140 Commits

Author SHA1 Message Date
Sean Eagan
97ac197a6e Move to v0.3.1 of kubernetes-entrypoint
Move to v0.3.1 of kubernetes-entrypoint which has 2
breaking changes to pod dependencies, and also adds support for
depending on jobs via labels.

Change-Id: I49d2cea11fbe5c5919ae22a020b877ebbb285992
2018-04-25 12:45:50 -05:00
Pete Birley
40a45b9751 RabbitMQ: Add vHost management and improve security
This PS adds vhost management to rabbitmq jobs. It also prevents
sensitive information being displayed in the management job, and
removes the 'administrator' tag from service users.

Change-Id: Id337f763c5e4776bce7269676a8a2dc54dc2e5f8
2018-04-19 08:26:45 -05:00
Chris Wedgwood
b133feefb9 heat: yaml indentation fixes
Change-Id: Ia514170edf2498abaedcf07872ea7e383e847f89
2018-04-11 21:11:37 +00:00
Tin Lam
866d858c6f Update heat bootstrap scripts
This patch set adds in two roles for heat: heat_stack_owner
and heat_stack_user as outlined in the Newton [0] and Ocata [1],
as well as assigning roles.

[0] https://docs.openstack.org/project-install-guide/orchestration/newton/install-ubuntu.html
[1] https://docs.openstack.org/project-install-guide/orchestration/ocata/install-ubuntu.html

Change-Id: I8510ae114448cc1985c11e9b337b9697a379a920
Signed-off-by: Tin Lam <tin@irrational.io>
Co-Authored-By: Pete Birley <pete@port.direct>
2018-03-29 20:52:54 +00:00
melissaml
205c50cd5d fix typos in documentation
Change-Id: Idb156b0141e177041de5c79b2118d682808d45aa
2018-03-23 08:38:21 +08:00
Zuul
c9a875e9f4 Merge "Ingress: support arbitary hostnames." 2018-03-21 23:24:55 +00:00
Pete Birley
6971143048 Ingress: support arbitary hostnames.
This PS allows arbitary hostnames to be used for public endpoints,
provided the resolve externally to the ingress controllers.

Change-Id: I44411687f756968d00178d487af66c2393e6bde0
2018-03-21 09:39:55 -05:00
Sean Eagan
85587f2f56 Use v0.3.0 of kubernetes-entrypoint
This version is already being used by some charts, so this brings the
rest of the charts in line and allows them to use a new feature,
pod dependencies, that this version provides.

Change-Id: Ie8289eb09b31cd8f98c2c5b4dd5bbe469078e6d8
2018-03-19 10:35:36 -05:00
Zuul
32a468178b Merge "Ingress controller service: consolidate to helm-toolkit" 2018-03-14 02:14:22 +00:00
Tin Lam
1f75555cd1 Add trustee domain
This patch set allows for searching the trustee user in a specified
domain rather than just the "default" domain.

Change-Id: I53ee6816e02c25e577244015fe5aea0870e0fd32
Signed-off-by: Tin Lam <tin@irrational.io>
2018-03-12 22:31:08 -05:00
Pete Birley
507600e898 Ingress controller service: consolidate to helm-toolkit
This PS consolidates the Ingress controller service, that is used
to resolve internal requests to public endpoints correctly, to
helm-toolkit.

Change-Id: If7c7deca1b8289a32709f7dc7c936883469aadfe
2018-03-12 13:48:39 +00:00
Zuul
4f0aeb619d Merge "DB-Drop-Jobs: consolidate to helm-toolkit" 2018-03-10 20:10:23 +00:00
Pete Birley
6e4bcebcf5 DB-Drop-Jobs: consolidate to helm-toolkit
This PS consolidates the DB-Drop Job to helm-toolkit.

Change-Id: Ia2b035d730bf612086a9fd9b5d14aba494f56dc7
2018-03-09 14:25:15 +00:00
Pete Birley
02767f6d76 Reduce the number of workers spawned by services
This PS reduces the number of processes spawned by services, as
with Kubernetes load distribution can be better managed by a larger
number of single threaded pods (up to a certain point) and doing so
also provides both increased avilibility, leading to smoother rolling
updates. In addtion when running single replicas resource consuption
is reduced.

Change-Id: Ifb7494a0804913d843a072e10d26c6ec53c3bd16
2018-03-09 06:39:02 +00:00
Hemanth Nakkina
8c9ac9f5df Remove Api version constraint for CronJob
Cronjob resource is deprecated in batch/v2alpha1 from
k8s 1.8 and batch/v1beta1 is enabled by default. All the
CronJobs are already using batch/v1beta1 but there is condition
to check if api version have batch/v2alpha1.

Remove the api version constraint on batch/v2alpha1

Partial-Bug: #1753524
Change-Id: I7eeb7d6cc2630311ec5d613b9e059824daae0620
2018-03-06 08:46:22 +05:30
Zuul
4884dd228c Merge "Keystone Authtoken Cache: allow universal secret key to be set" 2018-03-05 19:26:37 +00:00
portdirect
1c85fdc390 Keystone Authtoken Cache: allow universal secret key to be set
This PS allows a cache secret key for all instances of keystone
middleware to be defined in a single location.

Change-Id: I3d5c78732d8a8bb9110117130f0d886fea609526
Partial-Bug: 1753251
2018-03-05 08:49:24 -05:00
Pete Birley
08b8f5c4f5 Heat: use endpoints section and lookups to set port
This PS moves heat to use the endpoints section and lookups to
set the port it serves on.

Change-Id: Id44db993c1b5df5ffd2b9bb6602faca4ac3472a6
2018-03-03 17:37:04 +00:00
Renis
1ecc905b65 Rabbitmq Credential Management
- This PS implements job to create new user
for each chart

Change-Id: I7335ba4ad4bc9f70871100dbd9e6f030049abe07
2018-02-26 17:44:44 -08:00
Pete Birley
f57972b5b6 dependencies: move static dependencies under a 'static' key
This PS moves static dependencies under a 'static' key to allow
expansion to cover dynamic dependencies.

Change-Id: I38990b93aa79fa1f70af6f2c78e5e5c61c63f32c
2018-02-23 12:31:15 -08:00
Pete Birley
49aacc2030 Ingress rules: consolidate to helm-toolkit
This PS consolidates ingress rules to helm-toolkit.

Change-Id: I38a4de939e1ec65fed1630a53787d363f2ec78f6
2018-02-21 10:21:16 -08:00
Chris Wedgwood
6b844382ad yaml cleanup: trim multiline strings
Change-Id: Ice615c1d252651793dfa09b8e85a5b4228d68737
2018-02-20 16:39:52 +00:00
Zuul
e4313c86c7 Merge "remove unnecessary calls to quote" 2018-02-20 14:53:21 +00:00
Zuul
7575de9297 Merge "Bootstrap jobs: move template to helm toolkit" 2018-02-20 14:53:11 +00:00
Zuul
85937d3cb8 Merge "Heat: clean up dead engines with cronjob" 2018-02-20 05:23:40 +00:00
portdirect
c7e2eb9e25 Bootstrap jobs: move template to helm toolkit
This PS moves the templates for bootstrap jobs to helm-toolkit.

Change-Id: I0fc0f7722cfc87b00e26510dee7ba79d2139a171
2018-02-19 22:53:34 -05:00
Zuul
826fddca01 Merge "Node Labels: update nodelabels to allow targeting of pods to nodes" 2018-02-20 00:41:51 +00:00
portdirect
5be8e34606 Heat: clean up dead engines with cronjob
This PS adds a cronjob to clean up dead engines.

Change-Id: I5482ee8c21203d9e889437947f37f1355446c43a
2018-02-19 14:35:49 -05:00
Chris Wedgwood
4f6a9983f5 remove unnecessary calls to quote
Change-Id: I1099c3f56b1d81b97033a8653d6bf1b9ea4d04e7
2018-02-19 18:55:46 +00:00
portdirect
b12f7eb8bc Heat: name all heat engines "heat-engine"
This PS names all the heat engine "heat-engine" by default. This should
make the number of dead engines simple to manage following updates.

Change-Id: I369d96c2269a0dbff5c88840f56c921bd389ae27
2018-02-19 12:52:15 -05:00
Pete Birley
b311f86193 Node Labels: update nodelabels to allow targeting of pods to nodes
This PS updates the node labels to allow pods to be targeted to nodes
on a per type basis.

Change-Id: I45d5383d04fcd1d98740a18d86c1cfc2cb8ec409
2018-02-19 11:51:09 -05:00
portdirect
eb943b63fb DB-Sync-Jobs: consolidate to helm-toolkit
This PS consolidates the DB-Sync Job to helm-toolkit.

Change-Id: I54d53468a437f6cacf6943ed3dec27089bf5f482
2018-02-18 21:08:24 -06:00
portdirect
897edb3202 DB-Init-Jobs: consolidate to helm-toolkit
This PS consolidates the DB-Init Job to helm-toolkit.

Change-Id: Ib92743d678de09a6fb4457e5415a098013952410
2018-02-17 22:47:58 +00:00
portdirect
2cb634789d Images: Move default to LOCI and Kolla newton gate
This PS moves the default image in OSH for most services to use LOCI
and also provides a Kolla gate for newton openstack.

Change-Id: Ice6cb9f89bc3ce6e8280e580d215aedda9e71904
2018-02-16 17:06:15 -05:00
portdirect
8d30e6698e Helm-Toolkit: move keystone endpoint jobs to helm-toolkit
This PS moves the keystone endpoint jobs to be driven by
a helm-toolkit function providing greater consistency
to the charts in OSH, and reduced tech debt.

Change-Id: I06555171ce93a2b0a8798bc891a2990ea9626276
2018-02-07 19:51:41 -05:00
portdirect
914ffdbfe4 Helm-Toolkit: move keystone service jobs to helm-toolkit
This PS moves the keystone service jobs to be driven by
a helm-toolkit function providing greater consistency
to the charts in OSH, and reduced tech debt.

Change-Id: I36e012854473fcb942d62391d182ee6a8406bb72
2018-02-08 00:31:52 +00:00
portdirect
72792a49d4 Keystone: update user jobs to use defaults in dict keys
This PS updates the Keystone user job template to use default
values when not specified via the input dict.

Change-Id: I937e720ab3ab4ba70c33ea981d7693ebfd01c894
2018-02-07 11:03:17 -05:00
portdirect
319fd2cbec Jobs: Apply uniform node selector label to all jobs in OSH
This PS applies a uniform node selector label to all jobs in OSH.

Change-Id: I2efedcea2085b8189bd0bd12dd0ee66e63db0d97
2018-02-07 10:16:06 -05:00
portdirect
f296acf647 Helm-Toolkit: move keystone user jobs to helm-toolkit
This PS moves the keystone user jobs to be driven by
a helm-toolkit function providing greater consistency
to the charts in OSH, and reduced tech debt.

Change-Id: Ic5eb172b0443f61b8ecab8b3a607c764fb145c75
2018-02-07 09:49:04 -05:00
portdirect
b180d28618 Auth: Update credential keys to reference service specifically
This PS moves all credentials for OpenStack services from 'user' to
the service name. This allows a single yaml snippet to articulate
the credentials for a deployment.

Change-Id: Ic720109f2ba854561b23767cb480bcae91f74b6b
2018-01-15 18:54:13 +00:00
portdirect
e446e5eceb Ingress: Update image and add UDP/TCP proxying support
This PS updates the image used in the ingress controller and
adds UDP/TCP proxying. In addition the chart has been given
a spring clean to better match other OSH charts.

Change-Id: Ib892b82c4657c42e7531a2ce81746398e7bd4df5
2018-01-11 18:33:42 -05:00
Zuul
5d91148986 Merge "Oslo-messaging: remove unused admin credentials from values.yaml" 2018-01-06 18:49:55 +00:00
portdirect
4b9c2c7922 Oslo-messaging: remove unused admin credentials from values.yaml
This PS remove the admin credentials from the values.yaml, which
have never been leveraged.

Change-Id: Ifb1cdefd1c52b8a2a2fb3a627393d305823e74ec
2018-01-05 10:22:53 -05:00
portdirect
5a2f71ebdf Ingress: Allow annotations to be dyanmicly driven
This PS allows the ingress rules to be dynamicly driven from the
values.yaml, permitting the ingress cotnroller to ba changed and
custom rules to be applied: eg whitelisting of clients.

Change-Id: Ica6b4692ff9b6b77d1efe6bae212a1227e56ca66
2018-01-05 00:29:05 -05:00
portdirect
fa2620d54b RBAC for OSH
This PS applys RBAC rules to OSH, based off the work
done in https://review.openstack.org/#/c/526464/

Change-Id: I541b0ac1a3972566ef2b66571ae32744dab70c17
2017-12-26 10:24:19 -05:00
portdirect
7803346e64 Images: Heat service specific explicit image names
This PS makes the service-specific images for Heat have
explicit names, allowing simple over-riding of images for an
entire site.

Change-Id: I36aff29746b8d402516033a9cc53fcb0c1e06fec
2017-11-28 23:20:56 -05:00
Hyunsun Moon
0808cf5198 Add option to set external policy to local for openstack services
External traffic policy "local" would be preffered when openstack
service is accessed from external via node port. This option has an
effect only when service node port is enabled.

Change-Id: Ic68cfc59dc39dc842d4790deffa70efe433dd7a6
2017-11-02 15:07:21 +09:00
intlabs
fe6107cf76 Images: Update values to allow simple parse of images being used
This PS updates the values file layout for images to allow simple
parsing of the images in use by charts, allowing them to be queried
and modified much more simply. By moving the image tags to a 'tags'
key, we can extend the options used simply to accomodate extra
options simply (eg prefixing the tag for use with an internal
registry) or pre-pulling the images to reduce chart deploy failure.

Change-Id: I9ec1dbb00d997ab6cb021bf0b698f7aae740e95d
2017-10-23 10:05:20 -05:00
Michał Dulko
f4f17b01b8 heat-engine as Deployment or StatefulSet
heat-engine service can be now configured to be either Deployment or
StatefulSet.

Additionally this commit removes /var/cache/heat volume, as it's not
used by heat-engine or other heat services at all.

Change-Id: I541a1efc7817beb5f05d4cce216d9ea1cf378d7a
Co-Authored-By: Mateusz Blaszkowski <mateusz.blaszkowski@intel.com>
2017-10-16 06:16:14 +00:00
intlabs
c699614b2d Heat: Fix stack user domain credential template
This PS fixes an error in the heat.conf where the region name was
injected into the stack domain user parm for domain name.

Change-Id: I14ca3f07a8122d31fd5a8982d783a7b1812ae0e9
2017-10-12 16:38:37 -05:00