openstack/openstack-helm
Code Issues Proposed changes

move all containers into their own mount namespace; fix typos in new configmap logic

Browse Source
This commit is contained in:
Alan Meadows
2017-03-22 12:13:39 -07:00
parent 8c355ac65c
commit 4153e6429e
7 changed files with 100 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
helm-toolkit/templates/snippets/_k8s_init_dep_check.tpl
View File

@@ -15,6 +15,7 @@
{{- define "helm-toolkit.kubernetes_entrypoint_init_container" -}} {{- define "helm-toolkit.kubernetes_entrypoint_init_container" -}}
{{- $envAll := index . 0 -}} {{- $envAll := index . 0 -}}
{{- $deps := index . 1 -}} {{- $deps := index . 1 -}}
{{- $mounts := index . 2 -}}
{ {
"name": "init", "name": "init",
"image": {{ $envAll.Values.images.dep_check | quote }}, "image": {{ $envAll.Values.images.dep_check | quote }},
@@ -48,7 +49,7 @@
}, },
{ {
"name": "DEPENDENCY_SERVICE", "name": "DEPENDENCY_SERVICE",
"value": "{{ include "helm-toolkit.joinListWithComma" $deps.service }}" "value": "{{ include "helm-toolkit.joinListWithComma" $deps.service }}"
}, },
{ {
"name": "DEPENDENCY_JOBS", "name": "DEPENDENCY_JOBS",
@@ -66,6 +67,7 @@
"name": "COMMAND", "name": "COMMAND",
"value": "echo done" "value": "echo done"
} }
] ],
"volumeMounts": {{ $mounts | quote | default "[]"}}
} }
{{- end -}} {{- end -}}

2
keystone/templates/configmap-etc.yaml
View File

@@ -48,7 +48,7 @@ data:
{{ .Values.conf.policy.override }} {{ .Values.conf.policy.override }}
{{- else -}} {{- else -}}
{{ tuple "etc/_policy.json.tpl" . | include "helm-toolkit.template" | indent 4 }} {{ tuple "etc/_policy.json.tpl" . | include "helm-toolkit.template" | indent 4 }}
{{- end -}} {{- end }}
mpm_event.conf: |+ mpm_event.conf: |+
{{ tuple "etc/_mpm_event.conf.tpl" . | include "helm-toolkit.template" | indent 4 }} {{ tuple "etc/_mpm_event.conf.tpl" . | include "helm-toolkit.template" | indent 4 }}
wsgi-keystone.conf: |+ wsgi-keystone.conf: |+

11
keystone/templates/deployment.yaml
View File

@@ -11,10 +11,10 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $dependencies := .Values.dependencies.api }} {{- $dependencies := .Values.dependencies.api }}
{{- $mounts := .Values.mounts.api }} {{- $mounts_keystone_api := .Values.mounts.keystone_api.keystone_api }}
{{- $mounts_keystone_api_init := .Values.mounts.keystone_api.init_container }}
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Deployment kind: Deployment
@@ -38,7 +38,7 @@ spec:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.hash" }} configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.hash" }}
pod.beta.kubernetes.io/init-containers: '[ pod.beta.kubernetes.io/init-containers: '[
{{ tuple $envAll $dependencies | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }} {{ tuple $envAll $dependencies $mounts_keystone_api_init | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }}
]' ]'
spec: spec:
nodeSelector: nodeSelector:
@@ -75,7 +75,6 @@ spec:
tcpSocket: tcpSocket:
port: {{ .Values.network.port.api }} port: {{ .Values.network.port.api }}
volumeMounts: volumeMounts:
{{ toYaml $mounts.volumeMounts | indent 12 }} {{ toYaml $mounts_keystone_api.volumeMounts | indent 12 }}
volumes: volumes:
{{ toYaml $mounts.volumes | indent 8 }} {{ toYaml $mounts_keystone_api.volumes | indent 8 }}

2
keystone/templates/etc/_policy.json.tpl
View File

@@ -195,3 +195,5 @@
"identity:update_domain_config": "rule:admin_required", "identity:update_domain_config": "rule:admin_required",
"identity:delete_domain_config": "rule:admin_required", "identity:delete_domain_config": "rule:admin_required",
"identity:get_domain_config_default": "rule:admin_required" "identity:get_domain_config_default": "rule:admin_required"
}

10
keystone/templates/job-db-init.yaml
View File

@@ -14,7 +14,9 @@
{{- $envAll := . }} {{- $envAll := . }}
{{- $dependencies := .Values.dependencies.init }} {{- $dependencies := .Values.dependencies.init }}
{{- $mounts := .Values.mounts.job_db_init }} {{- $mounts_keystone_db_init := .Values.mounts.keystone_db_init.keystone_db_init }}
{{- $mounts_keystone_db_init_init := .Values.mounts.keystone_db_init.init_container }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
@@ -24,7 +26,7 @@ spec:
metadata: metadata:
annotations: annotations:
pod.beta.kubernetes.io/init-containers: '[ pod.beta.kubernetes.io/init-containers: '[
{{ tuple $envAll $dependencies | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }} {{ tuple $envAll $dependencies $mounts_keystone_db_init_init | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }}
]' ]'
spec: spec:
restartPolicy: OnFailure restartPolicy: OnFailure
@@ -47,7 +49,7 @@ spec:
- bash - bash
- /tmp/init.sh - /tmp/init.sh
volumeMounts: volumeMounts:
{{ toYaml $mounts.volumeMounts | indent 12 }} {{ toYaml $mounts_keystone_db_init.volumeMounts | indent 12 }}
volumes: volumes:
{{ toYaml $mounts.volumes | indent 8 }} {{ toYaml $mounts_keystone_db_init.volumes | indent 8 }}

9
keystone/templates/job-db-sync.yaml
View File

@@ -14,7 +14,8 @@
{{- $envAll := . }} {{- $envAll := . }}
{{- $dependencies := .Values.dependencies.db_sync }} {{- $dependencies := .Values.dependencies.db_sync }}
{{- $mounts := .Values.mounts.job_db_sync }} {{- $mounts_keystone_db_sync := .Values.mounts.keystone_db_sync.keystone_db_sync }}
{{- $mounts_keystone_db_sync_init := .Values.mounts.keystone_db_sync.init_container }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
@@ -24,7 +25,7 @@ spec:
metadata: metadata:
annotations: annotations:
pod.beta.kubernetes.io/init-containers: '[ pod.beta.kubernetes.io/init-containers: '[
{{ tuple $envAll $dependencies | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }} {{ tuple $envAll $dependencies $mounts_keystone_db_sync_init | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }}
]' ]'
spec: spec:
restartPolicy: OnFailure restartPolicy: OnFailure
@@ -47,6 +48,6 @@ spec:
- bash - bash
- /tmp/db-sync.sh - /tmp/db-sync.sh
volumeMounts: volumeMounts:
{{ toYaml $mounts.volumeMounts | indent 12 }} {{ toYaml $mounts_keystone_db_sync.volumeMounts | indent 12 }}
volumes: volumes:
{{ toYaml $mounts.volumes | indent 8 }} {{ toYaml $mounts_keystone_db_sync.volumes | indent 8 }}

148
keystone/values.yaml
View File

@@ -95,77 +95,83 @@ resources:
cpu: "500m" cpu: "500m"
mounts: mounts:
job_db_init: keystone_db_init:
volumes: init_container: null
- name: keystone-bin keystone_db_init:
configMap: volumes:
name: keystone-bin - name: keystone-bin
volumeMounts: configMap:
- name: keystone-bin name: keystone-bin
mountPath: /tmp/init.sh volumeMounts:
subPath: init.sh - name: keystone-bin
job_db_sync: mountPath: /tmp/init.sh
volumes: subPath: init.sh
- name: empty keystone_db_sync:
emptyDir: {} init_container: null
- name: keystone-etc keystone_db_sync:
configMap: volumes:
name: keystone-etc - name: empty
- name: keystone-bin emptyDir: {}
configMap: - name: keystone-etc
name: keystone-bin configMap:
volumeMounts: name: keystone-etc
- name: empty - name: keystone-bin
mountPath: /etc/keystone configMap:
- name: keystone-etc name: keystone-bin
mountPath: /etc/keystone/keystone.conf volumeMounts:
subPath: keystone.conf - name: empty
readOnly: true mountPath: /etc/keystone
- name: keystone-bin - name: keystone-etc
mountPath: /tmp/db-sync.sh mountPath: /etc/keystone/keystone.conf
subPath: db-sync.sh subPath: keystone.conf
readOnly: true readOnly: true
api: - name: keystone-bin
volumes: mountPath: /tmp/db-sync.sh
- name: empty subPath: db-sync.sh
emptyDir: {} readOnly: true
- name: keystone-etc keystone_api:
configMap: init_container: null
name: keystone-etc keystone_api:
- name: keystone-bin volumes:
configMap: - name: empty
name: keystone-bin emptyDir: {}
volumeMounts: - name: keystone-etc
- name: empty configMap:
mountPath: /etc/keystone name: keystone-etc
- name: keystone-etc - name: keystone-bin
mountPath: /etc/keystone/keystone.conf configMap:
subPath: keystone.conf name: keystone-bin
readOnly: true volumeMounts:
- name: keystone-etc - name: empty
mountPath: /etc/keystone/keystone-paste.ini mountPath: /etc/keystone
subPath: keystone-paste.ini - name: keystone-etc
readOnly: true mountPath: /etc/keystone/keystone.conf
- name: keystone-etc subPath: keystone.conf
mountPath: /etc/keystone/policy.json readOnly: true
subPath: policy.json - name: keystone-etc
readOnly: true mountPath: /etc/keystone/keystone-paste.ini
- name: keystone-etc subPath: keystone-paste.ini
mountPath: /etc/keystone/sso_callback_template.html readOnly: true
subPath: sso_callback_template.html - name: keystone-etc
readOnly: true mountPath: /etc/keystone/policy.json
- name: keystone-etc subPath: policy.json
mountPath: /etc/apache2/conf-enabled/wsgi-keystone.conf readOnly: true
subPath: wsgi-keystone.conf - name: keystone-etc
readOnly: true mountPath: /etc/keystone/sso_callback_template.html
- name: keystone-etc subPath: sso_callback_template.html
mountPath: /etc/apache2/mods-available/mpm_event.conf readOnly: true
subPath: mpm_event.conf - name: keystone-etc
readOnly: true mountPath: /etc/apache2/conf-enabled/wsgi-keystone.conf
- name: keystone-bin subPath: wsgi-keystone.conf
mountPath: /tmp/start.sh readOnly: true
subPath: start.sh - name: keystone-etc
readOnly: true mountPath: /etc/apache2/mods-available/mpm_event.conf
subPath: mpm_event.conf
readOnly: true
- name: keystone-bin
mountPath: /tmp/start.sh
subPath: start.sh
readOnly: true
conf: conf:
paste: paste: