Strictly speaking, open socket doesn't mean working API.
We experienced API stopped responding and the socket was still
open so API was unhealthy actually but kubernetes did not restart.
HTTP probe will fix this issue.
Change-Id: I95bb3ad3123d8a4a784d260477f037fa5506d290
Based on spec
support-OCI-image-registry-with-authentication-turned-on.rst
Each Helm chart can configure an OCI image registry and
credentials to use. A Kubernetes secret is then created with this
info. Service Accounts then specify an imagePullSecret specifying
the Secret with creds for the registry. Then any pod using one
of these ServiceAccounts may pull images from an authenticated
container registry.
Related OSH-infra change:
https://review.opendev.org/c/openstack/openstack-helm-infra/+/848142
Change-Id: I54540f14fed29622bc5af8d18939afd06d65e2d8
masakari hostmonitors needs to run the privsep-helper as root. As masakari monitors runs as masakari-monitors users, sudoers file is added so that privsep-helper can be run as root user without using password.
Change-Id: I3501d8913f4b8b0bf9d7e03c8d411137d9c25a8c
When changes are made to config, helm upgrade failes with immutable fields in jobs. Addition of the helm hooks with post upgrade will delete the old job and create the new jobs which will solve the issue.
Also, mounted the shm and enabled hostNetwork in masakari monitors so that it can communicate with pacemaker remote for monitoring the cluster status.
Change-Id: I8a8bc5b7c77643872e65fac294d0ff48347c476b
Fix node labels for monitors agents as they need to run on the compute node where libvirt daemonset is running.
Change-Id: Ia4f3a510443f58b29d700421d77c5de51b0991b3
