From 2aa8a2e0f0feb46ba018cdc8175c06db9682deb7 Mon Sep 17 00:00:00 2001 From: Vladimir Kozhukalov Date: Thu, 24 Apr 2025 11:32:05 -0500 Subject: [PATCH] Add skyline chart TLS support will be added later. Change-Id: If159457bef0a0bd78c765f6ca90705dcedecce17 --- doc/source/chart/openstack_charts.rst | 1 + .../notes/skyline-794e9be9cc48f98d.yaml | 5 + skyline/Chart.yaml | 31 ++ skyline/templates/certificates.yaml | 17 ++ skyline/templates/configmap-bin.yaml | 34 +++ skyline/templates/configmap-etc.yaml | 71 +++++ skyline/templates/deployment.yaml | 84 ++++++ skyline/templates/ingress.yaml | 23 ++ skyline/templates/job-db-drop.yaml | 24 ++ skyline/templates/job-db-init.yaml | 33 +++ skyline/templates/job-db-sync.yaml | 93 ++++++ skyline/templates/job-ks-user.yaml | 32 ++ skyline/templates/secret-db.yaml | 35 +++ skyline/templates/secret-keystone.yaml | 30 ++ skyline/templates/service-ingress.yaml | 18 ++ skyline/templates/service.yaml | 36 +++ skyline/values.yaml | 273 ++++++++++++++++++ tools/deployment/component/skyline/skyline.sh | 28 ++ tools/gate/selenium/skyline-selenium.sh | 12 + tools/gate/selenium/skylineSelenium.py | 61 ++++ zuul.d/2025.1.yaml | 11 + zuul.d/base.yaml | 21 ++ zuul.d/project.yaml | 4 +- 23 files changed, 976 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/skyline-794e9be9cc48f98d.yaml create mode 100644 skyline/Chart.yaml create mode 100644 skyline/templates/certificates.yaml create mode 100644 skyline/templates/configmap-bin.yaml create mode 100644 skyline/templates/configmap-etc.yaml create mode 100644 skyline/templates/deployment.yaml create mode 100644 skyline/templates/ingress.yaml create mode 100644 skyline/templates/job-db-drop.yaml create mode 100644 skyline/templates/job-db-init.yaml create mode 100644 skyline/templates/job-db-sync.yaml create mode 100644 skyline/templates/job-ks-user.yaml create mode 100644 skyline/templates/secret-db.yaml create mode 100644 skyline/templates/secret-keystone.yaml create mode 100644 skyline/templates/service-ingress.yaml create mode 100644 skyline/templates/service.yaml create mode 100644 skyline/values.yaml create mode 100755 tools/deployment/component/skyline/skyline.sh create mode 100755 tools/gate/selenium/skyline-selenium.sh create mode 100644 tools/gate/selenium/skylineSelenium.py diff --git a/doc/source/chart/openstack_charts.rst b/doc/source/chart/openstack_charts.rst index 6504fb2e61..85566bb124 100644 --- a/doc/source/chart/openstack_charts.rst +++ b/doc/source/chart/openstack_charts.rst @@ -26,5 +26,6 @@ OpenStack charts options openstack placement rally + skyline tacker tempest diff --git a/releasenotes/notes/skyline-794e9be9cc48f98d.yaml b/releasenotes/notes/skyline-794e9be9cc48f98d.yaml new file mode 100644 index 0000000000..100f8e8f12 --- /dev/null +++ b/releasenotes/notes/skyline-794e9be9cc48f98d.yaml @@ -0,0 +1,5 @@ +--- +skyline: + - | + Initial release of the Skyline chart +... diff --git a/skyline/Chart.yaml b/skyline/Chart.yaml new file mode 100644 index 0000000000..38edde1f72 --- /dev/null +++ b/skyline/Chart.yaml @@ -0,0 +1,31 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: v2 +appVersion: v1.0.0 +description: OpenStack-Helm Skyline +name: skyline +version: 2025.1.0 +home: https://docs.openstack.org/skyline-apiserver/latest/ +sources: + - https://opendev.org/openstack/skyline-apiserver + - https://opendev.org/openstack/skyline-console + - https://opendev.org/openstack/openstack-helm +maintainers: + - name: OpenStack-Helm Authors + +dependencies: + - name: helm-toolkit + repository: file://../helm-toolkit + version: ">= 0.1.0" +... diff --git a/skyline/templates/certificates.yaml b/skyline/templates/certificates.yaml new file mode 100644 index 0000000000..561d129eb6 --- /dev/null +++ b/skyline/templates/certificates.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.certificates -}} +{{ dict "envAll" . "service" "skyline" "type" "internal" | include "helm-toolkit.manifests.certificates" }} +{{- end -}} diff --git a/skyline/templates/configmap-bin.yaml b/skyline/templates/configmap-bin.yaml new file mode 100644 index 0000000000..681d107c4d --- /dev/null +++ b/skyline/templates/configmap-bin.yaml @@ -0,0 +1,34 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: skyline-bin +data: +{{- if .Values.images.local_registry.active }} + image-repo-sync.sh: | +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} + db-init.py: | +{{- include "helm-toolkit.scripts.db_init" . | indent 4 }} + db-drop.py: | +{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }} + ks-user.sh: | +{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} + +{{- end }} diff --git a/skyline/templates/configmap-etc.yaml b/skyline/templates/configmap-etc.yaml new file mode 100644 index 0000000000..b68639cc7c --- /dev/null +++ b/skyline/templates/configmap-etc.yaml @@ -0,0 +1,71 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if (.Values.global).subchart_release_name }} +{{- $_ := set . "deployment_name" .Chart.Name }} +{{- else }} +{{- $_ := set . "deployment_name" .Release.Name }} +{{- end }} + +{{- define "skyline.configmap.etc" }} +{{- $configMapName := index . 0 }} +{{- $envAll := index . 1 }} +{{- with $envAll }} + +{{- if empty .Values.conf.skyline.openstack.keystone_url -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.skyline.openstack "keystone_url" -}} +{{- end -}} + +{{- if empty .Values.conf.skyline.openstack.default_region -}} +{{- $_ := set .Values.conf.skyline.openstack "default_region" .Values.endpoints.identity.auth.skyline.region_name -}} +{{- end -}} +{{- if empty .Values.conf.skyline.openstack.system_project -}} +{{- $_ := set .Values.conf.skyline.openstack "system_project" .Values.endpoints.identity.auth.skyline.project_name -}} +{{- end -}} +{{- if empty .Values.conf.skyline.openstack.system_project_domain -}} +{{- $_ := set .Values.conf.skyline.openstack "system_project_domain" .Values.endpoints.identity.auth.skyline.project_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.skyline.openstack.system_user_domain -}} +{{- $_ := set .Values.conf.skyline.openstack "system_user_domain" .Values.endpoints.identity.auth.skyline.user_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.skyline.openstack.system_user_name -}} +{{- $_ := set .Values.conf.skyline.openstack "system_user_name" .Values.endpoints.identity.auth.skyline.username -}} +{{- end -}} +{{- if empty .Values.conf.skyline.openstack.system_user_password -}} +{{- $_ := set .Values.conf.skyline.openstack "system_user_password" .Values.endpoints.identity.auth.skyline.password -}} +{{- end -}} + +{{- if empty .Values.conf.skyline.default.database_url -}} +{{- $connection := tuple "oslo_db" "skyline" "skyline" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}} +{{- if .Values.manifests.certificates -}} +{{- $_ := (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | set .Values.conf.skyline.default.database_url "connection" -}} +{{- else -}} +{{- $_ := set .Values.conf.skyline.default "database_url" $connection -}} +{{- end -}} +{{- end -}} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $configMapName }} +type: Opaque +data: + skyline.yaml: {{ .Values.conf.skyline | toYaml | b64enc }} + gunicorn.py: {{ .Values.conf.gunicorn | b64enc }} +{{- end }} +{{- end }} + +{{- if .Values.manifests.configmap_etc }} +{{- list "skyline-etc" . | include "skyline.configmap.etc" }} +{{- end }} diff --git a/skyline/templates/deployment.yaml b/skyline/templates/deployment.yaml new file mode 100644 index 0000000000..789bb1b321 --- /dev/null +++ b/skyline/templates/deployment.yaml @@ -0,0 +1,84 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment }} +{{- $envAll := . }} + +{{- $mounts_skyline := .Values.pod.mounts.skyline.skyline }} +{{- $mounts_skyline_init := .Values.pod.mounts.skyline.init_container }} + +{{- $serviceAccountName := "skyline" }} +{{ tuple $envAll "skyline" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: skyline + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "skyline" "skyline" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.skyline }} + selector: + matchLabels: +{{ tuple $envAll "skyline" "skyline" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "skyline" "skyline" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} +{{ tuple "skyline" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} +{{ dict "envAll" $envAll "application" "skyline" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + nodeSelector: + {{ .Values.labels.skyline.node_selector_key }}: {{ .Values.labels.skyline.node_selector_value }} + initContainers: +{{ tuple $envAll "skyline" $mounts_skyline_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: skyline +{{ tuple $envAll "skyline" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ dict "envAll" $envAll "application" "skyline" "container" "skyline" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + ports: + - name: api + containerPort: {{ tuple "skyline" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: skyline-var-lib + mountPath: /var/lib/skyline + - name: skyline-etc + mountPath: /etc/skyline/skyline.yaml + subPath: skyline.yaml + readOnly: true + - name: skyline-etc + mountPath: /etc/skyline/gunicorn.py + subPath: gunicorn.py + readOnly: true +{{ if $mounts_skyline.volumeMounts }}{{ toYaml $mounts_skyline.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: skyline-var-lib + emptyDir: {} + - name: skyline-etc + secret: + secretName: skyline-etc + defaultMode: 0444 +{{ if $mounts_skyline.volumes}}{{ toYaml $mounts_skyline.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/skyline/templates/ingress.yaml b/skyline/templates/ingress.yaml new file mode 100644 index 0000000000..b256eb2bdd --- /dev/null +++ b/skyline/templates/ingress.yaml @@ -0,0 +1,23 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.ingress .Values.network.skyline.ingress.public }} +{{- $envAll := . -}} +{{- $ingressOpts := dict "envAll" $envAll "backendService" "skyline" "backendServiceType" "skyline" "backendPort" "api" -}} +{{- $secretName := $envAll.Values.secrets.tls.skyline.skyline.internal -}} +{{- if and .Values.manifests.certificates $secretName }} +{{- $_ := set $ingressOpts "certIssuer" .Values.endpoints.skyline.host_fqdn_override.default.tls.issuerRef.name -}} +{{- end }} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} diff --git a/skyline/templates/job-db-drop.yaml b/skyline/templates/job-db-drop.yaml new file mode 100644 index 0000000000..3a47be4a16 --- /dev/null +++ b/skyline/templates/job-db-drop.yaml @@ -0,0 +1,24 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_drop }} +{{- $dbDropJob := dict "envAll" . "serviceName" "skyline" -}} +{{- if .Values.manifests.certificates -}} +{{- $_ := set $dbDropJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} +{{- end -}} +{{- if .Values.pod.tolerations.skyline.enabled -}} +{{- $_ := set $dbDropJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} +{{- end }} diff --git a/skyline/templates/job-db-init.yaml b/skyline/templates/job-db-init.yaml new file mode 100644 index 0000000000..f3a79f1b8d --- /dev/null +++ b/skyline/templates/job-db-init.yaml @@ -0,0 +1,33 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.db_init" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-5" +{{- end }} + +{{- if .Values.manifests.job_db_init }} +{{- $dbToInit := dict "inputType" "secret" "adminSecret" .Values.secrets.oslo_db.admin "userSecret" .Values.secrets.oslo_db.skyline -}} +{{- $dbInitJob := dict "envAll" . "serviceName" "skyline" "dbToInit" $dbToInit -}} +{{- if .Values.manifests.certificates -}} +{{- $_ := set $dbInitJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} +{{- end -}} +{{- if .Values.helm3_hook }} +{{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }} +{{- end }} +{{- if .Values.pod.tolerations.skyline.enabled -}} +{{- $_ := set $dbInitJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} +{{- end }} diff --git a/skyline/templates/job-db-sync.yaml b/skyline/templates/job-db-sync.yaml new file mode 100644 index 0000000000..8438fe0436 --- /dev/null +++ b/skyline/templates/job-db-sync.yaml @@ -0,0 +1,93 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.db_sync" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-4" +{{- end }} + +{{- define "skyline.templates.job_db_sync" -}} +{{- $envAll := index . 0 }} +{{- with $envAll }} +{{- $serviceName := "skyline" -}} +{{- $nodeSelector := dict .Values.labels.job.node_selector_key .Values.labels.job.node_selector_value -}} +{{- $configMapEtc := (printf "%s-%s" $serviceName "etc" ) -}} +{{- $dbAdminTlsSecret := .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} +{{- $serviceAccountName := printf "%s-%s" $serviceName "db-sync" }} +{{ tuple . "db_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: skyline-db-sync + labels: +{{ tuple . $serviceName "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + annotations: +{{ tuple $serviceAccountName . | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}} +{{- if .Values.helm3_hook }} +{{ include "metadata.annotations.job.db_sync" . | indent 4 }} +{{- end }} +spec: + backoffLimit: 1000 + template: + metadata: + labels: +{{ tuple . $serviceName "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple . | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + {{ tuple . "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }} + nodeSelector: +{{ toYaml $nodeSelector | indent 8 }} +{{- if .Values.pod.tolerations.skyline.enabled }} +{{ tuple . $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} +{{- end}} + initContainers: +{{ tuple . "db_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: skyline-db-sync + image: {{ .Values.images.tags.db_sync | quote }} + imagePullPolicy: {{ .Values.images.pull_policy | quote }} +{{ tuple . .Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: KOLLA_BOOTSTRAP + value: "" + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: etc-service + mountPath: /etc/skyline + - name: db-sync-conf + mountPath: /etc/skyline/skyline.yaml + subPath: skyline.yaml + readOnly: true +{{- dict "enabled" .Values.manifests.certificates "name" $dbAdminTlsSecret "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: etc-service + emptyDir: {} + - name: db-sync-conf + secret: + secretName: {{ $configMapEtc | quote }} + defaultMode: 0444 +{{- dict "enabled" $envAll.Values.manifests.certificates "name" $dbAdminTlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }} +{{- end }} +{{- end }} + +{{- if .Values.manifests.job_db_sync }} +{{- tuple . | include "skyline.templates.job_db_sync" }} +{{- end }} diff --git a/skyline/templates/job-ks-user.yaml b/skyline/templates/job-ks-user.yaml new file mode 100644 index 0000000000..e685113fea --- /dev/null +++ b/skyline/templates/job-ks-user.yaml @@ -0,0 +1,32 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.ks_user" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-1" +{{- end }} + +{{- if .Values.manifests.job_ks_user }} +{{- $ksUserJob := dict "envAll" . "serviceName" "skyline" -}} +{{- if or .Values.manifests.certificates .Values.tls.identity -}} +{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.skyline.skyline.internal -}} +{{- end -}} +{{- if .Values.helm3_hook }} +{{- $_ := set $ksUserJob "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) -}} +{{- end }} +{{- if .Values.pod.tolerations.skyline.enabled -}} +{{- $_ := set $ksUserJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} +{{- end }} diff --git a/skyline/templates/secret-db.yaml b/skyline/templates/secret-db.yaml new file mode 100644 index 0000000000..895e6379ad --- /dev/null +++ b/skyline/templates/secret-db.yaml @@ -0,0 +1,35 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_db }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "skyline" }} +{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} +{{- $connection := tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + annotations: +{{ tuple "oslo_db" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} +type: Opaque +data: +{{- if $envAll.Values.manifests.certificates }} + DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}} +{{- else }} + DB_CONNECTION: {{ $connection | b64enc -}} +{{- end }} +{{- end }} +{{- end }} diff --git a/skyline/templates/secret-keystone.yaml b/skyline/templates/secret-keystone.yaml new file mode 100644 index 0000000000..806e2ce167 --- /dev/null +++ b/skyline/templates/secret-keystone.yaml @@ -0,0 +1,30 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_keystone }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "skyline" }} +{{- $secretName := index $envAll.Values.secrets.identity $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + annotations: +{{ tuple "identity" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} +type: Opaque +data: +{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}} +{{- end }} +{{- end }} diff --git a/skyline/templates/service-ingress.yaml b/skyline/templates/service-ingress.yaml new file mode 100644 index 0000000000..213594b8f1 --- /dev/null +++ b/skyline/templates/service-ingress.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.service_ingress .Values.network.skyline.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "skyline" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} +{{- end }} diff --git a/skyline/templates/service.yaml b/skyline/templates/service.yaml new file mode 100644 index 0000000000..fdd8a72a36 --- /dev/null +++ b/skyline/templates/service.yaml @@ -0,0 +1,36 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "skyline" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: api + port: {{ tuple "skyline" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{ if .Values.network.skyline.node_port.enabled }} + nodePort: {{ .Values.network.skyline.node_port.port }} + {{ end }} + selector: +{{ tuple . "skyline" "skyline" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.skyline.node_port.enabled }} + type: NodePort + {{ if .Values.network.skyline.external_policy_local }} + externalTrafficPolicy: Local + {{ end }} + {{ end }} +{{- end }} diff --git a/skyline/values.yaml b/skyline/values.yaml new file mode 100644 index 0000000000..ee3310f97a --- /dev/null +++ b/skyline/values.yaml @@ -0,0 +1,273 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +release_group: null + +labels: + skyline: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +helm3_hook: true + +images: + pull_policy: IfNotPresent + tags: + db_sync: quay.io/airshipit/skyline:latest + skyline: quay.io/airshipit/skyline:latest + db_init: quay.io/airshipit/heat:2025.1-ubuntu_jammy + dep_check: 'quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy' + ks_user: quay.io/airshipit/heat:2025.1-ubuntu_jammy + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +secrets: + identity: + admin: skyline-keystone-admin + skyline: skyline-keystone-user + oslo_db: + admin: skyline-db-admin + skyline: skyline-db-user + tls: + skyline: + skyline: + public: skyline-tls-public + internal: skyline-tls-internal + +tls: + identity: false + oslo_db: false + +network: + skyline: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + external_policy_local: false + node_port: + enabled: false + port: 30779 + +endpoints: + cluster_domain_suffix: cluster.local + oslo_db: + auth: + admin: + username: root + password: password + secret: + tls: + internal: mariadb-tls-direct + skyline: + username: skyline + password: password + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /skyline + scheme: + default: mysql+pymysql + skyline: mysql + port: + mysql: + default: 3306 + identity: + name: keystone + auth: + admin: + region_name: RegionOne + username: admin + password: password + project_name: admin + user_domain_name: default + project_domain_name: default + skyline: + role: admin + region_name: RegionOne + username: skyline + password: password + project_name: admin + user_domain_name: default + project_domain_name: default + hosts: + default: keystone + internal: keystone-api + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: http + port: + api: + default: 80 + internal: 5000 + skyline: + name: skyline + hosts: + default: skyline-api + public: skyline + host_fqdn_override: + default: null + scheme: + default: 'http' + service: 'http' + port: + api: + default: 9999 + public: 80 + +pod: + replicas: + skyline: 1 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 1 + security_context: + skyline: + pod: + runAsUser: 0 + container: + skyline: + readOnlyRootFilesystem: false + mounts: + skyline: + init_container: null + skyline: + volumes: + volumeMounts: + tolerations: + skyline: + enabled: false + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule + resources: + enabled: false + skyline: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + jobs: + db_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +dependencies: + dynamic: + common: + local_image_registry: + jobs: + - skyline-image-repo-sync + services: + - endpoint: node + service: local_image_registry + static: + skyline: + jobs: + - skyline-db-sync + - skyline-ks-user + services: + - endpoint: internal + service: oslo_db + - endpoint: internal + service: identity + db_init: + services: + - endpoint: internal + service: oslo_db + db_sync: + jobs: + - skyline-db-init + services: + - endpoint: internal + service: oslo_db + ks_user: + services: + - endpoint: internal + service: identity + +conf: + skyline: + default: + debug: true + log_dir: /var/log + log_file: /dev/stdout + # These two params are only available in the custom skyline image + access_log_file: /dev/stdout + error_log_file: /dev/stdout + openstack: + interface_type: internal + gunicorn: | + import multiprocessing + bind = "unix:/var/lib/skyline/skyline.sock" + workers = (1 + multiprocessing.cpu_count()) // 2 + worker_class = "uvicorn.workers.UvicornWorker" + timeout = 300 + keepalive = 5 + reuse_port = False + proc_name = "skyline" + log_level = "info" + disable_redirect_access_to_syslog = True + access_logfile = "-" + error_logfile = "-" + +manifests: + certificates: false + configmap_etc: true + configmap_bin: true + deployment: true + job_db_init: true + job_db_sync: true + job_db_drop: false + secret_db: true + secret_keystone: true + job_ks_user: true + service: true + ingress: true + service_ingress: true +... diff --git a/tools/deployment/component/skyline/skyline.sh b/tools/deployment/component/skyline/skyline.sh new file mode 100755 index 0000000000..7a74f1f359 --- /dev/null +++ b/tools/deployment/component/skyline/skyline.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +set -xe + +#NOTE: Define variables +: ${OSH_HELM_REPO:="../openstack-helm"} +: ${OSH_VALUES_OVERRIDES_PATH:="../openstack-helm/values_overrides"} +: ${OSH_EXTRA_HELM_ARGS_SKYLINE:="$(helm osh get-values-overrides ${DOWNLOAD_OVERRIDES:-} -p ${OSH_VALUES_OVERRIDES_PATH} -c skyline ${FEATURES})"} + +#NOTE: Deploy command +helm upgrade --install skyline ${OSH_HELM_REPO}/skyline \ + --namespace=openstack \ + ${OSH_EXTRA_HELM_ARGS:=} \ + ${OSH_EXTRA_HELM_ARGS_SKYLINE} + +#NOTE: Wait for deploy +helm osh wait-for-pods openstack 1200 diff --git a/tools/gate/selenium/skyline-selenium.sh b/tools/gate/selenium/skyline-selenium.sh new file mode 100755 index 0000000000..e937fd56a6 --- /dev/null +++ b/tools/gate/selenium/skyline-selenium.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +set -xe + +export CHROMEDRIVER="${CHROMEDRIVER:="/etc/selenium/chromedriver"}" +export ARTIFACTS_DIR="${ARTIFACTS_DIR:="/tmp/artifacts/"}" + +export SKYLINE_USER="admin" +export SKYLINE_PASSWORD="password" +export SKYLINE_URI="skyline.openstack.svc.cluster.local" + +python3 $(readlink -f $(dirname $0))/skylineSelenium.py diff --git a/tools/gate/selenium/skylineSelenium.py b/tools/gate/selenium/skylineSelenium.py new file mode 100644 index 0000000000..6daba44dbb --- /dev/null +++ b/tools/gate/selenium/skylineSelenium.py @@ -0,0 +1,61 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import sys +from selenium.webdriver.common.by import By +from selenium.webdriver.support.ui import WebDriverWait +from selenium.webdriver.support import expected_conditions as EC +from selenium.common.exceptions import TimeoutException +from selenium.common.exceptions import NoSuchElementException +from seleniumtester import SeleniumTester +import time + +st = SeleniumTester('Skiline') + +username = st.get_variable('SKYLINE_USER') +password = st.get_variable('SKYLINE_PASSWORD') +skyline_uri = st.get_variable('SKYLINE_URI') +login_url = 'http://{0}/auth/login'.format(skyline_uri) +overview_url = 'http://{0}/base/overview'.format(skyline_uri) + +try: + st.logger.info('Attempting to connect to Skyline') + st.browser.get(login_url) + el = WebDriverWait(st.browser, 15).until( + EC.title_contains('Cloud') + ) + st.logger.info('Connected to Skyline') +except TimeoutException: + st.logger.critical('Timed out waiting to connect to Skyline') + st.browser.quit() + sys.exit(1) + +time.sleep(5) +st.logger.info("Attempting to log into Skyline dashboard") +try: + print(f"Cookies before login: {st.browser.get_cookies()}") + st.browser.find_element(By.ID, 'normal_login_domain').send_keys(username) + st.browser.find_element(By.ID, 'normal_login_password').send_keys(password) + st.browser.find_element(By.CLASS_NAME, 'login-form-button').click() + st.logger.info("Submitted login form") + time.sleep(5) + st.logger.info(f"Current url: {st.browser.current_url}") + for cookie in st.browser.get_cookies(): + if cookie['name'] == 'session': + st.logger.info(f"Session cookie: {cookie['name']} = {cookie['value']}") + st.logger.info('Successfully logged in to Skyline') +except NoSuchElementException: + st.logger.error("Failed to log in to Skyline") + st.browser.quit() + sys.exit(1) + +st.browser.quit() diff --git a/zuul.d/2025.1.yaml b/zuul.d/2025.1.yaml index aa07bd28ae..ef4e103e85 100644 --- a/zuul.d/2025.1.yaml +++ b/zuul.d/2025.1.yaml @@ -33,6 +33,17 @@ container_distro_name: ubuntu container_distro_version: jammy +- job: + name: openstack-helm-skyline-2025-1-ubuntu_jammy + parent: openstack-helm-skyline + nodeset: openstack-helm-3nodes-ubuntu_jammy + timeout: 10800 + vars: + osh_params: + openstack_release: "2025.1" + container_distro_name: ubuntu + container_distro_version: jammy + - job: name: openstack-helm-cinder-2025-1-ubuntu_noble parent: openstack-helm-cinder-rook diff --git a/zuul.d/base.yaml b/zuul.d/base.yaml index 7e5d1bf1fe..db276d1622 100644 --- a/zuul.d/base.yaml +++ b/zuul.d/base.yaml @@ -448,4 +448,25 @@ - ./tools/deployment/component/nfs-provisioner/nfs-provisioner.sh - ./tools/deployment/component/tacker/tacker.sh - ./tools/deployment/common/run-helm-tests.sh tacker + +- job: + name: openstack-helm-skyline + parent: openstack-helm-compute-kit + timeout: 10800 + vars: + gate_scripts: + - ./tools/deployment/common/prepare-k8s.sh + - ./tools/deployment/common/prepare-charts.sh + - ./tools/deployment/common/setup-client.sh + - export VOLUME_HELM_ARGS="--set volume.enabled=false"; ./tools/deployment/component/common/rabbitmq.sh + - ./tools/deployment/component/common/mariadb.sh + - ./tools/deployment/component/common/memcached.sh + - ./tools/deployment/component/keystone/keystone.sh + - ./tools/deployment/component/heat/heat.sh + - export GLANCE_BACKEND=local; ./tools/deployment/component/glance/glance.sh + - ./tools/deployment/component/compute-kit/openvswitch.sh + - ./tools/deployment/component/compute-kit/libvirt.sh + - ./tools/deployment/component/compute-kit/compute-kit.sh + - ./tools/deployment/component/skyline/skyline.sh + - ./tools/gate/selenium/skyline-selenium.sh ... diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 92c8db7328..c3e3f0b827 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -38,9 +38,11 @@ # 2024.2 - openstack-helm-cinder-2024-2-ubuntu_jammy # 3 nodes rook - openstack-helm-compute-kit-2024-2-ubuntu_jammy # 1 node + 3 nodes - # 2025.1 + # 2025.1 Ubuntu Jammy - openstack-helm-cinder-2025-1-ubuntu_jammy # 3 nodes rook - openstack-helm-compute-kit-2025-1-ubuntu_jammy # 1 node + 3 nodes + - openstack-helm-skyline-2025-1-ubuntu_jammy # 3 nodes + # 2025.1 Ubuntu Noble - openstack-helm-cinder-2025-1-ubuntu_noble # 5 nodes rook - openstack-helm-compute-kit-2025-1-ubuntu_noble # 1 node + 3 nodes # Infra jobs