Implement: ranger helm charts and supporting change for agent
This is an effort to implement helm charts for ranger component Included integration changes needed in ranger-agent Signed-off-by: Hari Om Singh<hosingh000@gmail.com> Change-Id: I27911d134882365a29b7ffcf1f7ab2e38cf717be
This commit is contained in:
parent
900343f852
commit
bdac1be107
|
@ -18,50 +18,48 @@ limitations under the License.
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
|
|
||||||
{{- if empty .Values.conf.ranger_agent.database.connection -}}
|
{{- if empty .Values.conf.ranger_agent.database.connection -}}
|
||||||
{{- tuple "oslo_db" "internal" "ranger_agent" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ranger_agent.database "connection" | quote | trunc 0 -}}
|
{{- $_ := tuple "oslo_db" "internal" "ranger_agent" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ranger_agent.database "connection" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- if empty .Values.conf.ranger_agent.DEFAULT.transport_url -}}
|
{{- if empty .Values.conf.ranger_agent.DEFAULT.transport_url -}}
|
||||||
{{- tuple "oslo_messaging" "internal" "ranger-agent" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ranger_agent.DEFAULT "transport_url" | quote | trunc 0 -}}
|
{{- $_ := tuple "oslo_messaging" "internal" "ranger-agent" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ranger_agent.DEFAULT "transport_url" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- if empty .Values.conf.ranger_agent.orm.rds_listener_endpoint -}}
|
{{- if empty .Values.conf.ranger_agent.orm.rds_listener_endpoint -}}
|
||||||
{{- tuple "ranger_rds" "public" "rds" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ranger_agent.orm "rds_listener_endpoint" | quote | trunc 0 -}}
|
{{- $_ := tuple "ranger_rds" "public" "rds" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ranger_agent.orm "rds_listener_endpoint" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- if empty .Values.conf.ranger_agent.DEFAULT.ord_server_url -}}
|
{{- if empty .Values.conf.ranger_agent.DEFAULT.ord_server_url -}}
|
||||||
{{- tuple "ranger_agent" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix .Values.endpoints.ranger_agent.path.default | set .Values.conf.ranger_agent.DEFAULT "ord_server_url" | quote | trunc 0 -}}
|
{{- $_ := tuple "ranger_agent" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix .Values.endpoints.ranger_agent.path.default | set .Values.conf.ranger_agent.DEFAULT "ord_server_url" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.username -}}
|
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.username -}}
|
||||||
{{- set .Values.conf.ranger_agent.keystone_authtoken "username" .Values.endpoints.identity.auth.ranger_agent.username | quote | trunc 0 -}}
|
{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "username" .Values.endpoints.identity.auth.ranger_agent.username -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.password -}}
|
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.password -}}
|
||||||
{{- set .Values.conf.ranger_agent.keystone_authtoken "password" .Values.endpoints.identity.auth.ranger_agent.password | quote | trunc 0 -}}
|
{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "password" .Values.endpoints.identity.auth.ranger_agent.password -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.project_name -}}
|
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.project_name -}}
|
||||||
{{- set .Values.conf.ranger_agent.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ranger_agent.project_name | quote | trunc 0 -}}
|
{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ranger_agent.project_name -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.auth_url -}}
|
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.auth_url -}}
|
||||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ranger_agent.keystone_authtoken "auth_url" | quote | trunc 0 -}}
|
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ranger_agent.keystone_authtoken "auth_url" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- if empty .Values.conf.ranger_agent.DEFAULT.region -}}
|
{{- if empty .Values.conf.ranger_agent.DEFAULT.region -}}
|
||||||
{{- set .Values.conf.ranger_agent.DEFAULT "region" .Values.endpoints.identity.auth.ranger_agent.region_name | quote | trunc 0 -}}
|
{{- $_ := set .Values.conf.ranger_agent.DEFAULT "region" .Values.endpoints.identity.auth.ranger_agent.region_name -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- if empty .Values.conf.ranger_agent.api.port -}}
|
{{- if empty .Values.conf.ranger_agent.api.port -}}
|
||||||
{{- tuple "ranger-agent" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger_agent.api "port" | quote | trunc 0 -}}
|
{{- $_ := tuple "ranger-agent" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger_agent.api "port" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.project_domain_name -}}
|
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.project_domain_name -}}
|
||||||
{{- set .Values.conf.ranger_agent.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.ranger_agent.project_domain_name | quote | trunc 0 -}}
|
{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.ranger_agent.project_domain_name -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.user_domain_name -}}
|
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.user_domain_name -}}
|
||||||
{{- set .Values.conf.ranger_agent.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.ranger_agent.user_domain_name | quote | trunc 0 -}}
|
{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.ranger_agent.user_domain_name -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: ranger-agent-etc
|
name: ranger-agent-etc
|
||||||
|
type: Opaque
|
||||||
data:
|
data:
|
||||||
api-paste.ini: |
|
api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
|
||||||
{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }}
|
ranger-agent.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ranger_agent | b64enc }}
|
||||||
ranger-agent.conf: |
|
|
||||||
{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ranger_agent | indent 4 }}
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -79,6 +79,8 @@ spec:
|
||||||
initialDelaySeconds: 30
|
initialDelaySeconds: 30
|
||||||
timeoutSeconds: 5
|
timeoutSeconds: 5
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
- name: pod-etc-ranger-agent
|
||||||
|
mountPath: /etc/ranger-agent
|
||||||
- name: ranger-agent-bin
|
- name: ranger-agent-bin
|
||||||
mountPath: /tmp/ranger-agent-api.sh
|
mountPath: /tmp/ranger-agent-api.sh
|
||||||
subPath: ranger-agent-api.sh
|
subPath: ranger-agent-api.sh
|
||||||
|
@ -97,13 +99,15 @@ spec:
|
||||||
readOnly: true
|
readOnly: true
|
||||||
{{ if $mounts_ranger_agent_api.volumeMounts }}{{ toYaml $mounts_ranger_agent_api.volumeMounts | indent 12 }}{{ end }}
|
{{ if $mounts_ranger_agent_api.volumeMounts }}{{ toYaml $mounts_ranger_agent_api.volumeMounts | indent 12 }}{{ end }}
|
||||||
volumes:
|
volumes:
|
||||||
|
- name: pod-etc-ranger-agent
|
||||||
|
emptyDir: {}
|
||||||
- name: ranger-agent-bin
|
- name: ranger-agent-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: ranger-agent-bin
|
name: ranger-agent-bin
|
||||||
defaultMode: 0555
|
defaultMode: 0555
|
||||||
- name: ranger-agent-etc
|
- name: ranger-agent-etc
|
||||||
configMap:
|
secret:
|
||||||
name: ranger-agent-etc
|
secretName: ranger-agent-etc
|
||||||
defaultMode: 0444
|
defaultMode: 0444
|
||||||
{{ if $mounts_ranger_agent_api.volumes}}{{ toYaml $mounts_ranger_agent_api.volumes | indent 8 }}{{ end }}
|
{{ if $mounts_ranger_agent_api.volumes}}{{ toYaml $mounts_ranger_agent_api.volumes | indent 8 }}{{ end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -104,6 +104,8 @@ spec:
|
||||||
initialDelaySeconds: 30
|
initialDelaySeconds: 30
|
||||||
timeoutSeconds: 5
|
timeoutSeconds: 5
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
- name: pod-etc-ranger-agent
|
||||||
|
mountPath: /etc/ranger-agent
|
||||||
- name: ranger-agent-bin
|
- name: ranger-agent-bin
|
||||||
mountPath: /tmp/ranger-agent-engine.sh
|
mountPath: /tmp/ranger-agent-engine.sh
|
||||||
subPath: ranger-agent-engine.sh
|
subPath: ranger-agent-engine.sh
|
||||||
|
@ -122,13 +124,15 @@ spec:
|
||||||
readOnly: true
|
readOnly: true
|
||||||
{{ if $mounts_ranger_agent_engine.volumeMounts }}{{ toYaml $mounts_ranger_agent_engine.volumeMounts | indent 12 }}{{ end }}
|
{{ if $mounts_ranger_agent_engine.volumeMounts }}{{ toYaml $mounts_ranger_agent_engine.volumeMounts | indent 12 }}{{ end }}
|
||||||
volumes:
|
volumes:
|
||||||
|
- name: pod-etc-ranger-agent
|
||||||
|
emptyDir: {}
|
||||||
- name: ranger-agent-bin
|
- name: ranger-agent-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: ranger-agent-bin
|
name: ranger-agent-bin
|
||||||
defaultMode: 0555
|
defaultMode: 0555
|
||||||
- name: ranger-agent-etc
|
- name: ranger-agent-etc
|
||||||
configMap:
|
secret:
|
||||||
name: ranger-agent-etc
|
secretName: ranger-agent-etc
|
||||||
defaultMode: 0444
|
defaultMode: 0444
|
||||||
{{ if $mounts_ranger_agent_engine.volumes}}{{ toYaml $mounts_ranger_agent_engine.volumes | indent 8 }}{{ end }}
|
{{ if $mounts_ranger_agent_engine.volumes}}{{ toYaml $mounts_ranger_agent_engine.volumes | indent 8 }}{{ end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.job_ks_user_ranger }}
|
||||||
|
{{- $ksUserJob := dict "envAll" . "serviceName" "ranger-agent" "serviceUser" "ranger" -}}
|
||||||
|
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,19 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017-2018 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.secret_ingress_tls }}
|
||||||
|
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "ranger-agent" ) }}
|
||||||
|
{{- end }}
|
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||||
|
|
||||||
{{- if .Values.manifests.secret_keystone }}
|
{{- if .Values.manifests.secret_keystone }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- range $key1, $userClass := tuple "admin" "ranger_agent" }}
|
{{- range $key1, $userClass := tuple "admin" "ranger" "ranger_agent" }}
|
||||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
|
|
|
@ -66,13 +66,13 @@ conf:
|
||||||
ranger_agent:
|
ranger_agent:
|
||||||
DEFAULT:
|
DEFAULT:
|
||||||
api_workers: 1
|
api_workers: 1
|
||||||
debug: False
|
debug: false
|
||||||
verbose: True
|
verbose: true
|
||||||
pecan_debug: True
|
pecan_debug: true
|
||||||
repo_connection_timeout: 120
|
repo_connection_timeout: 120
|
||||||
resource_creation_timeout_min: 1200
|
resource_creation_timeout_min: 1200
|
||||||
resource_creation_timeout_max: 14400
|
resource_creation_timeout_max: 14400
|
||||||
log_dir: /var/log/ranger-agent
|
use_stderr: true
|
||||||
api_paste_config: /etc/ranger-agent/api-paste.ini
|
api_paste_config: /etc/ranger-agent/api-paste.ini
|
||||||
local_repo: ranger_repo
|
local_repo: ranger_repo
|
||||||
resource_status_check_wait: 15
|
resource_status_check_wait: 15
|
||||||
|
@ -174,11 +174,16 @@ dependencies:
|
||||||
services:
|
services:
|
||||||
- service: oslo_messaging
|
- service: oslo_messaging
|
||||||
endpoint: internal
|
endpoint: internal
|
||||||
|
image_repo_sync:
|
||||||
|
services:
|
||||||
|
- endpoint: internal
|
||||||
|
service: local_image_registry
|
||||||
|
|
||||||
# Names of secrets used and environmental checks
|
# Names of secrets used and environmental checks
|
||||||
secrets:
|
secrets:
|
||||||
identity:
|
identity:
|
||||||
admin: admin
|
admin: admin
|
||||||
|
ranger: ranger-admin
|
||||||
ranger_agent: ranger-agent-admin
|
ranger_agent: ranger-agent-admin
|
||||||
oslo_db:
|
oslo_db:
|
||||||
admin: ranger-agent-db-admin
|
admin: ranger-agent-db-admin
|
||||||
|
@ -186,12 +191,28 @@ secrets:
|
||||||
oslo_messaging:
|
oslo_messaging:
|
||||||
admin: ranger-agent-rabbitmq-admin
|
admin: ranger-agent-rabbitmq-admin
|
||||||
ranger-agent: ranger-agent-rabbitmq-user
|
ranger-agent: ranger-agent-rabbitmq-user
|
||||||
|
tls:
|
||||||
|
ranger-agent:
|
||||||
|
api:
|
||||||
|
public: ranger-agent
|
||||||
|
|
||||||
# typically overridden by environmental
|
# typically overridden by environmental
|
||||||
# values, but should include all endpoints
|
# values, but should include all endpoints
|
||||||
# required by this chart
|
# required by this chart
|
||||||
endpoints:
|
endpoints:
|
||||||
cluster_domain_suffix: cluster.local
|
cluster_domain_suffix: cluster.local
|
||||||
|
local_image_registry:
|
||||||
|
name: docker-registry
|
||||||
|
namespace: docker-registry
|
||||||
|
hosts:
|
||||||
|
default: localhost
|
||||||
|
internal: docker-registry
|
||||||
|
node: localhost
|
||||||
|
host_fqdn_override:
|
||||||
|
default: null
|
||||||
|
port:
|
||||||
|
registry:
|
||||||
|
node: 5000
|
||||||
oslo_db:
|
oslo_db:
|
||||||
auth:
|
auth:
|
||||||
admin:
|
admin:
|
||||||
|
@ -239,7 +260,8 @@ endpoints:
|
||||||
ranger_rds:
|
ranger_rds:
|
||||||
name: rds-url
|
name: rds-url
|
||||||
hosts:
|
hosts:
|
||||||
default: rds-server
|
default: rds
|
||||||
|
public: rds-public
|
||||||
host_fqdn_override:
|
host_fqdn_override:
|
||||||
default: null
|
default: null
|
||||||
path:
|
path:
|
||||||
|
@ -249,6 +271,7 @@ endpoints:
|
||||||
port:
|
port:
|
||||||
rds:
|
rds:
|
||||||
default: 8777
|
default: 8777
|
||||||
|
public: 80
|
||||||
identity:
|
identity:
|
||||||
name: keystone
|
name: keystone
|
||||||
auth:
|
auth:
|
||||||
|
@ -267,9 +290,23 @@ endpoints:
|
||||||
project_name: service
|
project_name: service
|
||||||
user_domain_name: default
|
user_domain_name: default
|
||||||
project_domain_name: default
|
project_domain_name: default
|
||||||
|
ranger:
|
||||||
|
role:
|
||||||
|
- admin
|
||||||
|
- admin_support
|
||||||
|
- admin_viewer
|
||||||
|
- customer_creator
|
||||||
|
- flavor_creator
|
||||||
|
- admin_image
|
||||||
|
region_name: RegionOne
|
||||||
|
username: ranger-admin
|
||||||
|
password: password
|
||||||
|
project_name: service
|
||||||
|
user_domain_name: default
|
||||||
|
project_domain_name: default
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone
|
||||||
public: keystone
|
internal: keystone-api
|
||||||
host_fqdn_override:
|
host_fqdn_override:
|
||||||
default: null
|
default: null
|
||||||
path:
|
path:
|
||||||
|
@ -277,10 +314,9 @@ endpoints:
|
||||||
scheme:
|
scheme:
|
||||||
default: http
|
default: http
|
||||||
port:
|
port:
|
||||||
admin:
|
|
||||||
default: 35357
|
|
||||||
api:
|
api:
|
||||||
default: 80
|
default: 80
|
||||||
|
internal: 5000
|
||||||
image:
|
image:
|
||||||
name: glance
|
name: glance
|
||||||
hosts:
|
hosts:
|
||||||
|
@ -316,6 +352,13 @@ endpoints:
|
||||||
hosts:
|
hosts:
|
||||||
default: ranger-api
|
default: ranger-api
|
||||||
public: ranger-agent
|
public: ranger-agent
|
||||||
|
# NOTE: this chart supports TLS for fqdn over-ridden public
|
||||||
|
# endpoints using the following format:
|
||||||
|
# public:
|
||||||
|
# host: null
|
||||||
|
# tls:
|
||||||
|
# crt: null
|
||||||
|
# key: null
|
||||||
host_fqdn_override:
|
host_fqdn_override:
|
||||||
default: null
|
default: null
|
||||||
path:
|
path:
|
||||||
|
@ -459,6 +502,7 @@ manifests:
|
||||||
secret_keystone: true
|
secret_keystone: true
|
||||||
secret_ssh_key: true
|
secret_ssh_key: true
|
||||||
secret_rabbitmq: true
|
secret_rabbitmq: true
|
||||||
|
secret_ingress_tls: true
|
||||||
job_db_init: true
|
job_db_init: true
|
||||||
job_db_sync: true
|
job_db_sync: true
|
||||||
job_db_drop: false
|
job_db_drop: false
|
||||||
|
@ -466,6 +510,7 @@ manifests:
|
||||||
job_ks_endpoints: true
|
job_ks_endpoints: true
|
||||||
job_ks_service: true
|
job_ks_service: true
|
||||||
job_ks_user: true
|
job_ks_user: true
|
||||||
|
job_ks_user_ranger: true
|
||||||
job_rabbit_init: true
|
job_rabbit_init: true
|
||||||
pdb_api: true
|
pdb_api: true
|
||||||
pod_test: true
|
pod_test: true
|
||||||
|
|
|
@ -0,0 +1,22 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
apiVersion: v1
|
||||||
|
description: OpenStack-Helm Ranger
|
||||||
|
name: ranger
|
||||||
|
version: 0.1.0
|
||||||
|
icon: https://git.openstack.org/cgit/openstack/ranger/plain/public/images/logo.png
|
||||||
|
sources:
|
||||||
|
- https://git.openstack.org/cgit/openstack/ranger
|
||||||
|
- https://git.openstack.org/cgit/openstack/openstack-helm-addons
|
||||||
|
maintainers:
|
||||||
|
- name: OpenStack-Helm Authors
|
|
@ -0,0 +1,18 @@
|
||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
dependencies:
|
||||||
|
- name: helm-toolkit
|
||||||
|
repository: http://localhost:8879/charts
|
||||||
|
version: 0.1.0
|
|
@ -0,0 +1,21 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
exec ranger-dbsync
|
|
@ -0,0 +1,44 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
COMMAND="${@:-allservicesreadiness}"
|
||||||
|
|
||||||
|
function allservicesreadiness () {
|
||||||
|
allservicesliveness
|
||||||
|
}
|
||||||
|
|
||||||
|
function allservicesliveness () {
|
||||||
|
IS_CMS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-cms" {print $8}')
|
||||||
|
IS_RMS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-rms" {print $8}')
|
||||||
|
IS_IMS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-ims" {print $8}')
|
||||||
|
IS_FMS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-fms" {print $8}')
|
||||||
|
IS_RDS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-rds" {print $8}')
|
||||||
|
IS_UUID_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-uuidgen" {print $8}')
|
||||||
|
IS_AUDIT_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-audit" {print $8}')
|
||||||
|
|
||||||
|
for process in "$IS_UUID_RUNNING" "$IS_AUDIT_RUNNING" "$IS_IMS_RUNNING" "$IS_RMS_RUNNING" "$IS_CMS_RUNNING" "$IS_RDS_RUNNING" "$IS_FMS_RUNNING"; do
|
||||||
|
if [ -z "$process" ]; then
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
}
|
||||||
|
$COMMAND
|
|
@ -0,0 +1,65 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
COMMAND="${@:-start}"
|
||||||
|
|
||||||
|
function start () {
|
||||||
|
|
||||||
|
if [ -n "${SSH_KEY}" ] && [ -n "${SSH_KEY_CONFIGURATION}" ];then
|
||||||
|
if [[ $(stat -c %F ${USER_HOME}/.ssh) = "directory" ]]; then
|
||||||
|
rm -fr ${USER_HOME}/.ssh
|
||||||
|
fi
|
||||||
|
|
||||||
|
mkdir -p ${USER_HOME}/.ssh
|
||||||
|
echo -e "${SSH_KEY}" >>${USER_HOME}/.ssh/${SSH_KEY_FILE}
|
||||||
|
echo -e "${SSH_KEY_CONFIGURATION}" >>${USER_HOME}/.ssh/config
|
||||||
|
|
||||||
|
chown ranger: ${USER_HOME}/.ssh
|
||||||
|
chmod 0700 -R ${USER_HOME}/.ssh
|
||||||
|
chmod 0644 ${USER_HOME}/.ssh/config
|
||||||
|
chmod 0600 ${USER_HOME}/.ssh/${SSH_KEY_FILE}
|
||||||
|
|
||||||
|
git config --global user.name ${REPO_USER}
|
||||||
|
git config --global user.email ${REPO_ACCOUNT}
|
||||||
|
git clone ${REMOTE_REPO} ${LOCAL_REPO}
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "${CERT_LOCATION}" ];then
|
||||||
|
echo -e "${CERT_FILE}" >>${CERT_LOCATION}
|
||||||
|
chmod 0644 ${CERT_LOCATION}
|
||||||
|
fi
|
||||||
|
|
||||||
|
exec ranger-uuidgen &
|
||||||
|
exec ranger-audit &
|
||||||
|
exec ranger-rms &
|
||||||
|
exec ranger-rds &
|
||||||
|
exec ranger-cms &
|
||||||
|
exec ranger-fms &
|
||||||
|
exec ranger-ims
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
function stop() {
|
||||||
|
|
||||||
|
kill -TERM 1
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
$COMMAND
|
|
@ -0,0 +1,19 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
set -ex
|
|
@ -0,0 +1,39 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.configmap_bin }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: ranger-bin
|
||||||
|
data:
|
||||||
|
db-init.py: |+
|
||||||
|
{{- include "helm-toolkit.scripts.db_init" . | indent 4 }}
|
||||||
|
db-sync.sh: |+
|
||||||
|
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
db-drop.py: |+
|
||||||
|
{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }}
|
||||||
|
ranger-services.sh: |
|
||||||
|
{{ tuple "bin/_ranger-services.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
health-check.sh: |+
|
||||||
|
{{ tuple "bin/_health-check.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
ranger-test.sh: |+
|
||||||
|
{{ tuple "bin/_ranger-test.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
rabbit-init.sh: |
|
||||||
|
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,70 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.configmap_etc }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
|
||||||
|
{{- if empty .Values.conf.ranger.database.connection -}}
|
||||||
|
{{- $_ := tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ranger.database "connection" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.ranger.keystone_authtoken.username -}}
|
||||||
|
{{- $_ := set .Values.conf.ranger.keystone_authtoken "username" .Values.endpoints.identity.auth.ranger.username -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.ranger.keystone_authtoken.password -}}
|
||||||
|
{{- $_ := set .Values.conf.ranger.keystone_authtoken "password" .Values.endpoints.identity.auth.ranger.password -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.ranger.keystone_authtoken.project_name -}}
|
||||||
|
{{- $_ := set .Values.conf.ranger.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ranger.project_name -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.ranger.cli.base_region -}}
|
||||||
|
{{- $_ := set .Values.conf.ranger.cli "base_region" .Values.endpoints.identity.auth.ranger.region_name -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.ranger.keystone_authtoken.project_domain_name -}}
|
||||||
|
{{- $_ := set .Values.conf.ranger.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.ranger.project_domain_name -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.ranger.keystone_authtoken.user_domain_name -}}
|
||||||
|
{{- $_ := set .Values.conf.ranger.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.ranger.user_domain_name -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.ranger.cms.port -}}
|
||||||
|
{{- $_ := tuple "cms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.cms "port" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.ranger.fms.port -}}
|
||||||
|
{{- $_ := tuple "fms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.fms "port" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.ranger.ims.port -}}
|
||||||
|
{{- $_ := tuple "ims" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.ims "port" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.ranger.rms.port -}}
|
||||||
|
{{- $_ := tuple "rms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.rms "port" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.ranger.rds.port -}}
|
||||||
|
{{- $_ := tuple "rds" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.rds "port" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.ranger.uuid.port -}}
|
||||||
|
{{- $_ := tuple "uuid" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.uuid "port" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.ranger.audit.port -}}
|
||||||
|
{{- $_ := tuple "audit" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.audit "port" -}}
|
||||||
|
{{- end -}}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: ranger-etc
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
ranger.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ranger | b64enc }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,167 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
{{- if .Values.manifests.deployment_ranger_services }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
|
||||||
|
{{- $mounts_ranger := .Values.pod.mounts.ranger.ranger }}
|
||||||
|
{{- $mounts_ranger_init := .Values.pod.mounts.ranger.init_container }}
|
||||||
|
|
||||||
|
{{- $serviceAccountName := "ranger-services" }}
|
||||||
|
{{ tuple $envAll "ranger" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1beta1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: {{ $serviceAccountName }}
|
||||||
|
spec:
|
||||||
|
replicas: {{ .Values.pod.replicas.ranger }}
|
||||||
|
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
|
annotations:
|
||||||
|
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
|
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
|
spec:
|
||||||
|
serviceAccountName: {{ $serviceAccountName }}
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
|
hostNetwork: true
|
||||||
|
affinity:
|
||||||
|
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||||
|
nodeSelector:
|
||||||
|
{{ .Values.labels.ranger.node_selector_key }}: {{ .Values.labels.ranger.node_selector_value }}
|
||||||
|
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.ranger.timeout | default "30" }}
|
||||||
|
initContainers:
|
||||||
|
{{ tuple $envAll "ranger" $mounts_ranger_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||||
|
containers:
|
||||||
|
- name: ranger-services
|
||||||
|
image: {{ .Values.images.tags.ranger }}
|
||||||
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
|
{{ tuple $envAll $envAll.Values.pod.resources.ranger | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
runAsUser: {{ .Values.pod.user.ranger.uid }}
|
||||||
|
env:
|
||||||
|
- name: USER
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: ranger-ssh-secret
|
||||||
|
key: USER
|
||||||
|
- name: USER_HOME
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: ranger-ssh-secret
|
||||||
|
key: USER_HOME
|
||||||
|
- name: SSH_KEY_FILE
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: ranger-ssh-secret
|
||||||
|
key: SSH_KEY_FILE
|
||||||
|
- name: SSH_KEY
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: ranger-ssh-secret
|
||||||
|
key: RANGER_PRIVATE_KEY
|
||||||
|
- name: SSH_KEY_CONFIGURATION
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: ranger-ssh-secret
|
||||||
|
key: RANGER_SSH_CONFIG
|
||||||
|
- name: REPO_USER
|
||||||
|
value: {{ .Values.conf.ranger.rds.repo_user }}
|
||||||
|
- name: REPO_ACCOUNT
|
||||||
|
value: {{ .Values.conf.ranger.rds.repo_email }}
|
||||||
|
- name: LOCAL_REPO
|
||||||
|
value: {{ .Values.conf.ranger.rds.repo_local_location }}
|
||||||
|
- name: REMOTE_REPO
|
||||||
|
value: {{ .Values.conf.ranger.rds.repo_remote_location }}
|
||||||
|
{{- if .Values.conf.ranger.DEFAULT.ranger_agent_https_enable }}
|
||||||
|
- name: CERT_LOCATION
|
||||||
|
value: {{ .Values.conf.ranger.DEFAULT.ranger_agent_client_cert_path }}
|
||||||
|
- name: CERT_FILE
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: ranger-ssh-secret
|
||||||
|
key: CERT_FILE
|
||||||
|
{{- end }}
|
||||||
|
- name: CMS_SERVICE_URL
|
||||||
|
value: {{ tuple "cms" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
|
||||||
|
command:
|
||||||
|
- /tmp/ranger-services.sh
|
||||||
|
- start
|
||||||
|
lifecycle:
|
||||||
|
preStop:
|
||||||
|
exec:
|
||||||
|
command:
|
||||||
|
- stop
|
||||||
|
ports:
|
||||||
|
- name: cms
|
||||||
|
containerPort: {{ tuple "cms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
|
- name: ims
|
||||||
|
containerPort: {{ tuple "ims" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
|
- name: fms
|
||||||
|
containerPort: {{ tuple "fms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
|
- name: rms
|
||||||
|
containerPort: {{ tuple "rms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
|
- name: rds
|
||||||
|
containerPort: {{ tuple "rds" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
|
- name: uuid
|
||||||
|
containerPort: {{ tuple "uuid" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
|
- name: audit
|
||||||
|
containerPort: {{ tuple "audit" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
|
livenessProbe:
|
||||||
|
initialDelaySeconds: 30
|
||||||
|
timeoutSeconds: 10
|
||||||
|
exec:
|
||||||
|
command:
|
||||||
|
- /tmp/health-check.sh
|
||||||
|
- allservicesliveness
|
||||||
|
readinessProbe:
|
||||||
|
initialDelaySeconds: 30
|
||||||
|
timeoutSeconds: 10
|
||||||
|
exec:
|
||||||
|
command:
|
||||||
|
- /tmp/health-check.sh
|
||||||
|
- allservicesreadiness
|
||||||
|
volumeMounts:
|
||||||
|
- name: pod-etc-ranger
|
||||||
|
mountPath: /etc/ranger
|
||||||
|
- name: ranger-bin
|
||||||
|
mountPath: /tmp/ranger-services.sh
|
||||||
|
subPath: ranger-services.sh
|
||||||
|
readOnly: true
|
||||||
|
- name: ranger-bin
|
||||||
|
mountPath: /tmp/health-check.sh
|
||||||
|
subPath: health-check.sh
|
||||||
|
readOnly: true
|
||||||
|
- name: ranger-etc
|
||||||
|
mountPath: /etc/ranger/ranger.conf
|
||||||
|
subPath: ranger.conf
|
||||||
|
readOnly: true
|
||||||
|
{{ if $mounts_ranger.volumeMounts }}{{ toYaml $mounts_ranger.volumeMounts | indent 12 }}{{ end }}
|
||||||
|
volumes:
|
||||||
|
- name: pod-etc-ranger
|
||||||
|
emptyDir: {}
|
||||||
|
- name: ranger-bin
|
||||||
|
configMap:
|
||||||
|
name: ranger-bin
|
||||||
|
defaultMode: 0555
|
||||||
|
- name: ranger-etc
|
||||||
|
secret:
|
||||||
|
secretName: ranger-etc
|
||||||
|
defaultMode: 0444
|
||||||
|
{{ if $mounts_ranger.volumes}}{{ toYaml $mounts_ranger.volumes | indent 8 }}{{ end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,51 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if and .Values.manifests.ingress_cms .Values.network.cms.ingress.public }}
|
||||||
|
{{- $ingressOpts := dict "envAll" . "backendService" "cms" "backendServiceType" "cms" "backendPort" "cms" -}}
|
||||||
|
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if and .Values.manifests.ingress_fms .Values.network.fms.ingress.public }}
|
||||||
|
{{- $ingressOpts := dict "envAll" . "backendService" "fms" "backendServiceType" "fms" "backendPort" "fms" -}}
|
||||||
|
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if and .Values.manifests.ingress_ims .Values.network.ims.ingress.public }}
|
||||||
|
{{- $ingressOpts := dict "envAll" . "backendService" "ims" "backendServiceType" "ims" "backendPort" "ims" -}}
|
||||||
|
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if and .Values.manifests.ingress_rms .Values.network.rms.ingress.public }}
|
||||||
|
{{- $ingressOpts := dict "envAll" . "backendService" "rms" "backendServiceType" "rms" "backendPort" "rms" -}}
|
||||||
|
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if and .Values.manifests.ingress_rds .Values.network.rds.ingress.public }}
|
||||||
|
{{- $ingressOpts := dict "envAll" . "backendService" "rds" "backendServiceType" "rds" "backendPort" "rds" -}}
|
||||||
|
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.ingress_uuid }}
|
||||||
|
{{- $ingressOpts := dict "envAll" . "backendService" "uuid" "backendServiceType" "uuid" "backendPort" "uuid" -}}
|
||||||
|
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.ingress_audit }}
|
||||||
|
{{- $ingressOpts := dict "envAll" . "backendService" "audit" "backendServiceType" "audit" "backendPort" "audit" -}}
|
||||||
|
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.job_db_drop }}
|
||||||
|
{{- $dbInitJob := dict "envAll" . "serviceName" "ranger" -}}
|
||||||
|
{{ $dbInitJob | include "helm-toolkit.manifests.job_db_drop_mysql" }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,20 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.job_db_init }}
|
||||||
|
{{- $dbInitJob := dict "envAll" . "serviceName" "ranger" -}}
|
||||||
|
{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,20 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.job_db_sync }}
|
||||||
|
{{- $dbSyncJob := dict "envAll" . "serviceName" "ranger" -}}
|
||||||
|
{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,20 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
|
||||||
|
{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "ranger" -}}
|
||||||
|
{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,29 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.pdb_api }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: policy/v1beta1
|
||||||
|
kind: PodDisruptionBudget
|
||||||
|
metadata:
|
||||||
|
name: ranger
|
||||||
|
spec:
|
||||||
|
minAvailable: {{ .Values.pod.lifecycle.disruption_budget.ranger.min_available }}
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,59 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.pod_test }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
|
||||||
|
{{- $mounts_tests := .Values.pod.mounts.ranger_tests.ranger_tests }}
|
||||||
|
{{- $mounts_tests_init := .Values.pod.mounts.ranger_tests.init_container }}
|
||||||
|
|
||||||
|
{{- $serviceAccountName := print $envAll.Release.Name "-test" }}
|
||||||
|
{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Pod
|
||||||
|
metadata:
|
||||||
|
name: "{{$envAll.Release.Name}}-test"
|
||||||
|
annotations:
|
||||||
|
"helm.sh/hook": test-success
|
||||||
|
spec:
|
||||||
|
serviceAccountName: {{ $serviceAccountName }}
|
||||||
|
nodeSelector:
|
||||||
|
{{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
|
||||||
|
restartPolicy: Never
|
||||||
|
initContainers:
|
||||||
|
{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
|
||||||
|
containers:
|
||||||
|
- name: {{.Release.Name}}-test
|
||||||
|
image: {{ .Values.images.tags.scripted_test }}
|
||||||
|
env:
|
||||||
|
- name: RANGER_SERVICE_URL
|
||||||
|
value: {{ tuple "cms" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
|
||||||
|
command:
|
||||||
|
- /tmp/ranger-test.sh
|
||||||
|
volumeMounts:
|
||||||
|
- name: ranger-bin
|
||||||
|
mountPath: /tmp/ranger-test.sh
|
||||||
|
subPath: ranger-test.sh
|
||||||
|
readOnly: true
|
||||||
|
{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }}
|
||||||
|
volumes:
|
||||||
|
- name: ranger-bin
|
||||||
|
configMap:
|
||||||
|
name: ranger-bin
|
||||||
|
defaultMode: 0555
|
||||||
|
{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,30 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.secret_db }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- range $key1, $userClass := tuple "admin" "ranger" }}
|
||||||
|
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ $secretName }}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,23 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017-2018 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.secret_ingress_tls }}
|
||||||
|
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "cms" ) }}
|
||||||
|
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "fms" ) }}
|
||||||
|
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "ims" ) }}
|
||||||
|
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "rms" ) }}
|
||||||
|
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "rds" ) }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,34 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.secret_ssh_key }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- $key_location := .Values.conf.ssh.key_location }}
|
||||||
|
{{- $secretName := "ranger-ssh-secret" }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ $secretName }}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
USER: {{ .Values.conf.ssh.user | b64enc }}
|
||||||
|
USER_HOME: {{ .Values.conf.ssh.user_home | b64enc }}
|
||||||
|
SSH_KEY_FILE: {{ .Values.conf.ssh.ssh_key_file | b64enc }}
|
||||||
|
RANGER_PRIVATE_KEY: {{ .Values.conf.ssh.ssh_key | default "" | b64enc }}
|
||||||
|
RANGER_SSH_CONFIG: {{ .Values.conf.ssh.ssh_config | default "" | b64enc }}
|
||||||
|
CERT_FILE: {{ .Values.conf.cert.ranger_agent_client_cert | default "" | b64enc }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,20 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if and .Values.manifests.service_ingress_cms .Values.network.cms.ingress.public }}
|
||||||
|
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "cms" -}}
|
||||||
|
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,20 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if and .Values.manifests.service_ingress_fms .Values.network.fms.ingress.public }}
|
||||||
|
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "fms" "backendPort" "fms" -}}
|
||||||
|
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,20 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if and .Values.manifests.service_ingress_ims .Values.network.ims.ingress.public }}
|
||||||
|
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "ims" -}}
|
||||||
|
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,21 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if and .Values.manifests.service_ingress_rds .Values.network.rds.ingress.public }}
|
||||||
|
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "rds" -}}
|
||||||
|
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if and .Values.manifests.service_ingress_rms .Values.network.rms.ingress.public }}
|
||||||
|
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "rms" -}}
|
||||||
|
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,180 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.service_cms }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ tuple "cms" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- name: cms
|
||||||
|
port: {{ tuple "cms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
|
{{- if .Values.network.cms.node_port.enabled }}
|
||||||
|
nodePort: {{ .Values.network.cms.node_port.port }}
|
||||||
|
{{ end }}
|
||||||
|
selector:
|
||||||
|
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||||
|
{{ if .Values.network.cms.node_port.enabled }}
|
||||||
|
type: NodePort
|
||||||
|
{{- if .Values.network.cms.external_policy_local }}
|
||||||
|
externalTrafficPolicy: Local
|
||||||
|
{{ end }}
|
||||||
|
{{ end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.service_fms }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ tuple "fms" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- name: fms
|
||||||
|
port: {{ tuple "fms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
|
{{- if .Values.network.fms.node_port.enabled }}
|
||||||
|
nodePort: {{ .Values.network.fms.node_port.port }}
|
||||||
|
{{ end }}
|
||||||
|
selector:
|
||||||
|
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||||
|
{{ if .Values.network.fms.node_port.enabled }}
|
||||||
|
type: NodePort
|
||||||
|
{{- if .Values.network.fms.external_policy_local }}
|
||||||
|
externalTrafficPolicy: Local
|
||||||
|
{{ end }}
|
||||||
|
{{ end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.service_ims }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ tuple "ims" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- name: ims
|
||||||
|
port: {{ tuple "ims" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
|
{{- if .Values.network.ims.node_port.enabled }}
|
||||||
|
nodePort: {{ .Values.network.ims.node_port.port }}
|
||||||
|
{{ end }}
|
||||||
|
selector:
|
||||||
|
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||||
|
{{ if .Values.network.ims.node_port.enabled }}
|
||||||
|
type: NodePort
|
||||||
|
{{- if .Values.network.ims.external_policy_local }}
|
||||||
|
externalTrafficPolicy: Local
|
||||||
|
{{ end }}
|
||||||
|
{{ end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.manifests.service_rms }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ tuple "rms" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- name: rms
|
||||||
|
port: {{ tuple "rms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
|
{{- if .Values.network.rms.node_port.enabled }}
|
||||||
|
nodePort: {{ .Values.network.rms.node_port.port }}
|
||||||
|
{{ end }}
|
||||||
|
selector:
|
||||||
|
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||||
|
{{ if .Values.network.rms.node_port.enabled }}
|
||||||
|
type: NodePort
|
||||||
|
{{- if .Values.network.rms.external_policy_local }}
|
||||||
|
externalTrafficPolicy: Local
|
||||||
|
{{ end }}
|
||||||
|
{{ end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.manifests.service_rds }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ tuple "rds" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- name: rds
|
||||||
|
port: {{ tuple "rds" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
|
{{- if .Values.network.rds.node_port.enabled }}
|
||||||
|
nodePort: {{ .Values.network.rds.node_port.port }}
|
||||||
|
{{ end }}
|
||||||
|
selector:
|
||||||
|
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||||
|
{{ if .Values.network.rds.node_port.enabled }}
|
||||||
|
type: NodePort
|
||||||
|
{{- if .Values.network.rds.external_policy_local }}
|
||||||
|
externalTrafficPolicy: Local
|
||||||
|
{{ end }}
|
||||||
|
{{ end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.manifests.service_uuid }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ tuple "uuid" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- name: uuid
|
||||||
|
port: {{ tuple "uuid" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
|
{{- if .Values.network.uuid.node_port.enabled }}
|
||||||
|
nodePort: {{ .Values.network.uuid.node_port.port }}
|
||||||
|
{{ end }}
|
||||||
|
selector:
|
||||||
|
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||||
|
{{ if .Values.network.uuid.node_port.enabled }}
|
||||||
|
type: NodePort
|
||||||
|
{{- if .Values.network.uuid.external_policy_local }}
|
||||||
|
externalTrafficPolicy: Local
|
||||||
|
{{ end }}
|
||||||
|
{{ end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.manifests.service_audit }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ tuple "audit" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- name: audit
|
||||||
|
port: {{ tuple "audit" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
|
{{- if .Values.network.audit.node_port.enabled }}
|
||||||
|
nodePort: {{ .Values.network.audit.node_port.port }}
|
||||||
|
{{ end }}
|
||||||
|
selector:
|
||||||
|
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||||
|
{{ if .Values.network.audit.node_port.enabled }}
|
||||||
|
type: NodePort
|
||||||
|
{{- if .Values.network.audit.external_policy_local }}
|
||||||
|
externalTrafficPolicy: Local
|
||||||
|
{{ end }}
|
||||||
|
{{ end }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -0,0 +1,516 @@
|
||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
# Default values for ranger.
|
||||||
|
# This is a YAML-formatted file.
|
||||||
|
# Declare name/value pairs to be passed into your templates.
|
||||||
|
# name: value
|
||||||
|
|
||||||
|
release_group: null
|
||||||
|
|
||||||
|
labels:
|
||||||
|
ranger:
|
||||||
|
node_selector_key: openstack-control-plane
|
||||||
|
node_selector_value: enabled
|
||||||
|
job:
|
||||||
|
node_selector_key: openstack-control-plane
|
||||||
|
node_selector_value: enabled
|
||||||
|
test:
|
||||||
|
node_selector_key: openstack-control-plane
|
||||||
|
node_selector_value: enabled
|
||||||
|
|
||||||
|
images:
|
||||||
|
tags:
|
||||||
|
ranger: docker.io/hosingh000/ranger:0.1.0
|
||||||
|
ranger_db_sync: docker.io/hosingh000/ranger:0.1.0
|
||||||
|
db_drop: docker.io/openstackhelm/heat:newton
|
||||||
|
db_init: docker.io/openstackhelm/heat:newton
|
||||||
|
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
|
||||||
|
scripted_test: docker.io/openstackhelm/heat:newton
|
||||||
|
image_repo_sync: docker.io/docker:17.07.0
|
||||||
|
pull_policy: "IfNotPresent"
|
||||||
|
local_registry:
|
||||||
|
active: false
|
||||||
|
exclude:
|
||||||
|
- dep_check
|
||||||
|
- image_repo_sync
|
||||||
|
conf:
|
||||||
|
ranger:
|
||||||
|
DEFAULT:
|
||||||
|
protocol: http
|
||||||
|
log_level: INFO
|
||||||
|
orm_host: 0.0.0.0
|
||||||
|
pecan_debug: True
|
||||||
|
ranger_base: '/home/ranger/ranger'
|
||||||
|
ssl_verify: False
|
||||||
|
log_location: '/var/log/ranger'
|
||||||
|
ranger_agent_https_enable: False
|
||||||
|
ranger_agent_client_cert_path: ''
|
||||||
|
cms:
|
||||||
|
log: cms.log
|
||||||
|
fms:
|
||||||
|
log: fms.log
|
||||||
|
ims:
|
||||||
|
log: ims.log
|
||||||
|
rms:
|
||||||
|
log: rms.log
|
||||||
|
rds:
|
||||||
|
log: rds.log
|
||||||
|
repo_local_location: /home/ranger/git_repo
|
||||||
|
repo_remote_location: git@127.0.0.1:/home/repo/ORM.git
|
||||||
|
repo_user: orm
|
||||||
|
repo_email: orm@test.com
|
||||||
|
uuid:
|
||||||
|
log: uuid.log
|
||||||
|
audit:
|
||||||
|
log: audit.log
|
||||||
|
cli:
|
||||||
|
base_region: RegionOne
|
||||||
|
database:
|
||||||
|
max_retries: -1
|
||||||
|
keystone_authtoken:
|
||||||
|
auth_type: password
|
||||||
|
auth_version: v3
|
||||||
|
ssh:
|
||||||
|
user: ranger
|
||||||
|
user_home: /home/ranger
|
||||||
|
ssh_key_file: ranger
|
||||||
|
ssh_key: null
|
||||||
|
ssh_config: null
|
||||||
|
cert:
|
||||||
|
ranger_agent_client_cert: null
|
||||||
|
|
||||||
|
network:
|
||||||
|
cms:
|
||||||
|
ingress:
|
||||||
|
public: true
|
||||||
|
classes:
|
||||||
|
namespace: "nginx"
|
||||||
|
cluster: "nginx-cluster"
|
||||||
|
annotations:
|
||||||
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||||
|
external_policy_local: false
|
||||||
|
node_port:
|
||||||
|
enabled: false
|
||||||
|
port: 37080
|
||||||
|
fms:
|
||||||
|
ingress:
|
||||||
|
public: true
|
||||||
|
classes:
|
||||||
|
namespace: "nginx"
|
||||||
|
cluster: "nginx-cluster"
|
||||||
|
annotations:
|
||||||
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||||
|
external_policy_local: false
|
||||||
|
node_port:
|
||||||
|
enabled: false
|
||||||
|
port: 38082
|
||||||
|
ims:
|
||||||
|
ingress:
|
||||||
|
public: true
|
||||||
|
classes:
|
||||||
|
namespace: "nginx"
|
||||||
|
cluster: "nginx-cluster"
|
||||||
|
annotations:
|
||||||
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||||
|
external_policy_local: false
|
||||||
|
node_port:
|
||||||
|
enabled: false
|
||||||
|
port: 38084
|
||||||
|
rms:
|
||||||
|
ingress:
|
||||||
|
public: true
|
||||||
|
classes:
|
||||||
|
namespace: "nginx"
|
||||||
|
cluster: "nginx-cluster"
|
||||||
|
annotations:
|
||||||
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||||
|
external_policy_local: false
|
||||||
|
node_port:
|
||||||
|
enabled: false
|
||||||
|
port: 38080
|
||||||
|
audit:
|
||||||
|
ingress:
|
||||||
|
public: true
|
||||||
|
classes:
|
||||||
|
namespace: "nginx"
|
||||||
|
cluster: "nginx-cluster"
|
||||||
|
annotations:
|
||||||
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||||
|
external_policy_local: false
|
||||||
|
node_port:
|
||||||
|
enabled: false
|
||||||
|
port: 38776
|
||||||
|
rds:
|
||||||
|
ingress:
|
||||||
|
public: true
|
||||||
|
classes:
|
||||||
|
namespace: "nginx"
|
||||||
|
cluster: "nginx-cluster"
|
||||||
|
annotations:
|
||||||
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||||
|
external_policy_local: false
|
||||||
|
node_port:
|
||||||
|
enabled: false
|
||||||
|
port: 38777
|
||||||
|
uuid:
|
||||||
|
ingress:
|
||||||
|
public: true
|
||||||
|
classes:
|
||||||
|
namespace: "nginx"
|
||||||
|
cluster: "nginx-cluster"
|
||||||
|
annotations:
|
||||||
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||||
|
external_policy_local: false
|
||||||
|
node_port:
|
||||||
|
enabled: false
|
||||||
|
port: 38090
|
||||||
|
|
||||||
|
|
||||||
|
dependencies:
|
||||||
|
dynamic:
|
||||||
|
common:
|
||||||
|
local_image_registry:
|
||||||
|
jobs:
|
||||||
|
- keystone-image-repo-sync
|
||||||
|
services:
|
||||||
|
- endpoint: node
|
||||||
|
service: local_image_registry
|
||||||
|
static:
|
||||||
|
ranger:
|
||||||
|
jobs:
|
||||||
|
- ranger-db-sync
|
||||||
|
services:
|
||||||
|
- service: oslo_db
|
||||||
|
endpoint: internal
|
||||||
|
db_sync:
|
||||||
|
jobs:
|
||||||
|
- ranger-db-init
|
||||||
|
services:
|
||||||
|
- service: oslo_db
|
||||||
|
endpoint: internal
|
||||||
|
db_init:
|
||||||
|
services:
|
||||||
|
- service: oslo_db
|
||||||
|
endpoint: internal
|
||||||
|
db_drop:
|
||||||
|
services:
|
||||||
|
- service: oslo_db
|
||||||
|
endpoint: internal
|
||||||
|
image_repo_sync:
|
||||||
|
services:
|
||||||
|
- service: local_image_registry
|
||||||
|
endpoint: internal
|
||||||
|
|
||||||
|
# Names of secrets used and environmental checks
|
||||||
|
secrets:
|
||||||
|
oslo_db:
|
||||||
|
admin: ranger-db-admin
|
||||||
|
ranger: ranger-db-user
|
||||||
|
tls:
|
||||||
|
cms:
|
||||||
|
api:
|
||||||
|
public: cms
|
||||||
|
fms:
|
||||||
|
api:
|
||||||
|
public: fms
|
||||||
|
ims:
|
||||||
|
api:
|
||||||
|
public: ims
|
||||||
|
rms:
|
||||||
|
api:
|
||||||
|
public: rms
|
||||||
|
rds:
|
||||||
|
api:
|
||||||
|
public: rds
|
||||||
|
|
||||||
|
# typically overriden by environmental
|
||||||
|
# values, but should include all endpoints
|
||||||
|
# required by this chart
|
||||||
|
endpoints:
|
||||||
|
cluster_domain_suffix: cluster.local
|
||||||
|
local_image_registry:
|
||||||
|
name: docker-registry
|
||||||
|
namespace: docker-registry
|
||||||
|
hosts:
|
||||||
|
default: localhost
|
||||||
|
internal: docker-registry
|
||||||
|
node: localhost
|
||||||
|
host_fqdn_override:
|
||||||
|
default: null
|
||||||
|
port:
|
||||||
|
registry:
|
||||||
|
node: 5000
|
||||||
|
oslo_db:
|
||||||
|
auth:
|
||||||
|
admin:
|
||||||
|
username: root
|
||||||
|
password: password
|
||||||
|
ranger:
|
||||||
|
username: ranger
|
||||||
|
password: password
|
||||||
|
hosts:
|
||||||
|
default: mariadb
|
||||||
|
host_fqdn_override:
|
||||||
|
default: null
|
||||||
|
path: /orm
|
||||||
|
scheme: mysql+pymysql
|
||||||
|
port:
|
||||||
|
mysql:
|
||||||
|
default: 3306
|
||||||
|
oslo_cache:
|
||||||
|
hosts:
|
||||||
|
default: memcached
|
||||||
|
host_fqdn_override:
|
||||||
|
default: null
|
||||||
|
port:
|
||||||
|
memcache:
|
||||||
|
default: 11211
|
||||||
|
cms:
|
||||||
|
name: cms
|
||||||
|
hosts:
|
||||||
|
default: cms-api
|
||||||
|
public: cms
|
||||||
|
# NOTE: this chart supports TLS for fqdn over-ridden public
|
||||||
|
# endpoints using the following format:
|
||||||
|
# public:
|
||||||
|
# host: null
|
||||||
|
# tls:
|
||||||
|
# crt: null
|
||||||
|
# key: null
|
||||||
|
host_fqdn_override:
|
||||||
|
default: null
|
||||||
|
path:
|
||||||
|
default: /v1/orm/customers
|
||||||
|
scheme:
|
||||||
|
default: http
|
||||||
|
port:
|
||||||
|
api:
|
||||||
|
default: 7080
|
||||||
|
public: 80
|
||||||
|
fms:
|
||||||
|
name: fms
|
||||||
|
hosts:
|
||||||
|
default: fms-api
|
||||||
|
public: fms
|
||||||
|
host_fqdn_override:
|
||||||
|
default: null
|
||||||
|
path:
|
||||||
|
default: /v1/orm/flavors
|
||||||
|
scheme:
|
||||||
|
default: http
|
||||||
|
port:
|
||||||
|
api:
|
||||||
|
default: 8082
|
||||||
|
public: 80
|
||||||
|
ims:
|
||||||
|
name: ims
|
||||||
|
hosts:
|
||||||
|
default: ims-api
|
||||||
|
public: ims
|
||||||
|
host_fqdn_override:
|
||||||
|
default: null
|
||||||
|
path:
|
||||||
|
default: /v1/orm/images
|
||||||
|
scheme:
|
||||||
|
default: http
|
||||||
|
port:
|
||||||
|
api:
|
||||||
|
default: 8084
|
||||||
|
public: 80
|
||||||
|
rms:
|
||||||
|
name: rms
|
||||||
|
hosts:
|
||||||
|
default: rms-api
|
||||||
|
public: rms
|
||||||
|
host_fqdn_override:
|
||||||
|
default: null
|
||||||
|
path:
|
||||||
|
default: /v2/orm/regions
|
||||||
|
scheme:
|
||||||
|
default: http
|
||||||
|
port:
|
||||||
|
api:
|
||||||
|
default: 7003
|
||||||
|
public: 80
|
||||||
|
rds:
|
||||||
|
name: rds
|
||||||
|
hosts:
|
||||||
|
default: rds-api
|
||||||
|
public: rds
|
||||||
|
host_fqdn_override:
|
||||||
|
default: null
|
||||||
|
path:
|
||||||
|
default: /v1/rds/status
|
||||||
|
scheme:
|
||||||
|
default: http
|
||||||
|
port:
|
||||||
|
api:
|
||||||
|
default: 8777
|
||||||
|
public: 80
|
||||||
|
uuid:
|
||||||
|
name: uuid
|
||||||
|
hosts:
|
||||||
|
default: uuid-api
|
||||||
|
host_fqdn_override:
|
||||||
|
default: null
|
||||||
|
path:
|
||||||
|
default: /v1/uuids
|
||||||
|
scheme:
|
||||||
|
default: http
|
||||||
|
port:
|
||||||
|
api:
|
||||||
|
default: 7001
|
||||||
|
audit:
|
||||||
|
name: audit
|
||||||
|
hosts:
|
||||||
|
default: audit-api
|
||||||
|
host_fqdn_override:
|
||||||
|
default: null
|
||||||
|
path:
|
||||||
|
default: /v1/audit/transaction
|
||||||
|
scheme:
|
||||||
|
default: http
|
||||||
|
port:
|
||||||
|
api:
|
||||||
|
default: 7008
|
||||||
|
identity:
|
||||||
|
name: keystone
|
||||||
|
auth:
|
||||||
|
ranger:
|
||||||
|
role: admin
|
||||||
|
region_name: RegionOne
|
||||||
|
username: ranger-admin
|
||||||
|
password: password
|
||||||
|
project_name: service
|
||||||
|
user_domain_name: default
|
||||||
|
project_domain_name: default
|
||||||
|
hosts:
|
||||||
|
default: keystone
|
||||||
|
internal: keystone-api
|
||||||
|
host_fqdn_override:
|
||||||
|
default: null
|
||||||
|
path:
|
||||||
|
default: /v3
|
||||||
|
scheme:
|
||||||
|
default: http
|
||||||
|
port:
|
||||||
|
api:
|
||||||
|
default: 80
|
||||||
|
internal: 5000
|
||||||
|
|
||||||
|
pod:
|
||||||
|
user:
|
||||||
|
ranger:
|
||||||
|
uid: 1000
|
||||||
|
affinity:
|
||||||
|
anti:
|
||||||
|
type:
|
||||||
|
default: preferredDuringSchedulingIgnoredDuringExecution
|
||||||
|
topologyKey:
|
||||||
|
default: kubernetes.io/hostname
|
||||||
|
mounts:
|
||||||
|
ranger:
|
||||||
|
init_container: null
|
||||||
|
ranger:
|
||||||
|
ranger_tests:
|
||||||
|
init_container: null
|
||||||
|
ranger_tests:
|
||||||
|
replicas:
|
||||||
|
ranger: 1
|
||||||
|
lifecycle:
|
||||||
|
upgrades:
|
||||||
|
deployments:
|
||||||
|
revision_history: 3
|
||||||
|
pod_replacement_strategy: RollingUpdate
|
||||||
|
rolling_update:
|
||||||
|
max_unavailable: 1
|
||||||
|
max_surge: 3
|
||||||
|
disruption_budget:
|
||||||
|
ranger:
|
||||||
|
min_available: 0
|
||||||
|
termination_grace_period:
|
||||||
|
ranger:
|
||||||
|
timeout: 30
|
||||||
|
resources:
|
||||||
|
enabled: false
|
||||||
|
ranger:
|
||||||
|
requests:
|
||||||
|
memory: "128Mi"
|
||||||
|
cpu: "100m"
|
||||||
|
limits:
|
||||||
|
memory: "1024Mi"
|
||||||
|
cpu: "2000m"
|
||||||
|
jobs:
|
||||||
|
db_init:
|
||||||
|
requests:
|
||||||
|
memory: "128Mi"
|
||||||
|
cpu: "100m"
|
||||||
|
limits:
|
||||||
|
memory: "1024Mi"
|
||||||
|
cpu: "2000m"
|
||||||
|
db_sync:
|
||||||
|
requests:
|
||||||
|
memory: "128Mi"
|
||||||
|
cpu: "100m"
|
||||||
|
limits:
|
||||||
|
memory: "1024Mi"
|
||||||
|
cpu: "2000m"
|
||||||
|
db_drop:
|
||||||
|
requests:
|
||||||
|
memory: "128Mi"
|
||||||
|
cpu: "100m"
|
||||||
|
limits:
|
||||||
|
memory: "1024Mi"
|
||||||
|
cpu: "2000m"
|
||||||
|
tests:
|
||||||
|
requests:
|
||||||
|
memory: "128Mi"
|
||||||
|
cpu: "100m"
|
||||||
|
limits:
|
||||||
|
memory: "1024Mi"
|
||||||
|
cpu: "2000m"
|
||||||
|
|
||||||
|
manifests:
|
||||||
|
configmap_bin: true
|
||||||
|
configmap_etc: true
|
||||||
|
deployment_ranger_services: true
|
||||||
|
ingress_cms: true
|
||||||
|
ingress_fms: true
|
||||||
|
ingress_rms: true
|
||||||
|
ingress_ims: true
|
||||||
|
ingress_uuid: true
|
||||||
|
ingress_audit: true
|
||||||
|
secret_db: true
|
||||||
|
secret_ssh_key: true
|
||||||
|
secret_ingress_tls: true
|
||||||
|
job_db_init: true
|
||||||
|
job_db_sync: true
|
||||||
|
job_db_drop: false
|
||||||
|
job_image_repo_sync: true
|
||||||
|
pdb_api: true
|
||||||
|
pod_test: true
|
||||||
|
service_ingress_cms: true
|
||||||
|
service_ingress_fms: true
|
||||||
|
service_ingress_ims: true
|
||||||
|
service_ingress_rms: true
|
||||||
|
service_ingress_rds: true
|
||||||
|
service_cms: true
|
||||||
|
service_fms: true
|
||||||
|
service_ims: true
|
||||||
|
service_rms: true
|
||||||
|
service_rds: true
|
||||||
|
service_uuid: true
|
||||||
|
service_audit: true
|
||||||
|
|
Loading…
Reference in New Issue