openstack/openstack-helm-infra
Code Issues Proposed changes

Image local repo jobs and multiple namespace support

Browse Source 
This PS introduces support for using a local docker repo to
store images if desired, and adds multiple namespace support
to the entrypoint lookup functions.

Change-Id: Ib51aa30d3cc033795fe13f6c40a57d46171ad586
This commit is contained in:
intlabs
2017-11-02 03:13:07 -05:00
parent d4163dff03
commit 436845541b
66 changed files with 1289 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tiller/templates/clusterrolebinding-tiller.yaml
View File

@@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.clusterrolebinding_tiller }}
{{- $envAll := . }}
---
apiVersion: rbac.authorization.k8s.io/v1
@@ -28,3 +29,4 @@ subjects:
- kind: ServiceAccount
name: tiller
namespace: {{ .Release.Namespace }}
{{- end }}

27
tiller/templates/configmap-bin.yaml Normal file
View File

@@ -0,0 +1,27 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_bin }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: tiller-bin
data:
image-repo-sync.sh: |+
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
{{- end }}

11
tiller/templates/deployment-tiller.yaml
View File

@@ -14,7 +14,13 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.deployment_tiller }}
{{- $envAll := . }}
{{- if .Values.images.local_registry.active -}}
{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.tiller .Values.conditional_dependencies.local_image_registry) -}}
{{- else -}}
{{- $_ := set .Values "pod_dependency" .Values.dependencies.tiller -}}
{{- end -}}
---
apiVersion: extensions/v1beta1
kind: Deployment
@@ -40,6 +46,8 @@ spec:
app: helm
name: tiller
spec:
initContainers:
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- env:
- name: TILLER_NAMESPACE
@@ -82,3 +90,6 @@ spec:
serviceAccount: tiller
serviceAccountName: tiller
terminationGracePeriodSeconds: 30
volumes:
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
{{- end }}

65
tiller/templates/job-image-repo-sync.yaml Normal file
View File

@@ -0,0 +1,65 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_image_repo_sync }}
{{- $envAll := . }}
{{- if .Values.images.local_registry.active -}}
{{- $_ := set .Values "pod_dependency" .Values.dependencies.image_repo_sync -}}
---
apiVersion: batch/v1
kind: Job
metadata:
name: tiller-image-repo-sync
spec:
template:
metadata:
labels:
{{ tuple $envAll "tiller" "image-repo-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: image-repo-sync
{{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.image_repo_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: LOCAL_REPO
value: "{{ tuple "local_image_registry" "node" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}:{{ tuple "local_image_registry" "node" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
- name: IMAGE_SYNC_LIST
value: "{{ include "helm-toolkit.utils.image_sync_list" . }}"
command:
- /tmp/image-repo-sync.sh
volumeMounts:
- name: tiller-bin
mountPath: /tmp/image-repo-sync.sh
subPath: image-repo-sync.sh
readOnly: true
- name: docker-socket
mountPath: /var/run/docker.sock
volumes:
- name: tiller-bin
configMap:
name: tiller-bin
defaultMode: 0555
- name: docker-socket
hostPath:
path: /var/run/docker.sock
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
{{- end }}
{{- end }}

19
tiller/templates/rbac-entrypoint.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.rbac_entrypoint }}
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_rbac"}}
{{- end }}

2
tiller/templates/service-tiller-deploy.yaml
View File

@@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_tiller_deploy }}
{{- $envAll := . }}
---
apiVersion: v1
@@ -34,3 +35,4 @@ spec:
name: tiller
sessionAffinity: None
type: ClusterIP
{{- end }}

2
tiller/templates/serviceaccount-tiller.yaml
View File

@@ -14,9 +14,11 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.serviceaccount_tiller }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
{{- end }}

63
tiller/values.yaml
View File

@@ -26,6 +26,63 @@ release_group: null
images:
tags:
tiller: gcr.io/kubernetes-helm/tiller:v2.7.0-rc1
pull_policy: "IfNotPresent"
registry:
prefix: null
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
image_repo_sync: docker.io/docker:17.07.0
pull_policy: IfNotPresent
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
pod:
resources:
enabled: false
jobs:
image_repo_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
dependencies:
tiller:
services: null
image_repo_sync:
services:
- service: local_image_registry
endpoint: internal
conditional_dependencies:
local_image_registry:
jobs:
- tiller-image-repo-sync
services:
- service: local_image_registry
endpoint: node
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
manifests:
clusterrolebinding_tiller: true
configmap_bin: true
deployment_tiller: true
job_image_repo_sync: true
rbac_entrypoint: true
service_tiller_deploy: true
serviceaccount_tiller: true