When serializing a block literal, be explicit that we want to treat it
as a string, instead of relying on implicit conversion.
Change-Id: Ia79600ebc228d8417342a0703167f34703169d5a
This introduces a new document called `EncryptionPolicy` to configure
this behavior. It currently only supports using symmetric encryption
with `GPG`, but that should be available on all Ubuntu systems (which is
what we currently support) and should also be fairly reliable.
Change-Id: I06d4faa119b736773df0d8cbf0e7a23fd98edcdf
Depends-On: https://review.openstack.org/#/c/602175/
This was removed in Iccf6228ab9e6d621d3047994b3adc192d67273c9 but should
not have been as it has allowed for code format drift.
This also
* Pins the version of yapf to 0.24.0
* Fixes some drift
* Updates formatting to the version of yapf being used
Change-Id: Ie3d9fd6344a29d8ddb76a36d4a31d001a4c8b7c6
* Detect and re-use existing Certs/Keys
* Negative functional test for join with missing cert
* Positive functional test to generate cert after initial construction
* Extract some promenade test code into tools/g2/lib/promenade.sh
* Add timestamps to tar'd up files
Change-Id: Ib717785fc2c8f6cd1db1970ecdf1f5184ed40e92
* Add ability to fetch design from Deckhand
* Add functional testing for Deckhand design_ref integration
* Update complete example to work with changes to Ceph chart
Change-Id: Ice25a27b340e68a8ab38a23021cd91e032ca537b
Varying versions of yapf were reformatting the code in slightly
different ways. Freezing all lint deps to avoid related issues.
Change-Id: I2ae889c883fb8954588dabc7a2b02b110d000f33
This is intended to address difficulties in setting up the existing
Vagrant-based development environment, and provide a locally-runnable
gate script.
./tools/gate.sh runs tests as specified by a JSON manifest. Valid
manifests live in `tools/g2/manifests`. Currently, the following are
supported:
* full - Run an extensive suite.
* genesis - Run only through Genesis.
* quick - Run a small cluster test.
* prepare - Run only the off-site preparation before Genesis -- useful
for quick sanity testing.
Change-Id: I4900d34437f9fe735f580ab91b38a6bb5424481e
This change includes several interconnected features:
* Migration to Deckhand-based configuration. This is integrated here,
because new configuration data were needed, so it would have been
wasted effort to either implement it in the old format or to update
the old configuration data to Dechkand format.
* Failing faster with stronger validation. Migration to Deckhand
configuration was a good opportunity to add schema validation, which
is a requirement in the near term anyway. Additionally, rendering
all templates up front adds an additional layer of "fail-fast".
* Separation of certificate generation and configuration assembly into
different commands. Combined with Deckhand substitution, this creates
a much clearer distinction between Promenade configuration and
deployable secrets.
* Migration of components to charts. This is a key step that will
enable support for dynamic node management. Additionally, this paves
the way for significant configurability in component deployment.
* Version of kubelet is configurable & controlled via download url.
* Restructuring templates to be more intuitive. Many of the templates
require changes or deletion due to the migration to charts.
* Installation of pre-configured useful tools on hosts, including calicoctl.
* DNS is now provided by coredns, which is highly configurable.
Change-Id: I9f2d8da6346f4308be5083a54764ce6035a2e10c
* remove old files
* sketch of non-bootkube genesis
* add basic chroot/bootstrap script
* cleanup kubectl/kubelet fetching
* fix cni bin asset path
* add non-pod asset loader
* add example ca
* refactor key gen/distribution
* flannel up on genesis
* refactor some code toward join
* WIP: last commit working on "self-hosted, helm-managed"
* first pass at consolidating config for vanilla deploy
* refactor cli a bit
* use provided cluster ca
* separate genesis and join scripts
* add basic etcd joining
* actually run the proxy everywhere
* update readme
* enable kubelet service
* add pki most places
* use consistent sa keypair
* use quay.io/attcomdev/promenade
* fix typo in n3
* tls everywhere in kubernetes
* tls for etcd
* remove currently unused files