This commit uses the existing policy-in-code module to move all
default policies for quotas into code. This commit also adds
helpful documentation about each API those policies protect,
which will be generated in sample policy files.
Co-authored-By: Dai Dang-Van <daidv@vn.fujitsu.com>
Implements: blueprint policy-in-code
Change-Id: I2fbd7577545ed08dee10064d321e8c6941324b5d
This commit uses the existing policy-in-code module to move all
default policies for cluster templates into code. This commit also adds
helpful documentation about each API those policies protect,
which will be generated in sample policy files.
Co-authored-By: Dai Dang-Van <daidv@vn.fujitsu.com>
Implements: blueprint policy-in-code
Change-Id: I9a8176ea20e3c925441473d1d84db3a73edca7a5
This commit uses the existing policy-in-code module to move all
default policies for clusters into code. This commit also adds
helpful documetation about each API those policies protect,
which will be generated in sample policy files.
Change-Id: I36e69fe930505c2777f4376be1f6ddf17016998f
Co-authored-By: Dai Dang-Van <daidv@vn.fujitsu.com>
Implements: blueprint policy-in-code
This commit uses the existing policy-in-code module to move all
default policies for baymodels into code. This commit also adds
helpful documetation about each API those policies protect, which
will be generated in sample policy files.
Change-Id: Ia4409ff712d0e64985d9565e11671b33c8ac9ddf
Co-authored-By: Dai Dang-Van <daidv@vn.fujitsu.com>
Implements: blueprint policy-in-code
This commit uses the existing policy-in-code module to move all
default policies for bays into code. This commit also adds helpful
documetation about each API those policies protect, which will be
generated in sample policy files.
Change-Id: I4221ed56146ed952781f5f38bc4344d8a0d07881
Co-authored-By: Dai Dang-Van <daidv@vn.fujitsu.com>
Implements: blueprint policy-in-code
This change prepares the magnum project to start implementing
policies in code. Subsequent patches will register more magnum
policies in code and remove the corresponding entry from the
policy file maintained in source.
This is part of a community effort to provide better user
experience for those having to maintain RBAC policy. More
information on this effort can be found below:
https://governance.openstack.org/tc/goals/queens/policy-in-code.html
Change-Id: I0e2b34067ea1e4d5868df544a9f65ae3f1944c43
Co-authored-By: Dai Dang-Van <daidv@vn.fujitsu.com>
Implements: blueprint policy-in-code
TLS enabled k8s cluster are not created if admin_user, admin_password
and admin_tenant_name are not set in [keystone_authtoken] section,
This patch updates the install guide for the same.
Change-Id: Id58bbbda34d52f60c174630400ae469c48a7d115
Closes-Bug: #1717798
Related-Bug: #1670355
Add master_flavor_id as an option during cluster create. If not given,
the default is taken from the cluster template.
Add master_flavor_id in the Cluster object and use that instead
of the one from ClusterTemplate.
Update both magnum and magnum cli documentation to reflect the above changes.
Partial-Bug: #1699247
Change-Id: Id1d973167b381538121583a0a9691304b39e98de
Add a label to prefix all container image use by magnum:
* kubernetes components
* coredns
* node-exporter
* kubernetes-dashboard
Using this label all containers will be pulled from the specified
registry and group in the registry.
TODO:
* grafana
* prometheus
Closes-Bug: #1712810
Change-Id: Iefe02f5ebc97787ee80431e0f16f73ae8444bdc0
In order to make it simpler to use the default
configuration files when deploying services
from source, the files are added to pbr's
data_files section so that the files are
included in the built wheels and therefore
deployed with the code. Packaging and deployment
tools can then more easily use the default files
if they wish to.
This pattern is already established with similar
files for neutron, designate and glance as has
been mentioned in the related bug report.
Change-Id: If96de1416714490477ce03dbdf7f33ee1e78de87
Closes-Bug: #1718356
The periodic jobs are currently getting registered per each worker
which means that in cases with large number of workers, the APIs
for services such as Heat and Keystone will be hit very hard.
This patch resolves this issue by registering the jobs only to the
main process, ensuring that they run once per instance (or group
of workers).
Closes-Bug: #1702349
Change-Id: If9e13effc14fd35e646d02bb4f568e79786aa958
When writing the node-exporter manifest, make sure that
the directory exists.
Change-Id: I41be5c09890bd2c9a063d4942f03305ff690ec4b
Closes-Bug: #1716697
Newer versions have moved from iso8601.iso8601.Utc() to
just iso8601.UTC, causing tests to fail under py35.
Change-Id: I59c771b6803866282912c2067ff5ed25bba13626
Closes-bug: #1715486
Hieu LE
yatin