This patch set adds in a helm-toolkit function to render the
securityContext in the chart.
Change-Id: Id0fe9b75432076d0b87e89dcaa5a4b88487972aa
Signed-off-by: Tin Lam <tin@irrational.io>
This patch takes into consideration that there could be multiple
options for mandatory access control in a cluster. The previously
defined Helm toolkit function for generating a MAC annotation can
now be specified generically, like in this example:
mandatory_access_control:
type: apparmor
glance-api:
init: runtime/default
glance-api: runtime/default
glance-perms: runtime/default
ceph-keyring-placement: runtime/default
glance-registry:
init: runtime/default
glance-registry: runtime/default
If no MAC is required, then the "type" can be set to null,
and no annotation would be generated. The only MAC type supported
at the moment is "apparmor".
Change-Id: I6b45533d73af82e8fff353b0ed9f29f0891f24f1
Long hostnames can cause the 63 char name limit to be exceeded.
Truncate the hostname if hostname > 20 char.
Change-Id: Ieb7e4dafb41d1fe3ab3d663d2614f75c814afee6
This reverts commit 5c2859c3e9026e464bf0c35b591aaae810ff2a1c.
This commit breaks the ability to declare users to use with rally/helm test - and needs to be refactored to match the commit message's intent.
Change-Id: I2bc66ef40694c277058b4324b8a3528f4f25d1d1
This PS allows to set collectors enable/disable using values.
_node-exporter.sh.tpl makes collectors-list from values.yaml.
Change-Id: Iba2cf4d8304f2405db394fbb6fee58119eab13fc
This PS document use of and fixes the anti-affinity function to
properly support hard anti affinity.
Change-Id: I2ec643d7720036b34fc249a2e230b3bed3aac41f
Signed-off-by: Pete Birley <pete@port.direct>
This patch set renames the existing apparmor annotation
function to a more generic MAC (Mandatory Access Control)
name to be flexible enough to handle other MAC annotations
in the future.
Change-Id: I98a34484cebc2b420ad8f2664e4aaa84cfb9dca1
This patch set implements the helm toolkit function to generate a
kubernetes network policy manifest based on overrideable values.
This also adds a chart that shuts down all the ingress and egress
traffics in the namespace. This can be used to ensure the
whitelisted network policy works as intended.
Additionally, implementation is done for some infrastructure charts.
Change-Id: I78e87ef3276e948ae4dd2eb462b4b8012251c8c8
Co-Authored-By: Mike Pham <tp6510@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
This PS fixed rally deployment config to latest format. After rally
refactoring, the deployment config format has been simplified, and the
old format is no longer available. The rally deployment config used by
the helm-toolkit also needs to be changed to support the latest rally.
Change-Id: I286f3c8e3ecd8cc7c26273fa7a1be7cc0bf31c4b
Related-Id: I380a976c0f48c4af0796c9d866fc8787025ce548
This patch set adds helm toolkit functions to annotate apparmor profile
in the container's metadata section.
Change-Id: Ib0ca04e8b8527194778afb8053046797abdfdb98
Signed-off-by: Tin Lam <tin@irrational.io>
This PS adds documentation for the kubernetes entrypoint macros.
Change-Id: I1bec4d7a58878742462de624ebe0b77579759c09
Signed-off-by: Pete Birley <pete@port.direct>
This ps adds the ability to use the ceph radosgw s3 api for
snapshot repositories. It removes the ability to use a RWM pvc, as
the radosgw solution provides a more robust approach for storing
index snapshots
Change-Id: Ie56ac41ccdc61bfadcac52b400cceb35403e9fae
This proposes adding the following:
Snippets for the environment variables for the s3 admin user and
service users for using rgw's s3 api
Scripts for creating s3 users for use by a particular service and
for creating and linking buckets to those users
Manifest templates for the jobs for creating the s3 users and for
creating and linking the buckets to those users
Change-Id: Ibd5ed0aac49d172c56faffdacd44bdd487978570
This adds a helm-toolkit template for injecting pod tolerations
via values, similar to how container resources are handled. This
allows for custom definition of tolerations instead of defining
tolerations for pods directly into the pod templates
Change-Id: Ice520fcece425b14ae890ca5980fec9d7428a34d
This PS brings the macro template function filenames inline with
other in helm-toolkit.
Change-Id: Ie6db2a5a73abc98d4f7d03ea7a918a39726615ba
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds doc comments for the keystone env snippets
Change-Id: Ia18b3101e639a713b7cc1c88146a2f91bbcb3984
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. A follow up ps will add the ability to add arbitary
annotations to the same objects.
Change-Id: Iceedba457a03387f6fc44eb763a00fd57f9d84a5
Signed-off-by: Pete Birley <pete@port.direct>
This PS udpates the TLS cert gen function to ensure the CN is
included in the list of DNS alt names within the cert.
Change-Id: Iaec9207e61884972d49dee84af24d4827d914afb
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds a util to return a list of unique hosts for an endpoint,
with the fqdn value returned as the 1st item in the list.
Change-Id: Idaa63fad908f04a2d233e29092f6df30edd55bdb
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the certificate generation util to return the expiry
time in UTC.
Change-Id: Ic4e6dc6589d937cb8883f9cfcf4bf8b8c56a9628
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds a function to generate tls certificates from a
CA. It also adds a script to generate a snakeoil ca for dev
and future gating work.
Change-Id: Ic94a9ab5fa3ebb912b507008a6b2f78e16dade67
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates helm toolkit, and effected charts in
openstack-helm-infra to use Secrets rather than configmaps for
application configuration, as they in many cases contain sensitive data.
Change-Id: Idd17812437465368e92c9fec0d5b634bbf6dc23a
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the tls secret manifest to allow non-public endpoints
to be specified.
Change-Id: I47606e5c8db87fac07febb114334ded710f56ed5
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the K8s pod resources function to both include
basic documentation, and also allow null values to be used if
no resource request or limit is desired.
Change-Id: I9dee6af1167a12f0c22b368220ca6343a8c6dc73
Signed-off-by: Pete Birley <pete@port.direct>
This patchset changes the "helm-toolkit.utils.merge" function such that
when merging lists it not only removes duplicates, but also optionally
merges any items which have the same value for the "name" key, when
passing a "merge_same_named" parameter as true.
Change-Id: I5105e3649820b41b0dbd6fb36f776bc5ad38c84d
This PS moves the template renderer function to its correct
location in helm-toolkit.
Thanks to Sai Battina for noticing this.
Change-Id: I614ee33bc8c39007955a0e32cd34e881bd1cb3fe
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds basic documentation for the metadata labels function.
Change-Id: I8ef3093aafabb64c61396a721b6c6b66dc5de9e8
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds basic documentation for the image function.
Change-Id: I3ee6f44efc7252facb329bc6dae5be571de338bd
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds basic documentation for the tls secret macro.
Change-Id: I36a6b171cb5bce2d4bf6dc22c22f0a630d677497
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds basic documentation for the ingress macro.
Change-Id: Iabfa76eae6bb79f914a3fce0047a82ab1e915c76
Signed-off-by: Pete Birley <pete@port.direct>
It adds an ability to specify the auxiliary configuraiton for rabbitmq
like policies, permissions loading json formatted data
Change-Id: I85240a50fb64a4d74454768034fe3bdcf25f3019
Signed-off-by: Ruslan Khanbikov <rk760n@att.com>
This PS adds documentation comments to may of the utility functions
in helm-toolkit.
Change-Id: Id0481284058678ea2834edf462fa7666e429bd79
Signed-off-by: Pete Birley <pete@port.direct>
This PS refactors the endpoint functions to reduce code repetition
and improve readability.
Change-Id: I4a280d0645206ca74794fc4e69ec374bde4c4633
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates Helm-Toolkit to accept both a simple string (previous
operation) and a dict containing host and potentially tls params for
public endpoints.
Change-Id: Ia95e9f008098ef3eb110d651fd06141774ceb8b7
Signed-off-by: Pete Birley <pete@port.direct>