Browse Source

Update Deckhand for latest HTK

This updates Deckhand to be compatible with the current
OpenStack-Helm Helm Toolkit.  This includes:
- Using HTK manifest templates
- Refactoring values.yaml structure
- Some other small cleanup

Change-Id: Ib7c2451b46fab20935edb1c768ac56cc6353aa16
changes/17/584517/6
Matt McEuen 11 months ago
parent
commit
07186243de

+ 5
- 0
charts/deckhand/templates/configmap-bin.yaml View File

@@ -1,3 +1,4 @@
1
+{{/*
1 2
 # Licensed under the Apache License, Version 2.0 (the "License");
2 3
 # you may not use this file except in compliance with the License.
3 4
 # You may obtain a copy of the License at
@@ -9,6 +10,9 @@
9 10
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10 11
 # See the License for the specific language governing permissions and
11 12
 # limitations under the License.
13
+*/}}
14
+
15
+{{- if .Values.manifests.configmap_bin }}
12 16
 
13 17
 apiVersion: v1
14 18
 kind: ConfigMap
@@ -27,3 +31,4 @@ data:
27 31
 {{ tuple "bin/_db-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
28 32
   db-sync.sh: |+
29 33
 {{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
34
+{{- end }}

+ 16
- 12
charts/deckhand/templates/configmap-etc.yaml View File

@@ -1,3 +1,4 @@
1
+{{/*
1 2
 # Copyright 2017 The Openstack-Helm Authors.
2 3
 #
3 4
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,54 +12,56 @@
11 12
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 13
 # See the License for the specific language governing permissions and
13 14
 # limitations under the License.
15
+*/}}
14 16
 
17
+{{- if .Values.manifests.configmap_etc }}
15 18
 {{- $envAll := . }}
16 19
 
17 20
 {{- if empty .Values.conf.deckhand.keystone_authtoken.auth_uri -}}
18
-{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "auth_uri" | quote | trunc 0 -}}
21
+{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "auth_uri" -}}
19 22
 {{- end -}}
20 23
 
21 24
 # FIXME fix for broken keystonemiddleware oslo config gen in newton - will remove in future
22 25
 {{- if empty .Values.conf.deckhand.keystone_authtoken.auth_url -}}
23
-{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "auth_url" | quote | trunc 0 -}}
26
+{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "auth_url" -}}
24 27
 {{- end -}}
25 28
 
26 29
 # Add endpoint URI lookup for Deckhand Postgresql DB Connection
27 30
 {{- if empty .Values.conf.deckhand.database.connection -}}
28
-{{- tuple "postgresql" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.deckhand.database "connection" | quote | trunc 0 -}}
31
+{{- tuple "postgresql" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.deckhand.database "connection" -}}
29 32
 {{- end -}}
30 33
 
31 34
 # Add endpoint URI lookup for memcached servers Connection
32 35
 {{- if empty .Values.conf.deckhand.keystone_authtoken.memcached_servers -}}
33
-{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
36
+{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "memcached_servers" -}}
34 37
 {{- end -}}
35 38
 
36 39
 # Add endpoint URI lookup for barbican
37 40
 {{- if empty .Values.conf.deckhand.barbican.api_endpoint -}}
38
-{{- tuple "barbican" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.barbican "api_endpoint" | quote | trunc 0 -}}
41
+{{- tuple "key_manager" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.barbican "api_endpoint" -}}
39 42
 {{- end -}}
40 43
 
41
-{{- $userIdentity := .Values.endpoints.identity.auth.user -}}
44
+{{- $userIdentity := .Values.endpoints.identity.auth.deckhand -}}
42 45
 
43 46
 {{- if empty .Values.conf.deckhand.keystone_authtoken.project_name -}}
44
-{{- set .Values.conf.deckhand.keystone_authtoken "project_name" $userIdentity.project_name | quote | trunc 0 -}}
47
+{{- set .Values.conf.deckhand.keystone_authtoken "project_name" $userIdentity.project_name -}}
45 48
 {{- end -}}
46 49
 {{- if empty .Values.conf.deckhand.keystone_authtoken.project_domain_name -}}
47
-{{- set .Values.conf.deckhand.keystone_authtoken "project_domain_name" $userIdentity.project_domain_name | quote | trunc 0 -}}
50
+{{- set .Values.conf.deckhand.keystone_authtoken "project_domain_name" $userIdentity.project_domain_name -}}
48 51
 {{- end -}}
49 52
 {{- if empty .Values.conf.deckhand.keystone_authtoken.user_domain_name -}}
50
-{{- set .Values.conf.deckhand.keystone_authtoken "user_domain_name" $userIdentity.user_domain_name | quote | trunc 0 -}}
53
+{{- set .Values.conf.deckhand.keystone_authtoken "user_domain_name" $userIdentity.user_domain_name -}}
51 54
 {{- end -}}
52 55
 {{- if empty .Values.conf.deckhand.keystone_authtoken.username -}}
53
-{{- set .Values.conf.deckhand.keystone_authtoken "username" $userIdentity.username | quote | trunc 0 -}}
56
+{{- set .Values.conf.deckhand.keystone_authtoken "username" $userIdentity.username -}}
54 57
 {{- end -}}
55 58
 {{- if empty .Values.conf.deckhand.keystone_authtoken.password -}}
56
-{{- set .Values.conf.deckhand.keystone_authtoken "password" $userIdentity.password | quote | trunc 0 -}}
59
+{{- set .Values.conf.deckhand.keystone_authtoken "password" $userIdentity.password -}}
57 60
 {{- end -}}
58 61
 
59 62
 # Set a random string as secret key.
60 63
 {{- if empty .Values.conf.deckhand.keystone_authtoken.memcache_secret_key -}}
61
-{{- randAlphaNum 64 | set .Values.conf.deckhand.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
64
+{{- randAlphaNum 64 | set .Values.conf.deckhand.keystone_authtoken "memcache_secret_key" -}}
62 65
 {{- end -}}
63 66
 
64 67
 ---
@@ -75,3 +78,4 @@ data:
75 78
 {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }}
76 79
   policy.yaml: |+
77 80
 {{ toYaml .Values.conf.policy | indent 4 }}
81
+{{- end }}

+ 5
- 4
charts/deckhand/templates/deployment.yaml View File

@@ -1,3 +1,4 @@
1
+{{/*
1 2
 # Copyright 2017 The Openstack-Helm Authors.
2 3
 #
3 4
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,14 +12,14 @@
11 12
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 13
 # See the License for the specific language governing permissions and
13 14
 # limitations under the License.
15
+*/}}
14 16
 
15 17
 {{- if .Values.manifests.deployment }}
16 18
 {{- $envAll := . }}
17
-{{- $dependencies := .Values.dependencies.deckhand }}
18 19
 {{- $mounts_deckhand := .Values.pod.mounts.deckhand.deckhand }}
19 20
 {{- $mounts_deckhand_init := .Values.pod.mounts.deckhand.init_container }}
20 21
 {{- $serviceAccountName := "deckhand" }}
21
-{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
22
+{{ tuple $envAll "deckhand" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
22 23
 ---
23 24
 apiVersion: apps/v1beta1
24 25
 kind: Deployment
@@ -37,11 +38,11 @@ spec:
37 38
     spec:
38 39
       serviceAccountName: {{ $serviceAccountName }}
39 40
       nodeSelector:
40
-        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
41
+        {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }}
41 42
       terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.deckhand.timeout | default "30" }}
42 43
       restartPolicy: Always
43 44
       initContainers:
44
-{{ tuple $envAll $dependencies $mounts_deckhand_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
45
+{{ tuple $envAll "deckhand" $mounts_deckhand_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
45 46
       containers:
46 47
         - name: deckhand-api
47 48
           env:

+ 3
- 30
charts/deckhand/templates/ingress-api.yaml View File

@@ -14,34 +14,7 @@ See the License for the specific language governing permissions and
14 14
 limitations under the License.
15 15
 */}}
16 16
 
17
-{{- if .Values.manifests.ingress_api }}
18
-{{- $envAll := . }}
19
-{{- if .Values.network.ingress.public }}
20
-{{- $backendServiceType := "deckhand" }}
21
-{{- $backendPort := "http" }}
22
-{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
23
-{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
24
-{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
25
-{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
26
-{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
27
----
28
-apiVersion: extensions/v1beta1
29
-kind: Ingress
30
-metadata:
31
-  name: {{ $ingressName }}
32
-  annotations:
33
-    kubernetes.io/ingress.class: "nginx"
34
-    ingress.kubernetes.io/rewrite-target: /
35
-spec:
36
-  rules:
37
-{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }}
38
-  - host: {{ $vHost }}
39
-    http:
40
-      paths:
41
-      - path: /
42
-        backend:
43
-          serviceName: {{ $backendName }}
44
-          servicePort: {{ $backendPort }}
45
-{{- end }}
46
-{{- end }}
17
+{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }}
18
+{{- $ingressOpts := dict "envAll" . "backendServiceType" "deckhand" "backendPort" "http" -}}
19
+{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
47 20
 {{- end }}

+ 3
- 4
charts/deckhand/templates/job-db-init.yaml View File

@@ -16,11 +16,10 @@ limitations under the License.
16 16
 
17 17
 {{- if .Values.manifests.job_db_init }}
18 18
 {{- $envAll := . }}
19
-{{- $dependencies := .Values.dependencies.db_init }}
20 19
 {{- $mounts_deckhand_db_init := .Values.pod.mounts.deckhand_db_init.deckhand_db_init }}
21 20
 {{- $mounts_deckhand_db_init_init := .Values.pod.mounts.deckhand_db_init.init_container }}
22 21
 {{- $serviceAccountName := "deckhand-db-init" }}
23
-{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
22
+{{ tuple $envAll "db_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
24 23
 ---
25 24
 apiVersion: batch/v1
26 25
 kind: Job
@@ -35,9 +34,9 @@ spec:
35 34
       serviceAccountName: {{ $serviceAccountName }}
36 35
       restartPolicy: OnFailure
37 36
       nodeSelector:
38
-        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
37
+        {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
39 38
       initContainers:
40
-{{ tuple $envAll $dependencies $mounts_deckhand_db_init_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
39
+{{ tuple $envAll "db_init" $mounts_deckhand_db_init_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
41 40
       containers:
42 41
         - name: deckhand-db-init
43 42
           image: {{ .Values.images.tags.db_init | quote }}

+ 3
- 4
charts/deckhand/templates/job-db-sync.yaml View File

@@ -16,11 +16,10 @@ limitations under the License.
16 16
 
17 17
 {{- if .Values.manifests.job_db_sync }}
18 18
 {{- $envAll := . }}
19
-{{- $dependencies := .Values.dependencies.db_sync }}
20 19
 {{- $mounts_deckhand_db_sync := .Values.pod.mounts.deckhand_db_sync.deckhand_db_sync }}
21 20
 {{- $mounts_deckhand_db_sync_init := .Values.pod.mounts.deckhand_db_sync.init_container }}
22 21
 {{- $serviceAccountName := "deckhand-db-sync" }}
23
-{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
22
+{{ tuple $envAll "db_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
24 23
 ---
25 24
 apiVersion: batch/v1
26 25
 kind: Job
@@ -35,9 +34,9 @@ spec:
35 34
       serviceAccountName: {{ $serviceAccountName }}
36 35
       restartPolicy: OnFailure
37 36
       nodeSelector:
38
-        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
37
+        {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
39 38
       initContainers:
40
-{{ tuple $envAll $dependencies $mounts_deckhand_db_sync_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
39
+{{ tuple $envAll "db_sync" $mounts_deckhand_db_sync_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
41 40
       containers:
42 41
         - name: deckhand-db-sync
43 42
           image: {{ .Values.images.tags.db_sync | quote }}

+ 20
- 0
charts/deckhand/templates/job-image-repo-sync.yaml View File

@@ -0,0 +1,20 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
18
+{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "deckhand" -}}
19
+{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
20
+{{- end }}

+ 17
- 65
charts/deckhand/templates/job-ks-endpoints.yaml View File

@@ -1,68 +1,20 @@
1
-# Licensed under the Apache License, Version 2.0 (the "License");
2
-# you may not use this file except in compliance with the License.
3
-# You may obtain a copy of the License at
4
-#
5
-#     http://www.apache.org/licenses/LICENSE-2.0
6
-#
7
-# Unless required by applicable law or agreed to in writing, software
8
-# distributed under the License is distributed on an "AS IS" BASIS,
9
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10
-# See the License for the specific language governing permissions and
11
-# limitations under the License.
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
12 16
 
13 17
 {{- if .Values.manifests.job_ks_endpoints }}
14
-{{- $envAll := . }}
15
-{{- $dependencies := .Values.dependencies.ks_endpoints }}
16
-{{- $serviceAccountName := "deckhand-ks-endpoints" }}
17
-{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
18
----
19
-apiVersion: batch/v1
20
-kind: Job
21
-metadata:
22
-  name: deckhand-ks-endpoints
23
-spec:
24
-  template:
25
-    metadata:
26
-      labels:
27
-{{ tuple $envAll "deckhand" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
28
-    spec:
29
-      serviceAccountName: {{ $serviceAccountName }}
30
-      restartPolicy: OnFailure
31
-      nodeSelector:
32
-        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
33
-      initContainers:
34
-{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
35
-      containers:
36
-{{- range $key1, $osServiceType := tuple "deckhand" }}
37
-{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
38
-        - name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }}
39
-          image: {{ $envAll.Values.images.tags.ks_endpoints }}
40
-          imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
41
-{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
42
-          command:
43
-            - /tmp/ks-endpoints.sh
44
-          volumeMounts:
45
-            - name: ks-endpoints-sh
46
-              mountPath: /tmp/ks-endpoints.sh
47
-              subPath: ks-endpoints.sh
48
-              readOnly: true
49
-          env:
50
-{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
51
-{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
52
-{{- end }}
53
-            - name: OS_SVC_ENDPOINT
54
-              value: {{ $osServiceEndPoint }}
55
-            - name: OS_SERVICE_NAME
56
-              value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
57
-            - name: OS_SERVICE_TYPE
58
-              value: {{ $osServiceType }}
59
-            - name: OS_SERVICE_ENDPOINT
60
-              value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
61
-{{- end }}
18
+{{- $ksServiceJob := dict "envAll" . "serviceName" "deckhand" "serviceTypes" ( tuple "deckhand" ) -}}
19
+{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }}
62 20
 {{- end }}
63
-      volumes:
64
-        - name: ks-endpoints-sh
65
-          configMap:
66
-            name: deckhand-bin
67
-            defaultMode: 0555
68
-{{- end -}}

+ 17
- 61
charts/deckhand/templates/job-ks-service.yaml View File

@@ -1,64 +1,20 @@
1
-# Licensed under the Apache License, Version 2.0 (the "License");
2
-# you may not use this file except in compliance with the License.
3
-# You may obtain a copy of the License at
4
-#
5
-#     http://www.apache.org/licenses/LICENSE-2.0
6
-#
7
-# Unless required by applicable law or agreed to in writing, software
8
-# distributed under the License is distributed on an "AS IS" BASIS,
9
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10
-# See the License for the specific language governing permissions and
11
-# limitations under the License.
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
12 3
 
13
-{{- if .Values.manifests.job_ks_service -}}
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
14 7
 
15
-{{- $envAll := . }}
16
-{{- $ksAdminSecret := .Values.secrets.identity.admin }}
17
-{{- $dependencies := .Values.dependencies.ks_service }}
18
-{{- $serviceAccountName := "deckhand-ks-service" }}
19
-{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
20
----
21
-apiVersion: batch/v1
22
-kind: Job
23
-metadata:
24
-  name: deckhand-ks-service
25
-spec:
26
-  template:
27
-    metadata:
28
-      labels:
29
-{{ tuple $envAll "deckhand" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
30
-    spec:
31
-      serviceAccountName: {{ $serviceAccountName }}
32
-      restartPolicy: OnFailure
33
-      nodeSelector:
34
-        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
35
-      initContainers:
36
-{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
37
-      containers:
38
-{{- range $key1, $osServiceType := tuple "deckhand" }}
39
-        - name: {{ $osServiceType }}-ks-service-registration
40
-          image: {{ $envAll.Values.images.tags.ks_service }}
41
-          imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
42
-{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_service | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
43
-          command:
44
-            - /tmp/ks-service.sh
45
-          volumeMounts:
46
-            - name: ks-service-sh
47
-              mountPath: /tmp/ks-service.sh
48
-              subPath: ks-service.sh
49
-              readOnly: true
50
-          env:
51
-{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
52
-{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
53
-{{- end }}
54
-            - name: OS_SERVICE_NAME
55
-              value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
56
-            - name: OS_SERVICE_TYPE
57
-              value: {{ $osServiceType }}
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if .Values.manifests.job_ks_service }}
18
+{{- $ksServiceJob := dict "envAll" . "serviceName" "deckhand" "serviceTypes" ( tuple "deckhand" ) -}}
19
+{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }}
58 20
 {{- end }}
59
-      volumes:
60
-        - name: ks-service-sh
61
-          configMap:
62
-            name: deckhand-bin
63
-            defaultMode: 0555
64
-{{- end -}}

+ 17
- 65
charts/deckhand/templates/job-ks-user.yaml View File

@@ -1,68 +1,20 @@
1
-# Licensed under the Apache License, Version 2.0 (the "License");
2
-# you may not use this file except in compliance with the License.
3
-# You may obtain a copy of the License at
4
-#
5
-#     http://www.apache.org/licenses/LICENSE-2.0
6
-#
7
-# Unless required by applicable law or agreed to in writing, software
8
-# distributed under the License is distributed on an "AS IS" BASIS,
9
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10
-# See the License for the specific language governing permissions and
11
-# limitations under the License.
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
12 3
 
13
-{{- if .Values.manifests.job_ks_user }}
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
14 7
 
15
-{{- $ksAdminSecret := .Values.secrets.identity.admin }}
16
-{{- $ksUserSecret := .Values.secrets.identity.user }}
17
-{{- $envAll := . }}
18
-{{- $dependencies := .Values.dependencies.ks_user }}
19
-{{- $serviceAccountName := "deckhand-ks-user" }}
20
-{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
21
----
22
-apiVersion: batch/v1
23
-kind: Job
24
-metadata:
25
-  name: deckhand-ks-user
26
-spec:
27
-  template:
28
-    metadata:
29
-      labels:
30
-{{ tuple $envAll "deckhand" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
31
-    spec:
32
-      serviceAccountName: {{ $serviceAccountName }}
33
-      restartPolicy: OnFailure
34
-      nodeSelector:
35
-        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
36
-      initContainers:
37
-{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
38
-      containers:
39
-        - name: deckhand-ks-user
40
-          image: {{ .Values.images.tags.ks_user }}
41
-          imagePullPolicy: {{ .Values.images.pull_policy }}
42
-{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
43
-          command:
44
-            - /tmp/ks-user.sh
45
-          volumeMounts:
46
-            - name: ks-user-sh
47
-              mountPath: /tmp/ks-user.sh
48
-              subPath: ks-user.sh
49
-              readOnly: true
50
-          env:
51
-{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
52
-{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
53
-{{- end }}
54
-            - name: SERVICE_OS_SERVICE_NAME
55
-              value: {{ $envAll.Values.endpoints.deckhand.name | quote }}
56
-            - name: SERVICE_OS_DOMAIN_NAME
57
-              value: {{ $envAll.Values.endpoints.identity.auth.user.project_domain_name | quote }}
58
-{{- with $env := dict "ksUserSecret" $ksUserSecret }}
59
-{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if .Values.manifests.job_ks_user }}
18
+{{- $ksUserJob := dict "envAll" . "serviceName" "deckhand" -}}
19
+{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
60 20
 {{- end }}
61
-            - name: SERVICE_OS_ROLE
62
-              value: {{ $envAll.Values.endpoints.identity.auth.user.role | quote }}
63
-      volumes:
64
-        - name: ks-user-sh
65
-          configMap:
66
-            name: deckhand-bin
67
-            defaultMode: 0555
68
-{{- end -}}

+ 2
- 1
charts/deckhand/templates/secret-keystone-env.yaml View File

@@ -11,9 +11,10 @@
11 11
 # See the License for the specific language governing permissions and
12 12
 # limitations under the License.
13 13
 */}}
14
+
14 15
 {{- if .Values.manifests.secret_keystone }}
15 16
 {{- $envAll := . }}
16
-{{- range $key1, $userClass := tuple "admin" "user" }}
17
+{{- range $key1, $userClass := tuple "admin" "deckhand" }}
17 18
 {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
18 19
 ---
19 20
 apiVersion: v1

+ 3
- 15
charts/deckhand/templates/service-ingress.yaml View File

@@ -14,19 +14,7 @@ See the License for the specific language governing permissions and
14 14
 limitations under the License.
15 15
 */}}
16 16
 
17
-{{- if .Values.manifests.service_ingress }}
18
-{{- $envAll := . }}
19
-{{- if .Values.network.ingress.public }}
20
----
21
-apiVersion: v1
22
-kind: Service
23
-metadata:
24
-  name: {{ tuple "deckhand" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
25
-spec:
26
-  ports:
27
-  - name: http
28
-    port: 80
29
-  selector:
30
-    app: ingress-api
31
-{{- end }}
17
+{{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }}
18
+{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "deckhand" -}}
19
+{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
32 20
 {{- end }}

+ 8
- 8
charts/deckhand/templates/service.yaml View File

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
14 14
 limitations under the License.
15 15
 */}}
16 16
 
17
-{{- if .Values.manifests.service }}
17
+{{- if .Values.manifests.service_api }}
18 18
 {{- $envAll := . }}
19 19
 ---
20 20
 apiVersion: v1
@@ -23,21 +23,21 @@ metadata:
23 23
   name: {{ tuple "deckhand" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
24 24
 spec:
25 25
   ports:
26
-    {{ if .Values.network.enable_node_port }}
26
+    {{ if .Values.network.api.node_port.enabled }}
27 27
     - name: http
28
-      nodePort: {{ .Values.network.node_port }}
29
-      port: {{ .Values.network.port }}
28
+      nodePort: {{ .Values.network.api.node_port }}
29
+      port: {{ .Values.network.api.port }}
30 30
       protocol: TCP
31
-      targetPort: {{ .Values.network.port }}
31
+      targetPort: {{ .Values.network.api.port }}
32 32
     {{ else }}
33 33
     - name: http
34
-      port: {{ .Values.network.port }}
34
+      port: {{ tuple "deckhand" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
35 35
       protocol: TCP
36
-      targetPort: {{ .Values.network.port }}
36
+      targetPort: {{ .Values.network.api.port }}
37 37
     {{ end }}
38 38
   selector:
39 39
 {{ tuple $envAll "deckhand" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
40
-  {{ if .Values.network.enable_node_port }}
40
+  {{ if .Values.network.api.enable_node_port }}
41 41
   type: NodePort
42 42
   {{ end }}
43 43
 {{- end }}

+ 86
- 46
charts/deckhand/values.yaml View File

@@ -15,8 +15,15 @@
15 15
 # This file provides defaults for deckhand
16 16
 
17 17
 labels:
18
-  node_selector_key: ucp-control-plane
19
-  node_selector_value: enabled
18
+  api:
19
+    node_selector_key: ucp-control-plane
20
+    node_selector_value: enabled
21
+  job:
22
+    node_selector_key: ucp-control-plane
23
+    node_selector_value: enabled
24
+  test:
25
+    node_selector_key: ucp-control-plane
26
+    node_selector_value: enabled
20 27
 
21 28
 images:
22 29
   tags:
@@ -24,65 +31,98 @@ images:
24 31
     dep_check: "quay.io/stackanetes/kubernetes-entrypoint:v0.3.1"
25 32
     db_init: docker.io/postgres:9.5
26 33
     db_sync: quay.io/attcomdev/deckhand:latest
34
+    image_repo_sync: docker.io/docker:17.07.0
27 35
     ks_endpoints: docker.io/openstackhelm/heat:newton
28 36
     ks_service: docker.io/openstackhelm/heat:newton
29 37
     ks_user: docker.io/openstackhelm/heat:newton
30 38
   pull_policy: "IfNotPresent"
39
+  local_registry:
40
+    active: false
41
+    exclude:
42
+      - dep_check
43
+      - image_repo_sync
31 44
 
32 45
 release_group: null
33 46
 
34 47
 network:
35
-  ingress:
36
-    public: true
37
-  port: 9000
38
-  node_port: 31902
39
-  enable_node_port: false
48
+  api:
49
+    ingress:
50
+      public: true
51
+      classes:
52
+        namespace: "nginx"
53
+        cluster: "nginx-cluster"
54
+      annotations:
55
+        nginx.ingress.kubernetes.io/rewrite-target: /
56
+    node_port:
57
+      enabled: false
58
+      port: 301902
40 59
 
41 60
 dependencies:
42
-  db_init:
43
-    services:
44
-    - service: postgresql
45
-      endpoint: internal
46
-  db_sync:
47
-    jobs:
48
-    - deckhand-db-init
49
-    services:
50
-    - service: postgresql
51
-      endpoint: internal
52
-  ks_user:
53
-    services:
54
-    - service: identity
55
-      endpoint: internal
56
-  ks_service:
57
-    services:
58
-    - service: identity
59
-      endpoint: internal
60
-  ks_endpoints:
61
-    jobs:
62
-    - deckhand-ks-service
63
-    services:
64
-    - service: identity
65
-      endpoint: internal
66
-  deckhand:
67
-    jobs:
68
-    - deckhand-ks-endpoints
69
-    - deckhand-ks-user
70
-    - deckhand-ks-endpoints
71
-    services:
72
-    - service: identity
73
-      endpoint: internal
74
-    - service: key_manager
75
-      endpoint: internal
61
+  dynamic:
62
+    common:
63
+      local_image_registry:
64
+        jobs:
65
+          - glance-image-repo-sync
66
+        services:
67
+          - endpoint: node
68
+            service: local_image_registry
69
+  static:
70
+    db_init:
71
+      services:
72
+      - service: postgresql
73
+        endpoint: internal
74
+    db_sync:
75
+      jobs:
76
+      - deckhand-db-init
77
+      services:
78
+      - service: postgresql
79
+        endpoint: internal
80
+    ks_user:
81
+      services:
82
+      - service: identity
83
+        endpoint: internal
84
+    ks_service:
85
+      services:
86
+      - service: identity
87
+        endpoint: internal
88
+    ks_endpoints:
89
+      jobs:
90
+      - deckhand-ks-service
91
+      services:
92
+      - service: identity
93
+        endpoint: internal
94
+    deckhand:
95
+      jobs:
96
+      - deckhand-ks-endpoints
97
+      - deckhand-ks-user
98
+      - deckhand-ks-endpoints
99
+      services:
100
+      - service: identity
101
+        endpoint: internal
102
+      - service: key_manager
103
+        endpoint: internal
76 104
 
77 105
 # typically overridden by environmental
78 106
 # values, but should include all endpoints
79 107
 # required by this chart
80 108
 endpoints:
81 109
   cluster_domain_suffix: cluster.local
110
+  local_image_registry:
111
+    name: docker-registry
112
+    namespace: docker-registry
113
+    hosts:
114
+      default: localhost
115
+      internal: docker-registry
116
+      node: localhost
117
+    host_fqdn_override:
118
+      default: null
119
+    port:
120
+      registry:
121
+        node: 5000
82 122
   identity:
83 123
     name: keystone
84 124
     auth:
85
-      user:
125
+      deckhand:
86 126
         region_name: RegionOne
87 127
         role: admin
88 128
         project_name: service
@@ -172,7 +212,7 @@ endpoints:
172 212
 secrets:
173 213
   identity:
174 214
     admin: deckhand-keystone-admin
175
-    user: deckhand-keystone-user
215
+    deckhand: deckhand-keystone-user
176 216
   postgresql:
177 217
     admin: deckhand-db-admin
178 218
     user: deckhand-db-user
@@ -339,15 +379,15 @@ manifests:
339 379
   configmap_bin: true
340 380
   configmap_etc: true
341 381
   deployment: true
382
+  ingress_api: true
342 383
   job_db_init: true
343 384
   job_db_sync: true
385
+  job_image_repo_sync: true
344 386
   job_ks_endpoints: true
345 387
   job_ks_service: true
346 388
   job_ks_user: true
347 389
   secret_db: true
348 390
   secret_keystone: true
349 391
   service_api: true
350
-  ingress_api: true
351
-  service: true
352
-  service_ingress: true
392
+  service_ingress_api: true
353 393
   test_deckhand_api: true

Loading…
Cancel
Save