Browse Source

Implement: ranger helm charts and supporting change for agent

This is an effort to implement helm charts for ranger component
Included integration changes needed in ranger-agent

 Signed-off-by: Hari Om Singh<hosingh000@gmail.com>

Change-Id: I27911d134882365a29b7ffcf1f7ab2e38cf717be
hosingh000 11 months ago
parent
commit
bdac1be107
33 changed files with 1690 additions and 32 deletions
  1. 16
    18
      ranger-agent/templates/configmap-etc.yaml
  2. 6
    2
      ranger-agent/templates/deployment-ranger-agent-api.yaml
  3. 6
    2
      ranger-agent/templates/deployment-ranger-agent-engine.yaml
  4. 20
    0
      ranger-agent/templates/job-ks-user-ranger.yaml
  5. 19
    0
      ranger-agent/templates/secret-ingress-tls.yaml
  6. 1
    1
      ranger-agent/templates/secret-keystone.yaml
  7. 54
    9
      ranger-agent/values.yaml
  8. 22
    0
      ranger/Chart.yaml
  9. 18
    0
      ranger/requirements.yaml
  10. 21
    0
      ranger/templates/bin/_db-sync.sh.tpl
  11. 44
    0
      ranger/templates/bin/_health-check.sh.tpl
  12. 65
    0
      ranger/templates/bin/_ranger-services.sh.tpl
  13. 19
    0
      ranger/templates/bin/_ranger-test.sh.tpl
  14. 39
    0
      ranger/templates/configmap-bin.yaml
  15. 70
    0
      ranger/templates/configmap-etc.yaml
  16. 167
    0
      ranger/templates/deployment-ranger-services.yaml
  17. 51
    0
      ranger/templates/ingress-ranger.yaml
  18. 20
    0
      ranger/templates/job-db-drop.yaml
  19. 20
    0
      ranger/templates/job-db-init.yaml
  20. 20
    0
      ranger/templates/job-db-sync.yaml
  21. 20
    0
      ranger/templates/job-image-repo-sync.yaml
  22. 29
    0
      ranger/templates/pdb-api.yaml
  23. 59
    0
      ranger/templates/pod-test.yaml
  24. 30
    0
      ranger/templates/secret-db.yaml
  25. 23
    0
      ranger/templates/secret-ingress-tls.yaml
  26. 34
    0
      ranger/templates/secret-ssh-key.yaml
  27. 20
    0
      ranger/templates/service-ingress-cms.yaml
  28. 20
    0
      ranger/templates/service-ingress-fms.yaml
  29. 20
    0
      ranger/templates/service-ingress-ims.yaml
  30. 21
    0
      ranger/templates/service-ingress-rds.yaml
  31. 20
    0
      ranger/templates/service-ingress-rms.yaml
  32. 180
    0
      ranger/templates/service-ranger.yaml
  33. 516
    0
      ranger/values.yaml

+ 16
- 18
ranger-agent/templates/configmap-etc.yaml View File

@@ -18,50 +18,48 @@ limitations under the License.
18 18
 {{- $envAll := . }}
19 19
 
20 20
 {{- if empty .Values.conf.ranger_agent.database.connection -}}
21
-{{- tuple "oslo_db" "internal" "ranger_agent" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ranger_agent.database "connection" | quote | trunc 0 -}}
21
+{{- $_ := tuple "oslo_db" "internal" "ranger_agent" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ranger_agent.database "connection" -}}
22 22
 {{- end -}}
23 23
 {{- if empty .Values.conf.ranger_agent.DEFAULT.transport_url -}}
24
-{{- tuple "oslo_messaging" "internal" "ranger-agent" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ranger_agent.DEFAULT "transport_url" | quote | trunc 0 -}}
24
+{{- $_ := tuple "oslo_messaging" "internal" "ranger-agent" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ranger_agent.DEFAULT "transport_url" -}}
25 25
 {{- end -}}
26 26
 {{- if empty .Values.conf.ranger_agent.orm.rds_listener_endpoint -}}
27
-{{- tuple "ranger_rds" "public" "rds" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ranger_agent.orm "rds_listener_endpoint" | quote | trunc 0 -}}
27
+{{- $_ := tuple "ranger_rds" "public" "rds" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ranger_agent.orm "rds_listener_endpoint" -}}
28 28
 {{- end -}}
29 29
 {{- if empty .Values.conf.ranger_agent.DEFAULT.ord_server_url -}}
30
-{{- tuple "ranger_agent" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix .Values.endpoints.ranger_agent.path.default | set .Values.conf.ranger_agent.DEFAULT "ord_server_url" | quote | trunc 0 -}}
30
+{{- $_ := tuple "ranger_agent" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix .Values.endpoints.ranger_agent.path.default | set .Values.conf.ranger_agent.DEFAULT "ord_server_url" -}}
31 31
 {{- end -}}
32 32
 {{- if empty .Values.conf.ranger_agent.keystone_authtoken.username -}}
33
-{{- set .Values.conf.ranger_agent.keystone_authtoken "username" .Values.endpoints.identity.auth.ranger_agent.username | quote | trunc 0 -}}
33
+{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "username" .Values.endpoints.identity.auth.ranger_agent.username -}}
34 34
 {{- end -}}
35 35
 {{- if empty .Values.conf.ranger_agent.keystone_authtoken.password -}}
36
-{{- set .Values.conf.ranger_agent.keystone_authtoken "password" .Values.endpoints.identity.auth.ranger_agent.password | quote | trunc 0 -}}
36
+{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "password" .Values.endpoints.identity.auth.ranger_agent.password -}}
37 37
 {{- end -}}
38 38
 {{- if empty .Values.conf.ranger_agent.keystone_authtoken.project_name -}}
39
-{{- set .Values.conf.ranger_agent.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ranger_agent.project_name | quote | trunc 0 -}}
39
+{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ranger_agent.project_name -}}
40 40
 {{- end -}}
41 41
 {{- if empty .Values.conf.ranger_agent.keystone_authtoken.auth_url -}}
42
-{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ranger_agent.keystone_authtoken "auth_url" | quote | trunc 0 -}}
42
+{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ranger_agent.keystone_authtoken "auth_url" -}}
43 43
 {{- end -}}
44 44
 {{- if empty .Values.conf.ranger_agent.DEFAULT.region -}}
45
-{{- set .Values.conf.ranger_agent.DEFAULT "region" .Values.endpoints.identity.auth.ranger_agent.region_name | quote | trunc 0 -}}
45
+{{- $_ := set .Values.conf.ranger_agent.DEFAULT "region" .Values.endpoints.identity.auth.ranger_agent.region_name -}}
46 46
 {{- end -}}
47 47
 {{- if empty .Values.conf.ranger_agent.api.port -}}
48
-{{- tuple "ranger-agent" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger_agent.api "port" | quote | trunc 0 -}}
48
+{{- $_ := tuple "ranger-agent" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger_agent.api "port" -}}
49 49
 {{- end -}}
50 50
 {{- if empty .Values.conf.ranger_agent.keystone_authtoken.project_domain_name -}}
51
-{{- set .Values.conf.ranger_agent.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.ranger_agent.project_domain_name | quote | trunc 0 -}}
51
+{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.ranger_agent.project_domain_name -}}
52 52
 {{- end -}}
53 53
 {{- if empty .Values.conf.ranger_agent.keystone_authtoken.user_domain_name -}}
54
-{{- set .Values.conf.ranger_agent.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.ranger_agent.user_domain_name | quote | trunc 0 -}}
54
+{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.ranger_agent.user_domain_name -}}
55 55
 {{- end -}}
56
-
57 56
 ---
58 57
 apiVersion: v1
59
-kind: ConfigMap
58
+kind: Secret
60 59
 metadata:
61 60
   name: ranger-agent-etc
61
+type: Opaque
62 62
 data:
63
-  api-paste.ini: |
64
-{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }}
65
-  ranger-agent.conf: |
66
-{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ranger_agent | indent 4 }}
63
+  api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
64
+  ranger-agent.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ranger_agent | b64enc }}
67 65
 {{- end }}

+ 6
- 2
ranger-agent/templates/deployment-ranger-agent-api.yaml View File

@@ -79,6 +79,8 @@ spec:
79 79
            initialDelaySeconds: 30
80 80
            timeoutSeconds: 5
81 81
           volumeMounts:
82
+            - name: pod-etc-ranger-agent
83
+              mountPath: /etc/ranger-agent
82 84
             - name: ranger-agent-bin
83 85
               mountPath: /tmp/ranger-agent-api.sh
84 86
               subPath: ranger-agent-api.sh
@@ -97,13 +99,15 @@ spec:
97 99
               readOnly: true
98 100
 {{ if $mounts_ranger_agent_api.volumeMounts }}{{ toYaml $mounts_ranger_agent_api.volumeMounts | indent 12 }}{{ end }}
99 101
       volumes:
102
+        - name: pod-etc-ranger-agent
103
+          emptyDir: {}
100 104
         - name: ranger-agent-bin
101 105
           configMap:
102 106
             name: ranger-agent-bin
103 107
             defaultMode: 0555
104 108
         - name: ranger-agent-etc
105
-          configMap:
106
-            name: ranger-agent-etc
109
+          secret:
110
+            secretName: ranger-agent-etc
107 111
             defaultMode: 0444
108 112
 {{ if $mounts_ranger_agent_api.volumes}}{{ toYaml $mounts_ranger_agent_api.volumes | indent 8 }}{{ end }}
109 113
 {{- end }}

+ 6
- 2
ranger-agent/templates/deployment-ranger-agent-engine.yaml View File

@@ -104,6 +104,8 @@ spec:
104 104
            initialDelaySeconds: 30
105 105
            timeoutSeconds: 5
106 106
           volumeMounts:
107
+            - name: pod-etc-ranger-agent
108
+              mountPath: /etc/ranger-agent
107 109
             - name: ranger-agent-bin
108 110
               mountPath: /tmp/ranger-agent-engine.sh
109 111
               subPath: ranger-agent-engine.sh
@@ -122,13 +124,15 @@ spec:
122 124
               readOnly: true
123 125
 {{ if $mounts_ranger_agent_engine.volumeMounts }}{{ toYaml $mounts_ranger_agent_engine.volumeMounts | indent 12 }}{{ end }}
124 126
       volumes:
127
+        - name: pod-etc-ranger-agent
128
+          emptyDir: {}
125 129
         - name: ranger-agent-bin
126 130
           configMap:
127 131
             name: ranger-agent-bin
128 132
             defaultMode: 0555
129 133
         - name: ranger-agent-etc
130
-          configMap:
131
-            name: ranger-agent-etc
134
+          secret:
135
+            secretName: ranger-agent-etc
132 136
             defaultMode: 0444
133 137
 {{ if $mounts_ranger_agent_engine.volumes}}{{ toYaml $mounts_ranger_agent_engine.volumes | indent 8 }}{{ end }}
134 138
 {{- end }}

+ 20
- 0
ranger-agent/templates/job-ks-user-ranger.yaml View File

@@ -0,0 +1,20 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if .Values.manifests.job_ks_user_ranger }}
18
+{{- $ksUserJob := dict "envAll" . "serviceName" "ranger-agent" "serviceUser" "ranger" -}}
19
+{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
20
+{{- end }}

+ 19
- 0
ranger-agent/templates/secret-ingress-tls.yaml View File

@@ -0,0 +1,19 @@
1
+{{/*
2
+Copyright 2017-2018 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if .Values.manifests.secret_ingress_tls }}
18
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "ranger-agent" ) }}
19
+{{- end }}

+ 1
- 1
ranger-agent/templates/secret-keystone.yaml View File

@@ -16,7 +16,7 @@ limitations under the License.
16 16
 
17 17
 {{- if .Values.manifests.secret_keystone }}
18 18
 {{- $envAll := . }}
19
-{{- range $key1, $userClass := tuple "admin" "ranger_agent" }}
19
+{{- range $key1, $userClass := tuple "admin" "ranger" "ranger_agent" }}
20 20
 {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
21 21
 ---
22 22
 apiVersion: v1

+ 54
- 9
ranger-agent/values.yaml View File

@@ -66,13 +66,13 @@ conf:
66 66
   ranger_agent:
67 67
     DEFAULT:
68 68
       api_workers: 1
69
-      debug: False
70
-      verbose: True
71
-      pecan_debug: True
69
+      debug: false
70
+      verbose: true
71
+      pecan_debug: true
72 72
       repo_connection_timeout: 120
73 73
       resource_creation_timeout_min: 1200
74 74
       resource_creation_timeout_max: 14400
75
-      log_dir: /var/log/ranger-agent
75
+      use_stderr: true
76 76
       api_paste_config: /etc/ranger-agent/api-paste.ini
77 77
       local_repo: ranger_repo
78 78
       resource_status_check_wait: 15
@@ -174,11 +174,16 @@ dependencies:
174 174
       services:
175 175
         - service: oslo_messaging
176 176
           endpoint: internal
177
+    image_repo_sync:
178
+      services:
179
+        - endpoint: internal
180
+          service: local_image_registry
177 181
 
178 182
 # Names of secrets used  and environmental checks
179 183
 secrets:
180 184
   identity:
181 185
     admin: admin
186
+    ranger: ranger-admin
182 187
     ranger_agent: ranger-agent-admin
183 188
   oslo_db:
184 189
     admin: ranger-agent-db-admin
@@ -186,12 +191,28 @@ secrets:
186 191
   oslo_messaging:
187 192
     admin: ranger-agent-rabbitmq-admin
188 193
     ranger-agent: ranger-agent-rabbitmq-user
194
+  tls:
195
+    ranger-agent:
196
+      api:
197
+        public: ranger-agent
189 198
 
190 199
 # typically overridden by environmental
191 200
 # values, but should include all endpoints
192 201
 # required by this chart
193 202
 endpoints:
194 203
   cluster_domain_suffix: cluster.local
204
+  local_image_registry:
205
+    name: docker-registry
206
+    namespace: docker-registry
207
+    hosts:
208
+      default: localhost
209
+      internal: docker-registry
210
+      node: localhost
211
+    host_fqdn_override:
212
+      default: null
213
+    port:
214
+      registry:
215
+        node: 5000
195 216
   oslo_db:
196 217
     auth:
197 218
       admin:
@@ -239,7 +260,8 @@ endpoints:
239 260
   ranger_rds:
240 261
     name: rds-url
241 262
     hosts:
242
-      default: rds-server
263
+      default: rds
264
+      public: rds-public
243 265
     host_fqdn_override:
244 266
       default: null
245 267
     path:
@@ -249,6 +271,7 @@ endpoints:
249 271
     port:
250 272
       rds:
251 273
         default: 8777
274
+        public: 80
252 275
   identity:
253 276
     name: keystone
254 277
     auth:
@@ -267,9 +290,23 @@ endpoints:
267 290
         project_name: service
268 291
         user_domain_name: default
269 292
         project_domain_name: default
293
+      ranger:
294
+        role:
295
+          - admin
296
+          - admin_support
297
+          - admin_viewer
298
+          - customer_creator
299
+          - flavor_creator
300
+          - admin_image
301
+        region_name: RegionOne
302
+        username: ranger-admin
303
+        password: password
304
+        project_name: service
305
+        user_domain_name: default
306
+        project_domain_name: default
270 307
     hosts:
271
-      default: keystone-api
272
-      public: keystone
308
+      default: keystone
309
+      internal: keystone-api
273 310
     host_fqdn_override:
274 311
       default: null
275 312
     path:
@@ -277,10 +314,9 @@ endpoints:
277 314
     scheme:
278 315
       default: http
279 316
     port:
280
-      admin:
281
-        default: 35357
282 317
       api:
283 318
         default: 80
319
+        internal: 5000
284 320
   image:
285 321
     name: glance
286 322
     hosts:
@@ -316,6 +352,13 @@ endpoints:
316 352
     hosts:
317 353
       default: ranger-api
318 354
       public: ranger-agent
355
+      # NOTE: this chart supports TLS for fqdn over-ridden public
356
+      # endpoints using the following format:
357
+      # public:
358
+      #   host: null
359
+      #   tls:
360
+      #     crt: null
361
+      #     key: null
319 362
     host_fqdn_override:
320 363
       default: null
321 364
     path:
@@ -459,6 +502,7 @@ manifests:
459 502
   secret_keystone: true
460 503
   secret_ssh_key: true
461 504
   secret_rabbitmq: true
505
+  secret_ingress_tls: true
462 506
   job_db_init: true
463 507
   job_db_sync: true
464 508
   job_db_drop: false
@@ -466,6 +510,7 @@ manifests:
466 510
   job_ks_endpoints: true
467 511
   job_ks_service: true
468 512
   job_ks_user: true
513
+  job_ks_user_ranger: true
469 514
   job_rabbit_init: true
470 515
   pdb_api: true
471 516
   pod_test: true

+ 22
- 0
ranger/Chart.yaml View File

@@ -0,0 +1,22 @@
1
+# Licensed under the Apache License, Version 2.0 (the "License");
2
+# you may not use this file except in compliance with the License.
3
+# You may obtain a copy of the License at
4
+#
5
+#     http://www.apache.org/licenses/LICENSE-2.0
6
+#
7
+# Unless required by applicable law or agreed to in writing, software
8
+# distributed under the License is distributed on an "AS IS" BASIS,
9
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10
+# See the License for the specific language governing permissions and
11
+# limitations under the License.
12
+
13
+apiVersion: v1
14
+description: OpenStack-Helm Ranger
15
+name: ranger
16
+version: 0.1.0
17
+icon: https://git.openstack.org/cgit/openstack/ranger/plain/public/images/logo.png
18
+sources:
19
+  - https://git.openstack.org/cgit/openstack/ranger
20
+  - https://git.openstack.org/cgit/openstack/openstack-helm-addons
21
+maintainers:
22
+  - name: OpenStack-Helm Authors

+ 18
- 0
ranger/requirements.yaml View File

@@ -0,0 +1,18 @@
1
+# Copyright 2017 The Openstack-Helm Authors.
2
+#
3
+# Licensed under the Apache License, Version 2.0 (the "License");
4
+# you may not use this file except in compliance with the License.
5
+# You may obtain a copy of the License at
6
+#
7
+#     http://www.apache.org/licenses/LICENSE-2.0
8
+#
9
+# Unless required by applicable law or agreed to in writing, software
10
+# distributed under the License is distributed on an "AS IS" BASIS,
11
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+# See the License for the specific language governing permissions and
13
+# limitations under the License.
14
+
15
+dependencies:
16
+  - name: helm-toolkit
17
+    repository: http://localhost:8879/charts
18
+    version: 0.1.0

+ 21
- 0
ranger/templates/bin/_db-sync.sh.tpl View File

@@ -0,0 +1,21 @@
1
+#!/bin/bash
2
+
3
+{{/*
4
+Copyright 2017 The Openstack-Helm Authors.
5
+
6
+Licensed under the Apache License, Version 2.0 (the "License");
7
+you may not use this file except in compliance with the License.
8
+You may obtain a copy of the License at
9
+
10
+   http://www.apache.org/licenses/LICENSE-2.0
11
+
12
+Unless required by applicable law or agreed to in writing, software
13
+distributed under the License is distributed on an "AS IS" BASIS,
14
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+See the License for the specific language governing permissions and
16
+limitations under the License.
17
+*/}}
18
+
19
+set -ex
20
+
21
+exec ranger-dbsync

+ 44
- 0
ranger/templates/bin/_health-check.sh.tpl View File

@@ -0,0 +1,44 @@
1
+#!/bin/bash
2
+
3
+{{/*
4
+Copyright 2017 The Openstack-Helm Authors.
5
+
6
+Licensed under the Apache License, Version 2.0 (the "License");
7
+you may not use this file except in compliance with the License.
8
+You may obtain a copy of the License at
9
+
10
+   http://www.apache.org/licenses/LICENSE-2.0
11
+
12
+Unless required by applicable law or agreed to in writing, software
13
+distributed under the License is distributed on an "AS IS" BASIS,
14
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+See the License for the specific language governing permissions and
16
+limitations under the License.
17
+*/}}
18
+
19
+set -ex
20
+
21
+COMMAND="${@:-allservicesreadiness}"
22
+
23
+function allservicesreadiness () {
24
+  allservicesliveness
25
+}
26
+
27
+function allservicesliveness () {
28
+  IS_CMS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-cms" {print $8}')
29
+  IS_RMS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-rms" {print $8}')
30
+  IS_IMS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-ims" {print $8}')
31
+  IS_FMS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-fms" {print $8}')
32
+  IS_RDS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-rds" {print $8}')
33
+  IS_UUID_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-uuidgen" {print $8}')
34
+  IS_AUDIT_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-audit" {print $8}')
35
+
36
+  for process in "$IS_UUID_RUNNING" "$IS_AUDIT_RUNNING" "$IS_IMS_RUNNING" "$IS_RMS_RUNNING" "$IS_CMS_RUNNING" "$IS_RDS_RUNNING" "$IS_FMS_RUNNING"; do
37
+    if [ -z "$process" ]; then
38
+      exit 1
39
+    fi
40
+  done
41
+
42
+  exit 0
43
+}
44
+$COMMAND

+ 65
- 0
ranger/templates/bin/_ranger-services.sh.tpl View File

@@ -0,0 +1,65 @@
1
+#!/bin/bash
2
+
3
+{{/*
4
+Copyright 2017 The Openstack-Helm Authors.
5
+
6
+Licensed under the Apache License, Version 2.0 (the "License");
7
+you may not use this file except in compliance with the License.
8
+You may obtain a copy of the License at
9
+
10
+   http://www.apache.org/licenses/LICENSE-2.0
11
+
12
+Unless required by applicable law or agreed to in writing, software
13
+distributed under the License is distributed on an "AS IS" BASIS,
14
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+See the License for the specific language governing permissions and
16
+limitations under the License.
17
+*/}}
18
+
19
+set -ex
20
+
21
+COMMAND="${@:-start}"
22
+
23
+function start () {
24
+
25
+if [ -n "${SSH_KEY}" ] && [ -n "${SSH_KEY_CONFIGURATION}" ];then
26
+    if [[ $(stat -c %F ${USER_HOME}/.ssh) = "directory" ]]; then
27
+      rm -fr ${USER_HOME}/.ssh
28
+    fi
29
+
30
+    mkdir -p ${USER_HOME}/.ssh
31
+    echo -e "${SSH_KEY}" >>${USER_HOME}/.ssh/${SSH_KEY_FILE}
32
+    echo -e "${SSH_KEY_CONFIGURATION}" >>${USER_HOME}/.ssh/config
33
+
34
+    chown ranger: ${USER_HOME}/.ssh
35
+    chmod 0700 -R ${USER_HOME}/.ssh
36
+    chmod 0644 ${USER_HOME}/.ssh/config
37
+    chmod 0600 ${USER_HOME}/.ssh/${SSH_KEY_FILE}
38
+
39
+    git config --global user.name ${REPO_USER}
40
+    git config --global user.email ${REPO_ACCOUNT}
41
+    git clone ${REMOTE_REPO} ${LOCAL_REPO}
42
+fi
43
+
44
+if [ -n "${CERT_LOCATION}" ];then
45
+   echo -e "${CERT_FILE}" >>${CERT_LOCATION}
46
+   chmod 0644 ${CERT_LOCATION}
47
+fi
48
+
49
+  exec ranger-uuidgen &
50
+  exec ranger-audit &
51
+  exec ranger-rms  &
52
+  exec ranger-rds  &
53
+  exec ranger-cms  &
54
+  exec ranger-fms  &
55
+  exec ranger-ims
56
+
57
+}
58
+
59
+function stop() {
60
+
61
+  kill -TERM 1
62
+
63
+}
64
+
65
+$COMMAND

+ 19
- 0
ranger/templates/bin/_ranger-test.sh.tpl View File

@@ -0,0 +1,19 @@
1
+#!/bin/bash
2
+
3
+{{/*
4
+Copyright 2017 The Openstack-Helm Authors.
5
+
6
+Licensed under the Apache License, Version 2.0 (the "License");
7
+you may not use this file except in compliance with the License.
8
+You may obtain a copy of the License at
9
+
10
+    http://www.apache.org/licenses/LICENSE-2.0
11
+
12
+Unless required by applicable law or agreed to in writing, software
13
+distributed under the License is distributed on an "AS IS" BASIS,
14
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+See the License for the specific language governing permissions and
16
+limitations under the License.
17
+*/}}
18
+
19
+set -ex

+ 39
- 0
ranger/templates/configmap-bin.yaml View File

@@ -0,0 +1,39 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if .Values.manifests.configmap_bin }}
18
+{{- $envAll := . }}
19
+---
20
+apiVersion: v1
21
+kind: ConfigMap
22
+metadata:
23
+  name: ranger-bin
24
+data:
25
+  db-init.py: |+
26
+{{- include "helm-toolkit.scripts.db_init" . | indent 4 }}
27
+  db-sync.sh: |+
28
+{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
29
+  db-drop.py: |+
30
+{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }}
31
+  ranger-services.sh: |
32
+{{ tuple "bin/_ranger-services.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
33
+  health-check.sh: |+
34
+{{ tuple "bin/_health-check.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
35
+  ranger-test.sh: |+
36
+{{ tuple "bin/_ranger-test.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
37
+  rabbit-init.sh: |
38
+{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
39
+{{- end }}

+ 70
- 0
ranger/templates/configmap-etc.yaml View File

@@ -0,0 +1,70 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if .Values.manifests.configmap_etc }}
18
+{{- $envAll := . }}
19
+
20
+{{- if empty .Values.conf.ranger.database.connection -}}
21
+{{- $_ := tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ranger.database "connection" -}}
22
+{{- end -}}
23
+{{- if empty .Values.conf.ranger.keystone_authtoken.username -}}
24
+{{- $_ := set .Values.conf.ranger.keystone_authtoken "username" .Values.endpoints.identity.auth.ranger.username -}}
25
+{{- end -}}
26
+{{- if empty .Values.conf.ranger.keystone_authtoken.password -}}
27
+{{- $_ := set .Values.conf.ranger.keystone_authtoken "password" .Values.endpoints.identity.auth.ranger.password -}}
28
+{{- end -}}
29
+{{- if empty .Values.conf.ranger.keystone_authtoken.project_name -}}
30
+{{- $_ := set .Values.conf.ranger.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ranger.project_name -}}
31
+{{- end -}}
32
+{{- if empty .Values.conf.ranger.cli.base_region -}}
33
+{{- $_ := set .Values.conf.ranger.cli "base_region" .Values.endpoints.identity.auth.ranger.region_name -}}
34
+{{- end -}}
35
+{{- if empty .Values.conf.ranger.keystone_authtoken.project_domain_name -}}
36
+{{- $_ := set .Values.conf.ranger.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.ranger.project_domain_name -}}
37
+{{- end -}}
38
+{{- if empty .Values.conf.ranger.keystone_authtoken.user_domain_name -}}
39
+{{- $_ := set .Values.conf.ranger.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.ranger.user_domain_name -}}
40
+{{- end -}}
41
+{{- if empty .Values.conf.ranger.cms.port -}}
42
+{{- $_ := tuple "cms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.cms "port" -}}
43
+{{- end -}}
44
+{{- if empty .Values.conf.ranger.fms.port -}}
45
+{{- $_ := tuple "fms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.fms "port" -}}
46
+{{- end -}}
47
+{{- if empty .Values.conf.ranger.ims.port -}}
48
+{{- $_ := tuple "ims" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.ims "port" -}}
49
+{{- end -}}
50
+{{- if empty .Values.conf.ranger.rms.port -}}
51
+{{- $_ := tuple "rms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.rms "port" -}}
52
+{{- end -}}
53
+{{- if empty .Values.conf.ranger.rds.port -}}
54
+{{- $_ := tuple "rds" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.rds "port" -}}
55
+{{- end -}}
56
+{{- if empty .Values.conf.ranger.uuid.port -}}
57
+{{- $_ := tuple "uuid" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.uuid "port" -}}
58
+{{- end -}}
59
+{{- if empty .Values.conf.ranger.audit.port -}}
60
+{{- $_ := tuple "audit" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.audit "port" -}}
61
+{{- end -}}
62
+---
63
+apiVersion: v1
64
+kind: Secret
65
+metadata:
66
+  name: ranger-etc
67
+type: Opaque
68
+data:
69
+  ranger.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ranger | b64enc }}
70
+{{- end }}

+ 167
- 0
ranger/templates/deployment-ranger-services.yaml View File

@@ -0,0 +1,167 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+{{- if .Values.manifests.deployment_ranger_services }}
17
+{{- $envAll := . }}
18
+
19
+{{- $mounts_ranger := .Values.pod.mounts.ranger.ranger }}
20
+{{- $mounts_ranger_init := .Values.pod.mounts.ranger.init_container }}
21
+
22
+{{- $serviceAccountName := "ranger-services" }}
23
+{{ tuple $envAll "ranger" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
24
+---
25
+apiVersion: apps/v1beta1
26
+kind: Deployment
27
+metadata:
28
+  name: {{ $serviceAccountName }}
29
+spec:
30
+  replicas: {{ .Values.pod.replicas.ranger }}
31
+{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
32
+  template:
33
+    metadata:
34
+      labels:
35
+{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
36
+      annotations:
37
+        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
38
+        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
39
+    spec:
40
+      serviceAccountName: {{ $serviceAccountName }}
41
+      dnsPolicy: ClusterFirstWithHostNet
42
+      hostNetwork: true
43
+      affinity:
44
+{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
45
+      nodeSelector:
46
+        {{ .Values.labels.ranger.node_selector_key }}: {{ .Values.labels.ranger.node_selector_value }}
47
+      terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.ranger.timeout | default "30" }}
48
+      initContainers:
49
+{{ tuple $envAll "ranger" $mounts_ranger_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
50
+      containers:
51
+        - name: ranger-services
52
+          image: {{ .Values.images.tags.ranger }}
53
+          imagePullPolicy: {{ .Values.images.pull_policy }}
54
+{{ tuple $envAll $envAll.Values.pod.resources.ranger | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
55
+          securityContext:
56
+            runAsUser: {{ .Values.pod.user.ranger.uid }}
57
+          env:
58
+            - name: USER
59
+              valueFrom:
60
+                secretKeyRef:
61
+                  name: ranger-ssh-secret
62
+                  key: USER
63
+            - name: USER_HOME
64
+              valueFrom:
65
+                secretKeyRef:
66
+                  name: ranger-ssh-secret
67
+                  key: USER_HOME
68
+            - name: SSH_KEY_FILE
69
+              valueFrom:
70
+                secretKeyRef:
71
+                  name: ranger-ssh-secret
72
+                  key: SSH_KEY_FILE
73
+            - name: SSH_KEY
74
+              valueFrom:
75
+                secretKeyRef:
76
+                  name: ranger-ssh-secret
77
+                  key: RANGER_PRIVATE_KEY
78
+            - name: SSH_KEY_CONFIGURATION
79
+              valueFrom:
80
+                secretKeyRef:
81
+                  name: ranger-ssh-secret
82
+                  key: RANGER_SSH_CONFIG
83
+            - name: REPO_USER
84
+              value: {{ .Values.conf.ranger.rds.repo_user }}
85
+            - name: REPO_ACCOUNT
86
+              value: {{ .Values.conf.ranger.rds.repo_email }}
87
+            - name: LOCAL_REPO
88
+              value: {{ .Values.conf.ranger.rds.repo_local_location }}
89
+            - name: REMOTE_REPO
90
+              value: {{ .Values.conf.ranger.rds.repo_remote_location }}
91
+          {{- if .Values.conf.ranger.DEFAULT.ranger_agent_https_enable }}
92
+            - name: CERT_LOCATION
93
+              value: {{ .Values.conf.ranger.DEFAULT.ranger_agent_client_cert_path }}
94
+            - name: CERT_FILE
95
+              valueFrom:
96
+                secretKeyRef:
97
+                  name: ranger-ssh-secret
98
+                  key: CERT_FILE
99
+          {{- end }}
100
+            - name: CMS_SERVICE_URL
101
+              value: {{ tuple "cms" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
102
+          command:
103
+            - /tmp/ranger-services.sh
104
+            - start
105
+          lifecycle:
106
+            preStop:
107
+              exec:
108
+                command:
109
+                  - stop
110
+          ports:
111
+            - name: cms
112
+              containerPort: {{ tuple "cms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
113
+            - name: ims
114
+              containerPort: {{ tuple "ims" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
115
+            - name: fms
116
+              containerPort: {{ tuple "fms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
117
+            - name: rms
118
+              containerPort: {{ tuple "rms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
119
+            - name: rds
120
+              containerPort: {{ tuple "rds" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
121
+            - name: uuid
122
+              containerPort: {{ tuple "uuid" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
123
+            - name: audit
124
+              containerPort: {{ tuple "audit" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
125
+          livenessProbe:
126
+            initialDelaySeconds: 30
127
+            timeoutSeconds: 10
128
+            exec:
129
+              command:
130
+              - /tmp/health-check.sh
131
+              - allservicesliveness
132
+          readinessProbe:
133
+            initialDelaySeconds: 30
134
+            timeoutSeconds: 10
135
+            exec:
136
+              command:
137
+              - /tmp/health-check.sh
138
+              - allservicesreadiness
139
+          volumeMounts:
140
+            - name: pod-etc-ranger
141
+              mountPath: /etc/ranger
142
+            - name: ranger-bin
143
+              mountPath: /tmp/ranger-services.sh
144
+              subPath: ranger-services.sh
145
+              readOnly: true
146
+            - name: ranger-bin
147
+              mountPath: /tmp/health-check.sh
148
+              subPath: health-check.sh
149
+              readOnly: true
150
+            - name: ranger-etc
151
+              mountPath: /etc/ranger/ranger.conf
152
+              subPath: ranger.conf
153
+              readOnly: true
154
+{{ if $mounts_ranger.volumeMounts }}{{ toYaml $mounts_ranger.volumeMounts | indent 12 }}{{ end }}
155
+      volumes:
156
+        - name: pod-etc-ranger
157
+          emptyDir: {}
158
+        - name: ranger-bin
159
+          configMap:
160
+            name: ranger-bin
161
+            defaultMode: 0555
162
+        - name: ranger-etc
163
+          secret:
164
+            secretName: ranger-etc
165
+            defaultMode: 0444
166
+{{ if $mounts_ranger.volumes}}{{ toYaml $mounts_ranger.volumes | indent 8 }}{{ end }}
167
+{{- end }}

+ 51
- 0
ranger/templates/ingress-ranger.yaml View File

@@ -0,0 +1,51 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if and .Values.manifests.ingress_cms .Values.network.cms.ingress.public }}
18
+{{- $ingressOpts := dict "envAll" . "backendService" "cms" "backendServiceType" "cms" "backendPort" "cms" -}}
19
+{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
20
+{{- end }}
21
+
22
+{{- if and .Values.manifests.ingress_fms .Values.network.fms.ingress.public }}
23
+{{- $ingressOpts := dict "envAll" . "backendService" "fms" "backendServiceType" "fms" "backendPort" "fms" -}}
24
+{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
25
+{{- end }}
26
+
27
+{{- if and .Values.manifests.ingress_ims .Values.network.ims.ingress.public }}
28
+{{- $ingressOpts := dict "envAll" . "backendService" "ims" "backendServiceType" "ims" "backendPort" "ims" -}}
29
+{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
30
+{{- end }}
31
+
32
+{{- if and .Values.manifests.ingress_rms .Values.network.rms.ingress.public }}
33
+{{- $ingressOpts := dict "envAll" . "backendService" "rms" "backendServiceType" "rms" "backendPort" "rms" -}}
34
+{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
35
+{{- end }}
36
+
37
+{{- if and .Values.manifests.ingress_rds .Values.network.rds.ingress.public }}
38
+{{- $ingressOpts := dict "envAll" . "backendService" "rds" "backendServiceType" "rds" "backendPort" "rds" -}}
39
+{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
40
+{{- end }}
41
+
42
+{{- if .Values.manifests.ingress_uuid }}
43
+{{- $ingressOpts := dict "envAll" . "backendService" "uuid" "backendServiceType" "uuid" "backendPort" "uuid" -}}
44
+{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
45
+{{- end }}
46
+
47
+{{- if .Values.manifests.ingress_audit }}
48
+{{- $ingressOpts := dict "envAll" . "backendService" "audit" "backendServiceType" "audit" "backendPort" "audit" -}}
49
+{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
50
+{{- end }}
51
+

+ 20
- 0
ranger/templates/job-db-drop.yaml View File

@@ -0,0 +1,20 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if .Values.manifests.job_db_drop }}
18
+{{- $dbInitJob := dict "envAll" . "serviceName" "ranger" -}}
19
+{{ $dbInitJob | include "helm-toolkit.manifests.job_db_drop_mysql" }}
20
+{{- end }}

+ 20
- 0
ranger/templates/job-db-init.yaml View File

@@ -0,0 +1,20 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if .Values.manifests.job_db_init }}
18
+{{- $dbInitJob := dict "envAll" . "serviceName" "ranger" -}}
19
+{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }}
20
+{{- end }}

+ 20
- 0
ranger/templates/job-db-sync.yaml View File

@@ -0,0 +1,20 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if .Values.manifests.job_db_sync }}
18
+{{- $dbSyncJob := dict "envAll" . "serviceName" "ranger" -}}
19
+{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }}
20
+{{- end }}

+ 20
- 0
ranger/templates/job-image-repo-sync.yaml View File

@@ -0,0 +1,20 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
18
+{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "ranger" -}}
19
+{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
20
+{{- end }}

+ 29
- 0
ranger/templates/pdb-api.yaml View File

@@ -0,0 +1,29 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if .Values.manifests.pdb_api }}
18
+{{- $envAll := . }}
19
+---
20
+apiVersion: policy/v1beta1
21
+kind: PodDisruptionBudget
22
+metadata:
23
+  name: ranger
24
+spec:
25
+  minAvailable: {{ .Values.pod.lifecycle.disruption_budget.ranger.min_available }}
26
+  selector:
27
+    matchLabels:
28
+{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
29
+{{- end }}

+ 59
- 0
ranger/templates/pod-test.yaml View File

@@ -0,0 +1,59 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+    http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if .Values.manifests.pod_test }}
18
+{{- $envAll := . }}
19
+
20
+{{- $mounts_tests := .Values.pod.mounts.ranger_tests.ranger_tests }}
21
+{{- $mounts_tests_init := .Values.pod.mounts.ranger_tests.init_container }}
22
+
23
+{{- $serviceAccountName := print $envAll.Release.Name "-test" }}
24
+{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
25
+---
26
+apiVersion: v1
27
+kind: Pod
28
+metadata:
29
+  name: "{{$envAll.Release.Name}}-test"
30
+  annotations:
31
+    "helm.sh/hook": test-success
32
+spec:
33
+  serviceAccountName: {{ $serviceAccountName }}
34
+  nodeSelector:
35
+    {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
36
+  restartPolicy: Never
37
+  initContainers:
38
+{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
39
+  containers:
40
+    - name: {{.Release.Name}}-test
41
+      image: {{ .Values.images.tags.scripted_test }}
42
+      env:
43
+        - name: RANGER_SERVICE_URL
44
+          value: {{ tuple "cms" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
45
+      command:
46
+        - /tmp/ranger-test.sh
47
+      volumeMounts:
48
+        - name: ranger-bin
49
+          mountPath: /tmp/ranger-test.sh
50
+          subPath: ranger-test.sh
51
+          readOnly: true
52
+{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }}
53
+  volumes:
54
+    - name: ranger-bin
55
+      configMap:
56
+        name: ranger-bin
57
+        defaultMode: 0555
58
+{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }}
59
+{{- end }}

+ 30
- 0
ranger/templates/secret-db.yaml View File

@@ -0,0 +1,30 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if .Values.manifests.secret_db }}
18
+{{- $envAll := . }}
19
+{{- range $key1, $userClass := tuple "admin" "ranger" }}
20
+{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
21
+---
22
+apiVersion: v1
23
+kind: Secret
24
+metadata:
25
+  name: {{ $secretName }}
26
+type: Opaque
27
+data:
28
+  DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
29
+{{- end }}
30
+{{- end }}

+ 23
- 0
ranger/templates/secret-ingress-tls.yaml View File

@@ -0,0 +1,23 @@
1
+{{/*
2
+Copyright 2017-2018 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if .Values.manifests.secret_ingress_tls }}
18
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "cms" ) }}
19
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "fms" ) }}
20
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "ims" ) }}
21
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "rms" ) }}
22
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "rds" ) }}
23
+{{- end }}

+ 34
- 0
ranger/templates/secret-ssh-key.yaml View File

@@ -0,0 +1,34 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if .Values.manifests.secret_ssh_key }}
18
+{{- $envAll := . }}
19
+{{- $key_location := .Values.conf.ssh.key_location }}
20
+{{- $secretName := "ranger-ssh-secret" }}
21
+---
22
+apiVersion: v1
23
+kind: Secret
24
+metadata:
25
+  name: {{ $secretName }}
26
+type: Opaque
27
+data:
28
+  USER: {{ .Values.conf.ssh.user | b64enc }}
29
+  USER_HOME: {{ .Values.conf.ssh.user_home | b64enc }}
30
+  SSH_KEY_FILE: {{ .Values.conf.ssh.ssh_key_file | b64enc }}
31
+  RANGER_PRIVATE_KEY: {{ .Values.conf.ssh.ssh_key | default "" | b64enc }}
32
+  RANGER_SSH_CONFIG: {{ .Values.conf.ssh.ssh_config | default "" | b64enc }}
33
+  CERT_FILE: {{ .Values.conf.cert.ranger_agent_client_cert | default "" | b64enc }}
34
+{{- end }}

+ 20
- 0
ranger/templates/service-ingress-cms.yaml View File

@@ -0,0 +1,20 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if and .Values.manifests.service_ingress_cms .Values.network.cms.ingress.public }}
18
+{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "cms" -}}
19
+{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
20
+{{- end }}

+ 20
- 0
ranger/templates/service-ingress-fms.yaml View File

@@ -0,0 +1,20 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if and .Values.manifests.service_ingress_fms .Values.network.fms.ingress.public }}
18
+{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "fms" "backendPort" "fms" -}}
19
+{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
20
+{{- end }}

+ 20
- 0
ranger/templates/service-ingress-ims.yaml View File

@@ -0,0 +1,20 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if and .Values.manifests.service_ingress_ims .Values.network.ims.ingress.public }}
18
+{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "ims" -}}
19
+{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
20
+{{- end }}

+ 21
- 0
ranger/templates/service-ingress-rds.yaml View File

@@ -0,0 +1,21 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if and .Values.manifests.service_ingress_rds .Values.network.rds.ingress.public }}
18
+{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "rds" -}}
19
+{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
20
+{{- end }}
21
+

+ 20
- 0
ranger/templates/service-ingress-rms.yaml View File

@@ -0,0 +1,20 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if and .Values.manifests.service_ingress_rms .Values.network.rms.ingress.public }}
18
+{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "rms" -}}
19
+{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
20
+{{- end }}

+ 180
- 0
ranger/templates/service-ranger.yaml View File

@@ -0,0 +1,180 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+*/}}
16
+
17
+{{- if .Values.manifests.service_cms }}
18
+{{- $envAll := . }}
19
+---
20
+apiVersion: v1
21
+kind: Service
22
+metadata:
23
+  name: {{ tuple "cms" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
24
+spec:
25
+  ports:
26
+  - name: cms
27
+    port: {{ tuple "cms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
28
+    {{- if .Values.network.cms.node_port.enabled }}
29
+    nodePort: {{ .Values.network.cms.node_port.port }}
30
+    {{ end }}
31
+  selector:
32
+{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
33
+  {{ if .Values.network.cms.node_port.enabled }}
34
+  type: NodePort
35
+  {{- if .Values.network.cms.external_policy_local }}
36
+  externalTrafficPolicy: Local
37
+  {{ end }}
38
+  {{ end }}
39
+{{- end }}
40
+
41
+{{- if .Values.manifests.service_fms }}
42
+{{- $envAll := . }}
43
+---
44
+apiVersion: v1
45
+kind: Service
46
+metadata:
47
+  name: {{ tuple "fms" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
48
+spec:
49
+  ports:
50
+  - name: fms
51
+    port: {{ tuple "fms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
52
+    {{- if .Values.network.fms.node_port.enabled }}
53
+    nodePort: {{ .Values.network.fms.node_port.port }}
54
+    {{ end }}
55
+  selector:
56
+{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
57
+  {{ if .Values.network.fms.node_port.enabled }}
58
+  type: NodePort
59
+  {{- if .Values.network.fms.external_policy_local }}
60
+  externalTrafficPolicy: Local
61
+  {{ end }}
62
+  {{ end }}
63
+{{- end }}
64
+
65
+{{- if .Values.manifests.service_ims }}
66
+{{- $envAll := . }}
67
+---
68
+apiVersion: v1
69
+kind: Service
70
+metadata:
71
+  name: {{ tuple "ims" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
72
+spec:
73
+  ports:
74
+  - name: ims
75
+    port: {{ tuple "ims" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
76
+    {{- if .Values.network.ims.node_port.enabled }}
77
+    nodePort: {{ .Values.network.ims.node_port.port }}
78
+    {{ end }}
79
+  selector:
80
+{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
81
+  {{ if .Values.network.ims.node_port.enabled }}
82
+  type: NodePort
83
+  {{- if .Values.network.ims.external_policy_local }}
84
+  externalTrafficPolicy: Local
85
+  {{ end }}
86
+  {{ end }}
87
+{{- end }}
88
+{{- if .Values.manifests.service_rms }}
89
+{{- $envAll := . }}
90
+---
91
+apiVersion: v1
92
+kind: Service
93
+metadata:
94
+  name: {{ tuple "rms" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
95
+spec:
96
+  ports:
97
+  - name: rms
98
+    port: {{ tuple "rms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
99
+    {{- if .Values.network.rms.node_port.enabled }}
100
+    nodePort: {{ .Values.network.rms.node_port.port }}
101
+    {{ end }}
102
+  selector:
103
+{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
104
+  {{ if .Values.network.rms.node_port.enabled }}
105
+  type: NodePort
106
+  {{- if .Values.network.rms.external_policy_local }}
107
+  externalTrafficPolicy: Local
108
+  {{ end }}
109
+  {{ end }}
110
+{{- end }}
111
+{{- if .Values.manifests.service_rds }}
112
+{{- $envAll := . }}
113
+---
114
+apiVersion: v1
115
+kind: Service
116
+metadata:
117
+  name: {{ tuple "rds" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
118
+spec:
119
+  ports:
120
+  - name: rds
121
+    port: {{ tuple "rds" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
122
+    {{- if .Values.network.rds.node_port.enabled }}
123
+    nodePort: {{ .Values.network.rds.node_port.port }}
124
+    {{ end }}
125
+  selector:
126
+{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
127
+  {{ if .Values.network.rds.node_port.enabled }}
128
+  type: NodePort
129
+  {{- if .Values.network.rds.external_policy_local }}
130
+  externalTrafficPolicy: Local
131
+  {{ end }}
132
+  {{ end }}
133
+{{- end }}
134
+{{- if .Values.manifests.service_uuid }}
135
+{{- $envAll := . }}
136
+---
137
+apiVersion: v1
138
+kind: Service
139
+metadata:
140
+  name: {{ tuple "uuid" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
141
+spec:
142
+  ports:
143
+  - name: uuid
144
+    port: {{ tuple "uuid" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
145
+    {{- if .Values.network.uuid.node_port.enabled }}
146
+    nodePort: {{ .Values.network.uuid.node_port.port }}
147
+    {{ end }}
148
+  selector:
149
+{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
150
+  {{ if .Values.network.uuid.node_port.enabled }}
151
+  type: NodePort
152
+  {{- if .Values.network.uuid.external_policy_local }}
153
+  externalTrafficPolicy: Local
154
+  {{ end }}
155
+  {{ end }}
156
+{{- end }}
157
+{{- if .Values.manifests.service_audit }}
158
+{{- $envAll := . }}
159
+---
160
+apiVersion: v1
161
+kind: Service
162
+metadata:
163
+  name: {{ tuple "audit" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
164
+spec:
165
+  ports:
166
+  - name: audit
167
+    port: {{ tuple "audit" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
168
+    {{- if .Values.network.audit.node_port.enabled }}
169
+    nodePort: {{ .Values.network.audit.node_port.port }}
170
+    {{ end }}
171
+  selector:
172
+{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
173
+  {{ if .Values.network.audit.node_port.enabled }}
174
+  type: NodePort
175
+  {{- if .Values.network.audit.external_policy_local }}
176
+  externalTrafficPolicy: Local
177
+  {{ end }}
178
+  {{ end }}
179
+{{- end }}
180
+

+ 516
- 0
ranger/values.yaml View File

@@ -0,0 +1,516 @@
1
+# Copyright 2017 The Openstack-Helm Authors.
2
+#
3
+# Licensed under the Apache License, Version 2.0 (the "License");
4
+# you may not use this file except in compliance with the License.
5
+# You may obtain a copy of the License at
6
+#
7
+#     http://www.apache.org/licenses/LICENSE-2.0
8
+#
9
+# Unless required by applicable law or agreed to in writing, software
10
+# distributed under the License is distributed on an "AS IS" BASIS,
11
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+# See the License for the specific language governing permissions and
13
+# limitations under the License.
14
+
15
+# Default values for ranger.
16
+# This is a YAML-formatted file.
17
+# Declare name/value pairs to be passed into your templates.
18
+# name: value
19
+
20
+release_group: null
21
+
22
+labels:
23
+  ranger:
24
+    node_selector_key: openstack-control-plane
25
+    node_selector_value: enabled
26
+  job:
27
+    node_selector_key: openstack-control-plane
28
+    node_selector_value: enabled
29
+  test:
30
+    node_selector_key: openstack-control-plane
31
+    node_selector_value: enabled
32
+
33
+images:
34
+  tags:
35
+    ranger: docker.io/hosingh000/ranger:0.1.0
36
+    ranger_db_sync: docker.io/hosingh000/ranger:0.1.0
37
+    db_drop: docker.io/openstackhelm/heat:newton
38
+    db_init: docker.io/openstackhelm/heat:newton
39
+    dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
40
+    scripted_test: docker.io/openstackhelm/heat:newton
41
+    image_repo_sync: docker.io/docker:17.07.0
42
+  pull_policy: "IfNotPresent"
43
+  local_registry:
44
+    active: false
45
+    exclude:
46
+      - dep_check
47
+      - image_repo_sync
48
+conf:
49
+  ranger:
50
+    DEFAULT:
51
+      protocol: http
52
+      log_level: INFO
53
+      orm_host: 0.0.0.0
54
+      pecan_debug: True
55
+      ranger_base: '/home/ranger/ranger'
56
+      ssl_verify: False
57
+      log_location: '/var/log/ranger'
58
+      ranger_agent_https_enable: False
59
+      ranger_agent_client_cert_path: ''
60
+    cms:
61
+      log: cms.log
62
+    fms:
63
+      log: fms.log
64
+    ims:
65
+      log: ims.log
66
+    rms:
67
+      log: rms.log
68
+    rds:
69
+      log: rds.log
70
+      repo_local_location: /home/ranger/git_repo
71
+      repo_remote_location: git@127.0.0.1:/home/repo/ORM.git
72
+      repo_user: orm
73
+      repo_email: orm@test.com
74
+    uuid:
75
+      log: uuid.log
76
+    audit:
77
+      log: audit.log
78
+    cli:
79
+      base_region: RegionOne
80
+    database:
81
+      max_retries: -1
82
+    keystone_authtoken:
83
+      auth_type: password
84
+      auth_version: v3
85
+  ssh:
86
+    user: ranger
87
+    user_home: /home/ranger
88
+    ssh_key_file: ranger
89
+    ssh_key: null
90
+    ssh_config: null
91
+  cert:
92
+    ranger_agent_client_cert: null
93
+
94
+network:
95
+  cms:
96
+    ingress:
97
+      public: true
98
+      classes:
99
+        namespace: "nginx"
100
+        cluster: "nginx-cluster"
101
+      annotations:
102
+        nginx.ingress.kubernetes.io/rewrite-target: /
103
+    external_policy_local: false
104
+    node_port:
105
+      enabled: false
106
+      port: 37080
107
+  fms:
108
+    ingress:
109
+      public: true
110
+      classes:
111
+        namespace: "nginx"
112
+        cluster: "nginx-cluster"
113
+      annotations:
114
+        nginx.ingress.kubernetes.io/rewrite-target: /
115
+    external_policy_local: false
116
+    node_port:
117
+      enabled: false
118
+      port: 38082
119
+  ims:
120
+    ingress:
121
+      public: true
122
+      classes:
123
+        namespace: "nginx"
124
+        cluster: "nginx-cluster"
125
+      annotations:
126
+        nginx.ingress.kubernetes.io/rewrite-target: /
127
+    external_policy_local: false
128
+    node_port:
129
+      enabled: false
130
+      port: 38084
131
+  rms:
132
+    ingress:
133
+      public: true
134
+      classes:
135
+        namespace: "nginx"
136
+        cluster: "nginx-cluster"
137
+      annotations:
138
+        nginx.ingress.kubernetes.io/rewrite-target: /
139
+    external_policy_local: false
140
+    node_port:
141
+      enabled: false
142
+      port: 38080
143
+  audit:
144
+    ingress:
145
+      public: true
146
+      classes:
147
+        namespace: "nginx"
148
+        cluster: "nginx-cluster"
149
+      annotations:
150
+        nginx.ingress.kubernetes.io/rewrite-target: /
151
+    external_policy_local: false
152
+    node_port:
153
+      enabled: false
154
+      port: 38776
155
+  rds:
156
+    ingress:
157
+      public: true
158
+      classes:
159
+        namespace: "nginx"
160
+        cluster: "nginx-cluster"
161
+      annotations:
162
+        nginx.ingress.kubernetes.io/rewrite-target: /
163
+    external_policy_local: false
164
+    node_port:
165
+      enabled: false
166
+      port: 38777
167
+  uuid:
168
+    ingress:
169
+      public: true
170
+      classes:
171
+        namespace: "nginx"
172
+        cluster: "nginx-cluster"
173
+      annotations:
174
+        nginx.ingress.kubernetes.io/rewrite-target: /
175
+    external_policy_local: false
176
+    node_port:
177
+      enabled: false
178
+      port: 38090
179
+
180
+
181
+dependencies:
182
+  dynamic:
183
+    common:
184
+      local_image_registry:
185
+        jobs:
186
+          - keystone-image-repo-sync
187
+        services:
188
+          - endpoint: node
189
+            service: local_image_registry
190
+  static:
191
+    ranger:
192
+      jobs:
193
+        - ranger-db-sync
194
+      services:
195
+        - service: oslo_db
196
+          endpoint: internal
197
+    db_sync:
198
+      jobs:
199
+        - ranger-db-init
200
+      services:
201
+        - service: oslo_db
202
+          endpoint: internal
203
+    db_init:
204
+      services:
205
+        - service: oslo_db
206
+          endpoint: internal
207
+    db_drop:
208
+      services:
209
+        - service: oslo_db
210
+          endpoint: internal
211
+    image_repo_sync:
212
+      services:
213
+        - service: local_image_registry
214
+          endpoint: internal
215
+
216
+# Names of secrets used  and environmental checks
217
+secrets:
218
+  oslo_db:
219
+    admin: ranger-db-admin
220
+    ranger: ranger-db-user
221
+  tls:
222
+    cms:
223
+      api:
224
+        public: cms
225
+    fms:
226
+      api:
227
+        public: fms
228
+    ims:
229
+      api:
230
+        public: ims
231
+    rms:
232
+      api:
233
+        public: rms
234
+    rds:
235
+      api:
236
+        public: rds
237
+
238
+# typically overriden by environmental
239
+# values, but should include all endpoints
240
+# required by this chart
241
+endpoints:
242
+  cluster_domain_suffix: cluster.local
243
+  local_image_registry:
244
+    name: docker-registry
245
+    namespace: docker-registry
246
+    hosts:
247
+      default: localhost
248
+      internal: docker-registry
249
+      node: localhost
250
+    host_fqdn_override:
251
+      default: null
252
+    port:
253
+      registry:
254
+      node: 5000
255
+  oslo_db:
256
+    auth:
257
+      admin:
258
+        username: root
259
+        password: password
260
+      ranger:
261
+        username: ranger
262
+        password: password
263
+    hosts:
264
+      default: mariadb
265
+    host_fqdn_override:
266
+      default: null
267
+    path: /orm
268
+    scheme: mysql+pymysql
269
+    port:
270
+      mysql:
271
+        default: 3306
272
+  oslo_cache:
273
+    hosts:
274
+      default: memcached
275
+    host_fqdn_override:
276
+      default: null
277
+    port:
278
+      memcache:
279
+        default: 11211
280
+  cms:
281
+    name: cms
282
+    hosts:
283
+      default: cms-api
284
+      public: cms
285
+      # NOTE: this chart supports TLS for fqdn over-ridden public
286
+      # endpoints using the following format:
287
+      # public:
288
+      #   host: null
289
+      #   tls:
290
+      #     crt: null
291
+      #     key: null
292
+    host_fqdn_override:
293
+      default: null
294
+    path:
295
+      default: /v1/orm/customers
296
+    scheme:
297
+      default: http
298
+    port:
299
+      api:
300
+        default: 7080
301
+        public: 80
302
+  fms:
303
+    name: fms
304
+    hosts:
305
+      default: fms-api
306
+      public: fms
307
+    host_fqdn_override:
308
+      default: null
309
+    path:
310
+      default: /v1/orm/flavors
311
+    scheme:
312
+      default: http
313
+    port:
314
+      api:
315
+        default: 8082
316
+        public: 80
317
+  ims:
318
+    name: ims
319
+    hosts:
320
+      default: ims-api
321
+      public: ims
322
+    host_fqdn_override:
323
+      default: null
324
+    path:
325
+      default: /v1/orm/images
326
+    scheme:
327
+      default: http
328
+    port:
329
+      api:
330
+        default: 8084
331
+        public: 80
332
+  rms:
333
+    name: rms
334
+    hosts:
335
+      default: rms-api
336
+      public: rms
337
+    host_fqdn_override:
338
+      default: null
339
+    path:
340
+      default: /v2/orm/regions
341
+    scheme:
342
+      default: http
343
+    port:
344
+      api:
345
+        default: 7003
346
+        public: 80
347
+  rds:
348
+    name: rds
349
+    hosts:
350
+      default: rds-api
351
+      public: rds
352
+    host_fqdn_override:
353
+      default: null
354
+    path:
355
+      default: /v1/rds/status
356
+    scheme:
357
+      default: http
358
+    port:
359
+      api:
360
+        default: 8777
361
+        public: 80
362
+  uuid:
363
+    name: uuid
364
+    hosts:
365
+      default: uuid-api
366
+    host_fqdn_override:
367
+      default: null
368
+    path:
369
+      default: /v1/uuids
370
+    scheme:
371
+      default: http
372
+    port:
373
+      api:
374
+        default: 7001
375
+  audit:
376
+    name: audit
377
+    hosts:
378
+      default: audit-api
379
+    host_fqdn_override:
380
+      default: null
381
+    path:
382
+      default: /v1/audit/transaction
383
+    scheme:
384
+      default: http
385
+    port:
386
+      api:
387
+        default: 7008
388
+  identity:
389
+    name: keystone
390
+    auth:
391
+      ranger:
392
+        role: admin
393
+        region_name: RegionOne
394
+        username: ranger-admin
395
+        password: password
396
+        project_name: service
397
+        user_domain_name: default
398
+        project_domain_name: default
399
+    hosts:
400
+      default: keystone
401
+      internal: keystone-api
402
+    host_fqdn_override:
403
+      default: null
404
+    path:
405
+      default: /v3
406
+    scheme:
407
+      default: http
408
+    port:
409
+      api:
410
+        default: 80
411
+        internal: 5000
412
+
413
+pod:
414
+  user:
415
+    ranger:
416
+      uid: 1000
417
+  affinity:
418
+    anti:
419
+      type:
420
+        default: preferredDuringSchedulingIgnoredDuringExecution
421
+      topologyKey:
422
+        default: kubernetes.io/hostname
423
+  mounts:
424
+    ranger:
425
+      init_container: null
426
+      ranger:
427
+    ranger_tests:
428
+      init_container: null
429
+      ranger_tests:
430
+  replicas:
431
+    ranger: 1
432
+  lifecycle:
433
+    upgrades:
434
+      deployments:
435
+        revision_history: 3
436
+        pod_replacement_strategy: RollingUpdate
437
+        rolling_update:
438
+          max_unavailable: 1
439
+          max_surge: 3
440
+    disruption_budget:
441
+      ranger:
442
+        min_available: 0
443
+    termination_grace_period:
444
+      ranger:
445
+        timeout: 30
446
+  resources:
447
+    enabled: false
448
+    ranger:
449
+      requests:
450
+        memory: "128Mi"
451
+        cpu: "100m"
452
+      limits:
453
+        memory: "1024Mi"
454
+        cpu: "2000m"
455
+    jobs:
456
+      db_init:
457
+        requests:
458
+          memory: "128Mi"
459
+          cpu: "100m"
460
+        limits:
461
+          memory: "1024Mi"
462
+          cpu: "2000m"
463
+      db_sync:
464
+        requests:
465
+          memory: "128Mi"
466
+          cpu: "100m"
467
+        limits:
468
+          memory: "1024Mi"
469
+          cpu: "2000m"
470
+      db_drop:
471
+        requests:
472
+          memory: "128Mi"
473
+          cpu: "100m"
474
+        limits:
475
+          memory: "1024Mi"
476
+          cpu: "2000m"
477
+      tests:
478
+        requests:
479
+          memory: "128Mi"
480
+          cpu: "100m"
481
+        limits:
482
+          memory: "1024Mi"
483
+          cpu: "2000m"
484
+
485
+manifests:
486
+  configmap_bin: true
487
+  configmap_etc: true
488
+  deployment_ranger_services: true
489
+  ingress_cms: true
490
+  ingress_fms: true
491
+  ingress_rms: true
492
+  ingress_ims: true
493
+  ingress_uuid: true
494
+  ingress_audit: true
495
+  secret_db: true
496
+  secret_ssh_key: true
497
+  secret_ingress_tls: true
498
+  job_db_init: true
499
+  job_db_sync: true
500
+  job_db_drop: false
501
+  job_image_repo_sync: true
502
+  pdb_api: true
503
+  pod_test: true
504
+  service_ingress_cms: true
505
+  service_ingress_fms: true
506
+  service_ingress_ims: true
507
+  service_ingress_rms: true
508
+  service_ingress_rds: true
509
+  service_cms: true
510
+  service_fms: true
511
+  service_ims: true
512
+  service_rms: true
513
+  service_rds: true
514
+  service_uuid: true
515
+  service_audit: true
516
+

Loading…
Cancel
Save