd
Change-Id: I0f1118bb748f3fe1b6bb73acfc00e77c5cca9c7d
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the cephs config to deploy radosgw with greater
swift compatibility. Allowing clients to use RGW as though it
were a real swift deployment.
Change-Id: Id0a27b42b7f9c0c9e4b5a197ef50feb612e6adfc
This PS adds the local registry image managment to OSH from OSH-Infra.
With this the delta between helm-toolkits in the Repo's is removed,
allowing the toolkit from OSH-Infra to be used and the one from OSH
to be depreciated.
Change-Id: If5e218cf7df17261fe5ef249d281f9d9637e2f6a
Co-Authored-By: Pete Birley <pete@port.direct>
This PS moves static dependencies under a 'static' key to allow
expansion to cover dynamic dependencies.
Change-Id: I38990b93aa79fa1f70af6f2c78e5e5c61c63f32c
This PS fixes the jobs falling into a crash loop state
when upgrading charts.
'kubectl create' command cannot overwrite if a secret already
exists. But 'kubectl apply' command can do it.
Change-Id: Idd6eea06892a30e36e51a9b1130fd7cd84ff65cf
This PS moves all credentials for OpenStack services from 'user' to
the service name. This allows a single yaml snippet to articulate
the credentials for a deployment.
Change-Id: Ic720109f2ba854561b23767cb480bcae91f74b6b
This PS fixes the RBAC object creation for storage-init job, by
removing the helm hook annotation that was erroniosly applied to
the object manifests.
Change-Id: I98d2cec660199f607a8c18c1a2cc9e54937e3cb8
This PS makes the service-specific images for Glance have
explicit names, allowing simple over-riding of images for an
entire site.
Change-Id: Ib6a5e626dd85bb04ee8599ac9b53b3d5fbaf496b
This PS updates the values file layout for images to allow simple
parsing of the images in use by charts, allowing them to be queried
and modified much more simply. By moving the image tags to a 'tags'
key, we can extend the options used simply to accomodate extra
options simply (eg prefixing the tag for use with an internal
registry) or pre-pulling the images to reduce chart deploy failure.
Change-Id: I9ec1dbb00d997ab6cb021bf0b698f7aae740e95d
The new storage-init script doesn't handle the case in which the rbd pool
user already exists. This PS solves the issue by improving the script.
Change-Id: I22c55429d3077393b279fb784845db41a69b5469
Closes-Bug: 1719081
This PS removes the modified oslo-genconfig from glance.
Partially implements: blueprint remove-pregenerated-config-templates
Change-Id: Ie4d5dd9e4b03ba360c62f508e98e206f6f894b63
This PS enables the following backends for glance:
* PVC
* RBD
* RadosGW (direct)
* Swift
It also moves the creation of the RBD pool when required to a storage
init job. This job also creates credentials as required for glance to
use when accessing the required backend, rather than using the admin
keyring.
Change-Id: I90fead961ff73a9263826acc794128fa73ead2e1
