diff --git a/charts/etcd/armada-resources.yaml b/charts/etcd/armada-resources.yaml new file mode 100644 index 00000000..e61f9162 --- /dev/null +++ b/charts/etcd/armada-resources.yaml @@ -0,0 +1,1171 @@ +--- +schema: armada/Manifest/v1 +metadata: + schema: metadata/Document/v1 + name: cluster-bootstrap + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + release_prefix: ucp + chart_groups: + - kubernetes-proxy + - container-networking + - dns + - kubernetes + - ucp-services +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-proxy + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + description: Kubernetes proxy + sequenced: true + chart_group: + - kubernetes-proxy +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: container-networking + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + description: Container networking via Calico + sequenced: true + chart_group: + - calico-etcd + - calico +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: dns + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + description: Cluster DNS + chart_group: + - coredns +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + description: Kubernetes components + sequenced: true + chart_group: + - haproxy + - kubernetes-etcd + - kubernetes-apiserver + - kubernetes-controller-manager + - kubernetes-scheduler +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-services + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + description: Airship platform components + sequenced: true + chart_group: + - promenade +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: helm-toolkit + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + chart_name: helm-toolkit + release: helm-toolkit + namespace: helm-toolkit + wait: + timeout: 600 + upgrade: + no_hooks: true + values: {} + source: + type: git + location: https://opendev.org/openstack/openstack-helm-infra.git + subpath: helm-toolkit + reference: fa8916f5bcc8cbf064a387569e2630b7bbf0b49b + dependencies: [] +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: infra-helm-toolkit + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + chart_name: infra-helm-toolkit + release: infra-helm-toolkit + namespace: infra-helm-toolkit + wait: + timeout: 600 + upgrade: + no_hooks: true + values: {} + source: + type: git + location: https://opendev.org/openstack/openstack-helm-infra.git + subpath: helm-toolkit + reference: fa8916f5bcc8cbf064a387569e2630b7bbf0b49b + dependencies: [] +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-proxy + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + chart_name: proxy + release: kubernetes-proxy + namespace: kube-system + wait: + timeout: 600 + labels: + release_group: ucp-kubernetes-proxy + upgrade: + no_hooks: true + values: + images: + tags: + proxy: registry.k8s.io/kube-proxy-amd64:v1.29.0 + network: + kubernetes_netloc: 127.0.0.1:6553 + source: + type: local + location: /etc/genesis/armada/assets/charts + subpath: proxy + dependencies: + - helm-toolkit + +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: calico-etcd + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - + src: + schema: deckhand/CertificateAuthority/v1 + name: calico-etcd + path: . + dest: + path: '.values.secrets.tls.client.ca' + - + src: + schema: deckhand/CertificateAuthority/v1 + name: calico-etcd-peer + path: . + dest: + path: '.values.secrets.tls.peer.ca' + + - + src: + schema: deckhand/Certificate/v1 + name: calico-etcd-anchor + path: . + dest: + path: '.values.secrets.anchor.tls.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-anchor + path: . + dest: + path: '.values.secrets.anchor.tls.key' + + - + src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n0 + path: . + dest: + path: '.values.nodes[0].tls.client.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n0 + path: . + dest: + path: '.values.nodes[0].tls.client.key' + - + src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n0-peer + path: . + dest: + path: '.values.nodes[0].tls.peer.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n0-peer + path: . + dest: + path: '.values.nodes[0].tls.peer.key' + + - + src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n1 + path: . + dest: + path: '.values.nodes[1].tls.client.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n1 + path: . + dest: + path: '.values.nodes[1].tls.client.key' + - + src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n1-peer + path: . + dest: + path: '.values.nodes[1].tls.peer.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n1-peer + path: . + dest: + path: '.values.nodes[1].tls.peer.key' + + - + src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n2 + path: . + dest: + path: '.values.nodes[2].tls.client.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n2 + path: . + dest: + path: '.values.nodes[2].tls.client.key' + - + src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n2-peer + path: . + dest: + path: '.values.nodes[2].tls.peer.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n2-peer + path: . + dest: + path: '.values.nodes[2].tls.peer.key' + + - + src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n3 + path: . + dest: + path: '.values.nodes[3].tls.client.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n3 + path: . + dest: + path: '.values.nodes[3].tls.client.key' + - + src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n3-peer + path: . + dest: + path: '.values.nodes[3].tls.peer.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n3-peer + path: . + dest: + path: '.values.nodes[3].tls.peer.key' + +data: + chart_name: etcd + release: calico-etcd + namespace: kube-system + test: + enabled: false + wait: + timeout: 600 + labels: + release_group: ucp-calico-etcd + upgrade: + no_hooks: true + values: + anchor: + etcdctl_endpoint: 10.96.232.136 + labels: + anchor: + node_selector_key: calico-etcd + node_selector_value: enabled + secrets: + anchor: + tls: + cert: placeholder + key: placeholder + tls: + client: + ca: placeholder + peer: + ca: placeholder + etcd: + host_data_path: /var/lib/etcd/calico + host_etc_path: /etc/etcd/calico + bootstrapping: + enabled: true + host_directory: /var/lib/anchor + filename: calico-etcd-bootstrap + images: + tags: + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: "quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal" + nodes: + - name: n0 + tls: + client: + cert: placeholder + key: placeholder + peer: + cert: placeholder + key: placeholder + - name: n1 + tls: + client: + cert: placeholder + key: placeholder + peer: + cert: placeholder + key: placeholder + - name: n2 + tls: + client: + cert: placeholder + key: placeholder + peer: + cert: placeholder + key: placeholder + # n3 is here to demonstrate movability of the cluster + - name: n3 + tls: + client: + cert: placeholder + key: placeholder + peer: + cert: placeholder + key: placeholder + service: + name: calico-etcd + ip: 10.96.232.136 + network: + service_client: + name: service_client + port: 6666 + target_port: 6666 + service_peer: + name: service_peer + port: 6667 + target_port: 6667 + source: + type: local + location: /etc/genesis/armada/assets/charts + subpath: etcd + dependencies: + - helm-toolkit + +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: calico + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: deckhand/CertificateAuthority/v1 + name: calico-etcd + path: . + dest: + path: '.values.endpoints.etcd.auth.client.tls.ca' + - src: + schema: deckhand/Certificate/v1 + name: calico-node + path: . + dest: + path: '.values.endpoints.etcd.auth.client.tls.crt' + - src: + schema: deckhand/CertificateKey/v1 + name: calico-node + path: . + dest: + path: '.values.endpoints.etcd.auth.client.tls.key' + - src: + schema: deckhand/CertificateAuthority/v1 + name: calico-etcd + path: . + dest: + path: '.values.conf.etcd.credentials.ca' + - src: + schema: deckhand/Certificate/v1 + name: calico-node + path: . + dest: + path: '.values.conf.etcd.credentials.certificate' + - src: + schema: deckhand/CertificateKey/v1 + name: calico-node + path: . + dest: + path: '.values.conf.etcd.credentials.key' +data: + chart_name: calico + release: calico + namespace: kube-system + wait: + timeout: 600 + labels: + release_group: ucp-calico + upgrade: + no_hooks: true + values: + conf: + cni_network_config: + name: k8s-pod-network + cniVersion: 0.1.0 + type: calico + etcd_endpoints: __ETCD_ENDPOINTS__ + etcd_ca_cert_file: /etc/calico/pki/ca + etcd_cert_file: /etc/calico/pki/crt + etcd_key_file: /etc/calico/pki/key + log_level: debug + mtu: 1500 + ipam: + type: calico-ipam + policy: + type: k8s + k8s_api_root: https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__ + k8s_auth_token: __SERVICEACCOUNT_TOKEN__ + + policy_controller: + K8S_API: "https://10.96.0.1:443" + + node: + CALICO_STARTUP_LOGLEVEL: DEBUG + CLUSTER_TYPE: + - k8s + - bgp + IP_AUTODETECTION_METHOD: interface=ens1 + WAIT_FOR_STORAGE: "true" + + endpoints: + etcd: + hosts: + default: calico-etcd + host_fqdn_override: + default: 10.96.232.136 + scheme: + default: https + + networking: + podSubnet: 10.97.0.0/16 + mtu: 1500 + + images: + tags: + calico_etcd: quay.io/coreos/etcd:v3.5.11 + calico_node: quay.io/calico/node:v3.4.0 + calico_cni: quay.io/calico/cni:v3.4.0 + calico_ctl: quay.io/calico/ctl:v3.4.0 + calico_settings: quay.io/calico/ctl:v3.4.0 + calico_kube_controllers: quay.io/calico/kube-controllers:v3.4.0 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 + + manifests: + daemonset_calico_etcd: false + job_image_repo_sync: false + service_calico_etcd: false + source: + type: git + location: https://opendev.org/openstack/openstack-helm-infra.git + reference: fa8916f5bcc8cbf064a387569e2630b7bbf0b49b + subpath: calico + dependencies: + - infra-helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: coredns + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + chart_name: coredns + release: coredns + namespace: kube-system + wait: + timeout: 600 + labels: + release_group: ucp-coredns + upgrade: + no_hooks: true + values: + conf: + test: + names_to_resolve: + - calico-etcd.kube-system.svc.cluster.local + - kubernetes.default.svc.cluster.local + images: + tags: + coredns: coredns/coredns:1.9.4 + test: quay.io/airshipit/promenade:master + source: + type: local + location: /etc/genesis/armada/assets/charts + subpath: coredns + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: haproxy + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + chart_name: haproxy + release: haproxy + namespace: kube-system + wait: + timeout: 600 + labels: + release_group: ucp-haproxy + upgrade: + no_hooks: true + values: + conf: + anchor: + enable_cleanup: false + kubernetes_url: https://10.96.0.1:443 + services: + kube-system: + kubernetes-apiserver: + server_opts: "check port 6443" + conf_parts: + global: + - timeout connect 5000ms + - timeout client 30s + - timeout server 30s + frontend: + - mode tcp + - bind *:6553 + backend: + - mode tcp + - option tcp-check + - option redispatch + kubernetes-etcd: + server_opts: "check port 2379" + conf_parts: + frontend: + - mode tcp + - bind *:2378 + backend: + - mode tcp + - option tcp-check + - option redispatch + + images: + tags: + anchor: quay.io/airshipit/porthole-compute-utility:latest-ubuntu_focal + haproxy: haproxy:1.8.3 + test: python:3.6 + + source: + type: local + location: /etc/genesis/armada/assets/charts + subpath: haproxy + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-apiserver + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - + src: + schema: deckhand/CertificateAuthority/v1 + name: kubernetes + path: . + dest: + path: .values.secrets.tls.ca + - + src: + schema: deckhand/Certificate/v1 + name: apiserver + path: . + dest: + path: .values.secrets.tls.cert + - + src: + schema: deckhand/CertificateKey/v1 + name: apiserver + path: . + dest: + path: .values.secrets.tls.key + + - + src: + schema: deckhand/CertificateAuthority/v1 + name: kubernetes-etcd + path: . + dest: + path: .values.secrets.etcd.tls.ca + - + src: + schema: deckhand/Certificate/v1 + name: apiserver-etcd + path: . + dest: + path: .values.secrets.etcd.tls.cert + - + src: + schema: deckhand/CertificateKey/v1 + name: apiserver-etcd + path: . + dest: + path: .values.secrets.etcd.tls.key + - + src: + schema: deckhand/PublicKey/v1 + name: service-account + path: . + dest: + path: .values.secrets.service_account.public_key + - + src: + schema: deckhand/PrivateKey/v1 + name: service-account + path: . + dest: + path: .values.secrets.service_account.private_key + + - src: + schema: promenade/EncryptionPolicy/v1 + name: encryption-policy + path: .etcd + dest: + path: $.values.conf.encryption_provider.content.resources +data: + chart_name: apiserver + release: kubernetes-apiserver + namespace: kube-system + wait: + timeout: 600 + labels: + release_group: ucp-kubernetes-apiserver + upgrade: + no_hooks: true + values: + conf: + encryption_provider: + file: encryption_provider.yaml + command_options: + - '--encryption-provider-config=/etc/kubernetes/apiserver/encryption_provider.yaml' + content: + kind: EncryptionConfiguration + apiVersion: apiserver.config.k8s.io/v1 + apiserver: + etcd: + endpoints: https://127.0.0.1:2378 + images: + tags: + anchor: quay.io/airshipit/porthole-compute-utility:latest-ubuntu_focal + apiserver: registry.k8s.io/kube-apiserver-amd64:v1.29.0 + network: + kubernetes_service_ip: 10.96.0.1 + pod_cidr: 10.97.0.0/16 + service_cidr: 10.96.0.0/16 + + source: + type: local + location: /etc/genesis/armada/assets/charts + subpath: apiserver + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-controller-manager + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - + src: + schema: deckhand/CertificateAuthority/v1 + name: kubernetes + path: . + dest: + path: .values.secrets.tls.ca + + - + src: + schema: deckhand/Certificate/v1 + name: controller-manager + path: . + dest: + path: .values.secrets.tls.cert + - + src: + schema: deckhand/CertificateKey/v1 + name: controller-manager + path: . + dest: + path: .values.secrets.tls.key + - + src: + schema: deckhand/PrivateKey/v1 + name: service-account + path: . + dest: + path: .values.secrets.service_account.private_key + +data: + chart_name: controller_manager + release: kubernetes-controller-manager + namespace: kube-system + wait: + timeout: 600 + labels: + release_group: ucp-kubernetes-controller-manager + upgrade: + no_hooks: true + values: + images: + tags: + anchor: quay.io/airshipit/porthole-compute-utility:latest-ubuntu_focal + controller_manager: registry.k8s.io/kube-controller-manager-amd64:v1.29.0 + secrets: + service_account: + private_key: placeholder + tls: + ca: placeholder + cert: placeholder + key: placeholder + network: + kubernetes_netloc: 127.0.0.1:6553 + pod_cidr: 10.97.0.0/16 + service_cidr: 10.96.0.0/16 + + source: + type: local + location: /etc/genesis/armada/assets/charts + subpath: controller_manager + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-scheduler + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - + src: + schema: deckhand/CertificateAuthority/v1 + name: kubernetes + path: . + dest: + path: .values.secrets.tls.ca + - + src: + schema: deckhand/Certificate/v1 + name: scheduler + path: . + dest: + path: .values.secrets.tls.cert + - + src: + schema: deckhand/CertificateKey/v1 + name: scheduler + path: . + dest: + path: .values.secrets.tls.key + +data: + chart_name: scheduler + release: kubernetes-scheduler + namespace: kube-system + wait: + timeout: 600 + labels: + release_group: ucp-kubernetes-scheduler + upgrade: + no_hooks: true + values: + secrets: + tls: + ca: placeholder + cert: placeholder + key: placeholder + + network: + kubernetes_netloc: 127.0.0.1:6553 + + images: + tags: + anchor: quay.io/airshipit/porthole-compute-utility:latest-ubuntu_focal + scheduler: registry.k8s.io/kube-scheduler-amd64:v1.29.0 + + source: + type: local + location: /etc/genesis/armada/assets/charts + subpath: scheduler + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-etcd + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - + src: + schema: deckhand/CertificateAuthority/v1 + name: kubernetes-etcd + path: . + dest: + path: '.values.secrets.tls.client.ca' + - + src: + schema: deckhand/CertificateAuthority/v1 + name: kubernetes-etcd-peer + path: . + dest: + path: '.values.secrets.tls.peer.ca' + + - + src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-anchor + path: . + dest: + path: '.values.secrets.anchor.tls.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-anchor + path: . + dest: + path: '.values.secrets.anchor.tls.key' + + - + src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-n0 + path: . + dest: + path: '.values.nodes[0].tls.client.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-n0 + path: . + dest: + path: '.values.nodes[0].tls.client.key' + - + src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-n0-peer + path: . + dest: + path: '.values.nodes[0].tls.peer.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-n0-peer + path: . + dest: + path: '.values.nodes[0].tls.peer.key' + + - + src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-n1 + path: . + dest: + path: '.values.nodes[1].tls.client.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-n1 + path: . + dest: + path: '.values.nodes[1].tls.client.key' + - + src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-n1-peer + path: . + dest: + path: '.values.nodes[1].tls.peer.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-n1-peer + path: . + dest: + path: '.values.nodes[1].tls.peer.key' + + - + src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-n2 + path: . + dest: + path: '.values.nodes[2].tls.client.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-n2 + path: . + dest: + path: '.values.nodes[2].tls.client.key' + - + src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-n2-peer + path: . + dest: + path: '.values.nodes[2].tls.peer.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-n2-peer + path: . + dest: + path: '.values.nodes[2].tls.peer.key' + + - + src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-n3 + path: . + dest: + path: '.values.nodes[3].tls.client.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-n3 + path: . + dest: + path: '.values.nodes[3].tls.client.key' + - + src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-n3-peer + path: . + dest: + path: '.values.nodes[3].tls.peer.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-n3-peer + path: . + dest: + path: '.values.nodes[3].tls.peer.key' + +data: + chart_name: etcd + release: kubernetes-etcd + namespace: kube-system + wait: + timeout: 600 + labels: + release_group: ucp-kubernetes-etcd + upgrade: + no_hooks: true + values: + anchor: + etcdctl_endpoint: kubernetes-etcd.kube-system.svc.cluster.local + labels: + anchor: + node_selector_key: kubernetes-etcd + node_selector_value: enabled + secrets: + anchor: + tls: + cert: placeholder + key: placeholder + tls: + client: + ca: placeholder + peer: + ca: placeholder + etcd: + host_data_path: /var/lib/etcd/kubernetes + host_etc_path: /etc/etcd/kubernetes + images: + tags: + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: quay.io/coreos/etcd:v3.5.11 + nodes: + - name: n0 + tls: + client: + cert: placeholder + key: placeholder + peer: + cert: placeholder + key: placeholder + - name: n1 + tls: + client: + cert: placeholder + key: placeholder + peer: + cert: placeholder + key: placeholder + - name: n2 + tls: + client: + cert: placeholder + key: placeholder + peer: + cert: placeholder + key: placeholder + - name: n3 + tls: + client: + cert: placeholder + key: placeholder + peer: + cert: placeholder + key: placeholder + service: + name: kubernetes-etcd + network: + service_client: + name: service_client + port: 2379 + target_port: 2379 + service_peer: + name: service_peer + port: 2380 + target_port: 2380 + source: + type: local + location: /etc/genesis/armada/assets/charts + subpath: etcd + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: promenade + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + chart_name: promenade + release: promenade + namespace: ucp + wait: + timeout: 600 + labels: + release_group: ucp-promenade + values: + pod: + env: + promenade_api: + - name: PROMENADE_DEBUG + value: '1' + conf: + paste: + app:promenade-api: + disable: keystone + pipeline:main: + pipeline: noauth promenade-api + images: + tags: + promenade: quay.io/airshipit/promenade:master + manifests: + job_ks_endpoints: false + job_ks_service: false + job_ks_user: false + secret_keystone: false + upgrade: + no_hooks: true + source: + type: local + location: /etc/genesis/armada/assets/charts + subpath: promenade + dependencies: + - helm-toolkit +... diff --git a/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl b/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl index c4850bc1..8a2b963a 100644 --- a/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl +++ b/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl @@ -16,24 +16,14 @@ {{- $envAll := . }} {{- define "etcdreadinessProbeTemplate" }} -exec: - command: - - /bin/sh - - -c - - |- - export ETCDCTL_ENDPOINTS=https://$POD_IP:{{ .Values.network.service_client.target_port }} - etcdctl endpoint health - exit $? + httpGet: + path: /health + port: {{ .Values.network.service_client.target_port }} {{- end }} {{- define "etcdlivenessProbeTemplate" }} -exec: - command: - - /bin/sh - - -c - - |- - export ETCDCTL_ENDPOINTS=https://$POD_IP:{{ .Values.network.service_client.target_port }} - etcdctl endpoint status - exit $? + httpGet: + path: /health + port: {{ .Values.network.service_client.target_port }} {{- end }} # Strip off "etcd" from service name to get the application name # Note that application can either be kubernetes or calico for now diff --git a/charts/etcd/values.yaml b/charts/etcd/values.yaml index 13f68342..e35ed508 100644 --- a/charts/etcd/values.yaml +++ b/charts/etcd/values.yaml @@ -14,8 +14,8 @@ images: tags: - etcd: quay.io/coreos/etcd:v3.5.6 - etcdctl: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: "quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal" etcdctl_backup: "quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal" dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic diff --git a/doc/source/configuration/genesis.rst b/doc/source/configuration/genesis.rst index 3544640a..122f49bb 100644 --- a/doc/source/configuration/genesis.rst +++ b/doc/source/configuration/genesis.rst @@ -45,7 +45,7 @@ Here is a complete sample document: kubernetes: apiserver: registry.k8s.io/kube-apiserver-amd64:v1.29.0 controller-manager: registry.k8s.io/kube-controller-manager-amd64:v1.29.0 - etcd: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 scheduler: registry.k8s.io/kube-scheduler-amd64:v1.29.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap diff --git a/examples/basic/Genesis.yaml b/examples/basic/Genesis.yaml index 7aa260ec..da121004 100644 --- a/examples/basic/Genesis.yaml +++ b/examples/basic/Genesis.yaml @@ -49,7 +49,7 @@ data: kubernetes: apiserver: registry.k8s.io/kube-apiserver-amd64:v1.29.0 controller-manager: registry.k8s.io/kube-controller-manager-amd64:v1.29.0 - etcd: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 scheduler: registry.k8s.io/kube-scheduler-amd64:v1.29.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap diff --git a/examples/basic/armada-resources.yaml b/examples/basic/armada-resources.yaml index c9de117d..33619273 100644 --- a/examples/basic/armada-resources.yaml +++ b/examples/basic/armada-resources.yaml @@ -363,8 +363,8 @@ data: filename: calico-etcd-bootstrap images: tags: - etcd: quay.io/coreos/etcd:v3.5.6 - etcdctl: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: "quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal" nodes: - name: n0 tls: @@ -519,7 +519,7 @@ data: images: tags: - calico_etcd: quay.io/coreos/etcd:v3.5.6 + calico_etcd: quay.io/coreos/etcd:v3.5.11 calico_node: quay.io/calico/node:v3.4.0 calico_cni: quay.io/calico/cni:v3.4.0 calico_ctl: quay.io/calico/ctl:v3.4.0 @@ -1071,8 +1071,8 @@ data: host_etc_path: /etc/etcd/kubernetes images: tags: - etcd: quay.io/coreos/etcd:v3.5.6 - etcdctl: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: "quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal" nodes: - name: n0 tls: diff --git a/examples/complete/Genesis.yaml b/examples/complete/Genesis.yaml index 8f1f601c..d5676d6f 100644 --- a/examples/complete/Genesis.yaml +++ b/examples/complete/Genesis.yaml @@ -38,7 +38,7 @@ data: kubernetes: apiserver: registry.k8s.io/kube-apiserver-amd64:v1.29.0 controller-manager: registry.k8s.io/kube-controller-manager-amd64:v1.29.0 - etcd: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 scheduler: registry.k8s.io/kube-scheduler-amd64:v1.29.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap diff --git a/examples/complete/armada-resources.yaml b/examples/complete/armada-resources.yaml index 07f310f7..294ebe95 100644 --- a/examples/complete/armada-resources.yaml +++ b/examples/complete/armada-resources.yaml @@ -400,8 +400,8 @@ data: filename: calico-etcd-bootstrap images: tags: - etcd: quay.io/coreos/etcd:v3.5.6 - etcdctl: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: "quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal" nodes: - name: n0 tls: @@ -540,7 +540,7 @@ data: images: tags: - calico_etcd: quay.io/coreos/etcd:v3.5.6 + calico_etcd: quay.io/coreos/etcd:v3.5.11 calico_node: quay.io/calico/node:v3.4.0 calico_cni: quay.io/calico/cni:v3.4.0 calico_ctl: quay.io/calico/ctl:v3.4.0 @@ -1082,8 +1082,8 @@ data: host_etc_path: /etc/etcd/kubernetes images: tags: - etcd: quay.io/coreos/etcd:v3.5.6 - etcdctl: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: "quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal" nodes: - name: n0 tls: diff --git a/examples/containerd/Genesis.yaml b/examples/containerd/Genesis.yaml index e6ebcdf1..2445df74 100644 --- a/examples/containerd/Genesis.yaml +++ b/examples/containerd/Genesis.yaml @@ -49,7 +49,7 @@ data: kubernetes: apiserver: registry.k8s.io/kube-apiserver-amd64:v1.29.0 controller-manager: registry.k8s.io/kube-controller-manager-amd64:v1.29.0 - etcd: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 scheduler: registry.k8s.io/kube-scheduler-amd64:v1.29.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap diff --git a/examples/containerd/armada-resources.yaml b/examples/containerd/armada-resources.yaml index 89c241cf..e98e4efe 100644 --- a/examples/containerd/armada-resources.yaml +++ b/examples/containerd/armada-resources.yaml @@ -276,8 +276,8 @@ data: filename: calico-etcd-bootstrap images: tags: - etcd: quay.io/coreos/etcd:v3.5.6 - etcdctl: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: "quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal" nodes: - name: n0 tls: @@ -413,7 +413,7 @@ data: images: tags: - calico_etcd: quay.io/coreos/etcd:v3.5.6 + calico_etcd: quay.io/coreos/etcd:v3.5.11 calico_node: quay.io/calico/node:v3.4.0 calico_cni: quay.io/calico/cni:v3.4.0 calico_ctl: quay.io/calico/ctl:v3.4.0 @@ -883,8 +883,8 @@ data: host_etc_path: /etc/etcd/kubernetes images: tags: - etcd: quay.io/coreos/etcd:v3.5.6 - etcdctl: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: "quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal" nodes: - name: n0 tls: diff --git a/examples/gate/Genesis.yaml b/examples/gate/Genesis.yaml index e6ebcdf1..2445df74 100644 --- a/examples/gate/Genesis.yaml +++ b/examples/gate/Genesis.yaml @@ -49,7 +49,7 @@ data: kubernetes: apiserver: registry.k8s.io/kube-apiserver-amd64:v1.29.0 controller-manager: registry.k8s.io/kube-controller-manager-amd64:v1.29.0 - etcd: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 scheduler: registry.k8s.io/kube-scheduler-amd64:v1.29.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap diff --git a/examples/gate/armada-resources.yaml b/examples/gate/armada-resources.yaml index ed71d90e..cee7ac47 100644 --- a/examples/gate/armada-resources.yaml +++ b/examples/gate/armada-resources.yaml @@ -282,8 +282,8 @@ data: filename: calico-etcd-bootstrap images: tags: - etcd: quay.io/coreos/etcd:v3.5.6 - etcdctl: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: "quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal" nodes: - name: n0 tls: @@ -419,7 +419,7 @@ data: images: tags: - calico_etcd: quay.io/coreos/etcd:v3.5.6 + calico_etcd: quay.io/coreos/etcd:v3.5.11 calico_node: quay.io/calico/node:v3.4.0 calico_cni: quay.io/calico/cni:v3.4.0 calico_ctl: quay.io/calico/ctl:v3.4.0 @@ -889,8 +889,8 @@ data: host_etc_path: /etc/etcd/kubernetes images: tags: - etcd: quay.io/coreos/etcd:v3.5.6 - etcdctl: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: "quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal" nodes: - name: n0 tls: diff --git a/promenade/templates/roles/genesis/etc/kubernetes/manifests/auxiliary-kubernetes-etcd.yaml b/promenade/templates/roles/genesis/etc/kubernetes/manifests/auxiliary-kubernetes-etcd.yaml index 1d967c13..6ee6e770 100644 --- a/promenade/templates/roles/genesis/etc/kubernetes/manifests/auxiliary-kubernetes-etcd.yaml +++ b/promenade/templates/roles/genesis/etc/kubernetes/manifests/auxiliary-kubernetes-etcd.yaml @@ -20,7 +20,7 @@ spec: {%- endwith %} - name: monitor - image: {{ config['Genesis:images.kubernetes.etcd'] }} + image: {{ config['Genesis:images.kubernetes.etcdctl'] }} command: - /bin/sh - -c diff --git a/tests/unit/api/test_validatedesign.py b/tests/unit/api/test_validatedesign.py index 703e042f..b96567f7 100644 --- a/tests/unit/api/test_validatedesign.py +++ b/tests/unit/api/test_validatedesign.py @@ -107,7 +107,7 @@ VALID_DOCS = [ 'registry.k8s.io/kube-apiserver-amd64:v1.29.0', 'controller-manager': 'registry.k8s.io/kube-controller-manager-amd64:v1.29.0', - 'etcd': 'quay.io/coreos/etcd:v3.5.6', + 'etcd': 'quay.io/coreos/etcd:v3.5.11', 'scheduler': 'registry.k8s.io/kube-scheduler-amd64:v1.29.0' } }, diff --git a/tests/unit/builder_data/simple/Genesis.yaml b/tests/unit/builder_data/simple/Genesis.yaml index e276d410..f51108ce 100644 --- a/tests/unit/builder_data/simple/Genesis.yaml +++ b/tests/unit/builder_data/simple/Genesis.yaml @@ -35,7 +35,7 @@ data: kubernetes: apiserver: registry.k8s.io/kube-apiserver-amd64:v1.29.0 controller-manager: registry.k8s.io/kube-controller-manager-amd64:v1.29.0 - etcd: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 scheduler: registry.k8s.io/kube-scheduler-amd64:v1.29.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap diff --git a/tests/unit/builder_data/simple/armada-resources.yaml b/tests/unit/builder_data/simple/armada-resources.yaml index 518a0969..fc73b2d9 100644 --- a/tests/unit/builder_data/simple/armada-resources.yaml +++ b/tests/unit/builder_data/simple/armada-resources.yaml @@ -303,8 +303,8 @@ data: filename: calico-etcd-bootstrap images: tags: - etcd: quay.io/coreos/etcd:v3.5.6 - etcdctl: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: "quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal" nodes: - name: n0 tls: @@ -923,8 +923,8 @@ data: host_etc_path: /etc/etcd/kubernetes images: tags: - etcd: quay.io/coreos/etcd:v3.5.6 - etcdctl: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: "quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal" nodes: - name: n0 tls: diff --git a/tools/gate/default-config-env b/tools/gate/default-config-env index 62c66d88..06a5dc83 100644 --- a/tools/gate/default-config-env +++ b/tools/gate/default-config-env @@ -6,7 +6,7 @@ IMAGE_CALICO_KUBE_CONTROLLERS=quay.io/calico/kube-controllers:v3.4.0 IMAGE_CALICO_NODE=quay.io/calico/node:v3.4.0 IMAGE_COREDNS=coredns/coredns:1.9.4 IMAGE_DEP_CHECK=quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 -IMAGE_ETCD=quay.io/coreos/etcd:v3.5.6 +IMAGE_ETCD=quay.io/coreos/etcd:v3.5.11 IMAGE_HAPROXY=haproxy:1.8.3 IMAGE_HELM=lachlanevenson/k8s-helm:v3.13.2 IMAGE_APISERVER=registry.k8s.io/kube-apiserver-amd64:v1.29.0