4991d8f6ff
We are getting the following errors [0] while getting Airflow worker to execute a health check on the underlying K8s cluster. This patch set is meant to grant watch/get/list pods rights to the airflow worker so that it can perform health checks on the K8s cluster. [0] Error messages: [2018-01-23 02:51:32,003] {base_task_runner.py:98} INFO - Subtask: HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure", "message":"pods is forbidden: User \"system:serviceaccount:ucp:airflow-worker\" cannot list pods at the cluster scope","reason":"Forbidden","details":{"kind":"pods"},"code":403} Change-Id: Iede29f605b5d508d0e58c0c2ae74d7d040d5b8ea |
||
---|---|---|
alembic | ||
charts/shipyard | ||
docs | ||
etc/shipyard | ||
generator | ||
images | ||
shipyard_airflow | ||
shipyard_client | ||
tests | ||
tools | ||
.coveragerc | ||
.gitignore | ||
.gitreview | ||
Makefile | ||
README.md | ||
alembic.ini | ||
entrypoint.sh | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
README.md
Shipyard
Shipyard is the directed acyclic graph controller for Kubernetes and OpenStack control plane life cycle management, and a component of the Undercloud Platform (UCP)
Shipyard provides the entrypoint for the following aspects of the control plane established by the UCP:
- Designs and Secrets
-
Site designs, including the configuration of bare metal host
nodes, network design, operating systems, Kubernetes nodes,
Armada manifests, Helm charts, and any other descriptors that
define the build out of a group of servers enter the UCP via
Shipyard. Secrets, such as passwords and certificates use the
same mechanism.
The designs and secrets are stored in UCP's Deckhand, providing for version history and secure storage among other document-based conveniences. - Actions
- Interaction with the site's control plane is done via invocation of actions in Shipyard. Each action is backed by a workflow implemented as a directed acyclic graph (DAG) that runs using Apache Airflow. Shipyard provides a mechanism to monitor and control the execution of the workflow.
Intgration Points:
OpenStack Identity (Keystone)
provides authentication and support for role based authorization.
Apache Airflow provides the
framework and automation of workflows provided by Shipyard.
PostgreSQL is used to persist
information to correlate workflows with users and history of workflow
commands.
Deckhand supplies storage
and mangement of site designs and secrets
Drydock is orchestrated by
Shipyard to perform bare metal node provisioning.
Promenade is indirectly
orchestrated by Shipyard to configure and join Kubernetes nodes
Armada is orchestrated by
Shipyard to deploy and test Kubernetes workloads
Getting Started:
Shipyard @ Gerrithub
Helm chart