From b002bd58fd2d8e275b45cf2d35d4556bd1cdd656 Mon Sep 17 00:00:00 2001 From: Anthony Lin Date: Thu, 19 Oct 2017 23:19:13 +0000 Subject: [PATCH] Move Shipyard Chart This PS migrates the Shipyard Chart into this repo Change-Id: I2cf037ab662886a94c8439f43d248da9295a83b3 --- charts/.helmignore | 22 + charts/shipyard/Chart.yaml | 29 + charts/shipyard/requirements.yaml | 18 + .../templates/bin/_airflow-db-init.sh.tpl | 49 ++ .../templates/bin/_airflow-db-sync.sh.tpl | 21 + .../bin/_airflow-shipyard-init.sh.tpl | 22 + .../templates/bin/_shipyard-db-init.sh.tpl | 54 ++ .../templates/bin/_shipyard-db-sync.sh.tpl | 19 + .../templates/configmap-airflow-bin.yaml | 27 + .../templates/configmap-airflow-etc.yaml | 59 ++ .../templates/configmap-shipyard-bin.yaml | 32 + .../templates/configmap-shipyard-etc.yaml | 105 ++++ .../templates/deployment-airflow-flower.yaml | 69 +++ .../deployment-airflow-scheduler.yaml | 127 ++++ .../templates/deployment-airflow-web.yaml | 131 ++++ .../templates/deployment-airflow-worker.yaml | 145 +++++ .../templates/deployment-shipyard.yaml | 76 +++ .../shipyard/templates/etc/_airflow.cfg.tpl | 371 ++++++++++++ .../shipyard/templates/etc/_api-paste.ini.tpl | 25 + .../shipyard/templates/etc/_policy.yaml.tpl | 40 ++ .../shipyard/templates/etc/_shipyard.conf.tpl | 375 ++++++++++++ .../templates/ingress-airflow-api.yaml | 47 ++ .../templates/ingress-shipyard-api.yaml | 47 ++ .../templates/job-airflow-db-init.yaml | 81 +++ .../templates/job-airflow-db-sync.yaml | 61 ++ .../shipyard/templates/job-ks-endpoints.yaml | 65 ++ charts/shipyard/templates/job-ks-service.yaml | 60 ++ charts/shipyard/templates/job-ks-user.yaml | 61 ++ .../templates/job-shipyard-db-init.yaml | 83 +++ .../templates/job-shipyard-db-sync.yaml | 79 +++ .../shipyard/templates/secret-airflow-db.yaml | 30 + .../templates/secret-keystone-env.yaml | 28 + .../templates/secret-shipyard-db.yaml | 30 + .../templates/service-airflow-flower.yaml | 43 ++ .../templates/service-airflow-ingress.yaml | 32 + .../templates/service-airflow-web.yaml | 43 ++ .../templates/service-shipyard-ingress.yaml | 32 + .../shipyard/templates/service-shipyard.yaml | 43 ++ charts/shipyard/values.yaml | 571 ++++++++++++++++++ 39 files changed, 3252 insertions(+) create mode 100644 charts/.helmignore create mode 100644 charts/shipyard/Chart.yaml create mode 100644 charts/shipyard/requirements.yaml create mode 100644 charts/shipyard/templates/bin/_airflow-db-init.sh.tpl create mode 100644 charts/shipyard/templates/bin/_airflow-db-sync.sh.tpl create mode 100644 charts/shipyard/templates/bin/_airflow-shipyard-init.sh.tpl create mode 100644 charts/shipyard/templates/bin/_shipyard-db-init.sh.tpl create mode 100644 charts/shipyard/templates/bin/_shipyard-db-sync.sh.tpl create mode 100644 charts/shipyard/templates/configmap-airflow-bin.yaml create mode 100644 charts/shipyard/templates/configmap-airflow-etc.yaml create mode 100644 charts/shipyard/templates/configmap-shipyard-bin.yaml create mode 100644 charts/shipyard/templates/configmap-shipyard-etc.yaml create mode 100644 charts/shipyard/templates/deployment-airflow-flower.yaml create mode 100644 charts/shipyard/templates/deployment-airflow-scheduler.yaml create mode 100644 charts/shipyard/templates/deployment-airflow-web.yaml create mode 100644 charts/shipyard/templates/deployment-airflow-worker.yaml create mode 100644 charts/shipyard/templates/deployment-shipyard.yaml create mode 100644 charts/shipyard/templates/etc/_airflow.cfg.tpl create mode 100644 charts/shipyard/templates/etc/_api-paste.ini.tpl create mode 100644 charts/shipyard/templates/etc/_policy.yaml.tpl create mode 100644 charts/shipyard/templates/etc/_shipyard.conf.tpl create mode 100644 charts/shipyard/templates/ingress-airflow-api.yaml create mode 100644 charts/shipyard/templates/ingress-shipyard-api.yaml create mode 100644 charts/shipyard/templates/job-airflow-db-init.yaml create mode 100644 charts/shipyard/templates/job-airflow-db-sync.yaml create mode 100644 charts/shipyard/templates/job-ks-endpoints.yaml create mode 100644 charts/shipyard/templates/job-ks-service.yaml create mode 100644 charts/shipyard/templates/job-ks-user.yaml create mode 100644 charts/shipyard/templates/job-shipyard-db-init.yaml create mode 100644 charts/shipyard/templates/job-shipyard-db-sync.yaml create mode 100644 charts/shipyard/templates/secret-airflow-db.yaml create mode 100644 charts/shipyard/templates/secret-keystone-env.yaml create mode 100644 charts/shipyard/templates/secret-shipyard-db.yaml create mode 100644 charts/shipyard/templates/service-airflow-flower.yaml create mode 100644 charts/shipyard/templates/service-airflow-ingress.yaml create mode 100644 charts/shipyard/templates/service-airflow-web.yaml create mode 100644 charts/shipyard/templates/service-shipyard-ingress.yaml create mode 100644 charts/shipyard/templates/service-shipyard.yaml create mode 100644 charts/shipyard/values.yaml diff --git a/charts/.helmignore b/charts/.helmignore new file mode 100644 index 00000000..06e1663c --- /dev/null +++ b/charts/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj + diff --git a/charts/shipyard/Chart.yaml b/charts/shipyard/Chart.yaml new file mode 100644 index 00000000..8b4f27f0 --- /dev/null +++ b/charts/shipyard/Chart.yaml @@ -0,0 +1,29 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: A Helm chart for Shipyard and Airflow +name: shipyard +version: 0.1.0 +keywords: +- shipyard +- airflow +home: https://github.com/att-comdev/shipyard +sources: +- https://github.com/apache/incubator-airflow +- https://github.com/att-comdev/aic-helm +- https://git.openstack.org/cgit/openstack/openstack-helm +maintainers: +- name: OpenStack-Helm Authors +engine: gotpl diff --git a/charts/shipyard/requirements.yaml b/charts/shipyard/requirements.yaml new file mode 100644 index 00000000..53782e69 --- /dev/null +++ b/charts/shipyard/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/charts/shipyard/templates/bin/_airflow-db-init.sh.tpl b/charts/shipyard/templates/bin/_airflow-db-init.sh.tpl new file mode 100644 index 00000000..0db50e97 --- /dev/null +++ b/charts/shipyard/templates/bin/_airflow-db-init.sh.tpl @@ -0,0 +1,49 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +export HOME=/tmp + +# Extract the DB string from shipyard.conf and get the +# value of the DB host and port +db_string=`grep -i sql_alchemy_conn ${AIRFLOW_CONFIG_FILE}` +db_fqdn=`echo ${db_string#*@} | cut -f1 -d"."` +db_port=`echo ${db_string#*@} | grep -o "[0-9]\+"` + +pgsql_superuser_cmd () { + DB_COMMAND="$1" + if [[ ! -z $2 ]]; then + EXPORT PGDATABASE=$2 + fi + + psql \ + -h $db_fqdn \ + -p $db_port \ + -U ${ROOT_DB_USER} \ + --command="${DB_COMMAND}" +} + +# Create db +pgsql_superuser_cmd "SELECT 1 FROM pg_database WHERE datname = '$DB_NAME'" | grep -q 1 || pgsql_superuser_cmd "CREATE DATABASE $DB_NAME" + +# Create db user +pgsql_superuser_cmd "SELECT * FROM pg_roles WHERE rolname = '$DB_USER';" | tail -n +3 | head -n -2 | grep -q 1 || \ + pgsql_superuser_cmd "CREATE ROLE ${DB_USER} LOGIN PASSWORD '$DB_PASS'" + +# Grant permissions to user +pgsql_superuser_cmd "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME to $DB_USER;" diff --git a/charts/shipyard/templates/bin/_airflow-db-sync.sh.tpl b/charts/shipyard/templates/bin/_airflow-db-sync.sh.tpl new file mode 100644 index 00000000..a82128bd --- /dev/null +++ b/charts/shipyard/templates/bin/_airflow-db-sync.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +airflow initdb diff --git a/charts/shipyard/templates/bin/_airflow-shipyard-init.sh.tpl b/charts/shipyard/templates/bin/_airflow-shipyard-init.sh.tpl new file mode 100644 index 00000000..505544db --- /dev/null +++ b/charts/shipyard/templates/bin/_airflow-shipyard-init.sh.tpl @@ -0,0 +1,22 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +cp -vaR /home/shipyard/shipyard/shipyard_airflow/dags/*.py /tmp/airflow/dags/ +cp -vaR /home/shipyard/shipyard/shipyard_airflow/plugins/*.py /tmp/airflow/plugins/ diff --git a/charts/shipyard/templates/bin/_shipyard-db-init.sh.tpl b/charts/shipyard/templates/bin/_shipyard-db-init.sh.tpl new file mode 100644 index 00000000..ac2aff1c --- /dev/null +++ b/charts/shipyard/templates/bin/_shipyard-db-init.sh.tpl @@ -0,0 +1,54 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +export HOME=/tmp + +# Extract the DB string from shipyard.conf and get the +# value of the DB host and port +db_string=`grep -i postgresql_db ${SHIPYARD_CONFIG_FILE}` +db_fqdn=`echo ${db_string#*@} | cut -f1 -d"."` +db_port=`echo ${db_string#*@} | grep -o "[0-9]\+"` + +pgsql_superuser_cmd () { + DB_COMMAND="$1" + if [[ ! -z $2 ]]; then + EXPORT PGDATABASE=$2 + fi + + psql \ + -h $db_fqdn \ + -p $db_port \ + -U ${ROOT_DB_USER} \ + --command="${DB_COMMAND}" +} + +# Create db +pgsql_superuser_cmd "SELECT 1 FROM pg_database WHERE datname = '$DB_NAME'" | grep -q 1 || pgsql_superuser_cmd "CREATE DATABASE $DB_NAME" + +# Create db user +pgsql_superuser_cmd "SELECT * FROM pg_roles WHERE rolname = '$DB_USER';" | tail -n +3 | head -n -2 | grep -q 1 || \ + pgsql_superuser_cmd "CREATE ROLE ${DB_USER} LOGIN PASSWORD '$DB_PASS'" + +# Grant permissions to user +pgsql_superuser_cmd "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME to $DB_USER;" + +# Grant permissions to shipyard user +# This will allow shipyard user to query airflow database +psql -h $db_fqdn -p $db_port -U ${AIRFLOW_DB_USER} \ +--command="GRANT select, insert, update, delete on all tables in schema public to $DB_USER;" diff --git a/charts/shipyard/templates/bin/_shipyard-db-sync.sh.tpl b/charts/shipyard/templates/bin/_shipyard-db-sync.sh.tpl new file mode 100644 index 00000000..e22b5872 --- /dev/null +++ b/charts/shipyard/templates/bin/_shipyard-db-sync.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex diff --git a/charts/shipyard/templates/configmap-airflow-bin.yaml b/charts/shipyard/templates/configmap-airflow-bin.yaml new file mode 100644 index 00000000..25e5f1ba --- /dev/null +++ b/charts/shipyard/templates/configmap-airflow-bin.yaml @@ -0,0 +1,27 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.manifests.configmap_airflow_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: airflow-bin +data: + airflow-db-init.sh: |+ +{{ tuple "bin/_airflow-db-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + airflow-db-sync.sh: |+ +{{ tuple "bin/_airflow-db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + airflow-shipyard-init.sh: |+ +{{ tuple "bin/_airflow-shipyard-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} diff --git a/charts/shipyard/templates/configmap-airflow-etc.yaml b/charts/shipyard/templates/configmap-airflow-etc.yaml new file mode 100644 index 00000000..a834a0e5 --- /dev/null +++ b/charts/shipyard/templates/configmap-airflow-etc.yaml @@ -0,0 +1,59 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $envAll := . }} + +{{ include "airflow.conf.airflow_values_skeleton" .Values.conf.airflow | trunc 0 }} + +# Add endpoint URI lookup for Airflow Web Server +{{- if empty .Values.conf.airflow.webserver.base_url -}} +{{- tuple "airflow_web" "internal" "airflow_web" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.airflow.webserver "base_url" | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.airflow.cli.endpoint_url -}} +{{- tuple "airflow_web" "internal" "airflow_web" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.airflow.cli "endpoint_url" | quote | trunc 0 -}} +{{- end -}} + +# Add endpoint URI lookup for Postgresql DB Connection +{{- if empty .Values.conf.airflow.core.sql_alchemy_conn -}} +{{- tuple "postgresql_airflow_db" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.airflow.core "sql_alchemy_conn" | quote | trunc 0 -}} +{{- end -}} + +# Add endpoint URI lookup for RabbitMQ Connection +{{- if empty .Values.conf.airflow.celery.broker_url -}} +{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.airflow.celery "broker_url" | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.airflow.celery.celery_result_backend -}} +{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.airflow.celery "celery_result_backend" | quote | trunc 0 -}} +{{- end -}} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: airflow-etc +data: + airflow.cfg: |+ +{{ if .Values.conf.airflow.override -}} +{{ .Values.conf.airflow.override | indent 4 }} +{{- else -}} +{{- if .Values.conf.airflow.prefix -}} +{{ .Values.conf.airflow.prefix | indent 4 }} +{{- end }} +{{ tuple "etc/_airflow.cfg.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} +{{- if .Values.conf.airflow.append -}} +{{ .Values.conf.airflow.append | indent 4 }} +{{- end }} diff --git a/charts/shipyard/templates/configmap-shipyard-bin.yaml b/charts/shipyard/templates/configmap-shipyard-bin.yaml new file mode 100644 index 00000000..a6cb18fc --- /dev/null +++ b/charts/shipyard/templates/configmap-shipyard-bin.yaml @@ -0,0 +1,32 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.manifests.configmap_shipyard_bin }} +{{- $envAll := . }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: shipyard-bin +data: + ks-service.sh: | +{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }} + ks-endpoints.sh: | +{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }} + ks-user.sh: | +{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} + ks-domain-user.sh: | +{{- include "helm-toolkit.scripts.keystone_domain_user" . | indent 4 }} + shipyard-db-init.sh: |+ +{{ tuple "bin/_shipyard-db-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + shipyard-db-sync.sh: |+ +{{ tuple "bin/_shipyard-db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} diff --git a/charts/shipyard/templates/configmap-shipyard-etc.yaml b/charts/shipyard/templates/configmap-shipyard-etc.yaml new file mode 100644 index 00000000..be460bc8 --- /dev/null +++ b/charts/shipyard/templates/configmap-shipyard-etc.yaml @@ -0,0 +1,105 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $envAll := . }} + +{{ include "shipyard.conf.shipyard_values_skeleton" .Values.conf.shipyard | trunc 0 }} + +{{- if empty .Values.conf.shipyard.keystone_authtoken.keystonemiddleware.auth_token.auth_uri -}} +{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.shipyard.keystone_authtoken.keystonemiddleware.auth_token "auth_uri" | quote | trunc 0 -}} +{{- end -}} + +# FIXME fix for broken keystonemiddleware oslo config gen in newton - will remove in future +{{- if empty .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator.auth_url -}} +{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator "auth_url" | quote | trunc 0 -}} +{{- end -}} + +# Add endpoint URI lookup for Airflow Web Server +{{- if empty .Values.conf.shipyard.base.web_server -}} +{{- tuple "airflow_web" "internal" "airflow_web" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.shipyard.base "web_server" | quote | trunc 0 -}} +{{- end -}} + +# Add endpoint URI lookup for Shipyard Postgresql DB Connection +{{- if empty .Values.conf.shipyard.base.postgresql_db -}} +{{- tuple "postgresql_shipyard_db" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.shipyard.base "postgresql_db" | quote | trunc 0 -}} +{{- end -}} + +# Add endpoint URI lookup for Shipyard Airflow Postgresql DB Connection +{{- if empty .Values.conf.shipyard.base.postgresql_airflow_db -}} +{{- tuple "postgresql_airflow_db" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.shipyard.base "postgresql_airflow_db" | quote | trunc 0 -}} +{{- end -}} + +# Add endpoint URI lookup for memcached servers Connection +{{- if empty .Values.conf.shipyard.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}} +{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.shipyard.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} +{{- end -}} + +{{- $userIdentity := .Values.endpoints.identity.auth.user -}} + +{{- if empty .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator.project_name -}} +{{- set .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator "project_name" $userIdentity.project_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator.project_domain_name -}} +{{- set .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator "project_domain_name" $userIdentity.project_domain_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator.user_domain_name -}} +{{- set .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator "user_domain_name" $userIdentity.user_domain_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator.username -}} +{{- set .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator "username" $userIdentity.username | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator.password -}} +{{- set .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator "password" $userIdentity.password | quote | trunc 0 -}} +{{- end -}} + +# Set a random string as secret key. +{{- if empty .Values.conf.shipyard.keystone_authtoken.keystonemiddleware.auth_token.memcache_secret_key -}} +{{- randAlphaNum 64 | set .Values.conf.shipyard.keystone_authtoken.keystonemiddleware.auth_token "memcache_secret_key" | quote | trunc 0 -}} +{{- end -}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: shipyard-etc +data: + shipyard.conf: |+ +{{ if .Values.conf.shipyard.override -}} +{{ .Values.conf.shipyard.override | indent 4 }} +{{- else -}} +{{- if .Values.conf.shipyard.prefix -}} +{{ .Values.conf.shipyard.prefix | indent 4 }} +{{- end }} +{{ tuple "etc/_shipyard.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} +{{- if .Values.conf.shipyard.append -}} +{{ .Values.conf.shipyard.append | indent 4 }} +{{- end }} + api-paste.ini: |+ +{{ if .Values.conf.paste.override -}} +{{ .Values.conf.paste.override | indent 4 }} +{{- else -}} +{{- if .Values.conf.paste.prefix -}} +{{ .Values.conf.paste.prefix | indent 4 }} +{{- end }} +{{ tuple "etc/_api-paste.ini.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- if .Values.conf.paste.append -}} +{{ .Values.conf.paste.append | indent 4 }} +{{- end }} +{{- end }} + policy.yaml: |+ +{{ if .Values.conf.policy.override -}} +{{ .Values.conf.policy.override | indent 4 }} +{{- else -}} +{{ tuple "etc/_policy.yaml.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} diff --git a/charts/shipyard/templates/deployment-airflow-flower.yaml b/charts/shipyard/templates/deployment-airflow-flower.yaml new file mode 100644 index 00000000..bc82fd87 --- /dev/null +++ b/charts/shipyard/templates/deployment-airflow-flower.yaml @@ -0,0 +1,69 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.manifests.deployment_airflow_flower }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.airflow_server }} +{{- $mounts_airflow_flower := .Values.pod.mounts.airflow_flower.airflow_flower }} +{{- $mounts_airflow_flower_init := .Values.pod.mounts.airflow_flower.init_container }} +--- +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: airflow-flower +spec: + replicas: {{ .Values.pod.replicas.airflow.flower }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "airflow" "flower" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-bin-hash: {{ tuple "configmap-airflow-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-airflow-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + restartPolicy: Always + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.airflow.timeout | default "30" }} + initContainers: +{{ tuple $envAll $dependencies $mounts_airflow_flower_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: airflow-flower + image: {{ .Values.images.airflow }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.airflow.flower | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + # To prevent the error: ValueError: invalid literal for int() with base 10: 'tcp://10.0.0.83:5555' + - name: FLOWER_PORT + value: "5555" + ports: + - containerPort: {{ .Values.network.airflow.flower.port }} + args: ["flower"] + readinessProbe: + tcpSocket: + port: {{ .Values.network.airflow.flower.port }} + volumeMounts: + - name: airflow-etc + mountPath: {{ .Values.conf.airflow.airflow_config_file }} + subPath: airflow.cfg + readOnly: true +{{ if $mounts_airflow_flower.volumeMounts }}{{ toYaml $mounts_airflow_flower.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: airflow-etc + configMap: + name: airflow-etc + defaultMode: 0444 +{{ if $mounts_airflow_flower.volumes }}{{ toYaml $mounts_airflow_flower.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/charts/shipyard/templates/deployment-airflow-scheduler.yaml b/charts/shipyard/templates/deployment-airflow-scheduler.yaml new file mode 100644 index 00000000..bc34c2a5 --- /dev/null +++ b/charts/shipyard/templates/deployment-airflow-scheduler.yaml @@ -0,0 +1,127 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.manifests.deployment_airflow_scheduler }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.airflow_server }} +{{- $mounts_airflow_scheduler := .Values.pod.mounts.airflow_scheduler.airflow_scheduler }} +{{- $mounts_airflow_scheduler_init := .Values.pod.mounts.airflow_scheduler.init_container }} +--- +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: airflow-scheduler +spec: + replicas: {{ .Values.pod.replicas.airflow.scheduler }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "airflow" "scheduler" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-bin-hash: {{ tuple "configmap-airflow-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-airflow-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + restartPolicy: Always + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.airflow.timeout | default "30" }} + initContainers: +{{ tuple $envAll $dependencies $mounts_airflow_scheduler_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{- if .Values.prod_environment }} + - name: airflow-shipyard-init + image: {{ .Values.images.shipyard }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.shipyard_api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/airflow-shipyard-init.sh + volumeMounts: + - name: airflow-bin + mountPath: /tmp/airflow-shipyard-init.sh + subPath: airflow-shipyard-init.sh + readOnly: true + - name: pod-shipyard-share-airflow-dags + mountPath: /tmp/airflow/dags/ + - name: pod-shipyard-share-airflow-plugins + mountPath: /tmp/airflow/plugins/ +{{- end }} + containers: + - name: airflow-scheduler + image: {{ .Values.images.airflow }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.airflow.scheduler | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: AIRFLOW_CONN_AIRFLOWS_OWN_DB + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql_airflow_db.admin }} + key: DB_CONNECTION_AIRFLOW + # Set to -1 to stop scheduler from going into crash loops + args: ["scheduler", "-n", "-1" ] + volumeMounts: + - name: airflow-etc + mountPath: {{ .Values.conf.airflow.airflow_config_file }} + subPath: airflow.cfg + readOnly: true +{{- if .Values.prod_environment }} + - name: shipyard-etc + mountPath: /usr/local/airflow/plugins/shipyard.conf + subPath: shipyard.conf + readOnly: true + - name: pod-shipyard-share-airflow-dags + mountPath: {{ .Values.conf.airflow.core.dags_folder }} + - name: pod-shipyard-share-airflow-plugins + mountPath: {{ .Values.conf.airflow.core.plugins_folder }} +{{ else }} + - name: airflow-dags + mountPath: {{ .Values.conf.airflow.core.dags_folder }} + - name: airflow-plugins + mountPath: {{ .Values.conf.airflow.core.plugins_folder }} +{{- end }} + - name: airflow-logs + mountPath: {{ .Values.conf.airflow.core.base_log_folder }} +{{ if $mounts_airflow_scheduler.volumeMounts }}{{ toYaml $mounts_airflow_scheduler.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: airflow-etc + configMap: + name: airflow-etc + defaultMode: 0444 +{{- if .Values.prod_environment }} + - name: shipyard-etc + configMap: + name: shipyard-etc + defaultMode: 0444 + - name: airflow-bin + configMap: + name: airflow-bin + defaultMode: 0555 + - name: pod-shipyard-share-airflow-dags + emptyDir: {} + - name: pod-shipyard-share-airflow-plugins + emptyDir: {} + - name: airflow-logs + emptyDir: {} +{{ else }} + - name: airflow-dags + hostPath: + path: {{ .Values.pod.mounts.dag_path }} + - name: airflow-plugins + hostPath: + path: {{ .Values.pod.mounts.plugin_path }} + - name: airflow-logs + hostPath: + path: {{ .Values.pod.mounts.log_path }} +{{- end }} +{{ if $mounts_airflow_scheduler.volumes }}{{ toYaml $mounts_airflow_scheduler.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/charts/shipyard/templates/deployment-airflow-web.yaml b/charts/shipyard/templates/deployment-airflow-web.yaml new file mode 100644 index 00000000..8bc4745c --- /dev/null +++ b/charts/shipyard/templates/deployment-airflow-web.yaml @@ -0,0 +1,131 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.manifests.deployment_airflow_web }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.airflow_server }} +{{- $mounts_airflow_web := .Values.pod.mounts.airflow_web.airflow_web }} +{{- $mounts_airflow_web_init := .Values.pod.mounts.airflow_web.init_container }} +--- +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: airflow-web +spec: + replicas: {{ .Values.pod.replicas.airflow.web }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "airflow" "web" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-bin-hash: {{ tuple "configmap-airflow-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-airflow-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + restartPolicy: Always + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.airflow.timeout | default "30" }} + initContainers: +{{ tuple $envAll $dependencies $mounts_airflow_web_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{- if .Values.prod_environment }} + - name: airflow-shipyard-init + image: {{ .Values.images.shipyard }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.shipyard_api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/airflow-shipyard-init.sh + volumeMounts: + - name: airflow-bin + mountPath: /tmp/airflow-shipyard-init.sh + subPath: airflow-shipyard-init.sh + readOnly: true + - name: pod-shipyard-share-airflow-dags + mountPath: /tmp/airflow/dags/ + - name: pod-shipyard-share-airflow-plugins + mountPath: /tmp/airflow/plugins/ +{{- end }} + containers: + - name: airflow-web + image: {{ .Values.images.airflow }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.airflow.web | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: AIRFLOW_CONN_AIRFLOWS_OWN_DB + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql_airflow_db.admin }} + key: DB_CONNECTION_AIRFLOW + ports: + - containerPort: {{ .Values.network.airflow.web.port }} + args: ["webserver"] + readinessProbe: + tcpSocket: + port: {{ .Values.network.airflow.web.port }} + volumeMounts: + - name: airflow-etc + mountPath: {{ .Values.conf.airflow.airflow_config_file }} + subPath: airflow.cfg + readOnly: true +{{- if .Values.prod_environment }} + - name: shipyard-etc + mountPath: /usr/local/airflow/plugins/shipyard.conf + subPath: shipyard.conf + readOnly: true + - name: pod-shipyard-share-airflow-dags + mountPath: {{ .Values.conf.airflow.core.dags_folder }} + - name: pod-shipyard-share-airflow-plugins + mountPath: {{ .Values.conf.airflow.core.plugins_folder }} +{{ else }} + - name: airflow-dags + mountPath: {{ .Values.conf.airflow.core.dags_folder }} + - name: airflow-plugins + mountPath: {{ .Values.conf.airflow.core.plugins_folder }} +{{- end }} + - name: airflow-logs + mountPath: {{ .Values.conf.airflow.core.base_log_folder }} +{{ if $mounts_airflow_web.volumeMounts }}{{ toYaml $mounts_airflow_web.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: airflow-etc + configMap: + name: airflow-etc + defaultMode: 0444 +{{- if .Values.prod_environment }} + - name: shipyard-etc + configMap: + name: shipyard-etc + defaultMode: 0444 + - name: airflow-bin + configMap: + name: airflow-bin + defaultMode: 0555 + - name: pod-shipyard-share-airflow-dags + emptyDir: {} + - name: pod-shipyard-share-airflow-plugins + emptyDir: {} + - name: airflow-logs + emptyDir: {} +{{ else }} + - name: airflow-dags + hostPath: + path: {{ .Values.pod.mounts.dag_path }} + - name: airflow-plugins + hostPath: + path: {{ .Values.pod.mounts.plugin_path }} + - name: airflow-logs + hostPath: + path: {{ .Values.pod.mounts.log_path }} +{{- end }} +{{ if $mounts_airflow_web.volumes }}{{ toYaml $mounts_airflow_web.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/charts/shipyard/templates/deployment-airflow-worker.yaml b/charts/shipyard/templates/deployment-airflow-worker.yaml new file mode 100644 index 00000000..a1b5bd3b --- /dev/null +++ b/charts/shipyard/templates/deployment-airflow-worker.yaml @@ -0,0 +1,145 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.manifests.deployment_airflow_worker }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.airflow_server }} +{{- $mounts_airflow_worker := .Values.pod.mounts.airflow_worker.airflow_worker }} +{{- $mounts_airflow_worker_init := .Values.pod.mounts.airflow_worker.init_container }} +--- +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: airflow-worker +spec: + replicas: {{ .Values.pod.replicas.airflow.worker }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "airflow" "worker" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-bin-hash: {{ tuple "configmap-airflow-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-airflow-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + restartPolicy: Always + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.airflow.timeout | default "30" }} + initContainers: +{{ tuple $envAll $dependencies $mounts_airflow_worker_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{- if .Values.prod_environment }} + - name: airflow-shipyard-init + image: {{ .Values.images.shipyard }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.shipyard_api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/airflow-shipyard-init.sh + volumeMounts: + - name: airflow-bin + mountPath: /tmp/airflow-shipyard-init.sh + subPath: airflow-shipyard-init.sh + readOnly: true + - name: pod-shipyard-share-airflow-dags + mountPath: /tmp/airflow/dags/ + - name: pod-shipyard-share-airflow-plugins + mountPath: /tmp/airflow/plugins/ +{{- end }} + containers: + - name: airflow-worker + image: {{ .Values.images.airflow }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.airflow.worker | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: AIRFLOW_CONN_AIRFLOWS_OWN_DB + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql_airflow_db.admin }} + key: DB_CONNECTION_AIRFLOW + ports: + - containerPort: {{ .Values.network.airflow.worker.port }} + args: ["worker"] + readinessProbe: + tcpSocket: + port: {{ .Values.network.airflow.worker.port }} + securityContext: + privileged: true + volumeMounts: + - name: airflow-etc + mountPath: {{ .Values.conf.airflow.airflow_config_file }} + subPath: airflow.cfg + readOnly: true +{{- if .Values.prod_environment }} + - name: shipyard-etc + mountPath: /usr/local/airflow/plugins/shipyard.conf + subPath: shipyard.conf + readOnly: true + - name: pod-shipyard-share-airflow-dags + mountPath: {{ .Values.conf.airflow.core.dags_folder }} + - name: pod-shipyard-share-airflow-plugins + mountPath: {{ .Values.conf.airflow.core.plugins_folder }} +{{ else }} + - name: airflow-dags + mountPath: {{ .Values.conf.airflow.core.dags_folder }} + - name: airflow-plugins + mountPath: {{ .Values.conf.airflow.core.plugins_folder }} + - name: docker + mountPath: /var/run + readOnly: false + - name: pod-var-lib-docker + mountPath: /var/lib/docker + readOnly: false +{{- end }} + - name: airflow-logs + mountPath: {{ .Values.conf.airflow.core.base_log_folder }} +{{ if $mounts_airflow_worker.volumeMounts }}{{ toYaml $mounts_airflow_worker.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: airflow-etc + configMap: + name: airflow-etc + defaultMode: 0444 +{{- if .Values.prod_environment }} + - name: shipyard-etc + configMap: + name: shipyard-etc + defaultMode: 0444 + - name: airflow-bin + configMap: + name: airflow-bin + defaultMode: 0555 + - name: pod-shipyard-share-airflow-dags + emptyDir: {} + - name: pod-shipyard-share-airflow-plugins + emptyDir: {} + - name: airflow-logs + emptyDir: {} +{{ else }} + - name: airflow-dags + hostPath: + path: {{ .Values.pod.mounts.dag_path }} + - name: airflow-plugins + hostPath: + path: {{ .Values.pod.mounts.plugin_path }} + - name: airflow-logs + hostPath: + path: {{ .Values.pod.mounts.log_path }} + - name: docker + hostPath: + path: /var/run + - name: pod-var-lib-docker + hostPath: + path: /var/lib/docker +{{- end }} +{{ if $mounts_airflow_worker.volumes }}{{ toYaml $mounts_airflow_worker.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/charts/shipyard/templates/deployment-shipyard.yaml b/charts/shipyard/templates/deployment-shipyard.yaml new file mode 100644 index 00000000..58511d07 --- /dev/null +++ b/charts/shipyard/templates/deployment-shipyard.yaml @@ -0,0 +1,76 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.manifests.deployment_shipyard }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.shipyard }} +{{- $mounts_shipyard := .Values.pod.mounts.shipyard.shipyard }} +{{- $mounts_shipyard_init := .Values.pod.mounts.shipyard.init_container }} +--- +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: shipyard +spec: + replicas: {{ .Values.pod.replicas.shipyard }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "shipyard-api" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-bin-hash: {{ tuple "configmap-shipyard-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-shipyard-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.shipyard.timeout | default "30" }} + restartPolicy: Always + initContainers: +{{ tuple $envAll $dependencies $mounts_shipyard_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: shipyard + image: {{ .Values.images.shipyard }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.shipyard_api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + ports: + - containerPort: {{ .Values.network.shipyard.port }} + readinessProbe: + tcpSocket: + port: {{ .Values.network.shipyard.port }} + volumeMounts: + - name: etc-shipyard + mountPath: /etc/shipyard + - name: shipyard-etc + mountPath: /etc/shipyard/shipyard.conf + subPath: shipyard.conf + readOnly: true + - name: shipyard-etc + subPath: api-paste.ini + mountPath: /etc/shipyard/api-paste.ini + readOnly: true + - name: shipyard-etc + subPath: policy.yaml + mountPath: /etc/shipyard/policy.yaml + readOnly: true +{{ if $mounts_shipyard.volumeMounts }}{{ toYaml $mounts_shipyard.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: etc-shipyard + emptyDir: {} + - name: shipyard-etc + configMap: + name: shipyard-etc + defaultMode: 0444 +{{ if $mounts_shipyard.volumes }}{{ toYaml $mounts_shipyard.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/charts/shipyard/templates/etc/_airflow.cfg.tpl b/charts/shipyard/templates/etc/_airflow.cfg.tpl new file mode 100644 index 00000000..784486f7 --- /dev/null +++ b/charts/shipyard/templates/etc/_airflow.cfg.tpl @@ -0,0 +1,371 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "airflow.conf.airflow_values_skeleton" .Values.conf.airflow | trunc 0 }} +{{ include "airflow.conf.airflow" .Values.conf.airflow}} + +{{- define "airflow.conf.airflow_values_skeleton" -}} + +{{- if not .core -}}{{- set . "core" dict -}}{{- end -}} +{{- if not .webserver -}}{{- set . "webserver" dict -}}{{- end -}} +{{- if not .email -}}{{- set . "email" dict -}}{{- end -}} +{{- if not .smtp -}}{{- set . "smtp" dict -}}{{- end -}} +{{- if not .celery -}}{{- set . "celery" dict -}}{{- end -}} +{{- if not .scheduler -}}{{- set . "scheduler" dict -}}{{- end -}} +{{- if not .mesos -}}{{- set . "mesos" dict -}}{{- end -}} + +{{- end -}} + +{{- define "airflow.conf.airflow" -}} + +[core] +# The home folder for airflow, is ~/airflow +{{ if not .core.airflow_home }}#{{ end }}airflow_home = {{ .core.airflow_home | default "" }} + +# The folder where your airflow pipelines live, most likely a +# subfolder in a code repository +{{ if not .core.dags_folder }}#{{ end }}dags_folder = {{ .core.dags_folder | default "" }} + +# The folder where airflow should store its log files. This location +{{ if not .core.base_log_folder }}#{{ end }}base_log_folder = {{ .core.base_log_folder | default "" }} + +# Airflow can store logs remotely in AWS S3 or Google Cloud Storage. Users +# must supply a remote location URL (starting with either 's3://...' or +# 'gs://...') and an Airflow connection id that provides access to the storage +# location. +{{ if not .core.remote_base_log_folder }}#{{ end }}remote_base_log_folder = {{ .core.remote_base_log_folder | default "" }} +{{ if not .core.remote_log_conn_id }}#{{ end }}remote_log_conn_id = {{ .core.remote_log_conn_id | default "" }} +# Use server-side encryption for logs stored in S3 +{{ if not .core.encrypt_s3_logs }}#{{ end }}encrypt_s3_logs = {{ .core.encrypt_s3_logs | default "" }} +# deprecated option for remote log storage, use remote_base_log_folder instead! +# s3_log_folder = + +# The executor class that airflow should use. Choices include +# SequentialExecutor, LocalExecutor, CeleryExecutor +{{ if not .core.executor }}#{{ end }}executor = {{ .core.executor | default "" }} + +# The SqlAlchemy connection string to the metadata database. +# SqlAlchemy supports many different database engine, more information +# their website +{{ if not .core.sql_alchemy_conn }}#{{ end }}sql_alchemy_conn = {{ .core.sql_alchemy_conn | default "" }} + +# The SqlAlchemy pool size is the maximum number of database connections +# in the pool. +{{ if not .core.sql_alchemy_pool_size }}#{{ end }}sql_alchemy_pool_size = {{ .core.sql_alchemy_pool_size | default "" }} + +# The SqlAlchemy pool recycle is the number of seconds a connection +# can be idle in the pool before it is invalidated. This config does +# not apply to sqlite. +{{ if not .core.sql_alchemy_pool_recycle }}#{{ end }}sql_alchemy_pool_recycle = {{ .core.sql_alchemy_pool_recycle | default "" }} + +# The amount of parallelism as a setting to the executor. This defines +# the max number of task instances that should run simultaneously +# on this airflow installation +{{ if not .core.parallelism }}#{{ end }}parallelism = {{ .core.parallelism | default "" }} + +# The number of task instances allowed to run concurrently by the scheduler +{{ if not .core.dag_concurrency }}#{{ end }}dag_concurrency = {{ .core.dag_concurrency | default "" }} + +# Are DAGs paused by at creation +{{ if not .core.dags_are_paused_at_creation }}#{{ end }}dags_are_paused_at_creation = {{ .core.dags_are_paused_at_creation | default "" }} + +# When not using pools, tasks are run in the pool", +# whose size is guided by this config element +{{ if not .core.non_pooled_task_slot_count }}#{{ end }}non_pooled_task_slot_count = {{ .core.non_pooled_task_slot_count | default "" }} + +# The maximum number of active DAG runs per DAG +{{ if not .core.max_active_runs_per_dag }}#{{ end }}max_active_runs_per_dag = {{ .core.max_active_runs_per_dag | default "" }} + +# Whether to load the examples that ship with Airflow. It's good to +# get started, but you probably want to set this to False in a production +# environment +{{ if not .core.load_examples }}#{{ end }}load_examples = {{ .core.load_examples | default "" }} + +# Where your Airflow plugins are stored +{{ if not .core.plugins_folder }}#{{ end }}plugins_folder = {{ .core.plugins_folder | default "" }} + +# Secret key to save connection passwords in the db +{{ if not .core.fernet_key }}#{{ end }}fernet_key = {{ .core.fernet_key | default "" }} + +# Whether to disable pickling dags +{{ if not .core.donot_pickle }}#{{ end }}donot_pickle = {{ .core.donot_pickle | default "" }} + +# How long before timing out a python file import while filling the DagBag +{{ if not .core.dagbag_import_timeout }}#{{ end }}dagbag_import_timeout = {{ .core.dagbag_import_timeout | default "" }} + +# The class to use for running task instances in a subprocess +{{ if not .core.task_runner }}#{{ end }}task_runner = {{ .core.task_runner | default "" }} + +# If set, tasks without a `run_as_user` argument will be run with this user +# Can be used to de-elevate a sudo user running Airflow when executing tasks +{{ if not .core.default_impersonation }}#{{ end }}default_impersonation = {{ .core.default_impersonation | default "" }} + +# What security module to use (for example kerberos): +{{ if not .core.security }}#{{ end }}security = {{ .core.security | default "" }} + +# Turn unit test mode on (overwrites many configuration options with test +# values at runtime) +{{ if not .core.unit_test_mode }}#{{ end }}unit_test_mode = {{ .core.unit_test_mode | default "" }} + +[cli] +# In what way should the cli access the API. The LocalClient will use the +# database directly, while the json_client will use the api running on the +# webserver +{{ if not .cli.api_client }}#{{ end }}api_client = {{ .cli.api_client | default "" }} +{{ if not .cli.endpoint_url }}#{{ end }}endpoint_url = {{ .cli.endpoint_url | default "" }} + +[api] +# How to authenticate users of the API +{{ if not .api.auth_backend }}#{{ end }}auth_backend = {{ .api.auth_backend | default "" }} + +[operators] +# The default owner assigned to each new operator, unless +# provided explicitly or passed via `default_args` +{{ if not .operators.default_owner }}#{{ end }}default_owner = {{ .operators.default_owner | default "" }} +{{ if not .operators.default_cpus }}#{{ end }}default_cpus = {{ .operators.default_cpus | default "" }} +{{ if not .operators.default_ram }}#{{ end }}default_ram = {{ .operators.default_ram | default "" }} +{{ if not .operators.default_disk }}#{{ end }}default_disk = {{ .operators.default_disk | default "" }} +{{ if not .operators.default_gpus }}#{{ end }}default_gpus = {{ .operators.default_gpus | default "" }} + +[webserver] +# The base url of your website as airflow cannot guess what domain or +# cname you are using. This is use in automated emails that +# airflow sends to point links to the right web server +{{ if not .webserver.base_url }}#{{ end }}base_url = {{ .webserver.base_url | default "" }} + +# The ip specified when starting the web server +{{ if not .webserver.web_server_host }}#{{ end }}web_server_host = {{ .webserver.web_server_host | default "" }} + +# The port on which to run the web server +{{ if not .webserver.web_server_port }}#{{ end }}web_server_port = {{ .webserver.web_server_port | default "" }} + +# Paths to the SSL certificate and key for the web server. When both are +# provided SSL will be enabled. This does not change the web server port. +{{ if not .webserver.web_server_ssl_cert }}#{{ end }}web_server_ssl_cert = {{ .webserver.web_server_ssl_cert | default "" }} +{{ if not .webserver.web_server_ssl_key }}#{{ end }}web_server_ssl_key = {{ .webserver.web_server_ssl_key | default "" }} + +# The time the gunicorn webserver waits before timing out on a worker +{{ if not .webserver.web_server_worker_timeout }}#{{ end }}web_server_worker_timeout = {{ .webserver.web_server_worker_timeout | default "" }} + +# Number of workers to refresh at a time. When set to 0, worker refresh is +# disabled. When nonzero, airflow periodically refreshes webserver workers by +# bringing up new ones and killing old ones. +{{ if not .webserver.worker_refresh_batch_size }}#{{ end }}worker_refresh_batch_size = {{ .webserver.worker_refresh_batch_size | default "" }} + +# Number of seconds to wait before refreshing a batch of workers. +{{ if not .webserver.worker_refresh_interval }}#{{ end }}worker_refresh_interval = {{ .webserver.worker_refresh_interval | default "" }} + +# Secret key used to run your flask app +{{ if not .webserver.secret_key }}#{{ end }}secret_key = {{ .webserver.secret_key | default "" }} + +# Number of workers to run the Gunicorn web server +{{ if not .webserver.workers }}#{{ end }}workers = {{ .webserver.workers | default "" }} + +# The worker class gunicorn should use. Choices include +# sync ), eventlet, gevent +{{ if not .webserver.worker_class }}#{{ end }}worker_class = {{ .webserver.worker_class | default "" }} + +# Log files for the gunicorn webserver. '-' means log to stderr. +{{ if not .webserver.access_logfile }}#{{ end }}access_logfile = {{ .webserver.access_logfile | default "" }} +{{ if not .webserver.error_logfile }}#{{ end }}error_logfile = {{ .webserver.error_logfile | default "" }} + +# Expose the configuration file in the web server +{{ if not .webserver.expose_config }}#{{ end }}expose_config = {{ .webserver.expose_config | default "" }} + +# Set to true to turn on authentication : http://pythonhosted.org/airflow/installation.html#web-authentication +{{ if not .webserver.authenticate }}#{{ end }}authenticate = {{ .webserver.authenticate | default "" }} + +# Filter the list of dags by owner name (requires authentication to be enabled) +{{ if not .webserver.filter_by_owner }}#{{ end }}filter_by_owner = {{ .webserver.filter_by_owner | default "" }} + +# Filtering mode. Choices include user ) and ldapgroup. +# Ldap group filtering requires using the ldap backend +# +# Note that the ldap server needs the "memberOf" overlay to be set up +# in order to user the ldapgroup mode. +{{ if not .webserver.owner_mode }}#{{ end }}owner_mode = {{ .webserver.owner_mode | default "" }} + +# Default DAG orientation. Valid values are: +# LR (Left->Right), TB (Top->Bottom), RL (Right->Left), BT (Bottom->Top) +{{ if not .webserver.dag_orientation }}#{{ end }}dag_orientation = {{ .webserver.dag_orientation | default "" }} + +# Puts the webserver in demonstration mode; blurs the names of Operators for +# privacy. +{{ if not .webserver.demo_mode }}#{{ end }}demo_mode = {{ .webserver.demo_mode | default "" }} + +# The amount of time (in secs) webserver will wait for initial handshake +# while fetching logs from other worker machine +{{ if not .webserver.log_fetch_timeout_sec }}#{{ end }}log_fetch_timeout_sec = {{ .webserver.log_fetch_timeout_sec | default "" }} + +# By, the webserver shows paused DAGs. Flip this to hide paused +# DAGs by +{{ if not .webserver.hide_paused_dags_by_default }}#{{ end }}hide_paused_dags_by_default = {{ .webserver.hide_paused_dags_by_default | default "" }} + +[email] +{{ if not .email.email_backend }}#{{ end }}email_backend = {{ .email.email_backend | default "" }} + +[smtp] +# If you want airflow to send emails on retries, failure, and you want to +# the airflow.utils.send_email function, you have to configure an smtp +# server here +{{ if not .smtp.smtp_host }}#{{ end }}smtp_host = {{ .smtp.smtp_host | default "" }} +{{ if not .smtp.smtp_starttls }}#{{ end }}smtp_smtp_starttls = {{ .smtp.smtp_starttls | default "" }} +smtp_ssl = {{ .smtp.smtp_ssl | default "" }} +{{ if not .smtp.smtp_user }}#{{ end }}smtp_user = {{ .smtp.smtp_user | default "" }} +{{ if not .smtp.smtp_port }}#{{ end }}smtp_port = {{ .smtp.smtp_port | default "" }} +{{ if not .smtp.smtp_password }}#{{ end }}smtp_password = {{ .smtp.smtp_password | default "" }} +{{ if not .smtp.smtp_mail_from }}#{{ end }}smtp_mail_from = {{ .smtp.smtp_mail_from | default "" }} + +[celery] +# This section only applies if you are using the CeleryExecutor in +# [core] section above + +# The app name that will be used by celery +{{ if not .celery.celery_app_name }}#{{ end }}celery_app_name = {{ .celery.celery_app_name | default "" }} + +# The concurrency that will be used when starting workers with the +# "airflow worker" command. This defines the number of task instances that +# a worker will take, so size up your workers based on the resources on +# your worker box and the nature of your tasks +{{ if not .celery.celeryd_concurrency }}#{{ end }}celeryd_concurrency = {{ .celery.celeryd_concurrency | default "" }} + +# When you start an airflow worker, airflow starts a tiny web server +# subprocess to serve the workers local log files to the airflow main +# web server, who then builds pages and sends them to users. This defines +# the port on which the logs are served. It needs to be unused, and open +# visible from the main web server to connect into the workers. +{{ if not .celery.worker_log_server_port }}#{{ end }}worker_log_server_port = {{ .celery.worker_log_server_port | default "" }} + +# The Celery broker URL. Celery supports RabbitMQ, Redis and experimentally +# a sqlalchemy database. Refer to the Celery documentation for more +# information. +{{ if not .celery.broker_url }}#{{ end }}broker_url = {{ .celery.broker_url | default "" }} + +# Another key Celery setting +{{ if not .celery.celery_result_backend }}#{{ end }}celery_result_backend = {{ .celery.celery_result_backend | default "" }} + +# Celery Flower is a sweet UI for Celery. Airflow has a shortcut to start +# it `airflow flower`. This defines the IP that Celery Flower runs on +{{ if not .celery.flower_host }}#{{ end }}flower_host = {{ .celery.flower_host | default "" }} + +# This defines the port that Celery Flower runs on +{{ if not .celery.flower_port }}#{{ end }}flower_port = {{ .celery.flower_port | default "" }} + +# Default queue that tasks get assigned to and that worker listen on. +{{ if not .celery.default_queue }}#{{ end }}default_queue = {{ .celery.default_queue | default "" }} + +[scheduler] +# Task instances listen for external kill signal (when you clear tasks +# from the CLI or the UI), this defines the frequency at which they should +# listen (in seconds). +{{ if not .scheduler.job_heartbeat_sec }}#{{ end }}job_heartbeat_sec = {{ .scheduler.job_heartbeat_sec | default "" }} + +# The scheduler constantly tries to trigger new tasks (look at the +# scheduler section in the docs for more information). This defines +# how often the scheduler should run (in seconds). +{{ if not .scheduler.scheduler_heartbeat_sec }}#{{ end }}scheduler_heartbeat_sec = {{ .scheduler.scheduler_heartbeat_sec | default "" }} + +# after how much time should the scheduler terminate in seconds +# -1 indicates to run continuously (see also num_runs) +{{ if not .scheduler.run_duration }}#{{ end }}run_duration = {{ .scheduler.run_duration | default "" }} + +# after how much time a new DAGs should be picked up from the filesystem +{{ if not .scheduler.min_file_process_interval }}#{{ end }}min_file_process_interval = {{ .scheduler.min_file_process_interval | default "" }} + +{{ if not .scheduler.dag_dir_list_interval }}#{{ end }}dag_dir_list_interval = {{ .scheduler.dag_dir_list_interval | default "" }} + +# How often should stats be printed to the logs +{{ if not .scheduler.print_stats_interval }}#{{ end }}print_stats_interval = {{ .scheduler.print_stats_interval | default "" }} + +{{ if not .scheduler.child_process_log_directory }}#{{ end }}child_process_log_directory = {{ .scheduler.child_process_log_directory | default "" }} + +# Local task jobs periodically heartbeat to the DB. If the job has +# not heartbeat in this many seconds, the scheduler will mark the +# associated task instance as failed and will re-schedule the task. +{{ if not .scheduler.scheduler_zombie_task_threshold }}#{{ end }}scheduler_zombie_task_threshold = {{ .scheduler.scheduler_zombie_task_threshold | default "" }} + +# Turn off scheduler catchup by setting this to False. +# Default behavior is unchanged and +# Command Line Backfills still work, but the scheduler +# will not do scheduler catchup if this is False, +# however it can be set on a per DAG basis in the +# DAG definition (catchup) +{{ if not .scheduler.catchup_by_default }}#{{ end }}catchup_by_default = {{ .scheduler.catchup_by_default | default "" }} + +# Statsd (https://github.com/etsy/statsd) integration settings +# statsd_on = False +# statsd_host = localhost +# statsd_port = 8125 +# statsd_prefix = airflow + +# The scheduler can run multiple threads in parallel to schedule dags. +# This defines how many threads will run. However airflow will never +# use more threads than the amount of cpu cores available. +{{ if not .scheduler.max_threads }}#{{ end }}max_threads = {{ .scheduler.max_threads | default "" }} + +{{ if not .scheduler.authenticate }}#{{ end }}authenticate = {{ .scheduler.authenticate | default "" }} + +[mesos] +# Mesos master address which MesosExecutor will connect to. +{{ if not .mesos.master }}#{{ end }}master = {{ .mesos.master | default "" }} + +# The framework name which Airflow scheduler will register itself as on mesos +{{ if not .mesos.framework_name }}#{{ end }}framework_name = {{ .mesos.framework_name | default "" }} + +# Number of cpu cores required for running one task instance using +# 'airflow run --local -p ' +# command on a mesos slave +{{ if not .mesos.task_cpu }}#{{ end }}task_cpu = {{ .mesos.task_cpu | default "" }} + +# Memory in MB required for running one task instance using +# 'airflow run --local -p ' +# command on a mesos slave +{{ if not .mesos.task_memory }}#{{ end }}task_memory = {{ .mesos.task_memory | default "" }} + +# Enable framework checkpointing for mesos +# See http://mesos.apache.org/documentation/latest/slave-recovery/ +{{ if not .mesos.checkpoint }}#{{ end }}checkpoint = {{ .mesos.checkpoint | default "" }} + +# Failover timeout in milliseconds. +# When checkpointing is enabled and this option is set, Mesos waits +# until the configured timeout for +# the MesosExecutor framework to re-register after a failover. Mesos +# shuts down running tasks if the +# MesosExecutor framework fails to re-register within this timeframe. +# failover_timeout = 604800 + +# Enable framework authentication for mesos +# See http://mesos.apache.org/documentation/latest/configuration/ +{{ if not .mesos.authenticate }}#{{ end }}authenticate = {{ .mesos.authenticate | default "" }} + +# Mesos credentials, if authentication is enabled +#_principal = admin +#_secret = admin + +[kerberos] +#ccache = /tmp/airflow_krb5_ccache +# gets augmented with fqdn +#principal = airflow +#reinit_frequency = 3600 +#kinit_path = kinit +#keytab = airflow.keytab + +[github_enterprise] +#api_rev = v3 + +[admin] +# UI to hide sensitive variable fields when set to True +{{ if not .admin.hide_sensitive_variable_fields }}#{{ end }}hide_sensitive_variable_fields = {{ .admin.hide_sensitive_variable_fields | default "" }} + +{{- end -}} diff --git a/charts/shipyard/templates/etc/_api-paste.ini.tpl b/charts/shipyard/templates/etc/_api-paste.ini.tpl new file mode 100644 index 00000000..63a535eb --- /dev/null +++ b/charts/shipyard/templates/etc/_api-paste.ini.tpl @@ -0,0 +1,25 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#PasteDeploy Configuration File +#Used to configure uWSGI middleware pipeline + +[app:shipyard-api] +paste.app_factory = shipyard_airflow.shipyard:paste_start_shipyard + +[pipeline:main] +pipeline = authtoken shipyard-api + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory diff --git a/charts/shipyard/templates/etc/_policy.yaml.tpl b/charts/shipyard/templates/etc/_policy.yaml.tpl new file mode 100644 index 00000000..f1879131 --- /dev/null +++ b/charts/shipyard/templates/etc/_policy.yaml.tpl @@ -0,0 +1,40 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Actions requiring admin authority +#"admin_required": "role:admin" + +# List workflow actions invoked by users +# GET /api/v1.0/actions +#"workflow_orchestrator:list_actions": "rule:admin_required" + +# Create a workflow action +# POST /api/v1.0/actions +#"workflow_orchestrator:create_actions": "rule:admin_required" + +# Retreive an action by its id +# GET /api/v1.0/actions/{action_id} +#"workflow_orchestrator:get_action": "rule:admin_required" + +# Retreive an action step by its id +# GET /api/v1.0/actions/{action_id}/steps/{step_id} +#"workflow_orchestrator:get_action_step": "rule:admin_required" + +# Retreive an action validation by its id +# GET /api/v1.0/actions/{action_id}/validations/{validation_id} +#"workflow_orchestrator:get_action_validation": "rule:admin_required" + +# Send a control to an action +# POST /api/v1.0/actions/{action_id}/control/{control_verb} +#"workflow_orchestrator:invoke_action_control": "rule:admin_required" diff --git a/charts/shipyard/templates/etc/_shipyard.conf.tpl b/charts/shipyard/templates/etc/_shipyard.conf.tpl new file mode 100644 index 00000000..cf50da0c --- /dev/null +++ b/charts/shipyard/templates/etc/_shipyard.conf.tpl @@ -0,0 +1,375 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "shipyard.conf.shipyard_values_skeleton" .Values.conf.shipyard | trunc 0 }} +{{ include "shipyard.conf.shipyard" .Values.conf.shipyard }} + +{{- define "shipyard.conf.shipyard_values_skeleton" -}} + +{{- if not .base -}}{{- set . "base" dict -}}{{- end -}} +{{- if not .shipyard -}}{{- set . "shipyard" dict -}}{{- end -}} +{{- if not .deckhand -}}{{- set . "deckhand" dict -}}{{- end -}} +{{- if not .armada -}}{{- set . "armada" dict -}}{{- end -}} +{{- if not .drydock -}}{{- set . "drydock" dict -}}{{- end -}} +{{- if not .healthcheck -}}{{- set . "healthcheck" dict -}}{{- end -}} +{{- if not .keystone_authtoken -}}{{- set . "keystone_authtoken" dict -}}{{- end -}} +{{- if not .keystone_authtoken.keystonemiddleware -}}{{- set .keystone_authtoken "keystonemiddleware" dict -}}{{- end -}} +{{- if not .keystone_authtoken.keystonemiddleware.auth_token -}}{{- set .keystone_authtoken.keystonemiddleware "auth_token" dict -}}{{- end -}} +{{- if not .keystone_authtoken.shipyard_orchestrator -}}{{- set .keystone_authtoken "shipyard_orchestrator" dict -}}{{- end -}} +{{- if not .oslo_policy -}}{{- set . "oslo_policy" dict -}}{{- end -}} +{{- if not .oslo_policy.oslo -}}{{- set .oslo_policy "oslo" dict -}}{{- end -}} +{{- if not .oslo_policy.oslo.policy -}}{{- set .oslo_policy.oslo "policy" dict -}}{{- end -}} +{{- if not .logging -}}{{- set . "logging" dict -}}{{- end -}} + +{{- end -}} + +{{- define "shipyard.conf.shipyard" -}} + +[base] +{{ if not .base.web_server }}#{{ end }}web_server = {{ .base.web_server | default "" }} +{{ if not .base.postgresql_db }}#{{ end }}postgresql_db = {{ .base.postgresql_db | default "" }} +{{ if not .base.postgresql_airflow_db }}#{{ end }}postgresql_airflow_db = {{ .base.postgresql_airflow_db | default "" }} + +[shipyard] +{{ if not .shipyard.service_type }}#{{ end }}service_type = {{ .shipyard.service_type | default "shipyard" }} + +[deckhand] +{{ if not .deckhand.service_type }}#{{ end }}service_type = {{ .deckhand.service_type | default "deckhand" }} + +[armada] +{{ if not .armada.service_type }}#{{ end }}service_type = {{ .armada.service_type | default "armada" }} + +[drydock] +{{ if not .drydock.service_type }}#{{ end }}service_type = {{ .drydock.service_type | default "drydock" }} + +[healthcheck] +{{ if not .healthcheck.schema }}#{{ end }}schema = {{ .healthcheck.schema | default "" }} +{{ if not .healthcheck.endpoint }}#{{ end }}endpoint = {{ .healthcheck.endpoint | default "" }} + +[keystone_authtoken] + +# +# From keystonemiddleware.auth_token +# + +# Complete "public" Identity API endpoint. This endpoint should not be an +# "admin" endpoint, as it should be accessible by all end users. Unauthenticated +# clients are redirected to this endpoint to authenticate. Although this +# endpoint should ideally be unversioned, client support in the wild varies. +# If you're using a versioned v2 endpoint here, then this should *not* be the +# same endpoint the service user utilizes for validating tokens, because normal +# end users may not be able to reach that endpoint. (string value) +# from .keystone_authtoken.keystonemiddleware.auth_token.auth_uri +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.auth_uri }}#{{ end }}auth_uri = {{ .keystone_authtoken.keystonemiddleware.auth_token.auth_uri | default "" }} + +# API version of the admin Identity API endpoint. (string value) +# from .keystone_authtoken.keystonemiddleware.auth_token.auth_version +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.auth_version }}#{{ end }}auth_version = {{ .keystone_authtoken.keystonemiddleware.auth_token.auth_version | default "" }} + +# Do not handle authorization requests within the middleware, but delegate the +# authorization decision to downstream WSGI components. (boolean value) +# from .keystone_authtoken.keystonemiddleware.auth_token.delay_auth_decision +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.delay_auth_decision }}#{{ end }}delay_auth_decision = {{ .keystone_authtoken.keystonemiddleware.auth_token.delay_auth_decision | default "false" }} + +# Request timeout value for communicating with Identity API server. (integer +# value) +# from .keystone_authtoken.keystonemiddleware.auth_token.http_connect_timeout +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.http_connect_timeout }}#{{ end }}http_connect_timeout = {{ .keystone_authtoken.keystonemiddleware.auth_token.http_connect_timeout | default "" }} + +# How many times are we trying to reconnect when communicating with Identity API +# Server. (integer value) +# from .keystone_authtoken.keystonemiddleware.auth_token.http_request_max_retries +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.http_request_max_retries }}#{{ end }}http_request_max_retries = {{ .keystone_authtoken.keystonemiddleware.auth_token.http_request_max_retries | default "3" }} + +# Request environment key where the Swift cache object is stored. When +# auth_token middleware is deployed with a Swift cache, use this option to have +# the middleware share a caching backend with swift. Otherwise, use the +# ``memcached_servers`` option instead. (string value) +# from .keystone_authtoken.keystonemiddleware.auth_token.cache +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.cache }}#{{ end }}cache = {{ .keystone_authtoken.keystonemiddleware.auth_token.cache | default "" }} + +# Required if identity server requires client certificate (string value) +# from .keystone_authtoken.keystonemiddleware.auth_token.certfile +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.certfile }}#{{ end }}certfile = {{ .keystone_authtoken.keystonemiddleware.auth_token.certfile | default "" }} + +# Required if identity server requires client certificate (string value) +# from .keystone_authtoken.keystonemiddleware.auth_token.keyfile +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.keyfile }}#{{ end }}keyfile = {{ .keystone_authtoken.keystonemiddleware.auth_token.keyfile | default "" }} + +# A PEM encoded Certificate Authority to use when verifying HTTPs connections. +# Defaults to system CAs. (string value) +# from .keystone_authtoken.keystonemiddleware.auth_token.cafile +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.cafile }}#{{ end }}cafile = {{ .keystone_authtoken.keystonemiddleware.auth_token.cafile | default "" }} + +# Verify HTTPS connections. (boolean value) +# from .keystone_authtoken.keystonemiddleware.auth_token.insecure +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.insecure }}#{{ end }}insecure = {{ .keystone_authtoken.keystonemiddleware.auth_token.insecure | default "false" }} + +# The region in which the identity server can be found. (string value) +# from .keystone_authtoken.keystonemiddleware.auth_token.region_name +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.region_name }}#{{ end }}region_name = {{ .keystone_authtoken.keystonemiddleware.auth_token.region_name | default "" }} + +# DEPRECATED: Directory used to cache files related to PKI tokens. This option +# has been deprecated in the Ocata release and will be removed in the P +# release. (string value) +# This option is deprecated for removal since Ocata. +# Its value may be silently ignored in the future. +# Reason: PKI token format is no longer supported. +# from .keystone_authtoken.keystonemiddleware.auth_token.signing_dir +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.signing_dir }}#{{ end }}signing_dir = {{ .keystone_authtoken.keystonemiddleware.auth_token.signing_dir | default "" }} + +# Optionally specify a list of memcached server(s) to use for caching. If left +# undefined, tokens will instead be cached in-process. (list value) +# Deprecated group/name - [keystone_authtoken]/memcache_servers +# from .keystone_authtoken.keystonemiddleware.auth_token.memcached_servers +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcached_servers }}#{{ end }}memcached_servers = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcached_servers | default "" }} + +# In order to prevent excessive effort spent validating tokens, the middleware +# caches previously-seen tokens for a configurable duration (in seconds). Set to +# -1 to disable caching completely. (integer value) +# from .keystone_authtoken.keystonemiddleware.auth_token.token_cache_time +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.token_cache_time }}#{{ end }}token_cache_time = {{ .keystone_authtoken.keystonemiddleware.auth_token.token_cache_time | default "300" }} + +# DEPRECATED: Determines the frequency at which the list of revoked tokens is +# retrieved from the Identity service (in seconds). A high number of revocation +# events combined with a low cache duration may significantly reduce +# performance. Only valid for PKI tokens. This option has been deprecated in +# the Ocata release and will be removed in the P release. (integer value) +# This option is deprecated for removal since Ocata. +# Its value may be silently ignored in the future. +# Reason: PKI token format is no longer supported. +# from .keystone_authtoken.keystonemiddleware.auth_token.revocation_cache_time +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.revocation_cache_time }}#{{ end }}revocation_cache_time = {{ .keystone_authtoken.keystonemiddleware.auth_token.revocation_cache_time | default "10" }} + +# (Optional) If defined, indicate whether token data should be authenticated or +# authenticated and encrypted. If MAC, token data is authenticated (with HMAC) +# in the cache. If ENCRYPT, token data is encrypted and authenticated in the +# cache. If the value is not one of these options or empty, auth_token will +# raise an exception on initialization. (string value) +# Allowed values: None, MAC, ENCRYPT +# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_security_strategy +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_security_strategy }}#{{ end }}memcache_security_strategy = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_security_strategy | default "None" }} + +# (Optional, mandatory if memcache_security_strategy is defined) This string is +# used for key derivation. (string value) +# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_secret_key +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_secret_key }}#{{ end }}memcache_secret_key = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_secret_key | default "" }} + +# (Optional) Number of seconds memcached server is considered dead before it is +# tried again. (integer value) +# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_dead_retry +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_dead_retry }}#{{ end }}memcache_pool_dead_retry = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_dead_retry | default "300" }} + +# (Optional) Maximum total number of open connections to every memcached server. +# (integer value) +# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_maxsize +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_maxsize }}#{{ end }}memcache_pool_maxsize = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_maxsize | default "10" }} + +# (Optional) Socket timeout in seconds for communicating with a memcached +# server. (integer value) +# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_socket_timeout +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_socket_timeout }}#{{ end }}memcache_pool_socket_timeout = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_socket_timeout | default "3" }} + +# (Optional) Number of seconds a connection to memcached is held unused in the +# pool before it is closed. (integer value) +# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_unused_timeout +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_unused_timeout }}#{{ end }}memcache_pool_unused_timeout = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_unused_timeout | default "60" }} + +# (Optional) Number of seconds that an operation will wait to get a memcached +# client connection from the pool. (integer value) +# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_conn_get_timeout +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_conn_get_timeout }}#{{ end }}memcache_pool_conn_get_timeout = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_conn_get_timeout | default "10" }} + +# (Optional) Use the advanced (eventlet safe) memcached client pool. The +# advanced pool will only work under python 2.x. (boolean value) +# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_use_advanced_pool +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_use_advanced_pool }}#{{ end }}memcache_use_advanced_pool = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_use_advanced_pool | default "false" }} + +# (Optional) Indicate whether to set the X-Service-Catalog header. If False, +# middleware will not ask for service catalog on token validation and will not +# set the X-Service-Catalog header. (boolean value) +# from .keystone_authtoken.keystonemiddleware.auth_token.include_service_catalog +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.include_service_catalog }}#{{ end }}include_service_catalog = {{ .keystone_authtoken.keystonemiddleware.auth_token.include_service_catalog | default "true" }} + +# Used to control the use and type of token binding. Can be set to: "disabled" +# to not check token binding. "permissive" (default) to validate binding +# information if the bind type is of a form known to the server and ignore it if +# not. "strict" like "permissive" but if the bind type is unknown the token will +# be rejected. "required" any form of token binding is needed to be allowed. +# Finally the name of a binding method that must be present in tokens. (string +# value) +# from .keystone_authtoken.keystonemiddleware.auth_token.enforce_token_bind +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.enforce_token_bind }}#{{ end }}enforce_token_bind = {{ .keystone_authtoken.keystonemiddleware.auth_token.enforce_token_bind | default "permissive" }} + +# DEPRECATED: If true, the revocation list will be checked for cached tokens. +# This requires that PKI tokens are configured on the identity server. (boolean +# value) +# This option is deprecated for removal since Ocata. +# Its value may be silently ignored in the future. +# Reason: PKI token format is no longer supported. +# from .keystone_authtoken.keystonemiddleware.auth_token.check_revocations_for_cached +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.check_revocations_for_cached }}#{{ end }}check_revocations_for_cached = {{ .keystone_authtoken.keystonemiddleware.auth_token.check_revocations_for_cached | default "false" }} + +# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a +# single algorithm or multiple. The algorithms are those supported by Python +# standard hashlib.new(). The hashes will be tried in the order given, so put +# the preferred one first for performance. The result of the first hash will be +# stored in the cache. This will typically be set to multiple values only while +# migrating from a less secure algorithm to a more secure one. Once all the old +# tokens are expired this option should be set to a single value for better +# performance. (list value) +# This option is deprecated for removal since Ocata. +# Its value may be silently ignored in the future. +# Reason: PKI token format is no longer supported. +# from .keystone_authtoken.keystonemiddleware.auth_token.hash_algorithms +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.hash_algorithms }}#{{ end }}hash_algorithms = {{ .keystone_authtoken.keystonemiddleware.auth_token.hash_algorithms | default "md5" }} + +# A choice of roles that must be present in a service token. Service tokens are +# allowed to request that an expired token can be used and so this check should +# tightly control that only actual services should be sending this token. Roles +# here are applied as an ANY check so any role in this list must be present. +# For backwards compatibility reasons this currently only affects the +# allow_expired check. (list value) +# from .keystone_authtoken.keystonemiddleware.auth_token.service_token_roles +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.service_token_roles }}#{{ end }}service_token_roles = {{ .keystone_authtoken.keystonemiddleware.auth_token.service_token_roles | default "service" }} + +# For backwards compatibility reasons we must let valid service tokens pass +# that don't pass the service_token_roles check as valid. Setting this true +# will become the default in a future release and should be enabled if +# possible. (boolean value) +# from .keystone_authtoken.keystonemiddleware.auth_token.service_token_roles_required +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.service_token_roles_required }}#{{ end }}service_token_roles_required = {{ .keystone_authtoken.keystonemiddleware.auth_token.service_token_roles_required | default "false" }} + +# Authentication type to load (string value) +# Deprecated group/name - [keystone_authtoken]/auth_plugin +# from .keystone_authtoken.keystonemiddleware.auth_token.auth_type +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.auth_type }}#{{ end }}auth_type = {{ .keystone_authtoken.keystonemiddleware.auth_token.auth_type | default "" }} + +# Config Section from which to load plugin specific options (string value) +# from .keystone_authtoken.keystonemiddleware.auth_token.auth_section +{{ if not .keystone_authtoken.keystonemiddleware.auth_token.auth_section }}#{{ end }}auth_section = {{ .keystone_authtoken.keystonemiddleware.auth_token.auth_section | default "" }} + + + +# +# From shipyard_orchestrator +# + +# Authentication URL (string value) +# from .keystone_authtoken.shipyard_orchestrator.auth_url +{{ if not .keystone_authtoken.shipyard_orchestrator.auth_url }}#{{ end }}auth_url = {{ .keystone_authtoken.shipyard_orchestrator.auth_url | default "" }} + +# Domain ID to scope to (string value) +# from .keystone_authtoken.shipyard_orchestrator.domain_id +{{ if not .keystone_authtoken.shipyard_orchestrator.domain_id }}#{{ end }}domain_id = {{ .keystone_authtoken.shipyard_orchestrator.domain_id | default "" }} + +# Domain name to scope to (string value) +# from .keystone_authtoken.shipyard_orchestrator.domain_name +{{ if not .keystone_authtoken.shipyard_orchestrator.domain_name }}#{{ end }}domain_name = {{ .keystone_authtoken.shipyard_orchestrator.domain_name | default "" }} + +# Project ID to scope to (string value) +# Deprecated group/name - [keystone_authtoken]/tenant-id +# from .keystone_authtoken.shipyard_orchestrator.project_id +{{ if not .keystone_authtoken.shipyard_orchestrator.project_id }}#{{ end }}project_id = {{ .keystone_authtoken.shipyard_orchestrator.project_id | default "" }} + +# Project name to scope to (string value) +# Deprecated group/name - [keystone_authtoken]/tenant-name +# from .keystone_authtoken.shipyard_orchestrator.project_name +{{ if not .keystone_authtoken.shipyard_orchestrator.project_name }}#{{ end }}project_name = {{ .keystone_authtoken.shipyard_orchestrator.project_name | default "" }} + +# Domain ID containing project (string value) +# from .keystone_authtoken.shipyard_orchestrator.project_domain_id +{{ if not .keystone_authtoken.shipyard_orchestrator.project_domain_id }}#{{ end }}project_domain_id = {{ .keystone_authtoken.shipyard_orchestrator.project_domain_id | default "" }} + +# Domain name containing project (string value) +# from .keystone_authtoken.shipyard_orchestrator.project_domain_name +{{ if not .keystone_authtoken.shipyard_orchestrator.project_domain_name }}#{{ end }}project_domain_name = {{ .keystone_authtoken.shipyard_orchestrator.project_domain_name | default "" }} + +# Trust ID (string value) +# from .keystone_authtoken.shipyard_orchestrator.trust_id +{{ if not .keystone_authtoken.shipyard_orchestrator.trust_id }}#{{ end }}trust_id = {{ .keystone_authtoken.shipyard_orchestrator.trust_id | default "" }} + +# Optional domain ID to use with v3 and v2 parameters. It will be used for both +# the user and project domain in v3 and ignored in v2 authentication. (string +# value) +# from .keystone_authtoken.shipyard_orchestrator.default_domain_id +{{ if not .keystone_authtoken.shipyard_orchestrator.default_domain_id }}#{{ end }}default_domain_id = {{ .keystone_authtoken.shipyard_orchestrator.default_domain_id | default "" }} + +# Optional domain name to use with v3 API and v2 parameters. It will be used for +# both the user and project domain in v3 and ignored in v2 authentication. +# (string value) +# from .keystone_authtoken.shipyard_orchestrator.default_domain_name +{{ if not .keystone_authtoken.shipyard_orchestrator.default_domain_name }}#{{ end }}default_domain_name = {{ .keystone_authtoken.shipyard_orchestrator.default_domain_name | default "" }} + +# User id (string value) +# from .keystone_authtoken.shipyard_orchestrator.user_id +{{ if not .keystone_authtoken.shipyard_orchestrator.user_id }}#{{ end }}user_id = {{ .keystone_authtoken.shipyard_orchestrator.user_id | default "" }} + +# Username (string value) +# Deprecated group/name - [keystone_authtoken]/user-name +# from .keystone_authtoken.shipyard_orchestrator.username +{{ if not .keystone_authtoken.shipyard_orchestrator.username }}#{{ end }}username = {{ .keystone_authtoken.shipyard_orchestrator.username | default "" }} + +# User's domain id (string value) +# from .keystone_authtoken.shipyard_orchestrator.user_domain_id +{{ if not .keystone_authtoken.shipyard_orchestrator.user_domain_id }}#{{ end }}user_domain_id = {{ .keystone_authtoken.shipyard_orchestrator.user_domain_id | default "" }} + +# User's domain name (string value) +# from .keystone_authtoken.shipyard_orchestrator.user_domain_name +{{ if not .keystone_authtoken.shipyard_orchestrator.user_domain_name }}#{{ end }}user_domain_name = {{ .keystone_authtoken.shipyard_orchestrator.user_domain_name | default "" }} + +# User's password (string value) +# from .keystone_authtoken.shipyard_orchestrator.password +{{ if not .keystone_authtoken.shipyard_orchestrator.password }}#{{ end }}password = {{ .keystone_authtoken.shipyard_orchestrator.password | default "" }} + + +[oslo_policy] + +# +# From oslo.policy +# + +# The file that defines policies. (string value) +# Deprecated group/name - [DEFAULT]/policy_file +# from .oslo_policy.oslo.policy.policy_file +{{ if not .oslo_policy.oslo.policy.policy_file }}#{{ end }}policy_file = {{ .oslo_policy.oslo.policy.policy_file | default "policy.json" }} + +# Default rule. Enforced when a requested rule is not found. (string value) +# Deprecated group/name - [DEFAULT]/policy_default_rule +# from .oslo_policy.oslo.policy.policy_default_rule +{{ if not .oslo_policy.oslo.policy.policy_default_rule }}#{{ end }}policy_default_rule = {{ .oslo_policy.oslo.policy.policy_default_rule | default "default" }} + +# Directories where policy configuration files are stored. They can be relative +# to any directory in the search path defined by the config_dir option, or +# absolute paths. The file defined by policy_file must exist for these +# directories to be searched. Missing or empty directories are ignored. (multi +# valued) +# Deprecated group/name - [DEFAULT]/policy_dirs +# from .oslo_policy.oslo.policy.policy_dirs (multiopt) +{{ if not .oslo_policy.oslo.policy.policy_dirs }}#policy_dirs = {{ .oslo_policy.oslo.policy.policy_dirs | default "policy.d" }}{{ else }}{{ range .oslo_policy.oslo.policy.policy_dirs }}policy_dirs = {{ . }} +{{ end }}{{ end }} + + + +[logging] + +# +# From shipyard_airflow +# +# The default logging level for the root logger. ERROR=40, WARNING=30, INFO=20, +# DEBUG=10 (integer value) +{{ if not .logging.log_level }}#{{ end }}log_level = {{ .logging.log_level | default "10" }} + +{{- end -}} + diff --git a/charts/shipyard/templates/ingress-airflow-api.yaml b/charts/shipyard/templates/ingress-airflow-api.yaml new file mode 100644 index 00000000..3822cce2 --- /dev/null +++ b/charts/shipyard/templates/ingress-airflow-api.yaml @@ -0,0 +1,47 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.ingress_airflow_api }} +{{- $envAll := . }} +{{- if .Values.network.airflow.ingress.public }} +{{- $backendServiceType := "airflow_web" }} +{{- $backendPort := "http" }} +{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} +{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $ingressName }} + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / +spec: + rules: +{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }} + - host: {{ $vHost }} + http: + paths: + - path: / + backend: + serviceName: {{ $backendName }} + servicePort: {{ $backendPort }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/shipyard/templates/ingress-shipyard-api.yaml b/charts/shipyard/templates/ingress-shipyard-api.yaml new file mode 100644 index 00000000..d1f10bbd --- /dev/null +++ b/charts/shipyard/templates/ingress-shipyard-api.yaml @@ -0,0 +1,47 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.ingress_shipyard_api }} +{{- $envAll := . }} +{{- if .Values.network.shipyard.ingress.public }} +{{- $backendServiceType := "shipyard" }} +{{- $backendPort := "http" }} +{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} +{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $ingressName }} + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / +spec: + rules: +{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }} + - host: {{ $vHost }} + http: + paths: + - path: / + backend: + serviceName: {{ $backendName }} + servicePort: {{ $backendPort }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/shipyard/templates/job-airflow-db-init.yaml b/charts/shipyard/templates/job-airflow-db-init.yaml new file mode 100644 index 00000000..844b36e0 --- /dev/null +++ b/charts/shipyard/templates/job-airflow-db-init.yaml @@ -0,0 +1,81 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_airflow_db_init }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.airflow_db_init }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: airflow-db-init +spec: + template: + metadata: + labels: +{{ tuple $envAll "airflow" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: airflow-db-init + image: {{ .Values.images.airflow_db_init | quote }} + imagePullPolicy: {{ .Values.images.pull_policy | quote }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.airflow_db_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: DB_CONNECTION + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql_airflow_db.admin }} + key: DB_CONNECTION_AIRFLOW + - name: AIRFLOW_CONFIG_FILE + value: /etc/airflow/airflow.cfg + - name: DB_NAME + value: {{ .Values.database.postgresql_airflow.db_name }} + - name: DB_USER + value: {{ .Values.endpoints.postgresql_airflow_db.auth.user.username }} + - name: DB_PASS + value: {{ .Values.endpoints.postgresql_airflow_db.auth.user.password }} + - name: ROOT_DB_USER + value: {{ .Values.database.postgresql_airflow.db_root_user }} + command: + - /tmp/airflow-db-init.sh + volumeMounts: + - name: airflow-bin + mountPath: /tmp/airflow-db-init.sh + subPath: airflow-db-init.sh + readOnly: true + - name: etc-airflow + mountPath: /etc/airflow + - name: airflow-etc + mountPath: /etc/airflow/airflow.cfg + subPath: airflow.cfg + readOnly: true + volumes: + - name: etc-airflow + emptyDir: {} + - name: airflow-etc + configMap: + name: airflow-etc + defaultMode: 0444 + - name: airflow-bin + configMap: + name: airflow-bin + defaultMode: 0555 +{{- end }} diff --git a/charts/shipyard/templates/job-airflow-db-sync.yaml b/charts/shipyard/templates/job-airflow-db-sync.yaml new file mode 100644 index 00000000..855ceb95 --- /dev/null +++ b/charts/shipyard/templates/job-airflow-db-sync.yaml @@ -0,0 +1,61 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_airflow_db_sync }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.airflow_db_sync }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: airflow-db-sync +spec: + template: + metadata: + labels: +{{ tuple $envAll "airflow" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: airflow-db-sync + image: {{ .Values.images.airflow_db_sync }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.airflow_db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/airflow-db-sync.sh + volumeMounts: + - name: airflow-bin + mountPath: /tmp/airflow-db-sync.sh + subPath: airflow-db-sync.sh + readOnly: true + - name: airflow-etc + mountPath: /usr/local/airflow/airflow.cfg + subPath: airflow.cfg + readOnly: true + volumes: + - name: airflow-etc + configMap: + name: airflow-etc + defaultMode: 0444 + - name: airflow-bin + configMap: + name: airflow-bin + defaultMode: 0555 +{{- end }} diff --git a/charts/shipyard/templates/job-ks-endpoints.yaml b/charts/shipyard/templates/job-ks-endpoints.yaml new file mode 100644 index 00000000..f1a9b57c --- /dev/null +++ b/charts/shipyard/templates/job-ks-endpoints.yaml @@ -0,0 +1,65 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.manifests.job_ks_endpoints }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.ks_endpoints }} + +apiVersion: batch/v1 +kind: Job +metadata: + name: shipyard-ks-endpoints +spec: + template: + metadata: + labels: +{{ tuple $envAll "shipyard" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +{{- range $key1, $osServiceType := tuple "shipyard" }} +{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} + - name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }} + image: {{ $envAll.Values.images.ks_endpoints }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-endpoints.sh + volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: OS_SVC_ENDPOINT + value: {{ $osServiceEndPoint }} + - name: OS_SERVICE_NAME + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType }} + - name: OS_SERVICE_ENDPOINT + value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} +{{- end }} +{{- end }} + volumes: + - name: ks-endpoints-sh + configMap: + name: shipyard-bin + defaultMode: 0555 +{{- end -}} diff --git a/charts/shipyard/templates/job-ks-service.yaml b/charts/shipyard/templates/job-ks-service.yaml new file mode 100644 index 00000000..ea395ff9 --- /dev/null +++ b/charts/shipyard/templates/job-ks-service.yaml @@ -0,0 +1,60 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.manifests.job_ks_service -}} + +{{- $envAll := . }} +{{- $ksAdminSecret := .Values.secrets.identity.admin }} +{{- $dependencies := .Values.dependencies.ks_service }} + +apiVersion: batch/v1 +kind: Job +metadata: + name: shipyard-ks-service +spec: + template: + metadata: + labels: +{{ tuple $envAll "shipyard" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +{{- range $key1, $osServiceType := tuple "shipyard" }} + - name: {{ $osServiceType }}-ks-service-registration + image: {{ $envAll.Values.images.ks_service }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} + command: + - /tmp/ks-service.sh + volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: OS_SERVICE_NAME + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType }} +{{- end }} + volumes: + - name: ks-service-sh + configMap: + name: shipyard-bin + defaultMode: 0555 +{{- end -}} diff --git a/charts/shipyard/templates/job-ks-user.yaml b/charts/shipyard/templates/job-ks-user.yaml new file mode 100644 index 00000000..203505b2 --- /dev/null +++ b/charts/shipyard/templates/job-ks-user.yaml @@ -0,0 +1,61 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.manifests.job_ks_user }} + +{{- $ksAdminSecret := .Values.secrets.identity.admin }} +{{- $ksUserSecret := .Values.secrets.identity.user }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.ks_user }} +apiVersion: batch/v1 +kind: Job +metadata: + name: shipyard-ks-user +spec: + template: + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: shipyard-ks-user + image: {{ .Values.images.ks_user }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_SERVICE_NAME + value: {{ $envAll.Values.endpoints.shipyard.name | quote }} + - name: SERVICE_OS_DOMAIN_NAME + value: {{ $envAll.Values.endpoints.identity.auth.user.project_domain_name | quote }} +{{- with $env := dict "ksUserSecret" $ksUserSecret }} +{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_ROLE + value: {{ $envAll.Values.endpoints.identity.auth.user.role | quote }} + volumes: + - name: ks-user-sh + configMap: + name: shipyard-bin + defaultMode: 0555 +{{- end -}} diff --git a/charts/shipyard/templates/job-shipyard-db-init.yaml b/charts/shipyard/templates/job-shipyard-db-init.yaml new file mode 100644 index 00000000..7b6ed82e --- /dev/null +++ b/charts/shipyard/templates/job-shipyard-db-init.yaml @@ -0,0 +1,83 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_shipyard_db_init }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.shipyard_db_init }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: shipyard-db-init +spec: + template: + metadata: + labels: +{{ tuple $envAll "shipyard" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: shipyard-db-init + image: {{ .Values.images.shipyard_db_init | quote }} + imagePullPolicy: {{ .Values.images.pull_policy | quote }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.shipyard_db_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql_shipyard_db.admin }} + key: DB_CONNECTION_SHIPYARD + - name: SHIPYARD_CONFIG_FILE + value: /etc/shipyard/shipyard.conf + - name: DB_NAME + value: {{ .Values.database.postgresql_shipyard.db_name }} + - name: DB_USER + value: {{ .Values.endpoints.postgresql_shipyard_db.auth.user.username }} + - name: DB_PASS + value: {{ .Values.endpoints.postgresql_shipyard_db.auth.user.password }} + - name: ROOT_DB_USER + value: {{ .Values.database.postgresql_shipyard.db_root_user }} + - name: AIRFLOW_DB_USER + value: {{ .Values.endpoints.postgresql_airflow_db.auth.user.username }} + command: + - /tmp/shipyard-db-init.sh + volumeMounts: + - name: shipyard-bin + mountPath: /tmp/shipyard-db-init.sh + subPath: shipyard-db-init.sh + readOnly: true + - name: etc-shipyard + mountPath: /etc/shipyard + - name: shipyard-etc + mountPath: /etc/shipyard/shipyard.conf + subPath: shipyard.conf + readOnly: true + volumes: + - name: etc-shipyard + emptyDir: {} + - name: shipyard-etc + configMap: + name: shipyard-etc + defaultMode: 0444 + - name: shipyard-bin + configMap: + name: shipyard-bin + defaultMode: 0555 +{{- end }} diff --git a/charts/shipyard/templates/job-shipyard-db-sync.yaml b/charts/shipyard/templates/job-shipyard-db-sync.yaml new file mode 100644 index 00000000..39e56213 --- /dev/null +++ b/charts/shipyard/templates/job-shipyard-db-sync.yaml @@ -0,0 +1,79 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_shipyard_db_sync }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.shipyard_db_sync }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: shipyard-db-sync +spec: + template: + metadata: + labels: +{{ tuple $envAll "shipyard" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: shipyard-db-sync + image: {{ .Values.images.shipyard_db_sync }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.shipyard_db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql_shipyard_db.admin }} + key: DB_CONNECTION_SHIPYARD + - name: SHIPYARD_CONFIG_FILE + value: /etc/shipyard/shipyard.conf + - name: DB_NAME + value: {{ .Values.database.postgresql_shipyard.db_name }} + - name: DB_USER + value: {{ .Values.endpoints.postgresql_shipyard_db.auth.user.username }} + - name: DB_PASS + value: {{ .Values.endpoints.postgresql_shipyard_db.auth.user.password }} + command: + - /tmp/shipyard-db-sync.sh + volumeMounts: + - name: shipyard-bin + mountPath: /tmp/shipyard-db-sync.sh + subPath: shipyard-db-sync.sh + readOnly: true + - name: etc-shipyard + mountPath: /etc/shipyard + - name: shipyard-etc + mountPath: /etc/shipyard/shipyard.conf + subPath: shipyard.conf + readOnly: true + volumes: + - name: etc-shipyard + emptyDir: {} + - name: shipyard-etc + configMap: + name: shipyard-etc + defaultMode: 0444 + - name: shipyard-bin + configMap: + name: shipyard-bin + defaultMode: 0555 +{{- end }} diff --git a/charts/shipyard/templates/secret-airflow-db.yaml b/charts/shipyard/templates/secret-airflow-db.yaml new file mode 100644 index 00000000..b26212fd --- /dev/null +++ b/charts/shipyard/templates/secret-airflow-db.yaml @@ -0,0 +1,30 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_airflow_db }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "user" }} +{{- $secretName := index $envAll.Values.secrets.postgresql_airflow_db $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + DB_CONNECTION_AIRFLOW: {{ tuple "postgresql_airflow_db" "internal" $userClass "postgresql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} +{{- end }} +{{- end }} diff --git a/charts/shipyard/templates/secret-keystone-env.yaml b/charts/shipyard/templates/secret-keystone-env.yaml new file mode 100644 index 00000000..94ea6e74 --- /dev/null +++ b/charts/shipyard/templates/secret-keystone-env.yaml @@ -0,0 +1,28 @@ +{{/* +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if .Values.manifests.secret_keystone }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "user" }} +{{- $secretName := index $envAll.Values.secrets.identity $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: +{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 }} +... +{{- end }} +{{- end }} diff --git a/charts/shipyard/templates/secret-shipyard-db.yaml b/charts/shipyard/templates/secret-shipyard-db.yaml new file mode 100644 index 00000000..0ddc6ef5 --- /dev/null +++ b/charts/shipyard/templates/secret-shipyard-db.yaml @@ -0,0 +1,30 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_shipyard_db }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "user" }} +{{- $secretName := index $envAll.Values.secrets.postgresql_shipyard_db $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + DB_CONNECTION_SHIPYARD: {{ tuple "postgresql_shipyard_db" "internal" $userClass "postgresql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} +{{- end }} +{{- end }} diff --git a/charts/shipyard/templates/service-airflow-flower.yaml b/charts/shipyard/templates/service-airflow-flower.yaml new file mode 100644 index 00000000..a04386d4 --- /dev/null +++ b/charts/shipyard/templates/service-airflow-flower.yaml @@ -0,0 +1,43 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_airflow_flower }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "airflow_flower" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + {{ if .Values.network.airflow.flower.enable_node_port }} + - name: http + nodePort: {{ .Values.network.airflow.flower.node_port }} + port: {{ .Values.network.airflow.flower.port }} + protocol: TCP + targetPort: {{ .Values.network.airflow.flower.port }} + {{ else }} + - name: http + port: {{ .Values.network.airflow.flower.port }} + protocol: TCP + targetPort: {{ .Values.network.airflow.flower.port }} + {{ end }} + selector: +{{ tuple $envAll "airflow" "flower" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.airflow.flower.enable_node_port }} + type: NodePort + {{ end }} +{{- end }} diff --git a/charts/shipyard/templates/service-airflow-ingress.yaml b/charts/shipyard/templates/service-airflow-ingress.yaml new file mode 100644 index 00000000..2d293e6d --- /dev/null +++ b/charts/shipyard/templates/service-airflow-ingress.yaml @@ -0,0 +1,32 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_airflow_ingress }} +{{- $envAll := . }} +{{- if .Values.network.airflow.ingress.public }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "airflow_web" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 8080 + selector: + app: ingress-api +{{- end }} +{{- end }} diff --git a/charts/shipyard/templates/service-airflow-web.yaml b/charts/shipyard/templates/service-airflow-web.yaml new file mode 100644 index 00000000..79612df8 --- /dev/null +++ b/charts/shipyard/templates/service-airflow-web.yaml @@ -0,0 +1,43 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_airflow_web }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "airflow_web" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + {{ if .Values.network.airflow.web.enable_node_port }} + - name: http + nodePort: {{ .Values.network.airflow.web.node_port }} + port: {{ .Values.network.airflow.web.port }} + protocol: TCP + targetPort: {{ .Values.network.airflow.web.port }} + {{ else }} + - name: http + port: {{ .Values.network.airflow.web.port }} + protocol: TCP + targetPort: {{ .Values.network.airflow.web.port }} + {{ end }} + selector: +{{ tuple $envAll "airflow" "web" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.airflow.web.enable_node_port }} + type: NodePort + {{ end }} +{{- end }} diff --git a/charts/shipyard/templates/service-shipyard-ingress.yaml b/charts/shipyard/templates/service-shipyard-ingress.yaml new file mode 100644 index 00000000..db3b51d7 --- /dev/null +++ b/charts/shipyard/templates/service-shipyard-ingress.yaml @@ -0,0 +1,32 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.shipyard_service_ingress }} +{{- $envAll := . }} +{{- if .Values.network.shipyard.ingress.public }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "shipyard" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 9000 + selector: + app: ingress-api +{{- end }} +{{- end }} diff --git a/charts/shipyard/templates/service-shipyard.yaml b/charts/shipyard/templates/service-shipyard.yaml new file mode 100644 index 00000000..f9c14fcc --- /dev/null +++ b/charts/shipyard/templates/service-shipyard.yaml @@ -0,0 +1,43 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_shipyard }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "shipyard" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + {{ if .Values.network.shipyard.enable_node_port }} + - name: http + nodePort: {{ .Values.network.shipyard.node_port }} + port: {{ .Values.network.shipyard.port }} + protocol: TCP + targetPort: {{ .Values.network.shipyard.port }} + {{ else }} + - name: http + port: {{ .Values.network.shipyard.port }} + protocol: TCP + targetPort: {{ .Values.network.shipyard.port }} + {{ end }} + selector: +{{ tuple $envAll "shipyard-api" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.shipyard.enable_node_port }} + type: NodePort + {{ end }} +{{- end }} diff --git a/charts/shipyard/values.yaml b/charts/shipyard/values.yaml new file mode 100644 index 00000000..1eb71bd1 --- /dev/null +++ b/charts/shipyard/values.yaml @@ -0,0 +1,571 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file provides defaults for shipyard and airflow + +# Indicate whether it is production or development environment +prod_environment: true + +labels: + node_selector_key: ucp-control-plane + node_selector_value: enabled + +images: + airflow: quay.io/attcomdev/airflow:latest + shipyard: quay.io/attcomdev/shipyard:latest + dep_check: docker.io/kolla/ubuntu-source-kubernetes-entrypoint:4.0.0 + shipyard_db_init: docker.io/postgres:9.5 + shipyard_db_sync: docker.io/postgres:9.5 + airflow_db_init: docker.io/postgres:9.5 + airflow_db_sync: quay.io/attcomdev/airflow:latest + ks_user: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3 + ks_service: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3 + ks_endpoints: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3 + pull_policy: "IfNotPresent" + +release_group: null + +network: + shipyard: + ingress: + public: true + port: 9000 + node_port: 31901 + enable_node_port: false + airflow: + ingress: + public: true + flower: + name: airflow-flower + port: 5555 + enable_node_port: false + web: + name: airflow-web + port: 8080 + node_port: 32080 + enable_node_port: false + worker: + name: airflow-worker + port: 8793 + enable_node_port: false + +dependencies: + shipyard_db_init: + jobs: + - airflow-db-init + - airflow-db-sync + services: + - service: postgresql_shipyard_db + endpoint: internal + - service: airflow_flower + endpoint: internal + - service: airflow_web + endpoint: internal + shipyard_db_sync: + jobs: + - shipyard-db-init + services: + - service: postgresql_shipyard_db + endpoint: internal + airflow_db_init: + services: + - service: postgresql_airflow_db + endpoint: internal + airflow_db_sync: + jobs: + - airflow-db-init + services: + - service: postgresql_airflow_db + endpoint: internal + ks_user: + services: + - service: identity + endpoint: internal + ks_service: + services: + - service: identity + endpoint: internal + ks_endpoints: + jobs: + - shipyard-ks-service + services: + - service: identity + endpoint: internal + shipyard: + jobs: + - shipyard-db-init + - shipyard-db-sync + - shipyard-ks-endpoints + - shipyard-ks-user + - shipyard-ks-endpoints + services: + - service: airflow_flower + endpoint: internal + - service: airflow_web + endpoint: internal + - service: identity + endpoint: internal + - service: postgresql_shipyard_db + endpoint: internal + airflow_server: + jobs: + - airflow-db-init + - airflow-db-sync + services: + - service: postgresql_airflow_db + endpoint: internal + - service: oslo_messaging + endpoint: internal + +# typically overriden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + cluster_domain_suffix: cluster.local + identity: + name: keystone + auth: + user: + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: shipyard + password: password + admin: + region_name: RegionOne + project_name: admin + password: password + username: admin + user_domain_name: default + project_domain_name: default + hosts: + default: keystone-api + public: keystone + path: + default: /v3 + scheme: + default: http + port: + admin: + default: 35357 + api: + default: 80 + host_fqdn_override: + default: null + shipyard: + name: shipyard + hosts: + default: shipyard-int + public: shipyard-api + port: + api: + default: 9000 + path: + default: /api/v1.0 + scheme: + default: http + host_fqdn_override: + default: null + airflow_web: + name: airflow-web + hosts: + default: airflow-web-int + public: airflow-web + port: + airflow_web: + default: 8080 + path: + default: / + scheme: + default: http + host_fqdn_override: + default: null + airflow_flower: + name: airflow-flower + hosts: + default: airflow-flower + port: + airflow_flower: + default: 5555 + path: + default: / + scheme: + default: http + host_fqdn_override: + default: null + postgresql_shipyard_db: + name: postgresql_shipyard_db + auth: + admin: + username: postgres + password: postgres + user: + username: shipyard + password: password + hosts: + default: postgresql + path: /shipyard + scheme: postgresql+psycopg2 + port: + postgresql: + default: 5432 + host_fqdn_override: + default: null + postgresql_airflow_db: + name: postgresql_airflow_db + auth: + admin: + username: postgres + password: postgres + user: + username: airflow + password: password + hosts: + default: postgresql + path: /airflow + scheme: postgresql+psycopg2 + port: + postgresql: + default: 5432 + host_fqdn_override: + default: null + oslo_messaging: + auth: + admin: + username: admin + password: password + user: + username: rabbitmq + password: password + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: / + scheme: amqp + port: + amqp: + default: 5672 + oslo_cache: + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + +secrets: + identity: + admin: shipyard-keystone-admin + user: shipyard-keystone-user + postgresql_shipyard_db: + admin: shipyard-db-admin + user: shipyard-db-user + postgresql_airflow_db: + admin: airflow-db-admin + user: airflow-db-user + +database: + postgresql_airflow: + db_name: airflow + db_root_user: postgres + postgresql_shipyard: + db_name: shipyard + db_root_user: postgres + +conf: + shipyard: + base: + shipyard: + service_type: shipyard + deckhand: + service_type: deckhand + armada: + service_type: armada + drydock: + service_type: drydock + healthcheck: + schema: http + endpoint: /api/v1.0/health + keystone_authtoken: + keystonemiddleware: + auth_token: + delay_auth_decision: true + auth_type: password + auth_section: keystone_authtoken + auth_version: v3 + memcache_security_strategy: ENCRYPT + paste: + override: + append: + policy: + override: + append: + airflow: + override: + append: + prefix: + airflow_config_file: /usr/local/airflow/airflow.cfg + core: + airflow_home: /usr/local/airflow + dags_folder: /usr/local/airflow/dags + base_log_folder: /usr/local/airflow/logs + remote_base_log_folder: + remote_log_conn_id: + encrypt_s3_logs: "False" + executor: CeleryExecutor + sql_alchemy_pool_size: 5 + sql_alchemy_pool_recycle: 3600 + parallelism: 32 + dag_concurrency: 16 + dags_are_paused_at_creation: "False" + non_pooled_task_slot_count: 128 + max_active_runs_per_dag: 16 + load_examples: "False" + plugins_folder: /usr/local/airflow/plugins + fernet_key: fKp7omMJ4QlTxfZzVBSiyXVgeCK-6epRjGgMpEIsjvs= + donot_pickle: "False" + dagbag_import_timeout: 30 + task_runner: BashTaskRunner + default_impersonation: + security: + unit_test_mode: "False" + cli: + api_client: airflow.api.client.local_client + api: + auth_backend: airflow.api.auth.backend.default + operators: + default_owner: Airflow + default_cpus: 1 + default_ram: 512 + default_disk: 512 + default_igpus: 0 + webserver: + web_server_host: 0.0.0.0 + web_server_port: 8080 + web_server_ssl_cert: + web_server_ssl_key: + web_server_worker_timeout: 120 + worker_refresh_batch_size: 1 + secret_key: temporary_key + workers: 4 + worker_class: sync + access_logfile: "-" + error_logfile: "-" + expose_config: "True" + authenticate: "False" + filter_by_owner: "False" + owner_mode: user + dag_orientation: LR + demo_mode: "False" + log_fetch_timeout_sec: 5 + hide_paused_dags_by_default: "False" + email: + email_backend: airflow.utils.send_email_smtp + smtp: + smtp_host: localhost + smtp_starttls: "True" + smtp_ssl: "False" + smtp_user: airflow + smtp_port: 25 + smtp_password: airflow + smtp_mail_from: airflow@airflow.local + celery: + celery_app_name: airflow.executors.celery_executor + celeryd_concurrency: 16 + worker_log_server_port: 8793 + flower_host: 0.0.0.0 + flower_port: 5555 + default_queue: default + scheduler: + job_heartbeat_sec: 5 + scheduler_heartbeat_sec: 5 + run_duration: -1 + min_file_process_interval: 0 + dag_dir_list_interval: 300 + print_stats_interval: 30 + child_process_log_directory: /usr/local/airflow/logs/scheduler + scheduler_zombie_task_threshold: 300 + catchup_by_default: "True" + max_threads: 2 + authenticate: "False" + mesos: + master: localhost:5050 + framework_name: Airflow + task_cpu: 1 + task_memory: 256 + checkpoint: "False" + authenticate: "False" + admin: + hide_sensitive_variable_fields: "True" + +pod: + mounts: + dag_path: /home/ubuntu/workbench/dags + plugin_path: /home/ubuntu/workbench/plugins + log_path: /home/ubuntu/workbench/logs + airflow_flower: + init_container: null + airflow_flower: + airflow_scheduler: + init_container: null + airflow_scheduler: + airflow_worker: + init_container: null + airflow_worker: + airflow_web: + init_container: null + airflow_web: + shipyard: + init_container: null + shipyard: + replicas: + shipyard: 1 + airflow: + web: 1 + worker: 1 + flower: 1 + scheduler: 1 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + termination_grace_period: + airflow: + timeout: 30 + shipyard: + timeout: 30 + resources: + enabled: false + shipyard_api: + limits: + memory: "128Mi" + cpu: "100m" + requests: + memory: "128Mi" + cpu: "100m" + airflow: + worker: + limits: + memory: "128Mi" + cpu: "100m" + requests: + memory: "128Mi" + cpu: "100m" + flower: + limits: + memory: "128Mi" + cpu: "100m" + requests: + memory: "128Mi" + cpu: "100m" + web: + limits: + memory: "128Mi" + cpu: "100m" + requests: + memory: "128Mi" + cpu: "100m" + scheduler: + limits: + memory: "128Mi" + cpu: "100m" + requests: + memory: "128Mi" + cpu: "100m" + jobs: + shipyard_db_sync: + limits: + memory: "128Mi" + cpu: "500m" + requests: + memory: "128Mi" + cpu: "500m" + shipyard_db_init: + limits: + memory: "128Mi" + cpu: "500m" + requests: + memory: "128Mi" + cpu: "500m" + airflow_db_sync: + limits: + memory: "128Mi" + cpu: "500m" + requests: + memory: "128Mi" + cpu: "500m" + airflow_db_init: + limits: + memory: "128Mi" + cpu: "500m" + requests: + memory: "128Mi" + cpu: "500m" + ks_user: + limits: + memory: "128Mi" + cpu: "100m" + requests: + memory: "128Mi" + cpu: "100m" + ks_service: + limits: + memory: "128Mi" + cpu: "100m" + requests: + memory: "128Mi" + cpu: "100m" + ks_endpoints: + limits: + memory: "128Mi" + cpu: "100m" + requests: + memory: "128Mi" + cpu: "100m" + +manifests: + configmap_shipyard_bin: true + configmap_shipyard_etc: true + configmap_airflow_bin: true + configmap_airflow_etc: true + deployment_airflow_flower: true + deployment_airflow_scheduler: true + deployment_shipyard: true + deployment_airflow_web: true + deployment_airflow_worker: true + ingress_airflow_api: true + ingress_shipyard_api: true + job_shipyard_db_init: true + job_shipyard_db_sync: true + job_airflow_db_init: true + job_airflow_db_sync: true + job_ks_endpoints: true + job_ks_service: true + job_ks_user: true + secret_airflow_db: true + secret_shipyard_db: true + secret_keystone: true + service_airflow_ingress: true + service_airflow_flower: true + service_shipyard: true + service_shipyard_ingress: true + service_airflow_web: true