From eb23a5a0d2869ee5c27e56c164269c808e06fd3a Mon Sep 17 00:00:00 2001 From: Anthony Lin Date: Mon, 29 Jan 2018 03:54:51 +0000 Subject: [PATCH] Update Shipyard/Airflow Chart - Database Configurability - Support configured Postgres admin password - Use secrets for database job environment setup This patch set also updates a bunch of banners Change-Id: I238cfd123b5aad31c9cb93864cff7641f719f3df --- charts/shipyard/Chart.yaml | 2 +- charts/shipyard/requirements.yaml | 2 +- .../templates/bin/_airflow-db-init.sh.tpl | 10 ++--- .../templates/bin/_airflow-db-sync.sh.tpl | 2 +- .../bin/_airflow-shipyard-init.sh.tpl | 2 +- .../templates/bin/_shipyard-db-init.sh.tpl | 12 ++--- .../templates/bin/_shipyard-db-sync.sh.tpl | 2 +- .../templates/configmap-airflow-bin.yaml | 2 + .../templates/configmap-airflow-etc.yaml | 2 +- .../templates/configmap-shipyard-bin.yaml | 2 + .../templates/configmap-shipyard-etc.yaml | 2 +- .../templates/deployment-airflow-flower.yaml | 2 +- .../deployment-airflow-scheduler.yaml | 6 +-- .../templates/deployment-airflow-web.yaml | 6 +-- .../templates/deployment-airflow-worker.yaml | 6 +-- .../templates/deployment-shipyard.yaml | 2 +- .../shipyard/templates/etc/_airflow.cfg.tpl | 2 +- .../templates/ingress-airflow-api.yaml | 2 +- .../templates/ingress-shipyard-api.yaml | 2 +- .../templates/job-airflow-db-init.yaml | 39 +++++++++++----- .../templates/job-airflow-db-sync.yaml | 2 +- .../shipyard/templates/job-ks-endpoints.yaml | 2 + charts/shipyard/templates/job-ks-service.yaml | 2 + charts/shipyard/templates/job-ks-user.yaml | 2 + .../templates/job-shipyard-db-init.yaml | 44 ++++++++++++++----- .../templates/job-shipyard-db-sync.yaml | 27 ++++++++---- .../shipyard/templates/secret-airflow-db.yaml | 13 +++++- .../templates/secret-keystone-env.yaml | 24 +++++----- .../templates/secret-shipyard-db.yaml | 13 +++++- .../templates/service-airflow-flower.yaml | 2 +- .../templates/service-airflow-ingress.yaml | 2 +- .../templates/service-airflow-web.yaml | 2 +- .../templates/service-shipyard-ingress.yaml | 2 +- .../shipyard/templates/service-shipyard.yaml | 2 +- charts/shipyard/values.yaml | 16 +++---- 35 files changed, 166 insertions(+), 96 deletions(-) diff --git a/charts/shipyard/Chart.yaml b/charts/shipyard/Chart.yaml index 8b4f27f0..2381ffad 100644 --- a/charts/shipyard/Chart.yaml +++ b/charts/shipyard/Chart.yaml @@ -1,4 +1,4 @@ -# Copyright 2017 The Openstack-Helm Authors. +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/charts/shipyard/requirements.yaml b/charts/shipyard/requirements.yaml index 53782e69..94b410c3 100644 --- a/charts/shipyard/requirements.yaml +++ b/charts/shipyard/requirements.yaml @@ -1,4 +1,4 @@ -# Copyright 2017 The Openstack-Helm Authors. +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/charts/shipyard/templates/bin/_airflow-db-init.sh.tpl b/charts/shipyard/templates/bin/_airflow-db-init.sh.tpl index 0db50e97..4ac03191 100644 --- a/charts/shipyard/templates/bin/_airflow-db-init.sh.tpl +++ b/charts/shipyard/templates/bin/_airflow-db-init.sh.tpl @@ -1,7 +1,7 @@ #!/bin/bash {{/* -Copyright 2017 The Openstack-Helm Authors. +Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -34,7 +34,7 @@ pgsql_superuser_cmd () { psql \ -h $db_fqdn \ -p $db_port \ - -U ${ROOT_DB_USER} \ + -U ${DB_ADMIN_USER} \ --command="${DB_COMMAND}" } @@ -42,8 +42,8 @@ pgsql_superuser_cmd () { pgsql_superuser_cmd "SELECT 1 FROM pg_database WHERE datname = '$DB_NAME'" | grep -q 1 || pgsql_superuser_cmd "CREATE DATABASE $DB_NAME" # Create db user -pgsql_superuser_cmd "SELECT * FROM pg_roles WHERE rolname = '$DB_USER';" | tail -n +3 | head -n -2 | grep -q 1 || \ - pgsql_superuser_cmd "CREATE ROLE ${DB_USER} LOGIN PASSWORD '$DB_PASS'" +pgsql_superuser_cmd "SELECT * FROM pg_roles WHERE rolname = '$DB_SERVICE_USER';" | tail -n +3 | head -n -2 | grep -q 1 || \ + pgsql_superuser_cmd "CREATE ROLE ${DB_SERVICE_USER} LOGIN PASSWORD '$DB_SERVICE_PASSWORD'" # Grant permissions to user -pgsql_superuser_cmd "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME to $DB_USER;" +pgsql_superuser_cmd "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME to $DB_SERVICE_USER;" diff --git a/charts/shipyard/templates/bin/_airflow-db-sync.sh.tpl b/charts/shipyard/templates/bin/_airflow-db-sync.sh.tpl index a82128bd..daf4e447 100644 --- a/charts/shipyard/templates/bin/_airflow-db-sync.sh.tpl +++ b/charts/shipyard/templates/bin/_airflow-db-sync.sh.tpl @@ -1,7 +1,7 @@ #!/bin/bash {{/* -Copyright 2017 The Openstack-Helm Authors. +Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/shipyard/templates/bin/_airflow-shipyard-init.sh.tpl b/charts/shipyard/templates/bin/_airflow-shipyard-init.sh.tpl index 505544db..a9066fe5 100644 --- a/charts/shipyard/templates/bin/_airflow-shipyard-init.sh.tpl +++ b/charts/shipyard/templates/bin/_airflow-shipyard-init.sh.tpl @@ -1,7 +1,7 @@ #!/bin/bash {{/* -Copyright 2017 The Openstack-Helm Authors. +Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/shipyard/templates/bin/_shipyard-db-init.sh.tpl b/charts/shipyard/templates/bin/_shipyard-db-init.sh.tpl index ac2aff1c..fd90cd37 100644 --- a/charts/shipyard/templates/bin/_shipyard-db-init.sh.tpl +++ b/charts/shipyard/templates/bin/_shipyard-db-init.sh.tpl @@ -1,7 +1,7 @@ #!/bin/bash {{/* -Copyright 2017 The Openstack-Helm Authors. +Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -34,7 +34,7 @@ pgsql_superuser_cmd () { psql \ -h $db_fqdn \ -p $db_port \ - -U ${ROOT_DB_USER} \ + -U ${DB_ADMIN_USER} \ --command="${DB_COMMAND}" } @@ -42,13 +42,13 @@ pgsql_superuser_cmd () { pgsql_superuser_cmd "SELECT 1 FROM pg_database WHERE datname = '$DB_NAME'" | grep -q 1 || pgsql_superuser_cmd "CREATE DATABASE $DB_NAME" # Create db user -pgsql_superuser_cmd "SELECT * FROM pg_roles WHERE rolname = '$DB_USER';" | tail -n +3 | head -n -2 | grep -q 1 || \ - pgsql_superuser_cmd "CREATE ROLE ${DB_USER} LOGIN PASSWORD '$DB_PASS'" +pgsql_superuser_cmd "SELECT * FROM pg_roles WHERE rolname = '$DB_SERVICE_USER';" | tail -n +3 | head -n -2 | grep -q 1 || \ + pgsql_superuser_cmd "CREATE ROLE ${DB_SERVICE_USER} LOGIN PASSWORD '$DB_SERVICE_PASSWORD'" # Grant permissions to user -pgsql_superuser_cmd "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME to $DB_USER;" +pgsql_superuser_cmd "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME to $DB_SERVICE_USER;" # Grant permissions to shipyard user # This will allow shipyard user to query airflow database psql -h $db_fqdn -p $db_port -U ${AIRFLOW_DB_USER} \ ---command="GRANT select, insert, update, delete on all tables in schema public to $DB_USER;" +--command="GRANT select, insert, update, delete on all tables in schema public to $DB_SERVICE_USER;" diff --git a/charts/shipyard/templates/bin/_shipyard-db-sync.sh.tpl b/charts/shipyard/templates/bin/_shipyard-db-sync.sh.tpl index addc45b4..b31fb983 100644 --- a/charts/shipyard/templates/bin/_shipyard-db-sync.sh.tpl +++ b/charts/shipyard/templates/bin/_shipyard-db-sync.sh.tpl @@ -1,7 +1,7 @@ #!/bin/bash {{/* -Copyright 2017 The Openstack-Helm Authors. +Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/shipyard/templates/configmap-airflow-bin.yaml b/charts/shipyard/templates/configmap-airflow-bin.yaml index 25e5f1ba..e0164f51 100644 --- a/charts/shipyard/templates/configmap-airflow-bin.yaml +++ b/charts/shipyard/templates/configmap-airflow-bin.yaml @@ -1,3 +1,5 @@ +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/charts/shipyard/templates/configmap-airflow-etc.yaml b/charts/shipyard/templates/configmap-airflow-etc.yaml index a834a0e5..5d2a8ce4 100644 --- a/charts/shipyard/templates/configmap-airflow-etc.yaml +++ b/charts/shipyard/templates/configmap-airflow-etc.yaml @@ -1,4 +1,4 @@ -# Copyright 2017 The Openstack-Helm Authors. +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/charts/shipyard/templates/configmap-shipyard-bin.yaml b/charts/shipyard/templates/configmap-shipyard-bin.yaml index a6cb18fc..d9ffc750 100644 --- a/charts/shipyard/templates/configmap-shipyard-bin.yaml +++ b/charts/shipyard/templates/configmap-shipyard-bin.yaml @@ -1,3 +1,5 @@ +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/charts/shipyard/templates/configmap-shipyard-etc.yaml b/charts/shipyard/templates/configmap-shipyard-etc.yaml index 8f488cb1..ab02c1ae 100644 --- a/charts/shipyard/templates/configmap-shipyard-etc.yaml +++ b/charts/shipyard/templates/configmap-shipyard-etc.yaml @@ -1,4 +1,4 @@ -# Copyright 2017 The Openstack-Helm Authors. +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/charts/shipyard/templates/deployment-airflow-flower.yaml b/charts/shipyard/templates/deployment-airflow-flower.yaml index 316969d6..9a983ee7 100644 --- a/charts/shipyard/templates/deployment-airflow-flower.yaml +++ b/charts/shipyard/templates/deployment-airflow-flower.yaml @@ -1,4 +1,4 @@ -# Copyright 2017 The Openstack-Helm Authors. +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/charts/shipyard/templates/deployment-airflow-scheduler.yaml b/charts/shipyard/templates/deployment-airflow-scheduler.yaml index fc09a76c..921d3fcb 100644 --- a/charts/shipyard/templates/deployment-airflow-scheduler.yaml +++ b/charts/shipyard/templates/deployment-airflow-scheduler.yaml @@ -1,4 +1,4 @@ -# Copyright 2017 The Openstack-Helm Authors. +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -68,8 +68,8 @@ spec: - name: AIRFLOW_CONN_AIRFLOWS_OWN_DB valueFrom: secretKeyRef: - name: {{ .Values.secrets.postgresql_airflow_db.admin }} - key: DB_CONNECTION_AIRFLOW + name: {{ .Values.secrets.postgresql_airflow_db.user }} + key: AIRFLOW_DATABASE_URI # Set to -1 to stop scheduler from going into crash loops args: ["scheduler", "-n", "-1" ] volumeMounts: diff --git a/charts/shipyard/templates/deployment-airflow-web.yaml b/charts/shipyard/templates/deployment-airflow-web.yaml index b93517cc..e6586dbe 100644 --- a/charts/shipyard/templates/deployment-airflow-web.yaml +++ b/charts/shipyard/templates/deployment-airflow-web.yaml @@ -1,4 +1,4 @@ -# Copyright 2017 The Openstack-Helm Authors. +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -68,8 +68,8 @@ spec: - name: AIRFLOW_CONN_AIRFLOWS_OWN_DB valueFrom: secretKeyRef: - name: {{ .Values.secrets.postgresql_airflow_db.admin }} - key: DB_CONNECTION_AIRFLOW + name: {{ .Values.secrets.postgresql_airflow_db.user }} + key: AIRFLOW_DATABASE_URI ports: - containerPort: {{ .Values.network.airflow.web.port }} args: ["webserver"] diff --git a/charts/shipyard/templates/deployment-airflow-worker.yaml b/charts/shipyard/templates/deployment-airflow-worker.yaml index 9412725d..4298481c 100644 --- a/charts/shipyard/templates/deployment-airflow-worker.yaml +++ b/charts/shipyard/templates/deployment-airflow-worker.yaml @@ -1,4 +1,4 @@ -# Copyright 2017 The Openstack-Helm Authors. +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -99,8 +99,8 @@ spec: - name: AIRFLOW_CONN_AIRFLOWS_OWN_DB valueFrom: secretKeyRef: - name: {{ .Values.secrets.postgresql_airflow_db.admin }} - key: DB_CONNECTION_AIRFLOW + name: {{ .Values.secrets.postgresql_airflow_db.user }} + key: AIRFLOW_DATABASE_URI ports: - containerPort: {{ .Values.network.airflow.worker.port }} args: ["worker"] diff --git a/charts/shipyard/templates/deployment-shipyard.yaml b/charts/shipyard/templates/deployment-shipyard.yaml index 28c7fe00..158420e0 100644 --- a/charts/shipyard/templates/deployment-shipyard.yaml +++ b/charts/shipyard/templates/deployment-shipyard.yaml @@ -1,4 +1,4 @@ -# Copyright 2017 The Openstack-Helm Authors. +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/charts/shipyard/templates/etc/_airflow.cfg.tpl b/charts/shipyard/templates/etc/_airflow.cfg.tpl index 784486f7..d04bc2b5 100644 --- a/charts/shipyard/templates/etc/_airflow.cfg.tpl +++ b/charts/shipyard/templates/etc/_airflow.cfg.tpl @@ -1,4 +1,4 @@ -# Copyright 2017 The Openstack-Helm Authors. +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/charts/shipyard/templates/ingress-airflow-api.yaml b/charts/shipyard/templates/ingress-airflow-api.yaml index 3822cce2..73a2b6d6 100644 --- a/charts/shipyard/templates/ingress-airflow-api.yaml +++ b/charts/shipyard/templates/ingress-airflow-api.yaml @@ -1,5 +1,5 @@ {{/* -Copyright 2017 The Openstack-Helm Authors. +Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/shipyard/templates/ingress-shipyard-api.yaml b/charts/shipyard/templates/ingress-shipyard-api.yaml index d1f10bbd..d5517c80 100644 --- a/charts/shipyard/templates/ingress-shipyard-api.yaml +++ b/charts/shipyard/templates/ingress-shipyard-api.yaml @@ -1,5 +1,5 @@ {{/* -Copyright 2017 The Openstack-Helm Authors. +Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/shipyard/templates/job-airflow-db-init.yaml b/charts/shipyard/templates/job-airflow-db-init.yaml index 474025f0..f07aa38c 100644 --- a/charts/shipyard/templates/job-airflow-db-init.yaml +++ b/charts/shipyard/templates/job-airflow-db-init.yaml @@ -1,5 +1,5 @@ {{/* -Copyright 2017 The Openstack-Helm Authors. +Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -42,21 +42,38 @@ spec: imagePullPolicy: {{ .Values.images.pull_policy | quote }} {{ tuple $envAll $envAll.Values.pod.resources.jobs.airflow_db_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} env: - - name: DB_CONNECTION + - name: AIRFLOW_DB_URL valueFrom: secretKeyRef: - name: {{ .Values.secrets.postgresql_airflow_db.admin }} - key: DB_CONNECTION_AIRFLOW + name: {{ .Values.secrets.postgresql_airflow_db.user }} + key: AIRFLOW_DATABASE_URI - name: AIRFLOW_CONFIG_FILE value: /etc/airflow/airflow.cfg - name: DB_NAME - value: {{ .Values.database.postgresql_airflow.db_name }} - - name: DB_USER - value: {{ .Values.endpoints.postgresql_airflow_db.auth.user.username }} - - name: DB_PASS - value: {{ .Values.endpoints.postgresql_airflow_db.auth.user.password }} - - name: ROOT_DB_USER - value: {{ .Values.database.postgresql_airflow.db_root_user }} + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql_airflow_db.user }} + key: AIRFLOW_DATABASE_NAME + - name: DB_SERVICE_USER + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql_airflow_db.user }} + key: AIRFLOW_DATABASE_USERNAME + - name: DB_SERVICE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql_airflow_db.user }} + key: AIRFLOW_DATABASE_PASSWORD + - name: DB_ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql_airflow_db.admin }} + key: AIRFLOW_DATABASE_USERNAME + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql_airflow_db.admin }} + key: AIRFLOW_DATABASE_PASSWORD command: - /tmp/airflow-db-init.sh volumeMounts: diff --git a/charts/shipyard/templates/job-airflow-db-sync.yaml b/charts/shipyard/templates/job-airflow-db-sync.yaml index 05da678d..e1c4bf4a 100644 --- a/charts/shipyard/templates/job-airflow-db-sync.yaml +++ b/charts/shipyard/templates/job-airflow-db-sync.yaml @@ -1,5 +1,5 @@ {{/* -Copyright 2017 The Openstack-Helm Authors. +Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/shipyard/templates/job-ks-endpoints.yaml b/charts/shipyard/templates/job-ks-endpoints.yaml index d3b05d12..db51f465 100644 --- a/charts/shipyard/templates/job-ks-endpoints.yaml +++ b/charts/shipyard/templates/job-ks-endpoints.yaml @@ -1,3 +1,5 @@ +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/charts/shipyard/templates/job-ks-service.yaml b/charts/shipyard/templates/job-ks-service.yaml index 3e2c6808..aaaa2f7c 100644 --- a/charts/shipyard/templates/job-ks-service.yaml +++ b/charts/shipyard/templates/job-ks-service.yaml @@ -1,3 +1,5 @@ +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/charts/shipyard/templates/job-ks-user.yaml b/charts/shipyard/templates/job-ks-user.yaml index d1d39146..7c173319 100644 --- a/charts/shipyard/templates/job-ks-user.yaml +++ b/charts/shipyard/templates/job-ks-user.yaml @@ -1,3 +1,5 @@ +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/charts/shipyard/templates/job-shipyard-db-init.yaml b/charts/shipyard/templates/job-shipyard-db-init.yaml index 6ee5afdf..bbcb7cc5 100644 --- a/charts/shipyard/templates/job-shipyard-db-init.yaml +++ b/charts/shipyard/templates/job-shipyard-db-init.yaml @@ -1,5 +1,5 @@ {{/* -Copyright 2017 The Openstack-Helm Authors. +Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -44,23 +44,43 @@ spec: imagePullPolicy: {{ .Values.images.pull_policy | quote }} {{ tuple $envAll $envAll.Values.pod.resources.jobs.shipyard_db_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} env: - - name: ROOT_DB_CONNECTION + - name: SHIPYARD_DB_URL valueFrom: secretKeyRef: - name: {{ .Values.secrets.postgresql_shipyard_db.admin }} - key: DB_CONNECTION_SHIPYARD + name: {{ .Values.secrets.postgresql_shipyard_db.user }} + key: SHIPYARD_DATABASE_URI - name: SHIPYARD_CONFIG_FILE value: /etc/shipyard/shipyard.conf - name: DB_NAME - value: {{ .Values.database.postgresql_shipyard.db_name }} - - name: DB_USER - value: {{ .Values.endpoints.postgresql_shipyard_db.auth.user.username }} - - name: DB_PASS - value: {{ .Values.endpoints.postgresql_shipyard_db.auth.user.password }} - - name: ROOT_DB_USER - value: {{ .Values.database.postgresql_shipyard.db_root_user }} + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql_shipyard_db.user }} + key: SHIPYARD_DATABASE_NAME + - name: DB_SERVICE_USER + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql_shipyard_db.user }} + key: SHIPYARD_DATABASE_USERNAME + - name: DB_SERVICE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql_shipyard_db.user }} + key: SHIPYARD_DATABASE_PASSWORD + - name: DB_ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql_shipyard_db.admin }} + key: SHIPYARD_DATABASE_USERNAME + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql_shipyard_db.admin }} + key: SHIPYARD_DATABASE_PASSWORD - name: AIRFLOW_DB_USER - value: {{ .Values.endpoints.postgresql_airflow_db.auth.user.username }} + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql_airflow_db.user }} + key: AIRFLOW_DATABASE_USERNAME command: - /tmp/shipyard-db-init.sh volumeMounts: diff --git a/charts/shipyard/templates/job-shipyard-db-sync.yaml b/charts/shipyard/templates/job-shipyard-db-sync.yaml index a4498e28..91c941f6 100644 --- a/charts/shipyard/templates/job-shipyard-db-sync.yaml +++ b/charts/shipyard/templates/job-shipyard-db-sync.yaml @@ -1,5 +1,5 @@ {{/* -Copyright 2017 The Openstack-Helm Authors. +Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -44,19 +44,28 @@ spec: imagePullPolicy: {{ .Values.images.pull_policy }} {{ tuple $envAll $envAll.Values.pod.resources.jobs.shipyard_db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} env: - - name: ROOT_DB_CONNECTION + - name: SHIPYARD_DB_URL valueFrom: secretKeyRef: - name: {{ .Values.secrets.postgresql_shipyard_db.admin }} - key: DB_CONNECTION_SHIPYARD + name: {{ .Values.secrets.postgresql_shipyard_db.user }} + key: SHIPYARD_DATABASE_URI - name: SHIPYARD_CONFIG_FILE value: /etc/shipyard/shipyard.conf - name: DB_NAME - value: {{ .Values.database.postgresql_shipyard.db_name }} - - name: DB_USER - value: {{ .Values.endpoints.postgresql_shipyard_db.auth.user.username }} - - name: DB_PASS - value: {{ .Values.endpoints.postgresql_shipyard_db.auth.user.password }} + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql_shipyard_db.user }} + key: SHIPYARD_DATABASE_NAME + - name: DB_SERVICE_USER + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql_shipyard_db.user }} + key: SHIPYARD_DATABASE_USERNAME + - name: DB_SERVICE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql_shipyard_db.user }} + key: SHIPYARD_DATABASE_PASSWORD command: - /tmp/shipyard-db-sync.sh volumeMounts: diff --git a/charts/shipyard/templates/secret-airflow-db.yaml b/charts/shipyard/templates/secret-airflow-db.yaml index b26212fd..fcccd659 100644 --- a/charts/shipyard/templates/secret-airflow-db.yaml +++ b/charts/shipyard/templates/secret-airflow-db.yaml @@ -1,5 +1,5 @@ {{/* -Copyright 2017 The Openstack-Helm Authors. +Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -18,6 +18,7 @@ limitations under the License. {{- $envAll := . }} {{- range $key1, $userClass := tuple "admin" "user" }} {{- $secretName := index $envAll.Values.secrets.postgresql_airflow_db $userClass }} +{{- $auth := index $envAll.Values.endpoints.postgresql_airflow_db.auth $userClass }} --- apiVersion: v1 kind: Secret @@ -25,6 +26,14 @@ metadata: name: {{ $secretName }} type: Opaque data: - DB_CONNECTION_AIRFLOW: {{ tuple "postgresql_airflow_db" "internal" $userClass "postgresql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} + AIRFLOW_DATABASE_NAME: |- +{{ $auth.database | default "" | b64enc | indent 4 }} + AIRFLOW_DATABASE_PASSWORD: |- +{{ $auth.password | b64enc | indent 4 }} + AIRFLOW_DATABASE_USERNAME: |- +{{ $auth.username | b64enc | indent 4 }} + AIRFLOW_DATABASE_URI: |- +{{ tuple "postgresql_airflow_db" "internal" "user" "postgresql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc | indent 4 }} +... {{- end }} {{- end }} diff --git a/charts/shipyard/templates/secret-keystone-env.yaml b/charts/shipyard/templates/secret-keystone-env.yaml index 94ea6e74..16dffe39 100644 --- a/charts/shipyard/templates/secret-keystone-env.yaml +++ b/charts/shipyard/templates/secret-keystone-env.yaml @@ -1,15 +1,17 @@ {{/* -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. */}} {{- if .Values.manifests.secret_keystone }} {{- $envAll := . }} diff --git a/charts/shipyard/templates/secret-shipyard-db.yaml b/charts/shipyard/templates/secret-shipyard-db.yaml index 0ddc6ef5..1d290c18 100644 --- a/charts/shipyard/templates/secret-shipyard-db.yaml +++ b/charts/shipyard/templates/secret-shipyard-db.yaml @@ -1,5 +1,5 @@ {{/* -Copyright 2017 The Openstack-Helm Authors. +Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -18,6 +18,7 @@ limitations under the License. {{- $envAll := . }} {{- range $key1, $userClass := tuple "admin" "user" }} {{- $secretName := index $envAll.Values.secrets.postgresql_shipyard_db $userClass }} +{{- $auth := index $envAll.Values.endpoints.postgresql_shipyard_db.auth $userClass }} --- apiVersion: v1 kind: Secret @@ -25,6 +26,14 @@ metadata: name: {{ $secretName }} type: Opaque data: - DB_CONNECTION_SHIPYARD: {{ tuple "postgresql_shipyard_db" "internal" $userClass "postgresql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} + SHIPYARD_DATABASE_NAME: |- +{{ $auth.database | default "" | b64enc | indent 4 }} + SHIPYARD_DATABASE_PASSWORD: |- +{{ $auth.password | b64enc | indent 4 }} + SHIPYARD_DATABASE_USERNAME: |- +{{ $auth.username | b64enc | indent 4 }} + SHIPYARD_DATABASE_URI: |- +{{ tuple "postgresql_shipyard_db" "internal" "user" "postgresql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc | indent 4 }} +... {{- end }} {{- end }} diff --git a/charts/shipyard/templates/service-airflow-flower.yaml b/charts/shipyard/templates/service-airflow-flower.yaml index a04386d4..1dd00b2e 100644 --- a/charts/shipyard/templates/service-airflow-flower.yaml +++ b/charts/shipyard/templates/service-airflow-flower.yaml @@ -1,5 +1,5 @@ {{/* -Copyright 2017 The Openstack-Helm Authors. +Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/shipyard/templates/service-airflow-ingress.yaml b/charts/shipyard/templates/service-airflow-ingress.yaml index 2d293e6d..bcb1a45a 100644 --- a/charts/shipyard/templates/service-airflow-ingress.yaml +++ b/charts/shipyard/templates/service-airflow-ingress.yaml @@ -1,5 +1,5 @@ {{/* -Copyright 2017 The Openstack-Helm Authors. +Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/shipyard/templates/service-airflow-web.yaml b/charts/shipyard/templates/service-airflow-web.yaml index 79612df8..f5fe8d4f 100644 --- a/charts/shipyard/templates/service-airflow-web.yaml +++ b/charts/shipyard/templates/service-airflow-web.yaml @@ -1,5 +1,5 @@ {{/* -Copyright 2017 The Openstack-Helm Authors. +Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/shipyard/templates/service-shipyard-ingress.yaml b/charts/shipyard/templates/service-shipyard-ingress.yaml index e670423a..01794dc4 100644 --- a/charts/shipyard/templates/service-shipyard-ingress.yaml +++ b/charts/shipyard/templates/service-shipyard-ingress.yaml @@ -1,5 +1,5 @@ {{/* -Copyright 2017 The Openstack-Helm Authors. +Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/shipyard/templates/service-shipyard.yaml b/charts/shipyard/templates/service-shipyard.yaml index f9c14fcc..f037fafb 100644 --- a/charts/shipyard/templates/service-shipyard.yaml +++ b/charts/shipyard/templates/service-shipyard.yaml @@ -1,5 +1,5 @@ {{/* -Copyright 2017 The Openstack-Helm Authors. +Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/shipyard/values.yaml b/charts/shipyard/values.yaml index 5b2d1fef..96ea5586 100644 --- a/charts/shipyard/values.yaml +++ b/charts/shipyard/values.yaml @@ -1,4 +1,4 @@ -# Copyright 2017 The Openstack-Helm Authors. +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -213,10 +213,11 @@ endpoints: auth: admin: username: postgres - password: postgres + password: password user: username: shipyard password: password + database: shipyard hosts: default: postgresql path: /shipyard @@ -231,10 +232,11 @@ endpoints: auth: admin: username: postgres - password: postgres + password: password user: username: airflow password: password + database: airflow hosts: default: postgresql path: /airflow @@ -281,14 +283,6 @@ secrets: admin: airflow-db-admin user: airflow-db-user -database: - postgresql_airflow: - db_name: airflow - db_root_user: postgres - postgresql_shipyard: - db_name: shipyard - db_root_user: postgres - conf: uwsgi: threads: 1