This patch set adds helm toolkit functions to annotate apparmor profile
in the container's metadata section.
Change-Id: Ib0ca04e8b8527194778afb8053046797abdfdb98
Signed-off-by: Tin Lam <tin@irrational.io>
This PS adds documentation for the kubernetes entrypoint macros.
Change-Id: I1bec4d7a58878742462de624ebe0b77579759c09
Signed-off-by: Pete Birley <pete@port.direct>
This proposes adding the following:
Snippets for the environment variables for the s3 admin user and
service users for using rgw's s3 api
Scripts for creating s3 users for use by a particular service and
for creating and linking buckets to those users
Manifest templates for the jobs for creating the s3 users and for
creating and linking the buckets to those users
Change-Id: Ibd5ed0aac49d172c56faffdacd44bdd487978570
This adds a helm-toolkit template for injecting pod tolerations
via values, similar to how container resources are handled. This
allows for custom definition of tolerations instead of defining
tolerations for pods directly into the pod templates
Change-Id: Ice520fcece425b14ae890ca5980fec9d7428a34d
This PS adds doc comments for the keystone env snippets
Change-Id: Ia18b3101e639a713b7cc1c88146a2f91bbcb3984
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. A follow up ps will add the ability to add arbitary
annotations to the same objects.
Change-Id: Iceedba457a03387f6fc44eb763a00fd57f9d84a5
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates helm toolkit, and effected charts in
openstack-helm-infra to use Secrets rather than configmaps for
application configuration, as they in many cases contain sensitive data.
Change-Id: Idd17812437465368e92c9fec0d5b634bbf6dc23a
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the K8s pod resources function to both include
basic documentation, and also allow null values to be used if
no resource request or limit is desired.
Change-Id: I9dee6af1167a12f0c22b368220ca6343a8c6dc73
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves the template renderer function to its correct
location in helm-toolkit.
Thanks to Sai Battina for noticing this.
Change-Id: I614ee33bc8c39007955a0e32cd34e881bd1cb3fe
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds basic documentation for the metadata labels function.
Change-Id: I8ef3093aafabb64c61396a721b6c6b66dc5de9e8
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds basic documentation for the image function.
Change-Id: I3ee6f44efc7252facb329bc6dae5be571de338bd
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the openrc functions to use the internal interface by
default for keystone actions performed within the cluster.
Change-Id: I491618d9fd473917e2034a315f292db746f0d7cc
Signed-off-by: Pete Birley <pete@port.direct>
Move to v0.3.1 of kubernetes-entrypoint which has 2 breaking changes to
pod dependencies, and also adds support for depending on jobs via
labels.
Change-Id: I2bafc2153ddd46b3833b253a2e7950bccbccf8ed
This PS simplify the logic for dyanmicly merging the image management
depenencies into pod deps when active.
Change-Id: I0cf6c93173bc5fbce697ac15be8697d3b1326d0a
Adds support for a new feature of kubernetes-entrypoint, pod
dependencies, that was added in v0.3.0.
Change-Id: I78d9e0545ca3b837cd2386783386a253f7f5a2d6
This adds checks for the fields in the service annotations for
prometheus, similar to the checks made for the pod annotations.
It also moves prometheus annotations under a prometheus: key
under a top-level monitoring tree to allow for other monitoring
mechanisms independent of the endpoints tree
Change-Id: I4be6d6ad8e74e8ca52bd224ceddad785577bf6c7
Removes an unused context declaration from the prometheus service
annotation template in helm-toolkit, and removes all references to
it
Change-Id: I57612c1504cf046f367ee10d26ef3062ebe528d3
Currently, the rbac logic would allow for ``jobs`` or ``daemonsets``
if it is specified in the dependencies, even if they may just be empty
or null. This patch set addresses this by checking the jobs or
daemonsets map in the value.yaml is non-empty before including it
in the Role.
Change-Id: I67f940e1e71c371b63d8d1e9b4f47af633a6bfa4
This adds the prometheus annotations to the calico-node daemonset
to allow prometheus to create a scrape config for calico metrics.
This requires adding a annotation tree in the chart's values.yaml
file
Change-Id: I0e62fce34ea8de6d0241ea00aaae66187b808c81
This PS splits the `prometheus_pod_annotations.tpl` into seperate
files for each definition contained within it to be consistent
with other funstions in Helm-Toolkit, which can be located by path
from their name.
Change-Id: Ief9e31ead7eb1028cedd8e608d6b11e53e63e515
Currently, services have two serviceaccounts: one specified in the
chart that cannot read anything, and one injected via helm-toolkit
that can read everything. This patch set refactors the logic to:
- cleanup the roles and their binding automatically when the helm
chart is deleted;
- remove the need to separately mount a serviceaccount with secret;
- better handling of namespaces resource restriction.
Co-Authored-By: portdirect <pete@port.direct>
Change-Id: I47d41e0cad9b5b002f59fc9652bad2cc025538dc
This will move prometheus to OSH-infra to be included as part of
the basic infrastructure deploy for openstack-helm. It includes
charts for Prometheus, Node Exporter, Kube-State-Metrics, and
Alertmanager. It provides a base for monitoring and alerting
for the underlying infrastructure
Partially Implements: blueprint osh-monitoring
Change-Id: Ie453373b54c5f1825339ce0566e4b5d0f74abc20
This PS introduces support for using a local docker repo to
store images if desired, and adds multiple namespace support
to the entrypoint lookup functions.
Change-Id: Ib51aa30d3cc033795fe13f6c40a57d46171ad586
This PS update the calico chart and deployment to use
Kubernetes entrypoint, and apply appropriate RBAC rules to
the pods.
Change-Id: I9d875f50c4767b6714a4931b9ade0a6f94b533c2
This PS adds the NFS provisioner and Docker Registry to the OSH-Infra Repo,
these are being used as initial candidates for moving as they are simple
charts and allow the chart runner logic to be developed in the gate
playbooks.
Change-Id: Ie80b8578aafd3fe7252d3dcb603ea6af7586776e
This PS removes the old helm toolkit in preperation for the repo to
be initialised with openstack-helm-infra and the zuul v3 gate.
Change-Id: I4fa3be6bc240c061620dc3b5533136107a99065c
Add helm-toolkit to OSH-infra to support using zuul-cloner in
the gates for openstack-helm. As infra is appropriate for charts
required to run openstack-helm, helm-toolkit should be centralized
here
Change-Id: I9d7f80a405f9fb2dec7e5fcdc8294a8c35154272