5db6d42050
This patch set brings the shipyard chart to be inline with OSH* RBAC approach used in [0] and [1]. [0] https://review.openstack.org/#/c/526464/52 [1] https://review.openstack.org/#/c/529378/ Change-Id: I608d00a69729e347b4121745e80f1e9760e5f6d4 |
||
---|---|---|
alembic | ||
charts/shipyard | ||
docs | ||
etc/shipyard | ||
generator | ||
images | ||
shipyard_airflow | ||
shipyard_client | ||
tests | ||
tools | ||
.coveragerc | ||
.gitignore | ||
.gitreview | ||
alembic.ini | ||
entrypoint.sh | ||
Makefile | ||
README.md | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
Shipyard
Shipyard is the directed acyclic graph controller for Kubernetes and OpenStack control plane life cycle management, and a component of the Undercloud Platform (UCP)
Shipyard provides the entrypoint for the following aspects of the control plane established by the UCP:
- Designs and Secrets
-
Site designs, including the configuration of bare metal host
nodes, network design, operating systems, Kubernetes nodes,
Armada manifests, Helm charts, and any other descriptors that
define the build out of a group of servers enter the UCP via
Shipyard. Secrets, such as passwords and certificates use the
same mechanism.
The designs and secrets are stored in UCP's Deckhand, providing for version history and secure storage among other document-based conveniences. - Actions
- Interaction with the site's control plane is done via invocation of actions in Shipyard. Each action is backed by a workflow implemented as a directed acyclic graph (DAG) that runs using Apache Airflow. Shipyard provides a mechanism to monitor and control the execution of the workflow.
Intgration Points:
OpenStack Identity (Keystone)
provides authentication and support for role based authorization.
Apache Airflow provides the
framework and automation of workflows provided by Shipyard.
PostgreSQL is used to persist
information to correlate workflows with users and history of workflow
commands.
Deckhand supplies storage
and mangement of site designs and secrets
Drydock is orchestrated by
Shipyard to perform bare metal node provisioning.
Promenade is indirectly
orchestrated by Shipyard to configure and join Kubernetes nodes
Armada is orchestrated by
Shipyard to deploy and test Kubernetes workloads
Getting Started:
Shipyard @ Gerrithub
Helm chart