This PS updates python modules and code to match Airflow 2.6.2:
- bionic py36 gates were removed
- python code corrected to match new modules versions
- selection of python modules versions was perfoemed based on
airflow-2.6.2 constraints
Change-Id: I9c3e139b3437414a61af7e7c0b7d7e533fadefda
add focal dockerfile
update zuul jobs for focal
update tox for tox4 changes
update all requirements to latest and match deckhand
update cfssl from R1.2 to v1.6.3
fixed local gates for focal
updated examples promenade manifests to run on focal
Change-Id: I2af4043784766d36588c6f738053ad66e7b89a90
The extraction of the monolithic hyperkube binary from its container
image to be used as kubelet was last relevant in Kubernetes 1.16. Since
then, the hyperkube image has been deprecated, the structure of the
image has been changed, and it has ultimately been eliminated in
Kubernetes 1.19.
This change cleans up promenade accordingly.
Reverts the following commits:
* 886007b New CLI option to extract hyperkube
* 32a6c15 hyperkube image in promenade init
* 955deed New source for hyperkube binary definition
Change-Id: Ib62ecdf1af13abe8202a4ba4f86c39b9042ed13f
gcr.io/google_containers/ no longer contains some of the image
versions we require, use the new location.
Change-Id: I8f9a976a35ca632d785dd4d05f2a55713bde8c3e
Since we introduced chart version check in gates, requirements are not
satisfied with strict check of 0.1.0
Change-Id: Ifd2d7af1f2dabe9bbccd65551e0223dddff529dc
This ps makes following changes to upgrade kubernetes from v1.17.3
to v1.18.6.
- Updated all references to k8s images to 1.18.6
- Updated command options and api object and versions based on
k8s 1.18 release notes:
https://kubernetes.io/docs/setup/release/notes/
- Uplifted uwsgi to 2.0.19.1 to align with other airship
components, and to bring in fixes and improvements.
- Added build-essentials and python3-dev packages to pass the zull
gate, which was looking for a c compiler.
Change-Id: I1160d1e6e2f02a0524043641b9296ea39edb301e
This updates the promenade chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag to true
Change-Id: I688017f329b267e75178053b8e18d56090900f11
This converts the etc configmap to be a secret, whic provides
additional obfuscation against accidental inspection of secrets.
Change-Id: Ifd522a786eb751e7fad35d3f9ee17ec2bb87e010
The patch introduces network policy configuration similar
to openstack-helm services. It allows users to configure
policies depending on the environment.
* Network policies are disabled by default.
* When enabled default policies allow all ingress and
egress traffic (i.e. policy set to {}), this may be
changed in future patch-sets.
Change-Id: Ie73a33f5e27c3bc97748a86378abfab4ed6222e8
Add 'INFO' as default log level.Create logging
section in /etc/promenade/promenade.conf. Set log_level
key in the logging section of promenade.conf to override
the default log level.The allowed log_level values are
as follows:
1. 'DEBUG'
2. 'INFO'
3. 'WARNING'
4. 'ERROR'
5. 'CRITICAL'
Add log_level under logging section in promenade charts values.yaml.
Change-Id: I9bbd36e04bbac96779d3f198b0484176e0045a4e
Use hyperkube image for promenade init container.
It's purpose is to extract and cache hyperkube binary from image.
This binary will be used in promenade-api container as a backup plan.
Init container stores binary in a shared volume where
promenade-api container can use it. It will use it when
promenade config has no docker endpoint to call docker API
from promenade source code.
See https://review.opendev.org/657953 for reference.
Change-Id: I7edcb1acbe0d864324a4341c682bbcb9b110c4eb
Now it's possible to use hyperkube Docker image to extract hyperkube binary.
Use case for this feature is kubelet/kubectl delivery in one binary(hyperkube)
which is built into Docker image. Promenade will extract hyperkube from Docker image,
create symlinks for kubelet/kubectl pointed to hyperkube. To do so promenade container
need to be configured to use Docker on the host where this container will be created.
This is happening only for script generation for genesis node. Later when promenade
will be started as a service pod inside ucp cluster it will generate scripts for joining nodes
by using cached hyperkube from /tmp.
Old way to delivery kubelet from tarball is still supported.
Configuration for the new method.
Need to export environment variables to properly configure Docker in Docker.
Docker socket should be provided as a mounted file inside promenade.
Also need to set temporary permissions for this socket during the build scripts stage.
Example:
DOCKER_SOCK="/var/run/docker.sock"
sudo chmod o+rw $DOCKER_SOCK
export DOCKER_HOST="unix:/${DOCKER_SOCK}"
export PROMENADE_TMP="abs_path_tmp_dir_on_host"
export PROMENADE_TMP_LOCAL="tmp_dir_inside_container"
After genesis scripts generation Docker socket permission should be turned back:
sudo chmod o-rw $DOCKER_SOCK
Change-Id: Ida22ea934fc551fec34df162d8147c8b9e630330
Daemonset update strategy defaults to OnDelete in v1beta1, whereas
it defaults to RollingUpdate in v1, which seems prefereable.
This also adds helm-toolkit based labels at the controller level
to match standard usage such as for example by armada as wait labels.
This change has been tested using the promenade resiliency gate.
Change-Id: I9fd1bc4caedc0a6717b779e5333640ca8dc78b7e
This adds a security context to the promenade chart, which
changes the pod's user from root to the nobody user instead
This also adds the container security context to set
allowPrivilegeEscalation to false and readOnlyRootFilesystem to true
Change-Id: I269d034f6f8a1c14f2897bb375e899abc99e0c01
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. This can be used, for example, to force an
artificial manifest change in CICD scenarios, for upgradability
testing purposes.
Change-Id: I8d0ffac306258f940c63799e86e7e26b5c2c5add
1) UCP -> Airship
2) readthedocs.org -> readthedocs.io (there is redirect)
3) http -> https
4) attcomdev -> airshipit (repo on quay.io)
5) att-comdev -> openstack/airship-* (repo on github/openstack git)
6) many URLs have been verified and adjusted to be current
7) no need for 'en/latest/' path in URL of the RTD
8) added more info to some setup.cfg and setup.py files
9) ucp-integration docs are now in airship-in-a-bottle
10) various other minor fixes
Change-Id: I55f546b8ad22bf2e3097ff831d021ed5a35059de
This change modifies the internal Keystone API port in the Promenade
chart from 80 to 5000 and removes the default admin port to match the
Keystone chart provided by OpenStack-Helm.
Change-Id: I123aed5ba2408f4bc1369910cb9b6c3992970e45
Updated configurations to point to openstack-helm-infra
for reference to helm-toolkit as helm-toolkit has been
removed from the openstack-helm repo [0]
Also aligned with changes to the keystone user set up in
OSH using Helm ToolKit so as to get pass Helm Lint.
[0] https://review.openstack.org/#/c/558065/
Change-Id: I10645c907565df4fd7920ae6ef0615348517f969
* Updates version references
* Increase memory of test VMs due to higher usage with bump
* Move etcd chart scripts from /tmp to /tmp/bin
* Remove certificate signing options for controller manager
* Remove -a from `kubectl get pods`, since that is deprecated in 1.10
* Shorten liveness/readiness probe times for CoreDNS
Change-Id: I16db0370f1c619e16002dd58e29025eb1538691f
This removes the reliance on coredns for APIserver discovery, allowing
a simpler configuration that is compatible with corednx 1.0.x
Change-Id: Ia3b7b5627c16ec47af6b0d6d5e8dee2674e9b1ee
* Add ability to fetch design from Deckhand
* Add functional testing for Deckhand design_ref integration
* Update complete example to work with changes to Ceph chart
Change-Id: Ice25a27b340e68a8ab38a23021cd91e032ca537b