NOTICE: This project has moved under Openstack as Openstack-Helm.
att-comdev / openstack-helm Goto Github PK
View Code? Open in Web Editor NEWPROJECT HAS MOVED TO OPENSTACK
Home Page: https://github.com/openstack/openstack-helm
PROJECT HAS MOVED TO OPENSTACK
Home Page: https://github.com/openstack/openstack-helm
NOTICE: This project has moved under Openstack as Openstack-Helm.
@larryrensing working this issue.
We should set sane values for rolling dates in each chart (where relevant), ensuring that values such as maxSurge, and others are controllable by the operator.
http://kubernetes.io/docs/admin/disruptions/
This ensures that operators can safely drain nodes without having to understand all the complexity underneath.
Services that would require this and likely require "minAvailable:" would be:
Create a container that can then be used in a Kubernetes/Jenkins workflow. The goal should be:
In the common chart we have a function called: joinListWithColon
This should be joinListWithComma
Many mount points including /
are read-only on RPM-OSTREE Linux distros like Atomic, as a result, the default development values do not work: as there is no /data
directory.
We should either update the documentation to tell users how to change this value, or update it to one that is acceptable for both minikube and Atomic Linux e.g: /var/lib/localkube
.
@DTadrzak @PiotrProkop we started to document things a little better for outside collaborators (others have expressed interest too). there's now a project under this repo that will help keep things sane.
@Ciello89 is working this issue.
This would be very helpful when k8s would move init containers out of annotations.
we need to do a db 'restart/db sync' in order to update maas tables when going from one version to another. it would be nice to automate this process going forward.
In order to get rid of Daemonsets We should use a Deployments which use NodeAffinity/PodAffinity/PodAnti-Affinity.
Thanks to this approach we would be able to use only two kinds of labels (openstack-control-plane, openstack-compute-node), we don't need to take care about ovs label. It makes cluster administrating easier.
What's more It's first step to support drain command(#36) in OpenStack-helm solution.
Regarding to dynamic changes in cluster configuration. We can set replicas: 1000
so that Operators don't need to take care about increasing the amount every time, when a new server is discovered. What's more if we add PodAnti-Affinity to deployment annotations we are sure that only 1 instance per node is deployed.
i would like to look at policies that could restrict access from all services having direct access to the API (wherever possible/within reason). perhaps a PoC with something like https://github.com/aporeto-inc/trireme could be used, or possibly calico/romana?
@alanmeadows working this issue.
Once the initial 0.1.0 release is cut I think it would be good idea to formally define a structure for use within values.yaml
, this will make the orchestration of multiple services much easier to manage and provide a source of truth for both new contributors and services to use as a reference source.
In particular, I think this should cover (as a starting point):
Commit 6f124d5 added NodeSelectors to several jobs across several components, using the value ".Vales.labels.node_selector_key". However, some components (neutron, nova) have more granular node selection, e.g. ".Values.labels.server.node_selector_key", and this is causing make to fail with errors like the following for me:
==> Linting neutron
[ERROR] templates/job-db-sync.yaml: unable to parse YAML
error converting YAML to JSON: yaml: line 9: did not find expected key
[ERROR] templates/job-init.yaml: unable to parse YAML
error converting YAML to JSON: yaml: line 9: did not find expected key
[ERROR] templates/job-post.yaml: unable to parse YAML
error converting YAML to JSON: yaml: line 9: did not find expected key
We need to define contribution guidelines, create issue templates and automatically label based on key words, etc.
Foundational Elements for Openstack (charts):
Primary Openstack Services (charts):
CI Workflow(s):
In this release, we are able to demonstrate the following:
We want to document the use of Registries, components, trends, Jenkins pipelines, etc for general user consumption. A good example of this is Openstack Ansible project.
each of the openstack-helm charts need to have configurable resource quotas: i.e. chart/templates//deployment.yaml
& chart/values.yaml
for more information: http://kubernetes.io/docs/admin/resourcequota/
this would remove the need to clone and install things locally.
See https://github.com/aweber/rabbitmq-autocluster
We should investigate leveraging the DNS backend, since this should be supported natively with a kubernetes service, as opposed to using etcd.
For a working example, see https://github.com/openstack/fuel-ccp-rabbitmq - however this example uses etcd and would prefer to validate the DNS approach works.
The goal here is to allow you to run:
"./tool.py master.yaml"
Where master.yaml contains:
ceph:
...
keystone:
...
This will generate:
/tmp/xk92012/ceph.yaml
/tmp/xk92012/keystone.yaml
/tmp/xk92012/horizon.yaml
You can then install charts:
helm install --values=/tmp/xk92012/horizon.yaml ./horizon-0.1.0.tgz
This is a requirement because a raw native master.yaml does not support an upper level namespace of "chartname", requiring it to be all in the same namespace if used across various charts.
This tool will be required until Helm issue #1520 is resolved or they introduce plugins that support this. Either will work.
The stackanetes-entrypoint image consistently leveraged runs into issues with DAEMONSET dependencies, and has trouble with config file dependencies. These should be documented in this issue subsequently but I do not have readily available access to tracebacks at the moment.
We either need to:
Investigate whether since its creation there is a now "standard" init container for dependency checking that is being widely used
If we continue to use it, ensure we are including it in our CI/CD pipelines we will develop and be creating issues to have the issues we encountered resolved in the upstream repository: https://github.com/stackanetes/kubernetes-entrypoint
Today, in some charts, jobs may land on tenant compute infrastructure or other unintended kubernetes infrastructure. Node placement needs to be consistent for all resources including jobs.
An example job lacking nodeSelector labels below:
https://github.com/att-comdev/openstack-helm/blob/master/neutron/templates/job-db-sync.yaml
@alanmeadows is working to standardize on StatefulSets, and MariaDB is impacted with this work.
i would like to see these charts end up in kubernetes/helm upstream. in order to make this happen they need to incubate, and i would like to get eyes on them. we should talk about the low hanging fruit, and critical items (Ceph, MaaS), and work towards getting them incubated for easier consumption.
@alanmeadows we should determine a good development path for 2017. minikube supports all of the versions that we need now, however the issue will be with persistent volumes.
$ minikube get-k8s-versions
The following Kubernetes versions are available:
- v1.5.1
- v1.4.5
- v1.4.3
. . .
. . .
. . .
Some interesting considerations:
I think it would be helpful for us to unblock development with an upstream, development-friendly too, and ditch Halcyon Vagrant option for development at some point, because it's just going to get hard to maintain, and will be resource intensive for developers. If our manifests are created in a way where a single daemonset is enough for consensus, than this may be a better path forward (long term). If we need changes, we can always just throw them at minikube directly.
we need some basic linting and CI gating for our repository. this will make the community more confident in the changes they are submitting, and help assist reviewers before merging code into our repository as well.
Template names are global, even when used in sub-charts. As a result, it is very easy for collision to occur, with non-deterministic outcomes - which could (and has in my development work) result in effects ranging from failed services to potential security risks.
Due to this, I propose that template names, and macros, should always be scoped to the name of the chart they come from, this would require refactoring, but will I feel make the future development of charts much simpler, and more manageable.
As a result things like:
{{- define "env_ks_user_create_openrc_tpl" }}
should be written as:
{{- define "common.env_ks_user_create_openrc_tpl" }}
PoC to demonstration draining a Kubernetes node, upgrade foundational elements (i.e. Docker, host kernel, etc), and bring back into the cluster. This is to identify a useful, and documented path for users as part of our PoC. This ends up going into Documentation after exploration.
@andrecolin working this issue.
We may be able to handle secretes like this in the near future: https://github.com/andrewstuart/helm/blob/5d58b7792c4b0b56ec8eee49cfcc79980e9b0ed3/docs/chart_template_guide/accessing_files.md#secrets
The ceph monitors require reliable IP addressing, they should be converted to a statefulset.
Convert the template layout to match the new keystone template layout, which is more readable and supports testing of injected scripts as they are not wrapped in nested YAML.
@alanmeadows i'm a bit torn on this idea, because it will require some work, but I think during the 0.2.0 release we should rename the bootstrap
chart to something that is a bit more clearer for new users (even thought it's lightly documented). so we can either make the documentation more clear, rename, or both. thoughts?
We need to ensure that every chart consistently leverages the init-container approach.
An example of where we are doing it correctly:
https://github.com/att-comdev/openstack-helm/blob/master/keystone/templates/deployment.yaml#L11-L40
An example of something that needs conversion:
@andrecolin is looking into this PoC requirement.
Create a neutron helm chart, leveraging the standard reference deployment (non-contrail).
Create the helm chart for the koala-build container.
Convert the template layout to match the new keystone template layout, which is more readable and supports testing of injected scripts as they are not wrapped in nested YAML.
test
Hi,
I can't edit the /etc/resolv.conf file within the container following the instructions:
[root@kub1 ~]# kubectl exec kube-controller-manager-kub1.localdomain -it -n kube-system -- /bin/bash
exec: "/bin/bash": stat /bin/bash: no such file or directory
error: error stream protocol error: invalid exit code value "-1"
however
[root@kub1 ~]# kubectl exec kube-controller-manager-kub1.localdomain -it -n kube-system -- echo $0
-bash
Any idea?
thank you
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.