Unrestrict octal values rule since benefits of file modes readability
exceed possible issues with yaml 1.2 adoption in future k8s versions.
These issues will be addressed when/if they occur.
Also ensure osh-infra is a required project for lint job, that matters
when running job against another project.
Change-Id: Ic5e327cf40c4b09c90738baff56419a6cef132da
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: I1882738cf9757c5350a8533876fd37b5920b5235
This adds Apparmor profile to Openvswitch. This change also refactors
the apparmor job to utilize the feature gates system instead of relying
on separate scripts
Change-Id: Ie53162cfdea5553191d3b5dbdfec195e4001b255
Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
When DPDK is enbaled, configuring CPU resource limits
through Kubernetes affects packet throughput adversely.
DPDK PMD cores could not get 100% busy.
They need to be configured by isolating them in host grub
and later through PMD core mask.
Change-Id: Ia80880302b9c5c02fdb1c00cb62f6640860e898e
A recently introduced readiness probe for OVS with DPDK makes use of an
OVSDB table entry 'dpdk_initialized' which does not exist in OVS
versions preceeding v2.10.0. This patch changes the readiness probe to
exit successfully if this table entry does not exit.
Change-Id: I1776ac4bf736220267a49042f1b7092f3cf5ed16
This change makes sure that "ovs-vsctl get Open_vSwitch .
dpdk_initialized" is true before making the pod ready
Change-Id: Ie88f74a1e7a84afb3fbca55b500009255b4f6991
Setup Cgroup to use to break out of Kubernetes defined groups for ovs-dpdk pods.
All the cores on the server are added to the cpuset, pmd_cpu_mask and lcore_mask
will choose the right ones for ovs-dpdk from all the cores.
Co-Authored-By: Phil Sphicas <ps3910@att.com>
Change-Id: Ia840647e3fc09480b826b3075b2585daefa638b3
This commit enables overriding liveness/readiness probes
configurations for openvswitch pods from values.yaml
Change-Id: I4ec2b9e88bf8ed57e8ac9293f333969b63cef335
Extending the Openvswitch chart with support for DPDK. In order to
enable DPDK support, set the dpdk:enabled option to true in value.yaml.
Prerequisites for successfully running OVS with DPDK: the host OS must
to have hugepages enabled.
Co-Authored-By: Rihab Banday <rihab.banday@ericsson.com>
Change-Id: I9649832511ba7c7ba7c391555d60171ef9264110
This change allows the openvswitch to interact with SDN controller
(e.g., ONOS, ODL) through 6640 port.
Story: 2005763
Task: 33473
Change-Id: Ifcbb6a157c230fa729d295ef0d3fb9a16fff60a2
This PS updates to use security context macros from HTK, in line
with other charts.
Change-Id: I5ca0af17eccc4856baef871cf199554aad075ebe
Signed-off-by: Pete Birley <pete@port.direct>
This PS improves the securityu options for the ovs-db pod
by specifying running as a non-root user, using read only
filesystems for the containers and also preventing
privilege escalation. A subsequent ps will move to use the
helm toolkit functions that allow the control of these params.
Change-Id: I94fbf5b851be68f6fb4a1f9809ad12776e8a80b3
Signed-off-by: Pete Birley <pete@port.direct>
This PS adds emptydirs backing the /tmp directory in pods, which
is required in most cases for full operation when using a read only
filesystem backing the container.
Additionally some yaml indent issues are resolved.
Change-Id: I8b7f1614da059783254aa6efc09facf23fca3cad
Signed-off-by: Pete Birley <pete@port.direct>
I believe when we have set the readOnly flag at pod without HTK functionality the changes were not reflected. That is why it passed the gate.
Later with HTK functionality the gates never passed and I have tested that in various ways and finally I had to unset the readOnly flag
This reverts commit 598040bea05737ea1ee2460ba8675ed7c061e63a.
Change-Id: Icf8d3cc60045926ab60b9735ee1e8202c15df9d5
This adds the release-annotation to the pod spec for the charts in
openstack-helm-infra. This also adds missing configmap annotations
to charts in openstack-helm-infra
Change-Id: Ie23f0c16a7a21d3929e98928db2bbcef69ae6490
This implementation is to add readiness probe to ovs-db pod.
The goal is to check if the db.sock is connected by executing ovs-vsctl
command to list the Open_vswitch configuration table.
Change-Id: Idd4382d95d07ffff94a30bcb7ac132b88e9d6de1
Uses ovs-vsctl for ovs-db
Uses ovs-appctl for ovs-vswitchd as "ovs-vsctl show" does not
talk to ovs-vswitchd.
Change-Id: Ia0b84e3546ff1693676ca61370e1344d75b6e308
This PS shares pid namespaces for containers in pods under docker,
bringing running in this runtime inline with other runc based container
backends, allowing the pause process in the pod to act as a reaper.
Change-Id: I1e511b1cd11a4b2f4818a772a91e8a8dfd342be3
Signed-off-by: Pete Birley <pete@port.direct>
This patch set implements the helm toolkit function to generate a
kubernetes network policy manifest based on overrideable values.
This also adds a chart that shuts down all the ingress and egress
traffics in the namespace. This can be used to ensure the
whitelisted network policy works as intended.
Additionally, implementation is done for some infrastructure charts.
Change-Id: I78e87ef3276e948ae4dd2eb462b4b8012251c8c8
Co-Authored-By: Mike Pham <tp6510@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
We have two functionally identical places where we add bridges, one in
the neutron chart and one in the openvswitch chart.
It makes more sense to do it only in the neutron chart as that aligns
with the linux_bridge configuration and also is where the
bridge_mappings are specified.
Change-Id: I655380b021b89c3d93475febf7daca8f9d88cc54
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. A follow up ps will add the ability to add arbitary
annotations to the same objects.
Change-Id: Iceedba457a03387f6fc44eb763a00fd57f9d84a5
Signed-off-by: Pete Birley <pete@port.direct>
This moves the openvswitch chart to openstack-helm-infra as part of
the effort to move charts to their appropriate repositories
Change-Id: I6e00231b8de54c01bc9bb31e0433753a9f281542
Story: 2002204
Task: 21730