Critical fixes required for 0.1.0 tagging
* Add imagePullPolicy to ceph with default * Add imagePullPolicy to mariadb with default * Add missing imagePullPolicies to nova with defaults * Remove malfunctioning daemonset dependency from nova * Add missing neutron endpoint definition to nova values * Force v4 networking in ceph. Repeated bootstrapping is unreliable without this. * Update cinder dependencies based on testing * Optonal Horizon NodePort * Revert iptables stub for nova-api-osapi because we lack permississions to overwrite /sbin/iptables. We will continue to run in a privileged security context until we have a working solution.
This commit is contained in:
parent
0bb12fb2ad
commit
db0db427ee
@ -40,7 +40,7 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: osd-pod
|
- name: osd-pod
|
||||||
image: {{ .Values.images.daemon }}
|
image: {{ .Values.images.daemon }}
|
||||||
imagePullPolicy: Always
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: devices
|
- name: devices
|
||||||
mountPath: /dev
|
mountPath: /dev
|
||||||
|
@ -34,6 +34,7 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: ceph-mon
|
- name: ceph-mon
|
||||||
image: {{ .Values.images.daemon }}
|
image: {{ .Values.images.daemon }}
|
||||||
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 6800
|
- containerPort: 6800
|
||||||
env:
|
env:
|
||||||
|
@ -34,7 +34,7 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: ceph-mon
|
- name: ceph-mon
|
||||||
image: {{ .Values.images.daemon }}
|
image: {{ .Values.images.daemon }}
|
||||||
imagePullPolicy: Always
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 6789
|
- containerPort: 6789
|
||||||
env:
|
env:
|
||||||
@ -42,8 +42,8 @@ spec:
|
|||||||
value: MON_HEALTH
|
value: MON_HEALTH
|
||||||
- name: KV_TYPE
|
- name: KV_TYPE
|
||||||
value: k8s
|
value: k8s
|
||||||
- name: MON_IP_AUTO_DETECT
|
- name: NETWORK_AUTO_DETECT
|
||||||
value: "1"
|
value: "4"
|
||||||
- name: CLUSTER
|
- name: CLUSTER
|
||||||
value: ceph
|
value: ceph
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
@ -36,6 +36,7 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: ceph-rgw
|
- name: ceph-rgw
|
||||||
image: {{ .Values.images.daemon }}
|
image: {{ .Values.images.daemon }}
|
||||||
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
ports:
|
ports:
|
||||||
- containerPort: {{ .Values.network.port.rgw_target }}
|
- containerPort: {{ .Values.network.port.rgw_target }}
|
||||||
env:
|
env:
|
||||||
|
@ -58,7 +58,7 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: ceph-mon
|
- name: ceph-mon
|
||||||
image: {{ .Values.images.daemon }}
|
image: {{ .Values.images.daemon }}
|
||||||
imagePullPolicy: Always
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
lifecycle:
|
lifecycle:
|
||||||
preStop:
|
preStop:
|
||||||
exec:
|
exec:
|
||||||
@ -73,7 +73,7 @@ spec:
|
|||||||
- name: KV_TYPE
|
- name: KV_TYPE
|
||||||
value: k8s
|
value: k8s
|
||||||
- name: NETWORK_AUTO_DETECT
|
- name: NETWORK_AUTO_DETECT
|
||||||
value: "1"
|
value: "4"
|
||||||
- name: CLUSTER
|
- name: CLUSTER
|
||||||
value: ceph
|
value: ceph
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
@ -18,6 +18,7 @@ service:
|
|||||||
|
|
||||||
images:
|
images:
|
||||||
daemon: quay.io/attcomdev/ceph-daemon:latest
|
daemon: quay.io/attcomdev/ceph-daemon:latest
|
||||||
|
pull_policy: IfNotPresent
|
||||||
|
|
||||||
labels:
|
labels:
|
||||||
node_selector_key: ceph-storage
|
node_selector_key: ceph-storage
|
||||||
|
@ -33,6 +33,10 @@ spec:
|
|||||||
"name": "DEPENDENCY_SERVICE",
|
"name": "DEPENDENCY_SERVICE",
|
||||||
"value": "{{ include "joinListWithColon" .Values.dependencies.volume.service }}"
|
"value": "{{ include "joinListWithColon" .Values.dependencies.volume.service }}"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "DEPENDENCY_JOBS",
|
||||||
|
"value": "{{ include "joinListWithColon" .Values.dependencies.volume.jobs }}"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "COMMAND",
|
"name": "COMMAND",
|
||||||
"value": "echo done"
|
"value": "echo done"
|
||||||
|
@ -14,11 +14,11 @@ labels:
|
|||||||
|
|
||||||
images:
|
images:
|
||||||
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0
|
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0
|
||||||
db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
|
|
||||||
db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton
|
|
||||||
ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
|
ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
|
||||||
ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
|
ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
|
||||||
ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
|
ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
|
||||||
|
db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
|
||||||
|
db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton
|
||||||
api: quay.io/stackanetes/stackanetes-cinder-api:newton
|
api: quay.io/stackanetes/stackanetes-cinder-api:newton
|
||||||
scheduler: quay.io/stackanetes/stackanetes-cinder-scheduler:newton
|
scheduler: quay.io/stackanetes/stackanetes-cinder-scheduler:newton
|
||||||
volume: quay.io/stackanetes/stackanetes-cinder-volume:newton
|
volume: quay.io/stackanetes/stackanetes-cinder-volume:newton
|
||||||
@ -130,10 +130,18 @@ dependencies:
|
|||||||
- mariadb
|
- mariadb
|
||||||
- keystone-api
|
- keystone-api
|
||||||
volume:
|
volume:
|
||||||
|
jobs:
|
||||||
|
- cinder-db-sync
|
||||||
|
- cinder-ks-user
|
||||||
|
- cinder-ks-endpoints
|
||||||
service:
|
service:
|
||||||
- keystone-api
|
- keystone-api
|
||||||
- cinder-api
|
- cinder-api
|
||||||
scheduler:
|
scheduler:
|
||||||
|
jobs:
|
||||||
|
- cinder-db-sync
|
||||||
|
- cinder-ks-user
|
||||||
|
- cinder-ks-endpoints
|
||||||
service:
|
service:
|
||||||
- keystone-api
|
- keystone-api
|
||||||
- cinder-api
|
- cinder-api
|
||||||
|
@ -4,6 +4,18 @@ metadata:
|
|||||||
name: horizon
|
name: horizon
|
||||||
spec:
|
spec:
|
||||||
ports:
|
ports:
|
||||||
|
{{ if .Values.network.enable_node_port }}
|
||||||
|
- nodePort: {{ .Values.network.node_port }}
|
||||||
|
port: {{ .Values.network.port }}
|
||||||
|
protocol: TCP
|
||||||
|
targetPort: {{ .Values.network.port }}
|
||||||
|
{{ else }}
|
||||||
- port: {{ .Values.network.port }}
|
- port: {{ .Values.network.port }}
|
||||||
|
protocol: TCP
|
||||||
|
targetPort: {{ .Values.network.port }}
|
||||||
|
{{ end }}
|
||||||
selector:
|
selector:
|
||||||
app: horizon
|
app: horizon
|
||||||
|
{{ if .Values.network.enable_node_port }}
|
||||||
|
type: NodePort
|
||||||
|
{{ end }}
|
||||||
|
@ -23,6 +23,8 @@ labels:
|
|||||||
|
|
||||||
network:
|
network:
|
||||||
port: 80
|
port: 80
|
||||||
|
node_port: 30000
|
||||||
|
enable_node_port: false
|
||||||
|
|
||||||
local_settings:
|
local_settings:
|
||||||
horizon_secret_key: 9aee62c0-5253-4a86-b189-e0fb71fa503c
|
horizon_secret_key: 9aee62c0-5253-4a86-b189-e0fb71fa503c
|
||||||
|
@ -42,7 +42,7 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: {{ .Values.service_name }}
|
- name: {{ .Values.service_name }}
|
||||||
image: {{ .Values.images.mariadb }}
|
image: {{ .Values.images.mariadb }}
|
||||||
imagePullPolicy: Always
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
env:
|
env:
|
||||||
- name: INTERFACE_NAME
|
- name: INTERFACE_NAME
|
||||||
value: "eth0"
|
value: "eth0"
|
||||||
|
@ -15,7 +15,7 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: mariadb-init
|
- name: mariadb-init
|
||||||
image: {{ .Values.images.mariadb }}
|
image: {{ .Values.images.mariadb }}
|
||||||
imagePullPolicy: Always
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
env:
|
env:
|
||||||
- name: INTERFACE_NAME
|
- name: INTERFACE_NAME
|
||||||
value: "eth0"
|
value: "eth0"
|
||||||
|
@ -26,6 +26,7 @@ service_name: mariadb
|
|||||||
|
|
||||||
images:
|
images:
|
||||||
mariadb: quay.io/stackanetes/stackanetes-mariadb:newton
|
mariadb: quay.io/stackanetes/stackanetes-mariadb:newton
|
||||||
|
pull_policy: IfNotPresent
|
||||||
|
|
||||||
volume:
|
volume:
|
||||||
class_path: volume.beta.kubernetes.io/storage-class
|
class_path: volume.beta.kubernetes.io/storage-class
|
||||||
|
@ -1,23 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
set -ex
|
|
||||||
|
|
||||||
#
|
|
||||||
# start nova-api-osapi service
|
|
||||||
#
|
|
||||||
# this helper script ensures our osapi service does not try to call iptables which requires privileged or NET_ADMIN privileges
|
|
||||||
# by stubbing in a fake iptables scripts
|
|
||||||
|
|
||||||
echo <<EOF>/tmp/iptables
|
|
||||||
#!/bin/sh
|
|
||||||
# nova-api-metadata trys to run some iptables commands
|
|
||||||
# This enables the api-only container to run without NET_ADMIN privileges
|
|
||||||
true
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# make it executable and copy it over whatever iptables may be underneath in this image
|
|
||||||
chmod +x /tmp/iptables
|
|
||||||
cp -p /tmp/iptables /sbin/iptables
|
|
||||||
cp -p /tmp/iptables /sbin/iptables-restore
|
|
||||||
cp -p /tmp/iptables /sbin/iptables-save
|
|
||||||
|
|
||||||
exec nova-api --config-file /etc/nova/nova.conf
|
|
@ -7,8 +7,6 @@ data:
|
|||||||
{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }}
|
{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }}
|
||||||
init.sh: |
|
init.sh: |
|
||||||
{{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }}
|
{{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }}
|
||||||
start-osapi.sh: |
|
|
||||||
{{ tuple "bin/_start-osapi.sh.tpl" . | include "template" | indent 4 }}
|
|
||||||
post.sh: |
|
post.sh: |
|
||||||
{{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }}
|
{{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }}
|
||||||
libvirt.sh: |
|
libvirt.sh: |
|
||||||
|
@ -32,10 +32,6 @@ spec:
|
|||||||
"name": "DEPENDENCY_JOBS",
|
"name": "DEPENDENCY_JOBS",
|
||||||
"value": "{{ include "joinListWithColon" .Values.dependencies.compute.jobs }}"
|
"value": "{{ include "joinListWithColon" .Values.dependencies.compute.jobs }}"
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"name": "DEPENDENCY_DAEMONSET",
|
|
||||||
"value": "{{ include "joinListWithColon" .Values.dependencies.compute.daemonset }}"
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"name": "COMMAND",
|
"name": "COMMAND",
|
||||||
"value": "echo done"
|
"value": "echo done"
|
||||||
@ -54,7 +50,7 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: nova-compute
|
- name: nova-compute
|
||||||
image: {{ .Values.image.compute }}
|
image: {{ .Values.image.compute }}
|
||||||
imagePullPolicy: Always
|
imagePullPolicy: {{ .Values.image.pull_policy }}
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
command:
|
command:
|
||||||
|
@ -49,7 +49,7 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: nova-libvirt
|
- name: nova-libvirt
|
||||||
image: {{ .Values.image.libvirt }}
|
image: {{ .Values.image.libvirt }}
|
||||||
imagePullPolicy: Always
|
imagePullPolicy: {{ .Values.image.pull_policy }}
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
command:
|
command:
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
apiVersion: extensions/v1beta1
|
apiVersion: extensions/v1beta1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
name: nova-api
|
name: nova-api-metadata
|
||||||
spec:
|
spec:
|
||||||
replicas: {{ .Values.control_replicas }}
|
replicas: {{ .Values.control_replicas }}
|
||||||
revisionHistoryLimit: {{ .Values.upgrades.revision_history }}
|
revisionHistoryLimit: {{ .Values.upgrades.revision_history }}
|
||||||
@ -15,7 +15,7 @@ spec:
|
|||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
app: nova-api
|
app: nova-api-metadata
|
||||||
annotations:
|
annotations:
|
||||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
|
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
|
||||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
|
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
|
||||||
@ -52,20 +52,22 @@ spec:
|
|||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }}
|
{{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }}
|
||||||
containers:
|
containers:
|
||||||
- name: nova-api
|
- name: nova-api-metadata
|
||||||
image: {{ .Values.image.api }}
|
image: {{ .Values.image.api }}
|
||||||
|
imagePullPolicy: {{ .Values.image.pull_policy }}
|
||||||
# https://bugs.launchpad.net/kolla-mesos/+bug/1546007
|
# https://bugs.launchpad.net/kolla-mesos/+bug/1546007
|
||||||
securityContext:
|
securityContext:
|
||||||
capabilities:
|
capabilities:
|
||||||
add:
|
add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
command:
|
command:
|
||||||
- nova-api-metadata --config-file=/etc/nova/nova.conf
|
- nova-api-metadata
|
||||||
|
- --config-file=/etc/nova/nova.conf
|
||||||
ports:
|
ports:
|
||||||
- containerPort: {{ .Values.network.port.metadata }}
|
- containerPort: {{ .Values.network.port.metadata }}
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
tcpSocket:
|
tcpSocket:
|
||||||
port: {{ .Values.network.port.osapi }}
|
port: {{ .Values.network.port.metadata }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: novaconf
|
- name: novaconf
|
||||||
mountPath: /etc/nova/nova.conf
|
mountPath: /etc/nova/nova.conf
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
apiVersion: extensions/v1beta1
|
apiVersion: extensions/v1beta1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
name: nova-osapi
|
name: nova-api-osapi
|
||||||
spec:
|
spec:
|
||||||
replicas: {{ .Values.control_replicas }}
|
replicas: {{ .Values.control_replicas }}
|
||||||
revisionHistoryLimit: {{ .Values.upgrades.revision_history }}
|
revisionHistoryLimit: {{ .Values.upgrades.revision_history }}
|
||||||
@ -52,11 +52,16 @@ spec:
|
|||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }}
|
{{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }}
|
||||||
containers:
|
containers:
|
||||||
- name: nova-osapi
|
- name: nova-api-osapi
|
||||||
image: {{ .Values.image.api }}
|
image: {{ .Values.image.api }}
|
||||||
|
imagePullPolicy: {{ .Values.image.pull_policy }}
|
||||||
|
securityContext:
|
||||||
|
capabilities:
|
||||||
|
add:
|
||||||
|
- NET_ADMIN
|
||||||
command:
|
command:
|
||||||
- bash
|
- nova-api
|
||||||
- /tmp/start-osapi.sh
|
- --config-file=/etc/nova/nova.conf
|
||||||
ports:
|
ports:
|
||||||
- containerPort: {{ .Values.network.port.osapi }}
|
- containerPort: {{ .Values.network.port.osapi }}
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
@ -66,10 +71,6 @@ spec:
|
|||||||
- name: novaconf
|
- name: novaconf
|
||||||
mountPath: /etc/nova/nova.conf
|
mountPath: /etc/nova/nova.conf
|
||||||
subPath: nova.conf
|
subPath: nova.conf
|
||||||
volumeMounts:
|
|
||||||
- name: startsh
|
|
||||||
mountPath: /tmp/start-osapi.sh
|
|
||||||
subPath: start-osapi.sh
|
|
||||||
volumes:
|
volumes:
|
||||||
- name: novaconf
|
- name: novaconf
|
||||||
configMap:
|
configMap:
|
||||||
@ -77,9 +78,3 @@ spec:
|
|||||||
items:
|
items:
|
||||||
- key: nova.conf
|
- key: nova.conf
|
||||||
path: nova.conf
|
path: nova.conf
|
||||||
- name: startsh
|
|
||||||
configMap:
|
|
||||||
name: nova-bin
|
|
||||||
items:
|
|
||||||
- key: start-osapi.sh
|
|
||||||
path: start-osapi.sh
|
|
||||||
|
@ -54,6 +54,7 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: nova-conductor
|
- name: nova-conductor
|
||||||
image: {{ .Values.image.conductor }}
|
image: {{ .Values.image.conductor }}
|
||||||
|
imagePullPolicy: {{ .Values.image.pull_policy }}
|
||||||
command:
|
command:
|
||||||
- nova-conductor
|
- nova-conductor
|
||||||
- --config-file
|
- --config-file
|
||||||
|
@ -54,6 +54,7 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: nova-consoleauth
|
- name: nova-consoleauth
|
||||||
image: {{ .Values.image.consoleauth }}
|
image: {{ .Values.image.consoleauth }}
|
||||||
|
imagePullPolicy: {{ .Values.image.pull_policy }}
|
||||||
command:
|
command:
|
||||||
- nova-consoleauth
|
- nova-consoleauth
|
||||||
- --config-file
|
- --config-file
|
||||||
|
@ -54,6 +54,7 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: nova-scheduler
|
- name: nova-scheduler
|
||||||
image: {{ .Values.image.scheduler }}
|
image: {{ .Values.image.scheduler }}
|
||||||
|
imagePullPolicy: {{ .Values.image.pull_policy }}
|
||||||
command:
|
command:
|
||||||
- nova-scheduler
|
- nova-scheduler
|
||||||
- --config-file
|
- --config-file
|
||||||
|
@ -209,3 +209,11 @@ endpoints:
|
|||||||
port:
|
port:
|
||||||
admin: 35357
|
admin: 35357
|
||||||
public: 5000
|
public: 5000
|
||||||
|
neutron:
|
||||||
|
hosts:
|
||||||
|
default: neutron-server
|
||||||
|
path: null
|
||||||
|
type: network
|
||||||
|
scheme: 'http'
|
||||||
|
port:
|
||||||
|
api: 9696
|
||||||
|
Loading…
Reference in New Issue
Block a user