This patchset enables and moves the securityContext: runAsUser to the pod
level, and uses a non-root user (UID != 0) wherever applicable.
Depends-On: I95264c933b51e2a8e38f63faa1e239bb3c1ebfda
Change-Id: I81f6e11fe31ab7333a3805399b2e5326ec1e06a7
Signed-off-by: Tin Lam <tin@irrational.io>
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. A follow up ps will add the ability to add arbitary
annotations to the same objects.
Depends-On: Iceedba457a03387f6fc44eb763a00fd57f9d84a5
Change-Id: I324680f10263c1aefca2be9056e70d0ff22fcaf0
Signed-off-by: Pete Birley <pete@port.direct>
This is make ceph configmap and admin keyring secret names using
in storage init scripts to be read from chart values as we may
have two ceph clusters gets activated in one namespace and
each ceph clsuter will have its own configmap and admin secret names.
Change-Id: I84d94f3ac21e602c50619e456ff327ae1da53622
This PS moves openstack components in OSH to use secrets to store
potentially sensitive config information.
Depends-On: https://review.openstack.org/#/c/593732
Change-Id: I9bab586c03597effea0e48a58c69efff3f980a92
Signed-off-by: Pete Birley <pete@port.direct>
This PS allows the cinder-backup to use a separate ceph backend, you
can add a ceph ip and admin keyring to .Values.backup_ceph so that
cinder-backup can use the new ceph.
blueprint add-ceph-configuration-for-cinder-backup
Change-Id: Ib2c4ca3945a15107d77e36635bda52297de9f164
When removing helm-toolkit from OSH and swithcing to use the
toolkit from OSH-Infra, the image declaration function was missed.
Depends-On: I2f2012590d81ffcb159d49d8a76eedd4441744cd
Change-Id: I0f1118bb748f3fe1b6bb73acfc00e77c5cca9c7d
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds the local registry image managment to OSH from OSH-Infra.
With this the delta between helm-toolkits in the Repo's is removed,
allowing the toolkit from OSH-Infra to be used and the one from OSH
to be depreciated.
Change-Id: If5e218cf7df17261fe5ef249d281f9d9637e2f6a
Co-Authored-By: Pete Birley <pete@port.direct>
This PS exposes the Ceph RBD pool params to the cinder chart, allowing
them to be tuned.
Change-Id: I615e999928948193b24cc4978efb31bd1b36f8f7
Closes-Bug: #1754535
This PS moves static dependencies under a 'static' key to allow
expansion to cover dynamic dependencies.
Change-Id: I38990b93aa79fa1f70af6f2c78e5e5c61c63f32c
Like a glance, gnocchi, ceph-admin-keyring script should be needed when
execute storage_init.sh in cinder.
Change-Id: I5ab1b474de7cc0a9f80642502d74d1d1f156dea5
Closes-bug: 1744207
This PS fixes the jobs falling into a crash loop state
when upgrading charts.
'kubectl create' command cannot overwrite if a secret already
exists. But 'kubectl apply' command can do it.
Change-Id: Idd6eea06892a30e36e51a9b1130fd7cd84ff65cf
