Based on spec
support-OCI-image-registry-with-authentication-turned-on.rst
Each Helm chart can configure an OCI image registry and
credentials to use. A Kubernetes secret is then created with this
info. Service Accounts then specify an imagePullSecret specifying
the Secret with creds for the registry. Then any pod using one
of these ServiceAccounts may pull images from an authenticated
container registry.
Related OSH-infra change:
https://review.opendev.org/c/openstack/openstack-helm-infra/+/848142
Change-Id: I54540f14fed29622bc5af8d18939afd06d65e2d8
As part of the move to helm v3, all the charts in the OSH repos
will no longer lint/build properly due to a lack of helm serve
in helm v3.
This change modifies the helm-toolkit repo location to the
osh-infra repo in order to account for the removal oh helm serve.
This work is part of the migration to helm v3 and will be utilized
in future changes.
Change-Id: I90d25943d69ad6c76455f7778a4894f00c525c46
This change bumps each openstack chart version up to the next
greatest minor version of 0.2.0, signifying that openstack-helm
will no longer support older, EOL releases for each chart.
Change-Id: I7ce80c7bdc779c1de4472079f18102f506bfbb90
Since we introduced chart version check in gates, requirements are not
satisfied with strict check of 0.1.0
Change-Id: If537f69dec7e3360f6bffcc4424f10c248919ece
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
Added chart lint in zuul CI to enhance the stability for charts.
Fixed some lint errors in the current charts.
Change-Id: I7e4b191fb9e355ab5d5a233e8ed121346519df62
Some OSH charts have diffferent values for logger_root
handler from upsgream repo config defaul values.
Exactly, logger_root handler values.
This leads double logging finally.
To fix this, set logger_root as null like upstream repos.
Change-Id: I20e4f48efe29ae59c56f74e0ed9a4085283de6ad
dns_servers in openstack-helm/temepst/values.yaml is deprecated,
this config option is no longer used anywhere,
so it can be removed.
Change-Id: Ic1a83fbc7a25716fd082f4896355ce1014c4134d
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: Ia035037e000f1bf95202fc07b8cd1ad0fc019094
The configuration of conf.volume.backend_name
in openstack-helm/tempest/values.yaml is missing an "s",
and the standard configuration of volume
in tempest.conf is "backend_names".
Change-Id: I1778e047774b8d74a021153674ab53915649663f
This updates the kubernetes-entrypoint image reference to consume
the publicly available kubernetes-entrypoint image that is built
and maintained under the airshipit namespace, as the stackanetes
image is no longer actively maintainedy
Depends-On: https://review.opendev.org/688435
Change-Id: I8e76cdcc9d4db8975b330e97169754a2a407341f
Signed-off-by: Steve Wilkerson <sw5822@att.com>
* tempest_roles: removed, as this is only used when the test
requires additional roles to be assigned.
Currently no test needs extra roles so adding those is changing
the expected output of some of the tests.
* domain_specific_drivers: set to True. This needs to be a mirror
of the same value on the keystone chart
Change-Id: I1c84ed1ed5b1c2d8abd9e089044f40d08838c422
This change allows the restartPolicy of the tempest test pod to be set
to Never, bringing it in line with other test pod behavior, like rally.
If set to OnFailure, test pods are often deleted before logs can be
viewed.
Change-Id: I312b93784d27109452b2076658e5655210a92b48
We now have a process for OSH-images image building,
using Zuul, so we should point the images by default to those
images, instead of pointing to stale images.
Without this, the osh-images build process is completely not
in use, and updating the osh-images process or patching its
code has no impact on OSH.
This should fix it.
Change-Id: I672b8755bf9e182b15eff067479b662529a13477
This PS adds emptydirs backing the /tmp directory in pods, which
is required in most cases for full operation when using a read only
filesystem backing the container.
Additionally some yaml indent issues are resolved.
Change-Id: I9df8f70e913b911ff755600fa2f669d9c5dcb928
Signed-off-by: Pete Birley <pete@port.direct>
changes the default admin_domain_scope to false as we do not provide
an admin scoped credentials in the default deployment
drops volume-feature-enabled -> api_v1/api_v3 as its deprecated and
instead use catalog_type to let tempest know which version to use
drop identiti-feautre-enabled -> api_v2 as its deprecated
Change-Id: I508b5d3e59b33e2c37155918ce99504e1b760210
Add a configurable logging.conf to the tempest chart.
Sets the default level to WARN as it currently its on INFO and
that results into the log being full of rest_client calls, which
makes it difficult to read the log and the actual tests running
Change-Id: I9deb016a4feee482c01e79a4209c001968b8ea12
We need to pass the config file to tempest cli so it can run from
anywhere
As a side effect, we need to also pass the concurrency value to the cli
as it cannot infer it by itself
Change-Id: I897951cbbe39152767123387dff43109bef84cc6
we are using the None value for some of the values that should be filled
by the configmap-etc template but as that template checks for empty values
and None is not counted, we are filling the tempest.conf with the wrong
values for auth and others
Instead use the null value for those so they get properly filled by the
template system into the appropiate values
Change-Id: I30528b1944722e9ce2e227b1b4dacae7635167ec
This commit replaces the hard-coded name for tempest jobs with the
unique Release name, allowing multiple runs of the job in the same
namespace without causing collisions.
Change-Id: I0c8aada93803875d7b0ff216c12ea67a925a510f
This patch set moves the default deployment to ocata from newton.
Newton zuul job is now moved into its separate job.
Change-Id: Ic534c8ee02179f23c7855d93a4707e5a2fd77354
Signed-off-by: Tin Lam <tin@irrational.io>
While running chart internal to AT&T we found some
tempest.conf values that are not mapped to the correct section of the
tempest config.py. This commmit is to address these changes:
1) tempest.auth.admin_domain_scope should be in
tempest.identity.admin_domain_scope
default is false and existing code is
setting the value to true so it is needed
https://github.com/openstack/tempest/blob/master/tempest/config.py#L109
2) tempest.auth.min_compute_nodes should be in
tempest.compute.min_compute_nodes but it is setting the default value so
this is not needed and I am dropping it
https://github.com/openstack/tempest/blob/14.0.0/tempest/config.py#L231
Also while learning about the chart we found that the admin_domain_scope
configmap-etc was mappinng the wrong data type so we removed the map
and set the admin_domain_scope to true.
Change-Id: I52f115c3a1afee0fd58ef9422c6353ea1a93e814
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. A follow up ps will add the ability to add arbitary
annotations to the same objects.
Depends-On: Iceedba457a03387f6fc44eb763a00fd57f9d84a5
Change-Id: I324680f10263c1aefca2be9056e70d0ff22fcaf0
Signed-off-by: Pete Birley <pete@port.direct>
The tempest utility that is configured here will take a snapshot.
After the snapashot and test run it will delete any resources that
are not in the snapshot.
If a tenant creates a resource outside of the test run it will also
be deleted.
This is something which is not desirable in a live lab.
This patch aims to provide control to the end-user to define how
to perform the final cleanup.
Change-Id: I1f7eb3ac5e9f9be08cb05a70bb1fb2d0f4b41382
This PS udpates the keystone endpoint definition to point to the
correct host for the admin endpoint when looked up using endpoint
functions from helm-toolkit.
Change-Id: Ic6b82a002cca92e37d21f594bad5f00758f1ea7a
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves openstack components in OSH to use secrets to store
potentially sensitive config information.
Depends-On: https://review.openstack.org/#/c/593732
Change-Id: I9bab586c03597effea0e48a58c69efff3f980a92
Signed-off-by: Pete Birley <pete@port.direct>
This PS makes to control cleanup action.
If there are FAILED cases, temepest-test returns non-zero code.
_run-tests.sh.tpl exit immediately without cleanup.
if set Values.conf.cleanup.force to true, cleanup is excuted always.
Change-Id: Ie2ffee8faa9561f8acb4dc762fcfa9a282477f50
Closes-Bug: #1788076
This PS updates the keystoen chart to stop running the keystone api
as the root user.
Change-Id: If3042210f761476846da02fc8e648c700267a591
Signed-off-by: Pete Birley <pete@port.direct>
This PS disables the v2 keystone API, and finishes the migration to
full v3 support.
Change-Id: I3021ebe0bee668db9f28e7fb18e2d4b26172f209
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves to use port 80 by default for the keystone
asdmin endpoint, and adjusts paths accordingly.
Change-Id: Iccae704dadc17eba269e857301654782f64763c9
Signed-off-by: Pete Birley <pete@port.direct>
