From 4a5440414aa260957e63e27c916407345c980860 Mon Sep 17 00:00:00 2001 From: Kevin Ayers Date: Wed, 3 Dec 2025 08:00:40 -0600 Subject: [PATCH] feature: Add Trove Chart Change-Id: Ice444c42e915d0e005b1f2edc202c71d7ed68bbf Signed-off-by: Kevin Ayers Signed-off-by: Sakshi Sharma Signed-off-by: Vladimir Kozhukalov --- doc/source/chart/openstack_charts.rst | 1 + doc/source/install/openstack.rst | 22 + releasenotes/config.yaml | 2 + releasenotes/notes/trove.yaml | 4 + tools/deployment/component/trove/trove.sh | 50 ++ trove/Chart.yaml | 31 + trove/templates/bin/_db-purge.sh.tpl | 20 + trove/templates/bin/_db-sync.sh.tpl | 19 + trove/templates/bin/_trove-api.sh.tpl | 20 + trove/templates/bin/_trove-conductor.sh.tpl | 20 + trove/templates/bin/_trove-taskmanager.sh.tpl | 20 + trove/templates/certificates.yaml | 44 ++ trove/templates/configmap-bin.yaml | 52 ++ trove/templates/configmap-etc.yaml | 93 +++ trove/templates/cron-job-trove-db-purge.yaml | 95 +++ trove/templates/deployment-api.yaml | 130 +++ trove/templates/deployment-conductor.yaml | 106 +++ trove/templates/deployment-taskmanager.yaml | 106 +++ trove/templates/ingress-api.yaml | 26 + trove/templates/job-db-drop.yaml | 21 + trove/templates/job-db-init.yaml | 32 + trove/templates/job-db-sync.yaml | 29 + trove/templates/job-image-repo-sync.yaml | 21 + trove/templates/job-ks-endpoints.yaml | 29 + trove/templates/job-ks-service.yaml | 29 + trove/templates/job-ks-user.yaml | 29 + trove/templates/job-rabbit-init.yaml | 32 + trove/templates/network_policy.yaml | 49 ++ trove/templates/pdb-api.yaml | 27 + trove/templates/pod-rally-test.yaml | 77 ++ trove/templates/secret-db.yaml | 31 + trove/templates/secret-ingress-tls.yaml | 17 + trove/templates/secret-keystone.yaml | 40 + trove/templates/secret-rabbitmq.yaml | 34 + trove/templates/secret-registry.yaml | 28 + trove/templates/service-api.yaml | 37 + trove/templates/service-ingress-api.yaml | 23 + trove/values.yaml | 747 ++++++++++++++++++ .../trove/2024.2-ubuntu_jammy.yaml | 22 + .../trove/2025.1-ubuntu_jammy.yaml | 22 + .../trove/2025.1-ubuntu_noble.yaml | 22 + .../trove/2025.2-ubuntu_noble.yaml | 22 + values_overrides/trove/annotations.yaml | 16 + zuul.d/2024.2.yaml | 10 + zuul.d/2025.1.yaml | 20 + zuul.d/2025.2-ubuntu_noble.yaml | 11 + zuul.d/base.yaml | 29 + zuul.d/project.yaml | 1 + 48 files changed, 2368 insertions(+) create mode 100644 releasenotes/notes/trove.yaml create mode 100755 tools/deployment/component/trove/trove.sh create mode 100644 trove/Chart.yaml create mode 100644 trove/templates/bin/_db-purge.sh.tpl create mode 100644 trove/templates/bin/_db-sync.sh.tpl create mode 100644 trove/templates/bin/_trove-api.sh.tpl create mode 100644 trove/templates/bin/_trove-conductor.sh.tpl create mode 100644 trove/templates/bin/_trove-taskmanager.sh.tpl create mode 100644 trove/templates/certificates.yaml create mode 100644 trove/templates/configmap-bin.yaml create mode 100644 trove/templates/configmap-etc.yaml create mode 100644 trove/templates/cron-job-trove-db-purge.yaml create mode 100644 trove/templates/deployment-api.yaml create mode 100644 trove/templates/deployment-conductor.yaml create mode 100644 trove/templates/deployment-taskmanager.yaml create mode 100644 trove/templates/ingress-api.yaml create mode 100644 trove/templates/job-db-drop.yaml create mode 100644 trove/templates/job-db-init.yaml create mode 100644 trove/templates/job-db-sync.yaml create mode 100644 trove/templates/job-image-repo-sync.yaml create mode 100644 trove/templates/job-ks-endpoints.yaml create mode 100644 trove/templates/job-ks-service.yaml create mode 100644 trove/templates/job-ks-user.yaml create mode 100644 trove/templates/job-rabbit-init.yaml create mode 100644 trove/templates/network_policy.yaml create mode 100644 trove/templates/pdb-api.yaml create mode 100644 trove/templates/pod-rally-test.yaml create mode 100644 trove/templates/secret-db.yaml create mode 100644 trove/templates/secret-ingress-tls.yaml create mode 100644 trove/templates/secret-keystone.yaml create mode 100644 trove/templates/secret-rabbitmq.yaml create mode 100644 trove/templates/secret-registry.yaml create mode 100644 trove/templates/service-api.yaml create mode 100644 trove/templates/service-ingress-api.yaml create mode 100644 trove/values.yaml create mode 100644 values_overrides/trove/2024.2-ubuntu_jammy.yaml create mode 100644 values_overrides/trove/2025.1-ubuntu_jammy.yaml create mode 100644 values_overrides/trove/2025.1-ubuntu_noble.yaml create mode 100644 values_overrides/trove/2025.2-ubuntu_noble.yaml create mode 100644 values_overrides/trove/annotations.yaml diff --git a/doc/source/chart/openstack_charts.rst b/doc/source/chart/openstack_charts.rst index ab6c86a8be..45b94cd918 100644 --- a/doc/source/chart/openstack_charts.rst +++ b/doc/source/chart/openstack_charts.rst @@ -31,5 +31,6 @@ OpenStack charts options skyline tacker tempest + trove watcher zaqar diff --git a/doc/source/install/openstack.rst b/doc/source/install/openstack.rst index 068ec5c486..925e9504d5 100644 --- a/doc/source/install/openstack.rst +++ b/doc/source/install/openstack.rst @@ -233,6 +233,7 @@ To deploy the OpenStack Cinder use the following helm osh wait-for-pods openstack + Compute kit backend: Openvswitch and Libvirt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -461,6 +462,27 @@ please refer `Install Tacker via Openstack Helm`_. .. _Install Tacker via Openstack Helm: https://docs.openstack.org/tacker/latest/install/openstack_helm.html +Trove +~~~~~ + +OpenStack Trove is the Database as a Service (DBaaS) component of the +OpenStack cloud computing platform. It provides scalable and reliable +cloud database services, allowing users to provision and manage database +instances without the complexity of handling database administration tasks. +Trove supports multiple database engines including MySQL, PostgreSQL, +MongoDB, and others. + +To deploy the OpenStack Trove use the following + +.. code-block:: bash + + helm upgrade --install trove openstack-helm/trove \ + --namespace=openstack \ + --timeout=600s \ + $(helm osh get-values-overrides -p ${OVERRIDES_DIR} -c trove ${FEATURES}) + + helm osh wait-for-pods openstack + Blazar ~~~~~~ diff --git a/releasenotes/config.yaml b/releasenotes/config.yaml index fe8c805f78..c17f4dd5b2 100644 --- a/releasenotes/config.yaml +++ b/releasenotes/config.yaml @@ -79,7 +79,9 @@ sections: - [redis, redis Chart] - [registry, registry Chart] - [shaker, shaker Chart] + - [tacker, tacker Chart] - [tempest, tempest Chart] + - [trove, trove Chart] - [watcher, watcher Chart] - [features, New Features] - [issues, Known Issues] diff --git a/releasenotes/notes/trove.yaml b/releasenotes/notes/trove.yaml new file mode 100644 index 0000000000..70eebca4a1 --- /dev/null +++ b/releasenotes/notes/trove.yaml @@ -0,0 +1,4 @@ +--- +trove: + - Initial Chart - OpenStack Database as a Service (DBaaS) +... diff --git a/tools/deployment/component/trove/trove.sh b/tools/deployment/component/trove/trove.sh new file mode 100755 index 0000000000..484692b9a9 --- /dev/null +++ b/tools/deployment/component/trove/trove.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +set -xe + +#NOTE: Define variables +: ${OSH_HELM_REPO:="../openstack-helm"} +: ${OSH_VALUES_OVERRIDES_PATH:="../openstack-helm/values_overrides"} +: ${OSH_EXTRA_HELM_ARGS_TROVE:="$(helm osh get-values-overrides ${DOWNLOAD_OVERRIDES:-} -p ${OSH_VALUES_OVERRIDES_PATH} -c trove ${FEATURES})"} +: ${RUN_HELM_TESTS:="yes"} + +#NOTE: Deploy command +tee /tmp/trove.yaml <= 0.1.0" +... diff --git a/trove/templates/bin/_db-purge.sh.tpl b/trove/templates/bin/_db-purge.sh.tpl new file mode 100644 index 0000000000..603dcd4a46 --- /dev/null +++ b/trove/templates/bin/_db-purge.sh.tpl @@ -0,0 +1,20 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +# Purge deleted instances older than 30 days +trove-manage --config-file /etc/trove/trove.conf db_purge --age_in_days 30 diff --git a/trove/templates/bin/_db-sync.sh.tpl b/trove/templates/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..2087b40b4c --- /dev/null +++ b/trove/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +trove-manage --config-file /etc/trove/trove.conf db_sync diff --git a/trove/templates/bin/_trove-api.sh.tpl b/trove/templates/bin/_trove-api.sh.tpl new file mode 100644 index 0000000000..82b9136f0b --- /dev/null +++ b/trove/templates/bin/_trove-api.sh.tpl @@ -0,0 +1,20 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +exec trove-api \ + --config-file /etc/trove/trove.conf diff --git a/trove/templates/bin/_trove-conductor.sh.tpl b/trove/templates/bin/_trove-conductor.sh.tpl new file mode 100644 index 0000000000..87d5f8edcd --- /dev/null +++ b/trove/templates/bin/_trove-conductor.sh.tpl @@ -0,0 +1,20 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +exec trove-conductor \ + --config-file /etc/trove/trove.conf diff --git a/trove/templates/bin/_trove-taskmanager.sh.tpl b/trove/templates/bin/_trove-taskmanager.sh.tpl new file mode 100644 index 0000000000..21346722b5 --- /dev/null +++ b/trove/templates/bin/_trove-taskmanager.sh.tpl @@ -0,0 +1,20 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +exec trove-taskmanager \ + --config-file /etc/trove/trove.conf diff --git a/trove/templates/certificates.yaml b/trove/templates/certificates.yaml new file mode 100644 index 0000000000..487ed89513 --- /dev/null +++ b/trove/templates/certificates.yaml @@ -0,0 +1,44 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.certificates }} +{{- $envAll := . }} +{{- $endpoint := "database" }} +{{- range $key1, $cert := tuple "public" "internal" }} +{{- $endpointScheme := tuple $endpoint "service" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" }} +{{- if eq $endpointScheme "https" }} +{{- $certName := index $envAll.Values.secrets.tls $endpoint "api" $cert }} +{{- $endpointHost := index $envAll.Values.endpoints $endpoint "host_fqdn_override" $cert "host" }} +{{- $endpointClusterHostname := tuple $endpoint $cert $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $endpointHostname := $endpointClusterHostname }} +{{- if $endpointHost }} +{{- $endpointHostname = $endpointHost }} +{{- end }} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ $certName }} +spec: + secretName: {{ $certName }} + issuerRef: + name: {{ index $envAll.Values.endpoints $endpoint "host_fqdn_override" $cert "tls" "issuerRef" "name" }} + kind: {{ index $envAll.Values.endpoints $endpoint "host_fqdn_override" $cert "tls" "issuerRef" "kind" }} + commonName: {{ $endpointHostname }} + dnsNames: + - {{ $endpointHostname }} + - {{ $endpointClusterHostname }} +{{- end }} +{{- end }} +{{- end }} diff --git a/trove/templates/configmap-bin.yaml b/trove/templates/configmap-bin.yaml new file mode 100644 index 0000000000..5c4dc1541b --- /dev/null +++ b/trove/templates/configmap-bin.yaml @@ -0,0 +1,52 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +{{- $rallyTests := .Values.conf.rally_tests }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: trove-bin +data: +{{- if .Values.images.local_registry.active }} + image-repo-sync.sh: | +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} + rally-test.sh: | +{{ tuple $rallyTests | include "helm-toolkit.scripts.rally_test" | indent 4 }} + db-init.py: | +{{- include "helm-toolkit.scripts.db_init" . | indent 4 }} + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + db-drop.py: | +{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }} + db-purge.sh: | +{{ tuple "bin/_db-purge.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + ks-service.sh: | +{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }} + ks-endpoints.sh: | +{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }} + ks-user.sh: | +{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} + trove-api.sh: | +{{ tuple "bin/_trove-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + trove-conductor.sh: | +{{ tuple "bin/_trove-conductor.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + trove-taskmanager.sh: | +{{ tuple "bin/_trove-taskmanager.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + rabbit-init.sh: | +{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }} +{{- end }} diff --git a/trove/templates/configmap-etc.yaml b/trove/templates/configmap-etc.yaml new file mode 100644 index 0000000000..589fa3051a --- /dev/null +++ b/trove/templates/configmap-etc.yaml @@ -0,0 +1,93 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_etc }} +{{- $envAll := . }} + +{{- if empty .Values.conf.trove.database.connection }} +{{- $_ := tuple "oslo_db" "internal" "trove" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.trove.database "connection" -}} +{{- end -}} + +{{- if empty .Values.conf.trove.DEFAULT.transport_url }} +{{- $_ := tuple "oslo_messaging" "internal" "trove" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.trove.DEFAULT "transport_url" -}} +{{- end -}} + +{{- if empty .Values.conf.trove.keystone_authtoken.auth_uri }} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.trove.keystone_authtoken "auth_uri" -}} +{{- end -}} + +{{- if empty .Values.conf.trove.keystone_authtoken.auth_url }} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.trove.keystone_authtoken "auth_url" -}} +{{- end -}} + +{{- if empty .Values.conf.trove.keystone_authtoken.region_name }} +{{- $_ := set .Values.conf.trove.keystone_authtoken "region_name" .Values.endpoints.identity.auth.trove.region_name -}} +{{- end -}} +{{- if empty .Values.conf.trove.keystone_authtoken.project_name }} +{{- $_ := set .Values.conf.trove.keystone_authtoken "project_name" .Values.endpoints.identity.auth.trove.project_name -}} +{{- end -}} +{{- if empty .Values.conf.trove.keystone_authtoken.project_domain_name }} +{{- $_ := set .Values.conf.trove.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.trove.project_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.trove.keystone_authtoken.user_domain_name }} +{{- $_ := set .Values.conf.trove.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.trove.user_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.trove.keystone_authtoken.username }} +{{- $_ := set .Values.conf.trove.keystone_authtoken "username" .Values.endpoints.identity.auth.trove.username -}} +{{- end -}} +{{- if empty .Values.conf.trove.keystone_authtoken.password }} +{{- $_ := set .Values.conf.trove.keystone_authtoken "password" .Values.endpoints.identity.auth.trove.password -}} +{{- end -}} + +{{- if empty .Values.conf.trove.keystone_authtoken.memcached_servers }} +{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.trove.keystone_authtoken "memcached_servers" -}} +{{- end -}} +{{- if empty .Values.conf.trove.keystone_authtoken.memcache_secret_key }} +{{- $_ := set .Values.conf.trove.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}} +{{- end -}} + +{{- if empty .Values.conf.trove.service_credentials.auth_url }} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.trove.service_credentials "auth_url" -}} +{{- end -}} +{{- if empty .Values.conf.trove.service_credentials.region_name }} +{{- $_ := set .Values.conf.trove.service_credentials "region_name" .Values.endpoints.identity.auth.trove.region_name -}} +{{- end -}} +{{- if empty .Values.conf.trove.service_credentials.project_name }} +{{- $_ := set .Values.conf.trove.service_credentials "project_name" .Values.endpoints.identity.auth.trove.project_name -}} +{{- end -}} +{{- if empty .Values.conf.trove.service_credentials.project_domain_name }} +{{- $_ := set .Values.conf.trove.service_credentials "project_domain_name" .Values.endpoints.identity.auth.trove.project_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.trove.service_credentials.user_domain_name }} +{{- $_ := set .Values.conf.trove.service_credentials "user_domain_name" .Values.endpoints.identity.auth.trove.user_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.trove.service_credentials.username }} +{{- $_ := set .Values.conf.trove.service_credentials "username" .Values.endpoints.identity.auth.trove.username -}} +{{- end -}} +{{- if empty .Values.conf.trove.service_credentials.password }} +{{- $_ := set .Values.conf.trove.service_credentials "password" .Values.endpoints.identity.auth.trove.password -}} +{{- end -}} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: trove-etc +type: Opaque +data: + trove.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.trove | b64enc }} + logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} + api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} + policy.yaml: {{ toYaml .Values.conf.policy | b64enc }} +{{- end }} diff --git a/trove/templates/cron-job-trove-db-purge.yaml b/trove/templates/cron-job-trove-db-purge.yaml new file mode 100644 index 0000000000..e839bdffec --- /dev/null +++ b/trove/templates/cron-job-trove-db-purge.yaml @@ -0,0 +1,95 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.cron_job_db_purge }} +{{- $envAll := . }} + +{{- $mounts_trove_db_purge := .Values.pod.mounts.trove_db_purge.trove_db_purge }} +{{- $mounts_trove_db_purge_init := .Values.pod.mounts.trove_db_purge.init_container }} + +{{- $serviceAccountName := "trove-db-purge" }} +{{ tuple $envAll "db_purge" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: trove-db-purge +spec: + schedule: {{ .Values.jobs.db_purge.cron | quote }} + successfulJobsHistoryLimit: {{ .Values.jobs.db_purge.history.success }} + failedJobsHistoryLimit: {{ .Values.jobs.db_purge.history.failed }} + startingDeadlineSeconds: {{ .Values.jobs.db_purge.starting_deadline }} + concurrencyPolicy: Forbid + jobTemplate: + metadata: + labels: +{{ tuple $envAll "trove" "db-purge" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + template: + metadata: + labels: +{{ tuple $envAll "trove" "db-purge" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }} + spec: +{{ tuple "trove_db_purge" . | include "helm-toolkit.snippets.kubernetes_pod_priority_class" | indent 10 }} +{{ tuple "trove_db_purge" . | include "helm-toolkit.snippets.kubernetes_pod_runtime_class" | indent 10 }} + serviceAccountName: {{ $serviceAccountName }} +{{ dict "envAll" $envAll "application" "db_purge" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }} + restartPolicy: OnFailure +{{ if $envAll.Values.pod.tolerations.trove.enabled }} +{{ tuple $envAll "trove" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 10 }} +{{ end }} + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + initContainers: +{{ tuple $envAll "db_purge" $mounts_trove_db_purge_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }} + containers: + - name: trove-db-purge +{{ tuple $envAll "trove_db_purge" | include "helm-toolkit.snippets.image" | indent 14 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_purge | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }} +{{ dict "envAll" $envAll "application" "db_purge" "container" "trove_db_purge" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 14 }} + command: + - /tmp/db-purge.sh + env: +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.trove }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 16 }} +{{- end }} + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: trove-bin + mountPath: /tmp/db-purge.sh + subPath: db-purge.sh + readOnly: true + - name: trove-etc + mountPath: /etc/trove/trove.conf + subPath: trove.conf + readOnly: true + - name: trove-etc + mountPath: {{ .Values.conf.trove.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.trove.DEFAULT.log_config_append }} + readOnly: true +{{ if $mounts_trove_db_purge.volumeMounts }}{{ toYaml $mounts_trove_db_purge.volumeMounts | indent 16 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: trove-bin + configMap: + name: trove-bin + defaultMode: 0555 + - name: trove-etc + secret: + secretName: trove-etc + defaultMode: 0444 +{{ if $mounts_trove_db_purge.volumes }}{{ toYaml $mounts_trove_db_purge.volumes | indent 12 }}{{ end }} +{{- end }} diff --git a/trove/templates/deployment-api.yaml b/trove/templates/deployment-api.yaml new file mode 100644 index 0000000000..defe563044 --- /dev/null +++ b/trove/templates/deployment-api.yaml @@ -0,0 +1,130 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "troveApiLivenessProbeTemplate" }} +httpGet: + scheme: {{ tuple "database" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }} + path: / + port: {{ tuple "database" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- end }} + +{{- define "troveApiReadinessProbeTemplate" }} +httpGet: + scheme: {{ tuple "database" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }} + path: / + port: {{ tuple "database" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- end }} + +{{- if .Values.manifests.deployment_api }} +{{- $envAll := . }} + +{{- $mounts_trove_api := .Values.pod.mounts.trove_api.trove_api }} +{{- $mounts_trove_api_init := .Values.pod.mounts.trove_api.init_container }} + +{{- $serviceAccountName := "trove-api" }} +{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: trove-api + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "trove" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.api }} + selector: + matchLabels: +{{ tuple $envAll "trove" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "trove" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} +{{ tuple "trove_api" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }} +{{ dict "envAll" $envAll "podName" "trove-api" "containerNames" (list "trove-api" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} + spec: +{{ tuple "trove_api" . | include "helm-toolkit.snippets.kubernetes_pod_priority_class" | indent 6 }} +{{ tuple "trove_api" . | include "helm-toolkit.snippets.kubernetes_pod_runtime_class" | indent 6 }} + serviceAccountName: {{ $serviceAccountName }} +{{ dict "envAll" $envAll "application" "trove_api" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: +{{ tuple $envAll "trove" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} +{{ if $envAll.Values.pod.tolerations.trove.enabled }} +{{ tuple $envAll "trove" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} +{{ end }} + nodeSelector: + {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }} + initContainers: +{{ tuple $envAll "api" $mounts_trove_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: trove-api +{{ tuple $envAll "trove_api" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "trove_api" "container" "trove_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/trove-api.sh + - start + env: +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.trove }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + ports: + - name: t-api + containerPort: {{ tuple "database" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{ dict "envAll" $envAll "component" "api" "container" "trove-api" "type" "liveness" "probeTemplate" (include "troveApiLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} +{{ dict "envAll" $envAll "component" "api" "container" "trove-api" "type" "readiness" "probeTemplate" (include "troveApiReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: trove-bin + mountPath: /tmp/trove-api.sh + subPath: trove-api.sh + readOnly: true + - name: trove-etc + mountPath: /etc/trove/trove.conf + subPath: trove.conf + readOnly: true + - name: trove-etc + mountPath: {{ .Values.conf.trove.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.trove.DEFAULT.log_config_append }} + readOnly: true + - name: trove-etc + mountPath: /etc/trove/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: trove-etc + mountPath: /etc/trove/policy.yaml + subPath: policy.yaml + readOnly: true +{{ if $mounts_trove_api.volumeMounts }}{{ toYaml $mounts_trove_api.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: trove-bin + configMap: + name: trove-bin + defaultMode: 0555 + - name: trove-etc + secret: + secretName: trove-etc + defaultMode: 0444 +{{ if $mounts_trove_api.volumes }}{{ toYaml $mounts_trove_api.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/trove/templates/deployment-conductor.yaml b/trove/templates/deployment-conductor.yaml new file mode 100644 index 0000000000..d289ef46bf --- /dev/null +++ b/trove/templates/deployment-conductor.yaml @@ -0,0 +1,106 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_conductor }} +{{- $envAll := . }} + +{{- $mounts_trove_conductor := .Values.pod.mounts.trove_conductor.trove_conductor }} +{{- $mounts_trove_conductor_init := .Values.pod.mounts.trove_conductor.init_container }} + +{{- $serviceAccountName := "trove-conductor" }} +{{ tuple $envAll "conductor" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: trove-conductor + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "trove" "conductor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.conductor }} + selector: + matchLabels: +{{ tuple $envAll "trove" "conductor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "trove" "conductor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} +{{ tuple "trove_conductor" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }} +{{ dict "envAll" $envAll "podName" "trove-conductor" "containerNames" (list "trove-conductor" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} + spec: +{{ tuple "trove_conductor" . | include "helm-toolkit.snippets.kubernetes_pod_priority_class" | indent 6 }} +{{ tuple "trove_conductor" . | include "helm-toolkit.snippets.kubernetes_pod_runtime_class" | indent 6 }} + serviceAccountName: {{ $serviceAccountName }} +{{ dict "envAll" $envAll "application" "trove_conductor" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: +{{ tuple $envAll "trove" "conductor" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} +{{ if $envAll.Values.pod.tolerations.trove.enabled }} +{{ tuple $envAll "trove" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} +{{ end }} + nodeSelector: + {{ .Values.labels.conductor.node_selector_key }}: {{ .Values.labels.conductor.node_selector_value }} + initContainers: +{{ tuple $envAll "conductor" $mounts_trove_conductor_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: trove-conductor +{{ tuple $envAll "trove_conductor" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "trove_conductor" "container" "trove_conductor" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/trove-conductor.sh + - start + env: +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.trove }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: trove-bin + mountPath: /tmp/trove-conductor.sh + subPath: trove-conductor.sh + readOnly: true + - name: trove-etc + mountPath: /etc/trove/trove.conf + subPath: trove.conf + readOnly: true + - name: trove-etc + mountPath: {{ .Values.conf.trove.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.trove.DEFAULT.log_config_append }} + readOnly: true + - name: trove-etc + mountPath: /etc/trove/policy.yaml + subPath: policy.yaml + readOnly: true +{{ if $mounts_trove_conductor.volumeMounts }}{{ toYaml $mounts_trove_conductor.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: trove-bin + configMap: + name: trove-bin + defaultMode: 0555 + - name: trove-etc + secret: + secretName: trove-etc + defaultMode: 0444 +{{ if $mounts_trove_conductor.volumes }}{{ toYaml $mounts_trove_conductor.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/trove/templates/deployment-taskmanager.yaml b/trove/templates/deployment-taskmanager.yaml new file mode 100644 index 0000000000..42aeab0a69 --- /dev/null +++ b/trove/templates/deployment-taskmanager.yaml @@ -0,0 +1,106 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_taskmanager }} +{{- $envAll := . }} + +{{- $mounts_trove_taskmanager := .Values.pod.mounts.trove_taskmanager.trove_taskmanager }} +{{- $mounts_trove_taskmanager_init := .Values.pod.mounts.trove_taskmanager.init_container }} + +{{- $serviceAccountName := "trove-taskmanager" }} +{{ tuple $envAll "taskmanager" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: trove-taskmanager + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "trove" "taskmanager" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.taskmanager }} + selector: + matchLabels: +{{ tuple $envAll "trove" "taskmanager" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "trove" "taskmanager" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} +{{ tuple "trove_taskmanager" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }} +{{ dict "envAll" $envAll "podName" "trove-taskmanager" "containerNames" (list "trove-taskmanager" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} + spec: +{{ tuple "trove_taskmanager" . | include "helm-toolkit.snippets.kubernetes_pod_priority_class" | indent 6 }} +{{ tuple "trove_taskmanager" . | include "helm-toolkit.snippets.kubernetes_pod_runtime_class" | indent 6 }} + serviceAccountName: {{ $serviceAccountName }} +{{ dict "envAll" $envAll "application" "trove_taskmanager" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: +{{ tuple $envAll "trove" "taskmanager" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} +{{ if $envAll.Values.pod.tolerations.trove.enabled }} +{{ tuple $envAll "trove" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} +{{ end }} + nodeSelector: + {{ .Values.labels.taskmanager.node_selector_key }}: {{ .Values.labels.taskmanager.node_selector_value }} + initContainers: +{{ tuple $envAll "taskmanager" $mounts_trove_taskmanager_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: trove-taskmanager +{{ tuple $envAll "trove_taskmanager" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.taskmanager | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "trove_taskmanager" "container" "trove_taskmanager" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/trove-taskmanager.sh + - start + env: +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.trove }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: trove-bin + mountPath: /tmp/trove-taskmanager.sh + subPath: trove-taskmanager.sh + readOnly: true + - name: trove-etc + mountPath: /etc/trove/trove.conf + subPath: trove.conf + readOnly: true + - name: trove-etc + mountPath: {{ .Values.conf.trove.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.trove.DEFAULT.log_config_append }} + readOnly: true + - name: trove-etc + mountPath: /etc/trove/policy.yaml + subPath: policy.yaml + readOnly: true +{{ if $mounts_trove_taskmanager.volumeMounts }}{{ toYaml $mounts_trove_taskmanager.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: trove-bin + configMap: + name: trove-bin + defaultMode: 0555 + - name: trove-etc + secret: + secretName: trove-etc + defaultMode: 0444 +{{ if $mounts_trove_taskmanager.volumes }}{{ toYaml $mounts_trove_taskmanager.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/trove/templates/ingress-api.yaml b/trove/templates/ingress-api.yaml new file mode 100644 index 0000000000..329ac9c6ac --- /dev/null +++ b/trove/templates/ingress-api.yaml @@ -0,0 +1,26 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }} +{{- $envAll := . }} +{{- $ingressOpts := dict "envAll" . "backendService" "api" "backendServiceType" "database" "backendPort" "t-api" -}} +{{- if .Values.network.api.ingress.classes -}} +{{- $_ := set $ingressOpts "ingressClassName" ( index .Values.network.api.ingress.classes .Release.Namespace | default ( index .Values.network.api.ingress.classes "cluster" ) ) -}} +{{- end -}} +{{- $secretName := index $envAll.Values.secrets.tls.database.api ( $ingressOpts.backendService | replace "-" "_" ) -}} +{{- if and .Values.manifests.certificates $secretName -}} +{{- $_ := set $ingressOpts "certIssuer" .Values.endpoints.database.host_fqdn_override.public.tls.issuerRef.name -}} +{{- end -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} diff --git a/trove/templates/job-db-drop.yaml b/trove/templates/job-db-drop.yaml new file mode 100644 index 0000000000..2e08e02fd8 --- /dev/null +++ b/trove/templates/job-db-drop.yaml @@ -0,0 +1,21 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_drop }} +{{- $dbDropJob := dict "envAll" . "serviceName" "trove" -}} +{{- if .Values.pod.tolerations.trove.enabled -}} +{{- $_ := set $dbDropJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} +{{- end }} diff --git a/trove/templates/job-db-init.yaml b/trove/templates/job-db-init.yaml new file mode 100644 index 0000000000..02634b2b26 --- /dev/null +++ b/trove/templates/job-db-init.yaml @@ -0,0 +1,32 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.db_init" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-5" +{{- end }} + +{{- if .Values.manifests.job_db_init }} +{{- $dbInitJob := dict "envAll" . "serviceName" "trove" -}} +{{- if .Values.manifests.certificates -}} +{{- $_ := set $dbInitJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} +{{- end -}} +{{- if .Values.helm3_hook }} +{{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }} +{{- end }} +{{- if .Values.pod.tolerations.trove.enabled -}} +{{- $_ := set $dbInitJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} +{{- end }} diff --git a/trove/templates/job-db-sync.yaml b/trove/templates/job-db-sync.yaml new file mode 100644 index 0000000000..7a23f7fb56 --- /dev/null +++ b/trove/templates/job-db-sync.yaml @@ -0,0 +1,29 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.db_sync" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-4" +{{- end }} + +{{- if .Values.manifests.job_db_sync }} +{{- $dbSyncJob := dict "envAll" . "serviceName" "trove" "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) -}} +{{- if .Values.helm3_hook }} +{{- $_ := set $dbSyncJob "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) }} +{{- end }} +{{- if .Values.pod.tolerations.trove.enabled -}} +{{- $_ := set $dbSyncJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} +{{- end }} diff --git a/trove/templates/job-image-repo-sync.yaml b/trove/templates/job-image-repo-sync.yaml new file mode 100644 index 0000000000..fb19f72d5e --- /dev/null +++ b/trove/templates/job-image-repo-sync.yaml @@ -0,0 +1,21 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} +{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "trove" -}} +{{- if .Values.pod.tolerations.trove.enabled -}} +{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} +{{- end }} diff --git a/trove/templates/job-ks-endpoints.yaml b/trove/templates/job-ks-endpoints.yaml new file mode 100644 index 0000000000..bf4e23fc9f --- /dev/null +++ b/trove/templates/job-ks-endpoints.yaml @@ -0,0 +1,29 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.ks_endpoints" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-1" +{{- end }} + +{{- if .Values.manifests.job_ks_endpoints }} +{{- $ksEndpointsJob := dict "envAll" . "serviceName" "trove" "serviceTypes" ( tuple "database" ) -}} +{{- if .Values.helm3_hook }} +{{- $_ := set $ksEndpointsJob "jobAnnotations" (include "metadata.annotations.job.ks_endpoints" . | fromYaml) }} +{{- end }} +{{- if .Values.pod.tolerations.trove.enabled -}} +{{- $_ := set $ksEndpointsJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $ksEndpointsJob | include "helm-toolkit.manifests.job_ks_endpoints" }} +{{- end }} diff --git a/trove/templates/job-ks-service.yaml b/trove/templates/job-ks-service.yaml new file mode 100644 index 0000000000..de1f14384d --- /dev/null +++ b/trove/templates/job-ks-service.yaml @@ -0,0 +1,29 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.ks_service" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-2" +{{- end }} + +{{- if .Values.manifests.job_ks_service }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "trove" "serviceTypes" ( tuple "database" ) -}} +{{- if .Values.helm3_hook }} +{{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_service" . | fromYaml) }} +{{- end }} +{{- if .Values.pod.tolerations.trove.enabled -}} +{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} +{{- end }} diff --git a/trove/templates/job-ks-user.yaml b/trove/templates/job-ks-user.yaml new file mode 100644 index 0000000000..2a84ba7668 --- /dev/null +++ b/trove/templates/job-ks-user.yaml @@ -0,0 +1,29 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.ks_user" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-3" +{{- end }} + +{{- if .Values.manifests.job_ks_user }} +{{- $ksUserJob := dict "envAll" . "serviceName" "trove" -}} +{{- if .Values.helm3_hook }} +{{- $_ := set $ksUserJob "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) }} +{{- end }} +{{- if .Values.pod.tolerations.trove.enabled -}} +{{- $_ := set $ksUserJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} +{{- end }} diff --git a/trove/templates/job-rabbit-init.yaml b/trove/templates/job-rabbit-init.yaml new file mode 100644 index 0000000000..54cf661b55 --- /dev/null +++ b/trove/templates/job-rabbit-init.yaml @@ -0,0 +1,32 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.rabbit_init" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-5" +{{- end }} + +{{- if .Values.manifests.job_rabbit_init }} +{{- $rabbitInitJob := dict "envAll" . "serviceName" "trove" -}} +{{- if .Values.manifests.certificates -}} +{{- $_ := set $rabbitInitJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}} +{{- end -}} +{{- if .Values.helm3_hook }} +{{- $_ := set $rabbitInitJob "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) }} +{{- end }} +{{- if .Values.pod.tolerations.trove.enabled -}} +{{- $_ := set $rabbitInitJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $rabbitInitJob | include "helm-toolkit.manifests.job_rabbit_init" }} +{{- end }} diff --git a/trove/templates/network_policy.yaml b/trove/templates/network_policy.yaml new file mode 100644 index 0000000000..92a3e0dc52 --- /dev/null +++ b/trove/templates/network_policy.yaml @@ -0,0 +1,49 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.network_policy -}} +{{- $envAll := . }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: trove-default +spec: + podSelector: + matchLabels: +{{ tuple $envAll "trove" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} + policyTypes: + - Ingress + - Egress + ingress: + - from: + - podSelector: + matchLabels: +{{ tuple $envAll "trove" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }} + ports: +{{ tuple "database" "service" "api" . | include "helm-toolkit.manifests.network_policy_list" | indent 8 }} + egress: + - to: + - namespaceSelector: + matchLabels: + name: kube-system + - to: + - namespaceSelector: + matchLabels: + name: {{ .Release.Namespace }} + ports: +{{ tuple "oslo_db" "internal" "mysql" . | include "helm-toolkit.manifests.network_policy_list" | indent 8 }} +{{ tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.manifests.network_policy_list" | indent 8 }} +{{ tuple "identity" "internal" "api" . | include "helm-toolkit.manifests.network_policy_list" | indent 8 }} +{{- end }} diff --git a/trove/templates/pdb-api.yaml b/trove/templates/pdb-api.yaml new file mode 100644 index 0000000000..47220e32fb --- /dev/null +++ b/trove/templates/pdb-api.yaml @@ -0,0 +1,27 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.pdb_api }} +{{- $envAll := . }} +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: trove-api +spec: + minAvailable: {{ .Values.pod.lifecycle.disruption_budget.api.min_available }} + selector: + matchLabels: +{{ tuple $envAll "trove" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{- end }} diff --git a/trove/templates/pod-rally-test.yaml b/trove/templates/pod-rally-test.yaml new file mode 100644 index 0000000000..4c5b218735 --- /dev/null +++ b/trove/templates/pod-rally-test.yaml @@ -0,0 +1,77 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.pod_rally_test }} +{{- $envAll := . }} + +{{- $mounts_trove_tests := .Values.pod.mounts.trove_tests.trove_tests }} +{{- $mounts_trove_tests_init := .Values.pod.mounts.trove_tests.init_container }} + +{{- $serviceAccountName := "trove-tests" }} +{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: v1 +kind: Pod +metadata: + name: "trove-tests" + labels: +{{ tuple $envAll "trove" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + annotations: + "helm.sh/hook": "test" + "helm.sh/hook-weight": "10" +spec: +{{ tuple "trove_tests" . | include "helm-toolkit.snippets.kubernetes_pod_priority_class" | indent 2 }} +{{ tuple "trove_tests" . | include "helm-toolkit.snippets.kubernetes_pod_runtime_class" | indent 2 }} + restartPolicy: Never + serviceAccountName: {{ $serviceAccountName }} +{{ if $envAll.Values.pod.tolerations.trove.enabled }} +{{ tuple $envAll "trove" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }} +{{ end }} + nodeSelector: + {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} + initContainers: +{{ tuple $envAll "tests" $mounts_trove_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }} + containers: + - name: trove-tests +{{ tuple $envAll "test" | include "helm-toolkit.snippets.image" | indent 6 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} + env: +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }} +{{- end }} + - name: RALLY_ENV_NAME + value: {{.Release.Name | quote }} + command: + - /tmp/rally-test.sh + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: trove-bin + mountPath: /tmp/rally-test.sh + subPath: rally-test.sh + readOnly: true + - name: rally-db + mountPath: /var/lib/rally +{{ if $mounts_trove_tests.volumeMounts }}{{ toYaml $mounts_trove_tests.volumeMounts | indent 8 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: trove-bin + configMap: + name: trove-bin + defaultMode: 0555 + - name: rally-db + emptyDir: {} +{{ if $mounts_trove_tests.volumes }}{{ toYaml $mounts_trove_tests.volumes | indent 4 }}{{ end }} +{{- end }} diff --git a/trove/templates/secret-db.yaml b/trove/templates/secret-db.yaml new file mode 100644 index 0000000000..7081d788b7 --- /dev/null +++ b/trove/templates/secret-db.yaml @@ -0,0 +1,31 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_db }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "trove" }} +{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: +{{- $userClassData := index $envAll.Values.endpoints.oslo_db.auth $userClass }} +{{- if $userClassData.username }} + DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }} +{{- end }} +{{- end }} +{{- end }} diff --git a/trove/templates/secret-ingress-tls.yaml b/trove/templates/secret-ingress-tls.yaml new file mode 100644 index 0000000000..fc4bc6ca35 --- /dev/null +++ b/trove/templates/secret-ingress-tls.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_ingress_tls }} +{{ include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "database" ) }} +{{- end }} diff --git a/trove/templates/secret-keystone.yaml b/trove/templates/secret-keystone.yaml new file mode 100644 index 0000000000..cb8d850950 --- /dev/null +++ b/trove/templates/secret-keystone.yaml @@ -0,0 +1,40 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_keystone }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "trove" }} +{{- $secretName := index $envAll.Values.secrets.identity $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: +{{- $identityClass := index $envAll.Values.endpoints.identity.auth $userClass }} +{{- if $identityClass.username }} + OS_AUTH_URL: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc }} + OS_REGION_NAME: {{ $identityClass.region_name | b64enc }} + OS_INTERFACE: {{ $identityClass.interface | default "internal" | b64enc }} + OS_ENDPOINT_TYPE: {{ $identityClass.interface | default "internal" | b64enc }} + OS_PROJECT_DOMAIN_NAME: {{ $identityClass.project_domain_name | b64enc }} + OS_PROJECT_NAME: {{ $identityClass.project_name | b64enc }} + OS_USER_DOMAIN_NAME: {{ $identityClass.user_domain_name | b64enc }} + OS_USERNAME: {{ $identityClass.username | b64enc }} + OS_PASSWORD: {{ $identityClass.password | b64enc }} + OS_DEFAULT_DOMAIN: {{ $identityClass.default_domain_id | default "default" | b64enc }} +{{- end }} +{{- end }} +{{- end }} diff --git a/trove/templates/secret-rabbitmq.yaml b/trove/templates/secret-rabbitmq.yaml new file mode 100644 index 0000000000..b78b69f994 --- /dev/null +++ b/trove/templates/secret-rabbitmq.yaml @@ -0,0 +1,34 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_rabbitmq }} +{{- $envAll := . }} +{{- $rabbitmqProtocol := "http" }} +{{- if $envAll.Values.manifests.certificates }} +{{- $rabbitmqProtocol = "https" }} +{{- end }} +{{- range $key1, $userClass := tuple "admin" "trove" }} +{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + annotations: +{{ tuple "oslo_messaging" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} +type: Opaque +data: + RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }} +{{- end }} +{{- end }} diff --git a/trove/templates/secret-registry.yaml b/trove/templates/secret-registry.yaml new file mode 100644 index 0000000000..68f1d20cbd --- /dev/null +++ b/trove/templates/secret-registry.yaml @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_registry }} +{{- $envAll := . }} +{{- if .Values.endpoints.oci_image_registry.auth.enabled }} +{{- $secretName := .Values.secrets.oci_image_registry.trove }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ include "helm-toolkit.utils.imagePullSecret" ( dict "images" ( list .Values.endpoints.oci_image_registry ) "secret" ( dict "name" $secretName "namespace" $envAll.Release.Namespace ) ) }} +{{- end }} +{{- end }} diff --git a/trove/templates/service-api.yaml b/trove/templates/service-api.yaml new file mode 100644 index 0000000000..f38c91d013 --- /dev/null +++ b/trove/templates/service-api.yaml @@ -0,0 +1,37 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_api }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "database" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: t-api + port: {{ tuple "database" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{ if .Values.network.api.node_port.enabled }} + nodePort: {{ .Values.network.api.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "trove" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.api.node_port.enabled }} + type: NodePort + {{ if .Values.network.api.external_policy_local }} + externalTrafficPolicy: Local + {{ end }} + {{ end }} +{{- end }} diff --git a/trove/templates/service-ingress-api.yaml b/trove/templates/service-ingress-api.yaml new file mode 100644 index 0000000000..21482809db --- /dev/null +++ b/trove/templates/service-ingress-api.yaml @@ -0,0 +1,23 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_ingress_api }} +{{- $envAll := . }} +{{- $ingressOpts := dict "envAll" $envAll "backendServiceType" "database" "backendPort" "t-api" -}} +{{- $secretName := $envAll.Values.secrets.tls.database.api.internal -}} +{{- if and .Values.manifests.certificates $secretName -}} +{{- $_ := set $ingressOpts "certIssuer" .Values.endpoints.database.host_fqdn_override.default.tls.issuerRef.name -}} +{{- end -}} +{{ $ingressOpts | include "helm-toolkit.manifests.service_ingress" }} +{{- end }} diff --git a/trove/values.yaml b/trove/values.yaml new file mode 100644 index 0000000000..a960301b55 --- /dev/null +++ b/trove/values.yaml @@ -0,0 +1,747 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for trove. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +--- +labels: + api: + node_selector_key: openstack-control-plane + node_selector_value: enabled + conductor: + node_selector_key: openstack-control-plane + node_selector_value: enabled + taskmanager: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + test: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +release_group: null + +images: + tags: + test: docker.io/xrally/xrally-openstack:2.0.0 + db_init: quay.io/airshipit/heat:2025.1-ubuntu_noble + trove_db_sync: quay.io/airshipit/trove:2025.1-ubuntu_noble + db_drop: quay.io/airshipit/heat:2025.1-ubuntu_noble + rabbit_init: docker.io/rabbitmq:3.13-management + ks_user: quay.io/airshipit/heat:2025.1-ubuntu_noble + ks_service: quay.io/airshipit/heat:2025.1-ubuntu_noble + ks_endpoints: quay.io/airshipit/heat:2025.1-ubuntu_noble + trove_api: quay.io/airshipit/trove:2025.1-ubuntu_noble + trove_conductor: quay.io/airshipit/trove:2025.1-ubuntu_noble + trove_taskmanager: quay.io/airshipit/trove:2025.1-ubuntu_noble + trove_db_purge: quay.io/airshipit/trove:2025.1-ubuntu_noble + dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy + image_repo_sync: docker.io/docker:17.07.0 + pull_policy: "IfNotPresent" + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +jobs: + db_purge: + cron: "0 0 * * *" + starting_deadline: 600 + history: + success: 3 + failed: 1 + +pod: + probes: + api: + trove-api: + liveness: + enabled: true + params: + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + readiness: + enabled: true + params: + initialDelaySeconds: 30 + security_context: + db_purge: + pod: + runAsUser: 42424 + container: + trove_db_purge: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + trove_api: + pod: + runAsUser: 42424 + container: + trove_api: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + trove_conductor: + pod: + runAsUser: 42424 + container: + trove_conductor: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + trove_taskmanager: + pod: + runAsUser: 42424 + container: + trove_taskmanager: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + weight: + default: 10 + tolerations: + trove: + enabled: false + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule + mounts: + trove_api: + init_container: null + trove_api: + volumeMounts: + volumes: + trove_conductor: + init_container: null + trove_conductor: + volumeMounts: + volumes: + trove_taskmanager: + init_container: null + trove_taskmanager: + volumeMounts: + volumes: + trove_db_purge: + init_container: null + trove_db_purge: + volumeMounts: + volumes: + trove_tests: + init_container: null + trove_tests: + volumeMounts: + volumes: + trove_db_sync: + trove_db_sync: + volumeMounts: + volumes: + replicas: + api: 1 + conductor: 1 + taskmanager: 1 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + disruption_budget: + api: + min_available: 0 + termination_grace_period: + api: + timeout: 30 + resources: + enabled: false + api: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + conductor: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + taskmanager: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + jobs: + bootstrap: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + rabbit_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_drop: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_purge: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_endpoints: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_service: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_user: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + tests: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +network: + api: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + external_policy_local: false + node_port: + enabled: false + port: 30878 + +conf: + paste: + composite:trove: + use: call:trove.common.wsgi:versioned_urlmap + /: versions + /v1.0: troveapi + app:versions: + paste.app_factory: trove.versions:app_factory + pipeline:troveapi: + pipeline: http_proxy_to_wsgi faultwrapper authtoken authorization contextwrapper ratelimit extensions troveapp + filter:extensions: + paste.filter_factory: trove.common.extensions:factory + filter:authtoken: + paste.filter_factory: keystonemiddleware.auth_token:filter_factory + filter:authorization: + paste.filter_factory: trove.common.auth:AuthorizationMiddleware.factory + filter:contextwrapper: + paste.filter_factory: trove.common.wsgi:ContextMiddleware.factory + filter:faultwrapper: + paste.filter_factory: trove.common.wsgi:FaultWrapper.factory + filter:ratelimit: + paste.filter_factory: trove.common.limits:RateLimitingMiddleware.factory + filter:http_proxy_to_wsgi: + paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory + app:troveapp: + paste.app_factory: trove.common.api:app_factory + policy: {} + trove: + DEFAULT: + log_config_append: /etc/trove/logging.conf + trove_api_workers: 4 + transport_url: null + # control_exchange: trove + # ip_regex: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ + # black_list_regex: ^10\.0\.0\.[0-9]+$ + default_datastore: mysql + datastore_registry_ext: mysql:trove.guestagent.datastore.mysql.manager.Manager + trove_conductor_workers: 1 + notification_service_id: mysql:2f3ff068-2bfb-4f70-9a9d-a6bb65bc084b + os_region_name: RegionOne + # nova_compute_url: "" + # cinder_url: "" + # swift_url: "" + # neutron_url: "" + # heat_url: "" + trove_volume_support: true + network_isolation: false + database: + connection: null + keystone_authtoken: + auth_type: password + auth_version: v3 + memcache_security_strategy: ENCRYPT + service_credentials: + auth_url: null + region_name: RegionOne + interface: internal + auth_type: password + oslo_messaging_notifications: + driver: messagingv2 + oslo_messaging_rabbit: + rabbit_ha_queues: true + oslo_concurrency: + lock_path: /var/lib/trove/tmp + oslo_policy: + policy_file: /etc/trove/policy.yaml + + logging: + loggers: + keys: + - root + - trove + handlers: + keys: + - stdout + - stderr + - "null" + formatters: + keys: + - context + - default + logger_root: + level: DEBUG + handlers: + - stdout + logger_trove: + level: DEBUG + handlers: + - stdout + qualname: trove + logger_amqp: + level: WARNING + handlers: stderr + qualname: amqp + logger_amqplib: + level: WARNING + handlers: stderr + qualname: amqplib + logger_eventletwsgi: + level: WARNING + handlers: stderr + qualname: eventlet.wsgi.server + logger_sqlalchemy: + level: WARNING + handlers: stderr + qualname: sqlalchemy + logger_boto: + level: WARNING + handlers: stderr + qualname: boto + handler_null: + class: logging.NullHandler + formatter: default + args: () + handler_stdout: + class: StreamHandler + args: (sys.stdout,) + formatter: context + handler_stderr: + class: StreamHandler + args: (sys.stderr,) + formatter: context + formatter_context: + class: oslo_log.formatters.ContextFormatter + datefmt: "%Y-%m-%d %H:%M:%S" + formatter_default: + format: "%(message)s" + datefmt: "%Y-%m-%d %H:%M:%S" + rally_tests: + run_tempest: false + tests: + TroveInstances.create_and_delete_instance: + - runner: + type: constant + times: 1 + concurrency: 1 + context: + users: + tenants: 1 + users_per_tenant: 1 + args: + flavor_name: "m1.tiny" + volume_size: 1 + databases: + - name: "testdb" + users: + - name: "testuser" + password: "testpass" + databases: + - "testdb" + +dependencies: + dynamic: + common: + local_image_registry: + jobs: + - trove-image-repo-sync + services: + - endpoint: node + service: local_image_registry + static: + api: + jobs: + - trove-db-sync + - trove-ks-user + - trove-ks-endpoints + - trove-rabbit-init + services: + - endpoint: internal + service: oslo_db + - endpoint: internal + service: identity + - endpoint: internal + service: oslo_messaging + conductor: + jobs: + - trove-db-sync + - trove-ks-user + - trove-rabbit-init + services: + - endpoint: internal + service: oslo_db + - endpoint: internal + service: identity + - endpoint: internal + service: oslo_messaging + taskmanager: + jobs: + - trove-db-sync + - trove-ks-user + - trove-rabbit-init + services: + - endpoint: internal + service: oslo_db + - endpoint: internal + service: identity + - endpoint: internal + service: oslo_messaging + db_drop: + services: + - endpoint: internal + service: oslo_db + db_init: + services: + - endpoint: internal + service: oslo_db + db_sync: + jobs: + - trove-db-init + services: + - endpoint: internal + service: oslo_db + ks_user: + services: + - endpoint: internal + service: identity + ks_service: + services: + - endpoint: internal + service: identity + ks_endpoints: + jobs: + - trove-ks-service + services: + - endpoint: internal + service: identity + rabbit_init: + services: + - endpoint: internal + service: oslo_messaging + image_repo_sync: + services: + - endpoint: internal + service: local_image_registry + tests: + services: + - endpoint: internal + service: identity + - endpoint: internal + service: database + +# Names of secrets used by bootstrap and environmental checks +secrets: + identity: + admin: trove-keystone-admin + trove: trove-keystone-user + oslo_db: + admin: trove-db-admin + trove: trove-db-user + oslo_messaging: + admin: trove-rabbitmq-admin + trove: trove-rabbitmq-user + tls: + database: + api: + public: trove-tls-public + internal: trove-tls-api + oci_image_registry: + trove: trove-oci-image-registry-key + +# typically overridden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + trove: + username: trove + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null + identity: + name: keystone + auth: + admin: + region_name: RegionOne + username: admin + password: password + project_name: admin + user_domain_name: default + project_domain_name: default + trove: + role: admin + region_name: RegionOne + username: trove + password: password + project_name: service + user_domain_name: service + project_domain_name: service + hosts: + default: keystone + internal: keystone-api + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: http + port: + api: + default: 80 + internal: 5000 + database: + name: trove + hosts: + default: trove-api + public: trove + host_fqdn_override: + default: null + # NOTE: this chart supports TLS for fqdn over-ridden public + # endpoints using the following format: + # public: + # host: null + # tls: + # crt: null + # key: null + path: + default: /v1.0/%(tenant_id)s + scheme: + default: http + port: + api: + default: 8779 + public: 80 + oslo_db: + auth: + admin: + username: root + password: password + secret: + tls: + internal: mariadb-tls-direct + trove: + username: trove + password: password + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /trove + scheme: mysql+pymysql + port: + mysql: + default: 3306 + oslo_messaging: + auth: + admin: + username: rabbitmq + password: password + secret: + tls: + internal: rabbitmq-tls-direct + trove: + username: trove + password: password + statefulset: + replicas: 2 + name: rabbitmq-rabbitmq + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: /trove + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + oslo_cache: + auth: + # NOTE: this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + fluentd: + namespace: null + name: fluentd + hosts: + default: fluentd-logging + host_fqdn_override: + default: null + path: + default: null + scheme: 'http' + port: + service: + default: 24224 + metrics: + default: 24220 + +manifests: + certificates: false + configmap_bin: true + configmap_etc: true + cron_job_db_purge: true + deployment_api: true + deployment_conductor: true + deployment_taskmanager: true + ingress_api: true + job_bootstrap: false + job_db_init: true + job_db_sync: true + job_db_drop: false + job_image_repo_sync: true + job_ks_endpoints: true + job_ks_service: true + job_ks_user: true + job_rabbit_init: true + network_policy: false + pdb_api: true + pod_rally_test: true + secret_db: true + secret_ingress_tls: true + secret_keystone: true + secret_rabbitmq: true + secret_registry: true + service_api: true + service_ingress_api: true + +helm3_hook: true +... diff --git a/values_overrides/trove/2024.2-ubuntu_jammy.yaml b/values_overrides/trove/2024.2-ubuntu_jammy.yaml new file mode 100644 index 0000000000..cc6c4b5ed3 --- /dev/null +++ b/values_overrides/trove/2024.2-ubuntu_jammy.yaml @@ -0,0 +1,22 @@ +# Default values for tacker. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +--- +images: + tags: + test: docker.io/xrally/xrally-openstack:2.0.0 + db_init: quay.io/airshipit/openstack-client:2024.2-ubuntu_jammy + trove_db_sync: quay.io/airshipit/trove:2024.2-ubuntu_jammy + db_drop: quay.io/airshipit/openstack-client:2024.2-ubuntu_jammy + rabbit_init: docker.io/rabbitmq:3.13-management + ks_user: quay.io/airshipit/openstack-client:2024.2-ubuntu_jammy + ks_service: quay.io/airshipit/openstack-client:2024.2-ubuntu_jammy + ks_endpoints: quay.io/airshipit/openstack-client:2024.2-ubuntu_jammy + trove_api: quay.io/airshipit/trove:2024.2-ubuntu_jammy + trove_conductor: quay.io/airshipit/trove:2024.2-ubuntu_jammy + trove_taskmanager: quay.io/airshipit/trove:2024.2-ubuntu_jammy + trove_db_purge: quay.io/airshipit/trove:2024.2-ubuntu_jammy + dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy + image_repo_sync: docker.io/docker:17.07.0 +... diff --git a/values_overrides/trove/2025.1-ubuntu_jammy.yaml b/values_overrides/trove/2025.1-ubuntu_jammy.yaml new file mode 100644 index 0000000000..3331b2d8dc --- /dev/null +++ b/values_overrides/trove/2025.1-ubuntu_jammy.yaml @@ -0,0 +1,22 @@ +# Default values for tacker. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +--- +images: + tags: + test: docker.io/xrally/xrally-openstack:2.0.0 + db_init: quay.io/airshipit/openstack-client:2025.1-ubuntu_jammy + trove_db_sync: quay.io/airshipit/trove:2025.1-ubuntu_jammy + db_drop: quay.io/airshipit/openstack-client:2025.1-ubuntu_jammy + rabbit_init: docker.io/rabbitmq:3.13-management + ks_user: quay.io/airshipit/openstack-client:2025.1-ubuntu_jammy + ks_service: quay.io/airshipit/openstack-client:2025.1-ubuntu_jammy + ks_endpoints: quay.io/airshipit/openstack-client:2025.1-ubuntu_jammy + trove_api: quay.io/airshipit/trove:2025.1-ubuntu_jammy + trove_conductor: quay.io/airshipit/trove:2025.1-ubuntu_jammy + trove_taskmanager: quay.io/airshipit/trove:2025.1-ubuntu_jammy + trove_db_purge: quay.io/airshipit/trove:2025.1-ubuntu_jammy + dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy + image_repo_sync: docker.io/docker:17.07.0 +... diff --git a/values_overrides/trove/2025.1-ubuntu_noble.yaml b/values_overrides/trove/2025.1-ubuntu_noble.yaml new file mode 100644 index 0000000000..ebcd618894 --- /dev/null +++ b/values_overrides/trove/2025.1-ubuntu_noble.yaml @@ -0,0 +1,22 @@ +# Default values for tacker. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +--- +images: + tags: + test: docker.io/xrally/xrally-openstack:2.0.0 + db_init: quay.io/airshipit/openstack-client:2025.1-ubuntu_noble + trove_db_sync: quay.io/airshipit/trove:2025.1-ubuntu_noble + db_drop: quay.io/airshipit/openstack-client:2025.1-ubuntu_noble + rabbit_init: docker.io/rabbitmq:3.13-management + ks_user: quay.io/airshipit/openstack-client:2025.1-ubuntu_noble + ks_service: quay.io/airshipit/openstack-client:2025.1-ubuntu_noble + ks_endpoints: quay.io/airshipit/openstack-client:2025.1-ubuntu_noble + trove_api: quay.io/airshipit/trove:2025.1-ubuntu_noble + trove_conductor: quay.io/airshipit/trove:2025.1-ubuntu_noble + trove_taskmanager: quay.io/airshipit/trove:2025.1-ubuntu_noble + trove_db_purge: quay.io/airshipit/trove:2025.1-ubuntu_noble + dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy + image_repo_sync: docker.io/docker:17.07.0 +... diff --git a/values_overrides/trove/2025.2-ubuntu_noble.yaml b/values_overrides/trove/2025.2-ubuntu_noble.yaml new file mode 100644 index 0000000000..db72796f9e --- /dev/null +++ b/values_overrides/trove/2025.2-ubuntu_noble.yaml @@ -0,0 +1,22 @@ +# Default values for tacker. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +--- +images: + tags: + test: docker.io/xrally/xrally-openstack:2.0.0 + db_init: quay.io/airshipit/openstack-client:2025.2-ubuntu_noble + trove_db_sync: quay.io/airshipit/trove:2025.2-ubuntu_noble + db_drop: quay.io/airshipit/openstack-client:2025.2-ubuntu_noble + rabbit_init: docker.io/rabbitmq:3.13-management + ks_user: quay.io/airshipit/openstack-client:2025.2-ubuntu_noble + ks_service: quay.io/airshipit/openstack-client:2025.2-ubuntu_noble + ks_endpoints: quay.io/airshipit/openstack-client:2025.2-ubuntu_noble + trove_api: quay.io/airshipit/trove:2025.2-ubuntu_noble + trove_conductor: quay.io/airshipit/trove:2025.2-ubuntu_noble + trove_taskmanager: quay.io/airshipit/trove:2025.2-ubuntu_noble + trove_db_purge: quay.io/airshipit/trove:2025.2-ubuntu_noble + dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy + image_repo_sync: docker.io/docker:17.07.0 +... diff --git a/values_overrides/trove/annotations.yaml b/values_overrides/trove/annotations.yaml new file mode 100644 index 0000000000..aa7e48196b --- /dev/null +++ b/values_overrides/trove/annotations.yaml @@ -0,0 +1,16 @@ +--- +annotations: + secret: + default: + custom.tld/key: "value" + custom.tld/key2: "value2" + identity: + admin: + another.tld/foo: "bar" + oci_image_registry: + trove: + custom.tld/key: "value" + tls: + nfv_orchestration_api_public: + custom.tld/key: "value" +... diff --git a/zuul.d/2024.2.yaml b/zuul.d/2024.2.yaml index df1b4630c2..083d0649f7 100644 --- a/zuul.d/2024.2.yaml +++ b/zuul.d/2024.2.yaml @@ -20,6 +20,16 @@ container_distro_name: ubuntu container_distro_version: jammy +- job: + name: openstack-helm-trove-2024-2-ubuntu_jammy + parent: openstack-helm-trove + nodeset: openstack-helm-3nodes-ubuntu_jammy + vars: + osh_params: + openstack_release: "2024.2" + container_distro_name: ubuntu + container_distro_version: jammy + - job: name: openstack-helm-compute-kit-2024-2-ubuntu_jammy parent: openstack-helm-compute-kit diff --git a/zuul.d/2025.1.yaml b/zuul.d/2025.1.yaml index 0af4354d24..cd83329f6c 100644 --- a/zuul.d/2025.1.yaml +++ b/zuul.d/2025.1.yaml @@ -21,6 +21,16 @@ container_distro_name: ubuntu container_distro_version: jammy +- job: + name: openstack-helm-trove-2025-1-ubuntu_jammy + parent: openstack-helm-trove + nodeset: openstack-helm-5nodes-ubuntu_jammy + vars: + osh_params: + openstack_release: "2025.1" + container_distro_name: ubuntu + container_distro_version: jammy + - job: name: openstack-helm-compute-kit-2025-1-ubuntu_jammy parent: openstack-helm-compute-kit @@ -76,6 +86,16 @@ container_distro_version: noble feature_gates: uv +- job: + name: openstack-helm-trove-2025-1-ubuntu_noble + parent: openstack-helm-trove + nodeset: openstack-helm-5nodes-ubuntu_noble + vars: + osh_params: + openstack_release: "2025.1" + container_distro_name: ubuntu + container_distro_version: noble + - job: name: openstack-helm-compute-kit-2025-1-ubuntu_noble parent: openstack-helm-compute-kit diff --git a/zuul.d/2025.2-ubuntu_noble.yaml b/zuul.d/2025.2-ubuntu_noble.yaml index 2fed8329dd..55a110cada 100644 --- a/zuul.d/2025.2-ubuntu_noble.yaml +++ b/zuul.d/2025.2-ubuntu_noble.yaml @@ -32,6 +32,17 @@ container_distro_version: noble feature_gates: uv +- job: + name: openstack-helm-trove-2025-2-ubuntu_noble + parent: openstack-helm-trove + nodeset: openstack-helm-5nodes-ubuntu_noble + timeout: 10800 + vars: + osh_params: + openstack_release: "2025.2" + container_distro_name: ubuntu + container_distro_version: noble + - job: name: openstack-helm-compute-kit-2025-2-ubuntu_noble parent: openstack-helm-compute-kit diff --git a/zuul.d/base.yaml b/zuul.d/base.yaml index 0c09a202cc..d926d61e57 100644 --- a/zuul.d/base.yaml +++ b/zuul.d/base.yaml @@ -366,6 +366,35 @@ - ./tools/deployment/component/cinder/cinder.sh - ./tools/deployment/common/force-cronjob-run.sh +- job: + name: openstack-helm-trove + parent: openstack-helm-deploy + abstract: true + nodeset: openstack-helm-5nodes-ubuntu_noble + files: + - ^trove/.*$ + - ^zuul\.d/.*$ + - ^tools/deployment/component/trove/.*$ + vars: + gate_scripts: + - ./tools/deployment/common/prepare-bashrc.sh + - ./tools/deployment/common/prepare-k8s.sh + - ./tools/deployment/common/prepare-charts.sh + - ./tools/deployment/common/setup-client.sh + - ./tools/deployment/ceph/ceph-rook.sh + - ./tools/deployment/ceph/ceph-adapter-rook.sh + - export VOLUME_HELM_ARGS=" "; ./tools/deployment/component/common/rabbitmq.sh + - export VOLUME_HELM_ARGS=" "; ./tools/deployment/db/mariadb.sh + - ./tools/deployment/component/common/memcached.sh + - ./tools/deployment/component/keystone/keystone.sh + - ./tools/deployment/component/cinder/cinder.sh + - ./tools/deployment/component/heat/heat.sh + - ./tools/deployment/component/glance/glance.sh + - ./tools/deployment/component/compute-kit/openvswitch.sh + - ./tools/deployment/component/compute-kit/libvirt.sh + - ./tools/deployment/component/compute-kit/compute-kit.sh + - ./tools/deployment/component/trove/trove.sh + - job: name: openstack-helm-horizon parent: openstack-helm-deploy diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 727557445a..e1601e1c43 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -53,6 +53,7 @@ - openstack-helm-compute-kit-2025-2-ubuntu_noble # 1 node + 3 nodes - openstack-helm-compute-kit-ovn-2025-2-ubuntu_noble # 1 node + 3 nodes - openstack-helm-skyline-2025-2-ubuntu_noble # 3 nodes + - openstack-helm-trove-2025-2-ubuntu_noble # 5 nodes rook # Infra jobs - openstack-helm-logging - openstack-helm-monitoring