diff --git a/releasenotes/config.yaml b/releasenotes/config.yaml index 436ae404b..98f214ab5 100644 --- a/releasenotes/config.yaml +++ b/releasenotes/config.yaml @@ -54,7 +54,6 @@ sections: - [redis, redis Chart] - [registry, registry Chart] - [shaker, shaker Chart] - - [tiller, tiller Chart] - [features, New Features] - [issues, Known Issues] - [upgrade, Upgrade Notes] diff --git a/releasenotes/notes/tiller.yaml b/releasenotes/notes/tiller.yaml deleted file mode 100644 index d9da2688f..000000000 --- a/releasenotes/notes/tiller.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -tiller: - - 0.1.0 Initial Chart - - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - - 0.1.2 Update tiller image url and version - - 0.1.3 Update htk requirements -... diff --git a/roles/gather-prom-metrics/tasks/main.yaml b/roles/gather-prom-metrics/tasks/main.yaml index 0bbc8e46e..30ea45952 100644 --- a/roles/gather-prom-metrics/tasks/main.yaml +++ b/roles/gather-prom-metrics/tasks/main.yaml @@ -32,14 +32,6 @@ executable: /bin/bash ignore_errors: True -- name: "Get prometheus metrics from tiller-deploy" - shell: |- - set -e - curl tiller-deploy.kube-system:44135/metrics >> "{{ logs_dir }}"/prometheus/kube-system-tiller-deploy.txt - args: - executable: /bin/bash - ignore_errors: True - - name: "Get ceph metrics from ceph-mgr" shell: |- set -e diff --git a/tiller/Chart.yaml b/tiller/Chart.yaml deleted file mode 100644 index 169601afc..000000000 --- a/tiller/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -apiVersion: v1 -appVersion: v2.17.0 -description: OpenStack-Helm Tiller -name: tiller -version: 0.1.3 -home: https://github.com/kubernetes/helm -sources: - - https://github.com/kubernetes/helm - - https://opendev.org/openstack/openstack-helm -maintainers: - - name: OpenStack-Helm Authors -... diff --git a/tiller/requirements.yaml b/tiller/requirements.yaml deleted file mode 100644 index 84f0affae..000000000 --- a/tiller/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -dependencies: - - name: helm-toolkit - repository: file://../helm-toolkit - version: ">= 0.1.0" -... diff --git a/tiller/templates/configmap-bin.yaml b/tiller/templates/configmap-bin.yaml deleted file mode 100644 index d3dae4773..000000000 --- a/tiller/templates/configmap-bin.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.configmap_bin }} -{{- $envAll := . }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: tiller-bin -data: - image-repo-sync.sh: | -{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} -{{- end }} diff --git a/tiller/templates/deployment-tiller.yaml b/tiller/templates/deployment-tiller.yaml deleted file mode 100644 index 7cacc69cd..000000000 --- a/tiller/templates/deployment-tiller.yaml +++ /dev/null @@ -1,111 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.deployment_tiller }} -{{- $envAll := . }} - -{{- $serviceAccountName := printf "%s-%s" .Release.Name "tiller" }} -{{ tuple $envAll "tiller" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ $serviceAccountName }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: {{ $serviceAccountName }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} - labels: - app: helm - name: tiller - name: tiller-deploy -spec: - replicas: 1 - selector: - matchLabels: - app: helm - name: tiller - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - app: helm - name: tiller - annotations: -{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} - configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} - spec: -{{ dict "envAll" $envAll "application" "tiller" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} - initContainers: -{{ tuple $envAll "tiller" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - env: - - name: TILLER_NAMESPACE - value: {{ .Release.Namespace }} - - name: TILLER_HISTORY_MAX - value: "0" -{{ tuple $envAll "tiller" | include "helm-toolkit.snippets.image" | indent 8 }} - livenessProbe: - failureThreshold: 3 - httpGet: - path: /liveness - port: 44135 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: tiller -{{ dict "envAll" $envAll "application" "tiller" "container" "tiller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 8 }} - ports: - - containerPort: 44134 - name: tiller - protocol: TCP - - containerPort: 44135 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readiness - port: 44135 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: {} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - dnsPolicy: {{ .Values.pod.dns_policy }} - restartPolicy: Always - schedulerName: default-scheduler - serviceAccount: {{ $serviceAccountName }} - serviceAccountName: {{ $serviceAccountName }} - terminationGracePeriodSeconds: 30 -{{- end }} diff --git a/tiller/templates/job-image-repo-sync.yaml b/tiller/templates/job-image-repo-sync.yaml deleted file mode 100644 index 004931493..000000000 --- a/tiller/templates/job-image-repo-sync.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} -{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "tiller" -}} -{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} -{{- end }} diff --git a/tiller/templates/service-tiller-deploy.yaml b/tiller/templates/service-tiller-deploy.yaml deleted file mode 100644 index 0b535df07..000000000 --- a/tiller/templates/service-tiller-deploy.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.service_tiller_deploy }} -{{- $envAll := . }} -{{- $prometheus_annotations := $envAll.Values.monitoring.prometheus.tiller }} ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: helm - name: tiller - name: tiller-deploy - annotations: -{{- if .Values.monitoring.prometheus.enabled }} -{{ tuple $prometheus_annotations | include "helm-toolkit.snippets.prometheus_service_annotations" | indent 4 }} -{{- end }} -spec: - ports: - - name: tiller - port: 44134 - protocol: TCP - targetPort: tiller - - name: metrics - port: 44135 - protocol: TCP - targetPort: metrics - selector: - app: helm - name: tiller - sessionAffinity: None - type: ClusterIP -{{- end }} diff --git a/tiller/values.yaml b/tiller/values.yaml deleted file mode 100644 index 85f2f4e4c..000000000 --- a/tiller/values.yaml +++ /dev/null @@ -1,103 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Default values for helm tiller -# This is a YAML-formatted file. -# Declare name/value pairs to be passed into your templates. -# name: value - ---- -labels: - job: - node_selector_key: openstack-control-plane - node_selector_value: enabled - -release_group: null - -images: - tags: - tiller: ghcr.io/helm/tiller:v2.17.0 - dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 - image_repo_sync: docker.io/docker:17.07.0 - pull_policy: IfNotPresent - local_registry: - active: false - exclude: - - dep_check - - image_repo_sync - -pod: - dns_policy: "ClusterFirst" - security_context: - tiller: - pod: - runAsUser: 65534 - container: - tiller: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - resources: - enabled: false - jobs: - image_repo_sync: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "1024Mi" - cpu: "2000m" - -dependencies: - dynamic: - common: - local_image_registry: - jobs: - - tiller-image-repo-sync - services: - - endpoint: node - service: local_image_registry - static: - image_repo_sync: - services: - - endpoint: internal - service: local_image_registry - tiller: - services: null - -endpoints: - cluster_domain_suffix: cluster.local - local_image_registry: - name: docker-registry - namespace: docker-registry - hosts: - default: localhost - internal: docker-registry - node: localhost - host_fqdn_override: - default: null - port: - registry: - node: 5000 - -monitoring: - prometheus: - enabled: false - tiller: - scrape: true - port: 44135 - -manifests: - configmap_bin: true - deployment_tiller: true - job_image_repo_sync: true - service_tiller_deploy: true -... diff --git a/tools/deployment/podsecuritypolicy/006-config-k8s-psp.sh b/tools/deployment/podsecuritypolicy/006-config-k8s-psp.sh index 447d054d2..f3233b82a 100755 --- a/tools/deployment/podsecuritypolicy/006-config-k8s-psp.sh +++ b/tools/deployment/podsecuritypolicy/006-config-k8s-psp.sh @@ -29,9 +29,3 @@ sudo -E minikube start \ # NOTE: Wait for node to be ready. kubectl wait --timeout=240s --for=condition=Ready nodes/minikube - -kubectl --namespace=kube-system wait \ - --timeout=240s \ - --for=condition=Ready \ - pod -l app=helm,name=tiller -