summaryrefslogtreecommitdiffstats
path: root/kud/deployment_infra/playbooks/configure-ovn4nfv.yml
AgeCommit message (Collapse)AuthorFilesLines
2020-12-09Enable pod security policiesTodd Malsbary1-0/+4
The intention with this change is to disable CAP_NET_RAW (which can be a security vulnerability) for created Pods. kubespray provides the podsecuritypolicy_enabled variable for enabling privileged (for kube-system) and restricted (for everyone else) policies. Enabling this requires binding the KUD_ADDONs to the privileged policy and specifying the security context correctly for Pods running in the default namespace. As of this change, the only difference between the privileged and restricted security policies is the dropping of CAP_NET_RAW in the restricted policy. To use the default restricted policy provided with kubespray, additional changes must be made to the Pods that are run in the default namespace (such as runing as a non-root user, not requesting privileged mode, etc.). Issue-ID: MULTICLOUD-1256 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I7d6add122ad4046f9116ef03a249f5c9da1d7eec
2019-08-29Fix path to imagesRitu Sood1-1/+1
Relative playbook path breaks in aio configuration. Issue-ID: MULTICLOUD-684 Signed-off-by: Ritu Sood <ritu.sood@intel.com> Change-Id: Id064157d010438dea33500dd0dc200b1c1b0f0d1
2019-08-29Add support for Network OperatorRitu Sood1-89/+12
ovn4nfvk8s plugin now uses operator sdk and controller runtime. It now includes support for Network operator. This patch includes changes needed in KUD for that. Signed-off-by: Ritu Sood <ritu.sood@intel.com> Issue-ID: MULTICLOUD-684 Change-Id: I63dc971e257067c69c70a8996eaffd1a9d8a4c2c
2019-08-01Correct go version installed by k8s addonsKonrad Bańka1-3/+5
Andrewrothstein.go galaxy role, that was responsible for go installation was in too old tag to support demanded (1.12.4) go version. It also blocked ovn-kubernetes addon installation that's fixed now. Go version has been also upgraded to 1.12.5 Issue-ID: MULTICLOUD-644 Signed-off-by: Konrad Bańka <k.banka@samsung.com> Change-Id: I926bd061a361b2ae2efa2aecedf4fa6321f04cc8
2019-06-19Add ovn-networkobj for MultusRitu Sood1-0/+26
Add ovn custom resource for Multus as part of installation Signed-off-by: Ritu Sood <ritu.sood@intel.com> Change-Id: I4e01a06ba76515fa271790b461f473045eb174a2 Issue-ID: MULTICLOUD-670
2019-03-22Restructuring the repo.Akhila Kishore1-0/+98
The idea is to restructure the existing repo create a deployment independent of Vagrant or other hosting providers. Renamed KRD to KUbernetes Deploy(Kud) including the ansible scripts Added new path to functional tests. Moved samples pdfs to sites. Minor changes to Readme. Updated aio.sh, moved sample config Corrected other nits. Updated and verified test cases. Addressed comments and changes associated with it. Updated Readme and minor change in Vagrantfile. Validated test cases again. Moved aio.sh into vagrant folder. Added new README for each hosting provider and project on the whole. Updated the installer script with relative path. Updated the name to deployment_infra, moved the cFW sripcts to tests. Updated the gitignore file. Issue-ID: MULTICLOUD-301 Change-Id: Ie48c26b12ab58b604493fba58a9c5b9f8ba10942 Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>