Critical fixes required for 0.1.0 tagging

* Add imagePullPolicy to ceph with default

* Add imagePullPolicy to mariadb with default

* Add missing imagePullPolicies to nova with defaults

* Remove malfunctioning daemonset dependency from nova

* Add missing neutron endpoint definition to nova values

* Force v4 networking in ceph.  Repeated bootstrapping
  is unreliable without this.

* Update cinder dependencies based on testing

* Optonal Horizon NodePort

* Revert iptables stub for nova-api-osapi because
  we lack permississions to overwrite /sbin/iptables. We
  will continue to run in a privileged security context
  until we have a working solution.
This commit is contained in:
Alan Meadows 2017-01-12 14:51:36 -08:00
parent 0bb12fb2ad
commit db0db427ee
23 changed files with 70 additions and 61 deletions

View File

@ -40,7 +40,7 @@ spec:
containers:
- name: osd-pod
image: {{ .Values.images.daemon }}
imagePullPolicy: Always
imagePullPolicy: {{ .Values.images.pull_policy }}
volumeMounts:
- name: devices
mountPath: /dev

View File

@ -34,6 +34,7 @@ spec:
containers:
- name: ceph-mon
image: {{ .Values.images.daemon }}
imagePullPolicy: {{ .Values.images.pull_policy }}
ports:
- containerPort: 6800
env:

View File

@ -34,7 +34,7 @@ spec:
containers:
- name: ceph-mon
image: {{ .Values.images.daemon }}
imagePullPolicy: Always
imagePullPolicy: {{ .Values.images.pull_policy }}
ports:
- containerPort: 6789
env:
@ -42,8 +42,8 @@ spec:
value: MON_HEALTH
- name: KV_TYPE
value: k8s
- name: MON_IP_AUTO_DETECT
value: "1"
- name: NETWORK_AUTO_DETECT
value: "4"
- name: CLUSTER
value: ceph
volumeMounts:

View File

@ -36,6 +36,7 @@ spec:
containers:
- name: ceph-rgw
image: {{ .Values.images.daemon }}
imagePullPolicy: {{ .Values.images.pull_policy }}
ports:
- containerPort: {{ .Values.network.port.rgw_target }}
env:

View File

@ -58,7 +58,7 @@ spec:
containers:
- name: ceph-mon
image: {{ .Values.images.daemon }}
imagePullPolicy: Always
imagePullPolicy: {{ .Values.images.pull_policy }}
lifecycle:
preStop:
exec:
@ -73,7 +73,7 @@ spec:
- name: KV_TYPE
value: k8s
- name: NETWORK_AUTO_DETECT
value: "1"
value: "4"
- name: CLUSTER
value: ceph
volumeMounts:

View File

@ -18,6 +18,7 @@ service:
images:
daemon: quay.io/attcomdev/ceph-daemon:latest
pull_policy: IfNotPresent
labels:
node_selector_key: ceph-storage

View File

@ -33,6 +33,10 @@ spec:
"name": "DEPENDENCY_SERVICE",
"value": "{{ include "joinListWithColon" .Values.dependencies.volume.service }}"
},
{
"name": "DEPENDENCY_JOBS",
"value": "{{ include "joinListWithColon" .Values.dependencies.volume.jobs }}"
},
{
"name": "COMMAND",
"value": "echo done"

View File

@ -14,11 +14,11 @@ labels:
images:
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0
db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton
ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton
api: quay.io/stackanetes/stackanetes-cinder-api:newton
scheduler: quay.io/stackanetes/stackanetes-cinder-scheduler:newton
volume: quay.io/stackanetes/stackanetes-cinder-volume:newton
@ -130,10 +130,18 @@ dependencies:
- mariadb
- keystone-api
volume:
jobs:
- cinder-db-sync
- cinder-ks-user
- cinder-ks-endpoints
service:
- keystone-api
- cinder-api
scheduler:
jobs:
- cinder-db-sync
- cinder-ks-user
- cinder-ks-endpoints
service:
- keystone-api
- cinder-api

View File

@ -4,6 +4,18 @@ metadata:
name: horizon
spec:
ports:
{{ if .Values.network.enable_node_port }}
- nodePort: {{ .Values.network.node_port }}
port: {{ .Values.network.port }}
protocol: TCP
targetPort: {{ .Values.network.port }}
{{ else }}
- port: {{ .Values.network.port }}
protocol: TCP
targetPort: {{ .Values.network.port }}
{{ end }}
selector:
app: horizon
{{ if .Values.network.enable_node_port }}
type: NodePort
{{ end }}

View File

@ -23,6 +23,8 @@ labels:
network:
port: 80
node_port: 30000
enable_node_port: false
local_settings:
horizon_secret_key: 9aee62c0-5253-4a86-b189-e0fb71fa503c

View File

@ -42,7 +42,7 @@ spec:
containers:
- name: {{ .Values.service_name }}
image: {{ .Values.images.mariadb }}
imagePullPolicy: Always
imagePullPolicy: {{ .Values.images.pull_policy }}
env:
- name: INTERFACE_NAME
value: "eth0"

View File

@ -15,7 +15,7 @@ spec:
containers:
- name: mariadb-init
image: {{ .Values.images.mariadb }}
imagePullPolicy: Always
imagePullPolicy: {{ .Values.images.pull_policy }}
env:
- name: INTERFACE_NAME
value: "eth0"

View File

@ -26,6 +26,7 @@ service_name: mariadb
images:
mariadb: quay.io/stackanetes/stackanetes-mariadb:newton
pull_policy: IfNotPresent
volume:
class_path: volume.beta.kubernetes.io/storage-class

View File

@ -1,23 +0,0 @@
#!/bin/bash
set -ex
#
# start nova-api-osapi service
#
# this helper script ensures our osapi service does not try to call iptables which requires privileged or NET_ADMIN privileges
# by stubbing in a fake iptables scripts
echo <<EOF>/tmp/iptables
#!/bin/sh
# nova-api-metadata trys to run some iptables commands
# This enables the api-only container to run without NET_ADMIN privileges
true
EOF
# make it executable and copy it over whatever iptables may be underneath in this image
chmod +x /tmp/iptables
cp -p /tmp/iptables /sbin/iptables
cp -p /tmp/iptables /sbin/iptables-restore
cp -p /tmp/iptables /sbin/iptables-save
exec nova-api --config-file /etc/nova/nova.conf

View File

@ -7,8 +7,6 @@ data:
{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }}
init.sh: |
{{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }}
start-osapi.sh: |
{{ tuple "bin/_start-osapi.sh.tpl" . | include "template" | indent 4 }}
post.sh: |
{{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }}
libvirt.sh: |

View File

@ -32,10 +32,6 @@ spec:
"name": "DEPENDENCY_JOBS",
"value": "{{ include "joinListWithColon" .Values.dependencies.compute.jobs }}"
},
{
"name": "DEPENDENCY_DAEMONSET",
"value": "{{ include "joinListWithColon" .Values.dependencies.compute.daemonset }}"
},
{
"name": "COMMAND",
"value": "echo done"
@ -54,7 +50,7 @@ spec:
containers:
- name: nova-compute
image: {{ .Values.image.compute }}
imagePullPolicy: Always
imagePullPolicy: {{ .Values.image.pull_policy }}
securityContext:
privileged: true
command:

View File

@ -49,7 +49,7 @@ spec:
containers:
- name: nova-libvirt
image: {{ .Values.image.libvirt }}
imagePullPolicy: Always
imagePullPolicy: {{ .Values.image.pull_policy }}
securityContext:
privileged: true
command:

View File

@ -1,7 +1,7 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nova-api
name: nova-api-metadata
spec:
replicas: {{ .Values.control_replicas }}
revisionHistoryLimit: {{ .Values.upgrades.revision_history }}
@ -15,7 +15,7 @@ spec:
template:
metadata:
labels:
app: nova-api
app: nova-api-metadata
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
@ -52,20 +52,22 @@ spec:
nodeSelector:
{{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }}
containers:
- name: nova-api
- name: nova-api-metadata
image: {{ .Values.image.api }}
imagePullPolicy: {{ .Values.image.pull_policy }}
# https://bugs.launchpad.net/kolla-mesos/+bug/1546007
securityContext:
capabilities:
add:
- NET_ADMIN
command:
- nova-api-metadata --config-file=/etc/nova/nova.conf
- nova-api-metadata
- --config-file=/etc/nova/nova.conf
ports:
- containerPort: {{ .Values.network.port.metadata }}
readinessProbe:
tcpSocket:
port: {{ .Values.network.port.osapi }}
port: {{ .Values.network.port.metadata }}
volumeMounts:
- name: novaconf
mountPath: /etc/nova/nova.conf

View File

@ -1,7 +1,7 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nova-osapi
name: nova-api-osapi
spec:
replicas: {{ .Values.control_replicas }}
revisionHistoryLimit: {{ .Values.upgrades.revision_history }}
@ -52,11 +52,16 @@ spec:
nodeSelector:
{{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }}
containers:
- name: nova-osapi
- name: nova-api-osapi
image: {{ .Values.image.api }}
imagePullPolicy: {{ .Values.image.pull_policy }}
securityContext:
capabilities:
add:
- NET_ADMIN
command:
- bash
- /tmp/start-osapi.sh
- nova-api
- --config-file=/etc/nova/nova.conf
ports:
- containerPort: {{ .Values.network.port.osapi }}
readinessProbe:
@ -66,10 +71,6 @@ spec:
- name: novaconf
mountPath: /etc/nova/nova.conf
subPath: nova.conf
volumeMounts:
- name: startsh
mountPath: /tmp/start-osapi.sh
subPath: start-osapi.sh
volumes:
- name: novaconf
configMap:
@ -77,9 +78,3 @@ spec:
items:
- key: nova.conf
path: nova.conf
- name: startsh
configMap:
name: nova-bin
items:
- key: start-osapi.sh
path: start-osapi.sh

View File

@ -54,6 +54,7 @@ spec:
containers:
- name: nova-conductor
image: {{ .Values.image.conductor }}
imagePullPolicy: {{ .Values.image.pull_policy }}
command:
- nova-conductor
- --config-file

View File

@ -54,6 +54,7 @@ spec:
containers:
- name: nova-consoleauth
image: {{ .Values.image.consoleauth }}
imagePullPolicy: {{ .Values.image.pull_policy }}
command:
- nova-consoleauth
- --config-file

View File

@ -54,6 +54,7 @@ spec:
containers:
- name: nova-scheduler
image: {{ .Values.image.scheduler }}
imagePullPolicy: {{ .Values.image.pull_policy }}
command:
- nova-scheduler
- --config-file

View File

@ -209,3 +209,11 @@ endpoints:
port:
admin: 35357
public: 5000
neutron:
hosts:
default: neutron-server
path: null
type: network
scheme: 'http'
port:
api: 9696