airship/promenade
Code Issues Proposed changes

ETCD aux pod define resources

Browse Source 
Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
Change-Id: Ib2e666572fbe76bfa1ff542dd76e3c1d833e9268
This commit is contained in:
Ruslan Aliev 2024-05-20 10:55:45 -05:00
parent 12f448963f
commit 4b349d9471
8 changed files with 40 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl
View File

@ -74,8 +74,8 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: status.podIP fieldPath: status.podIP
- name: ETCD_LOG_PACKAGE_LEVELS - name: ETCD_LOG_LEVEL
value: {{ default "" .Values.etcd.logging.log_level | include "helm-toolkit.utils.joinListWithComma" }} value: {{ default "" .Values.etcd.logging.log_level }}
- name: ETCD_CLIENT_CERT_AUTH - name: ETCD_CLIENT_CERT_AUTH
value: "true" value: "true"
- name: ETCD_PEER_CLIENT_CERT_AUTH - name: ETCD_PEER_CLIENT_CERT_AUTH

6
charts/etcd/values.yaml
View File

@ -54,11 +54,7 @@ etcd:
cleanup_data: true cleanup_data: true
etcdctl_api: "3" etcdctl_api: "3"
logging: logging:
# Set individual etcd subpackages to specific log levels. log_level: debug
# An example being etcdserver=WARNING,security=DEBUG
log_level:
- etcdserver=DEBUG
- security=DEBUG
backup: backup:
enabled: true enabled: true
host_backup_path: /var/backups host_backup_path: /var/backups

2
promenade/schemas/Genesis.yaml
View File

@ -121,6 +121,8 @@ data:
type: string type: string
gomaxprocs: gomaxprocs:
type: integer type: integer
resources:
type: object
additionalProperties: false additionalProperties: false
files: files:

4
promenade/templates/include/genesis-etcd/server-container.yaml
View File

@ -1,5 +1,9 @@
- name: etcd-{{ etcd_name }} - name: etcd-{{ etcd_name }}
image: {{ config['Genesis:images.kubernetes.etcd'] }} image: {{ config['Genesis:images.kubernetes.etcd'] }}
{%- if config['Genesis:etcd.resources'] is defined %}
resources:
{{ config.get_path('Genesis:etcd.resources', {}) | toyaml | trim | indent(8, true) }}
{%- endif %}
env: env:
- name: ETCD_NAME - name: ETCD_NAME
value: {{ etcd_name }} value: {{ etcd_name }}

10
promenade/templates/roles/genesis/etc/kubernetes/manifests/auxiliary-kubernetes-etcd.yaml
View File

@ -34,6 +34,14 @@ spec:
| wc -l | wc -l
} }
anchor_number_ready () {
NUM=$(kubectl -n kube-system get daemonset kubernetes-etcd-anchor --ignore-not-found -o jsonpath="{.status.numberReady}" || true)
if [ -z "$NUM" ]; then
NUM=0
fi
return $NUM
}
remove_if_possible () { remove_if_possible () {
MEMBER_NAME="$1" MEMBER_NAME="$1"
MEMBER_ID=$(etcdctl member list | grep "${MEMBER_NAME}" | awk -F ', ' '{ print $1 }') MEMBER_ID=$(etcdctl member list | grep "${MEMBER_NAME}" | awk -F ', ' '{ print $1 }')
@ -50,7 +58,7 @@ spec:
OLD_LEADER="$1" OLD_LEADER="$1"
OLD_LEADER_EP=$(etcdctl member list | grep "$OLD_LEADER" | awk -F ', ' '{print $5}') OLD_LEADER_EP=$(etcdctl member list | grep "$OLD_LEADER" | awk -F ', ' '{print $5}')
NEW_LEADER=$(etcdctl member list | grep '\bstarted\b' | grep -Ev "\\b(auxiliary-0|auxiliary-1)\\b" | head -1 | awk -F ', ' '{print $1}') NEW_LEADER=$(etcdctl member list | grep '\bstarted\b' | grep -Ev "\\b(auxiliary-0|auxiliary-1)\\b" | head -1 | awk -F ', ' '{print $1}')
if [ -n "$NEW_LEADER" ]; then if [ -n "$NEW_LEADER" ] && [ -n "$OLD_LEADER_EP" ]; then
if ! ETCDCTL_ENDPOINTS="$OLD_LEADER_EP" etcdctl move-leader "$NEW_LEADER"; then if ! ETCDCTL_ENDPOINTS="$OLD_LEADER_EP" etcdctl move-leader "$NEW_LEADER"; then
echo "Attempted abdication, but failed." echo "Attempted abdication, but failed."
return return

20
tools/deployment/apparmor/001-setup-apparmor-profiles.sh Executable file
View File

@ -0,0 +1,20 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
# Ensure that apparmor is installed and enabled
sudo -H -E apt-get install -y apparmor
sudo systemctl enable apparmor && sudo systemctl start apparmor
sudo systemctl status apparmor.service

2
tools/zuul/playbooks/deploy-promenade-containerd.yaml
View File

@ -52,7 +52,7 @@
set -xe; set -xe;
./tools/deployment/apparmor/001-setup-apparmor-profiles.sh ./tools/deployment/apparmor/001-setup-apparmor-profiles.sh
args: args:
chdir: "{{ zuul.projects['opendev.org/openstack/openstack-helm-infra'].src_dir }}" chdir: "{{ zuul.project.src_dir }}"
executable: /bin/bash executable: /bin/bash
- name: List interfaces - name: List interfaces

2
tools/zuul/playbooks/deploy-promenade.yaml
View File

@ -39,7 +39,7 @@
set -xe; set -xe;
./tools/deployment/apparmor/001-setup-apparmor-profiles.sh ./tools/deployment/apparmor/001-setup-apparmor-profiles.sh
args: args:
chdir: "{{ zuul.projects['opendev.org/openstack/openstack-helm-infra'].src_dir }}" chdir: "{{ zuul.project.src_dir }}"
executable: /bin/bash executable: /bin/bash
- name: Generate configuration files - name: Generate configuration files