Commit Graph

77 Commits

Author SHA1 Message Date
Vladimir Kozhukalov
05f2f45971 Add 2024.1 overrides to some charts
- Add 2024.1 overrides to those charts where
  there are overrides for previous releases.
- Update some jobs to use 2024.1 overrides.
- Update default images in  grafana, postgresql,
  nagios, ceph-rgw, ceph-provisioners,
  kubernetes-node-problem-detector
- Install tzdata package on K8s nodes. This
  is necessary for kubernetes-node-problem-detector
  chart which mounts /etc/localtime from hosts.

Change-Id: I343995c422b8d35fa902d22abf8fdd4d0f6f7334
2024-07-23 07:35:50 -05:00
Vladimir Kozhukalov
8077898106 Update kubernetes-entrypoint image
Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
by default instead of 1.0.0 which is v1 formatted and
not supported any more by docker.

Change-Id: I6349a57494ed8b1e3c4b618f5bd82705bef42f7a
2024-07-12 13:52:07 -05:00
Stephen Taylor
2fd438b4b1 Update Ceph images to patched 18.2.2 and restore debian-reef repo
This change updates the Ceph images to 18.2.2 images patched with a
fix for https://tracker.ceph.com/issues/63684. It also reverts the
package repository in the deployment scripts to use the debian-reef
directory on download.ceph.com instead of debian-18.2.1. The issue
with the repo that prompted the previous change to debian-18.2.1
has been resolved and the more generic debian-reef directory may
now be used again.

Change-Id: I85be0cfa73f752019fc3689887dbfd36cec3f6b2
2024-03-12 13:45:42 -06:00
Stephen Taylor
f641f34b00 [ceph] Update Ceph images to Jammy and Reef 18.2.1
This change updates all Ceph images in openstack-helm-infra to
ubuntu_jammy_18.2.1-1-20240130.

Change-Id: I16d9897bc5f8ca410059a5f53cc637eb8033ba47
2024-01-30 07:58:03 -07:00
Stephen Taylor
d070774bfc [ceph-rgw] Add a ceph-rgw-pool job to re-run the ceph-rbd-pool job
The Reef release disallows internal pools from being created by
clients, which means the ceph-client chart is no longer able to
create the .rgw.root pool and configure it. The new ceph-rgw-pool
job deletes and re-creates the ceph-rbd-pool job after ceph-rgw has
been deployed so that job can configure the .rgw.root pool
correctly.

Change-Id: Ic3b9d26de566fe379227a2fe14dc061248e84a4c
2023-11-02 07:05:37 -06:00
Stephen Taylor
5e5a52cc04 Update Rook to 1.12.5 and Ceph to 18.2.0
This change updates Rook to the 1.12.5 release and Ceph to the
18.2.0 (Reef) release.

Change-Id: I546780ce33b6965aa699f1578d1db9790dc4e002
2023-10-13 12:58:56 -06:00
Stephen Taylor
c984e2f169 [ceph-rgw] Use Helm toolkit functions for Ceph RGW probes
This change converts the readiness and liveness probes in the Ceph
RGW chart to use the functions from the Helm toolkit rather than
having hard-coded probe definitions. This allows probe configs to
be overridden in values.yaml without rebuilding charts.

Change-Id: Ia09d06746ee06f96f61a479b57a110c94e77c615
2023-08-25 09:22:13 -06:00
Stephen Taylor
45b492bcf7 [ceph] Update Ceph to 17.2.6
This change updates the openstack-helm-infra charts to use 17.2.6
Quincy images based on Focal.

See https://review.opendev.org/c/openstack/openstack-helm-images/+/881217

Change-Id: Ibb89435ae22f6d634846755e8121facd13d5d331
2023-05-09 12:25:07 +00:00
Samuel Liu
6034a00bf7 Replace node-role.kubernetes.io/master with control-plane
The master label is no longer present on kubeadm control plane nodes(v1.24). For new clusters, the label 'node-role.kubernetes.io/master' will no longer be added to control plane nodes, only the label 'node-role.kubernetes.io/control-plane' will be added. For more information, refer to KEP-2067[https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint]: Rename the kubeadm "master" label and taint.

the kubernetes pr: https://github.com/kubernetes/kubernetes/pull/107533

Change-Id: I3056b642db0a1799089998e3c020b4203c9a93ab
2023-03-20 13:38:07 +08:00
Stephen Taylor
fc92933346 [ceph] Update all Ceph images to Focal
This change updates all Ceph image references to use Focal images
for all charts in openstack-helm-infra.

Change-Id: I759d3bdcf1ff332413e14e367d702c3b4ec0de44
2023-03-16 16:39:37 -06:00
Brian Haley
f31cfb2ef9 support image registries with authentication
Based on spec in openstack-helm repo,
support-OCI-image-registry-with-authentication-turned-on.rst

Each Helm chart can configure an OCI image registry and
credentials to use. A Kubernetes secret is then created with these
info. Service Accounts then specify an imagePullSecret specifying
the Secret with creds for the registry. Then any pod using one
of these ServiceAccounts may pull images from an authenticated
container registry.

Change-Id: Iebda4c7a861aa13db921328776b20c14ba346269
2022-07-20 14:28:47 -05:00
Gage Hugo
4c077707fc Update default image values for ceph-rgw
This change updates the default image values for several images
in the ceph-rgw chart to newer openstack and ubuntu releases.

Change-Id: Ia11d69bd8f0b4259f6ee68b167a7344ab86d0584
2022-04-27 11:35:01 -05:00
Thiago Brito
09bf2fbb92 Enable taint toleration for ceph-rgw
This adds taint toleration support for openstack jobs

Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: I5e55e93d4034da5f7f323a6dcb3ca511abd9ac4e
2022-03-23 18:09:38 +00:00
Ritchie, Frank (fr801x)
787e692ea0 Use local auth before keystone for s3
This change is to have RGW use local authentication before Keystone
when both are enabled. This can improve performance:

https://cloudblog.switch.ch/2020/02/10/radosgw-keystone-integration-performance-issues-finally-solved/

Given that we do not duplicate local users in keystone with different
passwords this should be a safe change.

Change-Id: I976a47a5d68884ffb54a0ddd8ab802d69cecbf44
2021-06-24 10:47:27 -05:00
Thiago Brito
5a0ba49d50 Prepending library/ to docker official images
This will ease mirroring capabilities for the docker official images.

Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I0f9177b0b83e4fad599ae0c3f3820202bf1d450d
2021-06-02 15:04:38 -03:00
Stephen Taylor
948e07e151 [ceph-rgw] Add placement target delete support to RGW
A new "delete" value has been added to the ceph-rgw placement
target spec to allow existing placement targets to be deleted in a
brownfield deployment. For deployments where a deleted placement
target does not exist, the placement target will be created and
deleted in a single step.

Change-Id: I34e6d97543b63848b267332556b62d50d1865f49
2021-05-25 19:49:27 +00:00
Ritchie, Frank (fr801x)
e954253a1a Enable TLS for Ceph RGW
This PS is to optionally enable tls for ceph-rgw.

Change-Id: I4797ef41612143f8065ac8fec20ddeae2c0218a3
2021-04-06 18:44:59 +00:00
Ritchie, Frank (fr801x)
05cad716e5 Add support for rgw placement targets
This PS adds support for rgw placement targets:

https://docs.ceph.com/en/latest/radosgw/placement/#placement-targets

Change-Id: I6fc643994dcf2c15a04f07b8703968a76c009c18
2021-03-12 22:16:41 +00:00
Chinasubbareddy Mallavarapu
da289c78cb [CEPH] Uplift from Nautilus to Octopus release
This is to uplift ceph charts from 14.X release to 15.X

Change-Id: I4f7913967185dd52d4301c218450cfad9d0e2b2b
2021-02-03 22:34:53 +00:00
Gupta, Sangeet (sg774j)
8633b93548 feat(tls): add tls to swift user and service of ceph-rgw
This patch adds certs needed for swift user and ceph service to
communicate with keystone.

Change-Id: I4de035f6fe2138c1d1022140c7571fac91ed1a84
2020-07-30 18:20:46 +00:00
KHIYANI, RAHUL (rk0850)
774d85b77e Add missing security-context for ceph-rgw test pod
This updates the ceph-rgw chart to include the pod
security context on the pod template.

This also adds the container security context to set
readOnlyRootFilesystem flag to true

Change-Id: Ib6be059e387f1932a5655df07ae182f75f142538
2020-07-14 17:26:01 +00:00
KHIYANI, RAHUL (rk0850)
00a64aa807 Add missing security context to ceph-rgw and ceph-osd pods/containers
This updates the ceph-rgw and ceph-osd chart to include the pod
security context on the pod template.

This also adds the container security context to set
readOnlyRootFilesystem flag to true

Change-Id: I1b78b7a0fc413acdb5ea2dc295a0026616d7cac1
2020-07-07 18:08:58 -05:00
Alexander Vlasov
70b0b9b266 [ceph-rgw] Add rwg restart job
Some updates to rgw config like zone or zonegroup changes that can
be done during bootstrap process require rgw restart.
Add restart job which when enabled will use
'kubectl rollout restart deployment'
in order to restart rgw

This will be more useful in greenfield scenarios where
we need to setup zone/zonegroups right after rgw svc up which
needs to restart rgw svc.

Change-Id: I6667237e92a8b87a06d2a59c65210c482f3b7302
2020-06-25 13:15:56 +00:00
Zuul
cfdbcdef16 Merge "[ceph-rgw] Add helm-toolkit snippet to support update strategy" 2020-06-02 17:50:43 +00:00
Andrii Ostapenko
731a6b4cfa Enable yamllint checks
- document-end
- document-start
- empty-lines
- hyphens
- indentation
- key-duplicates
- new-line-at-end-of-file
- new-lines
- octal-values

with corresponding code adjustment.

Change-Id: I92d6aa20df82aa0fe198f8ccd535cfcaf613f43a
2020-05-29 19:49:05 +00:00
Kabanov, Dmitrii
46930fcd06 [Ceph] Upgrade Ceph from 14.2.8 to 14.2.9 version
The PS upgrades Ceph to 14.2.9 version.

Change-Id: I72a2e39a7b4294ac8fd42b1dbc78579c2c0ae791
2020-05-28 15:46:47 +00:00
Zuul
0c5b037c00 Merge "Added Ceph RGW conf properties" 2020-05-26 22:21:28 +00:00
Nishant Kumar
c49387dcba [ceph-rgw] Add helm-toolkit snippet to support update strategy
This PS adds helm-toolkit snippet in deployment spec to support
update strategy driven by values.yaml.

Change-Id: I49616abd1bbaf3930a70c0734b5c3b7ef34a9391
2020-05-21 16:20:55 +00:00
Kabanov, Dmitrii
2aa6b3cf1c [Ceph] Add kubernetes tolerations for ceph deployments
The PS adds kubernetes tolerations for deployments from ceph-client,
ceph-mon, ceph-provisioners and ceph-rgw charts.

Change-Id: If96f5f2058fca6e145e537e95af39089f441ccbb
2020-05-20 19:32:06 +00:00
James Gu
2f8ea3977b Added Ceph RGW conf properties
To meet CNTT certification test requirements, added a few Ceph RGW
configuration properties: rgw_max_attr_name_len,
rgw_max_attrs_num_in_req, rgw_max_attr_size, rgw_swift_versioning_enabled.

Change-Id: Ia92a6f25147270de010cf0feba0cbdabad05459b
Signed-off-by: James Gu <james.gu@att.com>
2020-05-20 02:34:56 +00:00
Gage Hugo
d14d826b26 Remove OSH Authors copyright
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.

This change removes all references to this copyright by the
non-existent group and any blank lines underneath.

Change-Id: I1882738cf9757c5350a8533876fd37b5920b5235
2020-05-07 02:11:15 +00:00
Taylor, Stephen (st053q)
9057c770a6 Enable cephfs tests
Cephfs tests were disabled in order to merge
https://review.opendev.org/695568 due to gate failures that were
blocking it. CephFS isn't used in openstack-helm-infra, so it
wasn't required for that work. This change re-enables the cephfs
tests so we can work through any issues that are causing further
failures.

Since the the issue got fixed in 14.2.8 , upgrading all daemons to 14.2.8.
(https://tracker.ceph.com/issues/43770)

Change-Id: I376d39b7ee00ccb1ab8046b58f92b19a822272e1
2020-04-21 22:25:52 +00:00
Kabanov, Dmitrii
35ff844cbb [Ceph-RGW] Update annotation for the ingress controller
The PS corrects the annotation for the ingress controller.

Change-Id: I16dd75c357ee6e40eb86ba9cfb64b8b4a869ac1a
2020-04-14 09:31:51 -07:00
Chinasubbareddy Mallavarapu
977a5a2f97 [ceph-daemons] Redirect all the logs to stdout
This is to redirect all the logs from daemons to stdout to avoid
accumulating large sized log files on filesystem.

NOTE: The ceph-osd daemon won't work this way and is addressed
separately in https://review.opendev.org/715295. All other Ceph
daemons are included here.

Change-Id: I3045d6e941791aba14979472fac1bca09776d3bf
2020-03-29 10:27:44 -06:00
Chinasubbareddy Mallavarapu
7425e3e5c0 [CEPH] update all ceph daemons startup scripts to support msgr2
This is to update all ceph daemons startup scripts as per msgr2 protocol and
also to update v2 port for mon_host config.
This also removes setting mon_addr config since we already have mon_host config.

v1 default port: 6789
V2 default port: 3300

Change-Id: I3d95edbd89f5ac8b40a34f41c1099311cee4f875
2020-03-04 23:22:02 -06:00
Chinasubbareddy Mallavarapu
281b2018c2 CEPH: upgrade ceph version from 14.2.5 to 14.2.7
This is to upgrade ceph version from 14.2.5 from 14.2.7  and also
to update ceph provisioners to use latest code from quay.io

  - rbd-provisioner: quay.io/external_storage/rbd-provisioner:v2.1.1-k8s1.11
  - cephfs-provisioner: quay.io/external_storage/cephfs-provisioner:v2.1.0-k8s1.11

This also updates verbs for proivioner's clusterrole to support new code.

Change-Id: Ia94129574610bb5c800a6941804e58ca3aefce65
2020-02-18 21:29:23 +00:00
Kabanov, Dmitrii
844d2cd16d [Ceph-rgw] Add bootstrap job
The PS adds bootstrap job for ceph-rgw chart.

Change-Id: I3055e1afe8072277166b8a659c940320720a0588
2020-01-28 01:49:57 +00:00
Stephen Taylor
016b56e586 Ceph Nautilus compatibility
This change updates the Ceph charts to use Ceph Nautilus images
built on Ubuntu Bionic instead of Xenial. The mirror that hosts
Ceph packages only provides Nautilus packages for Bionic at
present, so this is necessary for Nautilus deployment.

There are also several configuration and scripting changes
included to provide compatibility with Ceph Nautilus. Most of
these simply allow existing logic to execute for Nautilus
deployments, but some logical changes are required to support
Nautilus as well.

NOTE: The cephfs test has been disabled because it was failing
the gate. This test has passed in multiple dev environments, and
since cephfs isn't used by any openstack-helm-infra components we
don't want this to block getting this change merged. The gate
issue will be investigated and addressed in a subsequent patch
set.

Change-Id: Id2d9d7b35d4dc66e93a0aacc9ea514e85ae13467
2019-12-17 18:47:24 +00:00
Zuul
108f89b208 Merge "Update egress HTK method" 2019-11-22 00:08:50 +00:00
Tin Lam
3121fc24c5 Update egress HTK method
This patch set places logic to generate kubernetes egress network policy
rule based on the dependencies specified in values.yaml. This also sets
up the necessary default network policy for the OSH gate.

Change-Id: I1ac649cc9debb5d1f4ea0a32f506dcda4d8b8536
Signed-off-by: Tin Lam <tin@irrational.io>
2019-11-21 20:05:34 +00:00
Steve Wilkerson
cbeb7f149b Move charts off using the :latest built tags
This updates charts that consume images built from osh-images to
use tags other than the :latest tags. This will be followed up
with the definition of jobs to allow for vetting out of updated
images, as reliance on :latest tags assumes any change merged into
osh-images will result in functionally correct behavior (which has
shown to not be the case traditionally)

Change-Id: I181aa56ed187604dc7583d8081e53cc69eb27310
Signed-off-by: Steve Wilkerson <sw5822@att.com>
2019-11-21 19:57:07 +00:00
Steve Wilkerson
b50fae62a4 Update kubernetes-entrypoint image reference
This updates the kubernetes-entrypoint image reference to consume
the publicly available kubernetes-entrypoint image that is built
and maintained under the airshipit namespace, as the stackanetes
image is no longer actively maintained

Change-Id: I5bfdc156ae228ab16da57569ac6b05a9a125cb6a
Signed-off-by: Steve Wilkerson <sw5822@att.com>
2019-10-18 18:20:11 +00:00
Kabanov, Dmitrii
ed8ff0d6fa Ceph-RGW: fix helm test
The PS allows to run the tests when both options (rgw_ks and rgw_s3)
are enabled at the same time.

Change-Id: I262baa38b7c65ff9335a3db6a6e2a454c3ff3f5f
2019-08-22 17:00:40 +00:00
Dejaeger, Darren (dd118r)
083956e37b Add node selector to Ceph test pods
This PS looks to add a node selector into the Ceph test pod's
specs.

Change-Id: If73a5036c5e6a651393f81a136874b9e8a52b4f1
2019-06-24 17:41:09 +00:00
Venkata, Krishna (kv988c)
d1964b7b38 [Ceph]: Remove duplicate values
secret_keystone_rgw is defined twice in
same section in lines 548 and 550.

Change-Id: I8f76a6f0f4105d47efbc562d190f2eabf51764c1
2019-06-19 16:45:05 +00:00
RAHUL KHIYANI
56ff59a0ea Ceph-rgw: Fix securityContext
Change-Id: I3ff9e4567cf223d1c6823b00086b4635b424b148
allowPrivilegeEscalation: true to allowPrivilegeEscalation: false
2019-05-23 23:06:11 +00:00
Jean-Philippe Evrard
5f5e988fb3 Point to OSH-images images
We now have a process for OSH-images image building,
using Zuul, so we should point the images by default to those
images, instead of pointing to stale images.

Without this, the osh-images build process is completely not
in use (and completely opaque to deployers), and updating the
osh-images process or patching its code has no impact on OSH.

This should fix it.

Change-Id: Ic00bd98c151669dc2485cd88e0e8c2ab05445959
2019-05-17 08:17:32 +00:00
Roy Tang (rt7380)
85bd731562 Expose Anti-Affinity Weight Setting
This ps exposes the anti-affinity weight value, including
default, that will be consumed by the updated htk function.

Change-Id: Id8eb303674764ef8b0664f62040723aaf77e0a54
2019-05-14 17:04:52 -05:00
Dmitrii Kabanov
b7c07a595c Update image links for Ceph.
Updated the links according to the decision here [1].
The convention for images is <imagename>:<tagging>
where <tagging> takes the format <version>-<distro>.

[1]: http://eavesdrop.openstack.org/irclogs/%23openstack-helm/%23openstack-helm.2019-03-07.log.html#t2019-03-07T17:50:58

Change-Id: I84f8ce731e428f8ef035c008ff615e712c78a1f4
2019-04-24 14:53:42 +00:00
rk0850
9ea6575ed9 ceph-rgw: Add pod/container security context
This updates the ceph-rgw  chart to include the pod
security context on the pod template

This also adds the container security context

Change-Id: Ic75a1decfe156e1e8aa2ebe38238f6b77abb71f8
2019-04-22 15:33:23 +00:00