961 Commits

Author SHA1 Message Date
Zuul
3277230b03 Merge "Removal of IPTable rules in vm-infra-bridge manifests." 2021-06-04 16:36:44 +00:00
Zuul
6bc43513e1 Merge "Fix up validation errors from LMA functions" 2021-06-04 16:36:39 +00:00
Steven Fitzpatrick
38f0e9ee65 Fix up validation errors from LMA functions
I'm splitting these changes from [0] for clarity.

This change fixes various indentation errors/ key placements in LMA
functions.

Also fixes a validation error in the test-site's workload
replacements

[0] https://review.opendev.org/c/airship/treasuremap/+/793106

Change-Id: I9f252cf067e30de6e961edaa412ab87a902918de
2021-06-04 03:48:49 +00:00
Ian Howell
12fc147cea Add type-specific deployment scripts
This change restructures the deployment script directory to support
type-specific deployment scripts. As sub-clusters are added, those
scripts will only be relevant to the multi-tenant type. The distinction
between which scripts should be used for each type will prevent
unexpected deployment errors.

Co-authored-by: Drew Walters <andrew.walters@att.com>
Change-Id: Ic14d4536bc9e593ab81c94b5c1dcec063a93ed18
2021-06-03 18:23:33 +00:00
Manoj Alva(ma257n)
d41cbd9b1b Removal of IPTable rules in vm-infra-bridge manifests.
Change in the vino networking model to accomodate pxe network
(https://review.opendev.org/c/airship/vino/+/793652) has made the iptables
update in the vm-infra-bridge manifesst unnecessary.
This PS removes the iptables related entries.

Change-Id: I0eb530b17302f34c3eaee83ca6fd454c665f7e73
2021-06-03 17:25:57 +00:00
Sirajudeen
49f02e6be4 Align Treasuremap to recent changes of Airshipctl
* Changes from following PS are used to align treasuremap with airshipctl
   https://review.opendev.org/c/airship/airshipctl/+/790791
   https://review.opendev.org/c/airship/airshipctl/+/787290

Closes: #159

Change-Id: I43b633b06addaf65b6b5f945782df032cabf114c
2021-06-03 13:10:13 +00:00
Zuul
6d26fe9aec Merge "Fix workload replacements" 2021-06-02 21:39:49 +00:00
Zuul
a73234bcc7 Merge "Remove Minio Components from airship-core lma" 2021-06-01 16:18:42 +00:00
Drew Walters
b8c0fecbed Fix workload replacements
The workload entrypoint does not have an replacements directory, meaning
that each function's replacements must be listed at the site level.
Relying on calling a function's replacements can be unreliable when
making changes at the type level because entrypoints also have to be
updated at the site level. This change adds a replacements entrypoint
for the workload phases so that changes can be made at the type level
without changing each site.

Signed-off-by: Drew Walters <andrew.walters@att.com>
Change-Id: I450fb5e57967b1fe0b585f85686b558962338d90
2021-06-01 10:36:28 -05:00
Zuul
be289d933b Merge "Add and fix storage-cluster replacements passthrough in types" 2021-05-29 01:44:12 +00:00
Zuul
2e05801814 Merge "Add storage-cluster composite" 2021-05-28 22:02:13 +00:00
Ratnopam Chakrabarti
6c919164b2 Create network policy for subcluster
Added sample calico v3 global network policy and hostendpoint for controlling
traffic flow between sub-clusters.

Also, adds Calico hostendpoints with labels for oam, ksn and vm-infra-bridge.

Relates-To: #131
Closes: #131

Change-Id: I1bb0b1e450b9f78fe1ee77abb0ff12eea72873a5
2021-05-28 14:46:35 +00:00
Zuul
4e0dfac161 Merge "Fix host-inventory cleanup" 2021-05-28 14:22:53 +00:00
Zuul
f1434349fe Merge "Add elasticsearch-exporter to our elastic-stack" 2021-05-28 12:35:43 +00:00
Zuul
29459b4d17 Merge "Treasuremap Elasticsearch & Kibana" 2021-05-28 06:54:30 +00:00
Drew Walters
28a693ccc5 Fix host-inventory cleanup
The host-inventory entrypoint of the virtual-network-cloud site is using
the old cleanup method, which has been removed. This change updates it
to use the new cleanup function. This change also re-enables voting for
the virtual-network-cloud deployment job.

Signed-off-by: Drew Walters <andrew.walters@att.com>
Change-Id: Ib09125a9c5e7c61f314f1962f89efef51c5ead58
2021-05-27 21:47:47 +00:00
Steven Fitzpatrick
8ad827159a Remove Minio Components from airship-core lma
Work on this minio chart has been halted, so we need an alternative
S3 provider in the long term (#111). Removing references to this function
and associated CRs from airship-core deployments and the lma-configs
composite

Also, taking the opportunity to move our cluster flow & output
definitions out of the logging-operator-logging HelmRelease and
into proper CR documents

Relates-To: #111
Relates-To: #150
Change-Id: Id4b4b8d07fb6b38ba033e76a015d8703efca727a
2021-05-27 21:34:23 +00:00
Zuul
622a2b28ff Merge "Removes the rook-operator chart from the base catalogues" 2021-05-27 21:07:56 +00:00
Andrii Ostapenko
79ec0a645c
Add and fix storage-cluster replacements passthrough in types
Change-Id: Ifb8a28539e571433f320e7035c8ec6d356d94d1a
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2021-05-27 15:40:42 -05:00
Drew Walters
1c8a5891b1 Add storage-cluster composite
Storage configuration for Rook is currently located within the
airship-core type; however, the multi-tenant type no longer inherits
this configuration from the airship-core type. This change introduces a
new composite, storage-cluster, to share the configuration between both
types.

Signed-off-by: Drew Walters <andrew.walters@att.com>
Change-Id: Ib10098b38466725f00d9ec9d48058cd269544a3a
2021-05-26 20:29:20 +00:00
Drew Walters
bb8962f3fc Add rook-operator replacements to multi-tenant
The rook-operator is deployed in the multi-tenant type; however, the
replacements do not accompany the deployment of the rook-operator
function. This change adds the rook-operator replacements to the
multi-tenant initinfra phase so that the replacements are used for the
rook-operator function.

Signed-off-by: Drew Walters <andrew.walters@att.com>
Change-Id: Iddb948c120b02b152f752650904ce2ebfc4394f9
2021-05-26 20:29:20 +00:00
Andrii Ostapenko
5259d2f660 Disable voting for virtual-network-cloud gate
With [0] merged, we actually started to use real virtual-network-cloud
manifests in virtual-network-cloud gate instead of default test-site.

[0] https://review.opendev.org/c/airship/airshipctl/+/792836

Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
Change-Id: Idb80769ce0a853662d1d2745452cb6409a71322f
2021-05-27 06:45:43 +00:00
Steven Fitzpatrick
fdcac8d9fb Add elasticsearch-exporter to our elastic-stack
This change introduces a function for deploying the community
prometheus-easticsearch-exporter chart, and adds it to our
elastic-stack composite.

Upon review it was found that the chart version was being
replaced at the incorrect yaml path accross all LMA components,
so these replacements are corrected in this PS as well.

Change-Id: Iad973f4a16d9985a639c3c6927d9f74cd57f4910
2021-05-26 19:48:18 +00:00
Zuul
1abf6cdb36 Merge "Updating the calico network based on stl3 data" 2021-05-26 14:26:40 +00:00
gs909v
4bf27930e9 Treasuremap Elasticsearch & Kibana
This change adds a composite to treasuremap for deploying
Elasticsearch & Kibana in the lma-stack phase

Co-Authored-By: gs909v <graham.steffaniak@att.com>
Change-Id: I6b4a9b1787f9daae9889084cb2dde483b815186e
2021-05-26 05:32:41 +00:00
Zuul
b850bc140f Merge "Uplift VINO function" 2021-05-25 22:10:12 +00:00
Arijit Bose
57084413db Updating the calico network based on stl3 data
Change-Id: I820ae50841d42f91a55005d778979ca4289a0da1
2021-05-25 13:49:21 -05:00
Kostiantyn Kalynovskyi
70f4b92003 Uplift VINO function
Closes: #145
Change-Id: Id47007f762aebf2faee36c384c754eddb4982960
2021-05-25 15:47:45 +00:00
Sean Eagan
869b0da10f Uplift SIP
This moves to the latest version of SIP:
f9226befbd49e4eba8909aa430ce7407551bba62

This version includes a workload load balancer service, for
which configuration is added.

Closes: #146
Signed-off-by: Sean Eagan <seaneagan1@gmail.com>
Change-Id: I1820b408559bc51d86a62d7d4aad10c458890354
2021-05-25 10:21:10 -05:00
Zuul
3ec45406b2 Merge "Add forwarding for vm-infra-bridge" 2021-05-24 22:13:00 +00:00
Zuul
8f013394a0 Merge "Dex deployment for subclusters using existing dex HelmRelease in treasuremap" 2021-05-24 22:12:57 +00:00
Zuul
7a7de3fc9d Merge "Update substitutions for lma components" 2021-05-24 19:19:53 +00:00
Zuul
100a7388c6 Merge "Rename lma-infra namespace to lma" 2021-05-24 19:19:50 +00:00
sa069q
88d18fa126 Dex deployment for subclusters using existing dex HelmRelease in treasuremap
Note:
1. As per the latest conclusion, Dex and SIPCluster would be deployed on same namespace, hence dex function added to same Kustomization file

2. As a part of Issue# 136 for catalogue, there would be another patchset to make nodeport flexible

Change-Id: I53b2bb33278dd229450c305ad2e15476d8796073
2021-05-24 22:17:48 +05:30
Steven Fitzpatrick
e19661d6a0 Update substitutions for lma components
- The HelmRepository url replacement would overide the
  entire contents of .spec, removing the interval
  parameter which was defined in the originaldocument

- Update Chart and Image Versions

Change-Id: I09cb9f6d68bc5e73a46d1cf17e72d2437b61eb1e
2021-05-24 16:09:49 +00:00
Steven Fitzpatrick
e76545b4be Rename lma-infra namespace to lma
Change-Id: If4ec8ef12b0ee7653ce5e3f26abad4b104f7110d
2021-05-24 16:07:25 +00:00
siraj.yasin
0c092bbc6a Fix the regex with job trigger filter
Change-Id: I0489ea1485f95f46c6794578c8c47d41598ac3e7
2021-05-24 12:45:52 +00:00
Zuul
ee9403fb1c Merge "Changes in dex function to work for both target cluster as well as sub-clusters along with few enhancements" 2021-05-22 14:15:35 +00:00
Andrii Ostapenko
76d8a8da62
Add forwarding for vm-infra-bridge
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
Change-Id: I07dbb044571ec683e5c0a432d53aee759f718a26
2021-05-21 18:52:42 -05:00
Zuul
db5442ce14 Merge "Update deployment job voting status" 2021-05-21 22:59:49 +00:00
Zuul
6026c86e4d Merge "Updates vm-infra-bridge iptables vlan" 2021-05-21 18:11:06 +00:00
Zuul
e0d394588d Merge "Add filter rules to Job trigger" 2021-05-21 14:20:41 +00:00
Zuul
21a00b96e6 Merge "Fix incorrect reference-airship-core type refs" 2021-05-21 14:20:33 +00:00
Drew Walters
8ca990371d Update deployment job voting status
Now that the site deployment jobs are green and reliable, make them
voting so that breaking changes are not introduced.

Signed-off-by: Drew Walters <andrew.walters@att.com>
Change-Id: I69cede69807f3d018f87cd3a52d7ef03291232af
2021-05-21 13:56:39 +00:00
Egler, Jess (je808k)
6f6a7d46dc Updates vm-infra-bridge iptables vlan
This change corrects the vm-infra-bridge creation script to set
the iptable rule for masquerade to use the host oam vlan and
updates the vlans to match the multi-tenant site configuration.

Change-Id: If288ed63628658f4e461f512f853b384f0eaeba4
2021-05-20 21:08:29 +00:00
siraj.yasin
17a9ccfae7 Add filter rules to Job trigger
* Trigger deployment job only when relevant files are updated and
  ignore on any document updates

Change-Id: Icac40a35071950639ca04593662e9e6d460519a3
2021-05-20 20:57:28 +00:00
vs422h
94d9a8b194 Removes the rook-operator chart from the base catalogues
* Current rook-operator implementation does not use Helm charts

Change-Id: Ibbb23aff18eb311bb45a475326c5008aefd9e4f1
2021-05-20 18:38:21 +00:00
Frank Ritchie
e7130f4301 Updates for Rook 1.6.2 and Ceph 15.2.11
This PS is to update the Rook yaml files for version v1.6.2. Additionally, the version of Ceph is upgraded to v15.2.11 and Ceph-CSI is upgraded to v3.3.1.

v1.6 provides a few features the storage team wants:

* The operator supports upgrading multiple OSDs in parallel
* LVM no longer used to provision OSDs by default
* Monitor failover can be disabled if needed
* Operator support for Ceph Pacific (v16)
* Ceph 15.2.11 by default
* CephClient CRD standardized to controller-runtime library (kubebuilder)

https://github.com/kubernetes-sigs/controller-runtime

* Pod Disruption Budgets enabled by default.

https://github.com/rook/rook/blob/master/design/ceph/ceph-managed-disruptionbudgets.md

More notes:

* There are many indentation changes in common.yaml
* There is now a variable in operator.yaml for enabling host networking for the CSI pods. Default is to use host network.

* CSI image updates:

ROOK_CSI_CEPH_IMAGE: "quay.io/cephcsi/cephcsi:v3.3.1"
ROOK_CSI_SNAPSHOTTER_IMAGE: "k8s.gcr.io/sig-storage/csi-snapshotter:v4.0.0"

* There is a very large update to crds.yaml largely due to the controller-runtime being employed.

* Ceph 15.2.11 needed for CVE-2021-20288

Change-Id: I5cf0cf63bfcf4b0ea1d242d6eae2f53adda7be5e
2021-05-20 17:58:01 +00:00
sa069q
f0aa07c82f Changes in dex function to work for both target cluster as well as sub-clusters along with few enhancements
Depends-On: https://review.opendev.org/c/airship/airshipctl/+/792316

Change-Id: I13f97faec5523b6ae86cd0a578d4b76c8c1344a2
2021-05-20 22:38:15 +05:30
Alexey Odinokov
2946a13806 Adding a place for external secrets to be stored on site level
1. Reflecting changes done in [1] to treasuremap.
2. Changing airshipctl ref to [1]
3. Making static validation work, since it was merged before [1]
4. Adding dex.ldap.bind_password to imported secrets
5. Adding dex.oidc.clientSecret to generated secrets
6. Due to the added new site - increasing the validation timeout
7. Adding replacement for [2]

[1]
https://review.opendev.org/c/airship/airshipctl/+/786286

[2]
https://review.opendev.org/c/airship/treasuremap/+/788991

Relates-To: #128
Change-Id: I473ace3d7aae85ebe76b73253108c6f1b6ca6e95
2021-05-20 05:34:19 +00:00