Update Deckhand for latest HTK

This updates Deckhand to be compatible with the current
OpenStack-Helm Helm Toolkit.  This includes:
- Using HTK manifest templates
- Refactoring values.yaml structure
- Some other small cleanup

Change-Id: Ib7c2451b46fab20935edb1c768ac56cc6353aa16

charts/deckhand/templates/configmap-bin.yaml

@@ -1,3 +1,4 @@
+{{/*
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -9,6 +10,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
+
+{{- if .Values.manifests.configmap_bin }}
 
 apiVersion: v1
 kind: ConfigMap
@@ -27,3 +31,4 @@ data:
 {{ tuple "bin/_db-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   db-sync.sh: |+
 {{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- end }}

charts/deckhand/templates/configmap-etc.yaml

@@ -1,3 +1,4 @@
+{{/*
 # Copyright 2017 The Openstack-Helm Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,54 +12,56 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
+{{- if .Values.manifests.configmap_etc }}
 {{- $envAll := . }}
 
 {{- if empty .Values.conf.deckhand.keystone_authtoken.auth_uri -}}
-{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "auth_uri" | quote | trunc 0 -}}
+{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "auth_uri" -}}
 {{- end -}}
 
 # FIXME fix for broken keystonemiddleware oslo config gen in newton - will remove in future
 {{- if empty .Values.conf.deckhand.keystone_authtoken.auth_url -}}
-{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "auth_url" | quote | trunc 0 -}}
+{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "auth_url" -}}
 {{- end -}}
 
 # Add endpoint URI lookup for Deckhand Postgresql DB Connection
 {{- if empty .Values.conf.deckhand.database.connection -}}
-{{- tuple "postgresql" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.deckhand.database "connection" | quote | trunc 0 -}}
+{{- tuple "postgresql" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.deckhand.database "connection" -}}
 {{- end -}}
 
 # Add endpoint URI lookup for memcached servers Connection
 {{- if empty .Values.conf.deckhand.keystone_authtoken.memcached_servers -}}
-{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
+{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "memcached_servers" -}}
 {{- end -}}
 
 # Add endpoint URI lookup for barbican
 {{- if empty .Values.conf.deckhand.barbican.api_endpoint -}}
-{{- tuple "barbican" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.barbican "api_endpoint" | quote | trunc 0 -}}
+{{- tuple "key_manager" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.barbican "api_endpoint" -}}
 {{- end -}}
 
-{{- $userIdentity := .Values.endpoints.identity.auth.user -}}
+{{- $userIdentity := .Values.endpoints.identity.auth.deckhand -}}
 
 {{- if empty .Values.conf.deckhand.keystone_authtoken.project_name -}}
-{{- set .Values.conf.deckhand.keystone_authtoken "project_name" $userIdentity.project_name | quote | trunc 0 -}}
+{{- set .Values.conf.deckhand.keystone_authtoken "project_name" $userIdentity.project_name -}}
 {{- end -}}
 {{- if empty .Values.conf.deckhand.keystone_authtoken.project_domain_name -}}
-{{- set .Values.conf.deckhand.keystone_authtoken "project_domain_name" $userIdentity.project_domain_name | quote | trunc 0 -}}
+{{- set .Values.conf.deckhand.keystone_authtoken "project_domain_name" $userIdentity.project_domain_name -}}
 {{- end -}}
 {{- if empty .Values.conf.deckhand.keystone_authtoken.user_domain_name -}}
-{{- set .Values.conf.deckhand.keystone_authtoken "user_domain_name" $userIdentity.user_domain_name | quote | trunc 0 -}}
+{{- set .Values.conf.deckhand.keystone_authtoken "user_domain_name" $userIdentity.user_domain_name -}}
 {{- end -}}
 {{- if empty .Values.conf.deckhand.keystone_authtoken.username -}}
-{{- set .Values.conf.deckhand.keystone_authtoken "username" $userIdentity.username | quote | trunc 0 -}}
+{{- set .Values.conf.deckhand.keystone_authtoken "username" $userIdentity.username -}}
 {{- end -}}
 {{- if empty .Values.conf.deckhand.keystone_authtoken.password -}}
-{{- set .Values.conf.deckhand.keystone_authtoken "password" $userIdentity.password | quote | trunc 0 -}}
+{{- set .Values.conf.deckhand.keystone_authtoken "password" $userIdentity.password -}}
 {{- end -}}
 
 # Set a random string as secret key.
 {{- if empty .Values.conf.deckhand.keystone_authtoken.memcache_secret_key -}}
-{{- randAlphaNum 64 | set .Values.conf.deckhand.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
+{{- randAlphaNum 64 | set .Values.conf.deckhand.keystone_authtoken "memcache_secret_key" -}}
 {{- end -}}
 
 ---
@@ -75,3 +78,4 @@ data:
 {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }}
   policy.yaml: |+
 {{ toYaml .Values.conf.policy | indent 4 }}
+{{- end }}

charts/deckhand/templates/deployment.yaml

@@ -1,3 +1,4 @@
+{{/*
 # Copyright 2017 The Openstack-Helm Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,14 +12,14 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 {{- if .Values.manifests.deployment }}
 {{- $envAll := . }}
-{{- $dependencies := .Values.dependencies.deckhand }}
 {{- $mounts_deckhand := .Values.pod.mounts.deckhand.deckhand }}
 {{- $mounts_deckhand_init := .Values.pod.mounts.deckhand.init_container }}
 {{- $serviceAccountName := "deckhand" }}
-{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+{{ tuple $envAll "deckhand" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
@@ -37,11 +38,11 @@ spec:
     spec:
       serviceAccountName: {{ $serviceAccountName }}
       nodeSelector:
-        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
+        {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }}
       terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.deckhand.timeout | default "30" }}
       restartPolicy: Always
       initContainers:
-{{ tuple $envAll $dependencies $mounts_deckhand_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll "deckhand" $mounts_deckhand_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
       containers:
         - name: deckhand-api
           env:

charts/deckhand/templates/ingress-api.yaml

@@ -14,34 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 
-{{- if .Values.manifests.ingress_api }}
+{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }}
-{{- $envAll := . }}
+{{- $ingressOpts := dict "envAll" . "backendServiceType" "deckhand" "backendPort" "http" -}}
-{{- if .Values.network.ingress.public }}
+{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
-{{- $backendServiceType := "deckhand" }}
-{{- $backendPort := "http" }}
-{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
-{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
-{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
-{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
-{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
----
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: {{ $ingressName }}
-  annotations:
-    kubernetes.io/ingress.class: "nginx"
-    ingress.kubernetes.io/rewrite-target: /
-spec:
-  rules:
-{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }}
-  - host: {{ $vHost }}
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: {{ $backendName }}
-          servicePort: {{ $backendPort }}
-{{- end }}
-{{- end }}
 {{- end }}

charts/deckhand/templates/job-db-init.yaml

@@ -16,11 +16,10 @@ limitations under the License.
 
 {{- if .Values.manifests.job_db_init }}
 {{- $envAll := . }}
-{{- $dependencies := .Values.dependencies.db_init }}
 {{- $mounts_deckhand_db_init := .Values.pod.mounts.deckhand_db_init.deckhand_db_init }}
 {{- $mounts_deckhand_db_init_init := .Values.pod.mounts.deckhand_db_init.init_container }}
 {{- $serviceAccountName := "deckhand-db-init" }}
-{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+{{ tuple $envAll "db_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@@ -35,9 +34,9 @@ spec:
       serviceAccountName: {{ $serviceAccountName }}
       restartPolicy: OnFailure
       nodeSelector:
-        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
+        {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
       initContainers:
-{{ tuple $envAll $dependencies $mounts_deckhand_db_init_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll "db_init" $mounts_deckhand_db_init_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
       containers:
         - name: deckhand-db-init
           image: {{ .Values.images.tags.db_init | quote }}

charts/deckhand/templates/job-db-sync.yaml

@@ -16,11 +16,10 @@ limitations under the License.
 
 {{- if .Values.manifests.job_db_sync }}
 {{- $envAll := . }}
-{{- $dependencies := .Values.dependencies.db_sync }}
 {{- $mounts_deckhand_db_sync := .Values.pod.mounts.deckhand_db_sync.deckhand_db_sync }}
 {{- $mounts_deckhand_db_sync_init := .Values.pod.mounts.deckhand_db_sync.init_container }}
 {{- $serviceAccountName := "deckhand-db-sync" }}
-{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+{{ tuple $envAll "db_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@@ -35,9 +34,9 @@ spec:
       serviceAccountName: {{ $serviceAccountName }}
       restartPolicy: OnFailure
       nodeSelector:
-        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
+        {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
       initContainers:
-{{ tuple $envAll $dependencies $mounts_deckhand_db_sync_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll "db_sync" $mounts_deckhand_db_sync_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
       containers:
         - name: deckhand-db-sync
           image: {{ .Values.images.tags.db_sync | quote }}

charts/deckhand/templates/job-image-repo-sync.yaml

@@ -0,0 +1,20 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
+{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "deckhand" -}}
+{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
+{{- end }}

charts/deckhand/templates/job-ks-endpoints.yaml

@@ -1,68 +1,20 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
+{{/*
-# you may not use this file except in compliance with the License.
+Copyright 2017 The Openstack-Helm Authors.
-# You may obtain a copy of the License at
+
-#
+Licensed under the Apache License, Version 2.0 (the "License");
-#     http://www.apache.org/licenses/LICENSE-2.0
+you may not use this file except in compliance with the License.
-#
+You may obtain a copy of the License at
-# Unless required by applicable law or agreed to in writing, software
+
-# distributed under the License is distributed on an "AS IS" BASIS,
+   http://www.apache.org/licenses/LICENSE-2.0
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+
-# See the License for the specific language governing permissions and
+Unless required by applicable law or agreed to in writing, software
-# limitations under the License.
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
 
 {{- if .Values.manifests.job_ks_endpoints }}
-{{- $envAll := . }}
+{{- $ksServiceJob := dict "envAll" . "serviceName" "deckhand" "serviceTypes" ( tuple "deckhand" ) -}}
-{{- $dependencies := .Values.dependencies.ks_endpoints }}
+{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }}
-{{- $serviceAccountName := "deckhand-ks-endpoints" }}
-{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: deckhand-ks-endpoints
-spec:
-  template:
-    metadata:
-      labels:
-{{ tuple $envAll "deckhand" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
-    spec:
-      serviceAccountName: {{ $serviceAccountName }}
-      restartPolicy: OnFailure
-      nodeSelector:
-        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
-      initContainers:
-{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
-      containers:
-{{- range $key1, $osServiceType := tuple "deckhand" }}
-{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
-        - name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }}
-          image: {{ $envAll.Values.images.tags.ks_endpoints }}
-          imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
-{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-          command:
-            - /tmp/ks-endpoints.sh
-          volumeMounts:
-            - name: ks-endpoints-sh
-              mountPath: /tmp/ks-endpoints.sh
-              subPath: ks-endpoints.sh
-              readOnly: true
-          env:
-{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
-{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
 {{- end }}
-            - name: OS_SVC_ENDPOINT
-              value: {{ $osServiceEndPoint }}
-            - name: OS_SERVICE_NAME
-              value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
-            - name: OS_SERVICE_TYPE
-              value: {{ $osServiceType }}
-            - name: OS_SERVICE_ENDPOINT
-              value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
-{{- end }}
-{{- end }}
-      volumes:
-        - name: ks-endpoints-sh
-          configMap:
-            name: deckhand-bin
-            defaultMode: 0555
-{{- end -}}

charts/deckhand/templates/job-ks-service.yaml

@@ -1,64 +1,20 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
+{{/*
-# you may not use this file except in compliance with the License.
+Copyright 2017 The Openstack-Helm Authors.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
 
-{{- if .Values.manifests.job_ks_service -}}
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
 
-{{- $envAll := . }}
+   http://www.apache.org/licenses/LICENSE-2.0
-{{- $ksAdminSecret := .Values.secrets.identity.admin }}
+
-{{- $dependencies := .Values.dependencies.ks_service }}
+Unless required by applicable law or agreed to in writing, software
-{{- $serviceAccountName := "deckhand-ks-service" }}
+distributed under the License is distributed on an "AS IS" BASIS,
-{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
----
+See the License for the specific language governing permissions and
-apiVersion: batch/v1
+limitations under the License.
-kind: Job
+*/}}
-metadata:
+
-  name: deckhand-ks-service
+{{- if .Values.manifests.job_ks_service }}
-spec:
+{{- $ksServiceJob := dict "envAll" . "serviceName" "deckhand" "serviceTypes" ( tuple "deckhand" ) -}}
-  template:
+{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }}
-    metadata:
-      labels:
-{{ tuple $envAll "deckhand" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
-    spec:
-      serviceAccountName: {{ $serviceAccountName }}
-      restartPolicy: OnFailure
-      nodeSelector:
-        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
-      initContainers:
-{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
-      containers:
-{{- range $key1, $osServiceType := tuple "deckhand" }}
-        - name: {{ $osServiceType }}-ks-service-registration
-          image: {{ $envAll.Values.images.tags.ks_service }}
-          imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
-{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_service | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-          command:
-            - /tmp/ks-service.sh
-          volumeMounts:
-            - name: ks-service-sh
-              mountPath: /tmp/ks-service.sh
-              subPath: ks-service.sh
-              readOnly: true
-          env:
-{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
-{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
 {{- end }}
-            - name: OS_SERVICE_NAME
-              value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
-            - name: OS_SERVICE_TYPE
-              value: {{ $osServiceType }}
-{{- end }}
-      volumes:
-        - name: ks-service-sh
-          configMap:
-            name: deckhand-bin
-            defaultMode: 0555
-{{- end -}}

charts/deckhand/templates/job-ks-user.yaml

@@ -1,68 +1,20 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
+{{/*
-# you may not use this file except in compliance with the License.
+Copyright 2017 The Openstack-Helm Authors.
-# You may obtain a copy of the License at
+
-#
+Licensed under the Apache License, Version 2.0 (the "License");
-#     http://www.apache.org/licenses/LICENSE-2.0
+you may not use this file except in compliance with the License.
-#
+You may obtain a copy of the License at
-# Unless required by applicable law or agreed to in writing, software
+
-# distributed under the License is distributed on an "AS IS" BASIS,
+   http://www.apache.org/licenses/LICENSE-2.0
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+
-# See the License for the specific language governing permissions and
+Unless required by applicable law or agreed to in writing, software
-# limitations under the License.
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
 
 {{- if .Values.manifests.job_ks_user }}
-
+{{- $ksUserJob := dict "envAll" . "serviceName" "deckhand" -}}
-{{- $ksAdminSecret := .Values.secrets.identity.admin }}
+{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
-{{- $ksUserSecret := .Values.secrets.identity.user }}
-{{- $envAll := . }}
-{{- $dependencies := .Values.dependencies.ks_user }}
-{{- $serviceAccountName := "deckhand-ks-user" }}
-{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: deckhand-ks-user
-spec:
-  template:
-    metadata:
-      labels:
-{{ tuple $envAll "deckhand" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
-    spec:
-      serviceAccountName: {{ $serviceAccountName }}
-      restartPolicy: OnFailure
-      nodeSelector:
-        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
-      initContainers:
-{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
-      containers:
-        - name: deckhand-ks-user
-          image: {{ .Values.images.tags.ks_user }}
-          imagePullPolicy: {{ .Values.images.pull_policy }}
-{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-          command:
-            - /tmp/ks-user.sh
-          volumeMounts:
-            - name: ks-user-sh
-              mountPath: /tmp/ks-user.sh
-              subPath: ks-user.sh
-              readOnly: true
-          env:
-{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
-{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
 {{- end }}
-            - name: SERVICE_OS_SERVICE_NAME
-              value: {{ $envAll.Values.endpoints.deckhand.name | quote }}
-            - name: SERVICE_OS_DOMAIN_NAME
-              value: {{ $envAll.Values.endpoints.identity.auth.user.project_domain_name | quote }}
-{{- with $env := dict "ksUserSecret" $ksUserSecret }}
-{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
-{{- end }}
-            - name: SERVICE_OS_ROLE
-              value: {{ $envAll.Values.endpoints.identity.auth.user.role | quote }}
-      volumes:
-        - name: ks-user-sh
-          configMap:
-            name: deckhand-bin
-            defaultMode: 0555
-{{- end -}}

charts/deckhand/templates/secret-keystone-env.yaml

@@ -11,9 +11,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 */}}
+
 {{- if .Values.manifests.secret_keystone }}
 {{- $envAll := . }}
-{{- range $key1, $userClass := tuple "admin" "user" }}
+{{- range $key1, $userClass := tuple "admin" "deckhand" }}
 {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
 ---
 apiVersion: v1

charts/deckhand/templates/service-ingress.yaml

@@ -14,19 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 
-{{- if .Values.manifests.service_ingress }}
+{{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }}
-{{- $envAll := . }}
+{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "deckhand" -}}
-{{- if .Values.network.ingress.public }}
+{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ tuple "deckhand" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
-spec:
-  ports:
-  - name: http
-    port: 80
-  selector:
-    app: ingress-api
-{{- end }}
 {{- end }}

charts/deckhand/templates/service.yaml

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 
-{{- if .Values.manifests.service }}
+{{- if .Values.manifests.service_api }}
 {{- $envAll := . }}
 ---
 apiVersion: v1
@@ -23,21 +23,21 @@ metadata:
   name: {{ tuple "deckhand" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
 spec:
   ports:
-    {{ if .Values.network.enable_node_port }}
+    {{ if .Values.network.api.node_port.enabled }}
     - name: http
-      nodePort: {{ .Values.network.node_port }}
+      nodePort: {{ .Values.network.api.node_port }}
-      port: {{ .Values.network.port }}
+      port: {{ .Values.network.api.port }}
       protocol: TCP
-      targetPort: {{ .Values.network.port }}
+      targetPort: {{ .Values.network.api.port }}
     {{ else }}
     - name: http
-      port: {{ .Values.network.port }}
+      port: {{ tuple "deckhand" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
       protocol: TCP
-      targetPort: {{ .Values.network.port }}
+      targetPort: {{ .Values.network.api.port }}
     {{ end }}
   selector:
 {{ tuple $envAll "deckhand" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
-  {{ if .Values.network.enable_node_port }}
+  {{ if .Values.network.api.enable_node_port }}
   type: NodePort
   {{ end }}
 {{- end }}

charts/deckhand/values.yaml

@@ -15,8 +15,15 @@
 # This file provides defaults for deckhand
 
 labels:
-  node_selector_key: ucp-control-plane
+  api:
-  node_selector_value: enabled
+    node_selector_key: ucp-control-plane
+    node_selector_value: enabled
+  job:
+    node_selector_key: ucp-control-plane
+    node_selector_value: enabled
+  test:
+    node_selector_key: ucp-control-plane
+    node_selector_value: enabled
 
 images:
   tags:
@@ -24,65 +31,98 @@ images:
     dep_check: "quay.io/stackanetes/kubernetes-entrypoint:v0.3.1"
     db_init: docker.io/postgres:9.5
     db_sync: quay.io/attcomdev/deckhand:latest
+    image_repo_sync: docker.io/docker:17.07.0
     ks_endpoints: docker.io/openstackhelm/heat:newton
     ks_service: docker.io/openstackhelm/heat:newton
     ks_user: docker.io/openstackhelm/heat:newton
   pull_policy: "IfNotPresent"
+  local_registry:
+    active: false
+    exclude:
+      - dep_check
+      - image_repo_sync
 
 release_group: null
 
 network:
-  ingress:
+  api:
-    public: true
+    ingress:
-  port: 9000
+      public: true
-  node_port: 31902
+      classes:
-  enable_node_port: false
+        namespace: "nginx"
+        cluster: "nginx-cluster"
+      annotations:
+        nginx.ingress.kubernetes.io/rewrite-target: /
+    node_port:
+      enabled: false
+      port: 301902
 
 dependencies:
-  db_init:
+  dynamic:
-    services:
+    common:
-    - service: postgresql
+      local_image_registry:
-      endpoint: internal
+        jobs:
-  db_sync:
+          - glance-image-repo-sync
-    jobs:
+        services:
-    - deckhand-db-init
+          - endpoint: node
-    services:
+            service: local_image_registry
-    - service: postgresql
+  static:
-      endpoint: internal
+    db_init:
-  ks_user:
+      services:
-    services:
+      - service: postgresql
-    - service: identity
+        endpoint: internal
-      endpoint: internal
+    db_sync:
-  ks_service:
+      jobs:
-    services:
+      - deckhand-db-init
-    - service: identity
+      services:
-      endpoint: internal
+      - service: postgresql
-  ks_endpoints:
+        endpoint: internal
-    jobs:
+    ks_user:
-    - deckhand-ks-service
+      services:
-    services:
+      - service: identity
-    - service: identity
+        endpoint: internal
-      endpoint: internal
+    ks_service:
-  deckhand:
+      services:
-    jobs:
+      - service: identity
-    - deckhand-ks-endpoints
+        endpoint: internal
-    - deckhand-ks-user
+    ks_endpoints:
-    - deckhand-ks-endpoints
+      jobs:
-    services:
+      - deckhand-ks-service
-    - service: identity
+      services:
-      endpoint: internal
+      - service: identity
-    - service: key_manager
+        endpoint: internal
-      endpoint: internal
+    deckhand:
+      jobs:
+      - deckhand-ks-endpoints
+      - deckhand-ks-user
+      - deckhand-ks-endpoints
+      services:
+      - service: identity
+        endpoint: internal
+      - service: key_manager
+        endpoint: internal
 
 # typically overridden by environmental
 # values, but should include all endpoints
 # required by this chart
 endpoints:
   cluster_domain_suffix: cluster.local
+  local_image_registry:
+    name: docker-registry
+    namespace: docker-registry
+    hosts:
+      default: localhost
+      internal: docker-registry
+      node: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        node: 5000
   identity:
     name: keystone
     auth:
-      user:
+      deckhand:
         region_name: RegionOne
         role: admin
         project_name: service
@@ -172,7 +212,7 @@ endpoints:
 secrets:
   identity:
     admin: deckhand-keystone-admin
-    user: deckhand-keystone-user
+    deckhand: deckhand-keystone-user
   postgresql:
     admin: deckhand-db-admin
     user: deckhand-db-user
@@ -339,15 +379,15 @@ manifests:
   configmap_bin: true
   configmap_etc: true
   deployment: true
+  ingress_api: true
   job_db_init: true
   job_db_sync: true
+  job_image_repo_sync: true
   job_ks_endpoints: true
   job_ks_service: true
   job_ks_user: true
   secret_db: true
   secret_keystone: true
   service_api: true
-  ingress_api: true
+  service_ingress_api: true
-  service: true
-  service_ingress: true
   test_deckhand_api: true