l is to let user customize the base image of the component
by passing FROM=myimage during the build process. This would let any
project leveraging Airship ensure that the base image is matching the
security requirements for that project and still use the same Dockerfile.
This will also ease the control of the /etc/apt/source.list
and thereby the result of apt-get update/upgrade procedure.
2. The above goal is achievable by using docker-ce feature such as:
ARG FROM="defaultbaseimage:xx"
FROM ${FROM}
For this reason, the installation of docker.io in the Zuul gating is beeing
replaced by docker-ce.
3. Third Goal is to bring consistency with the other compoenents leveraging
Helm such as the openstack-helm and potentially use bindep the same way
the LOCI images are to ensure
4. The new syntax in the Dockerfile is still commented out until the associated
image builder have been updated to use docker-ce as they have been for the LOCI
images.
Change-Id: Ie5ae836221dc3cb9bdafc6e5e6670f914d3d1bb4
This patch set removes substitution_sources kwarg from the
Deckhand layering call as it is deprecated [0] because
all concrete documents will simply be used by default as the
substitution source documents.
[0] 1583b78902/deckhand/engine/layering.py (L480)
Change-Id: I934c8d5e7f2fa2a84dcdba592bd515f889337f79
This avoids a race condition that can occur while joining nodes when
another node is down.
The service is really a discovery service that is primarily used by the
haproxy chart to find apiserver endpoints, so it's reasonable for it to
include all endpoints (HAProxy will monitor health on its own).
Change-Id: I09dd66883af4ff91f9d13432137094fdf876ca83
This allows the helm test to run for calico-etcd during bootstrapping.
This is necesssary, because Armada now runs helm test by default.
Change-Id: I903b2074e45247ab8bb776e601823c4ccce265e3
The image used to test kubectl logs in the validation scripts was hard
coded and is now configurable.
This also makes the power-up-node.sh gate script more robust by making
it wait for the node to be ready.
Change-Id: I531ca8477ac3575dd4249ab5e991881af290fa52
- Updated apiserver-anchor with a liveness probe.
- Changed apiserver liveness probe to query kubectl.
This allows the pod to restart if it looses access to etcd.
Change-Id: I0ef9cbc941a0533268e4f499a1333e88be3e43a3
In the resiliency gate:
* Enable the --endpoint-reconciler-type=least option for the apiserver.
* Extract etcd validation into its own stages.
* Test joining a node while one control plane node is down.
Change-Id: Id89b0816e91ab6427c5e2f4833ad4ec4e1e3d133
Depends-On: I2150d40e917567a4072a1565c1b96089f3d6fd2b
The previous command created a file in /health, which caused the check
to fail after the first run.
Change-Id: I2150d40e917567a4072a1565c1b96089f3d6fd2b
This adds direct name resolution as part of these checks. We have
experienced an issue with older versions of the proxy plugin that
resulted in coredns pods unable to resolve upstream names, but passing
health checks.
Change-Id: I9241b78490b4ae1640fb028c8c32bb179bf4e8ec
This patchset renames the tox.ini jobs:
* coverage => cover
* lint => pep8
* unit => py35
to comply with OpenStack standards [0].
[0] e.g. 04469a5181/tox.ini (L119)
Change-Id: I1a542c5e36f29d3788df8a5ebdce3cbe49ab4046
