Adding ttlSecondsAfterFinished option to the chart for db
clean up cronjob
Add history limit options
Add concurrency policy to forbid
Change-Id: I431a9a3692fee36f77c6037031965e58c2c343c0
Adding cronjob to purge the drydock DB based on retention day value. Additionally adding drydock API endpoint for purging the tasks and result_message tables and running vacuum full on drydock DB.
Change-Id: Ibcce61ecdafa637ca3ffec654152060aae26d4b8
Adding said label, that's already defined, to the deployment itself.
This will enable Armada to properly wait for certain percentages
of the deployment replicas to be ready prior to proceeding. Prior to
this change, there wasn't a way to select the Drydock deployment via
labels.
Change-Id: I7c5ed223d54213a1260c27485d0bfd493c09163f
This updates the drydock chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: Ibeb60d0b88f3519730b5b76996ab137c5af4f4f5
Corrects a recently introduced rendering error in the chart that
resulted in missing metadata labels for the drydock-db-init and
drydock-db-sync jobs.
https://review.opendev.org/#/c/724768
Change-Id: Ifa01bbc369a33ca3d5482c760a342d873736272e
Update apiversion for deployment to apps/v1
Add selector match labels to deployment
This patch is similar to https://review.opendev.org/#/c/638276/
These changes are required to install drydock helm chart on k8s 1.16.0
Change-Id: Ie9b7344fc94058a6212d09a9b96fe1b2b9d07b4e
The patch introduces network policy configuration similar
to openstack-helm services. It allows users to configure
policies depending on the environment.
* Network policies are disabled by default.
* When enabled default policies allow all ingress and
egress traffic (i.e. policy set to {}), this may be
changed in future patch-sets.
Change-Id: I2705fcf1d322ed06b124811b4ab91bfdfbdeacf3
This PS allows to check the response code and if it's equal
to 22, the test will be considered as successful.
Change-Id: I3867c551be5785488248e956e6f8a124477232f5
This updates the drydock chart to include the pod
security context on the pod template. This changes the pod's
user from root to the nobody user instead
This also adds the container security context to set
allowPrivilegeEscalation to false and readOnlyRootFilesystem to true
Change-Id: I0882622e672e5918da82b58b76697b8974cf0b16
- Instead of forcing a user to provide the full URL for the MAAS API,
instead use the endpoints pattern and render the URI via HTK templates.
- Add secret name to chart to support HTK ingress
- Install libyaml to take advantage of faster parsing by pyyaml
- Add exception logging when node compiling fails.
- Add caching of parsed design to gain efficiency
- Add TLS certificate secret for use by the ingress document
Change-Id: I5a2dbc415483c336d38d67edcebdfc5812f7bb0c
Add ingress support
- Add nodeSelectors to the PodSpec for the Drydock API
pod
- Physical nodes bootstrapping need to access the Drydock
API to retrieve the bootactions that should be executed during
deployment. This moves that access from a nodeport to ingress.
Change-Id: I3db41932c567cc85e89ad003389b7a019a10715f
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. This can be used, for example, to force an
artificial manifest change in CICD scenarios, for upgradability
testing purposes.
Change-Id: I784c0ad26c34338c9acda3dbe271f2139ba3f1f9
Update the Drydock chart to be compatible with the latest Helm-Toolkit,
including taking advantage of some HTK manifest generation functionality
and updating the helm_tk.sh script to pull down master
openstack-helm-infra. Also update the default drydock image to point
to the current airshipit master rather than the old attcomdev in quay.
Change-Id: I9a818ae054361749ce16e9a6213fbeed82581f02
Co-Authored-By: Pete Birley <pete@port.direct>
Signed-off-by: Pete Birley <pete@port.direct>
- Support optionally mounting a SSH private key
to allow Drydock to interact with remote hosts via
ssh (e.g. virsh)
Change-Id: Ib83bc53a46497af6d05f4d87595f1000d3178ec0
- Added a second health check endpoint /extended to get additional data.
- Conforms health check response with UCP standards.
Change-Id: I9e3ac27ec7e536bb18201f1a4642490725a8062c
NOTE: This has become a monolithic commit to get gate
settings/scripts in place for CI
- Add Makefile with UCP standard entrypoints
- Move Dockerfile into images/drydock per UCP standards
- Add values.yaml entries for uWSGI threads and workers
- Add environment variables to chart Deployment manifest
for uWSGI thread and workers
- Add threads and workers specification to uWSGI commandline
in entrypoint
- Test that the Drydock API is responding
- Test that the Drydock API rejects noauth requests
- Fix Makefile utility script to work behind a proxy
Correct task success voting
Some tasks were incorrectly considered partial_success even when
no failure occurred.
- Network configuration erroneously marked messages as errors
- Update result propagation logic to only use the latest retry
The deploy_nodes task ended as incomplete due to a missing
subtask assignment
Also added a node check step to prepare_nodes so that nodes that
are already under provisioner control (MaaS) are not IPMI-rebooted.
Tangential changes:
- added config item to for leadership claim interval
- added some debug logging to bootaction_report task
- fix tasks list API endpoint to generate valid JSON
Improve task concurrency
When tasks are started with a scope of multiple nodes,
split the main task so each node is managed independently
to de-link the progression of nodes.
- Split the prepare_nodes task
- Begin reducing cyclomatic complexity to allow for
better unit testing
- Improved tox testing to include coverage by default
- Include postgresql integration tests in coverage
Closes #73
Change-Id: I600c2a4db74dd42e809bc3ee499fb945ebdf31f6
The post-refactor integration between promenade
and drydock doesn't require (or support) this
volume
Change-Id: Ieca8c4ada7d2469aea17214a163f86ba67a05577
This PS migrates the Drydock chart into this repo.
Update chart with input from previous repo
- Remove default secret names for Keystone jobs
- Use endpoints section for defining ports in service manifest
- Use manifests section for enabling all deployed manifests
Add DB integration
- Introduction of postgresql endpoint for Postgresql
- Addition of db_init and db_sync jobs
- Addition of db-init.sh and db-sync.sh scripts
- Convert conf file to use helm-toolkit templater
- Add database connect string to rendered conf file
Fix copyright notices for AT&T compliance
Change-Id: I1676a41ddbbd05c38f68b2b787924fc973411413