Critical fixes required for 0.1.0 tagging
* Add imagePullPolicy to ceph with default * Add imagePullPolicy to mariadb with default * Add missing imagePullPolicies to nova with defaults * Remove malfunctioning daemonset dependency from nova * Add missing neutron endpoint definition to nova values * Force v4 networking in ceph. Repeated bootstrapping is unreliable without this. * Update cinder dependencies based on testing * Optonal Horizon NodePort * Revert iptables stub for nova-api-osapi because we lack permississions to overwrite /sbin/iptables. We will continue to run in a privileged security context until we have a working solution.
This commit is contained in:
parent
0bb12fb2ad
commit
db0db427ee
@ -40,7 +40,7 @@ spec:
|
||||
containers:
|
||||
- name: osd-pod
|
||||
image: {{ .Values.images.daemon }}
|
||||
imagePullPolicy: Always
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
volumeMounts:
|
||||
- name: devices
|
||||
mountPath: /dev
|
||||
|
@ -34,6 +34,7 @@ spec:
|
||||
containers:
|
||||
- name: ceph-mon
|
||||
image: {{ .Values.images.daemon }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
ports:
|
||||
- containerPort: 6800
|
||||
env:
|
||||
|
@ -34,7 +34,7 @@ spec:
|
||||
containers:
|
||||
- name: ceph-mon
|
||||
image: {{ .Values.images.daemon }}
|
||||
imagePullPolicy: Always
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
ports:
|
||||
- containerPort: 6789
|
||||
env:
|
||||
@ -42,8 +42,8 @@ spec:
|
||||
value: MON_HEALTH
|
||||
- name: KV_TYPE
|
||||
value: k8s
|
||||
- name: MON_IP_AUTO_DETECT
|
||||
value: "1"
|
||||
- name: NETWORK_AUTO_DETECT
|
||||
value: "4"
|
||||
- name: CLUSTER
|
||||
value: ceph
|
||||
volumeMounts:
|
||||
|
@ -36,6 +36,7 @@ spec:
|
||||
containers:
|
||||
- name: ceph-rgw
|
||||
image: {{ .Values.images.daemon }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
ports:
|
||||
- containerPort: {{ .Values.network.port.rgw_target }}
|
||||
env:
|
||||
|
@ -58,7 +58,7 @@ spec:
|
||||
containers:
|
||||
- name: ceph-mon
|
||||
image: {{ .Values.images.daemon }}
|
||||
imagePullPolicy: Always
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
lifecycle:
|
||||
preStop:
|
||||
exec:
|
||||
@ -73,7 +73,7 @@ spec:
|
||||
- name: KV_TYPE
|
||||
value: k8s
|
||||
- name: NETWORK_AUTO_DETECT
|
||||
value: "1"
|
||||
value: "4"
|
||||
- name: CLUSTER
|
||||
value: ceph
|
||||
volumeMounts:
|
||||
|
@ -18,6 +18,7 @@ service:
|
||||
|
||||
images:
|
||||
daemon: quay.io/attcomdev/ceph-daemon:latest
|
||||
pull_policy: IfNotPresent
|
||||
|
||||
labels:
|
||||
node_selector_key: ceph-storage
|
||||
|
@ -33,6 +33,10 @@ spec:
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.volume.service }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_JOBS",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.volume.jobs }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
|
@ -14,11 +14,11 @@ labels:
|
||||
|
||||
images:
|
||||
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0
|
||||
db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
|
||||
db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton
|
||||
ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
|
||||
ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
|
||||
ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
|
||||
db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
|
||||
db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton
|
||||
api: quay.io/stackanetes/stackanetes-cinder-api:newton
|
||||
scheduler: quay.io/stackanetes/stackanetes-cinder-scheduler:newton
|
||||
volume: quay.io/stackanetes/stackanetes-cinder-volume:newton
|
||||
@ -130,10 +130,18 @@ dependencies:
|
||||
- mariadb
|
||||
- keystone-api
|
||||
volume:
|
||||
jobs:
|
||||
- cinder-db-sync
|
||||
- cinder-ks-user
|
||||
- cinder-ks-endpoints
|
||||
service:
|
||||
- keystone-api
|
||||
- cinder-api
|
||||
scheduler:
|
||||
jobs:
|
||||
- cinder-db-sync
|
||||
- cinder-ks-user
|
||||
- cinder-ks-endpoints
|
||||
service:
|
||||
- keystone-api
|
||||
- cinder-api
|
||||
|
@ -4,6 +4,18 @@ metadata:
|
||||
name: horizon
|
||||
spec:
|
||||
ports:
|
||||
{{ if .Values.network.enable_node_port }}
|
||||
- nodePort: {{ .Values.network.node_port }}
|
||||
port: {{ .Values.network.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.network.port }}
|
||||
{{ else }}
|
||||
- port: {{ .Values.network.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.network.port }}
|
||||
{{ end }}
|
||||
selector:
|
||||
app: horizon
|
||||
{{ if .Values.network.enable_node_port }}
|
||||
type: NodePort
|
||||
{{ end }}
|
||||
|
@ -23,6 +23,8 @@ labels:
|
||||
|
||||
network:
|
||||
port: 80
|
||||
node_port: 30000
|
||||
enable_node_port: false
|
||||
|
||||
local_settings:
|
||||
horizon_secret_key: 9aee62c0-5253-4a86-b189-e0fb71fa503c
|
||||
|
@ -42,7 +42,7 @@ spec:
|
||||
containers:
|
||||
- name: {{ .Values.service_name }}
|
||||
image: {{ .Values.images.mariadb }}
|
||||
imagePullPolicy: Always
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
env:
|
||||
- name: INTERFACE_NAME
|
||||
value: "eth0"
|
||||
|
@ -15,7 +15,7 @@ spec:
|
||||
containers:
|
||||
- name: mariadb-init
|
||||
image: {{ .Values.images.mariadb }}
|
||||
imagePullPolicy: Always
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
env:
|
||||
- name: INTERFACE_NAME
|
||||
value: "eth0"
|
||||
|
@ -26,6 +26,7 @@ service_name: mariadb
|
||||
|
||||
images:
|
||||
mariadb: quay.io/stackanetes/stackanetes-mariadb:newton
|
||||
pull_policy: IfNotPresent
|
||||
|
||||
volume:
|
||||
class_path: volume.beta.kubernetes.io/storage-class
|
||||
|
@ -1,23 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
|
||||
#
|
||||
# start nova-api-osapi service
|
||||
#
|
||||
# this helper script ensures our osapi service does not try to call iptables which requires privileged or NET_ADMIN privileges
|
||||
# by stubbing in a fake iptables scripts
|
||||
|
||||
echo <<EOF>/tmp/iptables
|
||||
#!/bin/sh
|
||||
# nova-api-metadata trys to run some iptables commands
|
||||
# This enables the api-only container to run without NET_ADMIN privileges
|
||||
true
|
||||
EOF
|
||||
|
||||
# make it executable and copy it over whatever iptables may be underneath in this image
|
||||
chmod +x /tmp/iptables
|
||||
cp -p /tmp/iptables /sbin/iptables
|
||||
cp -p /tmp/iptables /sbin/iptables-restore
|
||||
cp -p /tmp/iptables /sbin/iptables-save
|
||||
|
||||
exec nova-api --config-file /etc/nova/nova.conf
|
@ -7,8 +7,6 @@ data:
|
||||
{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }}
|
||||
init.sh: |
|
||||
{{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }}
|
||||
start-osapi.sh: |
|
||||
{{ tuple "bin/_start-osapi.sh.tpl" . | include "template" | indent 4 }}
|
||||
post.sh: |
|
||||
{{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }}
|
||||
libvirt.sh: |
|
||||
|
@ -32,10 +32,6 @@ spec:
|
||||
"name": "DEPENDENCY_JOBS",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.compute.jobs }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_DAEMONSET",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.compute.daemonset }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
@ -54,7 +50,7 @@ spec:
|
||||
containers:
|
||||
- name: nova-compute
|
||||
image: {{ .Values.image.compute }}
|
||||
imagePullPolicy: Always
|
||||
imagePullPolicy: {{ .Values.image.pull_policy }}
|
||||
securityContext:
|
||||
privileged: true
|
||||
command:
|
||||
|
@ -49,7 +49,7 @@ spec:
|
||||
containers:
|
||||
- name: nova-libvirt
|
||||
image: {{ .Values.image.libvirt }}
|
||||
imagePullPolicy: Always
|
||||
imagePullPolicy: {{ .Values.image.pull_policy }}
|
||||
securityContext:
|
||||
privileged: true
|
||||
command:
|
||||
|
@ -1,7 +1,7 @@
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: nova-api
|
||||
name: nova-api-metadata
|
||||
spec:
|
||||
replicas: {{ .Values.control_replicas }}
|
||||
revisionHistoryLimit: {{ .Values.upgrades.revision_history }}
|
||||
@ -15,7 +15,7 @@ spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: nova-api
|
||||
app: nova-api-metadata
|
||||
annotations:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
|
||||
@ -52,20 +52,22 @@ spec:
|
||||
nodeSelector:
|
||||
{{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }}
|
||||
containers:
|
||||
- name: nova-api
|
||||
- name: nova-api-metadata
|
||||
image: {{ .Values.image.api }}
|
||||
imagePullPolicy: {{ .Values.image.pull_policy }}
|
||||
# https://bugs.launchpad.net/kolla-mesos/+bug/1546007
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
command:
|
||||
- nova-api-metadata --config-file=/etc/nova/nova.conf
|
||||
- nova-api-metadata
|
||||
- --config-file=/etc/nova/nova.conf
|
||||
ports:
|
||||
- containerPort: {{ .Values.network.port.metadata }}
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: {{ .Values.network.port.osapi }}
|
||||
port: {{ .Values.network.port.metadata }}
|
||||
volumeMounts:
|
||||
- name: novaconf
|
||||
mountPath: /etc/nova/nova.conf
|
||||
|
@ -1,7 +1,7 @@
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: nova-osapi
|
||||
name: nova-api-osapi
|
||||
spec:
|
||||
replicas: {{ .Values.control_replicas }}
|
||||
revisionHistoryLimit: {{ .Values.upgrades.revision_history }}
|
||||
@ -52,11 +52,16 @@ spec:
|
||||
nodeSelector:
|
||||
{{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }}
|
||||
containers:
|
||||
- name: nova-osapi
|
||||
- name: nova-api-osapi
|
||||
image: {{ .Values.image.api }}
|
||||
imagePullPolicy: {{ .Values.image.pull_policy }}
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
command:
|
||||
- bash
|
||||
- /tmp/start-osapi.sh
|
||||
- nova-api
|
||||
- --config-file=/etc/nova/nova.conf
|
||||
ports:
|
||||
- containerPort: {{ .Values.network.port.osapi }}
|
||||
readinessProbe:
|
||||
@ -66,10 +71,6 @@ spec:
|
||||
- name: novaconf
|
||||
mountPath: /etc/nova/nova.conf
|
||||
subPath: nova.conf
|
||||
volumeMounts:
|
||||
- name: startsh
|
||||
mountPath: /tmp/start-osapi.sh
|
||||
subPath: start-osapi.sh
|
||||
volumes:
|
||||
- name: novaconf
|
||||
configMap:
|
||||
@ -77,9 +78,3 @@ spec:
|
||||
items:
|
||||
- key: nova.conf
|
||||
path: nova.conf
|
||||
- name: startsh
|
||||
configMap:
|
||||
name: nova-bin
|
||||
items:
|
||||
- key: start-osapi.sh
|
||||
path: start-osapi.sh
|
||||
|
@ -54,6 +54,7 @@ spec:
|
||||
containers:
|
||||
- name: nova-conductor
|
||||
image: {{ .Values.image.conductor }}
|
||||
imagePullPolicy: {{ .Values.image.pull_policy }}
|
||||
command:
|
||||
- nova-conductor
|
||||
- --config-file
|
||||
|
@ -54,6 +54,7 @@ spec:
|
||||
containers:
|
||||
- name: nova-consoleauth
|
||||
image: {{ .Values.image.consoleauth }}
|
||||
imagePullPolicy: {{ .Values.image.pull_policy }}
|
||||
command:
|
||||
- nova-consoleauth
|
||||
- --config-file
|
||||
|
@ -54,6 +54,7 @@ spec:
|
||||
containers:
|
||||
- name: nova-scheduler
|
||||
image: {{ .Values.image.scheduler }}
|
||||
imagePullPolicy: {{ .Values.image.pull_policy }}
|
||||
command:
|
||||
- nova-scheduler
|
||||
- --config-file
|
||||
|
@ -209,3 +209,11 @@ endpoints:
|
||||
port:
|
||||
admin: 35357
|
||||
public: 5000
|
||||
neutron:
|
||||
hosts:
|
||||
default: neutron-server
|
||||
path: null
|
||||
type: network
|
||||
scheme: 'http'
|
||||
port:
|
||||
api: 9696
|
||||
|
Loading…
Reference in New Issue
Block a user