101 Commits

Author SHA1 Message Date
Zuul
23967559a6 Merge "Add securityContext helm-toolkit function" 2018-12-13 18:24:10 +00:00
Tin Lam
bf445b4add Add securityContext helm-toolkit function
This patch set adds in a helm-toolkit function to render the
securityContext in the chart.

Change-Id: Id0fe9b75432076d0b87e89dcaa5a4b88487972aa
Signed-off-by: Tin Lam <tin@irrational.io>
2018-12-10 21:59:41 -06:00
Sean Eagan
75e0c2d0f5 helm-toolkit: Support standard kubernetes/helm labels
As documented in [1].

Also add quotes around those and existing metadata labels.

[1]: https://docs.helm.sh/chart_best_practices/#standard-labels

Change-Id: I1e195deb23e87567041e237212b5a828bb34f3e8
2018-12-10 19:12:42 +00:00
Cliff Parsons
598faeb8db Make access control annotations more generic.
This patch takes into consideration that there could be multiple
options for mandatory access control in a cluster. The previously
defined Helm toolkit function for generating a MAC annotation can
now be specified generically, like in this example:

  mandatory_access_control:
    type: apparmor
    glance-api:
      init: runtime/default
      glance-api: runtime/default
      glance-perms: runtime/default
      ceph-keyring-placement: runtime/default
    glance-registry:
      init: runtime/default
      glance-registry: runtime/default

If no MAC is required, then the "type" can be set to null,
and no annotation would be generated. The only MAC type supported
at the moment is "apparmor".

Change-Id: I6b45533d73af82e8fff353b0ed9f29f0891f24f1
2018-11-28 08:54:15 +00:00
Anderson, Craig (ca846m)
48a0c09fea Truncate long host names for overrides
Long hostnames can cause the 63 char name limit to be exceeded.
Truncate the hostname if hostname > 20 char.

Change-Id: Ieb7e4dafb41d1fe3ab3d663d2614f75c814afee6
2018-11-26 17:04:58 -08:00
Ian Howell
9b132225c6 This fixes host-specific overrides
This properly assigns k8s secrets to volumes, rather than using
configMaps

Change-Id: Ifcabd3565fb2abee063f5da117d83ac3a5602536
2018-11-09 16:24:03 -06:00
Zuul
7274c5f95f Merge "Revert "Fix rally deployment config to rally 1.2.0"" 2018-11-07 22:26:22 +00:00
Pete Birley
b7e77dfea0 Revert "Fix rally deployment config to rally 1.2.0"
This reverts commit 5c2859c3e9026e464bf0c35b591aaae810ff2a1c.

This commit breaks the ability to declare users to use with rally/helm test - and needs to be refactored to match the commit message's intent.

Change-Id: I2bc66ef40694c277058b4324b8a3528f4f25d1d1
2018-11-07 19:31:49 +00:00
Zuul
b28aed8331 Merge "Fix rally deployment config to rally 1.2.0" 2018-11-07 14:12:32 +00:00
Jawon Choo
b4dfb27f0c Node-Exporter: allows to set collectors enable/disable
This PS allows to set collectors enable/disable using values.
_node-exporter.sh.tpl makes collectors-list from values.yaml.

Change-Id: Iba2cf4d8304f2405db394fbb6fee58119eab13fc
2018-10-26 01:15:15 +00:00
Pete Birley
be7b01d798 Helm-Toolkit: Document and fix the anti-affinity function
This PS document use of and fixes the anti-affinity function to
properly support hard anti affinity.

Change-Id: I2ec643d7720036b34fc249a2e230b3bed3aac41f
Signed-off-by: Pete Birley <pete@port.direct>
2018-10-17 04:50:02 +00:00
Cliff Parsons
c5b10d155f Rename mandatory access control annotation func
This patch set renames the existing apparmor annotation
function to a more generic MAC (Mandatory Access Control)
name to be flexible enough to handle other MAC annotations
in the future.

Change-Id: I98a34484cebc2b420ad8f2664e4aaa84cfb9dca1
2018-10-17 01:35:49 +00:00
Tin Lam
92e68d33ea Add network policy toolkit function
This patch set implements the helm toolkit function to generate a
kubernetes network policy manifest based on overrideable values.
This also adds a chart that shuts down all the ingress and egress
traffics in the namespace. This can be used to ensure the
whitelisted network policy works as intended.

Additionally, implementation is done for some infrastructure charts.

Change-Id: I78e87ef3276e948ae4dd2eb462b4b8012251c8c8
Co-Authored-By: Mike Pham <tp6510@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
2018-10-15 13:50:50 +00:00
Jaesang Lee
5c2859c3e9 Fix rally deployment config to rally 1.2.0
This PS fixed rally deployment config to latest format. After rally
refactoring, the deployment config format has been simplified, and the
old format is no longer available. The rally deployment config used by
the helm-toolkit also needs to be changed to support the latest rally.

Change-Id: I286f3c8e3ecd8cc7c26273fa7a1be7cc0bf31c4b
Related-Id: I380a976c0f48c4af0796c9d866fc8787025ce548
2018-10-04 07:14:57 +00:00
Tin Lam
515b6697d3 Add apparmor annotation function
This patch set adds helm toolkit functions to annotate apparmor profile
in the container's metadata section.

Change-Id: Ib0ca04e8b8527194778afb8053046797abdfdb98
Signed-off-by: Tin Lam <tin@irrational.io>
2018-09-24 03:20:50 +00:00
Zuul
bc1afb87d7 Merge "Helm-Toolkit: Add snippet for kubernetes tolerations" 2018-09-23 01:13:57 +00:00
Zuul
551be3f0dc Merge "Helm-Toolkit: Document kubernetes entrypoint macros" 2018-09-22 15:38:40 +00:00
Zuul
87460594dd Merge "Helm-Toolkit: correct macro template filenames" 2018-09-21 11:20:15 +00:00
Pete Birley
b16b2707d8 Helm-Toolkit: Document kubernetes entrypoint macros
This PS adds documentation for the kubernetes entrypoint macros.

Change-Id: I1bec4d7a58878742462de624ebe0b77579759c09
Signed-off-by: Pete Birley <pete@port.direct>
2018-09-21 08:23:22 +00:00
Steve Wilkerson
a084769410 Elasticsearch S3 repo
This ps adds the ability to use the ceph radosgw s3 api for
snapshot repositories. It removes the ability to use a RWM pvc, as
the radosgw solution provides a more robust approach for storing
index snapshots

Change-Id: Ie56ac41ccdc61bfadcac52b400cceb35403e9fae
2018-09-19 15:53:21 -05:00
Steve Wilkerson
a3f444299e HTK: Add s3 user/bucket scripts, snippets, manifests
This proposes adding the following:

Snippets for the environment variables for the s3 admin user and
service users for using rgw's s3 api

Scripts for creating s3 users for use by a particular service and
for creating and linking buckets to those users

Manifest templates for the jobs for creating the s3 users and for
creating and linking the buckets to those users

Change-Id: Ibd5ed0aac49d172c56faffdacd44bdd487978570
2018-09-19 15:52:36 -05:00
Steve Wilkerson
70afe83c16 Helm-Toolkit: Add snippet for kubernetes tolerations
This adds a helm-toolkit template for injecting pod tolerations
via values, similar to how container resources are handled. This
allows for custom definition of tolerations instead of defining
tolerations for pods directly into the pod templates

Change-Id: Ice520fcece425b14ae890ca5980fec9d7428a34d
2018-09-18 13:10:54 +00:00
Zuul
ef37b095b4 Merge "Helm-Toolkit: Add doc comments for keystone env snippets" 2018-09-17 17:11:29 +00:00
Pete Birley
aee8695a44 Helm-Toolkit: correct macro template filenames
This PS brings the macro template function filenames inline with
other in helm-toolkit.

Change-Id: Ie6db2a5a73abc98d4f7d03ea7a918a39726615ba
Signed-off-by: Pete Birley <pete@port.direct>
2018-09-13 15:16:49 +00:00
Pete Birley
26fd6bc04c Helm-Toolkit: Add doc comments for keystone env snippets
This PS adds doc comments for the keystone env snippets

Change-Id: Ia18b3101e639a713b7cc1c88146a2f91bbcb3984
Signed-off-by: Pete Birley <pete@port.direct>
2018-09-13 13:53:25 +00:00
Pete Birley
bb3ff98d53 Add release uuid to pods and rc objects
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. A follow up ps will add the ability to add arbitary
annotations to the same objects.

Change-Id: Iceedba457a03387f6fc44eb763a00fd57f9d84a5
Signed-off-by: Pete Birley <pete@port.direct>
2018-09-13 05:35:35 +00:00
Pete Birley
cb20c317ae TLS: Ensure CN is included in list of DNS alt names
This PS udpates the TLS cert gen function to ensure the CN is
included in the list of DNS alt names within the cert.

Change-Id: Iaec9207e61884972d49dee84af24d4827d914afb
Signed-off-by: Pete Birley <pete@port.direct>
2018-09-12 20:29:25 +00:00
Pete Birley
02fb7e4f59 Helm Toolkit: util to return a list of unique hosts for endpoint
This PS adds a util to return a list of unique hosts for an endpoint,
with the fqdn value returned as the 1st item in the list.

Change-Id: Idaa63fad908f04a2d233e29092f6df30edd55bdb
Signed-off-by: Pete Birley <pete@port.direct>
2018-09-04 18:05:40 +00:00
Pete Birley
abc9975dab TLS: Return expiry time in UTC
This PS updates the certificate generation util to return the expiry
time in UTC.

Change-Id: Ic4e6dc6589d937cb8883f9cfcf4bf8b8c56a9628
Signed-off-by: Pete Birley <pete@port.direct>
2018-09-04 14:05:41 +00:00
Pete Birley
96703649a5 Helm-Toolkit: TLS cert generator
This PS adds a function to generate tls certificates from a
CA. It also adds a script to generate a snakeoil ca for dev
and future gating work.

Change-Id: Ic94a9ab5fa3ebb912b507008a6b2f78e16dade67
Signed-off-by: Pete Birley <pete@port.direct>
2018-08-29 11:26:44 -05:00
Jean-Philippe Evrard
bf069b2311 Revert "Update OSH Author copyrights to OSF"
This reverts commit 178aa271a44956e86f4e962bf815fa827d93c9af.

Change-Id: I38a52d866527dfff2689b618e055f439bc248c13
2018-08-28 17:25:54 +00:00
Matt McEuen
178aa271a4 Update OSH Author copyrights to OSF
This PS updates the "Openstack-Helm Authors" copyright attribution
to be the "OpenStack Foundation", as decided in the 2018-03-20
team meeting:
http://eavesdrop.openstack.org/meetings/openstack_helm/2018/openstack_helm.2018-03-20-15.00.log.html

No other copyright attributions were changed.

Change-Id: I1137dee2ae5728771835f4b33fcaff60fcc22ca9
2018-08-26 17:17:06 -05:00
Pete Birley
6186fb6675 Helm-Toolkit: Move sensitive config data to secrets.
This PS updates helm toolkit, and effected charts in
openstack-helm-infra to use Secrets rather than configmaps for
application configuration, as they in many cases contain sensitive data.

Change-Id: Idd17812437465368e92c9fec0d5b634bbf6dc23a
Signed-off-by: Pete Birley <pete@port.direct>
2018-08-23 10:55:07 -05:00
Pete Birley
aac1c4e8c0 Helm-Toolkit: Update tls secret manifest for non public endpoints
This PS updates the tls secret manifest to allow non-public endpoints
to be specified.

Change-Id: I47606e5c8db87fac07febb114334ded710f56ed5
Signed-off-by: Pete Birley <pete@port.direct>
2018-08-02 11:04:42 -05:00
Pete Birley
548fd4445b Helm-Toolkit: update K8S resources function
This PS updates the K8s pod resources function to both include
basic documentation, and also allow null values to be used if
no resource request or limit is desired.

Change-Id: I9dee6af1167a12f0c22b368220ca6343a8c6dc73
Signed-off-by: Pete Birley <pete@port.direct>
2018-07-24 17:30:17 +00:00
Sean Eagan
5c9bda9d8b htk: merge list items with same "name" key
This patchset changes the "helm-toolkit.utils.merge" function such that
when merging lists it not only removes duplicates, but also optionally
merges any items which have the same value for the "name" key, when
passing a "merge_same_named" parameter as true.

Change-Id: I5105e3649820b41b0dbd6fb36f776bc5ad38c84d
2018-07-19 11:19:47 -05:00
Zuul
dd027838bd Merge "Helm-Toolkit: Add basic documentation for the metadata labels function" 2018-07-11 14:52:00 +00:00
Zuul
6200401f24 Merge "Image: Add basic documentation for the image function" 2018-07-10 02:47:17 +00:00
Zuul
6d52b7ded7 Merge "Helm-Toolkit: Add basic documentation for the tls secret macro" 2018-07-10 02:41:57 +00:00
Zuul
9e378800c8 Merge "Helm-Toolkit: Add basic documentation for ingress macro" 2018-07-10 02:35:25 +00:00
Pete Birley
07d90db1d7 Helm-Toolkit: Move template render to correct location
This PS moves the template renderer function to its correct
location in helm-toolkit.

Thanks to Sai Battina for noticing this.

Change-Id: I614ee33bc8c39007955a0e32cd34e881bd1cb3fe
Signed-off-by: Pete Birley <pete@port.direct>
2018-07-09 17:09:47 -05:00
Pete Birley
87b3b5b907 Helm-Toolkit: Add basic documentation for the metadata labels function
This PS adds basic documentation for the metadata labels function.

Change-Id: I8ef3093aafabb64c61396a721b6c6b66dc5de9e8
Signed-off-by: Pete Birley <pete@port.direct>
2018-07-09 20:57:32 +00:00
Pete Birley
fd242d2656 Image: Add basic documentation for the image function
This PS adds basic documentation for the image function.

Change-Id: I3ee6f44efc7252facb329bc6dae5be571de338bd
Signed-off-by: Pete Birley <pete@port.direct>
2018-07-09 14:18:50 -05:00
Pete Birley
69d310d000 Helm-Toolkit: Add basic documentation for the tls secret macro
This PS adds basic documentation for the tls secret macro.

Change-Id: I36a6b171cb5bce2d4bf6dc22c22f0a630d677497
Signed-off-by: Pete Birley <pete@port.direct>
2018-07-09 14:01:09 -05:00
Pete Birley
a957ff6c05 Helm-Toolkit: Add basic documentation for ingress macro
This PS adds basic documentation for the ingress macro.

Change-Id: Iabfa76eae6bb79f914a3fce0047a82ab1e915c76
Signed-off-by: Pete Birley <pete@port.direct>
2018-07-09 13:52:47 -05:00
Ruslan Khanbikov
5ae782ff52 Helm-Toolkit: adds import additional rabbitmq configuration
It adds an ability to specify the auxiliary configuraiton for rabbitmq
like policies, permissions loading json formatted data

Change-Id: I85240a50fb64a4d74454768034fe3bdcf25f3019
Signed-off-by: Ruslan Khanbikov <rk760n@att.com>
2018-07-05 10:29:31 -07:00
Pete Birley
6ef940b776 Helm-Toolkit: add doc comments to many util functions
This PS adds documentation comments to may of the utility functions
in helm-toolkit.

Change-Id: Id0481284058678ea2834edf462fa7666e429bd79
Signed-off-by: Pete Birley <pete@port.direct>
2018-07-02 10:44:29 +00:00
Zuul
3cee5970a0 Merge "Helm-Toolkit: Simplify and refactor endpoint functions" 2018-07-01 19:01:11 +00:00
Pete Birley
9a25d20712 Helm-Toolkit: Simplify and refactor endpoint functions
This PS refactors the endpoint functions to reduce code repetition
and improve readability.

Change-Id: I4a280d0645206ca74794fc4e69ec374bde4c4633
Signed-off-by: Pete Birley <pete@port.direct>
2018-06-30 10:45:17 +01:00
Pete Birley
17cfa8740e (fix) Helm-Toolkit: Public ingress reverse compatibility
This PS updates Helm-Toolkit to accept both a simple string (previous
operation) and a dict containing host and potentially tls params for
public endpoints.

Change-Id: Ia95e9f008098ef3eb110d651fd06141774ceb8b7
Signed-off-by: Pete Birley <pete@port.direct>
2018-06-28 16:02:19 -05:00