Commit Graph

351 Commits

Author SHA1 Message Date
SPEARS, DUSTIN (ds443n) 7f15516372 Update k8s to v1.29.2
Change-Id: I8d8d38e62fd13884afb0d0c4d027d81879cbe313
2024-03-07 16:41:50 -05:00
SPEARS, DUSTIN (ds443n) 12fdf402f6 Add resource allocation setting for etcd sidecar
Change-Id: I4c284d9bbf2da91a6a0e43758d92bf007be25f9c
2024-02-12 11:58:18 -05:00
SPEARS, DUSTIN (ds443n) c3aac9628d Add liveness and readiness probe
This adds liveness/readiness probes to sidecar for etcd

Change-Id: If942de8b7c1a59e7da887e1bdc2626daf699aeab
2024-02-08 16:35:48 -05:00
SPEARS, DUSTIN (ds443n) 7ce7301476 Update ETCD to v3.5.11
Since after v3.5.6 etcd-io switched to a
distroless base image. Etcd anchor pods
are now using etcd-utility and etcd is
running a sidecar for health checks.

Change-Id: I198dca1209097de4d60a53a7568f0c4790679599
2024-02-08 10:35:33 -05:00
SPEARS, DUSTIN (ds443n) 89d9d907b7 Upgrade kubernetes to v1.29.0
Change-Id: I2d62dac82d6b9d738c3aa71e541e89eddeb5ae87
2024-01-08 13:39:28 -05:00
Sergiy Markin c1da28f637 [backups] Add throttlling of remote etcd backups
This PS adds a possibility to limit (to throttle) the number of
simultaneously uploaded backups while keeping the logic on the client
side using flag files on remote side.

Change-Id: I753faab8f3d934346d54e38bfc94cec3a8f79385
2023-12-19 16:14:43 +00:00
Sergiy Markin 748dfc535d [backups] Update staggered backups
This PS updates yaml tree of values getting aligned with similar changes
in osh-infra project.

Change-Id: I9a5fc987bea7b4cb1214e329e5f77a0e26011d8d
2023-12-05 04:17:10 +00:00
Sergiy Markin d1c4a54bf7 [backups] Added staggered backups
This PS adds staggered backups possibility by adding anti-affinity rules
to backups cronjobs that can be followed across several namespaces to
decrease load on remote backup destination server making sure that at
every moment in time there is only one backup upload is in progress.

Change-Id: I320c6ce6370b45c602114189819a4225e479f680
2023-12-04 22:03:29 +00:00
SPEARS, DUSTIN (ds443n) 903b1363db Update k8s to v1.28.4
Change-Id: I300aa19f78206712b08d246cabbe5043b8abf509
2023-11-30 13:42:20 -05:00
Zuul eb4efc172b Merge "Airflow stable 2.6.2" 2023-08-30 21:59:03 +00:00
Sergiy Markin 69a74590e7 Airflow stable 2.6.2
This PS updates python modules and code to match Airflow 2.6.2:

- bionic py36 gates  were removed
- python code corrected to match new modules versions
- selection of python modules versions was perfoemed based on
  airflow-2.6.2 constraints

Change-Id: I9c3e139b3437414a61af7e7c0b7d7e533fadefda
2023-08-29 21:12:11 +00:00
Anselme, Schubert (sa246v) 558acaf3bf
Parametrise etcd-anchor readiness probe
Change-Id: Iae3f1e5900c91b0ee7cb07c6f024cdcf41455125
Signed-off-by: Anselme, Schubert (sa246v) <sa246v@att.com>
2023-08-22 12:36:03 -04:00
SPEARS, DUSTIN (ds443n) f806f8983a Update k8s to 1.27.4
Change-Id: I782762508f5fa8206751d7b9f719bcea448efe09
2023-07-31 13:55:03 -04:00
SPEARS, DUSTIN (ds443n) 3c68fb2281 Update k8s to 1.27.2
Bump k8s from 1.27.1 to 1.27.2

Change-Id: If171853f06d970a8bcfaa83098e407de9b4bc041
2023-06-02 15:28:33 -04:00
SPEARS, DUSTIN (ds443n) 7a4051c6a3 Revert chart version
reverting chart versions to previous value

Change-Id: Id1d06f81d997d704af1a0bdb3fd0d8c9e8746360
2023-05-17 15:39:24 -04:00
SPEARS, DUSTIN (ds443n) 1717ed84e5 k8s upgrade to 1.27.1
upgrades kubernetes client to v1.27.1
upgrade etcd to v3.5.6

Change-Id: Iaf287353425aa6263a81617890a2ca3c2f2e4281
2023-05-17 10:32:04 -04:00
Sergiy Markin 32ad8a96b0 [focal] Python modules sync with Airship project
- uplifted/downgraded some python modules
- fixed falcon.API deprecation - -> falcon.App
- uplifted deckhand reference for python deps
- fixed formatting style  using yapf linter
- added bindep role and bindep.txt file with required deps
- fixed quai docker image publishing
- re-enabled openstack-tox-py38 gate job

Change-Id: I0e248182efad75630721a1291bc86a5edc79c22a
2023-04-21 06:09:14 +00:00
SPEARS, DUSTIN (ds443n) 70dd0c8599 Remove deprecated controller-manager flag
Additionally update all images from k8s.gcr.io to registry.k8s.io

Change-Id: I0240ee0bf5d23d035126a81318f57b240f5af402
2023-04-18 15:02:30 -04:00
SPEARS, DUSTIN (ds443n) 5f62088d01 Adjusting daemonset anchor readiness check
To avoid pods cycling too quickly by checking if manifest
was created by daemonset and the component on the same host
is ready

Change-Id: I7f9b35e222ef5934fca71f30fdf9941caa60ccd7
2023-04-13 15:35:29 -04:00
SPEARS, DUSTIN (ds443n) 27a8b0d798 k8s upgrade to 1.26.0
upgrades kubernetes client to v1.26.0
remove installation of containerd during genesis.sh to prevent containerd downgrade
update bitnami kubectl image to image with curl installed for readiness check

Change-Id: I3afd5a7e7211bae3f52263167a62a012da0619a0
2023-03-20 13:16:48 -04:00
Wahlstedt, Walter (ww229g) 8ce937a9f7 updates for focal
add focal dockerfile
update zuul jobs for focal
update tox for tox4 changes
update all requirements to latest and match deckhand
update cfssl from R1.2 to v1.6.3
fixed local gates for focal
updated examples promenade manifests to run on focal

Change-Id: I2af4043784766d36588c6f738053ad66e7b89a90
2023-02-27 12:11:07 -05:00
Wahlstedt, Walter (ww229g) 3ba747bb48 CoreDNS: uplift to 1.9.4
* Uplift the CoreDNS image to 1.9.4 (From mirantis product)

Change-Id: I3e272761b802cd2cc227c9877cecab1d19cda486
2022-09-23 14:51:06 -04:00
Ruslan Aliev c10165c144 K8S upgrade 1.24
Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
Change-Id: Iaa0c5f57ac621f2b91f525da423db0acd9d8ea99
2022-09-14 19:34:02 -05:00
Wahlstedt, Walter (ww229g) c60ea37cc3 CoreDNS: uplift to 1.8.6
* Uplift the CoreDNS image to 1.8.6 (aligning to k8s v1.23) [0]
* Add support for endpointslices

0: https://github.com/coredns/deployment/blob/master/kubernetes/CoreDNS-k8s_version.md
Change-Id: I06f43d6152de2347ba056139429f09222def8d5f
2022-09-14 14:33:28 -05:00
Markin, Sergiy (sm515x) d316409fbd [CPID-354] Improve MariaDB Backup/Restore validation process
Updating etcd chart with added backup validation function empty implementation(subject for future realization). This has to be done because helm-toolkit chart in openstack-helm-infra is now calling that function verify_databases_backup_archives() as part of backup_databases() function implementation:
https://review.opendev.org/c/openstack/openstack-helm-infra/+/853027

Changed apiVersion of etcd cronjob from batch/v1beta to batch/v1 and fixed securityContext for etcd_backup.

Also bumping up HTK version to 0.2.48 from a commit id obtained from merge of https://review.opendev.org/c/openstack/openstack-helm-infra/+/853027 and set proper commit id in this file: tools/helm_tk.sh

Change-Id: Ie047dd0e6a2aae6483ace89cad22d6720890cdfc
2022-09-09 12:24:03 -05:00
Ruslan Aliev e207bbe966 k8s upgrade to v1.23.7
Address changes and deprecations in Kubernetes v1.21=>v1.23

controller-manager:
* --authorization-kubeconfig and --authentication-kubeconfig must be set
* liveness/readiness probes must use HTTPS
* the default port has been changed to 10257

kubelet:
* --dynamic-config-dir has been deprecated, will not move to GA
* --cni-bin-dir has been deprecated, will be removed with dockershim
* --cni-conf-dir has been deprecated, will be removed with dockershim
* --network-plugin has been deprecated, will be removed with dockershim

https: //github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.23.md#deprecation
https: //kubernetes.io/docs/tasks/administer-cluster/reconfigure-kubelet/
https: //github.com/kubernetes/enhancements/tree/master/keps/sig-node/281-dynamic-kubelet-configuration
Change-Id: Ia996d7c14d81d1d8b8067f11c02ffb4ce90eb49a
2022-06-29 00:21:45 -05:00
Phil Sphicas 0f9818eccc Use bitnami kubectl
Update the anchor pods to use a regularly patched and updated kubectl
image that contains the necessary components (bash, jq, curl, etc.) in
addition to kubectl: https://hub.docker.com/r/bitnami/kubectl

Change-Id: Ia3e75dc334c3c1a88abfec10fb0367447e79a538
2022-04-25 14:28:59 -07:00
Phil Sphicas 6a17e4fccd Use curl (not socat) in apiserver anchor readiness
Update the kubernetes apiserver anchor pod to use curl instead of socat
for its readiness probe.

Change-Id: Id102d6542fa21b6d692781f81d250a3231e18771
2022-04-25 14:22:01 -07:00
Lo, Chi (cl566n) dc60ef8454 Removing set -x from function
Removing set -x from within the dump_databases_to_directory function.
The set -x from within the function is causing all the code that
follows the function call to have debug tracing on. This in turns
causing multiple identical logs for the same event. Looking at this
function, there should be enough logging to aid debugging.

Reference ps:  https://review.opendev.org/c/openstack/openstack-helm-infra/+/830533
               (commit 2fc1ce4a142e605a9fc6c90dceabbf7c4bfb81e3)

Change-Id: Id442972bbcca983afab7c4f3c29f3686e9e0b481
2022-02-24 18:54:54 +00:00
Sophie Huang 91c21ce14e Enhance ETCD backup
Pick up the helm-toolkit DB backup enhancement in etcd
to add capability to retry uploading backup to remote server.

Change-Id: If6ea347a4c2c55f14f35d95681aaf482d0a6103c
2022-01-25 22:04:25 +00:00
Sophie Huang 257ed54ddb Uplift HTK stable commit (db-backup-restore)
1) Uplift helm-toolkit to include db-backup-restore error log string
   prefixes for the generation of alert

   https://review.opendev.org/c/openstack/openstack-helm-infra/+/823867

2) Error log string prefixes are added to etcd backup-restore as well

Change-Id: Iad51a3e55567d0861140a97c17a1b7d859e13938
2022-01-12 21:23:06 +00:00
francisy 3cac5cbde0 Promenade Enhancement
Update charts in Promenade to Kubernetes version 1.21

Change-Id: Iab6d10b384a8be3a4b4d2357a51b35ab93a797b0
2022-01-10 14:04:15 -05:00
Phil Sphicas e4d9d99c13 Update charts to use stable Kubernetes APIs
Update applicable charts to use non-deprecated APIs [0], specifically
addressing the following resource types:
* ClusterRole
* ClusterRoleBinding
* Role
* Rolebinding

The APIs being migrated to are available in v1.19 or earlier. As of this
change, v1.19 is the oldest supported Kubernetes version, slated for EOL
on 2021-10-28. [1]

0: https://kubernetes.io/docs/reference/using-api/deprecation-guide/
1: https://kubernetes.io/releases/
Change-Id: I134b201d9ae01a8d74e34ee14f3bfe3b960cb5aa
2021-10-18 18:59:34 +00:00
Phil Sphicas 08906262fd Update tolerations and priority classes
* Give kube-proxy a blanket toleration
* Replace scheduler.alpha.kubernetes.io/critical-pod annotation with
    priorityClassName: system-node-critical

Change-Id: I810333913c09531eefa1ded014fe090d4cca7f7d
2021-10-18 11:33:54 -07:00
Sean Eagan 2f823c69d2 Helm 3: Fix Job labels
See the dependency below for details.

Depends-On: https://review.opendev.org/c/openstack/openstack-helm-infra/+/811826
Change-Id: Ib7730c5cbcaa95dab615baac1efda310e5a52fcc
2021-10-06 13:18:43 +00:00
Sean Eagan 731deccf05 charts: move to helm 3 preferred apis
- `helm.sh/hook: test-success` > `helm.sh/hook: test`

Signed-off-by: Sean Eagan <seaneagan1@gmail.com>
Change-Id: If7dded45533705ee028e5d6da326ea94a634529d
2021-09-30 16:57:16 -05:00
Sean Eagan 9d696ca0a4 Use helm 3 in chart build
`helm serve` is removed in helm 3 so this moves
to using local `file://` dependencies [0] instead.

[0]: https://helm.sh/docs/chart_best_practices/dependencies/#repository-urls

Signed-off-by: Sean Eagan <seaneagan1@gmail.com>
Change-Id: Ia45c57e0cccac477f6ff59a254d03d6fcec14bef
2021-09-30 16:57:05 -05:00
Sean Eagan ccadbc05b8 Fix chart yaml indentation issue
Signed-off-by: Sean Eagan <seaneagan1@gmail.com>
Change-Id: I884785942ded0f355b9256263cc23b2e01f35bab
2021-09-30 16:53:26 -05:00
Phil Sphicas 41b3ad3dbb Adjust kube-apiserver anchor readiness
To avoid cycling the pods in the anchor daemonset too quickly, only
consider a kubernetes-apiserver-anchor pod ready if:
- it created the static manifest kubernetes-apiserver.yaml
- the kubernetes-apiserver pod on the same host is ready

Change-Id: I53dd1c044332946eeb965f07ae828910f00b04c6
2021-08-10 16:48:14 +00:00
Phil Sphicas 3e28b0ee2d Fix kube-apiserver anchor script rendering
This change corrects two rendering issues in the kube-apiserver anchor
script. The details and impact are mentioned below.

1. The kube-apiserver anchor script fails to clean up some files from
the host, because the path is incomplete. For example, the cleanup()
function of the script includes:

    rm -f "/host/acconfig.yaml"

instead of

    rm -f "/host/etc/kubernetes/apiserver/acconfig.yaml"

2. A recent change to allow fileless command options [0] caused some
extraneous lines to end up in the script. For example, the rendered
script includes:

    snapshot_files() {
        cp "/tmp/etc/" "${SNAPSHOT_DIR}/etc/kubernetes/apiserver/"
    }

    compare_copy_files() {
        SRC="${SNAPSHOT_DIR}/etc/kubernetes/apiserver/"
        DEST="/host/etc/kubernetes/apiserver/"
        if [ ! -e "${DEST}" ] || ! cmp -s "${SRC}" "${DEST}"; then
            mkdir -p $(dirname "${DEST}")
            cp "${SRC}" "${DEST}"
            chmod go-rwx "${DEST}"
        fi
    }

    cleanup() {
        rm -f "/host/"
    }

Since the 'cp' and 'rm' commands don't include '-r', this is actually
non-impacting, other than some log messages.

0: https://review.opendev.org/c/airship/promenade/+/788092

Change-Id: Id0a47727d56268d13ebb4718b8578d94272c2181
2021-08-09 16:45:24 +00:00
Thirunavukkarasu Palani 7692b36fe9 Fix deprecated warning in Promenade controller-manager chart
Deprecated warning:
1. Flag --address has been deprecated, see --bind-address instead.
2. Flag --port has been deprecated, see --secure-port instead.

Change-Id: Ie93e95ab755dd338ac31914d1a50e61e351b907e
2021-07-14 04:15:41 +00:00
ubuntu 183b977754 Fix deprecated warning in Promenade apiserver chart
Removed PersistentVolumeLabel from apiserver to fix below warning.
Deprecated warning:
1. PersistentVolumeLabel admission controller is deprecated.
   Please remove this controller from your configuration files and scripts.
2. insecure-port has been deprecated, This flag has no effect now
   and will be removed in v1.24.

Change-Id: Iaccff8467b5ed967fa41e85b38c27f7345cd97bb
2021-06-29 16:14:17 +00:00
Thirunavukkarasu Palani 1401664ab2 Update Proxy chart
1. Remove hostname override
2. Include condition in proxy chart

Change-Id: Idc674643e668c4b1ec82e037bb74ca244c0c071c
2021-06-22 20:57:23 +00:00
Thirunavukkarasu Palani 9da1262c70 Add configMap to proxy chart
Flags in kube-proxy other than --config, --write-config-to,
and --cleanup are deprecated.
Added configmap to remove deprecated warning

Change-Id: I325e3a459b1079c6d1902bf06a43e00021231716
2021-06-15 14:22:23 +00:00
francisy cb1398496d Add hash annotation to apiserver-webhook deployment
Add a hash of the dynamic-config configmap to the annotations of the apiserver-webhook pod metadata, so that a chart upgrade will trigger a pod restart if the configmap contents change

Change-Id: I9c01b71b128e2bc6a5a07e5aa7ba826a4ffa237e
2021-06-10 17:53:22 -04:00
Zuul 0e8fad3fbc Merge "Add "labels" to apiserver-webhook deployment" 2021-05-14 19:27:49 +00:00
Phil Sphicas 06254b36ed CoreDNS: Uplift to 1.7.0
* Uplift the CoreDNS image to 1.7.0 (aligning to k8s v1.20) [0]
* Update the Corefile based on corefile-tool migration [1]

Note that the previously-deprecated "upstream" option is removed in
1.7.0 [2], and if not removed from the Corefile, will cause the pods to
crashloop.

0: https://github.com/coredns/deployment/blob/master/kubernetes/CoreDNS-k8s_version.md
1: https://github.com/coredns/corefile-migration/tree/master/corefile-tool
2: https://github.com/coredns/coredns/pull/3737

Change-Id: I03882240e8335f09956e412345e783e9a897ed9a
2021-05-03 17:30:48 +00:00
Phil Sphicas ae6782b452 Kubernetes: Uplift to v1.20.5
Uplift Kubernetes images and binaries from v1.19.7 to v1.20.5. No config
changes.

Change-Id: If2a8c9169c831a001205e8aa947df7fc00a1e658
2021-05-03 17:21:30 +00:00
Phil Sphicas 5cf854e25c CoreDNS: Migrate Corefile to version 1.6.4
The Corefile in values.yaml has been unchanged since before CoreDNS
version 1.1.3, but the specified image version is 1.6.4.

This change aligns the Corefile with the CoreDNS version, as generated
by the Corefile migration tool [0]:

    corefile-tool migrate --from 1.1.3 --to 1.6.4

0: https://github.com/coredns/corefile-migration/tree/master/corefile-tool

Change-Id: I8912737bf219e43e1b8e477109a76d38085014f2
2021-05-03 17:12:50 +00:00
Phil Sphicas 9533be32a1 Add required apiserver serviceaccount flags
In v1.20, TokenRequest and TokenRequestProjection become GA features,
and the following flags are required by the API server:
* --service-account-issuer
* --service-account-key-file
* --service-account-signing-key-file

This change ensures that the flags are set, and that the required keys
are in the right places.

Change-Id: I6606c5b1c9ff005d1943b424e3e7ad4d20b68408
2021-04-30 22:45:43 +00:00