For now we leave the tiller status enpdpoint, until
Shipyard has had a release to stop depending on it [0].
[0]: https://review.opendev.org/c/airship/shipyard/+/802718
Signed-off-by: Sean Eagan <seaneagan1@gmail.com>
Change-Id: If8a02d7118f6840fdbbe088b4086aee9a18ababb
This change introduces a configuration option to control whether Tiller
listens on any IP addresses (the previous default), or binds only to
127.0.0.1 (the new default).
The same option is used for both the Armada and Tiller charts:
.conf.tiller.listen_on_any (default: false)
The affected tiller command line argument is:
-listen 127.0.0.1:port (if false)
-listen :port (if true)
Listening on any address allows Helm client direct access to Tiller, via
'helm --host pod_ip:port'.
Listening on localhost does prevent connections directly to the pod IP,
but it does not preclude the use of 'kubectl port-forward' to establish
a connection to Tiller.
The Tiller container in the Armada pod exists only to service Armada via
127.0.0.1. The Helm client automatically sets up port forwarding (if it
has access to the Kubernetes API). As a result, this change should be
non-impacting. However, the previous behavior can be restored by setting
.conf.tiller.listen_on_any=true.
Change-Id: Id308976bac21cc521e8470516ce49ebd1942da68
This adds two parameters to the armada and tiller charts
to allow to configure sql storage backend [0].
[0]: https://v2.helm.sh/docs/install/#sql-storage-backend
Change-Id: Iba621c4ebcb0e34d514358ac5970697e2215166c
Signed-off-by: Angie Wang <angie.wang@windriver.com>
Update Helm chart for Armada to use Tiller version 2.16.9.
depends on: https://review.opendev.org/#/c/749497/
Change-Id: I16f7a5e8e571f067154e79a5f2ceb18be7d8db2d
The cache dir could no longer be written to when
readOnlyRootFilesystem went into effect [0].
This adds a configurable volume/mount for the cache dir.
[0]: https://review.opendev.org/#/c/703881/
Change-Id: I63a7c8575041aa3c6fd523213f8dffb0542fb0e5
This updates the tiller chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: I08694e58d057c04f7ba30ded5dca1207ceaac5e2
This leaves support in Armada for tiller 2.13+ as
we don't use any new features since then, so don't
need to require a newer version.
Change-Id: I6e5343fe942794987bec140e23208dd04fcbfd44
Allows to configure the probes via values.yaml in both
the armada charts, which includes armada and tiller
containers, and in the standalone tiller chart
Also bumps the osh sha in tools/helm_tk.sh to latest
22ef25ab295d6b7c6797cfffaa77cf181c673e9b
Change-Id: I0bb0acf00ecc0b61f8d324fe9b6a8507c361e9fc
This adds a parameter to the armada and tiller charts
to configure the tiller storage [0] type. For backward
compatibility, by default the parameter is not passed
to tiller, thus relying on the upstream default, which
is 'configmap'.
[0]: https://helm.sh/docs/using_helm/#tiller-s-release-information
Change-Id: I5d2a7558e3847331a0ce95c15b2e741f96130674
The patch introduces network policy configuration similar
to openstack-helm services. It allows users to configure
policies depending on the environment.
* Network policies are disabled by default.
* When enabled default policies allow all ingress and
egress traffic (i.e. policy set to {}), this may be
changed in future patch-sets.
Change-Id: Ie14a652830b4366e070ded91f8bbf83ca24d1007
This PS looks to add a node selector into the test pod's spec,
as well as the standalone tiller's spec.
Change-Id: I8d2054f0d9d360cb6baaa7ff636348c5a4d18149
In general, stuck pending statuses can be avoided by not enabling
the tiller native wait flag when updating releases, since tiller
then marks the release completed directly after applying the
resources to kubernetes.
However, when updating tiller itself, once kubernetes sees the
updated tiller resource, it can bring tiller down
before it has a chance to mark the release which contains tiller
as completed, leaving it in pending status.
This adds a preStop hook to both the standalone and sidecar tiller
containers to simply sleep to give them a chance to finish updating
their release, before terminating.
Ideally tiller would handle this on its own
via signal handling, but it doesn't. We could try to query for
the absence of PENDING_*** releases via `helm ls` before exiting,
however the helm CLI is not available inside the tiller image, and
those releases could be getting updated from another tiller instance,
or had already got stuck in that state previously, in which case we
don't want to hold up tiller termination.
Change-Id: I300c613f2a89eb1406531ce0a9af85c429a886f2
Helm v2.13.1 has been released [0], and is the next version of Helm
Armada is compatible with. Currently, Armada is not compatible with the
latest version of Helm toolkit due to a divergence caused in Helm v2.13.
This change uplifts Helm to v2.13.1 to restore compatibility with the
latest version of Helm toolkit.
[0] https://github.com/helm/helm/releases/tag/v2.13.1
Change-Id: Ieaf2475562c56530b6ec69c6a43611b4b47b7c83
This PS updates the Armada charts to be compaible with the current
helm-toolkit and also fixes the makefile.
Change-Id: Idf3113237f7fe8f80a70a727536df1419e270fc7
Signed-off-by: Pete Birley <pete@port.direct>
1) Add resource limits
2) Add Liveness and Readiness Probes for Armada API
3) Remove duplicated Tiller deployment/service that is
in the armada directory
Change-Id: I9a76ab177c8d71ba7ea6e4e0d265c3d70ba970dd
- conf.tiller.verbosity now sets the verbosity that tiller
runs at within the pod. Default is "5".
- Update Makefile and helm_tk.sh so that 'make dry-run' and
'make helm-lint' works for both tiller and armada charts
Change-Id: Ie1a8f2b44ea626af251915a762db3846784b4da4
- adding .editorconfig file
- minor cleanup in various files related to .editorconfig
- typos, whitespace, etc.
- other general housekeeping items on the codebase
Change-Id: I104f8dcb06aafb180da12f7ee4c0ded41fc07b9d
Manifests key for tiller service used in template and values is
different. Change the values.yaml as per the name specified in
template files.
Closes #193https://github.com/att-comdev/armada/issues/193
Change-Id: I4922cc6ac41ffb362bb86d5123a74825edf61c2b
We are seeing error [0] during deployment.
This is an attempt to fix the issue.
[0] Error Messages
StatusCode.UNKNOWN, configmaps is forbidden:
User "system:serviceaccount:kube-system:default" cannot list configmaps in the namespace "kube-system"
Change-Id: I9b962d3b173fc59685c95901581c4ad0f31aa4b9
Sean Eagan