openstack/openstack-helm
Code Issues Proposed changes

Add congress chart

Browse Source 
This chart provides a policy framework for the cloud.
It consist of 3 services. Api, policy engine, datasource.

helm install --name=congress local/congress --namespace=openstack

Change-Id: I5fabf91893bc006470469af397994b13fe86223b
This commit is contained in:
Vlad Naboichenko 2017-11-14 01:26:09 +00:00
parent 56d4657561
commit 090d2656cf
29 changed files with 1724 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
congress/.helmignore Normal file
View File

@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

25
congress/Chart.yaml Normal file
View File

@ -0,0 +1,25 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
description: OpenStack-Helm Glance
name: congress
version: 0.1.0
home: https://docs.openstack.org/developer/congress
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Congress/OpenStack_Project_Congress_vertical.png
sources:
- https://git.openstack.org/cgit/openstack/congress
- https://git.openstack.org/cgit/openstack/openstack-helm
maintainers:
- name: OpenStack-Helm Authors

18
congress/requirements.yaml Normal file
View File

@ -0,0 +1,18 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: 0.1.0

33
congress/templates/bin/_congress-api.sh.tpl Normal file
View File

@ -0,0 +1,33 @@
#!/bin/bash
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
COMMAND="${@:-start}"
function start () {
exec congress-server \
--api \
--node-id=$HOSTNAME \
--config-file /etc/congress/congress.conf
}
function stop () {
kill -TERM 1
}
$COMMAND

33
congress/templates/bin/_congress-datasource.sh.tpl Normal file
View File

@ -0,0 +1,33 @@
#!/bin/bash
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
COMMAND="${@:-start}"
function start () {
exec congress-server \
--datasources \
--node-id=$HOSTNAME \
--config-file /etc/congress/congress.conf
}
function stop () {
kill -TERM 1
}
$COMMAND

33
congress/templates/bin/_congress-policy-engine.sh.tpl Normal file
View File

@ -0,0 +1,33 @@
#!/bin/bash
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
COMMAND="${@:-start}"
function start () {
exec congress-server \
--policy-engine \
--node-id=$HOSTNAME \
--config-file /etc/congress/congress.conf
}
function stop () {
kill -TERM 1
}
$COMMAND

21
congress/templates/bin/_db-sync.sh.tpl Normal file
View File

@ -0,0 +1,21 @@
#!/bin/bash
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
congress-db-manage --config-file /etc/congress/congress.conf upgrade head

42
congress/templates/bin/_ds_create.sh.tpl Normal file
View File

@ -0,0 +1,42 @@
#!/bin/bash
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
# Create datasources for congress service
# neutronv2, glancev2, keystonev3
datasource_list={{ include "helm-toolkit.utils.joinListWithSpace" .Values.policy.datasource_services | quote }}
configure_service() {
service=$1
service_enabled=`openstack service list | grep $(echo $service | sed 's/v[0-9]$//g') || true`
datasource_exist=`openstack congress datasource list | awk '{print $4}' |grep $service || true`
if [ -z "$datasource_exist" ] && [ ! -z "$service_enabled" ]
then
openstack congress datasource create $service "$service" \
--config poll_time={{.Values.policy.poll_time}} \
--config username=$OS_USERNAME \
--config tenant_name=$OS_PROJECT_NAME \
--config password=$OS_PASSWORD \
--config auth_url=$OS_AUTH_URL
fi
}
for ds in $datasource_list
do
configure_service $ds
done

44
congress/templates/bin/_helm-tests.sh.tpl Normal file
View File

@ -0,0 +1,44 @@
#!/bin/bash
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
datasource_list={{ include "helm-toolkit.utils.joinListWithSpace" .Values.policy.datasource_services | quote }}
random_string=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 5 | head -n 1`
if [ ! -z "$datasource_list" ]
then
# Try to create policy and rule with every enabled datasource "neutronv2, glancev2"
# Datasources should be created during installation step via _ds_create.sh.tpl script
for ds in $datasource_list
do
policy_name="${ds}_policy_${random_string}"
openstack congress policy create $policy_name
openstack congress policy rule create $policy_name "
${policy_name}_rule(id) :-
${ds}(id)"
openstack congress policy delete $policy_name
done
else
echo "No datasource enabled."
exit 1
fi

45
congress/templates/configmap-bin.yaml Normal file
View File

@ -0,0 +1,45 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_bin }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: congress-bin
data:
congress-api.sh: |
{{ tuple "bin/_congress-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
congress-policy-engine.sh: |
{{ tuple "bin/_congress-policy-engine.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
congress-datasource.sh: |
{{ tuple "bin/_congress-datasource.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
db-init.py: |
{{- include "helm-toolkit.scripts.db_init" . | indent 4 }}
db-sync.sh: |
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ds-create.sh: |
{{ tuple "bin/_ds_create.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
congress-test.sh: |
{{ tuple "bin/_helm-tests.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ks-service.sh: |+
{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }}
ks-endpoints.sh: |+
{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
ks-user.sh: |+
{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
{{- end }}

72
congress/templates/configmap-etc.yaml Normal file
View File

@ -0,0 +1,72 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_etc }}
{{- $envAll := . }}
{{- if empty .Values.conf.congress.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.congress.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.congress.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.congress.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.auth_url -}}
{{- tuple "identity" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.congress.keystone_authtoken "auth_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.auth_uri -}}
{{- set .Values.conf.congress.keystone_authtoken "auth_uri" .Values.conf.congress.keystone_authtoken.auth_url | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.region_name -}}
{{- set .Values.conf.congress.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.project_name -}}
{{- set .Values.conf.congress.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.congress.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.congress.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.username -}}
{{- set .Values.conf.congress.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.password -}}
{{- set .Values.conf.congress.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- end -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: congress-etc
data:
congress.conf: |+
{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.congress | indent 4 }}
api-paste.ini: |+
{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }}
policy.json: |+
{{ toJson .Values.conf.policy | indent 4 }}
{{- end }}

83
congress/templates/deployment-api.yaml Normal file
View File

@ -0,0 +1,83 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.deployment_api }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.api }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: congress-api-dep
spec:
replicas: {{ .Values.pod.replicas.api }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "congress" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
affinity:
{{ tuple $envAll "congress" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
containers:
- name: congress-api
image: {{ .Values.images.tags.api }}
imagePullPolicy: {{ .Values.images.pull_policy }}
securityContext:
runAsUser: {{ .Values.pod.user.congress.uid }}
command:
- /tmp/congress-api.sh
- start
ports:
- containerPort: {{ .Values.conf.congress.DEFAULT.bind_port }}
readinessProbe:
tcpSocket:
port: {{ .Values.conf.congress.DEFAULT.bind_port }}
volumeMounts:
- name: etccongress
mountPath: /etc/congress
- name: congress-bin
mountPath: /tmp/congress-api.sh
subPath: congress-api.sh
readOnly: true
- name: congress-etc
mountPath: /etc/congress/congress.conf
subPath: congress.conf
readOnly: true
- name: congress-etc
mountPath: /etc/congress/api-paste.ini
subPath: api-paste.ini
readOnly: true
- name: congress-etc
mountPath: /etc/congress/policy.json
subPath: policy.json
readOnly: true
volumes:
- name: etccongress
emptyDir: {}
- name: congress-bin
configMap:
name: congress-bin
defaultMode: 0777
- name: congress-etc
configMap:
name: congress-etc
defaultMode: 0444
{{ end }}

79
congress/templates/deployment-datasource.yaml Normal file
View File

@ -0,0 +1,79 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.deployment_datasource }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.datasource }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: congress-datasource-dep
spec:
replicas: {{ .Values.pod.replicas.datasource }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "congress" "datasource" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
affinity:
{{ tuple $envAll "congress" "datasource" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
containers:
- name: congress-datasource
image: {{ .Values.images.tags.datasource }}
imagePullPolicy: {{ .Values.images.pull_policy }}
securityContext:
runAsUser: {{ .Values.pod.user.congress.uid }}
command:
- /tmp/congress-datasource.sh
- start
volumeMounts:
- name: etccongress
mountPath: /etc/congress
- name: congress-bin
mountPath: /tmp/congress-datasource.sh
subPath: congress-datasource.sh
readOnly: true
- name: congress-etc
mountPath: /etc/congress/congress.conf
subPath: congress.conf
readOnly: true
- name: congress-etc
mountPath: /etc/congress/api-paste.ini
subPath: api-paste.ini
readOnly: true
- name: congress-etc
mountPath: /etc/congress/policy.json
subPath: policy.json
readOnly: true
volumes:
- name: etccongress
emptyDir: {}
- name: congress-bin
configMap:
name: congress-bin
defaultMode: 0555
- name: congress-etc
configMap:
name: congress-etc
defaultMode: 0444
{{ end }}

79
congress/templates/deployment-policy-engine.yaml Normal file
View File

@ -0,0 +1,79 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.deployment_policy_engine }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.policy_engine }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: congress-policy-engine-dep
spec:
replicas: {{ .Values.pod.replicas.policy_engine }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "congress" "policy_engine" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
affinity:
{{ tuple $envAll "congress" "policy_engine" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
containers:
- name: congress-policy-engine
image: {{ .Values.images.tags.policy_engine }}
imagePullPolicy: {{ .Values.images.pull_policy }}
securityContext:
runAsUser: {{ .Values.pod.user.congress.uid }}
command:
- /tmp/congress-policy-engine.sh
- start
volumeMounts:
- name: etccongress
mountPath: /etc/congress
- name: congress-bin
mountPath: /tmp/congress-policy-engine.sh
subPath: congress-policy-engine.sh
readOnly: true
- name: congress-etc
mountPath: /etc/congress/congress.conf
subPath: congress.conf
readOnly: true
- name: congress-etc
mountPath: /etc/congress/api-paste.ini
subPath: api-paste.ini
readOnly: true
- name: congress-etc
mountPath: /etc/congress/policy.json
subPath: policy.json
readOnly: true
volumes:
- name: etccongress
emptyDir: {}
- name: congress-bin
configMap:
name: congress-bin
defaultMode: 0555
- name: congress-etc
configMap:
name: congress-etc
defaultMode: 0444
{{ end }}

60
congress/templates/ingress-api.yaml Normal file
View File

@ -0,0 +1,60 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.ingress_api }}
{{- $envAll := . }}
{{- if .Values.network.api.ingress.public }}
{{- $backendServiceType := "policy" }}
{{- $backendPort := "c-api" }}
{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ $ingressName }}
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
ingress.kubernetes.io/proxy-body-size: {{ .Values.network.api.ingress.proxy_body_size | quote }}
spec:
rules:
{{ if ne $hostNameNamespaced $hostNameFull }}
{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }}
- host: {{ $vHost }}
http:
paths:
- path: /
backend:
serviceName: {{ $backendName }}
servicePort: {{ $backendPort }}
{{- end }}
{{- else }}
{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced }}
- host: {{ $vHost }}
http:
paths:
- path: /
backend:
serviceName: {{ $backendName }}
servicePort: {{ $backendPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

77
congress/templates/job-db-init.yaml Normal file
View File

@ -0,0 +1,77 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_db_init }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.db_init }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: congress-db-init
spec:
template:
metadata:
labels:
{{ tuple $envAll "congress" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: congress-db-init
image: {{ .Values.images.tags.db_init }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: ROOT_DB_CONNECTION
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.oslo_db.admin }}
key: DB_CONNECTION
- name: OPENSTACK_CONFIG_FILE
value: /etc/congress/congress.conf
- name: OPENSTACK_CONFIG_DB_SECTION
value: database
- name: OPENSTACK_CONFIG_DB_KEY
value: connection
command:
- /tmp/db-init.py
volumeMounts:
- name: congress-bin
mountPath: /tmp/db-init.py
subPath: db-init.py
readOnly: true
- name: etccongress
mountPath: /etc/congress
- name: congress-etc
mountPath: /etc/congress/congress.conf
subPath: congress.conf
readOnly: true
volumes:
- name: etccongress
emptyDir: {}
- name: congress-etc
configMap:
name: congress-etc
defaultMode: 0444
- name: congress-bin
configMap:
name: congress-bin
defaultMode: 0555
{{- end }}

65
congress/templates/job-db-sync.yaml Normal file
View File

@ -0,0 +1,65 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_db_sync }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.db_sync }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: congress-db-sync
spec:
template:
metadata:
labels:
{{ tuple $envAll "congress" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: congress-db-sync
image: {{ .Values.images.tags.db_sync }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/db-sync.sh
volumeMounts:
- name: congress-bin
mountPath: /tmp/db-sync.sh
subPath: db-sync.sh
readOnly: true
- name: etccongress
mountPath: /etc/congress
- name: congress-etc
mountPath: /etc/congress/congress.conf
subPath: congress.conf
readOnly: true
volumes:
- name: etccongress
emptyDir: {}
- name: congress-etc
configMap:
name: congress-etc
defaultMode: 0444
- name: congress-bin
configMap:
name: congress-bin
defaultMode: 0555
{{- end }}

59
congress/templates/job-ds-create.yaml Normal file
View File

@ -0,0 +1,59 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_ds_create }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ds_create }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: congress-ds-create
spec:
template:
metadata:
labels:
{{ tuple $envAll "congress" "ds-create" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: congress-ds-create
image: {{ .Values.images.tags.ds_create }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ds_create | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ds-create.sh
volumeMounts:
- name: ds-create-sh
mountPath: /tmp/ds-create.sh
subPath: ds-create.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "congress"
volumes:
- name: ds-create-sh
configMap:
name: congress-bin
defaultMode: 0555
{{- end }}

69
congress/templates/job-ks-endpoints.yaml Normal file
View File

@ -0,0 +1,69 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_ks_endpoints }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ks_endpoints }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: congress-ks-endpoints
spec:
template:
metadata:
labels:
{{ tuple $envAll "congress" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
{{- range $key1, $osServiceType := tuple "policy" }}
{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
- name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }}
image: {{ $envAll.Values.images.tags.ks_endpoints }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-endpoints.sh
volumeMounts:
- name: ks-endpoints-sh
mountPath: /tmp/ks-endpoints.sh
subPath: ks-endpoints.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: OS_SVC_ENDPOINT
value: {{ $osServiceEndPoint }}
- name: OS_SERVICE_NAME
value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
- name: OS_SERVICE_TYPE
value: {{ $osServiceType }}
- name: OS_SERVICE_ENDPOINT
value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
{{- end }}
{{- end }}
volumes:
- name: ks-endpoints-sh
configMap:
name: congress-bin
defaultMode: 0555
{{- end }}

63
congress/templates/job-ks-service.yaml Normal file
View File

@ -0,0 +1,63 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_ks_service }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ks_service }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: congress-ks-service
spec:
template:
metadata:
labels:
{{ tuple $envAll "congress" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
{{- range $key1, $osServiceType := tuple "policy" }}
- name: {{ $osServiceType }}-ks-service-registration
image: {{ $envAll.Values.images.tags.ks_service }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_service | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-service.sh
volumeMounts:
- name: ks-service-sh
mountPath: /tmp/ks-service.sh
subPath: ks-service.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: OS_SERVICE_NAME
value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
- name: OS_SERVICE_TYPE
value: {{ $osServiceType }}
{{- end }}
volumes:
- name: ks-service-sh
configMap:
name: congress-bin
defaultMode: 0555
{{- end }}

64
congress/templates/job-ks-user.yaml Normal file
View File

@ -0,0 +1,64 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_ks_user }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ks_user }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: congress-ks-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "congress" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: congress-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "congress"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: congress-bin
defaultMode: 0555
{{- end }}

46
congress/templates/pod-test.yaml Normal file
View File

@ -0,0 +1,46 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.tests }}
---
apiVersion: v1
kind: Pod
metadata:
name: "{{.Release.Name}}-test"
annotations:
"helm.sh/hook": test-success
spec:
restartPolicy: Never
containers:
- name: {{.Release.Name}}-congress-test
image: {{ .Values.images.tags.scripted_test }}
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }}
command:
- /tmp/congress-test.sh
volumeMounts:
- name: congress-bin
mountPath: /tmp/congress-test.sh
subPath: congress-test.sh
readOnly: true
volumes:
- name: congress-bin
configMap:
name: congress-bin
defaultMode: 0555

30
congress/templates/secret-db.yaml Normal file
View File

@ -0,0 +1,30 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
{{- end }}
{{- end }}

30
congress/templates/secret-keystone.yaml Normal file
View File

@ -0,0 +1,30 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
{{- end }}
{{- end }}

36
congress/templates/service-api.yaml Normal file
View File

@ -0,0 +1,36 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_api }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "policy" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: c-api
port: {{ .Values.conf.congress.DEFAULT.bind_port }}
{{ if .Values.network.api.node_port.enabled }}
nodePort: {{ .Values.network.api.node_port.port }}
{{ end }}
selector:
{{ tuple $envAll "congress" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ if .Values.network.api.node_port.enabled }}
type: NodePort
{{ end }}
{{- end }}

32
congress/templates/service-ingress-api.yaml Normal file
View File

@ -0,0 +1,32 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_ingress_api }}
{{- $envAll := . }}
{{- if .Values.network.api.ingress.public }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "policy" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: http
port: 80
selector:
app: ingress-api
{{- end }}
{{- end }}

442
congress/values.yaml Normal file
View File

@ -0,0 +1,442 @@
labels:
node_selector_key: openstack-control-plane
node_selector_value: enabled
release_group: null
images:
tags:
api: &congress_api docker.io/kolla/ubuntu-source-congress-api:3.0.3
datasource: docker.io/kolla/ubuntu-source-congress-datasource:3.0.3
policy_engine: docker.io/kolla/ubuntu-source-congress-policy-engine:3.0.3
db_init: *congress_api
db_sync: *congress_api
db_drop: *congress_api
ks_user: *congress_api
ks_service: *congress_api
ks_endpoints: *congress_api
ds_create: *congress_api
scripted_test: *congress_api
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
pull_policy: "IfNotPresent"
network:
api:
ingress:
public: true
proxy_body_size: 1024M
node_port:
enabled: false
port: 1789
volume:
class_name: general
size: 2Gi
dependencies:
storage_init:
services:
db_init:
services:
- service: oslo_db
endpoint: internal
db_sync:
jobs:
- congress-db-init
services:
- service: oslo_db
endpoint: internal
db_drop:
services:
- service: oslo_db
endpoint: internal
bootstrap:
jobs:
- congress-db-sync
- congress-ks-user
- congress-ks-endpoints
services:
- service: identity
endpoint: internal
- service: image
endpoint: internal
ks_user:
services:
- service: identity
endpoint: internal
ks_service:
services:
- service: identity
endpoint: internal
ks_endpoints:
jobs:
- congress-ks-service
services:
- service: identity
endpoint: internal
api:
jobs:
- congress-db-sync
- congress-ks-user
- congress-ks-endpoints
services:
- service: oslo_db
endpoint: internal
- service: identity
endpoint: internal
datasource:
jobs:
- congress-db-sync
- congress-ks-user
- congress-ks-endpoints
services:
- service: oslo_db
endpoint: internal
- service: identity
endpoint: internal
policy_engine:
jobs:
- congress-db-sync
- congress-ks-user
- congress-ks-endpoints
services:
- service: oslo_db
endpoint: internal
- service: identity
endpoint: internal
ds_create:
jobs:
- congress-ks-endpoints
services:
- service: policy
endpoint: internal
tests:
services:
- service: oslo_db
endpoint: internal
- service: identity
endpoint: internal
- service: policy
endpoint: internal
secrets:
identity:
admin: congress-keystone-admin
user: congress-keystone-user
oslo_db:
admin: congress-db-admin
user: congress-db-user
rbd: images-rbd-keyring
endpoints:
cluster_domain_suffix: cluster.local
identity:
name: keystone
auth:
admin:
region_name: RegionOne
username: admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
user:
role: admin
region_name: RegionOne
username: congress
password: password
project_name: service
user_domain_name: default
project_domain_name: default
hosts:
default: keystone-api
public: keystone
host_fqdn_override:
default: null
path:
default: /v3
scheme:
default: http
port:
admin:
default: 35357
api:
default: 80
policy:
name: congress
hosts:
default: congress-api
public: congress
host_fqdn_override:
default: null
path:
default: null
scheme:
default: http
port:
api:
default: 1789
public: 80
oslo_db:
auth:
admin:
username: root
password: password
user:
username: congress
password: password
hosts:
default: mariadb
host_fqdn_override:
default: null
path: /congress
scheme: mysql+pymysql
port:
mysql:
default: 3306
oslo_cache:
hosts:
default: memcached
host_fqdn_override:
default: null
port:
memcache:
default: 11211
oslo_messaging:
auth:
admin:
username: admin
password: password
user:
username: rabbitmq
password: password
hosts:
default: rabbitmq
host_fqdn_override:
default: null
path: /
scheme: rabbit
port:
amqp:
default: 5672
ceph_object_store:
name: radosgw
namespace: ceph
auth:
user:
username: congress
password: password
tmpurlkey: supersecret
hosts:
default: ceph-rgw
host_fqdn_override:
default: null
path:
default: /auth/v1.0
scheme:
default: http
port:
api:
default: 8088
policy:
datasource_services:
- neutronv2
- glancev2
- keystonev3
- swift
- heat
- nova
poll_time: 120
conf:
congress:
DEFAULT:
bind_port: 1789
drivers: congress.datasources.neutronv2_driver.NeutronV2Driver,congress.datasources.glancev2_driver.GlanceV2Driver,congress.datasources.nova_driver.NovaDriver,congress.datasources.keystonev3_driver.KeystoneV3Driver,congress.datasources.cinder_driver.CinderDriver,congress.datasources.swift_driver.SwiftDriver,congress.datasources.plexxi_driver.PlexxiDriver,congress.datasources.vCenter_driver.VCenterDriver,congress.datasources.murano_driver.MuranoDriver,congress.datasources.ironic_driver.IronicDriver,congress.datasources.heatv1_driver.HeatV1Driver,congress.datasources.doctor_driver.DoctorDriver,congress.datasources.ceilometer_driver.CeilometerDriver
replicated_policy_engine: False
datasource_sync_period: 30
auth_strategy: keystone
debug: False
logging_exception_prefix: '%(color)s%(asctime)s.%(msecs)03d TRACE %(name)s %(instance)s'
logging_debug_format_suffix: 'from (pid=%(process)d) %(funcName)s %(pathname)s:%(lineno)d'
logging_default_format_string: '%(asctime)s.%(msecs)03d %(color)s%(levelname)s %(name)s [-%(color)s] %(instance)s%(color)s%(message)s'
logging_context_format_string: '%(asctime)s.%(msecs)03d %(color)s%(levelname)s %(name)s [%(request_id)s %(project_name)s %(user_name)s%(color)s] %(instance)s%(color)s%(message)s'
oslo_policy:
policy_file: /etc/congress/policy.json
database:
max_retries: -1
keystone_authtoken:
auth_type: password
paste:
composite:congress:
use: egg:Paste#urlmap
/: congressversions
/v1: congress_api_v1
pipeline:congressversions:
pipeline: cors http_proxy_to_wsgi catch_errors congressversionapp
app:congressversionapp:
paste.app_factory: congress.api.versions:Versions.factory
composite:congress_api_v1:
use: call:congress.auth:pipeline_factory
keystone: cors http_proxy_to_wsgi request_id catch_errors authtoken keystonecontext congress_api
noauth: cors http_proxy_to_wsgi request_id catch_errors congress_api
app:congress_api:
paste.app_factory: congress.service:congress_app_factory
filter:request_id:
paste.filter_factory: oslo_middleware:RequestId.factory
filter:catch_errors:
paste.filter_factory: oslo_middleware:CatchErrors.factory
filter:keystonecontext:
paste.filter_factory: congress.auth:CongressKeystoneContext.factory
filter:authtoken:
paste.filter_factory: keystonemiddleware.auth_token:filter_factory
filter:cors:
paste.filter_factory: oslo_middleware.cors:filter_factory
oslo_config_project: congress
filter:http_proxy_to_wsgi:
paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
oslo_config_project: congress
policy:
context_is_admin: role:admin
admin_only: rule:context_is_admin
regular_user: ""
default: rule:admin_only
pod:
user:
congress:
uid: 1000
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
replicas:
api: 1
policy_engine: 1
# dont scale out ds node
# only one node per environment should be in active state
# https://docs.openstack.org/congress/latest/admin/ha-overview.html#ha-overview
datasource: 1
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
disruption_budget:
api:
min_available: 0
datasource:
min_available: 0
policy_engine:
min_available: 0
termination_grace_period:
api:
timeout: 600
datasource:
timeout: 600
policy_engine:
timeout: 600
resources:
enabled: false
api:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
registry:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
storage_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_drop:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_user:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_service:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_endpoints:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
bootstrap:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
tests:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
manifests:
configmap_bin: true
configmap_etc: true
deployment_api: true
deployment_policy_engine: true
deployment_datasource: true
job_db_init: true
job_db_sync: true
secret_db: true
secret_keystone: true
job_ks_endpoints: true
job_ks_service: true
job_ks_user: true
job_ds_create: true
service_api: true
ingress_api: true
service_ingress_api: true

20
helm-toolkit/templates/utils/_joinListWithSpace.tpl Normal file
View File

@ -0,0 +1,20 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "helm-toolkit.utils.joinListWithSpace" -}}
{{- $local := dict "first" true -}}
{{- range $k, $v := . -}}{{- if not $local.first -}}{{- " " -}}{{- end -}}{{- $v -}}{{- $_ := set $local "first" false -}}{{- end -}}
{{- end -}}

3
tools/gate/launch-osh/basic.sh
View File

@ -195,6 +195,9 @@ kube_wait_for_pods openstack ${POD_START_TIMEOUT_OPENSTACK}
helm install --namespace=openstack ${WORK_DIR}/heat --name=heat
kube_wait_for_pods openstack ${POD_START_TIMEOUT_OPENSTACK}
helm install --namespace=openstack ${WORK_DIR}/congress --name=congress
kube_wait_for_pods openstack ${POD_START_TIMEOUT_OPENSTACK}
if [ "x$INTEGRATION" == "xmulti" ]; then
helm install --namespace=openstack ${WORK_DIR}/horizon --name=horizon
kube_wait_for_pods openstack ${POD_START_TIMEOUT_OPENSTACK}