Removes an unused context declaration from the prometheus service
annotation template in helm-toolkit
Change-Id: I118b352d2b5a80fc43f27d7f3f154b61e5406f8c
This adds the prometheus pod and service annotations to helm
toolkit, which allows for using prometheus's kubernetes service
discovery mechanisms for osh pods and service metrics as needed
Change-Id: I0e080d960553381014c4fd4f2bb6c83652241b0b
This PS moves the configuration files used by libvirt to be
generated directly from the values, rather than being templated.
Change-Id: I8ab2783c9d1d5d815cc02eccafa21058ff3acead
Currently, the rbac logic would allow for ``jobs`` or ``daemonsets``
if it is specified in the dependencies, even if they may just be empty
or null. This patch set addresses this by checking the jobs or
daemonsets map in the value.yaml is non-empty before including it
in the Role.
This mirrors the fix in OSH-infra in [0].
[0] https://review.openstack.org/#/c/530337/1
Change-Id: I37e8d8c1a0d587410811c544e049bbafed73cba8
Signed-off-by: Tin Lam <tin@irrational.io>
This chart provides a policy framework for the cloud.
It consist of 3 services. Api, policy engine, datasource.
helm install --name=congress local/congress --namespace=openstack
Change-Id: I5fabf91893bc006470469af397994b13fe86223b
Pass the service namespace to kubernetes-entrypoint in
order to support dependencies between namespaces.
Add documentation about endpoint/service namespaces.
Change-Id: I208c3240e9f2c8900323595f7b0e488bef5cb1fc
Implements: blueprint entrypoint-namespaces
This PS updates the values file layout for images to allow simple
parsing of the images in use by charts, allowing them to be queried
and modified much more simply. By moving the image tags to a 'tags'
key, we can extend the options used simply to accomodate extra
options simply (eg prefixing the tag for use with an internal
registry) or pre-pulling the images to reduce chart deploy failure.
Change-Id: I9ec1dbb00d997ab6cb021bf0b698f7aae740e95d
Implemented Kubernetes jobs to drop a database for an OpenStack service
on deletion of Helm chart. This job is configurable to be enabled or
disabled in the values.yaml file for each chart.
Change-Id: Ia1a0834cb43c7e883aaf507a7c7683fa1cf4e838
This PS removes the pregenerated config templates producing using
the hacked oslo-genconfig tool. This results in both a much smaller
codebase and also more readable configuration by removing the
requirement to specify settings via oslo namespaced references.
This initial PS applies only to Keystone, A follow up will extend to
all remaining services.
Partially implements: blueprint remove-pregenerated-config-templates
See: https://blueprints.launchpad.net/openstack-helm/+spec/remove-pregenerated-config-templates
Change-Id: I3ced7ad02c703c767925a17b1a18f6158a878e83
This PS defines the container entrypoint to kubernetes entrypoint,
allowing images that do not have it defined as the entrypoint to be
used.
Change-Id: I8f2d57bb933ee7990f75d82e9cc1b47afd99f1c6
This PS implements the ceph radosgw and also provides keystone
intergration, allowing ceph to provide a swift like service if
desired for object storage.
In addtion it updates the endpoint lookups to use valid yaml when
dealing with keystone services with a '-' in their name.
Change-Id: I9162ad657df2f77c1bc1afa93a8b999894b1b470
This removes sys.exits which are never called and moves one try-except
block to the lines in which the exception is actually raised.
Change-Id: Idb5bde84136208dc39d877b4b66b39a433d85375
This PS adds namespace and fqdn support to endpoint lookup functions,
it also permits over-riding of the puplic endpoint for ingress.
Change-Id: Ib61c5c00a214d75fe85fbffe9080c2ae88bd8cb9
This PS adds a configmap teplater helper to helm-toolkit. It makes it
simpler to write consistent charts that supports over-riding of all
values.
Change-Id: I9a587999859ea02802485eb25a3f0ebec8c712a8
There are serveral issues with default settings of [trustee] section in
heat.conf:
1. Keystone trust isn't added for admin user (heat-trust should be
admin's user trustee to make it possible for admin to create stacks).
2. Keystone is adding role "admin" in domain "heat". This blocks
creation of correct trust in Keystone as role names are duplicated.
Please note that adding this role is not necessary for Heat to work
correctly.
This commit solves the issues by:
1. Creating a job that will add a Keystone trust between admin and
heat-trust users. This allows admin to create Heat stacks.
2. Removes adding a new role in a domain in _ks-domain-user.sh.tpl
script.
Additionally, as _ks-domain-user.sh.tpl is only really used by Heat
chart, this commit also removes it from configmap-bin in Barbican,
Magnum, Mistral and Senlin charts. Those charts must have been
copy-pasted from Heat chart and don't need to include this file.
Also I fix a bug introduced by I86a21e625afd822379ac11351603b2c606a3769f
that renamded heat-domain user to heat-trust and created two users with
the same name.
Change-Id: I303d9bc2aa1796f21bedc6ecdc85a4b3f6c68504
Closes-Bug: 1696462
Now, openstack-helm support "helm test" function, and It execute rally
container.
Rally also can test Tempest itself, so this fix will be add tempest
test in rally container.
Change-Id: I2c2f684f6583f2a3d9c7279a3d85cb242934e90e
Implements: blueprint add-tempest-in-helm-test
This PS removes the licence header from rendered output from tiller,
significantly reducing the configmap size of charts deployed to the
cluster.
Change-Id: I5d1b246f2068f3b83bf59ba79fe8b88bbc9a6161
This PS allows the rendering of manifests to be controlled. It enables
both increased control over deployment when required but also makes
development of a feature easier to target.
Change-Id: I1716e8ee23fe5c53f935bd739ea283bc4a2a9963
This PS fises a rendering erros in the joinListWithComma function
when used with values from the helm --set cli command.
From Kolla-Kubernetes: https://review.openstack.org/#/c/488513/
All Credit to: Serguei Bezverkhi
Change-Id: I013a37f5e6dec43232c6ee300be8f918f9ef554a
This PS fix openstack endpoint show option at _ks-endpoint.sh
as job-ks-endpoint fails when endpoint needs updated.
Change-Id: I8aa05f3d40e7825410eace3ad7b44d36e3bb6434
This PS allows an operator to change the service account password
though the values fed into a chart.
Change-Id: If3a859f0db84237c71303ef329573c7d6aafdae7
This PS updates the pod affinity function to allow customisation by
operators at the point of deployment.
Change-Id: I8b7b2f584e990e068051d9a6d5cc7b1e1adb5aa5
The issue was with type of upgrade strategy, which was rendered as empty.
It was due to wrong access to the pod_replacement_strategy, which was
out of modified scope:
daemonsets:
pod_replacement_strategy: RollingUpdate
dhcp_agent:
enabled: false
min_ready_seconds: 0
max_unavailable: 1
and the snippet was modifying the scope to daemonset.dhcp_agent, then
trying to access daemonsets.dhcpagent.pod_replacement_strategy, which was
not there:
{{- $upgradeMap := index $envAll.Values.pod.lifecycle.upgrades.daemonsets $component }}
updateStrategy:
type: {{ .pod_replacement_strategy }}
The fix is to evaluate the common variable before entering the scope
modification.
{{- $pod_replacement_strategy := $envAll.Values.pod.lifecycle.upgrades.daemonsets.pod_replacement_strategy -}}
type: {{ $pod_replacement_strategy }}
Change-Id: I78937b1bf1e0d50ca372de095582c71105d76331
Closes-Bug: 1705662
This PS unifies and normalises Kubernetes resource allocation and
update strategy across all OpenStack-Helm elements.
Change-Id: Ia41fc453cb5191fa447ca6e1aa0f5b431c939dc8
This PS moves keystone credentials to the endpoints section within
the values.yaml, and also adds a 'secrets' key, allowing standardiation
of secrets and credential management across OpenStack-Helm.
Change-Id: I86a21e625afd822379ac11351603b2c606a3769f
This PS adds soft anti-affinity to all pods in OS-H. By doing so
resiliancy is improved by attempting to ensure that pods are created
on seperate nodes.
Change-Id: I0c1092498f7a1e44218ef785ca3f73fa9f49819c
This PS adjusts the MariaDB chart to use the same endpoint values
layout as used in other openstack-helm components. It also removes
credentials and params from the configmaps and moves them to secrets
and env vars as appropriate.
Change-Id: I9116be7c46cdd16c743ca2784878f3de65665f8c
This PS refactors the ceph chart and secret generation process.
The updated chart replaces the existing "bootstrap" chart.
Additionally, Ceph manifests and deployment guides were modified
accordingly.
Change-Id: I6f5bb88fc0f40cfee8865d9dab83859d765e7537
Co-Authored-By: Larry Rensing <lr699s@att.com>
This PS makes the initial Keystone Admin and Service account users
members of the projects that they are in.
Change-Id: I2de081a216b7e7b99d301ab605c84d882cdb5840
The existing entrypoint logic used static names to reolve dependencies.
This prevented the service names, and thus the hostnames of services
being altered. This PS resolves that issue by looking up the service name
from the endpoints specified in the values for a chart.
Partial-Implements: blueprint enhance-entrypoint-dependency-checking
External-Tracking-Id: OSH-21
Change-Id: Ib49490f332f8cd88e98c50d9335dfd314a170936
With 1.6, init containers are officially part of the kubernetes
API. This changes the format of the helm template for the
entrypoint container from json to yaml, and updates the
charts accordingly.
Co-Authored-By: Pete Birley <pete@port.direct>
Change-Id: I569566ce4b031d107af2d38483040a26210bec45
The current default network for ceph works for very few people by
default. Update it to match what most people seem to be using.
Change-Id: Icd5f87189b067865721203065e8caf33772d56ba
This PS introduces 'helm test' functionaility to keystone and
provides the basic framwork for charts to use.
Change-Id: Ie84a6ca0ed007fb55e10d503d1c3e49788908eec
Partial-Implements: blueprint implement-helm-test-for-charts
TrivialFix: Some Chart.yaml's have permission 755; this patchset changes
that to 644 and be consistent with other yaml files.
Change-Id: I6453f91f0cd22330259bf24be9d4c331f2769ec2
This commit is based on how Nova got its configuration overrides
implemented.
An important thing here is support for setting multiple Cinder backends
(e.g. Ceph cluster + NFS) in the values.yaml. This was required as Cinder
accepts backend configurations only in [<backend_id>] sections in the
cinder.conf.
Please note that autogeneration of ceph.conf and
ceph.client.<rbd_user>.keyring works only for a backend named "rbd1".
In case you want to add another RBD backend, you need to mount those
files by yourself. Commit ehancing this is planned to follow shortly.
Change-Id: Ifb58a85300bbfbb9e63d6b3bfc2ad19a99d2c9d4
