From 090d2656cfe7fd19e2e36bf9ab5bddbb66d4e9f2 Mon Sep 17 00:00:00 2001 From: Vlad Naboichenko Date: Tue, 14 Nov 2017 01:26:09 +0000 Subject: [PATCH] Add congress chart This chart provides a policy framework for the cloud. It consist of 3 services. Api, policy engine, datasource. helm install --name=congress local/congress --namespace=openstack Change-Id: I5fabf91893bc006470469af397994b13fe86223b --- congress/.helmignore | 21 + congress/Chart.yaml | 25 + congress/requirements.yaml | 18 + congress/templates/bin/_congress-api.sh.tpl | 33 ++ .../templates/bin/_congress-datasource.sh.tpl | 33 ++ .../bin/_congress-policy-engine.sh.tpl | 33 ++ congress/templates/bin/_db-sync.sh.tpl | 21 + congress/templates/bin/_ds_create.sh.tpl | 42 ++ congress/templates/bin/_helm-tests.sh.tpl | 44 ++ congress/templates/configmap-bin.yaml | 45 ++ congress/templates/configmap-etc.yaml | 72 +++ congress/templates/deployment-api.yaml | 83 ++++ congress/templates/deployment-datasource.yaml | 79 ++++ .../templates/deployment-policy-engine.yaml | 79 ++++ congress/templates/ingress-api.yaml | 60 +++ congress/templates/job-db-init.yaml | 77 +++ congress/templates/job-db-sync.yaml | 65 +++ congress/templates/job-ds-create.yaml | 59 +++ congress/templates/job-ks-endpoints.yaml | 69 +++ congress/templates/job-ks-service.yaml | 63 +++ congress/templates/job-ks-user.yaml | 64 +++ congress/templates/pod-test.yaml | 46 ++ congress/templates/secret-db.yaml | 30 ++ congress/templates/secret-keystone.yaml | 30 ++ congress/templates/service-api.yaml | 36 ++ congress/templates/service-ingress-api.yaml | 32 ++ congress/values.yaml | 442 ++++++++++++++++++ .../templates/utils/_joinListWithSpace.tpl | 20 + tools/gate/launch-osh/basic.sh | 3 + 29 files changed, 1724 insertions(+) create mode 100644 congress/.helmignore create mode 100644 congress/Chart.yaml create mode 100644 congress/requirements.yaml create mode 100644 congress/templates/bin/_congress-api.sh.tpl create mode 100644 congress/templates/bin/_congress-datasource.sh.tpl create mode 100644 congress/templates/bin/_congress-policy-engine.sh.tpl create mode 100644 congress/templates/bin/_db-sync.sh.tpl create mode 100644 congress/templates/bin/_ds_create.sh.tpl create mode 100644 congress/templates/bin/_helm-tests.sh.tpl create mode 100644 congress/templates/configmap-bin.yaml create mode 100644 congress/templates/configmap-etc.yaml create mode 100644 congress/templates/deployment-api.yaml create mode 100644 congress/templates/deployment-datasource.yaml create mode 100644 congress/templates/deployment-policy-engine.yaml create mode 100644 congress/templates/ingress-api.yaml create mode 100644 congress/templates/job-db-init.yaml create mode 100644 congress/templates/job-db-sync.yaml create mode 100644 congress/templates/job-ds-create.yaml create mode 100644 congress/templates/job-ks-endpoints.yaml create mode 100644 congress/templates/job-ks-service.yaml create mode 100644 congress/templates/job-ks-user.yaml create mode 100644 congress/templates/pod-test.yaml create mode 100644 congress/templates/secret-db.yaml create mode 100644 congress/templates/secret-keystone.yaml create mode 100644 congress/templates/service-api.yaml create mode 100644 congress/templates/service-ingress-api.yaml create mode 100644 congress/values.yaml create mode 100644 helm-toolkit/templates/utils/_joinListWithSpace.tpl diff --git a/congress/.helmignore b/congress/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/congress/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/congress/Chart.yaml b/congress/Chart.yaml new file mode 100644 index 0000000000..394c1e4da7 --- /dev/null +++ b/congress/Chart.yaml @@ -0,0 +1,25 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: OpenStack-Helm Glance +name: congress +version: 0.1.0 +home: https://docs.openstack.org/developer/congress +icon: https://www.openstack.org/themes/openstack/images/project-mascots/Congress/OpenStack_Project_Congress_vertical.png +sources: + - https://git.openstack.org/cgit/openstack/congress + - https://git.openstack.org/cgit/openstack/openstack-helm +maintainers: + - name: OpenStack-Helm Authors diff --git a/congress/requirements.yaml b/congress/requirements.yaml new file mode 100644 index 0000000000..53782e69b2 --- /dev/null +++ b/congress/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/congress/templates/bin/_congress-api.sh.tpl b/congress/templates/bin/_congress-api.sh.tpl new file mode 100644 index 0000000000..c6f8bb465f --- /dev/null +++ b/congress/templates/bin/_congress-api.sh.tpl @@ -0,0 +1,33 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +COMMAND="${@:-start}" + +function start () { + exec congress-server \ + --api \ + --node-id=$HOSTNAME \ + --config-file /etc/congress/congress.conf +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/congress/templates/bin/_congress-datasource.sh.tpl b/congress/templates/bin/_congress-datasource.sh.tpl new file mode 100644 index 0000000000..f24d07b128 --- /dev/null +++ b/congress/templates/bin/_congress-datasource.sh.tpl @@ -0,0 +1,33 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +COMMAND="${@:-start}" + +function start () { + exec congress-server \ + --datasources \ + --node-id=$HOSTNAME \ + --config-file /etc/congress/congress.conf +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/congress/templates/bin/_congress-policy-engine.sh.tpl b/congress/templates/bin/_congress-policy-engine.sh.tpl new file mode 100644 index 0000000000..7b4578a9d5 --- /dev/null +++ b/congress/templates/bin/_congress-policy-engine.sh.tpl @@ -0,0 +1,33 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +COMMAND="${@:-start}" + +function start () { + exec congress-server \ + --policy-engine \ + --node-id=$HOSTNAME \ + --config-file /etc/congress/congress.conf +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/congress/templates/bin/_db-sync.sh.tpl b/congress/templates/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..f079baf21e --- /dev/null +++ b/congress/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +congress-db-manage --config-file /etc/congress/congress.conf upgrade head diff --git a/congress/templates/bin/_ds_create.sh.tpl b/congress/templates/bin/_ds_create.sh.tpl new file mode 100644 index 0000000000..5569bfd66c --- /dev/null +++ b/congress/templates/bin/_ds_create.sh.tpl @@ -0,0 +1,42 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +# Create datasources for congress service +# neutronv2, glancev2, keystonev3 +datasource_list={{ include "helm-toolkit.utils.joinListWithSpace" .Values.policy.datasource_services | quote }} +configure_service() { + service=$1 + service_enabled=`openstack service list | grep $(echo $service | sed 's/v[0-9]$//g') || true` + datasource_exist=`openstack congress datasource list | awk '{print $4}' |grep $service || true` + if [ -z "$datasource_exist" ] && [ ! -z "$service_enabled" ] + then + openstack congress datasource create $service "$service" \ + --config poll_time={{.Values.policy.poll_time}} \ + --config username=$OS_USERNAME \ + --config tenant_name=$OS_PROJECT_NAME \ + --config password=$OS_PASSWORD \ + --config auth_url=$OS_AUTH_URL + fi +} + +for ds in $datasource_list +do + configure_service $ds +done diff --git a/congress/templates/bin/_helm-tests.sh.tpl b/congress/templates/bin/_helm-tests.sh.tpl new file mode 100644 index 0000000000..5c93b7e7bc --- /dev/null +++ b/congress/templates/bin/_helm-tests.sh.tpl @@ -0,0 +1,44 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + + +datasource_list={{ include "helm-toolkit.utils.joinListWithSpace" .Values.policy.datasource_services | quote }} +random_string=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 5 | head -n 1` + +if [ ! -z "$datasource_list" ] + then + # Try to create policy and rule with every enabled datasource "neutronv2, glancev2" + # Datasources should be created during installation step via _ds_create.sh.tpl script + for ds in $datasource_list + do + policy_name="${ds}_policy_${random_string}" + openstack congress policy create $policy_name + + openstack congress policy rule create $policy_name " + ${policy_name}_rule(id) :- + ${ds}(id)" + + openstack congress policy delete $policy_name + done + else + echo "No datasource enabled." + exit 1 + +fi diff --git a/congress/templates/configmap-bin.yaml b/congress/templates/configmap-bin.yaml new file mode 100644 index 0000000000..ff9aba3ff3 --- /dev/null +++ b/congress/templates/configmap-bin.yaml @@ -0,0 +1,45 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: congress-bin +data: + congress-api.sh: | +{{ tuple "bin/_congress-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + congress-policy-engine.sh: | +{{ tuple "bin/_congress-policy-engine.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + congress-datasource.sh: | +{{ tuple "bin/_congress-datasource.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + db-init.py: | +{{- include "helm-toolkit.scripts.db_init" . | indent 4 }} + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + ds-create.sh: | +{{ tuple "bin/_ds_create.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + congress-test.sh: | +{{ tuple "bin/_helm-tests.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + ks-service.sh: |+ +{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }} + ks-endpoints.sh: |+ +{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }} + ks-user.sh: |+ +{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} +{{- end }} diff --git a/congress/templates/configmap-etc.yaml b/congress/templates/configmap-etc.yaml new file mode 100644 index 0000000000..bae9a42935 --- /dev/null +++ b/congress/templates/configmap-etc.yaml @@ -0,0 +1,72 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_etc }} +{{- $envAll := . }} + +{{- if empty .Values.conf.congress.DEFAULT.transport_url -}} +{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.congress.DEFAULT "transport_url" | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.congress.database.connection -}} +{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.congress.database "connection" | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.congress.keystone_authtoken.memcached_servers -}} +{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.congress.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.congress.keystone_authtoken.auth_url -}} +{{- tuple "identity" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.congress.keystone_authtoken "auth_url" | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.congress.keystone_authtoken.auth_uri -}} +{{- set .Values.conf.congress.keystone_authtoken "auth_uri" .Values.conf.congress.keystone_authtoken.auth_url | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.congress.keystone_authtoken.region_name -}} +{{- set .Values.conf.congress.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.congress.keystone_authtoken.project_name -}} +{{- set .Values.conf.congress.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.congress.keystone_authtoken.project_domain_name -}} +{{- set .Values.conf.congress.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.congress.keystone_authtoken.user_domain_name -}} +{{- set .Values.conf.congress.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.congress.keystone_authtoken.username -}} +{{- set .Values.conf.congress.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.congress.keystone_authtoken.password -}} +{{- set .Values.conf.congress.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}} +{{- end -}} + + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: congress-etc +data: + congress.conf: |+ +{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.congress | indent 4 }} + api-paste.ini: |+ +{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }} + policy.json: |+ +{{ toJson .Values.conf.policy | indent 4 }} +{{- end }} diff --git a/congress/templates/deployment-api.yaml b/congress/templates/deployment-api.yaml new file mode 100644 index 0000000000..b08ac37e3e --- /dev/null +++ b/congress/templates/deployment-api.yaml @@ -0,0 +1,83 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_api }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.api }} + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: congress-api-dep +spec: + replicas: {{ .Values.pod.replicas.api }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "congress" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + affinity: +{{ tuple $envAll "congress" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: congress-api + image: {{ .Values.images.tags.api }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + runAsUser: {{ .Values.pod.user.congress.uid }} + command: + - /tmp/congress-api.sh + - start + ports: + - containerPort: {{ .Values.conf.congress.DEFAULT.bind_port }} + readinessProbe: + tcpSocket: + port: {{ .Values.conf.congress.DEFAULT.bind_port }} + volumeMounts: + - name: etccongress + mountPath: /etc/congress + - name: congress-bin + mountPath: /tmp/congress-api.sh + subPath: congress-api.sh + readOnly: true + - name: congress-etc + mountPath: /etc/congress/congress.conf + subPath: congress.conf + readOnly: true + - name: congress-etc + mountPath: /etc/congress/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: congress-etc + mountPath: /etc/congress/policy.json + subPath: policy.json + readOnly: true + volumes: + - name: etccongress + emptyDir: {} + - name: congress-bin + configMap: + name: congress-bin + defaultMode: 0777 + - name: congress-etc + configMap: + name: congress-etc + defaultMode: 0444 +{{ end }} diff --git a/congress/templates/deployment-datasource.yaml b/congress/templates/deployment-datasource.yaml new file mode 100644 index 0000000000..c020eb77a5 --- /dev/null +++ b/congress/templates/deployment-datasource.yaml @@ -0,0 +1,79 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_datasource }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.datasource }} + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: congress-datasource-dep +spec: + replicas: {{ .Values.pod.replicas.datasource }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "congress" "datasource" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + affinity: +{{ tuple $envAll "congress" "datasource" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: congress-datasource + image: {{ .Values.images.tags.datasource }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + runAsUser: {{ .Values.pod.user.congress.uid }} + command: + - /tmp/congress-datasource.sh + - start + volumeMounts: + - name: etccongress + mountPath: /etc/congress + - name: congress-bin + mountPath: /tmp/congress-datasource.sh + subPath: congress-datasource.sh + readOnly: true + - name: congress-etc + mountPath: /etc/congress/congress.conf + subPath: congress.conf + readOnly: true + - name: congress-etc + mountPath: /etc/congress/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: congress-etc + mountPath: /etc/congress/policy.json + subPath: policy.json + readOnly: true + volumes: + - name: etccongress + emptyDir: {} + - name: congress-bin + configMap: + name: congress-bin + defaultMode: 0555 + - name: congress-etc + configMap: + name: congress-etc + defaultMode: 0444 + +{{ end }} diff --git a/congress/templates/deployment-policy-engine.yaml b/congress/templates/deployment-policy-engine.yaml new file mode 100644 index 0000000000..df8e3d0d4c --- /dev/null +++ b/congress/templates/deployment-policy-engine.yaml @@ -0,0 +1,79 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_policy_engine }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.policy_engine }} + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: congress-policy-engine-dep +spec: + replicas: {{ .Values.pod.replicas.policy_engine }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "congress" "policy_engine" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + affinity: +{{ tuple $envAll "congress" "policy_engine" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: congress-policy-engine + image: {{ .Values.images.tags.policy_engine }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + runAsUser: {{ .Values.pod.user.congress.uid }} + command: + - /tmp/congress-policy-engine.sh + - start + volumeMounts: + - name: etccongress + mountPath: /etc/congress + - name: congress-bin + mountPath: /tmp/congress-policy-engine.sh + subPath: congress-policy-engine.sh + readOnly: true + - name: congress-etc + mountPath: /etc/congress/congress.conf + subPath: congress.conf + readOnly: true + - name: congress-etc + mountPath: /etc/congress/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: congress-etc + mountPath: /etc/congress/policy.json + subPath: policy.json + readOnly: true + volumes: + - name: etccongress + emptyDir: {} + - name: congress-bin + configMap: + name: congress-bin + defaultMode: 0555 + - name: congress-etc + configMap: + name: congress-etc + defaultMode: 0444 + +{{ end }} diff --git a/congress/templates/ingress-api.yaml b/congress/templates/ingress-api.yaml new file mode 100644 index 0000000000..7145aba48f --- /dev/null +++ b/congress/templates/ingress-api.yaml @@ -0,0 +1,60 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.ingress_api }} +{{- $envAll := . }} +{{- if .Values.network.api.ingress.public }} +{{- $backendServiceType := "policy" }} +{{- $backendPort := "c-api" }} +{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} +{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $ingressName }} + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / + ingress.kubernetes.io/proxy-body-size: {{ .Values.network.api.ingress.proxy_body_size | quote }} +spec: + rules: +{{ if ne $hostNameNamespaced $hostNameFull }} +{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }} + - host: {{ $vHost }} + http: + paths: + - path: / + backend: + serviceName: {{ $backendName }} + servicePort: {{ $backendPort }} +{{- end }} +{{- else }} +{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced }} + - host: {{ $vHost }} + http: + paths: + - path: / + backend: + serviceName: {{ $backendName }} + servicePort: {{ $backendPort }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/congress/templates/job-db-init.yaml b/congress/templates/job-db-init.yaml new file mode 100644 index 0000000000..e408fa1455 --- /dev/null +++ b/congress/templates/job-db-init.yaml @@ -0,0 +1,77 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_init }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.db_init }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: congress-db-init +spec: + template: + metadata: + labels: +{{ tuple $envAll "congress" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: congress-db-init + image: {{ .Values.images.tags.db_init }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.oslo_db.admin }} + key: DB_CONNECTION + - name: OPENSTACK_CONFIG_FILE + value: /etc/congress/congress.conf + - name: OPENSTACK_CONFIG_DB_SECTION + value: database + - name: OPENSTACK_CONFIG_DB_KEY + value: connection + command: + - /tmp/db-init.py + volumeMounts: + - name: congress-bin + mountPath: /tmp/db-init.py + subPath: db-init.py + readOnly: true + - name: etccongress + mountPath: /etc/congress + - name: congress-etc + mountPath: /etc/congress/congress.conf + subPath: congress.conf + readOnly: true + volumes: + - name: etccongress + emptyDir: {} + - name: congress-etc + configMap: + name: congress-etc + defaultMode: 0444 + - name: congress-bin + configMap: + name: congress-bin + defaultMode: 0555 +{{- end }} diff --git a/congress/templates/job-db-sync.yaml b/congress/templates/job-db-sync.yaml new file mode 100644 index 0000000000..f44c82ba2b --- /dev/null +++ b/congress/templates/job-db-sync.yaml @@ -0,0 +1,65 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_sync }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.db_sync }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: congress-db-sync +spec: + template: + metadata: + labels: +{{ tuple $envAll "congress" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: congress-db-sync + image: {{ .Values.images.tags.db_sync }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/db-sync.sh + volumeMounts: + - name: congress-bin + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + readOnly: true + - name: etccongress + mountPath: /etc/congress + - name: congress-etc + mountPath: /etc/congress/congress.conf + subPath: congress.conf + readOnly: true + volumes: + - name: etccongress + emptyDir: {} + - name: congress-etc + configMap: + name: congress-etc + defaultMode: 0444 + - name: congress-bin + configMap: + name: congress-bin + defaultMode: 0555 +{{- end }} diff --git a/congress/templates/job-ds-create.yaml b/congress/templates/job-ds-create.yaml new file mode 100644 index 0000000000..eb68ed1a48 --- /dev/null +++ b/congress/templates/job-ds-create.yaml @@ -0,0 +1,59 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ds_create }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.ds_create }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: congress-ds-create +spec: + template: + metadata: + labels: +{{ tuple $envAll "congress" "ds-create" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: congress-ds-create + image: {{ .Values.images.tags.ds_create }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ds_create | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ds-create.sh + volumeMounts: + - name: ds-create-sh + mountPath: /tmp/ds-create.sh + subPath: ds-create.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_SERVICE_NAME + value: "congress" + volumes: + - name: ds-create-sh + configMap: + name: congress-bin + defaultMode: 0555 +{{- end }} diff --git a/congress/templates/job-ks-endpoints.yaml b/congress/templates/job-ks-endpoints.yaml new file mode 100644 index 0000000000..9decb81629 --- /dev/null +++ b/congress/templates/job-ks-endpoints.yaml @@ -0,0 +1,69 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_endpoints }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.ks_endpoints }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: congress-ks-endpoints +spec: + template: + metadata: + labels: +{{ tuple $envAll "congress" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +{{- range $key1, $osServiceType := tuple "policy" }} +{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} + - name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }} + image: {{ $envAll.Values.images.tags.ks_endpoints }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-endpoints.sh + volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: OS_SVC_ENDPOINT + value: {{ $osServiceEndPoint }} + - name: OS_SERVICE_NAME + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType }} + - name: OS_SERVICE_ENDPOINT + value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} +{{- end }} +{{- end }} + volumes: + - name: ks-endpoints-sh + configMap: + name: congress-bin + defaultMode: 0555 +{{- end }} diff --git a/congress/templates/job-ks-service.yaml b/congress/templates/job-ks-service.yaml new file mode 100644 index 0000000000..888cc9e462 --- /dev/null +++ b/congress/templates/job-ks-service.yaml @@ -0,0 +1,63 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_service }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.ks_service }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: congress-ks-service +spec: + template: + metadata: + labels: +{{ tuple $envAll "congress" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +{{- range $key1, $osServiceType := tuple "policy" }} + - name: {{ $osServiceType }}-ks-service-registration + image: {{ $envAll.Values.images.tags.ks_service }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_service | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-service.sh + volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: OS_SERVICE_NAME + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType }} +{{- end }} + volumes: + - name: ks-service-sh + configMap: + name: congress-bin + defaultMode: 0555 +{{- end }} diff --git a/congress/templates/job-ks-user.yaml b/congress/templates/job-ks-user.yaml new file mode 100644 index 0000000000..7238d58a3d --- /dev/null +++ b/congress/templates/job-ks-user.yaml @@ -0,0 +1,64 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_user }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.ks_user }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: congress-ks-user +spec: + template: + metadata: + labels: +{{ tuple $envAll "congress" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: congress-ks-user + image: {{ .Values.images.tags.ks_user }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_SERVICE_NAME + value: "congress" +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }} +{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_ROLE + value: {{ .Values.endpoints.identity.auth.user.role | quote }} + volumes: + - name: ks-user-sh + configMap: + name: congress-bin + defaultMode: 0555 +{{- end }} diff --git a/congress/templates/pod-test.yaml b/congress/templates/pod-test.yaml new file mode 100644 index 0000000000..0fab762cfd --- /dev/null +++ b/congress/templates/pod-test.yaml @@ -0,0 +1,46 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.tests }} +--- +apiVersion: v1 +kind: Pod +metadata: + name: "{{.Release.Name}}-test" + annotations: + "helm.sh/hook": test-success +spec: + restartPolicy: Never + containers: + - name: {{.Release.Name}}-congress-test + image: {{ .Values.images.tags.scripted_test }} + env: +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }} +{{- end }} + command: + - /tmp/congress-test.sh + volumeMounts: + - name: congress-bin + mountPath: /tmp/congress-test.sh + subPath: congress-test.sh + readOnly: true + volumes: + - name: congress-bin + configMap: + name: congress-bin + defaultMode: 0555 diff --git a/congress/templates/secret-db.yaml b/congress/templates/secret-db.yaml new file mode 100644 index 0000000000..45d8802f13 --- /dev/null +++ b/congress/templates/secret-db.yaml @@ -0,0 +1,30 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_db }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "user" }} +{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} +{{- end }} +{{- end }} diff --git a/congress/templates/secret-keystone.yaml b/congress/templates/secret-keystone.yaml new file mode 100644 index 0000000000..2f159e2981 --- /dev/null +++ b/congress/templates/secret-keystone.yaml @@ -0,0 +1,30 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_keystone }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "user" }} +{{- $secretName := index $envAll.Values.secrets.identity $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: +{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}} +{{- end }} +{{- end }} diff --git a/congress/templates/service-api.yaml b/congress/templates/service-api.yaml new file mode 100644 index 0000000000..ad43561c03 --- /dev/null +++ b/congress/templates/service-api.yaml @@ -0,0 +1,36 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_api }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "policy" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: c-api + port: {{ .Values.conf.congress.DEFAULT.bind_port }} + {{ if .Values.network.api.node_port.enabled }} + nodePort: {{ .Values.network.api.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "congress" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.api.node_port.enabled }} + type: NodePort + {{ end }} +{{- end }} diff --git a/congress/templates/service-ingress-api.yaml b/congress/templates/service-ingress-api.yaml new file mode 100644 index 0000000000..d1a23f3283 --- /dev/null +++ b/congress/templates/service-ingress-api.yaml @@ -0,0 +1,32 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_ingress_api }} +{{- $envAll := . }} +{{- if .Values.network.api.ingress.public }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "policy" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 80 + selector: + app: ingress-api +{{- end }} +{{- end }} diff --git a/congress/values.yaml b/congress/values.yaml new file mode 100644 index 0000000000..37264a0eeb --- /dev/null +++ b/congress/values.yaml @@ -0,0 +1,442 @@ +labels: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +release_group: null + +images: + tags: + api: &congress_api docker.io/kolla/ubuntu-source-congress-api:3.0.3 + datasource: docker.io/kolla/ubuntu-source-congress-datasource:3.0.3 + policy_engine: docker.io/kolla/ubuntu-source-congress-policy-engine:3.0.3 + db_init: *congress_api + db_sync: *congress_api + db_drop: *congress_api + ks_user: *congress_api + ks_service: *congress_api + ks_endpoints: *congress_api + ds_create: *congress_api + scripted_test: *congress_api + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + pull_policy: "IfNotPresent" + +network: + api: + ingress: + public: true + proxy_body_size: 1024M + node_port: + enabled: false + port: 1789 + +volume: + class_name: general + size: 2Gi + +dependencies: + storage_init: + services: + db_init: + services: + - service: oslo_db + endpoint: internal + db_sync: + jobs: + - congress-db-init + services: + - service: oslo_db + endpoint: internal + db_drop: + services: + - service: oslo_db + endpoint: internal + bootstrap: + jobs: + - congress-db-sync + - congress-ks-user + - congress-ks-endpoints + services: + - service: identity + endpoint: internal + - service: image + endpoint: internal + ks_user: + services: + - service: identity + endpoint: internal + ks_service: + services: + - service: identity + endpoint: internal + ks_endpoints: + jobs: + - congress-ks-service + services: + - service: identity + endpoint: internal + api: + jobs: + - congress-db-sync + - congress-ks-user + - congress-ks-endpoints + services: + - service: oslo_db + endpoint: internal + - service: identity + endpoint: internal + datasource: + jobs: + - congress-db-sync + - congress-ks-user + - congress-ks-endpoints + services: + - service: oslo_db + endpoint: internal + - service: identity + endpoint: internal + policy_engine: + jobs: + - congress-db-sync + - congress-ks-user + - congress-ks-endpoints + services: + - service: oslo_db + endpoint: internal + - service: identity + endpoint: internal + ds_create: + jobs: + - congress-ks-endpoints + services: + - service: policy + endpoint: internal + tests: + services: + - service: oslo_db + endpoint: internal + - service: identity + endpoint: internal + - service: policy + endpoint: internal + +secrets: + identity: + admin: congress-keystone-admin + user: congress-keystone-user + oslo_db: + admin: congress-db-admin + user: congress-db-user + rbd: images-rbd-keyring + +endpoints: + cluster_domain_suffix: cluster.local + identity: + name: keystone + auth: + admin: + region_name: RegionOne + username: admin + password: password + project_name: admin + user_domain_name: default + project_domain_name: default + user: + role: admin + region_name: RegionOne + username: congress + password: password + project_name: service + user_domain_name: default + project_domain_name: default + hosts: + default: keystone-api + public: keystone + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: http + port: + admin: + default: 35357 + api: + default: 80 + policy: + name: congress + hosts: + default: congress-api + public: congress + host_fqdn_override: + default: null + path: + default: null + scheme: + default: http + port: + api: + default: 1789 + public: 80 + oslo_db: + auth: + admin: + username: root + password: password + user: + username: congress + password: password + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /congress + scheme: mysql+pymysql + port: + mysql: + default: 3306 + oslo_cache: + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + oslo_messaging: + auth: + admin: + username: admin + password: password + user: + username: rabbitmq + password: password + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: / + scheme: rabbit + port: + amqp: + default: 5672 + ceph_object_store: + name: radosgw + namespace: ceph + auth: + user: + username: congress + password: password + tmpurlkey: supersecret + hosts: + default: ceph-rgw + host_fqdn_override: + default: null + path: + default: /auth/v1.0 + scheme: + default: http + port: + api: + default: 8088 + +policy: + datasource_services: + - neutronv2 + - glancev2 + - keystonev3 + - swift + - heat + - nova + poll_time: 120 + +conf: + congress: + DEFAULT: + bind_port: 1789 + drivers: congress.datasources.neutronv2_driver.NeutronV2Driver,congress.datasources.glancev2_driver.GlanceV2Driver,congress.datasources.nova_driver.NovaDriver,congress.datasources.keystonev3_driver.KeystoneV3Driver,congress.datasources.cinder_driver.CinderDriver,congress.datasources.swift_driver.SwiftDriver,congress.datasources.plexxi_driver.PlexxiDriver,congress.datasources.vCenter_driver.VCenterDriver,congress.datasources.murano_driver.MuranoDriver,congress.datasources.ironic_driver.IronicDriver,congress.datasources.heatv1_driver.HeatV1Driver,congress.datasources.doctor_driver.DoctorDriver,congress.datasources.ceilometer_driver.CeilometerDriver + replicated_policy_engine: False + datasource_sync_period: 30 + auth_strategy: keystone + debug: False + logging_exception_prefix: '%(color)s%(asctime)s.%(msecs)03d TRACE %(name)s %(instance)s' + logging_debug_format_suffix: 'from (pid=%(process)d) %(funcName)s %(pathname)s:%(lineno)d' + logging_default_format_string: '%(asctime)s.%(msecs)03d %(color)s%(levelname)s %(name)s [-%(color)s] %(instance)s%(color)s%(message)s' + logging_context_format_string: '%(asctime)s.%(msecs)03d %(color)s%(levelname)s %(name)s [%(request_id)s %(project_name)s %(user_name)s%(color)s] %(instance)s%(color)s%(message)s' + oslo_policy: + policy_file: /etc/congress/policy.json + database: + max_retries: -1 + keystone_authtoken: + auth_type: password + paste: + composite:congress: + use: egg:Paste#urlmap + /: congressversions + /v1: congress_api_v1 + pipeline:congressversions: + pipeline: cors http_proxy_to_wsgi catch_errors congressversionapp + app:congressversionapp: + paste.app_factory: congress.api.versions:Versions.factory + composite:congress_api_v1: + use: call:congress.auth:pipeline_factory + keystone: cors http_proxy_to_wsgi request_id catch_errors authtoken keystonecontext congress_api + noauth: cors http_proxy_to_wsgi request_id catch_errors congress_api + app:congress_api: + paste.app_factory: congress.service:congress_app_factory + filter:request_id: + paste.filter_factory: oslo_middleware:RequestId.factory + filter:catch_errors: + paste.filter_factory: oslo_middleware:CatchErrors.factory + filter:keystonecontext: + paste.filter_factory: congress.auth:CongressKeystoneContext.factory + filter:authtoken: + paste.filter_factory: keystonemiddleware.auth_token:filter_factory + filter:cors: + paste.filter_factory: oslo_middleware.cors:filter_factory + oslo_config_project: congress + filter:http_proxy_to_wsgi: + paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory + oslo_config_project: congress + policy: + context_is_admin: role:admin + admin_only: rule:context_is_admin + regular_user: "" + default: rule:admin_only + +pod: + user: + congress: + uid: 1000 + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + replicas: + api: 1 + policy_engine: 1 + # dont scale out ds node + # only one node per environment should be in active state + # https://docs.openstack.org/congress/latest/admin/ha-overview.html#ha-overview + datasource: 1 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + disruption_budget: + api: + min_available: 0 + datasource: + min_available: 0 + policy_engine: + min_available: 0 + termination_grace_period: + api: + timeout: 600 + datasource: + timeout: 600 + policy_engine: + timeout: 600 + resources: + enabled: false + api: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + registry: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + jobs: + storage_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_drop: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_user: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_service: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_endpoints: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + bootstrap: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + tests: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +manifests: + configmap_bin: true + configmap_etc: true + deployment_api: true + deployment_policy_engine: true + deployment_datasource: true + job_db_init: true + job_db_sync: true + secret_db: true + secret_keystone: true + job_ks_endpoints: true + job_ks_service: true + job_ks_user: true + job_ds_create: true + service_api: true + ingress_api: true + service_ingress_api: true diff --git a/helm-toolkit/templates/utils/_joinListWithSpace.tpl b/helm-toolkit/templates/utils/_joinListWithSpace.tpl new file mode 100644 index 0000000000..5875a7cb10 --- /dev/null +++ b/helm-toolkit/templates/utils/_joinListWithSpace.tpl @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.utils.joinListWithSpace" -}} +{{- $local := dict "first" true -}} +{{- range $k, $v := . -}}{{- if not $local.first -}}{{- " " -}}{{- end -}}{{- $v -}}{{- $_ := set $local "first" false -}}{{- end -}} +{{- end -}} diff --git a/tools/gate/launch-osh/basic.sh b/tools/gate/launch-osh/basic.sh index 6005b7937e..7e6c469f80 100755 --- a/tools/gate/launch-osh/basic.sh +++ b/tools/gate/launch-osh/basic.sh @@ -195,6 +195,9 @@ kube_wait_for_pods openstack ${POD_START_TIMEOUT_OPENSTACK} helm install --namespace=openstack ${WORK_DIR}/heat --name=heat kube_wait_for_pods openstack ${POD_START_TIMEOUT_OPENSTACK} +helm install --namespace=openstack ${WORK_DIR}/congress --name=congress +kube_wait_for_pods openstack ${POD_START_TIMEOUT_OPENSTACK} + if [ "x$INTEGRATION" == "xmulti" ]; then helm install --namespace=openstack ${WORK_DIR}/horizon --name=horizon kube_wait_for_pods openstack ${POD_START_TIMEOUT_OPENSTACK}