Browse Source

MAAS support for pod mobility

Upgrades to the MAAS chart to allow for the Pods
running the rack and region services to work across
all control plane hosts.

Change-Id: I84c856599a1122a2b4a64242a7cea357887b0462
Scott Hussey 7 months ago
parent
commit
74af40376b

+ 30
- 0
charts/maas/templates/bin/_maas-ingress-errors.sh.tpl View File

@@ -0,0 +1,30 @@
1
+#!/bin/sh
2
+
3
+{{/*
4
+Copyright 2018 The Openstack-Helm Authors.
5
+
6
+Licensed under the Apache License, Version 2.0 (the "License");
7
+you may not use this file except in compliance with the License.
8
+You may obtain a copy of the License at
9
+
10
+    http://www.apache.org/licenses/LICENSE-2.0
11
+
12
+Unless required by applicable law or agreed to in writing, software
13
+distributed under the License is distributed on an "AS IS" BASIS,
14
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+See the License for the specific language governing permissions and
16
+limitations under the License.*/}}
17
+
18
+set -ex
19
+COMMAND="${@:-start}"
20
+
21
+if [ "x${COMMAND}" == "xstart" ]; then
22
+  if [[ -z "${BIND_PORT}" ]]
23
+  then
24
+    exec /server
25
+  else
26
+    exec /server -port ${BIND_PORT}
27
+  fi
28
+elif [ "x${COMMAND}" == "xstop" ]; then
29
+  kill -TERM 1
30
+fi

+ 41
- 0
charts/maas/templates/bin/_maas-ingress.sh.tpl View File

@@ -0,0 +1,41 @@
1
+#!/bin/bash
2
+
3
+{{/*
4
+ Copyright 2018 The Openstack-Helm Authors.
5
+
6
+ Licensed under the Apache License, Version 2.0 (the "License");
7
+ you may not use this file except in compliance with the License.
8
+ You may obtain a copy of the License at
9
+
10
+     http://www.apache.org/licenses/LICENSE-2.0
11
+
12
+ Unless required by applicable law or agreed to in writing, software
13
+ distributed under the License is distributed on an "AS IS" BASIS,
14
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ See the License for the specific language governing permissions and
16
+ limitations under the License.*/}}
17
+
18
+set -ex
19
+
20
+COMMAND="${1:-start}"
21
+
22
+function start () {
23
+  exec /usr/bin/dumb-init \
24
+      /nginx-ingress-controller \
25
+      --http-port="${HTTP_PORT}" \
26
+      --watch-namespace="${POD_NAMESPACE}" \
27
+      --https-port="${HTTPS_PORT}" \
28
+      --status-port="${STATUS_PORT}" \
29
+      --healthz-port="${HEALTHZ_PORT}" \
30
+      --election-id=${RELEASE_NAME} \
31
+      --ingress-class=maas-ingress \
32
+      --default-backend-service=${POD_NAMESPACE}/${ERROR_PAGE_SERVICE} \
33
+      --configmap=${POD_NAMESPACE}/maas-ingress-config \
34
+      --tcp-services-configmap=${POD_NAMESPACE}/maas-ingress-services-tcp
35
+}
36
+
37
+function stop () {
38
+  kill -TERM 1
39
+}
40
+
41
+$COMMAND

+ 60
- 0
charts/maas/templates/bin/_maas-vip-configure.sh.tpl View File

@@ -0,0 +1,60 @@
1
+#!/bin/bash
2
+
3
+{{/*
4
+Copyright 2018 The Openstack-Helm Authors.
5
+Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6
+
7
+Licensed under the Apache License, Version 2.0 (the "License");
8
+you may not use this file except in compliance with the License.
9
+You may obtain a copy of the License at
10
+
11
+    http://www.apache.org/licenses/LICENSE-2.0
12
+
13
+Unless required by applicable law or agreed to in writing, software
14
+distributed under the License is distributed on an "AS IS" BASIS,
15
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16
+See the License for the specific language governing permissions and
17
+limitations under the License.*/}}
18
+
19
+set -ex
20
+
21
+COMMAND="${@:-start}"
22
+
23
+function kernel_modules () {
24
+  chroot /mnt/host-rootfs modprobe dummy
25
+}
26
+
27
+function test_vip () {
28
+  ip addr show ${interface} | \
29
+    awk "/inet / && /${interface}/{print \$2 }" | \
30
+    awk -F '/' '{ print $1 }' | \
31
+    grep -q "${addr%/*}"
32
+}
33
+
34
+function start () {
35
+  kernel_modules
36
+  ip link show ${interface} > /dev/null || ip link add ${interface} type dummy
37
+  if ! test_vip; then
38
+   ip addr add ${addr} dev ${interface}
39
+  fi
40
+  ip link set ${interface} up
41
+}
42
+
43
+function sleep () {
44
+  exec /usr/bin/dumb-init bash -c "while :; do sleep 2073600; done"
45
+}
46
+
47
+function stop () {
48
+  ip link show ${interface} > /dev/null || exit 0
49
+  if test_vip; then
50
+   ip addr del ${addr} dev ${interface}
51
+  fi
52
+  if [ "$(ip address show ${interface} | \
53
+          awk "/inet / && /${interface}/{print \$2 }" | \
54
+          wc -l)" -le "0" ]; then
55
+    ip link set ${interface} down
56
+    ip link del ${interface}
57
+  fi
58
+}
59
+
60
+$COMMAND

+ 6
- 0
charts/maas/templates/configmap-bin.yaml View File

@@ -41,3 +41,9 @@ data:
41 41
 {{ tuple "bin/_maas-test.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
42 42
   ntpd.sh: |
43 43
 {{ tuple "bin/_ntpd.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
44
+  maas-ingress: |
45
+{{ tuple "bin/_maas-ingress.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
46
+  maas-ingress-errors: |
47
+{{ tuple "bin/_maas-ingress-errors.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
48
+  maas-vip-configure: |
49
+{{ tuple "bin/_maas-vip-configure.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}

+ 38
- 0
charts/maas/templates/configmap-ingress.yaml View File

@@ -0,0 +1,38 @@
1
+{{/*
2
+Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if .Values.manifests.configmap_ingress }}
18
+{{ $bind_address_cidr := .Values.network.maas_ingress.addr | splitList "/" }}
19
+---
20
+apiVersion: v1
21
+kind: ConfigMap
22
+metadata:
23
+  name: maas-ingress-services-tcp
24
+data:
25
+  {{ tuple "maas_region" "public" "region_api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}: "{{- .Release.Namespace -}}/{{- tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" -}}:region-api"
26
+  {{ tuple "maas_region" "public" "region_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}: "{{- .Release.Namespace -}}/{{- tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" -}}:region-proxy"
27
+...
28
+---
29
+apiVersion: v1
30
+kind: ConfigMap
31
+metadata:
32
+  name: maas-ingress-config
33
+data:
34
+  enable-underscores-in-headers: "true"
35
+  bind-address: {{ index $bind_address_cidr 0 | quote }}
36
+  diable-ipv6: "true"
37
+...
38
+{{- end }}

+ 63
- 0
charts/maas/templates/deployment-ingress-errors.yaml View File

@@ -0,0 +1,63 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
4
+
5
+Licensed under the Apache License, Version 2.0 (the "License");
6
+you may not use this file except in compliance with the License.
7
+You may obtain a copy of the License at
8
+
9
+   http://www.apache.org/licenses/LICENSE-2.0
10
+
11
+Unless required by applicable law or agreed to in writing, software
12
+distributed under the License is distributed on an "AS IS" BASIS,
13
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+See the License for the specific language governing permissions and
15
+limitations under the License.
16
+*/}}
17
+
18
+{{- if .Values.manifests.rack_deployment }}
19
+{{- $envAll := . }}
20
+{{- $serviceAccountName := "maas-ingress-errors" }}
21
+{{- $mounts_maas_rack := .Values.pod.mounts.maas_rack }}
22
+{{- $mounts_maas_rack_init := .Values.pod.mounts.maas_rack.init_container }}
23
+
24
+{{ tuple $envAll "rack_controller" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
25
+---
26
+apiVersion: apps/v1beta1
27
+kind: Deployment
28
+metadata:
29
+  name: maas-ingress-errors
30
+spec:
31
+  serviceName: maas-rack
32
+  replicas: {{ .Values.pod.replicas.ingress_errors }}
33
+  template:
34
+    metadata:
35
+      labels:
36
+{{ tuple $envAll "maas" "ingress-errors" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
37
+    spec:
38
+      serviceAccountName: {{ $serviceAccountName }}
39
+      nodeSelector:
40
+        {{ .Values.labels.rack.node_selector_key }}: {{ .Values.labels.rack.node_selector_value }}
41
+      dnsPolicy: ClusterFirst
42
+      containers:
43
+        - name: maas-ingress-errors
44
+          image: {{ .Values.images.tags.error_pages }}
45
+          imagePullPolicy: {{ .Values.images.pull_policy }}
46
+{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_errors | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
47
+          command:
48
+            - /tmp/maas-ingress-errors.sh
49
+            - start
50
+          env:
51
+            - name: BIND_PORT
52
+              value: {{ tuple "maas_ingress" "podport" "error_pages" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
53
+          volumeMounts:
54
+            - mountPath: /tmp/maas-ingress-errors.sh
55
+              name: maas-bin
56
+              subPath: maas-ingress-errors
57
+              readOnly: true
58
+      volumes:
59
+        - name: maas-bin
60
+          configMap:
61
+            name: maas-bin
62
+            defaultMode: 0555
63
+{{- end }}

+ 3
- 2
charts/maas/templates/etc/_curtin_userdata.tpl View File

@@ -1,3 +1,4 @@
1
+{{- $drydock_url := tuple "physicalprovisioner" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" -}}
1 2
 #cloud-config
2 3
 debconf_selections:
3 4
  maas: |
@@ -34,8 +35,8 @@ def find_ba_key(n):
34 35
     return False
35 36
 {{ "}}" }}
36 37
 {{ "{{" }}py: ba_key = find_ba_key(node){{ "}}" }}
37
-{{ "{{" }}py: ba_units_url = ''.join([{{ .Values.conf.drydock.bootaction_url | quote }},node.hostname,'/units']){{ "}}" }}
38
-{{ "{{" }}py: ba_files_url = ''.join([{{ .Values.conf.drydock.bootaction_url | quote }},node.hostname,'/files']){{ "}}" }}
38
+{{ "{{" }}py: ba_units_url = ''.join([{{ quote $drydock_url }},'/bootactions/nodes/',node.hostname,'/units']){{ "}}" }}
39
+{{ "{{" }}py: ba_files_url = ''.join([{{ quote $drydock_url }},'/bootactions/nodes/',node.hostname,'/files']){{ "}}" }}
39 40
 {{ "{{" }}if ba_key{{ "}}" }}
40 41
   drydock_00: ["sh", "-c", "echo Installing Drydock Boot Actions."]
41 42
   drydock_01: ["curtin", "in-target", "--", "wget", "--no-proxy", "--header=X-Bootaction-Key: {{ "{{" }}ba_key{{ "}}" }}", "{{ "{{" }}ba_units_url{{ "}}" }}", "-O", "/tmp/bootaction-units.tar.gz"]

+ 1
- 5
charts/maas/templates/etc/_regiond.conf.tpl View File

@@ -14,12 +14,8 @@
14 14
 # See the License for the specific language governing permissions and
15 15
 # limitations under the License.
16 16
 */}}
17
-{{- if empty .Values.conf.maas.url.maas_url -}}
18
-{{- tuple "maas_region_ui" "default" "region_ui" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.maas.url "maas_url" | quote | trunc 0 -}}
19
-{{- end }}
20
-
21 17
 database_host: {{ tuple "maas_db" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
22 18
 database_name: {{ .Values.endpoints.maas_db.auth.user.database }}
23 19
 database_pass: {{ .Values.endpoints.maas_db.auth.user.password }}
24 20
 database_user: {{ .Values.endpoints.maas_db.auth.user.username }}
25
-maas_url: {{ .Values.conf.maas.url.maas_url }}
21
+maas_url: {{ tuple "maas_region" "public" "region_api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}

+ 35
- 0
charts/maas/templates/ingress-region.yaml View File

@@ -0,0 +1,35 @@
1
+{{/*
2
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
3
+#
4
+# Licensed under the Apache License, Version 2.0 (the "License");
5
+# you may not use this file except in compliance with the License.
6
+# You may obtain a copy of the License at
7
+#
8
+#     http://www.apache.org/licenses/LICENSE-2.0
9
+#
10
+# Unless required by applicable law or agreed to in writing, software
11
+# distributed under the License is distributed on an "AS IS" BASIS,
12
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+# See the License for the specific language governing permissions and
14
+# limitations under the License.
15
+*/}}
16
+
17
+{{- if and .Values.manifests.ingress_region .Values.network.region_api.ingress.public }}
18
+---
19
+apiVersion: extensions/v1beta1
20
+kind: Ingress
21
+metadata:
22
+  name: maas-region-api
23
+  annotations:
24
+    kubernetes.io/ingress.class: {{ .Values.network.region_api.ingress.classes.cluster | quote }}
25
+spec:
26
+  rules:
27
+    - host: {{ tuple "maas_region" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
28
+      http:
29
+        paths:
30
+          - path: /
31
+            backend:
32
+              serviceName: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
33
+              servicePort: region-api
34
+...
35
+{{ end }}

+ 2
- 2
charts/maas/templates/job-import.yaml View File

@@ -56,7 +56,7 @@ spec:
56 56
             - name: TRY_LIMIT
57 57
               value: {{ .Values.jobs.import_boot_resources.try_limit | quote }}
58 58
             - name: MAAS_ENDPOINT
59
-              value: {{ tuple "maas_region_ui" "default" "region_ui" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
59
+              value: {{ tuple "maas_region" "public" "region_api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
60 60
             - name: MAAS_PROXY_ENABLED
61 61
               value: {{ .Values.conf.maas.proxy.proxy_enabled | quote }}
62 62
             - name: MAAS_PEER_PROXY_ENABLED
@@ -64,7 +64,7 @@ spec:
64 64
             - name: MAAS_PROXY_SERVER
65 65
               value: {{ .Values.conf.maas.proxy.proxy_server }}
66 66
             - name: MAAS_INTERNAL_PROXY_PORT
67
-              value: {{ .Values.network.port.service_proxy | quote }}
67
+              value: {{ tuple "maas_region" "default" "region_proxy" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
68 68
             - name: MAAS_HTTP_BOOT
69 69
               value: {{ .Values.conf.maas.http_boot | quote }}
70 70
             - name: MAAS_NTP_SERVERS

+ 1
- 1
charts/maas/templates/secret-admin-user.yaml View File

@@ -17,7 +17,7 @@ limitations under the License.
17 17
 {{- $envAll := . }}
18 18
 {{- range $key1, $userClass := tuple "admin" }}
19 19
 {{- $secretName := index $envAll.Values.secrets.maas_users $userClass }}
20
-{{- $auth := index $envAll.Values.endpoints.maas_region_ui.auth $userClass }}
20
+{{- $auth := index $envAll.Values.endpoints.maas_region.auth $userClass }}
21 21
 ---
22 22
 apiVersion: v1
23 23
 kind: Secret

+ 28
- 0
charts/maas/templates/service-ingress-error.yaml View File

@@ -0,0 +1,28 @@
1
+{{/*
2
+Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+---
17
+apiVersion: v1
18
+kind: Service
19
+metadata:
20
+  name: {{ tuple "maas_ingress" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
21
+spec:
22
+  ports:
23
+    - name: error-pages
24
+      port: {{ tuple "maas_ingress" "default" "error_pages" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
25
+      targetPort: {{ tuple "maas_ingress" "podport" "error_pages" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
26
+  selector:
27
+{{ tuple . "maas" "ingress-errors" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
28
+...

+ 0
- 7
charts/maas/templates/service-rack.yaml View File

@@ -1,7 +0,0 @@
1
----
2
-apiVersion: v1
3
-kind: Service
4
-metadata:
5
-  name: maas-rack
6
-spec:
7
-  clusterIP: 'None'

+ 14
- 15
charts/maas/templates/service-region.yaml View File

@@ -8,7 +8,6 @@ You may obtain a copy of the License at
8 8
    http://www.apache.org/licenses/LICENSE-2.0
9 9
 
10 10
 Unless required by applicable law or agreed to in writing, software
11
-    app: maas-region
12 11
 distributed under the License is distributed on an "AS IS" BASIS,
13 12
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 13
 See the License for the specific language governing permissions and
@@ -20,23 +19,23 @@ limitations under the License.
20 19
 apiVersion: v1
21 20
 kind: Service
22 21
 metadata:
23
-  name: {{ tuple "maas_region_ui" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
22
+  name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
24 23
 spec:
25 24
   ports:
26
-  - name: r-ui
27
-    port: {{ .Values.network.port.service_gui }}
28
-    targetPort: {{ .Values.network.port.service_gui_target }}
29
-    {{ if .Values.network.gui.node_port.enabled }}
30
-    nodePort: {{ .Values.network.gui.node_port.port }}
31
-    {{ end }}
32
-  - port: {{ .Values.network.port.service_proxy }}
33
-    targetPort: {{ .Values.network.port.service_proxy }}
34
-    {{ if .Values.network.proxy.node_port.enabled }}
35
-    nodePort:  {{ .Values.network.port.service_proxy }}
36
-    {{ end }}
37
-    name: proxy
25
+    - name: region-api
26
+      port: {{ tuple "maas_region" "internal" "region_api" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
27
+      targetPort: {{ tuple "maas_region" "podport" "region_api" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
28
+      {{ if .Values.network.region_api.node_port.enabled }}
29
+      nodePort: {{ tuple "maas_region" "nodeport" "region_api" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
30
+      {{ end }}
31
+    - name: region-proxy
32
+      port: {{ tuple "maas_region" "internal" "region_proxy" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
33
+      targetPort: {{ tuple "maas_region" "podport" "region_proxy" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
34
+      {{ if .Values.network.region_proxy.node_port.enabled }}
35
+      nodePort:  {{ tuple "maas_region" "nodeport" "region_proxy" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
36
+      {{ end }}
38 37
   selector:
39 38
 {{ tuple $envAll "maas" "region" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
40
-  {{ if .Values.network.proxy.node_port.enabled }}
39
+  {{ if or .Values.network.region_proxy.node_port.enabled .Values.network.region_api.node_port.enabled }}
41 40
   type: NodePort
42 41
   {{ end }}

+ 215
- 6
charts/maas/templates/statefulset-rack.yaml View File

@@ -16,9 +16,6 @@ limitations under the License.
16 16
 */}}
17 17
 
18 18
 {{- if .Values.manifests.rack_deployment }}
19
-{{- if empty .Values.conf.maas.url.maas_url -}}
20
-{{- tuple "maas_region_ui" "default" "region_ui" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.maas.url "maas_url" | quote | trunc 0 -}}
21
-{{- end -}}
22 19
 {{- $envAll := . }}
23 20
 {{- $serviceAccountName := "maas-rack" }}
24 21
 {{- $mounts_maas_rack := .Values.pod.mounts.maas_rack }}
@@ -26,6 +23,125 @@ limitations under the License.
26 23
 
27 24
 {{ tuple $envAll "rack_controller" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
28 25
 ---
26
+apiVersion: rbac.authorization.k8s.io/v1beta1
27
+kind: ClusterRole
28
+metadata:
29
+  name: {{ $serviceAccountName }}
30
+rules:
31
+  - apiGroups:
32
+      - ""
33
+    resources:
34
+      - configmaps
35
+      - endpoints
36
+      - nodes
37
+      - pods
38
+      - secrets
39
+    verbs:
40
+      - list
41
+      - watch
42
+  - apiGroups:
43
+      - ""
44
+    resources:
45
+      - nodes
46
+    verbs:
47
+      - get
48
+  - apiGroups:
49
+      - ""
50
+    resources:
51
+      - services
52
+    verbs:
53
+      - get
54
+      - list
55
+      - watch
56
+  - apiGroups:
57
+      - "extensions"
58
+    resources:
59
+      - ingresses
60
+    verbs:
61
+      - get
62
+      - list
63
+      - watch
64
+  - apiGroups:
65
+      - ""
66
+    resources:
67
+        - events
68
+    verbs:
69
+        - create
70
+        - patch
71
+  - apiGroups:
72
+      - "extensions"
73
+    resources:
74
+      - ingresses/status
75
+    verbs:
76
+      - update
77
+---
78
+apiVersion: rbac.authorization.k8s.io/v1beta1
79
+kind: ClusterRoleBinding
80
+metadata:
81
+  name: {{ $serviceAccountName }}
82
+roleRef:
83
+  apiGroup: rbac.authorization.k8s.io
84
+  kind: ClusterRole
85
+  name: {{ $serviceAccountName }}
86
+subjects:
87
+  - kind: ServiceAccount
88
+    name: {{ $serviceAccountName }}
89
+    namespace: {{ $envAll.Release.Namespace }}
90
+---
91
+apiVersion: rbac.authorization.k8s.io/v1beta1
92
+kind: Role
93
+metadata:
94
+  name: {{ $serviceAccountName }}
95
+  namespace: {{ $envAll.Release.Namespace }}
96
+rules:
97
+  - apiGroups:
98
+      - ""
99
+    resources:
100
+      - configmaps
101
+      - pods
102
+      - secrets
103
+      - namespaces
104
+    verbs:
105
+      - get
106
+  - apiGroups:
107
+      - ""
108
+    resources:
109
+      - configmaps
110
+    resourceNames:
111
+      - {{ printf "%s-maas-ingress" .Release.Name | quote }}
112
+    verbs:
113
+      - get
114
+      - update
115
+  - apiGroups:
116
+      - ""
117
+    resources:
118
+      - configmaps
119
+    verbs:
120
+      - create
121
+  - apiGroups:
122
+      - ""
123
+    resources:
124
+      - endpoints
125
+    verbs:
126
+      - get
127
+      - create
128
+      - update
129
+---
130
+apiVersion: rbac.authorization.k8s.io/v1beta1
131
+kind: RoleBinding
132
+metadata:
133
+  name: {{ $serviceAccountName }}
134
+  namespace: {{ $envAll.Release.Namespace }}
135
+roleRef:
136
+  apiGroup: rbac.authorization.k8s.io
137
+  kind: Role
138
+  name: {{ $serviceAccountName }}
139
+subjects:
140
+  - kind: ServiceAccount
141
+    name: {{ $serviceAccountName }}
142
+    namespace: {{ $envAll.Release.Namespace }}
143
+---
144
+---
29 145
 apiVersion: apps/v1beta1
30 146
 kind: StatefulSet
31 147
 metadata:
@@ -47,21 +163,107 @@ spec:
47 163
     spec:
48 164
       serviceAccountName: {{ $serviceAccountName }}
49 165
       affinity:
50
-{{ tuple $envAll "maas" "rack" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
166
+{{- tuple $envAll "maas" "rack" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
51 167
       nodeSelector:
52 168
         {{ .Values.labels.rack.node_selector_key }}: {{ .Values.labels.rack.node_selector_value }}
53 169
       hostNetwork: true
54
-      dnsPolicy: ClusterFirst
170
+      dnsPolicy: ClusterFirstWithHostNet
55 171
       initContainers:
56 172
 {{ tuple $envAll "rack_controller" $mounts_maas_rack_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
173
+        - name: maas-ingress-vip-init
174
+          image: {{ .Values.images.tags.ingress }}
175
+          imagePullPolicy: {{ .Values.images.pull_policy }}
176
+{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
177
+          securityContext:
178
+            capabilities:
179
+              add:
180
+                - 'NET_ADMIN'
181
+                - 'SYS_MODULE'
182
+            runAsUser: 0
183
+          command:
184
+            - /tmp/maas-vip-configure.sh
185
+            - start
186
+          env:
187
+{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.maas_ingress | indent 12 }}
188
+          volumeMounts:
189
+            - mountPath: /tmp/maas-vip-configure.sh
190
+              name: maas-bin
191
+              subPath: maas-vip-configure
192
+              readOnly: true
193
+            - mountPath: /mnt/host-rootfs
194
+              name: host-rootfs
195
+              readOnly: true
57 196
       containers:
197
+        - name: maas-ingress-vip
198
+          image: {{ .Values.images.tags.ingress }}
199
+          imagePullPolicy: {{ .Values.images.pull_policy }}
200
+{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
201
+          securityContext:
202
+            capabilities:
203
+              add:
204
+                - 'NET_ADMIN'
205
+            runAsUser: 0
206
+          command:
207
+            - /tmp/maas-vip-configure.sh
208
+            - sleep
209
+          env:
210
+{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.maas_ingress | indent 12 }}
211
+          volumeMounts:
212
+            - mountPath: /tmp/maas-vip-configure.sh
213
+              name: maas-bin
214
+              subPath: maas-vip-configure
215
+              readOnly: true
216
+          lifecycle:
217
+            preStop:
218
+              exec:
219
+                command:
220
+                  - /tmp/maas-vip-configure.sh
221
+                  - stop
222
+        - name: maas-ingress
223
+          image: {{ .Values.images.tags.ingress }}
224
+          imagePullPolicy: {{ .Values.images.pull_policy }}
225
+{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
226
+          securityContext:
227
+            capabilities:
228
+              add:
229
+                - 'NET_BIND_SERVICE'
230
+            runAsUser: 0
231
+          command:
232
+            - /tmp/maas-ingress.sh
233
+            - start
234
+          env:
235
+            - name: POD_NAMESPACE
236
+              valueFrom:
237
+                fieldRef:
238
+                  fieldPath: metadata.namespace
239
+            - name: POD_NAME
240
+              valueFrom:
241
+                fieldRef:
242
+                  fieldPath: metadata.name
243
+            - name: RELEASE_NAME
244
+              value: {{ .Release.Name | quote }}
245
+            - name: HTTP_PORT
246
+              value: "8808"
247
+            - name: HTTPS_PORT
248
+              value: "8543"
249
+            - name: HEALTHZ_PORT
250
+              value: {{ tuple "maas_ingress" "podport" "healthz" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
251
+            - name: STATUS_PORT
252
+              value: {{ tuple "maas_ingress" "podport" "status" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
253
+            - name: ERROR_PAGE_SERVICE
254
+              value: {{ tuple "maas_ingress" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | quote }}
255
+          volumeMounts:
256
+            - mountPath: /tmp/maas-ingress.sh
257
+              name: maas-bin
258
+              subPath: maas-ingress
259
+              readOnly: true
58 260
         - name: maas-rack
59 261
           image: {{ .Values.images.tags.maas_rack }}
60 262
           imagePullPolicy: {{ .Values.images.pull_policy }}
61 263
           tty: true
62 264
           env:
63 265
             - name: MAAS_ENDPOINT
64
-              value: {{ .Values.conf.maas.url.maas_url }}
266
+              value: {{ tuple "maas_region" "public" "region_api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
65 267
             - name: MAAS_REGION_SECRET
66 268
               valueFrom:
67 269
                 secretKeyRef:
@@ -108,6 +310,10 @@ spec:
108 310
               mountPath: /var/lib/maas
109 311
               subPath: home
110 312
               readOnly: false
313
+            - name: maas-etc
314
+              mountPath: /etc/nsswitch.conf
315
+              subPath: nsswitch.conf
316
+              readOnly: true
111 317
 {{- if .Values.manifests.secret_ssh_key }}
112 318
             - name: priv-key
113 319
               subPath: PRIVATE_KEY
@@ -118,6 +324,9 @@ spec:
118 324
         - name: host-sys-fs-cgroup
119 325
           hostPath:
120 326
             path: /sys/fs/cgroup
327
+        - name: host-rootfs
328
+          hostPath:
329
+            path: /
121 330
         - name: pod-run
122 331
           emptyDir: {}
123 332
         - name: pod-run-lock

+ 5
- 3
charts/maas/templates/statefulset-region.yaml View File

@@ -56,11 +56,13 @@ spec:
56 56
           tty: true
57 57
 {{ tuple $envAll $envAll.Values.pod.resources.maas_region | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
58 58
           ports:
59
-            - name: r-ui
60
-              containerPort: {{ .Values.network.port.region_container }}
59
+            - name: region-api
60
+              containerPort: {{ tuple "maas_region" "podport" "region_api" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
61
+            - name: region-proxy
62
+              containerPort: {{ tuple "maas_region" "podport" "region_proxy" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
61 63
           readinessProbe:
62 64
             tcpSocket:
63
-              port: {{ .Values.network.port.region_container }}
65
+              port: {{ tuple "maas_region" "podport" "region_api" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
64 66
           securityContext:
65 67
             privileged: true
66 68
           command:

+ 1
- 1
charts/maas/templates/tests/test-maas-init.yaml View File

@@ -34,7 +34,7 @@ spec:
34 34
     - name: "{{ .Release.Name }}-api-test"
35 35
       env:
36 36
         - name: 'MAAS_URL'
37
-          value: {{ tuple "maas_region_ui" "internal" "region_ui" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
37
+          value: {{ tuple "maas_region" "internal" "region_api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
38 38
         - name: 'MAAS_API_KEY'
39 39
           valueFrom:
40 40
             secretKeyRef:

+ 88
- 28
charts/maas/values.yaml View File

@@ -20,10 +20,8 @@
20 20
 dependencies:
21 21
   static:
22 22
     rack_controller:
23
-      jobs:
24
-        - maas-db-sync
25 23
       services:
26
-        - service: maas_region_ui
24
+        - service: maas_region
27 25
           endpoint: internal
28 26
     region_controller:
29 27
       jobs:
@@ -42,23 +40,19 @@ dependencies:
42 40
       jobs:
43 41
         - maas-db-sync
44 42
       services:
45
-        - service: maas_region_ui
43
+        - service: maas_region
46 44
           endpoint: internal
47 45
         - service: maas_db
48 46
           endpoint: internal
49 47
     import_resources:
50
-      jobs:
51
-        - maas-db-sync
52 48
       services:
53
-        - service: maas_region_ui
49
+        - service: maas_region
54 50
           endpoint: internal
55 51
         - service: maas_db
56 52
           endpoint: internal
57 53
     export_api_key:
58
-      jobs:
59
-        - maas-db-sync
60 54
       services:
61
-        - service: maas_region_ui
55
+        - service: maas_region
62 56
           endpoint: internal
63 57
         - service: maas_db
64 58
           endpoint: internal
@@ -68,6 +62,8 @@ manifests:
68 62
   rack_deployment: true
69 63
   test_maas_api: true
70 64
   secret_ssh_key: false
65
+  ingress_region: true
66
+  configmap_ingress: true
71 67
 
72 68
 images:
73 69
   tags:
@@ -79,6 +75,8 @@ images:
79 75
     export_api_key: quay.io/airshipit/maas-region-controller:latest
80 76
     maas_cache: quay.io/airshipit/sstream-cache:latest
81 77
     dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
78
+    ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
79
+    error_pages: gcr.io/google_containers/defaultbackend:1.0
82 80
   pull_policy: IfNotPresent
83 81
   local_registry:
84 82
     # TODO(portdirect): this chart does not yet support local image cacheing
@@ -102,20 +100,23 @@ labels:
102 100
     node_selector_value: enabled
103 101
 
104 102
 network:
105
-  proxy:
103
+  maas_ingress:
104
+    mode: routed
105
+    interface: maas-vip
106
+    addr: 172.18.0.2/32
107
+  region_proxy:
106 108
     node_port:
107
-      enabled: true
108
-  gui:
109
+      enabled: false
110
+  region_api:
111
+    ingress:
112
+      public: true
113
+      classes:
114
+        namespace: "maas-ingress"
115
+        cluster: "maas-ingress"
116
+      annotations:
117
+        nginx.ingress.kubernetes.io/rewrite-target: "/"
109 118
     node_port:
110
-      enabled: true
111
-      port: 31900
112
-  port:
113
-    region_container: 80
114
-    service_gui: 80
115
-    service_gui_target: 80
116
-    service_proxy: 31800
117
-    db_service: 5432
118
-    db_service_target: 5432
119
+      enabled: false
119 120
 
120 121
 storage:
121 122
   rackd:
@@ -145,8 +146,6 @@ conf:
145 146
     override:
146 147
     append:
147 148
     http_boot: true
148
-    url:
149
-      maas_url: null
150 149
     ntp:
151 150
       # These options allow you to mock out the ntpd binary within the container
152 151
       # by overwriting it with a script that simply sleeps - this is useful in
@@ -266,6 +265,27 @@ pod:
266 265
       requests:
267 266
         memory: "128Mi"
268 267
         cpu: "500m"
268
+    maas_ingress_vip:
269
+      limits:
270
+        memory: "128Mi"
271
+        cpu: "500m"
272
+      requests:
273
+        memory: "128Mi"
274
+        cpu: "500m"
275
+    maas_ingress:
276
+      limits:
277
+        memory: "128Mi"
278
+        cpu: "500m"
279
+      requests:
280
+        memory: "128Mi"
281
+        cpu: "500m"
282
+    maas_ingress_errors:
283
+      limits:
284
+        memory: "128Mi"
285
+        cpu: "500m"
286
+      requests:
287
+        memory: "128Mi"
288
+        cpu: "500m"
269 289
     jobs:
270 290
       db_init:
271 291
         requests:
@@ -305,6 +325,24 @@ pod:
305 325
 
306 326
 endpoints:
307 327
   cluster_domain_suffix: cluster.local
328
+  maas_ingress:
329
+    hosts:
330
+      default: maas-ingress
331
+      error_pages: maas-ingress-error
332
+    host_fqdn_override:
333
+      default: null
334
+    port:
335
+      http:
336
+        default: 80
337
+      https:
338
+        default: 443
339
+      error_pages:
340
+        default: 8080
341
+        podport: 10080
342
+      healthz:
343
+        podport: 10254
344
+      status:
345
+        podport: 18080
308 346
   maas_db:
309 347
     auth:
310 348
       admin:
@@ -322,23 +360,45 @@ endpoints:
322 360
         default: 5432
323 361
     host_fqdn_override:
324 362
       default: null
325
-  maas_region_ui:
326
-    name: maas-region-ui
363
+  maas_region:
364
+    name: maas-region
327 365
     auth:
328 366
       admin:
329 367
         username: admin
330 368
         password: admin
331 369
         email: none@none
332 370
     hosts:
333
-      default: maas-region-ui
371
+      default: maas-region
334 372
       public: maas
335 373
     path:
336 374
       default: /MAAS
337 375
     scheme:
338 376
       default: 'http'
339 377
     port:
340
-      region_ui:
378
+      region_api:
341 379
         default: 80
380
+        nodeport: 31900
381
+        podport: 80
342 382
         public: 80
383
+      region_proxy:
384
+        default: 8000
385
+        # podport and public need to be the same as of MAAS 2.3.4, so
386
+        # comment them out and let the default rule
387
+        # podport: 8000
388
+        # public: 8000
389
+    host_fqdn_override:
390
+      default: null
391
+  physicalprovisioner:
392
+    name: drydock
393
+    hosts:
394
+      default: drydock-api
395
+    port:
396
+      api:
397
+        default: 9000
398
+        nodeport: 31900
399
+    path:
400
+      default: /api/v1.0
401
+    scheme:
402
+      default: http
343 403
     host_fqdn_override:
344 404
       default: null

+ 1
- 1
tools/helm_install.sh View File

@@ -17,7 +17,7 @@
17 17
 set -x
18 18
 
19 19
 HELM=$1
20
-HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://storage.googleapis.com/kubernetes-helm/helm-v2.9.1-linux-amd64.tar.gz"}
20
+HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://storage.googleapis.com/kubernetes-helm/helm-v2.10.0-linux-amd64.tar.gz"}
21 21
 
22 22
 
23 23
 function install_helm_binary {

+ 1
- 1
tools/helm_tk.sh View File

@@ -18,7 +18,7 @@
18 18
 HELM=$1
19 19
 HTK_REPO=${HTK_REPO:-"https://github.com/openstack/openstack-helm-infra"}
20 20
 HTK_PATH=${HTK_PATH:-""}
21
-HTK_STABLE_COMMIT=${HTK_COMMIT:-"master"}
21
+HTK_STABLE_COMMIT=${HTK_COMMIT:-"4cd00f3ac539f625e7cd9733ae46232b2082027a"}
22 22
 DEP_UP_LIST=${DEP_UP_LIST:-"maas"}
23 23
 
24 24
 if [[ ! -z $(echo $http_proxy) ]]

Loading…
Cancel
Save