ETCD aux pod define resources

Signed-off-by: Ruslan Aliev <raliev@mirantis.com> Change-Id: Ib2e666572fbe76bfa1ff542dd76e3c1d833e9268
2024-05-20 10:55:45 -05:00 · 2024-05-20 10:55:45 -05:00 · 4b349d9471
commit 4b349d9471
parent 12f448963f
8 changed files with 40 additions and 10 deletions
--- a/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl
+++ b/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl
@ -74,8 +74,8 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
-        - name: ETCD_LOG_PACKAGE_LEVELS
-          value: {{ default "" .Values.etcd.logging.log_level | include "helm-toolkit.utils.joinListWithComma" }}
+        - name: ETCD_LOG_LEVEL
+          value: {{ default "" .Values.etcd.logging.log_level }}
        - name: ETCD_CLIENT_CERT_AUTH
          value: "true"
        - name: ETCD_PEER_CLIENT_CERT_AUTH
--- a/charts/etcd/values.yaml
+++ b/charts/etcd/values.yaml
@ -54,11 +54,7 @@ etcd:
  cleanup_data: true
  etcdctl_api: "3"
  logging:
-    # Set individual etcd subpackages to specific log levels.
-    # An example being etcdserver=WARNING,security=DEBUG
-    log_level:
-      - etcdserver=DEBUG
-      - security=DEBUG
+    log_level: debug
 backup:
  enabled: true
  host_backup_path: /var/backups
--- a/promenade/schemas/Genesis.yaml
+++ b/promenade/schemas/Genesis.yaml
@ -121,6 +121,8 @@ data:
          type: string
        gomaxprocs:
          type: integer
+        resources:
+          type: object
      additionalProperties: false

    files:
--- a/promenade/templates/include/genesis-etcd/server-container.yaml
+++ b/promenade/templates/include/genesis-etcd/server-container.yaml
@ -1,5 +1,9 @@
    - name: etcd-{{ etcd_name }}
      image: {{ config['Genesis:images.kubernetes.etcd'] }}
+{%- if config['Genesis:etcd.resources'] is defined %}
+      resources:
+{{ config.get_path('Genesis:etcd.resources', {}) | toyaml | trim | indent(8, true) }}
+{%- endif %}
      env:
        - name: ETCD_NAME
          value: {{ etcd_name }}
--- a/promenade/templates/roles/genesis/etc/kubernetes/manifests/auxiliary-kubernetes-etcd.yaml
+++ b/promenade/templates/roles/genesis/etc/kubernetes/manifests/auxiliary-kubernetes-etcd.yaml
@ -34,6 +34,14 @@ spec:
                  | wc -l
          }

+          anchor_number_ready () {
+              NUM=$(kubectl -n kube-system get daemonset kubernetes-etcd-anchor --ignore-not-found -o jsonpath="{.status.numberReady}" || true)
+              if [ -z "$NUM" ]; then
+                NUM=0
+              fi
+              return $NUM
+          }
+
          remove_if_possible () {
              MEMBER_NAME="$1"
              MEMBER_ID=$(etcdctl member list | grep "${MEMBER_NAME}" | awk -F ', ' '{ print $1 }')
@ -50,7 +58,7 @@ spec:
            OLD_LEADER="$1"
            OLD_LEADER_EP=$(etcdctl member list | grep "$OLD_LEADER" | awk -F ', ' '{print $5}')
            NEW_LEADER=$(etcdctl member list | grep '\bstarted\b' | grep -Ev "\\b(auxiliary-0|auxiliary-1)\\b" | head -1 | awk -F ', ' '{print $1}')
-            if [ -n "$NEW_LEADER" ]; then
+            if [ -n "$NEW_LEADER" ] && [ -n "$OLD_LEADER_EP" ]; then
              if ! ETCDCTL_ENDPOINTS="$OLD_LEADER_EP" etcdctl move-leader "$NEW_LEADER"; then
                echo "Attempted abdication, but failed."
                return
--- a/tools/deployment/apparmor/001-setup-apparmor-profiles.sh
+++ b/tools/deployment/apparmor/001-setup-apparmor-profiles.sh
@ -0,0 +1,20 @@
+#!/bin/bash
+
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+set -xe
+
+# Ensure that apparmor is installed and enabled
+sudo -H -E apt-get install -y apparmor
+sudo systemctl enable apparmor && sudo systemctl start apparmor
+sudo systemctl status apparmor.service
--- a/tools/zuul/playbooks/deploy-promenade-containerd.yaml
+++ b/tools/zuul/playbooks/deploy-promenade-containerd.yaml
@ -52,7 +52,7 @@
        set -xe;
        ./tools/deployment/apparmor/001-setup-apparmor-profiles.sh
      args:
-        chdir: "{{ zuul.projects['opendev.org/openstack/openstack-helm-infra'].src_dir }}"
+        chdir: "{{ zuul.project.src_dir }}"
        executable: /bin/bash

    - name: List interfaces
--- a/tools/zuul/playbooks/deploy-promenade.yaml
+++ b/tools/zuul/playbooks/deploy-promenade.yaml
@ -39,7 +39,7 @@
        set -xe;
        ./tools/deployment/apparmor/001-setup-apparmor-profiles.sh
      args:
-        chdir: "{{ zuul.projects['opendev.org/openstack/openstack-helm-infra'].src_dir }}"
+        chdir: "{{ zuul.project.src_dir }}"
        executable: /bin/bash

    - name: Generate configuration files