Move Shipyard Chart
This PS migrates the Shipyard Chart into this repo Change-Id: I2cf037ab662886a94c8439f43d248da9295a83b3
This commit is contained in:
parent
2168b3f00b
commit
b002bd58fd
|
@ -0,0 +1,22 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
description: A Helm chart for Shipyard and Airflow
|
||||
name: shipyard
|
||||
version: 0.1.0
|
||||
keywords:
|
||||
- shipyard
|
||||
- airflow
|
||||
home: https://github.com/att-comdev/shipyard
|
||||
sources:
|
||||
- https://github.com/apache/incubator-airflow
|
||||
- https://github.com/att-comdev/aic-helm
|
||||
- https://git.openstack.org/cgit/openstack/openstack-helm
|
||||
maintainers:
|
||||
- name: OpenStack-Helm Authors
|
||||
engine: gotpl
|
|
@ -0,0 +1,18 @@
|
|||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
dependencies:
|
||||
- name: helm-toolkit
|
||||
repository: http://localhost:8879/charts
|
||||
version: 0.1.0
|
|
@ -0,0 +1,49 @@
|
|||
#!/bin/bash
|
||||
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
set -ex
|
||||
export HOME=/tmp
|
||||
|
||||
# Extract the DB string from shipyard.conf and get the
|
||||
# value of the DB host and port
|
||||
db_string=`grep -i sql_alchemy_conn ${AIRFLOW_CONFIG_FILE}`
|
||||
db_fqdn=`echo ${db_string#*@} | cut -f1 -d"."`
|
||||
db_port=`echo ${db_string#*@} | grep -o "[0-9]\+"`
|
||||
|
||||
pgsql_superuser_cmd () {
|
||||
DB_COMMAND="$1"
|
||||
if [[ ! -z $2 ]]; then
|
||||
EXPORT PGDATABASE=$2
|
||||
fi
|
||||
|
||||
psql \
|
||||
-h $db_fqdn \
|
||||
-p $db_port \
|
||||
-U ${ROOT_DB_USER} \
|
||||
--command="${DB_COMMAND}"
|
||||
}
|
||||
|
||||
# Create db
|
||||
pgsql_superuser_cmd "SELECT 1 FROM pg_database WHERE datname = '$DB_NAME'" | grep -q 1 || pgsql_superuser_cmd "CREATE DATABASE $DB_NAME"
|
||||
|
||||
# Create db user
|
||||
pgsql_superuser_cmd "SELECT * FROM pg_roles WHERE rolname = '$DB_USER';" | tail -n +3 | head -n -2 | grep -q 1 || \
|
||||
pgsql_superuser_cmd "CREATE ROLE ${DB_USER} LOGIN PASSWORD '$DB_PASS'"
|
||||
|
||||
# Grant permissions to user
|
||||
pgsql_superuser_cmd "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME to $DB_USER;"
|
|
@ -0,0 +1,21 @@
|
|||
#!/bin/bash
|
||||
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
set -ex
|
||||
|
||||
airflow initdb
|
|
@ -0,0 +1,22 @@
|
|||
#!/bin/bash
|
||||
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
set -ex
|
||||
|
||||
cp -vaR /home/shipyard/shipyard/shipyard_airflow/dags/*.py /tmp/airflow/dags/
|
||||
cp -vaR /home/shipyard/shipyard/shipyard_airflow/plugins/*.py /tmp/airflow/plugins/
|
|
@ -0,0 +1,54 @@
|
|||
#!/bin/bash
|
||||
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
set -ex
|
||||
export HOME=/tmp
|
||||
|
||||
# Extract the DB string from shipyard.conf and get the
|
||||
# value of the DB host and port
|
||||
db_string=`grep -i postgresql_db ${SHIPYARD_CONFIG_FILE}`
|
||||
db_fqdn=`echo ${db_string#*@} | cut -f1 -d"."`
|
||||
db_port=`echo ${db_string#*@} | grep -o "[0-9]\+"`
|
||||
|
||||
pgsql_superuser_cmd () {
|
||||
DB_COMMAND="$1"
|
||||
if [[ ! -z $2 ]]; then
|
||||
EXPORT PGDATABASE=$2
|
||||
fi
|
||||
|
||||
psql \
|
||||
-h $db_fqdn \
|
||||
-p $db_port \
|
||||
-U ${ROOT_DB_USER} \
|
||||
--command="${DB_COMMAND}"
|
||||
}
|
||||
|
||||
# Create db
|
||||
pgsql_superuser_cmd "SELECT 1 FROM pg_database WHERE datname = '$DB_NAME'" | grep -q 1 || pgsql_superuser_cmd "CREATE DATABASE $DB_NAME"
|
||||
|
||||
# Create db user
|
||||
pgsql_superuser_cmd "SELECT * FROM pg_roles WHERE rolname = '$DB_USER';" | tail -n +3 | head -n -2 | grep -q 1 || \
|
||||
pgsql_superuser_cmd "CREATE ROLE ${DB_USER} LOGIN PASSWORD '$DB_PASS'"
|
||||
|
||||
# Grant permissions to user
|
||||
pgsql_superuser_cmd "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME to $DB_USER;"
|
||||
|
||||
# Grant permissions to shipyard user
|
||||
# This will allow shipyard user to query airflow database
|
||||
psql -h $db_fqdn -p $db_port -U ${AIRFLOW_DB_USER} \
|
||||
--command="GRANT select, insert, update, delete on all tables in schema public to $DB_USER;"
|
|
@ -0,0 +1,19 @@
|
|||
#!/bin/bash
|
||||
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
set -ex
|
|
@ -0,0 +1,27 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.configmap_airflow_bin }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: airflow-bin
|
||||
data:
|
||||
airflow-db-init.sh: |+
|
||||
{{ tuple "bin/_airflow-db-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
airflow-db-sync.sh: |+
|
||||
{{ tuple "bin/_airflow-db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
airflow-shipyard-init.sh: |+
|
||||
{{ tuple "bin/_airflow-shipyard-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
{{- end }}
|
|
@ -0,0 +1,59 @@
|
|||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{ include "airflow.conf.airflow_values_skeleton" .Values.conf.airflow | trunc 0 }}
|
||||
|
||||
# Add endpoint URI lookup for Airflow Web Server
|
||||
{{- if empty .Values.conf.airflow.webserver.base_url -}}
|
||||
{{- tuple "airflow_web" "internal" "airflow_web" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.airflow.webserver "base_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.airflow.cli.endpoint_url -}}
|
||||
{{- tuple "airflow_web" "internal" "airflow_web" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.airflow.cli "endpoint_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
# Add endpoint URI lookup for Postgresql DB Connection
|
||||
{{- if empty .Values.conf.airflow.core.sql_alchemy_conn -}}
|
||||
{{- tuple "postgresql_airflow_db" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.airflow.core "sql_alchemy_conn" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
# Add endpoint URI lookup for RabbitMQ Connection
|
||||
{{- if empty .Values.conf.airflow.celery.broker_url -}}
|
||||
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.airflow.celery "broker_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.airflow.celery.celery_result_backend -}}
|
||||
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.airflow.celery "celery_result_backend" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: airflow-etc
|
||||
data:
|
||||
airflow.cfg: |+
|
||||
{{ if .Values.conf.airflow.override -}}
|
||||
{{ .Values.conf.airflow.override | indent 4 }}
|
||||
{{- else -}}
|
||||
{{- if .Values.conf.airflow.prefix -}}
|
||||
{{ .Values.conf.airflow.prefix | indent 4 }}
|
||||
{{- end }}
|
||||
{{ tuple "etc/_airflow.cfg.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.conf.airflow.append -}}
|
||||
{{ .Values.conf.airflow.append | indent 4 }}
|
||||
{{- end }}
|
|
@ -0,0 +1,32 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.configmap_shipyard_bin }}
|
||||
{{- $envAll := . }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: shipyard-bin
|
||||
data:
|
||||
ks-service.sh: |
|
||||
{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }}
|
||||
ks-endpoints.sh: |
|
||||
{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
|
||||
ks-user.sh: |
|
||||
{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
|
||||
ks-domain-user.sh: |
|
||||
{{- include "helm-toolkit.scripts.keystone_domain_user" . | indent 4 }}
|
||||
shipyard-db-init.sh: |+
|
||||
{{ tuple "bin/_shipyard-db-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
shipyard-db-sync.sh: |+
|
||||
{{ tuple "bin/_shipyard-db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
{{- end }}
|
|
@ -0,0 +1,105 @@
|
|||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{ include "shipyard.conf.shipyard_values_skeleton" .Values.conf.shipyard | trunc 0 }}
|
||||
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.keystonemiddleware.auth_token.auth_uri -}}
|
||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.shipyard.keystone_authtoken.keystonemiddleware.auth_token "auth_uri" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
# FIXME fix for broken keystonemiddleware oslo config gen in newton - will remove in future
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator.auth_url -}}
|
||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator "auth_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
# Add endpoint URI lookup for Airflow Web Server
|
||||
{{- if empty .Values.conf.shipyard.base.web_server -}}
|
||||
{{- tuple "airflow_web" "internal" "airflow_web" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.shipyard.base "web_server" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
# Add endpoint URI lookup for Shipyard Postgresql DB Connection
|
||||
{{- if empty .Values.conf.shipyard.base.postgresql_db -}}
|
||||
{{- tuple "postgresql_shipyard_db" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.shipyard.base "postgresql_db" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
# Add endpoint URI lookup for Shipyard Airflow Postgresql DB Connection
|
||||
{{- if empty .Values.conf.shipyard.base.postgresql_airflow_db -}}
|
||||
{{- tuple "postgresql_airflow_db" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.shipyard.base "postgresql_airflow_db" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
# Add endpoint URI lookup for memcached servers Connection
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
||||
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.shipyard.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $userIdentity := .Values.endpoints.identity.auth.user -}}
|
||||
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator.project_name -}}
|
||||
{{- set .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator "project_name" $userIdentity.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator.project_domain_name -}}
|
||||
{{- set .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator "project_domain_name" $userIdentity.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator.user_domain_name -}}
|
||||
{{- set .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator "user_domain_name" $userIdentity.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator.username -}}
|
||||
{{- set .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator "username" $userIdentity.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator.password -}}
|
||||
{{- set .Values.conf.shipyard.keystone_authtoken.shipyard_orchestrator "password" $userIdentity.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
# Set a random string as secret key.
|
||||
{{- if empty .Values.conf.shipyard.keystone_authtoken.keystonemiddleware.auth_token.memcache_secret_key -}}
|
||||
{{- randAlphaNum 64 | set .Values.conf.shipyard.keystone_authtoken.keystonemiddleware.auth_token "memcache_secret_key" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: shipyard-etc
|
||||
data:
|
||||
shipyard.conf: |+
|
||||
{{ if .Values.conf.shipyard.override -}}
|
||||
{{ .Values.conf.shipyard.override | indent 4 }}
|
||||
{{- else -}}
|
||||
{{- if .Values.conf.shipyard.prefix -}}
|
||||
{{ .Values.conf.shipyard.prefix | indent 4 }}
|
||||
{{- end }}
|
||||
{{ tuple "etc/_shipyard.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.conf.shipyard.append -}}
|
||||
{{ .Values.conf.shipyard.append | indent 4 }}
|
||||
{{- end }}
|
||||
api-paste.ini: |+
|
||||
{{ if .Values.conf.paste.override -}}
|
||||
{{ .Values.conf.paste.override | indent 4 }}
|
||||
{{- else -}}
|
||||
{{- if .Values.conf.paste.prefix -}}
|
||||
{{ .Values.conf.paste.prefix | indent 4 }}
|
||||
{{- end }}
|
||||
{{ tuple "etc/_api-paste.ini.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
{{- if .Values.conf.paste.append -}}
|
||||
{{ .Values.conf.paste.append | indent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
policy.yaml: |+
|
||||
{{ if .Values.conf.policy.override -}}
|
||||
{{ .Values.conf.policy.override | indent 4 }}
|
||||
{{- else -}}
|
||||
{{ tuple "etc/_policy.yaml.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
{{- end }}
|
|
@ -0,0 +1,69 @@
|
|||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.deployment_airflow_flower }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.airflow_server }}
|
||||
{{- $mounts_airflow_flower := .Values.pod.mounts.airflow_flower.airflow_flower }}
|
||||
{{- $mounts_airflow_flower_init := .Values.pod.mounts.airflow_flower.init_container }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: airflow-flower
|
||||
spec:
|
||||
replicas: {{ .Values.pod.replicas.airflow.flower }}
|
||||
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ tuple $envAll "airflow" "flower" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
annotations:
|
||||
configmap-bin-hash: {{ tuple "configmap-airflow-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-airflow-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
restartPolicy: Always
|
||||
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.airflow.timeout | default "30" }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies $mounts_airflow_flower_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: airflow-flower
|
||||
image: {{ .Values.images.airflow }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.airflow.flower | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
||||
# To prevent the error: ValueError: invalid literal for int() with base 10: 'tcp://10.0.0.83:5555'
|
||||
- name: FLOWER_PORT
|
||||
value: "5555"
|
||||
ports:
|
||||
- containerPort: {{ .Values.network.airflow.flower.port }}
|
||||
args: ["flower"]
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: {{ .Values.network.airflow.flower.port }}
|
||||
volumeMounts:
|
||||
- name: airflow-etc
|
||||
mountPath: {{ .Values.conf.airflow.airflow_config_file }}
|
||||
subPath: airflow.cfg
|
||||
readOnly: true
|
||||
{{ if $mounts_airflow_flower.volumeMounts }}{{ toYaml $mounts_airflow_flower.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: airflow-etc
|
||||
configMap:
|
||||
name: airflow-etc
|
||||
defaultMode: 0444
|
||||
{{ if $mounts_airflow_flower.volumes }}{{ toYaml $mounts_airflow_flower.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,127 @@
|
|||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.deployment_airflow_scheduler }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.airflow_server }}
|
||||
{{- $mounts_airflow_scheduler := .Values.pod.mounts.airflow_scheduler.airflow_scheduler }}
|
||||
{{- $mounts_airflow_scheduler_init := .Values.pod.mounts.airflow_scheduler.init_container }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: airflow-scheduler
|
||||
spec:
|
||||
replicas: {{ .Values.pod.replicas.airflow.scheduler }}
|
||||
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ tuple $envAll "airflow" "scheduler" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
annotations:
|
||||
configmap-bin-hash: {{ tuple "configmap-airflow-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-airflow-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
restartPolicy: Always
|
||||
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.airflow.timeout | default "30" }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies $mounts_airflow_scheduler_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{- if .Values.prod_environment }}
|
||||
- name: airflow-shipyard-init
|
||||
image: {{ .Values.images.shipyard }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.shipyard_api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
command:
|
||||
- /tmp/airflow-shipyard-init.sh
|
||||
volumeMounts:
|
||||
- name: airflow-bin
|
||||
mountPath: /tmp/airflow-shipyard-init.sh
|
||||
subPath: airflow-shipyard-init.sh
|
||||
readOnly: true
|
||||
- name: pod-shipyard-share-airflow-dags
|
||||
mountPath: /tmp/airflow/dags/
|
||||
- name: pod-shipyard-share-airflow-plugins
|
||||
mountPath: /tmp/airflow/plugins/
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: airflow-scheduler
|
||||
image: {{ .Values.images.airflow }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.airflow.scheduler | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
||||
- name: AIRFLOW_CONN_AIRFLOWS_OWN_DB
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.secrets.postgresql_airflow_db.admin }}
|
||||
key: DB_CONNECTION_AIRFLOW
|
||||
# Set to -1 to stop scheduler from going into crash loops
|
||||
args: ["scheduler", "-n", "-1" ]
|
||||
volumeMounts:
|
||||
- name: airflow-etc
|
||||
mountPath: {{ .Values.conf.airflow.airflow_config_file }}
|
||||
subPath: airflow.cfg
|
||||
readOnly: true
|
||||
{{- if .Values.prod_environment }}
|
||||
- name: shipyard-etc
|
||||
mountPath: /usr/local/airflow/plugins/shipyard.conf
|
||||
subPath: shipyard.conf
|
||||
readOnly: true
|
||||
- name: pod-shipyard-share-airflow-dags
|
||||
mountPath: {{ .Values.conf.airflow.core.dags_folder }}
|
||||
- name: pod-shipyard-share-airflow-plugins
|
||||
mountPath: {{ .Values.conf.airflow.core.plugins_folder }}
|
||||
{{ else }}
|
||||
- name: airflow-dags
|
||||
mountPath: {{ .Values.conf.airflow.core.dags_folder }}
|
||||
- name: airflow-plugins
|
||||
mountPath: {{ .Values.conf.airflow.core.plugins_folder }}
|
||||
{{- end }}
|
||||
- name: airflow-logs
|
||||
mountPath: {{ .Values.conf.airflow.core.base_log_folder }}
|
||||
{{ if $mounts_airflow_scheduler.volumeMounts }}{{ toYaml $mounts_airflow_scheduler.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: airflow-etc
|
||||
configMap:
|
||||
name: airflow-etc
|
||||
defaultMode: 0444
|
||||
{{- if .Values.prod_environment }}
|
||||
- name: shipyard-etc
|
||||
configMap:
|
||||
name: shipyard-etc
|
||||
defaultMode: 0444
|
||||
- name: airflow-bin
|
||||
configMap:
|
||||
name: airflow-bin
|
||||
defaultMode: 0555
|
||||
- name: pod-shipyard-share-airflow-dags
|
||||
emptyDir: {}
|
||||
- name: pod-shipyard-share-airflow-plugins
|
||||
emptyDir: {}
|
||||
- name: airflow-logs
|
||||
emptyDir: {}
|
||||
{{ else }}
|
||||
- name: airflow-dags
|
||||
hostPath:
|
||||
path: {{ .Values.pod.mounts.dag_path }}
|
||||
- name: airflow-plugins
|
||||
hostPath:
|
||||
path: {{ .Values.pod.mounts.plugin_path }}
|
||||
- name: airflow-logs
|
||||
hostPath:
|
||||
path: {{ .Values.pod.mounts.log_path }}
|
||||
{{- end }}
|
||||
{{ if $mounts_airflow_scheduler.volumes }}{{ toYaml $mounts_airflow_scheduler.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,131 @@
|
|||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.deployment_airflow_web }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.airflow_server }}
|
||||
{{- $mounts_airflow_web := .Values.pod.mounts.airflow_web.airflow_web }}
|
||||
{{- $mounts_airflow_web_init := .Values.pod.mounts.airflow_web.init_container }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: airflow-web
|
||||
spec:
|
||||
replicas: {{ .Values.pod.replicas.airflow.web }}
|
||||
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ tuple $envAll "airflow" "web" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
annotations:
|
||||
configmap-bin-hash: {{ tuple "configmap-airflow-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-airflow-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
restartPolicy: Always
|
||||
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.airflow.timeout | default "30" }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies $mounts_airflow_web_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{- if .Values.prod_environment }}
|
||||
- name: airflow-shipyard-init
|
||||
image: {{ .Values.images.shipyard }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.shipyard_api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
command:
|
||||
- /tmp/airflow-shipyard-init.sh
|
||||
volumeMounts:
|
||||
- name: airflow-bin
|
||||
mountPath: /tmp/airflow-shipyard-init.sh
|
||||
subPath: airflow-shipyard-init.sh
|
||||
readOnly: true
|
||||
- name: pod-shipyard-share-airflow-dags
|
||||
mountPath: /tmp/airflow/dags/
|
||||
- name: pod-shipyard-share-airflow-plugins
|
||||
mountPath: /tmp/airflow/plugins/
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: airflow-web
|
||||
image: {{ .Values.images.airflow }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.airflow.web | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
||||
- name: AIRFLOW_CONN_AIRFLOWS_OWN_DB
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.secrets.postgresql_airflow_db.admin }}
|
||||
key: DB_CONNECTION_AIRFLOW
|
||||
ports:
|
||||
- containerPort: {{ .Values.network.airflow.web.port }}
|
||||
args: ["webserver"]
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: {{ .Values.network.airflow.web.port }}
|
||||
volumeMounts:
|
||||
- name: airflow-etc
|
||||
mountPath: {{ .Values.conf.airflow.airflow_config_file }}
|
||||
subPath: airflow.cfg
|
||||
readOnly: true
|
||||
{{- if .Values.prod_environment }}
|
||||
- name: shipyard-etc
|
||||
mountPath: /usr/local/airflow/plugins/shipyard.conf
|
||||
subPath: shipyard.conf
|
||||
readOnly: true
|
||||
- name: pod-shipyard-share-airflow-dags
|
||||
mountPath: {{ .Values.conf.airflow.core.dags_folder }}
|
||||
- name: pod-shipyard-share-airflow-plugins
|
||||
mountPath: {{ .Values.conf.airflow.core.plugins_folder }}
|
||||
{{ else }}
|
||||
- name: airflow-dags
|
||||
mountPath: {{ .Values.conf.airflow.core.dags_folder }}
|
||||
- name: airflow-plugins
|
||||
mountPath: {{ .Values.conf.airflow.core.plugins_folder }}
|
||||
{{- end }}
|
||||
- name: airflow-logs
|
||||
mountPath: {{ .Values.conf.airflow.core.base_log_folder }}
|
||||
{{ if $mounts_airflow_web.volumeMounts }}{{ toYaml $mounts_airflow_web.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: airflow-etc
|
||||
configMap:
|
||||
name: airflow-etc
|
||||
defaultMode: 0444
|
||||
{{- if .Values.prod_environment }}
|
||||
- name: shipyard-etc
|
||||
configMap:
|
||||
name: shipyard-etc
|
||||
defaultMode: 0444
|
||||
- name: airflow-bin
|
||||
configMap:
|
||||
name: airflow-bin
|
||||
defaultMode: 0555
|
||||
- name: pod-shipyard-share-airflow-dags
|
||||
emptyDir: {}
|
||||
- name: pod-shipyard-share-airflow-plugins
|
||||
emptyDir: {}
|
||||
- name: airflow-logs
|
||||
emptyDir: {}
|
||||
{{ else }}
|
||||
- name: airflow-dags
|
||||
hostPath:
|
||||
path: {{ .Values.pod.mounts.dag_path }}
|
||||
- name: airflow-plugins
|
||||
hostPath:
|
||||
path: {{ .Values.pod.mounts.plugin_path }}
|
||||
- name: airflow-logs
|
||||
hostPath:
|
||||
path: {{ .Values.pod.mounts.log_path }}
|
||||
{{- end }}
|
||||
{{ if $mounts_airflow_web.volumes }}{{ toYaml $mounts_airflow_web.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,145 @@
|
|||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.deployment_airflow_worker }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.airflow_server }}
|
||||
{{- $mounts_airflow_worker := .Values.pod.mounts.airflow_worker.airflow_worker }}
|
||||
{{- $mounts_airflow_worker_init := .Values.pod.mounts.airflow_worker.init_container }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: airflow-worker
|
||||
spec:
|
||||
replicas: {{ .Values.pod.replicas.airflow.worker }}
|
||||
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ tuple $envAll "airflow" "worker" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
annotations:
|
||||
configmap-bin-hash: {{ tuple "configmap-airflow-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-airflow-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
restartPolicy: Always
|
||||
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.airflow.timeout | default "30" }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies $mounts_airflow_worker_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{- if .Values.prod_environment }}
|
||||
- name: airflow-shipyard-init
|
||||
image: {{ .Values.images.shipyard }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.shipyard_api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
command:
|
||||
- /tmp/airflow-shipyard-init.sh
|
||||
volumeMounts:
|
||||
- name: airflow-bin
|
||||
mountPath: /tmp/airflow-shipyard-init.sh
|
||||
subPath: airflow-shipyard-init.sh
|
||||
readOnly: true
|
||||
- name: pod-shipyard-share-airflow-dags
|
||||
mountPath: /tmp/airflow/dags/
|
||||
- name: pod-shipyard-share-airflow-plugins
|
||||
mountPath: /tmp/airflow/plugins/
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: airflow-worker
|
||||
image: {{ .Values.images.airflow }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.airflow.worker | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
||||
- name: AIRFLOW_CONN_AIRFLOWS_OWN_DB
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.secrets.postgresql_airflow_db.admin }}
|
||||
key: DB_CONNECTION_AIRFLOW
|
||||
ports:
|
||||
- containerPort: {{ .Values.network.airflow.worker.port }}
|
||||
args: ["worker"]
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: {{ .Values.network.airflow.worker.port }}
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- name: airflow-etc
|
||||
mountPath: {{ .Values.conf.airflow.airflow_config_file }}
|
||||
subPath: airflow.cfg
|
||||
readOnly: true
|
||||
{{- if .Values.prod_environment }}
|
||||
- name: shipyard-etc
|
||||
mountPath: /usr/local/airflow/plugins/shipyard.conf
|
||||
subPath: shipyard.conf
|
||||
readOnly: true
|
||||
- name: pod-shipyard-share-airflow-dags
|
||||
mountPath: {{ .Values.conf.airflow.core.dags_folder }}
|
||||
- name: pod-shipyard-share-airflow-plugins
|
||||
mountPath: {{ .Values.conf.airflow.core.plugins_folder }}
|
||||
{{ else }}
|
||||
- name: airflow-dags
|
||||
mountPath: {{ .Values.conf.airflow.core.dags_folder }}
|
||||
- name: airflow-plugins
|
||||
mountPath: {{ .Values.conf.airflow.core.plugins_folder }}
|
||||
- name: docker
|
||||
mountPath: /var/run
|
||||
readOnly: false
|
||||
- name: pod-var-lib-docker
|
||||
mountPath: /var/lib/docker
|
||||
readOnly: false
|
||||
{{- end }}
|
||||
- name: airflow-logs
|
||||
mountPath: {{ .Values.conf.airflow.core.base_log_folder }}
|
||||
{{ if $mounts_airflow_worker.volumeMounts }}{{ toYaml $mounts_airflow_worker.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: airflow-etc
|
||||
configMap:
|
||||
name: airflow-etc
|
||||
defaultMode: 0444
|
||||
{{- if .Values.prod_environment }}
|
||||
- name: shipyard-etc
|
||||
configMap:
|
||||
name: shipyard-etc
|
||||
defaultMode: 0444
|
||||
- name: airflow-bin
|
||||
configMap:
|
||||
name: airflow-bin
|
||||
defaultMode: 0555
|
||||
- name: pod-shipyard-share-airflow-dags
|
||||
emptyDir: {}
|
||||
- name: pod-shipyard-share-airflow-plugins
|
||||
emptyDir: {}
|
||||
- name: airflow-logs
|
||||
emptyDir: {}
|
||||
{{ else }}
|
||||
- name: airflow-dags
|
||||
hostPath:
|
||||
path: {{ .Values.pod.mounts.dag_path }}
|
||||
- name: airflow-plugins
|
||||
hostPath:
|
||||
path: {{ .Values.pod.mounts.plugin_path }}
|
||||
- name: airflow-logs
|
||||
hostPath:
|
||||
path: {{ .Values.pod.mounts.log_path }}
|
||||
- name: docker
|
||||
hostPath:
|
||||
path: /var/run
|
||||
- name: pod-var-lib-docker
|
||||
hostPath:
|
||||
path: /var/lib/docker
|
||||
{{- end }}
|
||||
{{ if $mounts_airflow_worker.volumes }}{{ toYaml $mounts_airflow_worker.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,76 @@
|
|||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.deployment_shipyard }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.shipyard }}
|
||||
{{- $mounts_shipyard := .Values.pod.mounts.shipyard.shipyard }}
|
||||
{{- $mounts_shipyard_init := .Values.pod.mounts.shipyard.init_container }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: shipyard
|
||||
spec:
|
||||
replicas: {{ .Values.pod.replicas.shipyard }}
|
||||
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ tuple $envAll "shipyard-api" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
annotations:
|
||||
configmap-bin-hash: {{ tuple "configmap-shipyard-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-shipyard-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.shipyard.timeout | default "30" }}
|
||||
restartPolicy: Always
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies $mounts_shipyard_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: shipyard
|
||||
image: {{ .Values.images.shipyard }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.shipyard_api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
ports:
|
||||
- containerPort: {{ .Values.network.shipyard.port }}
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: {{ .Values.network.shipyard.port }}
|
||||
volumeMounts:
|
||||
- name: etc-shipyard
|
||||
mountPath: /etc/shipyard
|
||||
- name: shipyard-etc
|
||||
mountPath: /etc/shipyard/shipyard.conf
|
||||
subPath: shipyard.conf
|
||||
readOnly: true
|
||||
- name: shipyard-etc
|
||||
subPath: api-paste.ini
|
||||
mountPath: /etc/shipyard/api-paste.ini
|
||||
readOnly: true
|
||||
- name: shipyard-etc
|
||||
subPath: policy.yaml
|
||||
mountPath: /etc/shipyard/policy.yaml
|
||||
readOnly: true
|
||||
{{ if $mounts_shipyard.volumeMounts }}{{ toYaml $mounts_shipyard.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: etc-shipyard
|
||||
emptyDir: {}
|
||||
- name: shipyard-etc
|
||||
configMap:
|
||||
name: shipyard-etc
|
||||
defaultMode: 0444
|
||||
{{ if $mounts_shipyard.volumes }}{{ toYaml $mounts_shipyard.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,371 @@
|
|||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{ include "airflow.conf.airflow_values_skeleton" .Values.conf.airflow | trunc 0 }}
|
||||
{{ include "airflow.conf.airflow" .Values.conf.airflow}}
|
||||
|
||||
{{- define "airflow.conf.airflow_values_skeleton" -}}
|
||||
|
||||
{{- if not .core -}}{{- set . "core" dict -}}{{- end -}}
|
||||
{{- if not .webserver -}}{{- set . "webserver" dict -}}{{- end -}}
|
||||
{{- if not .email -}}{{- set . "email" dict -}}{{- end -}}
|
||||
{{- if not .smtp -}}{{- set . "smtp" dict -}}{{- end -}}
|
||||
{{- if not .celery -}}{{- set . "celery" dict -}}{{- end -}}
|
||||
{{- if not .scheduler -}}{{- set . "scheduler" dict -}}{{- end -}}
|
||||
{{- if not .mesos -}}{{- set . "mesos" dict -}}{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{- define "airflow.conf.airflow" -}}
|
||||
|
||||
[core]
|
||||
# The home folder for airflow, is ~/airflow
|
||||
{{ if not .core.airflow_home }}#{{ end }}airflow_home = {{ .core.airflow_home | default "<None>" }}
|
||||
|
||||
# The folder where your airflow pipelines live, most likely a
|
||||
# subfolder in a code repository
|
||||
{{ if not .core.dags_folder }}#{{ end }}dags_folder = {{ .core.dags_folder | default "<None>" }}
|
||||
|
||||
# The folder where airflow should store its log files. This location
|
||||
{{ if not .core.base_log_folder }}#{{ end }}base_log_folder = {{ .core.base_log_folder | default "<None>" }}
|
||||
|
||||
# Airflow can store logs remotely in AWS S3 or Google Cloud Storage. Users
|
||||
# must supply a remote location URL (starting with either 's3://...' or
|
||||
# 'gs://...') and an Airflow connection id that provides access to the storage
|
||||
# location.
|
||||
{{ if not .core.remote_base_log_folder }}#{{ end }}remote_base_log_folder = {{ .core.remote_base_log_folder | default "<None>" }}
|
||||
{{ if not .core.remote_log_conn_id }}#{{ end }}remote_log_conn_id = {{ .core.remote_log_conn_id | default "<None>" }}
|
||||
# Use server-side encryption for logs stored in S3
|
||||
{{ if not .core.encrypt_s3_logs }}#{{ end }}encrypt_s3_logs = {{ .core.encrypt_s3_logs | default "<None>" }}
|
||||
# deprecated option for remote log storage, use remote_base_log_folder instead!
|
||||
# s3_log_folder =
|
||||
|
||||
# The executor class that airflow should use. Choices include
|
||||
# SequentialExecutor, LocalExecutor, CeleryExecutor
|
||||
{{ if not .core.executor }}#{{ end }}executor = {{ .core.executor | default "<None>" }}
|
||||
|
||||
# The SqlAlchemy connection string to the metadata database.
|
||||
# SqlAlchemy supports many different database engine, more information
|
||||
# their website
|
||||
{{ if not .core.sql_alchemy_conn }}#{{ end }}sql_alchemy_conn = {{ .core.sql_alchemy_conn | default "<None>" }}
|
||||
|
||||
# The SqlAlchemy pool size is the maximum number of database connections
|
||||
# in the pool.
|
||||
{{ if not .core.sql_alchemy_pool_size }}#{{ end }}sql_alchemy_pool_size = {{ .core.sql_alchemy_pool_size | default "<None>" }}
|
||||
|
||||
# The SqlAlchemy pool recycle is the number of seconds a connection
|
||||
# can be idle in the pool before it is invalidated. This config does
|
||||
# not apply to sqlite.
|
||||
{{ if not .core.sql_alchemy_pool_recycle }}#{{ end }}sql_alchemy_pool_recycle = {{ .core.sql_alchemy_pool_recycle | default "<None>" }}
|
||||
|
||||
# The amount of parallelism as a setting to the executor. This defines
|
||||
# the max number of task instances that should run simultaneously
|
||||
# on this airflow installation
|
||||
{{ if not .core.parallelism }}#{{ end }}parallelism = {{ .core.parallelism | default "<None>" }}
|
||||
|
||||
# The number of task instances allowed to run concurrently by the scheduler
|
||||
{{ if not .core.dag_concurrency }}#{{ end }}dag_concurrency = {{ .core.dag_concurrency | default "<None>" }}
|
||||
|
||||
# Are DAGs paused by at creation
|
||||
{{ if not .core.dags_are_paused_at_creation }}#{{ end }}dags_are_paused_at_creation = {{ .core.dags_are_paused_at_creation | default "<None>" }}
|
||||
|
||||
# When not using pools, tasks are run in the pool",
|
||||
# whose size is guided by this config element
|
||||
{{ if not .core.non_pooled_task_slot_count }}#{{ end }}non_pooled_task_slot_count = {{ .core.non_pooled_task_slot_count | default "<None>" }}
|
||||
|
||||
# The maximum number of active DAG runs per DAG
|
||||
{{ if not .core.max_active_runs_per_dag }}#{{ end }}max_active_runs_per_dag = {{ .core.max_active_runs_per_dag | default "<None>" }}
|
||||
|
||||
# Whether to load the examples that ship with Airflow. It's good to
|
||||
# get started, but you probably want to set this to False in a production
|
||||
# environment
|
||||
{{ if not .core.load_examples }}#{{ end }}load_examples = {{ .core.load_examples | default "<None>" }}
|
||||
|
||||
# Where your Airflow plugins are stored
|
||||
{{ if not .core.plugins_folder }}#{{ end }}plugins_folder = {{ .core.plugins_folder | default "<None>" }}
|
||||
|
||||
# Secret key to save connection passwords in the db
|
||||
{{ if not .core.fernet_key }}#{{ end }}fernet_key = {{ .core.fernet_key | default "<None>" }}
|
||||
|
||||
# Whether to disable pickling dags
|
||||
{{ if not .core.donot_pickle }}#{{ end }}donot_pickle = {{ .core.donot_pickle | default "<None>" }}
|
||||
|
||||
# How long before timing out a python file import while filling the DagBag
|
||||
{{ if not .core.dagbag_import_timeout }}#{{ end }}dagbag_import_timeout = {{ .core.dagbag_import_timeout | default "<None>" }}
|
||||
|
||||
# The class to use for running task instances in a subprocess
|
||||
{{ if not .core.task_runner }}#{{ end }}task_runner = {{ .core.task_runner | default "<None>" }}
|
||||
|
||||
# If set, tasks without a `run_as_user` argument will be run with this user
|
||||
# Can be used to de-elevate a sudo user running Airflow when executing tasks
|
||||
{{ if not .core.default_impersonation }}#{{ end }}default_impersonation = {{ .core.default_impersonation | default "<None>" }}
|
||||
|
||||
# What security module to use (for example kerberos):
|
||||
{{ if not .core.security }}#{{ end }}security = {{ .core.security | default "<None>" }}
|
||||
|
||||
# Turn unit test mode on (overwrites many configuration options with test
|
||||
# values at runtime)
|
||||
{{ if not .core.unit_test_mode }}#{{ end }}unit_test_mode = {{ .core.unit_test_mode | default "<None>" }}
|
||||
|
||||
[cli]
|
||||
# In what way should the cli access the API. The LocalClient will use the
|
||||
# database directly, while the json_client will use the api running on the
|
||||
# webserver
|
||||
{{ if not .cli.api_client }}#{{ end }}api_client = {{ .cli.api_client | default "<None>" }}
|
||||
{{ if not .cli.endpoint_url }}#{{ end }}endpoint_url = {{ .cli.endpoint_url | default "<None>" }}
|
||||
|
||||
[api]
|
||||
# How to authenticate users of the API
|
||||
{{ if not .api.auth_backend }}#{{ end }}auth_backend = {{ .api.auth_backend | default "<None>" }}
|
||||
|
||||
[operators]
|
||||
# The default owner assigned to each new operator, unless
|
||||
# provided explicitly or passed via `default_args`
|
||||
{{ if not .operators.default_owner }}#{{ end }}default_owner = {{ .operators.default_owner | default "<None>" }}
|
||||
{{ if not .operators.default_cpus }}#{{ end }}default_cpus = {{ .operators.default_cpus | default "<None>" }}
|
||||
{{ if not .operators.default_ram }}#{{ end }}default_ram = {{ .operators.default_ram | default "<None>" }}
|
||||
{{ if not .operators.default_disk }}#{{ end }}default_disk = {{ .operators.default_disk | default "<None>" }}
|
||||
{{ if not .operators.default_gpus }}#{{ end }}default_gpus = {{ .operators.default_gpus | default "<None>" }}
|
||||
|
||||
[webserver]
|
||||
# The base url of your website as airflow cannot guess what domain or
|
||||
# cname you are using. This is use in automated emails that
|
||||
# airflow sends to point links to the right web server
|
||||
{{ if not .webserver.base_url }}#{{ end }}base_url = {{ .webserver.base_url | default "<None>" }}
|
||||
|
||||
# The ip specified when starting the web server
|
||||
{{ if not .webserver.web_server_host }}#{{ end }}web_server_host = {{ .webserver.web_server_host | default "<None>" }}
|
||||
|
||||
# The port on which to run the web server
|
||||
{{ if not .webserver.web_server_port }}#{{ end }}web_server_port = {{ .webserver.web_server_port | default "<None>" }}
|
||||
|
||||
# Paths to the SSL certificate and key for the web server. When both are
|
||||
# provided SSL will be enabled. This does not change the web server port.
|
||||
{{ if not .webserver.web_server_ssl_cert }}#{{ end }}web_server_ssl_cert = {{ .webserver.web_server_ssl_cert | default "<None>" }}
|
||||
{{ if not .webserver.web_server_ssl_key }}#{{ end }}web_server_ssl_key = {{ .webserver.web_server_ssl_key | default "<None>" }}
|
||||
|
||||
# The time the gunicorn webserver waits before timing out on a worker
|
||||
{{ if not .webserver.web_server_worker_timeout }}#{{ end }}web_server_worker_timeout = {{ .webserver.web_server_worker_timeout | default "<None>" }}
|
||||
|
||||
# Number of workers to refresh at a time. When set to 0, worker refresh is
|
||||
# disabled. When nonzero, airflow periodically refreshes webserver workers by
|
||||
# bringing up new ones and killing old ones.
|
||||
{{ if not .webserver.worker_refresh_batch_size }}#{{ end }}worker_refresh_batch_size = {{ .webserver.worker_refresh_batch_size | default "<None>" }}
|
||||
|
||||
# Number of seconds to wait before refreshing a batch of workers.
|
||||
{{ if not .webserver.worker_refresh_interval }}#{{ end }}worker_refresh_interval = {{ .webserver.worker_refresh_interval | default "<None>" }}
|
||||
|
||||
# Secret key used to run your flask app
|
||||
{{ if not .webserver.secret_key }}#{{ end }}secret_key = {{ .webserver.secret_key | default "<None>" }}
|
||||
|
||||
# Number of workers to run the Gunicorn web server
|
||||
{{ if not .webserver.workers }}#{{ end }}workers = {{ .webserver.workers | default "<None>" }}
|
||||
|
||||
# The worker class gunicorn should use. Choices include
|
||||
# sync ), eventlet, gevent
|
||||
{{ if not .webserver.worker_class }}#{{ end }}worker_class = {{ .webserver.worker_class | default "<None>" }}
|
||||
|
||||
# Log files for the gunicorn webserver. '-' means log to stderr.
|
||||
{{ if not .webserver.access_logfile }}#{{ end }}access_logfile = {{ .webserver.access_logfile | default "<None>" }}
|
||||
{{ if not .webserver.error_logfile }}#{{ end }}error_logfile = {{ .webserver.error_logfile | default "<None>" }}
|
||||
|
||||
# Expose the configuration file in the web server
|
||||
{{ if not .webserver.expose_config }}#{{ end }}expose_config = {{ .webserver.expose_config | default "<None>" }}
|
||||
|
||||
# Set to true to turn on authentication : http://pythonhosted.org/airflow/installation.html#web-authentication
|
||||
{{ if not .webserver.authenticate }}#{{ end }}authenticate = {{ .webserver.authenticate | default "<None>" }}
|
||||
|
||||
# Filter the list of dags by owner name (requires authentication to be enabled)
|
||||
{{ if not .webserver.filter_by_owner }}#{{ end }}filter_by_owner = {{ .webserver.filter_by_owner | default "<None>" }}
|
||||
|
||||
# Filtering mode. Choices include user ) and ldapgroup.
|
||||
# Ldap group filtering requires using the ldap backend
|
||||
#
|
||||
# Note that the ldap server needs the "memberOf" overlay to be set up
|
||||
# in order to user the ldapgroup mode.
|
||||
{{ if not .webserver.owner_mode }}#{{ end }}owner_mode = {{ .webserver.owner_mode | default "<None>" }}
|
||||
|
||||
# Default DAG orientation. Valid values are:
|
||||
# LR (Left->Right), TB (Top->Bottom), RL (Right->Left), BT (Bottom->Top)
|
||||
{{ if not .webserver.dag_orientation }}#{{ end }}dag_orientation = {{ .webserver.dag_orientation | default "<None>" }}
|
||||
|
||||
# Puts the webserver in demonstration mode; blurs the names of Operators for
|
||||
# privacy.
|
||||
{{ if not .webserver.demo_mode }}#{{ end }}demo_mode = {{ .webserver.demo_mode | default "<None>" }}
|
||||
|
||||
# The amount of time (in secs) webserver will wait for initial handshake
|
||||
# while fetching logs from other worker machine
|
||||
{{ if not .webserver.log_fetch_timeout_sec }}#{{ end }}log_fetch_timeout_sec = {{ .webserver.log_fetch_timeout_sec | default "<None>" }}
|
||||
|
||||
# By, the webserver shows paused DAGs. Flip this to hide paused
|
||||
# DAGs by
|
||||
{{ if not .webserver.hide_paused_dags_by_default }}#{{ end }}hide_paused_dags_by_default = {{ .webserver.hide_paused_dags_by_default | default "<None>" }}
|
||||
|
||||
[email]
|
||||
{{ if not .email.email_backend }}#{{ end }}email_backend = {{ .email.email_backend | default "<None>" }}
|
||||
|
||||
[smtp]
|
||||
# If you want airflow to send emails on retries, failure, and you want to
|
||||
# the airflow.utils.send_email function, you have to configure an smtp
|
||||
# server here
|
||||
{{ if not .smtp.smtp_host }}#{{ end }}smtp_host = {{ .smtp.smtp_host | default "<None>" }}
|
||||
{{ if not .smtp.smtp_starttls }}#{{ end }}smtp_smtp_starttls = {{ .smtp.smtp_starttls | default "<None>" }}
|
||||
smtp_ssl = {{ .smtp.smtp_ssl | default "<None>" }}
|
||||
{{ if not .smtp.smtp_user }}#{{ end }}smtp_user = {{ .smtp.smtp_user | default "<None>" }}
|
||||
{{ if not .smtp.smtp_port }}#{{ end }}smtp_port = {{ .smtp.smtp_port | default "<None>" }}
|
||||
{{ if not .smtp.smtp_password }}#{{ end }}smtp_password = {{ .smtp.smtp_password | default "<None>" }}
|
||||
{{ if not .smtp.smtp_mail_from }}#{{ end }}smtp_mail_from = {{ .smtp.smtp_mail_from | default "<None>" }}
|
||||
|
||||
[celery]
|
||||
# This section only applies if you are using the CeleryExecutor in
|
||||
# [core] section above
|
||||
|
||||
# The app name that will be used by celery
|
||||
{{ if not .celery.celery_app_name }}#{{ end }}celery_app_name = {{ .celery.celery_app_name | default "<None>" }}
|
||||
|
||||
# The concurrency that will be used when starting workers with the
|
||||
# "airflow worker" command. This defines the number of task instances that
|
||||
# a worker will take, so size up your workers based on the resources on
|
||||
# your worker box and the nature of your tasks
|
||||
{{ if not .celery.celeryd_concurrency }}#{{ end }}celeryd_concurrency = {{ .celery.celeryd_concurrency | default "<None>" }}
|
||||
|
||||
# When you start an airflow worker, airflow starts a tiny web server
|
||||
# subprocess to serve the workers local log files to the airflow main
|
||||
# web server, who then builds pages and sends them to users. This defines
|
||||
# the port on which the logs are served. It needs to be unused, and open
|
||||
# visible from the main web server to connect into the workers.
|
||||
{{ if not .celery.worker_log_server_port }}#{{ end }}worker_log_server_port = {{ .celery.worker_log_server_port | default "<None>" }}
|
||||
|
||||
# The Celery broker URL. Celery supports RabbitMQ, Redis and experimentally
|
||||
# a sqlalchemy database. Refer to the Celery documentation for more
|
||||
# information.
|
||||
{{ if not .celery.broker_url }}#{{ end }}broker_url = {{ .celery.broker_url | default "<None>" }}
|
||||
|
||||
# Another key Celery setting
|
||||
{{ if not .celery.celery_result_backend }}#{{ end }}celery_result_backend = {{ .celery.celery_result_backend | default "<None>" }}
|
||||
|
||||
# Celery Flower is a sweet UI for Celery. Airflow has a shortcut to start
|
||||
# it `airflow flower`. This defines the IP that Celery Flower runs on
|
||||
{{ if not .celery.flower_host }}#{{ end }}flower_host = {{ .celery.flower_host | default "<None>" }}
|
||||
|
||||
# This defines the port that Celery Flower runs on
|
||||
{{ if not .celery.flower_port }}#{{ end }}flower_port = {{ .celery.flower_port | default "<None>" }}
|
||||
|
||||
# Default queue that tasks get assigned to and that worker listen on.
|
||||
{{ if not .celery.default_queue }}#{{ end }}default_queue = {{ .celery.default_queue | default "<None>" }}
|
||||
|
||||
[scheduler]
|
||||
# Task instances listen for external kill signal (when you clear tasks
|
||||
# from the CLI or the UI), this defines the frequency at which they should
|
||||
# listen (in seconds).
|
||||
{{ if not .scheduler.job_heartbeat_sec }}#{{ end }}job_heartbeat_sec = {{ .scheduler.job_heartbeat_sec | default "<None>" }}
|
||||
|
||||
# The scheduler constantly tries to trigger new tasks (look at the
|
||||
# scheduler section in the docs for more information). This defines
|
||||
# how often the scheduler should run (in seconds).
|
||||
{{ if not .scheduler.scheduler_heartbeat_sec }}#{{ end }}scheduler_heartbeat_sec = {{ .scheduler.scheduler_heartbeat_sec | default "<None>" }}
|
||||
|
||||
# after how much time should the scheduler terminate in seconds
|
||||
# -1 indicates to run continuously (see also num_runs)
|
||||
{{ if not .scheduler.run_duration }}#{{ end }}run_duration = {{ .scheduler.run_duration | default "<None>" }}
|
||||
|
||||
# after how much time a new DAGs should be picked up from the filesystem
|
||||
{{ if not .scheduler.min_file_process_interval }}#{{ end }}min_file_process_interval = {{ .scheduler.min_file_process_interval | default "<None>" }}
|
||||
|
||||
{{ if not .scheduler.dag_dir_list_interval }}#{{ end }}dag_dir_list_interval = {{ .scheduler.dag_dir_list_interval | default "<None>" }}
|
||||
|
||||
# How often should stats be printed to the logs
|
||||
{{ if not .scheduler.print_stats_interval }}#{{ end }}print_stats_interval = {{ .scheduler.print_stats_interval | default "<None>" }}
|
||||
|
||||
{{ if not .scheduler.child_process_log_directory }}#{{ end }}child_process_log_directory = {{ .scheduler.child_process_log_directory | default "<None>" }}
|
||||
|
||||
# Local task jobs periodically heartbeat to the DB. If the job has
|
||||
# not heartbeat in this many seconds, the scheduler will mark the
|
||||
# associated task instance as failed and will re-schedule the task.
|
||||
{{ if not .scheduler.scheduler_zombie_task_threshold }}#{{ end }}scheduler_zombie_task_threshold = {{ .scheduler.scheduler_zombie_task_threshold | default "<None>" }}
|
||||
|
||||
# Turn off scheduler catchup by setting this to False.
|
||||
# Default behavior is unchanged and
|
||||
# Command Line Backfills still work, but the scheduler
|
||||
# will not do scheduler catchup if this is False,
|
||||
# however it can be set on a per DAG basis in the
|
||||
# DAG definition (catchup)
|
||||
{{ if not .scheduler.catchup_by_default }}#{{ end }}catchup_by_default = {{ .scheduler.catchup_by_default | default "<None>" }}
|
||||
|
||||
# Statsd (https://github.com/etsy/statsd) integration settings
|
||||
# statsd_on = False
|
||||
# statsd_host = localhost
|
||||
# statsd_port = 8125
|
||||
# statsd_prefix = airflow
|
||||
|
||||
# The scheduler can run multiple threads in parallel to schedule dags.
|
||||
# This defines how many threads will run. However airflow will never
|
||||
# use more threads than the amount of cpu cores available.
|
||||
{{ if not .scheduler.max_threads }}#{{ end }}max_threads = {{ .scheduler.max_threads | default "<None>" }}
|
||||
|
||||
{{ if not .scheduler.authenticate }}#{{ end }}authenticate = {{ .scheduler.authenticate | default "<None>" }}
|
||||
|
||||
[mesos]
|
||||
# Mesos master address which MesosExecutor will connect to.
|
||||
{{ if not .mesos.master }}#{{ end }}master = {{ .mesos.master | default "<None>" }}
|
||||
|
||||
# The framework name which Airflow scheduler will register itself as on mesos
|
||||
{{ if not .mesos.framework_name }}#{{ end }}framework_name = {{ .mesos.framework_name | default "<None>" }}
|
||||
|
||||
# Number of cpu cores required for running one task instance using
|
||||
# 'airflow run <dag_id> <task_id> <execution_date> --local -p <pickle_id>'
|
||||
# command on a mesos slave
|
||||
{{ if not .mesos.task_cpu }}#{{ end }}task_cpu = {{ .mesos.task_cpu | default "<None>" }}
|
||||
|
||||
# Memory in MB required for running one task instance using
|
||||
# 'airflow run <dag_id> <task_id> <execution_date> --local -p <pickle_id>'
|
||||
# command on a mesos slave
|
||||
{{ if not .mesos.task_memory }}#{{ end }}task_memory = {{ .mesos.task_memory | default "<None>" }}
|
||||
|
||||
# Enable framework checkpointing for mesos
|
||||
# See http://mesos.apache.org/documentation/latest/slave-recovery/
|
||||
{{ if not .mesos.checkpoint }}#{{ end }}checkpoint = {{ .mesos.checkpoint | default "<None>" }}
|
||||
|
||||
# Failover timeout in milliseconds.
|
||||
# When checkpointing is enabled and this option is set, Mesos waits
|
||||
# until the configured timeout for
|
||||
# the MesosExecutor framework to re-register after a failover. Mesos
|
||||
# shuts down running tasks if the
|
||||
# MesosExecutor framework fails to re-register within this timeframe.
|
||||
# failover_timeout = 604800
|
||||
|
||||
# Enable framework authentication for mesos
|
||||
# See http://mesos.apache.org/documentation/latest/configuration/
|
||||
{{ if not .mesos.authenticate }}#{{ end }}authenticate = {{ .mesos.authenticate | default "<None>" }}
|
||||
|
||||
# Mesos credentials, if authentication is enabled
|
||||
#_principal = admin
|
||||
#_secret = admin
|
||||
|
||||
[kerberos]
|
||||
#ccache = /tmp/airflow_krb5_ccache
|
||||
# gets augmented with fqdn
|
||||
#principal = airflow
|
||||
#reinit_frequency = 3600
|
||||
#kinit_path = kinit
|
||||
#keytab = airflow.keytab
|
||||
|
||||
[github_enterprise]
|
||||
#api_rev = v3
|
||||
|
||||
[admin]
|
||||
# UI to hide sensitive variable fields when set to True
|
||||
{{ if not .admin.hide_sensitive_variable_fields }}#{{ end }}hide_sensitive_variable_fields = {{ .admin.hide_sensitive_variable_fields | default "<None>" }}
|
||||
|
||||
{{- end -}}
|
|
@ -0,0 +1,25 @@
|
|||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
#PasteDeploy Configuration File
|
||||
#Used to configure uWSGI middleware pipeline
|
||||
|
||||
[app:shipyard-api]
|
||||
paste.app_factory = shipyard_airflow.shipyard:paste_start_shipyard
|
||||
|
||||
[pipeline:main]
|
||||
pipeline = authtoken shipyard-api
|
||||
|
||||
[filter:authtoken]
|
||||
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
|
@ -0,0 +1,40 @@
|
|||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# Actions requiring admin authority
|
||||
#"admin_required": "role:admin"
|
||||
|
||||
# List workflow actions invoked by users
|
||||
# GET /api/v1.0/actions
|
||||
#"workflow_orchestrator:list_actions": "rule:admin_required"
|
||||
|
||||
# Create a workflow action
|
||||
# POST /api/v1.0/actions
|
||||
#"workflow_orchestrator:create_actions": "rule:admin_required"
|
||||
|
||||
# Retreive an action by its id
|
||||
# GET /api/v1.0/actions/{action_id}
|
||||
#"workflow_orchestrator:get_action": "rule:admin_required"
|
||||
|
||||
# Retreive an action step by its id
|
||||
# GET /api/v1.0/actions/{action_id}/steps/{step_id}
|
||||
#"workflow_orchestrator:get_action_step": "rule:admin_required"
|
||||
|
||||
# Retreive an action validation by its id
|
||||
# GET /api/v1.0/actions/{action_id}/validations/{validation_id}
|
||||
#"workflow_orchestrator:get_action_validation": "rule:admin_required"
|
||||
|
||||
# Send a control to an action
|
||||
# POST /api/v1.0/actions/{action_id}/control/{control_verb}
|
||||
#"workflow_orchestrator:invoke_action_control": "rule:admin_required"
|
|
@ -0,0 +1,375 @@
|
|||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{ include "shipyard.conf.shipyard_values_skeleton" .Values.conf.shipyard | trunc 0 }}
|
||||
{{ include "shipyard.conf.shipyard" .Values.conf.shipyard }}
|
||||
|
||||
{{- define "shipyard.conf.shipyard_values_skeleton" -}}
|
||||
|
||||
{{- if not .base -}}{{- set . "base" dict -}}{{- end -}}
|
||||
{{- if not .shipyard -}}{{- set . "shipyard" dict -}}{{- end -}}
|
||||
{{- if not .deckhand -}}{{- set . "deckhand" dict -}}{{- end -}}
|
||||
{{- if not .armada -}}{{- set . "armada" dict -}}{{- end -}}
|
||||
{{- if not .drydock -}}{{- set . "drydock" dict -}}{{- end -}}
|
||||
{{- if not .healthcheck -}}{{- set . "healthcheck" dict -}}{{- end -}}
|
||||
{{- if not .keystone_authtoken -}}{{- set . "keystone_authtoken" dict -}}{{- end -}}
|
||||
{{- if not .keystone_authtoken.keystonemiddleware -}}{{- set .keystone_authtoken "keystonemiddleware" dict -}}{{- end -}}
|
||||
{{- if not .keystone_authtoken.keystonemiddleware.auth_token -}}{{- set .keystone_authtoken.keystonemiddleware "auth_token" dict -}}{{- end -}}
|
||||
{{- if not .keystone_authtoken.shipyard_orchestrator -}}{{- set .keystone_authtoken "shipyard_orchestrator" dict -}}{{- end -}}
|
||||
{{- if not .oslo_policy -}}{{- set . "oslo_policy" dict -}}{{- end -}}
|
||||
{{- if not .oslo_policy.oslo -}}{{- set .oslo_policy "oslo" dict -}}{{- end -}}
|
||||
{{- if not .oslo_policy.oslo.policy -}}{{- set .oslo_policy.oslo "policy" dict -}}{{- end -}}
|
||||
{{- if not .logging -}}{{- set . "logging" dict -}}{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{- define "shipyard.conf.shipyard" -}}
|
||||
|
||||
[base]
|
||||
{{ if not .base.web_server }}#{{ end }}web_server = {{ .base.web_server | default "<None>" }}
|
||||
{{ if not .base.postgresql_db }}#{{ end }}postgresql_db = {{ .base.postgresql_db | default "<None>" }}
|
||||
{{ if not .base.postgresql_airflow_db }}#{{ end }}postgresql_airflow_db = {{ .base.postgresql_airflow_db | default "<None>" }}
|
||||
|
||||
[shipyard]
|
||||
{{ if not .shipyard.service_type }}#{{ end }}service_type = {{ .shipyard.service_type | default "shipyard" }}
|
||||
|
||||
[deckhand]
|
||||
{{ if not .deckhand.service_type }}#{{ end }}service_type = {{ .deckhand.service_type | default "deckhand" }}
|
||||
|
||||
[armada]
|
||||
{{ if not .armada.service_type }}#{{ end }}service_type = {{ .armada.service_type | default "armada" }}
|
||||
|
||||
[drydock]
|
||||
{{ if not .drydock.service_type }}#{{ end }}service_type = {{ .drydock.service_type | default "drydock" }}
|
||||
|
||||
[healthcheck]
|
||||
{{ if not .healthcheck.schema }}#{{ end }}schema = {{ .healthcheck.schema | default "<None>" }}
|
||||
{{ if not .healthcheck.endpoint }}#{{ end }}endpoint = {{ .healthcheck.endpoint | default "<None>" }}
|
||||
|
||||
[keystone_authtoken]
|
||||
|
||||
#
|
||||
# From keystonemiddleware.auth_token
|
||||
#
|
||||
|
||||
# Complete "public" Identity API endpoint. This endpoint should not be an
|
||||
# "admin" endpoint, as it should be accessible by all end users. Unauthenticated
|
||||
# clients are redirected to this endpoint to authenticate. Although this
|
||||
# endpoint should ideally be unversioned, client support in the wild varies.
|
||||
# If you're using a versioned v2 endpoint here, then this should *not* be the
|
||||
# same endpoint the service user utilizes for validating tokens, because normal
|
||||
# end users may not be able to reach that endpoint. (string value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.auth_uri
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.auth_uri }}#{{ end }}auth_uri = {{ .keystone_authtoken.keystonemiddleware.auth_token.auth_uri | default "<None>" }}
|
||||
|
||||
# API version of the admin Identity API endpoint. (string value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.auth_version
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.auth_version }}#{{ end }}auth_version = {{ .keystone_authtoken.keystonemiddleware.auth_token.auth_version | default "<None>" }}
|
||||
|
||||
# Do not handle authorization requests within the middleware, but delegate the
|
||||
# authorization decision to downstream WSGI components. (boolean value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.delay_auth_decision
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.delay_auth_decision }}#{{ end }}delay_auth_decision = {{ .keystone_authtoken.keystonemiddleware.auth_token.delay_auth_decision | default "false" }}
|
||||
|
||||
# Request timeout value for communicating with Identity API server. (integer
|
||||
# value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.http_connect_timeout
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.http_connect_timeout }}#{{ end }}http_connect_timeout = {{ .keystone_authtoken.keystonemiddleware.auth_token.http_connect_timeout | default "<None>" }}
|
||||
|
||||
# How many times are we trying to reconnect when communicating with Identity API
|
||||
# Server. (integer value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.http_request_max_retries
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.http_request_max_retries }}#{{ end }}http_request_max_retries = {{ .keystone_authtoken.keystonemiddleware.auth_token.http_request_max_retries | default "3" }}
|
||||
|
||||
# Request environment key where the Swift cache object is stored. When
|
||||
# auth_token middleware is deployed with a Swift cache, use this option to have
|
||||
# the middleware share a caching backend with swift. Otherwise, use the
|
||||
# ``memcached_servers`` option instead. (string value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.cache
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.cache }}#{{ end }}cache = {{ .keystone_authtoken.keystonemiddleware.auth_token.cache | default "<None>" }}
|
||||
|
||||
# Required if identity server requires client certificate (string value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.certfile
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.certfile }}#{{ end }}certfile = {{ .keystone_authtoken.keystonemiddleware.auth_token.certfile | default "<None>" }}
|
||||
|
||||
# Required if identity server requires client certificate (string value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.keyfile
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.keyfile }}#{{ end }}keyfile = {{ .keystone_authtoken.keystonemiddleware.auth_token.keyfile | default "<None>" }}
|
||||
|
||||
# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
|
||||
# Defaults to system CAs. (string value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.cafile
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.cafile }}#{{ end }}cafile = {{ .keystone_authtoken.keystonemiddleware.auth_token.cafile | default "<None>" }}
|
||||
|
||||
# Verify HTTPS connections. (boolean value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.insecure
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.insecure }}#{{ end }}insecure = {{ .keystone_authtoken.keystonemiddleware.auth_token.insecure | default "false" }}
|
||||
|
||||
# The region in which the identity server can be found. (string value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.region_name
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.region_name }}#{{ end }}region_name = {{ .keystone_authtoken.keystonemiddleware.auth_token.region_name | default "<None>" }}
|
||||
|
||||
# DEPRECATED: Directory used to cache files related to PKI tokens. This option
|
||||
# has been deprecated in the Ocata release and will be removed in the P
|
||||
# release. (string value)
|
||||
# This option is deprecated for removal since Ocata.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: PKI token format is no longer supported.
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.signing_dir
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.signing_dir }}#{{ end }}signing_dir = {{ .keystone_authtoken.keystonemiddleware.auth_token.signing_dir | default "<None>" }}
|
||||
|
||||
# Optionally specify a list of memcached server(s) to use for caching. If left
|
||||
# undefined, tokens will instead be cached in-process. (list value)
|
||||
# Deprecated group/name - [keystone_authtoken]/memcache_servers
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.memcached_servers
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcached_servers }}#{{ end }}memcached_servers = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcached_servers | default "<None>" }}
|
||||
|
||||
# In order to prevent excessive effort spent validating tokens, the middleware
|
||||
# caches previously-seen tokens for a configurable duration (in seconds). Set to
|
||||
# -1 to disable caching completely. (integer value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.token_cache_time
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.token_cache_time }}#{{ end }}token_cache_time = {{ .keystone_authtoken.keystonemiddleware.auth_token.token_cache_time | default "300" }}
|
||||
|
||||
# DEPRECATED: Determines the frequency at which the list of revoked tokens is
|
||||
# retrieved from the Identity service (in seconds). A high number of revocation
|
||||
# events combined with a low cache duration may significantly reduce
|
||||
# performance. Only valid for PKI tokens. This option has been deprecated in
|
||||
# the Ocata release and will be removed in the P release. (integer value)
|
||||
# This option is deprecated for removal since Ocata.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: PKI token format is no longer supported.
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.revocation_cache_time
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.revocation_cache_time }}#{{ end }}revocation_cache_time = {{ .keystone_authtoken.keystonemiddleware.auth_token.revocation_cache_time | default "10" }}
|
||||
|
||||
# (Optional) If defined, indicate whether token data should be authenticated or
|
||||
# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
|
||||
# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
|
||||
# cache. If the value is not one of these options or empty, auth_token will
|
||||
# raise an exception on initialization. (string value)
|
||||
# Allowed values: None, MAC, ENCRYPT
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_security_strategy
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_security_strategy }}#{{ end }}memcache_security_strategy = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_security_strategy | default "None" }}
|
||||
|
||||
# (Optional, mandatory if memcache_security_strategy is defined) This string is
|
||||
# used for key derivation. (string value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_secret_key
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_secret_key }}#{{ end }}memcache_secret_key = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_secret_key | default "<None>" }}
|
||||
|
||||
# (Optional) Number of seconds memcached server is considered dead before it is
|
||||
# tried again. (integer value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_dead_retry
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_dead_retry }}#{{ end }}memcache_pool_dead_retry = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_dead_retry | default "300" }}
|
||||
|
||||
# (Optional) Maximum total number of open connections to every memcached server.
|
||||
# (integer value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_maxsize
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_maxsize }}#{{ end }}memcache_pool_maxsize = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_maxsize | default "10" }}
|
||||
|
||||
# (Optional) Socket timeout in seconds for communicating with a memcached
|
||||
# server. (integer value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_socket_timeout
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_socket_timeout }}#{{ end }}memcache_pool_socket_timeout = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_socket_timeout | default "3" }}
|
||||
|
||||
# (Optional) Number of seconds a connection to memcached is held unused in the
|
||||
# pool before it is closed. (integer value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_unused_timeout
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_unused_timeout }}#{{ end }}memcache_pool_unused_timeout = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_unused_timeout | default "60" }}
|
||||
|
||||
# (Optional) Number of seconds that an operation will wait to get a memcached
|
||||
# client connection from the pool. (integer value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_conn_get_timeout
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_conn_get_timeout }}#{{ end }}memcache_pool_conn_get_timeout = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_pool_conn_get_timeout | default "10" }}
|
||||
|
||||
# (Optional) Use the advanced (eventlet safe) memcached client pool. The
|
||||
# advanced pool will only work under python 2.x. (boolean value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.memcache_use_advanced_pool
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.memcache_use_advanced_pool }}#{{ end }}memcache_use_advanced_pool = {{ .keystone_authtoken.keystonemiddleware.auth_token.memcache_use_advanced_pool | default "false" }}
|
||||
|
||||
# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
|
||||
# middleware will not ask for service catalog on token validation and will not
|
||||
# set the X-Service-Catalog header. (boolean value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.include_service_catalog
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.include_service_catalog }}#{{ end }}include_service_catalog = {{ .keystone_authtoken.keystonemiddleware.auth_token.include_service_catalog | default "true" }}
|
||||
|
||||
# Used to control the use and type of token binding. Can be set to: "disabled"
|
||||
# to not check token binding. "permissive" (default) to validate binding
|
||||
# information if the bind type is of a form known to the server and ignore it if
|
||||
# not. "strict" like "permissive" but if the bind type is unknown the token will
|
||||
# be rejected. "required" any form of token binding is needed to be allowed.
|
||||
# Finally the name of a binding method that must be present in tokens. (string
|
||||
# value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.enforce_token_bind
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.enforce_token_bind }}#{{ end }}enforce_token_bind = {{ .keystone_authtoken.keystonemiddleware.auth_token.enforce_token_bind | default "permissive" }}
|
||||
|
||||
# DEPRECATED: If true, the revocation list will be checked for cached tokens.
|
||||
# This requires that PKI tokens are configured on the identity server. (boolean
|
||||
# value)
|
||||
# This option is deprecated for removal since Ocata.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: PKI token format is no longer supported.
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.check_revocations_for_cached
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.check_revocations_for_cached }}#{{ end }}check_revocations_for_cached = {{ .keystone_authtoken.keystonemiddleware.auth_token.check_revocations_for_cached | default "false" }}
|
||||
|
||||
# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a
|
||||
# single algorithm or multiple. The algorithms are those supported by Python
|
||||
# standard hashlib.new(). The hashes will be tried in the order given, so put
|
||||
# the preferred one first for performance. The result of the first hash will be
|
||||
# stored in the cache. This will typically be set to multiple values only while
|
||||
# migrating from a less secure algorithm to a more secure one. Once all the old
|
||||
# tokens are expired this option should be set to a single value for better
|
||||
# performance. (list value)
|
||||
# This option is deprecated for removal since Ocata.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: PKI token format is no longer supported.
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.hash_algorithms
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.hash_algorithms }}#{{ end }}hash_algorithms = {{ .keystone_authtoken.keystonemiddleware.auth_token.hash_algorithms | default "md5" }}
|
||||
|
||||
# A choice of roles that must be present in a service token. Service tokens are
|
||||
# allowed to request that an expired token can be used and so this check should
|
||||
# tightly control that only actual services should be sending this token. Roles
|
||||
# here are applied as an ANY check so any role in this list must be present.
|
||||
# For backwards compatibility reasons this currently only affects the
|
||||
# allow_expired check. (list value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.service_token_roles
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.service_token_roles }}#{{ end }}service_token_roles = {{ .keystone_authtoken.keystonemiddleware.auth_token.service_token_roles | default "service" }}
|
||||
|
||||
# For backwards compatibility reasons we must let valid service tokens pass
|
||||
# that don't pass the service_token_roles check as valid. Setting this true
|
||||
# will become the default in a future release and should be enabled if
|
||||
# possible. (boolean value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.service_token_roles_required
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.service_token_roles_required }}#{{ end }}service_token_roles_required = {{ .keystone_authtoken.keystonemiddleware.auth_token.service_token_roles_required | default "false" }}
|
||||
|
||||
# Authentication type to load (string value)
|
||||
# Deprecated group/name - [keystone_authtoken]/auth_plugin
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.auth_type
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.auth_type }}#{{ end }}auth_type = {{ .keystone_authtoken.keystonemiddleware.auth_token.auth_type | default "<None>" }}
|
||||
|
||||
# Config Section from which to load plugin specific options (string value)
|
||||
# from .keystone_authtoken.keystonemiddleware.auth_token.auth_section
|
||||
{{ if not .keystone_authtoken.keystonemiddleware.auth_token.auth_section }}#{{ end }}auth_section = {{ .keystone_authtoken.keystonemiddleware.auth_token.auth_section | default "<None>" }}
|
||||
|
||||
|
||||
|
||||
#
|
||||
# From shipyard_orchestrator
|
||||
#
|
||||
|
||||
# Authentication URL (string value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.auth_url
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.auth_url }}#{{ end }}auth_url = {{ .keystone_authtoken.shipyard_orchestrator.auth_url | default "<None>" }}
|
||||
|
||||
# Domain ID to scope to (string value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.domain_id
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.domain_id }}#{{ end }}domain_id = {{ .keystone_authtoken.shipyard_orchestrator.domain_id | default "<None>" }}
|
||||
|
||||
# Domain name to scope to (string value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.domain_name
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.domain_name }}#{{ end }}domain_name = {{ .keystone_authtoken.shipyard_orchestrator.domain_name | default "<None>" }}
|
||||
|
||||
# Project ID to scope to (string value)
|
||||
# Deprecated group/name - [keystone_authtoken]/tenant-id
|
||||
# from .keystone_authtoken.shipyard_orchestrator.project_id
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.project_id }}#{{ end }}project_id = {{ .keystone_authtoken.shipyard_orchestrator.project_id | default "<None>" }}
|
||||
|
||||
# Project name to scope to (string value)
|
||||
# Deprecated group/name - [keystone_authtoken]/tenant-name
|
||||
# from .keystone_authtoken.shipyard_orchestrator.project_name
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.project_name }}#{{ end }}project_name = {{ .keystone_authtoken.shipyard_orchestrator.project_name | default "<None>" }}
|
||||
|
||||
# Domain ID containing project (string value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.project_domain_id
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.project_domain_id }}#{{ end }}project_domain_id = {{ .keystone_authtoken.shipyard_orchestrator.project_domain_id | default "<None>" }}
|
||||
|
||||
# Domain name containing project (string value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.project_domain_name
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.project_domain_name }}#{{ end }}project_domain_name = {{ .keystone_authtoken.shipyard_orchestrator.project_domain_name | default "<None>" }}
|
||||
|
||||
# Trust ID (string value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.trust_id
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.trust_id }}#{{ end }}trust_id = {{ .keystone_authtoken.shipyard_orchestrator.trust_id | default "<None>" }}
|
||||
|
||||
# Optional domain ID to use with v3 and v2 parameters. It will be used for both
|
||||
# the user and project domain in v3 and ignored in v2 authentication. (string
|
||||
# value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.default_domain_id
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.default_domain_id }}#{{ end }}default_domain_id = {{ .keystone_authtoken.shipyard_orchestrator.default_domain_id | default "<None>" }}
|
||||
|
||||
# Optional domain name to use with v3 API and v2 parameters. It will be used for
|
||||
# both the user and project domain in v3 and ignored in v2 authentication.
|
||||
# (string value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.default_domain_name
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.default_domain_name }}#{{ end }}default_domain_name = {{ .keystone_authtoken.shipyard_orchestrator.default_domain_name | default "<None>" }}
|
||||
|
||||
# User id (string value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.user_id
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.user_id }}#{{ end }}user_id = {{ .keystone_authtoken.shipyard_orchestrator.user_id | default "<None>" }}
|
||||
|
||||
# Username (string value)
|
||||
# Deprecated group/name - [keystone_authtoken]/user-name
|
||||
# from .keystone_authtoken.shipyard_orchestrator.username
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.username }}#{{ end }}username = {{ .keystone_authtoken.shipyard_orchestrator.username | default "<None>" }}
|
||||
|
||||
# User's domain id (string value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.user_domain_id
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.user_domain_id }}#{{ end }}user_domain_id = {{ .keystone_authtoken.shipyard_orchestrator.user_domain_id | default "<None>" }}
|
||||
|
||||
# User's domain name (string value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.user_domain_name
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.user_domain_name }}#{{ end }}user_domain_name = {{ .keystone_authtoken.shipyard_orchestrator.user_domain_name | default "<None>" }}
|
||||
|
||||
# User's password (string value)
|
||||
# from .keystone_authtoken.shipyard_orchestrator.password
|
||||
{{ if not .keystone_authtoken.shipyard_orchestrator.password }}#{{ end }}password = {{ .keystone_authtoken.shipyard_orchestrator.password | default "<None>" }}
|
||||
|
||||
|
||||
[oslo_policy]
|
||||
|
||||
#
|
||||
# From oslo.policy
|
||||
#
|
||||
|
||||
# The file that defines policies. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/policy_file
|
||||
# from .oslo_policy.oslo.policy.policy_file
|
||||
{{ if not .oslo_policy.oslo.policy.policy_file }}#{{ end }}policy_file = {{ .oslo_policy.oslo.policy.policy_file | default "policy.json" }}
|
||||
|
||||
# Default rule. Enforced when a requested rule is not found. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/policy_default_rule
|
||||
# from .oslo_policy.oslo.policy.policy_default_rule
|
||||
{{ if not .oslo_policy.oslo.policy.policy_default_rule }}#{{ end }}policy_default_rule = {{ .oslo_policy.oslo.policy.policy_default_rule | default "default" }}
|
||||
|
||||
# Directories where policy configuration files are stored. They can be relative
|
||||
# to any directory in the search path defined by the config_dir option, or
|
||||
# absolute paths. The file defined by policy_file must exist for these
|
||||
# directories to be searched. Missing or empty directories are ignored. (multi
|
||||
# valued)
|
||||
# Deprecated group/name - [DEFAULT]/policy_dirs
|
||||
# from .oslo_policy.oslo.policy.policy_dirs (multiopt)
|
||||
{{ if not .oslo_policy.oslo.policy.policy_dirs }}#policy_dirs = {{ .oslo_policy.oslo.policy.policy_dirs | default "policy.d" }}{{ else }}{{ range .oslo_policy.oslo.policy.policy_dirs }}policy_dirs = {{ . }}
|
||||
{{ end }}{{ end }}
|
||||
|
||||
|
||||
|
||||
[logging]
|
||||
|
||||
#
|
||||
# From shipyard_airflow
|
||||
#
|
||||
# The default logging level for the root logger. ERROR=40, WARNING=30, INFO=20,
|
||||
# DEBUG=10 (integer value)
|
||||
{{ if not .logging.log_level }}#{{ end }}log_level = {{ .logging.log_level | default "10" }}
|
||||
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.ingress_airflow_api }}
|
||||
{{- $envAll := . }}
|
||||
{{- if .Values.network.airflow.ingress.public }}
|
||||
{{- $backendServiceType := "airflow_web" }}
|
||||
{{- $backendPort := "http" }}
|
||||
{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||
{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||
{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||
{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
|
||||
{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $ingressName }}
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: "nginx"
|
||||
ingress.kubernetes.io/rewrite-target: /
|
||||
spec:
|
||||
rules:
|
||||
{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }}
|
||||
- host: {{ $vHost }}
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
backend:
|
||||
serviceName: {{ $backendName }}
|
||||
servicePort: {{ $backendPort }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,47 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.ingress_shipyard_api }}
|
||||
{{- $envAll := . }}
|
||||
{{- if .Values.network.shipyard.ingress.public }}
|
||||
{{- $backendServiceType := "shipyard" }}
|
||||
{{- $backendPort := "http" }}
|
||||
{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||
{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||
{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||
{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
|
||||
{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $ingressName }}
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: "nginx"
|
||||
ingress.kubernetes.io/rewrite-target: /
|
||||
spec:
|
||||
rules:
|
||||
{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }}
|
||||
- host: {{ $vHost }}
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
backend:
|
||||
serviceName: {{ $backendName }}
|
||||
servicePort: {{ $backendPort }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,81 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.job_airflow_db_init }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.airflow_db_init }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: airflow-db-init
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ tuple $envAll "airflow" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: airflow-db-init
|
||||
image: {{ .Values.images.airflow_db_init | quote }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy | quote }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.airflow_db_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
||||
- name: DB_CONNECTION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.secrets.postgresql_airflow_db.admin }}
|
||||
key: DB_CONNECTION_AIRFLOW
|
||||
- name: AIRFLOW_CONFIG_FILE
|
||||
value: /etc/airflow/airflow.cfg
|
||||
- name: DB_NAME
|
||||
value: {{ .Values.database.postgresql_airflow.db_name }}
|
||||
- name: DB_USER
|
||||
value: {{ .Values.endpoints.postgresql_airflow_db.auth.user.username }}
|
||||
- name: DB_PASS
|
||||
value: {{ .Values.endpoints.postgresql_airflow_db.auth.user.password }}
|
||||
- name: ROOT_DB_USER
|
||||
value: {{ .Values.database.postgresql_airflow.db_root_user }}
|
||||
command:
|
||||
- /tmp/airflow-db-init.sh
|
||||
volumeMounts:
|
||||
- name: airflow-bin
|
||||
mountPath: /tmp/airflow-db-init.sh
|
||||
subPath: airflow-db-init.sh
|
||||
readOnly: true
|
||||
- name: etc-airflow
|
||||
mountPath: /etc/airflow
|
||||
- name: airflow-etc
|
||||
mountPath: /etc/airflow/airflow.cfg
|
||||
subPath: airflow.cfg
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: etc-airflow
|
||||
emptyDir: {}
|
||||
- name: airflow-etc
|
||||
configMap:
|
||||
name: airflow-etc
|
||||
defaultMode: 0444
|
||||
- name: airflow-bin
|
||||
configMap:
|
||||
name: airflow-bin
|
||||
defaultMode: 0555
|
||||
{{- end }}
|
|
@ -0,0 +1,61 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.job_airflow_db_sync }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.airflow_db_sync }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: airflow-db-sync
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ tuple $envAll "airflow" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: airflow-db-sync
|
||||
image: {{ .Values.images.airflow_db_sync }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.airflow_db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
command:
|
||||
- /tmp/airflow-db-sync.sh
|
||||
volumeMounts:
|
||||
- name: airflow-bin
|
||||
mountPath: /tmp/airflow-db-sync.sh
|
||||
subPath: airflow-db-sync.sh
|
||||
readOnly: true
|
||||
- name: airflow-etc
|
||||
mountPath: /usr/local/airflow/airflow.cfg
|
||||
subPath: airflow.cfg
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: airflow-etc
|
||||
configMap:
|
||||
name: airflow-etc
|
||||
defaultMode: 0444
|
||||
- name: airflow-bin
|
||||
configMap:
|
||||
name: airflow-bin
|
||||
defaultMode: 0555
|
||||
{{- end }}
|
|
@ -0,0 +1,65 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.job_ks_endpoints }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: shipyard-ks-endpoints
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ tuple $envAll "shipyard" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
{{- range $key1, $osServiceType := tuple "shipyard" }}
|
||||
{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
|
||||
- name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }}
|
||||
image: {{ $envAll.Values.images.ks_endpoints }}
|
||||
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
command:
|
||||
- /tmp/ks-endpoints.sh
|
||||
volumeMounts:
|
||||
- name: ks-endpoints-sh
|
||||
mountPath: /tmp/ks-endpoints.sh
|
||||
subPath: ks-endpoints.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: OS_SVC_ENDPOINT
|
||||
value: {{ $osServiceEndPoint }}
|
||||
- name: OS_SERVICE_NAME
|
||||
value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
|
||||
- name: OS_SERVICE_TYPE
|
||||
value: {{ $osServiceType }}
|
||||
- name: OS_SERVICE_ENDPOINT
|
||||
value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: ks-endpoints-sh
|
||||
configMap:
|
||||
name: shipyard-bin
|
||||
defaultMode: 0555
|
||||
{{- end -}}
|
|
@ -0,0 +1,60 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.job_ks_service -}}
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := .Values.secrets.identity.admin }}
|
||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: shipyard-ks-service
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ tuple $envAll "shipyard" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
{{- range $key1, $osServiceType := tuple "shipyard" }}
|
||||
- name: {{ $osServiceType }}-ks-service-registration
|
||||
image: {{ $envAll.Values.images.ks_service }}
|
||||
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
|
||||
command:
|
||||
- /tmp/ks-service.sh
|
||||
volumeMounts:
|
||||
- name: ks-service-sh
|
||||
mountPath: /tmp/ks-service.sh
|
||||
subPath: ks-service.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: OS_SERVICE_NAME
|
||||
value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
|
||||
- name: OS_SERVICE_TYPE
|
||||
value: {{ $osServiceType }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: ks-service-sh
|
||||
configMap:
|
||||
name: shipyard-bin
|
||||
defaultMode: 0555
|
||||
{{- end -}}
|
|
@ -0,0 +1,61 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.job_ks_user }}
|
||||
|
||||
{{- $ksAdminSecret := .Values.secrets.identity.admin }}
|
||||
{{- $ksUserSecret := .Values.secrets.identity.user }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: shipyard-ks-user
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: shipyard-ks-user
|
||||
image: {{ .Values.images.ks_user }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
command:
|
||||
- /tmp/ks-user.sh
|
||||
volumeMounts:
|
||||
- name: ks-user-sh
|
||||
mountPath: /tmp/ks-user.sh
|
||||
subPath: ks-user.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: {{ $envAll.Values.endpoints.shipyard.name | quote }}
|
||||
- name: SERVICE_OS_DOMAIN_NAME
|
||||
value: {{ $envAll.Values.endpoints.identity.auth.user.project_domain_name | quote }}
|
||||
{{- with $env := dict "ksUserSecret" $ksUserSecret }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ $envAll.Values.endpoints.identity.auth.user.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
name: shipyard-bin
|
||||
defaultMode: 0555
|
||||
{{- end -}}
|
|
@ -0,0 +1,83 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.job_shipyard_db_init }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.shipyard_db_init }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: shipyard-db-init
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ tuple $envAll "shipyard" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: shipyard-db-init
|
||||
image: {{ .Values.images.shipyard_db_init | quote }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy | quote }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.shipyard_db_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
||||
- name: ROOT_DB_CONNECTION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.secrets.postgresql_shipyard_db.admin }}
|
||||
key: DB_CONNECTION_SHIPYARD
|
||||
- name: SHIPYARD_CONFIG_FILE
|
||||
value: /etc/shipyard/shipyard.conf
|
||||
- name: DB_NAME
|
||||
value: {{ .Values.database.postgresql_shipyard.db_name }}
|
||||
- name: DB_USER
|
||||
value: {{ .Values.endpoints.postgresql_shipyard_db.auth.user.username }}
|
||||
- name: DB_PASS
|
||||
value: {{ .Values.endpoints.postgresql_shipyard_db.auth.user.password }}
|
||||
- name: ROOT_DB_USER
|
||||
value: {{ .Values.database.postgresql_shipyard.db_root_user }}
|
||||
- name: AIRFLOW_DB_USER
|
||||
value: {{ .Values.endpoints.postgresql_airflow_db.auth.user.username }}
|
||||
command:
|
||||
- /tmp/shipyard-db-init.sh
|
||||
volumeMounts:
|
||||
- name: shipyard-bin
|
||||
mountPath: /tmp/shipyard-db-init.sh
|
||||
subPath: shipyard-db-init.sh
|
||||
readOnly: true
|
||||
- name: etc-shipyard
|
||||
mountPath: /etc/shipyard
|
||||
- name: shipyard-etc
|
||||
mountPath: /etc/shipyard/shipyard.conf
|
||||
subPath: shipyard.conf
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: etc-shipyard
|
||||
emptyDir: {}
|
||||
- name: shipyard-etc
|
||||
configMap:
|
||||
name: shipyard-etc
|
||||
defaultMode: 0444
|
||||
- name: shipyard-bin
|
||||
configMap:
|
||||
name: shipyard-bin
|
||||
defaultMode: 0555
|
||||
{{- end }}
|
|
@ -0,0 +1,79 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.job_shipyard_db_sync }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.shipyard_db_sync }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: shipyard-db-sync
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ tuple $envAll "shipyard" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: shipyard-db-sync
|
||||
image: {{ .Values.images.shipyard_db_sync }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.shipyard_db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
||||
- name: ROOT_DB_CONNECTION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.secrets.postgresql_shipyard_db.admin }}
|
||||
key: DB_CONNECTION_SHIPYARD
|
||||
- name: SHIPYARD_CONFIG_FILE
|
||||
value: /etc/shipyard/shipyard.conf
|
||||
- name: DB_NAME
|
||||
value: {{ .Values.database.postgresql_shipyard.db_name }}
|
||||
- name: DB_USER
|
||||
value: {{ .Values.endpoints.postgresql_shipyard_db.auth.user.username }}
|
||||
- name: DB_PASS
|
||||
value: {{ .Values.endpoints.postgresql_shipyard_db.auth.user.password }}
|
||||
command:
|
||||
- /tmp/shipyard-db-sync.sh
|
||||
volumeMounts:
|
||||
- name: shipyard-bin
|
||||
mountPath: /tmp/shipyard-db-sync.sh
|
||||
subPath: shipyard-db-sync.sh
|
||||
readOnly: true
|
||||
- name: etc-shipyard
|
||||
mountPath: /etc/shipyard
|
||||
- name: shipyard-etc
|
||||
mountPath: /etc/shipyard/shipyard.conf
|
||||
subPath: shipyard.conf
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: etc-shipyard
|
||||
emptyDir: {}
|
||||
- name: shipyard-etc
|
||||
configMap:
|
||||
name: shipyard-etc
|
||||
defaultMode: 0444
|
||||
- name: shipyard-bin
|
||||
configMap:
|
||||
name: shipyard-bin
|
||||
defaultMode: 0555
|
||||
{{- end }}
|
|
@ -0,0 +1,30 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.secret_airflow_db }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.postgresql_airflow_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
DB_CONNECTION_AIRFLOW: {{ tuple "postgresql_airflow_db" "internal" $userClass "postgresql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,28 @@
|
|||
{{/*
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
*/}}
|
||||
{{- if .Values.manifests.secret_keystone }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 }}
|
||||
...
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,30 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.secret_shipyard_db }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.postgresql_shipyard_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
DB_CONNECTION_SHIPYARD: {{ tuple "postgresql_shipyard_db" "internal" $userClass "postgresql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,43 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.service_airflow_flower }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ tuple "airflow_flower" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||
spec:
|
||||
ports:
|
||||
{{ if .Values.network.airflow.flower.enable_node_port }}
|
||||
- name: http
|
||||
nodePort: {{ .Values.network.airflow.flower.node_port }}
|
||||
port: {{ .Values.network.airflow.flower.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.network.airflow.flower.port }}
|
||||
{{ else }}
|
||||
- name: http
|
||||
port: {{ .Values.network.airflow.flower.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.network.airflow.flower.port }}
|
||||
{{ end }}
|
||||
selector:
|
||||
{{ tuple $envAll "airflow" "flower" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||
{{ if .Values.network.airflow.flower.enable_node_port }}
|
||||
type: NodePort
|
||||
{{ end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,32 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.service_airflow_ingress }}
|
||||
{{- $envAll := . }}
|
||||
{{- if .Values.network.airflow.ingress.public }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ tuple "airflow_web" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 8080
|
||||
selector:
|
||||
app: ingress-api
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,43 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.service_airflow_web }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ tuple "airflow_web" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||
spec:
|
||||
ports:
|
||||
{{ if .Values.network.airflow.web.enable_node_port }}
|
||||
- name: http
|
||||
nodePort: {{ .Values.network.airflow.web.node_port }}
|
||||
port: {{ .Values.network.airflow.web.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.network.airflow.web.port }}
|
||||
{{ else }}
|
||||
- name: http
|
||||
port: {{ .Values.network.airflow.web.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.network.airflow.web.port }}
|
||||
{{ end }}
|
||||
selector:
|
||||
{{ tuple $envAll "airflow" "web" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||
{{ if .Values.network.airflow.web.enable_node_port }}
|
||||
type: NodePort
|
||||
{{ end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,32 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.shipyard_service_ingress }}
|
||||
{{- $envAll := . }}
|
||||
{{- if .Values.network.shipyard.ingress.public }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ tuple "shipyard" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 9000
|
||||
selector:
|
||||
app: ingress-api
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,43 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.service_shipyard }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ tuple "shipyard" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||
spec:
|
||||
ports:
|
||||
{{ if .Values.network.shipyard.enable_node_port }}
|
||||
- name: http
|
||||
nodePort: {{ .Values.network.shipyard.node_port }}
|
||||
port: {{ .Values.network.shipyard.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.network.shipyard.port }}
|
||||
{{ else }}
|
||||
- name: http
|
||||
port: {{ .Values.network.shipyard.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.network.shipyard.port }}
|
||||
{{ end }}
|
||||
selector:
|
||||
{{ tuple $envAll "shipyard-api" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||
{{ if .Values.network.shipyard.enable_node_port }}
|
||||
type: NodePort
|
||||
{{ end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,571 @@
|
|||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# This file provides defaults for shipyard and airflow
|
||||
|
||||
# Indicate whether it is production or development environment
|
||||
prod_environment: true
|
||||
|
||||
labels:
|
||||
node_selector_key: ucp-control-plane
|
||||
node_selector_value: enabled
|
||||
|
||||
images:
|
||||
airflow: quay.io/attcomdev/airflow:latest
|
||||
shipyard: quay.io/attcomdev/shipyard:latest
|
||||
dep_check: docker.io/kolla/ubuntu-source-kubernetes-entrypoint:4.0.0
|
||||
shipyard_db_init: docker.io/postgres:9.5
|
||||
shipyard_db_sync: docker.io/postgres:9.5
|
||||
airflow_db_init: docker.io/postgres:9.5
|
||||
airflow_db_sync: quay.io/attcomdev/airflow:latest
|
||||
ks_user: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
|
||||
ks_service: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
|
||||
ks_endpoints: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
|
||||
pull_policy: "IfNotPresent"
|
||||
|
||||
release_group: null
|
||||
|
||||
network:
|
||||
shipyard:
|
||||
ingress:
|
||||
public: true
|
||||
port: 9000
|
||||
node_port: 31901
|
||||
enable_node_port: false
|
||||
airflow:
|
||||
ingress:
|
||||
public: true
|
||||
flower:
|
||||
name: airflow-flower
|
||||
port: 5555
|
||||
enable_node_port: false
|
||||
web:
|
||||
name: airflow-web
|
||||
port: 8080
|
||||
node_port: 32080
|
||||
enable_node_port: false
|
||||
worker:
|
||||
name: airflow-worker
|
||||
port: 8793
|
||||
enable_node_port: false
|
||||
|
||||
dependencies:
|
||||
shipyard_db_init:
|
||||
jobs:
|
||||
- airflow-db-init
|
||||
- airflow-db-sync
|
||||
services:
|
||||
- service: postgresql_shipyard_db
|
||||
endpoint: internal
|
||||
- service: airflow_flower
|
||||
endpoint: internal
|
||||
- service: airflow_web
|
||||
endpoint: internal
|
||||
shipyard_db_sync:
|
||||
jobs:
|
||||
- shipyard-db-init
|
||||
services:
|
||||
- service: postgresql_shipyard_db
|
||||
endpoint: internal
|
||||
airflow_db_init:
|
||||
services:
|
||||
- service: postgresql_airflow_db
|
||||
endpoint: internal
|
||||
airflow_db_sync:
|
||||
jobs:
|
||||
- airflow-db-init
|
||||
services:
|
||||
- service: postgresql_airflow_db
|
||||
endpoint: internal
|
||||
ks_user:
|
||||
services:
|
||||
- service: identity
|
||||
endpoint: internal
|
||||
ks_service:
|
||||
services:
|
||||
- service: identity
|
||||
endpoint: internal
|
||||
ks_endpoints:
|
||||
jobs:
|
||||
- shipyard-ks-service
|
||||
services:
|
||||
- service: identity
|
||||
endpoint: internal
|
||||
shipyard:
|
||||
jobs:
|
||||
- shipyard-db-init
|
||||
- shipyard-db-sync
|
||||
- shipyard-ks-endpoints
|
||||
- shipyard-ks-user
|
||||
- shipyard-ks-endpoints
|
||||
services:
|
||||
- service: airflow_flower
|
||||
endpoint: internal
|
||||
- service: airflow_web
|
||||
endpoint: internal
|
||||
- service: identity
|
||||
endpoint: internal
|
||||
- service: postgresql_shipyard_db
|
||||
endpoint: internal
|
||||
airflow_server:
|
||||
jobs:
|
||||
- airflow-db-init
|
||||
- airflow-db-sync
|
||||
services:
|
||||
- service: postgresql_airflow_db
|
||||
endpoint: internal
|
||||
- service: oslo_messaging
|
||||
endpoint: internal
|
||||
|
||||
# typically overriden by environmental
|
||||
# values, but should include all endpoints
|
||||
# required by this chart
|
||||
endpoints:
|
||||
cluster_domain_suffix: cluster.local
|
||||
identity:
|
||||
name: keystone
|
||||
auth:
|
||||
user:
|
||||
region_name: RegionOne
|
||||
role: admin
|
||||
project_name: service
|
||||
project_domain_name: default
|
||||
user_domain_name: default
|
||||
username: shipyard
|
||||
password: password
|
||||
admin:
|
||||
region_name: RegionOne
|
||||
project_name: admin
|
||||
password: password
|
||||
username: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
hosts:
|
||||
default: keystone-api
|
||||
public: keystone
|
||||
path:
|
||||
default: /v3
|
||||
scheme:
|
||||
default: http
|
||||
port:
|
||||
admin:
|
||||
default: 35357
|
||||
api:
|
||||
default: 80
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
shipyard:
|
||||
name: shipyard
|
||||
hosts:
|
||||
default: shipyard-int
|
||||
public: shipyard-api
|
||||
port:
|
||||
api:
|
||||
default: 9000
|
||||
path:
|
||||
default: /api/v1.0
|
||||
scheme:
|
||||
default: http
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
airflow_web:
|
||||
name: airflow-web
|
||||
hosts:
|
||||
default: airflow-web-int
|
||||
public: airflow-web
|
||||
port:
|
||||
airflow_web:
|
||||
default: 8080
|
||||
path:
|
||||
default: /
|
||||
scheme:
|
||||
default: http
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
airflow_flower:
|
||||
name: airflow-flower
|
||||
hosts:
|
||||
default: airflow-flower
|
||||
port:
|
||||
airflow_flower:
|
||||
default: 5555
|
||||
path:
|
||||
default: /
|
||||
scheme:
|
||||
default: http
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
postgresql_shipyard_db:
|
||||
name: postgresql_shipyard_db
|
||||
auth:
|
||||
admin:
|
||||
username: postgres
|
||||
password: postgres
|
||||
user:
|
||||
username: shipyard
|
||||
password: password
|
||||
hosts:
|
||||
default: postgresql
|
||||
path: /shipyard
|
||||
scheme: postgresql+psycopg2
|
||||
port:
|
||||
postgresql:
|
||||
default: 5432
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
postgresql_airflow_db:
|
||||
name: postgresql_airflow_db
|
||||
auth:
|
||||
admin:
|
||||
username: postgres
|
||||
password: postgres
|
||||
user:
|
||||
username: airflow
|
||||
password: password
|
||||
hosts:
|
||||
default: postgresql
|
||||
path: /airflow
|
||||
scheme: postgresql+psycopg2
|
||||
port:
|
||||
postgresql:
|
||||
default: 5432
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
oslo_messaging:
|
||||
auth:
|
||||
admin:
|
||||
username: admin
|
||||
password: password
|
||||
user:
|
||||
username: rabbitmq
|
||||
password: password
|
||||
hosts:
|
||||
default: rabbitmq
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path: /
|
||||
scheme: amqp
|
||||
port:
|
||||
amqp:
|
||||
default: 5672
|
||||
oslo_cache:
|
||||
hosts:
|
||||
default: memcached
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
port:
|
||||
memcache:
|
||||
default: 11211
|
||||
|
||||
secrets:
|
||||
identity:
|
||||
admin: shipyard-keystone-admin
|
||||
user: shipyard-keystone-user
|
||||
postgresql_shipyard_db:
|
||||
admin: shipyard-db-admin
|
||||
user: shipyard-db-user
|
||||
postgresql_airflow_db:
|
||||
admin: airflow-db-admin
|
||||
user: airflow-db-user
|
||||
|
||||
database:
|
||||
postgresql_airflow:
|
||||
db_name: airflow
|
||||
db_root_user: postgres
|
||||
postgresql_shipyard:
|
||||
db_name: shipyard
|
||||
db_root_user: postgres
|
||||
|
||||
conf:
|
||||
shipyard:
|
||||
base:
|
||||
shipyard:
|
||||
service_type: shipyard
|
||||
deckhand:
|
||||
service_type: deckhand
|
||||
armada:
|
||||
service_type: armada
|
||||
drydock:
|
||||
service_type: drydock
|
||||
healthcheck:
|
||||
schema: http
|
||||
endpoint: /api/v1.0/health
|
||||
keystone_authtoken:
|
||||
keystonemiddleware:
|
||||
auth_token:
|
||||
delay_auth_decision: true
|
||||
auth_type: password
|
||||
auth_section: keystone_authtoken
|
||||
auth_version: v3
|
||||
memcache_security_strategy: ENCRYPT
|
||||
paste:
|
||||
override:
|
||||
append:
|
||||
policy:
|
||||
override:
|
||||
append:
|
||||
airflow:
|
||||
override:
|
||||
append:
|
||||
prefix:
|
||||
airflow_config_file: /usr/local/airflow/airflow.cfg
|
||||
core:
|
||||
airflow_home: /usr/local/airflow
|
||||
dags_folder: /usr/local/airflow/dags
|
||||
base_log_folder: /usr/local/airflow/logs
|
||||
remote_base_log_folder:
|
||||
remote_log_conn_id:
|
||||
encrypt_s3_logs: "False"
|
||||
executor: CeleryExecutor
|
||||
sql_alchemy_pool_size: 5
|
||||
sql_alchemy_pool_recycle: 3600
|
||||
parallelism: 32
|
||||
dag_concurrency: 16
|
||||
dags_are_paused_at_creation: "False"
|
||||
non_pooled_task_slot_count: 128
|
||||
max_active_runs_per_dag: 16
|
||||
load_examples: "False"
|
||||
plugins_folder: /usr/local/airflow/plugins
|
||||
fernet_key: fKp7omMJ4QlTxfZzVBSiyXVgeCK-6epRjGgMpEIsjvs=
|
||||
donot_pickle: "False"
|
||||
dagbag_import_timeout: 30
|
||||
task_runner: BashTaskRunner
|
||||
default_impersonation:
|
||||
security:
|
||||
unit_test_mode: "False"
|
||||
cli:
|
||||
api_client: airflow.api.client.local_client
|
||||
api:
|
||||
auth_backend: airflow.api.auth.backend.default
|
||||
operators:
|
||||
default_owner: Airflow
|
||||
default_cpus: 1
|
||||
default_ram: 512
|
||||
default_disk: 512
|
||||
default_igpus: 0
|
||||
webserver:
|
||||
web_server_host: 0.0.0.0
|
||||
web_server_port: 8080
|
||||
web_server_ssl_cert:
|
||||
web_server_ssl_key:
|
||||
web_server_worker_timeout: 120
|
||||
worker_refresh_batch_size: 1
|
||||
secret_key: temporary_key
|
||||
workers: 4
|
||||
worker_class: sync
|
||||
access_logfile: "-"
|
||||
error_logfile: "-"
|
||||
expose_config: "True"
|
||||
authenticate: "False"
|
||||
filter_by_owner: "False"
|
||||
owner_mode: user
|
||||
dag_orientation: LR
|
||||
demo_mode: "False"
|
||||
log_fetch_timeout_sec: 5
|
||||
hide_paused_dags_by_default: "False"
|
||||
email:
|
||||
email_backend: airflow.utils.send_email_smtp
|
||||
smtp:
|
||||
smtp_host: localhost
|
||||
smtp_starttls: "True"
|
||||
smtp_ssl: "False"
|
||||
smtp_user: airflow
|
||||
smtp_port: 25
|
||||
smtp_password: airflow
|
||||
smtp_mail_from: airflow@airflow.local
|
||||
celery:
|
||||
celery_app_name: airflow.executors.celery_executor
|
||||
celeryd_concurrency: 16
|
||||
worker_log_server_port: 8793
|
||||
flower_host: 0.0.0.0
|
||||
flower_port: 5555
|
||||
default_queue: default
|
||||
scheduler:
|
||||
job_heartbeat_sec: 5
|
||||
scheduler_heartbeat_sec: 5
|
||||
run_duration: -1
|
||||
min_file_process_interval: 0
|
||||
dag_dir_list_interval: 300
|
||||
print_stats_interval: 30
|
||||
child_process_log_directory: /usr/local/airflow/logs/scheduler
|
||||
scheduler_zombie_task_threshold: 300
|
||||
catchup_by_default: "True"
|
||||
max_threads: 2
|
||||
authenticate: "False"
|
||||
mesos:
|
||||
master: localhost:5050
|
||||
framework_name: Airflow
|
||||
task_cpu: 1
|
||||
task_memory: 256
|
||||
checkpoint: "False"
|
||||
authenticate: "False"
|
||||
admin:
|
||||
hide_sensitive_variable_fields: "True"
|
||||
|
||||
pod:
|
||||
mounts:
|
||||
dag_path: /home/ubuntu/workbench/dags
|
||||
plugin_path: /home/ubuntu/workbench/plugins
|
||||
log_path: /home/ubuntu/workbench/logs
|
||||
airflow_flower:
|
||||
init_container: null
|
||||
airflow_flower:
|
||||
airflow_scheduler:
|
||||
init_container: null
|
||||
airflow_scheduler:
|
||||
airflow_worker:
|
||||
init_container: null
|
||||
airflow_worker:
|
||||
airflow_web:
|
||||
init_container: null
|
||||
airflow_web:
|
||||
shipyard:
|
||||
init_container: null
|
||||
shipyard:
|
||||
replicas:
|
||||
shipyard: 1
|
||||
airflow:
|
||||
web: 1
|
||||
worker: 1
|
||||
flower: 1
|
||||
scheduler: 1
|
||||
lifecycle:
|
||||
upgrades:
|
||||
deployments:
|
||||
revision_history: 3
|
||||
pod_replacement_strategy: RollingUpdate
|
||||
rolling_update:
|
||||
max_unavailable: 1
|
||||
max_surge: 3
|
||||
termination_grace_period:
|
||||
airflow:
|
||||
timeout: 30
|
||||
shipyard:
|
||||
timeout: 30
|
||||
resources:
|
||||
enabled: false
|
||||
shipyard_api:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
airflow:
|
||||
worker:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
flower:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
web:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
scheduler:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
jobs:
|
||||
shipyard_db_sync:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
shipyard_db_init:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
airflow_db_sync:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
airflow_db_init:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
ks_user:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
ks_service:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
ks_endpoints:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
|
||||
manifests:
|
||||
configmap_shipyard_bin: true
|
||||
configmap_shipyard_etc: true
|
||||
configmap_airflow_bin: true
|
||||
configmap_airflow_etc: true
|
||||
deployment_airflow_flower: true
|
||||
deployment_airflow_scheduler: true
|
||||
deployment_shipyard: true
|
||||
deployment_airflow_web: true
|
||||
deployment_airflow_worker: true
|
||||
ingress_airflow_api: true
|
||||
ingress_shipyard_api: true
|
||||
job_shipyard_db_init: true
|
||||
job_shipyard_db_sync: true
|
||||
job_airflow_db_init: true
|
||||
job_airflow_db_sync: true
|
||||
job_ks_endpoints: true
|
||||
job_ks_service: true
|
||||
job_ks_user: true
|
||||
secret_airflow_db: true
|
||||
secret_shipyard_db: true
|
||||
secret_keystone: true
|
||||
service_airflow_ingress: true
|
||||
service_airflow_flower: true
|
||||
service_shipyard: true
|
||||
service_shipyard_ingress: true
|
||||
service_airflow_web: true
|
Loading…
Reference in New Issue