summaryrefslogtreecommitdiffstats
path: root/kud
AgeCommit message (Collapse)AuthorFilesLines
2020-12-10Merge "Enable pod security policies"Eric Multanen6-4/+107
2020-12-09Enable pod security policiesTodd Malsbary6-4/+107
The intention with this change is to disable CAP_NET_RAW (which can be a security vulnerability) for created Pods. kubespray provides the podsecuritypolicy_enabled variable for enabling privileged (for kube-system) and restricted (for everyone else) policies. Enabling this requires binding the KUD_ADDONs to the privileged policy and specifying the security context correctly for Pods running in the default namespace. As of this change, the only difference between the privileged and restricted security policies is the dropping of CAP_NET_RAW in the restricted policy. To use the default restricted policy provided with kubespray, additional changes must be made to the Pods that are run in the default namespace (such as runing as a non-root user, not requesting privileged mode, etc.). Issue-ID: MULTICLOUD-1256 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I7d6add122ad4046f9116ef03a249f5c9da1d7eec
2020-12-07Fix QAT addon deploy and testTodd Malsbary5-103/+82
Note that as mentioned in install_qat.sh, the kernel command line must include "intel_iommu=on iommu=pt" for the deploy and test to succeed. The underlying issue is that the playbook was expecting to be run on the same host it executed on and was looking for files in the wrong places. Issue-ID: MULTICLOUD-1261 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I5f59b9147f34f077fcdc63d7fc5f80b56977054c
2020-11-19Fix CrashLoopBackoff in emco-fluentd PodTodd Malsbary1-0/+4
The emco-fluentd pod is stuck in CrashLoopBackOff due to a failure to resolve the "cluster.local" name. Explicitly set the fluentd.clusterDomain value to the actual cluster name during helm install. Issue-ID: MULTICLOUD-1244 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: Ia6424e7ce8d4544511ad88c478e65fa8c4df0c52
2020-11-19Merge "Build and deploy sriov module only on supported hosts."Ritu Sood7-89/+100
2020-11-19Merge "Update multus-daemonset.yml to that of multus-cni v3.6 release"Ritu Sood1-17/+45
2020-11-19Merge "Upgrade kubespray from 2.12.6 to 2.14.1"Ritu Sood12-59/+38
2020-11-19Merge "Use same host in both copy and run of deploy_optane.sh"Ritu Sood2-9/+9
2020-11-19Merge "Ignore 404 when deleting non-existent project in emco.sh"Ritu Sood1-1/+1
2020-11-19Merge "Properly escape query string to jq"Ritu Sood1-2/+2
2020-11-11Update multus-daemonset.yml to that of multus-cni v3.6 releaseTodd Malsbary1-17/+45
The only change to the upstream yml is the removal of the kube-multus-ds-ppc64le DaemonSet and the replacement of "default-cni-network" with "cni0". Note also that the v3.6 yml actually uses the v3.4.1 image tag. The yml now points to a v3.4.1 image with the addition of code to merge the results from all delegates to support Virtlet. Issue-ID: MULTICLOUD-1230 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I0e18644a567facfac1fd7dc1c053002b2d906288
2020-10-30Upgrade kubespray from 2.12.6 to 2.14.1Todd Malsbary12-59/+38
- Replace move of ansible.cfg from kubespray distribution to /etc/ansible with ANSIBLE_CONFIG environment variable. Ansible modifies ansible.cfg during installation, and the paths in it are relative. - kubespray 2.14.1 requires a kubernetes version > 1.16. Use the default versions of kubernetes and helm provided by kubespray 2.14.1. - kubespray 2.14.1 replaces helm 2 with helm 3. This removes support for helm init and helm serve. It is no longer necessary to call helm init, and the helm serve repository is replaced with file relative URLs. This also triggered a subsequent update of the kubernetes-helm ansible module to include the newer helm versions. - Add "storageType: hostPath" to etcd/values.yaml. Helm deploy of etcd will fail without this due to nil PersistentVolume.metadata.labels.type. - The mitogen module used by kubespray/ansible requires python2 on the hosts. Use the linear strategy to bypass mitogen and install python2 on the cluster hosts. Issue-ID: MULTICLOUD-1230 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I9f50bb4e123fdcacab6b6a97e79cd09fb5c96634
2020-10-30Use same host in both copy and run of deploy_optane.shTodd Malsbary2-9/+9
NOTE: This is not a complete fix, it is only a workaround so that installer.sh can succeed when Optane hardware is not present. Without this, "No such file or directory" is reported during the "Apply Optane PMEM CSI Daemonset" task of the configure-optane playbook. This error was observed with kubespray 2.14.1 and not with 2.12.6. Issue-ID: MULTICLOUD-1234 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I1e23741d704ab117a84b4ed11e2f7ac02f0f2ec2
2020-10-30Ignore 404 when deleting non-existent project in emco.shTodd Malsbary1-1/+1
The delete is run at the start of the test, it is expected that the resource does not exist. Issue-ID: MULTICLOUD-1243 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I1b060ec8f17fd4b9b76ed03d8dc3bd7c21756690
2020-10-30Properly escape query string to jqTodd Malsbary1-2/+2
Without this change, the '.request.release-name' query causes jq to get confused by the '-' and fail the test script: jq: error: name/0 is not defined at <top-level>, line 1: .request.release-name jq: 1 compile error Issue-ID: MULTICLOUD-1241 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I386cd46db8e44c92bc24d8eb8a9e3964d9b87d39
2020-10-30Move test inside if block to prevent premature exitTodd Malsbary1-3/+2
grep returns a non-zero error code if the pattern is not found. This would cause the topology-manager.sh test to exit prematurely instead of capturing and logging the error and returning zero as intended. Issue-ID: MULTICLOUD-1240 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I29c4d30630c0f803325c2ed024d4c0b9e8a0e911
2020-10-05Build and deploy sriov module only on supported hosts.Todd Malsbary7-89/+100
Building on the target host fixes a couple issues: - In the containerized installer, the container image does not include the necessary kernel headers to build the module. - The build and target host must have the same kernel version. There is no guarantee of this. The deploy uses NFD, similar to the QAT playbook. Issue-ID: MULTICLOUD-1228 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I58705b73b8ce6d381b4649d5a20b8644e51e1b13
2020-10-02Ovnaction and vfw updates for deploy api changeEric Multanen3-120/+122
Update the ovnaction controller APIs to support the api change of including the deployment intent group in the URL. Also fixup: - vfw and other test cases to support the change - updates to emcoctl tool and examples Issue-ID: MULTICLOUD-1218 Signed-off-by: Eric Multanen <eric.w.multanen@intel.com> Change-Id: Icadacb5ec6d7c238bb3bf8a44a39c30692ecebee
2020-10-02Modify GenericPlacement APIs to include DepIntGrpRajamohan Raj1-14/+12
Modify the genericPlacementIntent API such that deploymentIntentGroup becomes a mandatory parameter. Issue-ID: MULTICLOUD-1218 Signed-off-by: Rajamohan Raj <rajamohan.raj@intel.com> Change-Id: I33d2eeac5b60228e9c08921c9347b1b6aa3f8d28
2020-09-30Merge "Fix Status API to actually provide instance status"Eric Multanen1-0/+6
2020-09-30Fix Status API to actually provide instance statusKonrad Bańka1-0/+6
Provide information about instance resources and Pods inside status response. Issue-ID: MULTICLOUD-1177 Signed-off-by: Konrad Bańka <k.banka@samsung.com> Change-Id: Iee6fd56120d091dddfa6b6d0e4aa7eb36d40e888
2020-09-23Add plugin_fw.sh test for v2 and run as part of installer.Todd Malsbary2-0/+1106
To deploy to multiple clusters, set the KUD_PLUGIN_FW_CLUSTERS environment variable to the following format (an array of cluster data objects): [ { "metadata": { "name": "NAME", "description": "DESCRIPTION", "userData1": "USER_DATA_1", "userData2": "USER_DATA_2" }, "file": "KUBECONFIG_PATH" }, { ... } ] Issue-ID: MULTICLOUD-1217 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I4c80fbcef1162b441c4dfba4ce2bfd3ac419bc25
2020-09-23Merge "Add playbooks for v2 emco chart."Ritu Sood4-1/+112
2020-09-23Merge "Create helm chart for ICN/SDEWAN controllers"Ritu Sood12-0/+1755
2020-09-23Add playbooks for v2 emco chart.Todd Malsbary4-1/+112
Rename v2/onap4k8s to v2/emco, and rename sanity-check-for-v2.sh to emco.sh. This allows --plugins emco to be passed to installer.sh in place of --plugins onap4k8s. Issue-ID: MULTICLOUD-1181 Signed-off-by: Todd <todd.malsbary@intel.com> Change-Id: Idb427a8aa4c8aaff181965a540078c8cf6dd88aa
2020-09-23Enable installer.sh to use --plugins emco in place of onap4k8s.Todd1-20/+9
Issue-ID: MULTICLOUD-1181 Signed-off-by: Todd <todd.malsbary@intel.com> Change-Id: Ibfdf401d40398bf6b94543dedf4c860951d50de7
2020-09-23Create helm chart for ICN/SDEWAN controllersYao Le12-0/+1755
Create helm chart for sdewan-controller in KUD Issue-ID: MULTICLOUD-1104 Signed-off-by: Yao Le <le.yao@intel.com> Change-Id: Ic5d8daecdecba52c05d3ed38fa91ebd555ce5533
2020-09-11Merge "Use external service address and ports in sanity-check-for-v2.sh."Eric Multanen2-36/+77
2020-09-11Use external service address and ports in sanity-check-for-v2.sh.Todd Malsbary2-36/+77
This allows it to be used as an automated test. Issue-ID: MULTICLOUD-1181 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: Ib8636159291243bbb60f974984f296b67f6e397e
2020-09-08Provide capability to specify release-name during instantiationKonrad Bańka1-1/+4
Allow release-name property to be provided during instantiation that, if provided, overrides release-name specified in profile. Additionally updated Makefile to allow easy compilation with different go version easily. Issue-ID: MULTICLOUD-1175 Signed-off-by: Konrad Bańka <k.banka@samsung.com> Change-Id: Id8db484369045cfb0bc99543a80317644fc838f9
2020-09-02Merge "Replace invalid literal true with valid string "true" in yaml."Ritu Sood1-1/+1
2020-09-01fix the vfw demo versionKuralamudhan Ramakrishnan3-3/+3
Issue-ID: MULTICLOUD-1146 Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com> Change-Id: I221cfc74809c3179c6bc389b513f20128138d24f
2020-09-01Replace invalid literal true with valid string "true" in yaml.Todd Malsbary1-1/+1
Prior to this change qat_plugin_privileges.yaml fails to kubectl apply due to a validation error. Issue-ID: MULTICLOUD-1182 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: Ibe73c1b39d1164fe05ea5cdede74dc93f846c943
2020-08-27Remove the need for rysnc registration in orchestratorRajamohan Raj1-2008/+0
Removed dependency of rsync registration from orchestrator.RSYNC shall have a function NewRsyncInfo to initiate a new rsync independent of the orchestrator and make gRPC calls. Issue-ID: MULTICLOUD-1196 Signed-off-by: Rajamohan Raj <rajamohan.raj@intel.com> Change-Id: I16bbac6a6865cf3c4ee7b763dac72abe2ed1ad0a
2020-08-21Series of negative tests that validate EMCO open api'sAditya Sharoff14-0/+1560
All negative tests are in negative_tests directory Null is provided as an input to the POST, DELETE, and GET commands and the behavior is observed Issue-ID: MULTICLOUD-1142 Signed-off-by: Aditya Sharoff <aditya.sharoff@intel.com> Change-Id: I8ccf4b5615fc378698faf7f88971db1e250de9b6 Signed-off-by: Aditya Sharoff <aditya.sharoff@intel.com>
2020-08-21Expose override parameters usage in KUD API testsKonrad Bańka1-8/+15
Update plugin_fw.sh test script to also check for proper work of override parameters functionality of instance API. Also update instance API response to exclude duplicated override-parameters entry, that's anyway accessible under '.request.override-values' json path. Issue-ID: MULTICLOUD-1176 Signed-off-by: Konrad Bańka <k.banka@samsung.com> Change-Id: Ie1a336ceb7de1a656f77d4c43ee4775c60cb88fb
2020-08-21Updating m3db & m3db operator chartsRajamohan Raj58-1572/+1416
In this patch, updated all the charts related to m3db. Developed scripts for deployment m3db stack through orchestrator. Issue-ID: MULTICLOUD-1112 Signed-off-by: Rajamohan Raj <rajamohan.raj@intel.com> Change-Id: I42677809709fc4d12f16a156e563d6618a8f8437
2020-08-18Merge "Update environment varables to match latest"Eric Multanen1-9/+9
2020-08-17Update environment varables to match latestManjunath Ranganathaiah1-9/+9
Issue-ID: MULTICLOUD-1005 Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com> Change-Id: I2ebf81bf61d1eb6ea245ab421b426f4d44667f5b
2020-08-14Merge "Add appcontext state, status and resource status"Ritu Sood1-0/+15
2020-08-11Add appcontext state, status and resource statusEric Multanen1-0/+15
Add support in the AppContext for managing an AppContext (composite app level) status value. Also adds support for tracking rsync status at the resource level. A mechanism for tracking history at the controlling resource level (i.e. DeploymentGroupIntnt or Cluster) is added, in part, so that all AppContexts associated can be deleted when the resource is eventually deleted. Issue-ID: MULTICLOUD-1042 Change-Id: I3d0a9a97ea45ca11f9f873104476e4b67521e56a Signed-off-by: Eric Multanen <eric.w.multanen@intel.com>
2020-08-10Merge "Integrate Topology Manager"Huang Haibin4-2/+187
2020-08-10Integrate Topology Managerchenjie14-2/+187
Integrate topology manager by utilizing ansible scripts from openness. Issue-ID: MULTICLOUD-1102 Signed-off-by: ChenjieXu <chenjie.xu@intel.com> Change-Id: Ibaaf77e44c97edffe1ae03bf77c2422c89783e75
2020-08-07Enable the prometheus crd creation flagsRajamohan Raj1-2/+2
Issue-ID: MULTICLOUD-1174 Signed-off-by: Rajamohan Raj <rajamohan.raj@intel.com> Change-Id: I21186c464a2e41d9ec44e4002295c94de060e8c6
2020-08-03Add StateInfo structure synced resourcesEric Multanen5-3/+5
Add a StateInfo structure to the Cluster and Deployment-Intent-Group resources to keep track of the lifecycle state of these resources. Moved the appcontext id that was being kept into this structure as well. Enabled the approve state (and API) for the deployment intent group. Issue-ID: MULTICLOUD-1042 Signed-off-by: Eric Multanen <eric.w.multanen@intel.com> Change-Id: I36602d8a0658d9d6d37b8799f9a372a7d1042496
2020-08-03Sanity test script for new releases.Rajamohan Raj2-4/+512
Developed a script which can be used to test a new release and confirm that the minimum components like clm, instantiation by orchestrator and rsync are working fine after the code change. Issue-ID: MULTICLOUD-1174 Signed-off-by: Rajamohan Raj <rajamohan.raj@intel.com> Change-Id: I7d519fa88b71fb34d13b7d61f3f8b36edc9fa5f3
2020-07-17Merge "Move status tracking CR to rsync"Ritu Sood1-1/+2
2020-07-17Merge "Update host_providers/vagrant/setup.sh for virtualbox"Ritu Sood1-1/+1
2020-07-17Merge "Update vagrant readme to include info about sample yml files"Ritu Sood1-0/+8
2020-07-17Update vagrant readme to include info about sample yml filesLarry Sachs1-0/+8
Updates the kud/hosting_providers/vagrant/README.md to include info about the ./config/samples/pdf.yml.* sample files. Issue-ID: MULTICLOUD-1129 Change-Id: I5ab02948932d8a9e9e5a8cfc65350726183cd78d Signed-off-by: Larry Sachs <larry.j.sachs@intel.com>