From 8a6b8888a0e262156e82ab994be416df51afac47 Mon Sep 17 00:00:00 2001 From: misook Date: Wed, 30 Jul 2025 17:13:23 +0900 Subject: [PATCH] Add Helm chart for Watcher optimization service Watcher provides a flexible and scalable resource optimization service for multi-tenant OpenStack-based clouds. This is a initial Helm chart to simplify its deployment and management within Kubernetes clusters. Implements: Add Chart for watcher Change-Id: Ibc447afee192fde19142abf0dff77d2f3bcb2c14 Signed-off-by: misook --- doc/source/chart/openstack_charts.rst | 1 + releasenotes/config.yaml | 1 + releasenotes/notes/watcher.yaml | 4 + tools/deployment/component/watcher/watcher.sh | 34 + .../watcher/2024.2-ubuntu_jammy.yaml | 14 + .../watcher/2025.1-ubuntu_jammy.yaml | 14 + .../watcher/2025.1-ubuntu_noble.yaml | 14 + watcher/Chart.yaml | 31 + watcher/templates/bin/_bootstrap.sh.tpl | 18 + watcher/templates/bin/_db-sync.sh.tpl | 19 + watcher/templates/bin/_watcher-api.sh.tpl | 29 + watcher/templates/bin/_watcher-applier.sh.tpl | 19 + .../bin/_watcher-decision-engine.sh.tpl | 19 + watcher/templates/configmap-bin.yaml | 54 ++ watcher/templates/configmap-etc.yaml | 90 +++ watcher/templates/deployment-api.yaml | 110 ++++ watcher/templates/deployment-applier.yaml | 90 +++ watcher/templates/ingress-api.yaml | 18 + watcher/templates/job-bootstrap.yaml | 18 + watcher/templates/job-db-drop.yaml | 18 + watcher/templates/job-db-init.yaml | 18 + watcher/templates/job-db-sync.yaml | 18 + watcher/templates/job-image-repo-sync.yaml | 18 + watcher/templates/job-ks-endpoints.yaml | 18 + watcher/templates/job-ks-service.yaml | 18 + watcher/templates/job-ks-user.yaml | 18 + watcher/templates/job-rabbit-init.yaml | 18 + watcher/templates/network_policy.yaml | 18 + watcher/templates/pdb-api.yaml | 27 + watcher/templates/pod-rally-test.yaml | 106 +++ watcher/templates/secret-db.yaml | 28 + watcher/templates/secret-keystone.yaml | 28 + watcher/templates/secret-rabbitmq.yaml | 28 + watcher/templates/secret-registry.yaml | 17 + watcher/templates/service-api.yaml | 34 + watcher/templates/service-ingress-api.yaml | 18 + .../statefulset-decision-engine.yaml | 88 +++ watcher/values.yaml | 609 ++++++++++++++++++ 38 files changed, 1742 insertions(+) create mode 100644 releasenotes/notes/watcher.yaml create mode 100755 tools/deployment/component/watcher/watcher.sh create mode 100644 values_overrides/watcher/2024.2-ubuntu_jammy.yaml create mode 100644 values_overrides/watcher/2025.1-ubuntu_jammy.yaml create mode 100644 values_overrides/watcher/2025.1-ubuntu_noble.yaml create mode 100644 watcher/Chart.yaml create mode 100644 watcher/templates/bin/_bootstrap.sh.tpl create mode 100644 watcher/templates/bin/_db-sync.sh.tpl create mode 100644 watcher/templates/bin/_watcher-api.sh.tpl create mode 100644 watcher/templates/bin/_watcher-applier.sh.tpl create mode 100644 watcher/templates/bin/_watcher-decision-engine.sh.tpl create mode 100644 watcher/templates/configmap-bin.yaml create mode 100644 watcher/templates/configmap-etc.yaml create mode 100644 watcher/templates/deployment-api.yaml create mode 100644 watcher/templates/deployment-applier.yaml create mode 100644 watcher/templates/ingress-api.yaml create mode 100644 watcher/templates/job-bootstrap.yaml create mode 100644 watcher/templates/job-db-drop.yaml create mode 100644 watcher/templates/job-db-init.yaml create mode 100644 watcher/templates/job-db-sync.yaml create mode 100644 watcher/templates/job-image-repo-sync.yaml create mode 100644 watcher/templates/job-ks-endpoints.yaml create mode 100644 watcher/templates/job-ks-service.yaml create mode 100644 watcher/templates/job-ks-user.yaml create mode 100644 watcher/templates/job-rabbit-init.yaml create mode 100644 watcher/templates/network_policy.yaml create mode 100644 watcher/templates/pdb-api.yaml create mode 100644 watcher/templates/pod-rally-test.yaml create mode 100644 watcher/templates/secret-db.yaml create mode 100644 watcher/templates/secret-keystone.yaml create mode 100644 watcher/templates/secret-rabbitmq.yaml create mode 100644 watcher/templates/secret-registry.yaml create mode 100644 watcher/templates/service-api.yaml create mode 100644 watcher/templates/service-ingress-api.yaml create mode 100644 watcher/templates/statefulset-decision-engine.yaml create mode 100644 watcher/values.yaml diff --git a/doc/source/chart/openstack_charts.rst b/doc/source/chart/openstack_charts.rst index 85566bb124..7962cd3cac 100644 --- a/doc/source/chart/openstack_charts.rst +++ b/doc/source/chart/openstack_charts.rst @@ -29,3 +29,4 @@ OpenStack charts options skyline tacker tempest + watcher diff --git a/releasenotes/config.yaml b/releasenotes/config.yaml index f97dd1f996..9b057ede46 100644 --- a/releasenotes/config.yaml +++ b/releasenotes/config.yaml @@ -77,6 +77,7 @@ sections: - [registry, registry Chart] - [shaker, shaker Chart] - [tempest, tempest Chart] + - [watcher, watcher Chart] - [features, New Features] - [issues, Known Issues] - [upgrade, Upgrade Notes] diff --git a/releasenotes/notes/watcher.yaml b/releasenotes/notes/watcher.yaml new file mode 100644 index 0000000000..73a3016957 --- /dev/null +++ b/releasenotes/notes/watcher.yaml @@ -0,0 +1,4 @@ +--- +watcher: + - 0.1.0 Initial Chart +... diff --git a/tools/deployment/component/watcher/watcher.sh b/tools/deployment/component/watcher/watcher.sh new file mode 100755 index 0000000000..460f3e72d2 --- /dev/null +++ b/tools/deployment/component/watcher/watcher.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +#NOTE: Define variables +: ${OSH_HELM_REPO:="../openstack-helm"} +: ${OSH_VALUES_OVERRIDES_PATH:="../openstack-helm/values_overrides"} +: ${OSH_EXTRA_HELM_ARGS_MANILA:="$(helm osh get-values-overrides ${DOWNLOAD_OVERRIDES:-} -p ${OSH_VALUES_OVERRIDES_PATH} -c watcher ${FEATURES})"} +: ${RUN_HELM_TESTS:="no"} + +#NOTE: Deploy command +helm upgrade --install watcher ${OSH_HELM_REPO}/watcher \ + --namespace=openstack \ + ${OSH_EXTRA_HELM_ARGS} \ + ${OSH_EXTRA_HELM_ARGS_WATCHER} + +#NOTE: Wait for deploy +helm osh wait-for-pods openstack 1800 + +#NOTE: Validate Deployment +export OS_CLOUD=openstack_helm +openstack service list \ No newline at end of file diff --git a/values_overrides/watcher/2024.2-ubuntu_jammy.yaml b/values_overrides/watcher/2024.2-ubuntu_jammy.yaml new file mode 100644 index 0000000000..b7043e96b9 --- /dev/null +++ b/values_overrides/watcher/2024.2-ubuntu_jammy.yaml @@ -0,0 +1,14 @@ +--- +images: + tags: + bootstrap: quay.io/airshipit/heat:2024.2-ubuntu_jammy + db_init: quay.io/airshipit/heat:2024.2-ubuntu_jammy + db_drop: quay.io/airshipit/heat:2024.2-ubuntu_jammy + ks_user: quay.io/airshipit/heat:2024.2-ubuntu_jammy + ks_service: quay.io/airshipit/heat:2024.2-ubuntu_jammy + ks_endpoints: quay.io/airshipit/heat:2024.2-ubuntu_jammy + watcher_api: quay.io/airshipit/watcher:2024.2-ubuntu_jammy + watcher_decision_engine: quay.io/airshipit/watcher:2024.2-ubuntu_jammy + watcher_applier: quay.io/airshipit/watcher:2024.2-ubuntu_jammy + watcher_db_sync: quay.io/airshipit/watcher:2024.2-ubuntu_jammy +... diff --git a/values_overrides/watcher/2025.1-ubuntu_jammy.yaml b/values_overrides/watcher/2025.1-ubuntu_jammy.yaml new file mode 100644 index 0000000000..3247065396 --- /dev/null +++ b/values_overrides/watcher/2025.1-ubuntu_jammy.yaml @@ -0,0 +1,14 @@ +--- +images: + tags: + bootstrap: quay.io/airshipit/heat:2025.1-ubuntu_jammy + db_init: quay.io/airshipit/heat:2025.1-ubuntu_jammy + db_drop: quay.io/airshipit/heat:2025.1-ubuntu_jammy + ks_user: quay.io/airshipit/heat:2025.1-ubuntu_jammy + ks_service: quay.io/airshipit/heat:2025.1-ubuntu_jammy + ks_endpoints: quay.io/airshipit/heat:2025.1-ubuntu_jammy + watcher_api: quay.io/airshipit/watcher:2025.1-ubuntu_jammy + watcher_decision_engine: quay.io/airshipit/watcher:2025.1-ubuntu_jammy + watcher_applier: quay.io/airshipit/watcher:2025.1-ubuntu_jammy + watcher_db_sync: quay.io/airshipit/watcher:2025.1-ubuntu_jammy +... diff --git a/values_overrides/watcher/2025.1-ubuntu_noble.yaml b/values_overrides/watcher/2025.1-ubuntu_noble.yaml new file mode 100644 index 0000000000..5fd31fc245 --- /dev/null +++ b/values_overrides/watcher/2025.1-ubuntu_noble.yaml @@ -0,0 +1,14 @@ +--- +images: + tags: + bootstrap: quay.io/airshipit/heat:2025.1-ubuntu_noble + db_init: quay.io/airshipit/heat:2025.1-ubuntu_noble + db_drop: quay.io/airshipit/heat:2025.1-ubuntu_noble + ks_user: quay.io/airshipit/heat:2025.1-ubuntu_noble + ks_service: quay.io/airshipit/heat:2025.1-ubuntu_noble + ks_endpoints: quay.io/airshipit/heat:2025.1-ubuntu_noble + watcher_api: quay.io/airshipit/watcher:2025.1-ubuntu_noble + watcher_decision_engine: quay.io/airshipit/watcher:2025.1-ubuntu_noble + watcher_applier: quay.io/airshipit/watcher:2025.1-ubuntu_noble + watcher_db_sync: quay.io/airshipit/watcher:2025.1-ubuntu_noble +... diff --git a/watcher/Chart.yaml b/watcher/Chart.yaml new file mode 100644 index 0000000000..2976407987 --- /dev/null +++ b/watcher/Chart.yaml @@ -0,0 +1,31 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: v2 +appVersion: v1.0.0 +description: OpenStack-Helm Watcher +name: watcher +version: 2025.1.0 +home: https://docs.openstack.org/watcher/latest/ +icon: https://www.openstack.org/themes/openstack/images/project-mascots/Watcher/OpenStack_Project_Watcher_vertical.png +sources: + - https://opendev.org/openstack/watcher + - https://opendev.org/openstack/openstack-helm +maintainers: + - name: OpenStack-Helm Authors + +dependencies: + - name: helm-toolkit + repository: file://../helm-toolkit + version: ">= 0.1.0" +... diff --git a/watcher/templates/bin/_bootstrap.sh.tpl b/watcher/templates/bin/_bootstrap.sh.tpl new file mode 100644 index 0000000000..6452d0a073 --- /dev/null +++ b/watcher/templates/bin/_bootstrap.sh.tpl @@ -0,0 +1,18 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +{{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} diff --git a/watcher/templates/bin/_db-sync.sh.tpl b/watcher/templates/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..bc0a4c2223 --- /dev/null +++ b/watcher/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +watcher-db-manage --config-file /etc/watcher/watcher.conf upgrade \ No newline at end of file diff --git a/watcher/templates/bin/_watcher-api.sh.tpl b/watcher/templates/bin/_watcher-api.sh.tpl new file mode 100644 index 0000000000..37b5b71324 --- /dev/null +++ b/watcher/templates/bin/_watcher-api.sh.tpl @@ -0,0 +1,29 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +COMMAND="${@:-start}" + +function start () { + exec watcher-api \ + --config-file /etc/watcher/watcher.conf +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/watcher/templates/bin/_watcher-applier.sh.tpl b/watcher/templates/bin/_watcher-applier.sh.tpl new file mode 100644 index 0000000000..0aa13b76db --- /dev/null +++ b/watcher/templates/bin/_watcher-applier.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +exec watcher-applier \ + --config-file /etc/watcher/watcher.conf diff --git a/watcher/templates/bin/_watcher-decision-engine.sh.tpl b/watcher/templates/bin/_watcher-decision-engine.sh.tpl new file mode 100644 index 0000000000..653fc71e76 --- /dev/null +++ b/watcher/templates/bin/_watcher-decision-engine.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +exec watcher-decision-engine \ + --config-file /etc/watcher/watcher.conf diff --git a/watcher/templates/configmap-bin.yaml b/watcher/templates/configmap-bin.yaml new file mode 100644 index 0000000000..d88890a3db --- /dev/null +++ b/watcher/templates/configmap-bin.yaml @@ -0,0 +1,54 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +{{- $rallyTests := .Values.conf.rally_tests }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: watcher-bin +data: +{{- if .Values.images.local_registry.active }} + image-repo-sync.sh: | +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} +{{- if .Values.bootstrap.enabled }} + bootstrap.sh: | +{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} + rally-test.sh: | +{{ tuple $rallyTests | include "helm-toolkit.scripts.rally_test" | indent 4 }} + db-init.py: | +{{- include "helm-toolkit.scripts.db_init" . | indent 4 }} + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + db-drop.py: | +{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }} + ks-service.sh: | +{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }} + ks-endpoints.sh: | +{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }} + ks-user.sh: | +{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} + watcher-api.sh: | +{{ tuple "bin/_watcher-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + watcher-decision-engine.sh: | +{{ tuple "bin/_watcher-decision-engine.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + watcher-applier.sh: | +{{ tuple "bin/_watcher-applier.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + rabbit-init.sh: | +{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }} +{{- end }} diff --git a/watcher/templates/configmap-etc.yaml b/watcher/templates/configmap-etc.yaml new file mode 100644 index 0000000000..499a3c1051 --- /dev/null +++ b/watcher/templates/configmap-etc.yaml @@ -0,0 +1,90 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_etc }} +{{- $envAll := . }} + +{{- if empty .Values.conf.watcher.keystone_authtoken.auth_uri -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.watcher.keystone_authtoken "auth_uri" -}} +{{- end -}} + +{{- if empty .Values.conf.watcher.keystone_authtoken.auth_url -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.watcher.keystone_authtoken "auth_url" -}} +{{- end -}} + +{{- if empty .Values.conf.watcher.keystone_authtoken.region_name -}} +{{- $_ := set .Values.conf.watcher.keystone_authtoken "region_name" .Values.endpoints.identity.auth.watcher.region_name -}} +{{- end -}} +{{- if empty .Values.conf.watcher.keystone_authtoken.project_name -}} +{{- $_ := set .Values.conf.watcher.keystone_authtoken "project_name" .Values.endpoints.identity.auth.watcher.project_name -}} +{{- end -}} +{{- if empty .Values.conf.watcher.keystone_authtoken.project_domain_name -}} +{{- $_ := set .Values.conf.watcher.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.watcher.project_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.watcher.keystone_authtoken.user_domain_name -}} +{{- $_ := set .Values.conf.watcher.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.watcher.user_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.watcher.keystone_authtoken.username -}} +{{- $_ := set .Values.conf.watcher.keystone_authtoken "username" .Values.endpoints.identity.auth.watcher.username -}} +{{- end -}} +{{- if empty .Values.conf.watcher.keystone_authtoken.password -}} +{{- $_ := set .Values.conf.watcher.keystone_authtoken "password" .Values.endpoints.identity.auth.watcher.password -}} +{{- end -}} + +{{- if empty .Values.conf.watcher.keystone_authtoken.memcached_servers -}} +{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.watcher.keystone_authtoken "memcached_servers" -}} +{{- end -}} +{{- if empty .Values.conf.watcher.keystone_authtoken.memcache_secret_key -}} +{{- $_ := set .Values.conf.watcher.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}} +{{- end -}} + +{{- if empty .Values.conf.watcher.database.connection -}} +{{- $_ := tuple "oslo_db" "internal" "watcher" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.watcher.database "connection" -}} +{{- end -}} + +{{- if empty .Values.conf.watcher.DEFAULT.transport_url -}} +{{- $_ := tuple "oslo_messaging" "internal" "watcher" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.watcher.DEFAULT "transport_url" -}} +{{- end -}} + +{{- if empty .Values.conf.watcher.api.port -}} +{{- $_ := tuple "infra-optim" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.watcher.api "port" -}} +{{- end -}} + +{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}} +{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} +{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .Release.Name $fluentd_host $fluentd_port }} +{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}} +{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}} +{{- end -}} + +{{- if and (empty .Values.conf.logging.formatter_fluent) (has "fluent" .Values.conf.logging.formatters.keys) -}} +{{- $formatter_fluent := dict "class" "oslo_log.formatters.FluentFormatter" -}} +{{- $_ := set .Values.conf.logging "formatter_fluent" $formatter_fluent -}} +{{- end -}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: watcher-etc +type: Opaque +data: + rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }} + watcher.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.watcher | b64enc }} + logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} + policy.json: {{ toJson .Values.conf.policy | b64enc }} +{{- range $key, $value := $envAll.Values.conf.rally_tests.templates }} + {{ printf "test_template_%d" $key }}: {{ $value.template | b64enc }} +{{- end }} +{{- end }} diff --git a/watcher/templates/deployment-api.yaml b/watcher/templates/deployment-api.yaml new file mode 100644 index 0000000000..6caa013578 --- /dev/null +++ b/watcher/templates/deployment-api.yaml @@ -0,0 +1,110 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_api }} +{{- $envAll := . }} + +{{- $mounts_watcher_api := .Values.pod.mounts.watcher_api.watcher_api }} +{{- $mounts_watcher_api_init := .Values.pod.mounts.watcher_api.init_container }} + +{{- $serviceAccountName := "watcher-api" }} +{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: watcher-api + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "watcher" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.api }} + selector: + matchLabels: +{{ tuple $envAll "watcher" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "watcher" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "watcher" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }} + initContainers: +{{ tuple $envAll "api" $mounts_watcher_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: watcher-api +{{ tuple $envAll "watcher_api" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + runAsUser: {{ .Values.pod.user.watcher.uid }} + command: + - /tmp/watcher-api.sh + - start + lifecycle: + preStop: + exec: + command: + - /tmp/watcher-api.sh + - stop + ports: + - name: w-api + containerPort: {{ tuple "infra-optim" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + readinessProbe: + httpGet: + scheme: {{ tuple "infra-optim" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }} + path: / + port: {{ tuple "infra-optim" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + volumeMounts: + - name: pod-etc-watcher + mountPath: /etc/watcher + - name: watcher-bin + mountPath: /tmp/watcher-api.sh + subPath: watcher-api.sh + readOnly: true + - name: watcher-etc + mountPath: /etc/watcher/watcher.conf + subPath: watcher.conf + readOnly: true + - name: watcher-etc + mountPath: {{ .Values.conf.watcher.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.watcher.DEFAULT.log_config_append }} + readOnly: true + - name: watcher-etc + mountPath: /etc/watcher/policy.json + subPath: policy.json + readOnly: true +{{ if $mounts_watcher_api.volumeMounts }}{{ toYaml $mounts_watcher_api.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-etc-watcher + emptyDir: {} + - name: watcher-bin + configMap: + name: watcher-bin + defaultMode: 0555 + - name: watcher-etc + secret: + secretName: watcher-etc + defaultMode: 0444 +{{ if $mounts_watcher_api.volumes }}{{ toYaml $mounts_watcher_api.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/watcher/templates/deployment-applier.yaml b/watcher/templates/deployment-applier.yaml new file mode 100644 index 0000000000..4c44ad5edf --- /dev/null +++ b/watcher/templates/deployment-applier.yaml @@ -0,0 +1,90 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_applier }} +{{- $envAll := . }} + +{{- $mounts_watcher_applier := .Values.pod.mounts.watcher_applier.watcher_applier }} +{{- $mounts_watcher_applier_init := .Values.pod.mounts.watcher_applier.init_container }} + +{{- $serviceAccountName := "watcher-applier" }} +{{ tuple $envAll "applier" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: watcher-applier + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "watcher" "applier" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.applier }} + selector: + matchLabels: +{{ tuple $envAll "watcher" "applier" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "watcher" "applier" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "watcher" "applier" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.applier.node_selector_key }}: {{ .Values.labels.applier.node_selector_value }} + initContainers: +{{ tuple $envAll "applier" $mounts_watcher_applier_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: watcher-applier +{{ tuple $envAll "watcher_applier" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.applier | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + runAsUser: {{ .Values.pod.user.watcher.uid }} + command: + - /tmp/watcher-applier.sh + volumeMounts: + - name: pod-etc-watcher + mountPath: /etc/watcher + - name: watcher-bin + mountPath: /tmp/watcher-applier.sh + subPath: watcher-applier.sh + readOnly: true + - name: watcher-etc + mountPath: /etc/watcher/watcher.conf + subPath: watcher.conf + readOnly: true + - name: watcher-etc + mountPath: {{ .Values.conf.watcher.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.watcher.DEFAULT.log_config_append }} + readOnly: true +{{ if $mounts_watcher_applier.volumeMounts }}{{ toYaml $mounts_watcher_applier.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-etc-watcher + emptyDir: {} + - name: watcher-bin + configMap: + name: watcher-bin + defaultMode: 0555 + - name: watcher-etc + secret: + secretName: watcher-etc + defaultMode: 0444 +{{ if $mounts_watcher_applier.volumes }}{{ toYaml $mounts_watcher_applier.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/watcher/templates/ingress-api.yaml b/watcher/templates/ingress-api.yaml new file mode 100644 index 0000000000..b6774b754a --- /dev/null +++ b/watcher/templates/ingress-api.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendServiceType" "infra-optim" "backendPort" "w-api" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} diff --git a/watcher/templates/job-bootstrap.yaml b/watcher/templates/job-bootstrap.yaml new file mode 100644 index 0000000000..b88f2f942f --- /dev/null +++ b/watcher/templates/job-bootstrap.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }} +{{- $bootstrapJob := dict "envAll" . "serviceName" "watcher" "keystoneUser" .Values.bootstrap.ks_user "logConfigFile" .Values.conf.watcher.DEFAULT.log_config_append -}} +{{ $bootstrapJob | include "helm-toolkit.manifests.job_bootstrap" }} +{{- end }} diff --git a/watcher/templates/job-db-drop.yaml b/watcher/templates/job-db-drop.yaml new file mode 100644 index 0000000000..a9aacb2e1a --- /dev/null +++ b/watcher/templates/job-db-drop.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_drop }} +{{- $dbDropJob := dict "envAll" . "serviceName" "watcher" -}} +{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} +{{- end }} diff --git a/watcher/templates/job-db-init.yaml b/watcher/templates/job-db-init.yaml new file mode 100644 index 0000000000..81d56c01bb --- /dev/null +++ b/watcher/templates/job-db-init.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_init }} +{{- $dbInitJob := dict "envAll" . "serviceName" "watcher" -}} +{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} +{{- end }} diff --git a/watcher/templates/job-db-sync.yaml b/watcher/templates/job-db-sync.yaml new file mode 100644 index 0000000000..76b9ef3467 --- /dev/null +++ b/watcher/templates/job-db-sync.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_sync }} +{{- $dbSyncJob := dict "envAll" . "serviceName" "watcher" -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} +{{- end }} diff --git a/watcher/templates/job-image-repo-sync.yaml b/watcher/templates/job-image-repo-sync.yaml new file mode 100644 index 0000000000..9f1bffd6de --- /dev/null +++ b/watcher/templates/job-image-repo-sync.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} +{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "watcher" -}} +{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} +{{- end }} diff --git a/watcher/templates/job-ks-endpoints.yaml b/watcher/templates/job-ks-endpoints.yaml new file mode 100644 index 0000000000..5d7ec53374 --- /dev/null +++ b/watcher/templates/job-ks-endpoints.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_endpoints }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "watcher" "serviceTypes" ( tuple "infra-optim" ) -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} +{{- end }} diff --git a/watcher/templates/job-ks-service.yaml b/watcher/templates/job-ks-service.yaml new file mode 100644 index 0000000000..236a0a92f5 --- /dev/null +++ b/watcher/templates/job-ks-service.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_service }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "watcher" "serviceTypes" ( tuple "infra-optim" ) -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} +{{- end }} diff --git a/watcher/templates/job-ks-user.yaml b/watcher/templates/job-ks-user.yaml new file mode 100644 index 0000000000..8096301596 --- /dev/null +++ b/watcher/templates/job-ks-user.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_user }} +{{- $ksUserJob := dict "envAll" . "serviceName" "watcher" -}} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} +{{- end }} diff --git a/watcher/templates/job-rabbit-init.yaml b/watcher/templates/job-rabbit-init.yaml new file mode 100644 index 0000000000..7c9037d87c --- /dev/null +++ b/watcher/templates/job-rabbit-init.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_rabbit_init }} +{{- $rmqUserJob := dict "envAll" . "serviceName" "watcher" -}} +{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }} +{{- end }} diff --git a/watcher/templates/network_policy.yaml b/watcher/templates/network_policy.yaml new file mode 100644 index 0000000000..3e39170bdc --- /dev/null +++ b/watcher/templates/network_policy.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.network_policy -}} +{{- $netpol_opts := dict "envAll" . "name" "application" "label" "watcher" -}} +{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }} +{{- end -}} diff --git a/watcher/templates/pdb-api.yaml b/watcher/templates/pdb-api.yaml new file mode 100644 index 0000000000..61bae11793 --- /dev/null +++ b/watcher/templates/pdb-api.yaml @@ -0,0 +1,27 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.pdb_api }} +{{- $envAll := . }} +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: watcher-api +spec: + minAvailable: {{ .Values.pod.lifecycle.disruption_budget.api.min_available }} + selector: + matchLabels: +{{ tuple $envAll "watcher" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{- end }} diff --git a/watcher/templates/pod-rally-test.yaml b/watcher/templates/pod-rally-test.yaml new file mode 100644 index 0000000000..980ba682eb --- /dev/null +++ b/watcher/templates/pod-rally-test.yaml @@ -0,0 +1,106 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.pod_rally_test }} +{{- $envAll := . }} + +{{- $mounts_tests := .Values.pod.mounts.watcher_tests.watcher_tests }} +{{- $mounts_tests_init := .Values.pod.mounts.watcher_tests.init_container }} + +{{- $serviceAccountName := print $envAll.Release.Name "-test" }} +{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: v1 +kind: Pod +metadata: + name: {{ print $envAll.Release.Name "-test" }} + labels: +{{ tuple $envAll "watcher" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + annotations: + "helm.sh/hook": test-success + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +spec: + nodeSelector: + {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} + restartPolicy: Never + serviceAccountName: {{ $serviceAccountName }} + initContainers: +{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }} + - name: {{ .Release.Name }}-test-ks-user +{{ tuple $envAll "ks_user" | include "helm-toolkit.snippets.image" | indent 6 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} + command: + - /tmp/ks-user.sh + volumeMounts: + - name: watcher-bin + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }} +{{- end }} + - name: SERVICE_OS_SERVICE_NAME + value: "test" +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }} +{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }} +{{- end }} + - name: SERVICE_OS_ROLE + value: {{ .Values.endpoints.identity.auth.test.role | quote }} + containers: + - name: {{ .Release.Name }}-test +{{ tuple $envAll "test" | include "helm-toolkit.snippets.image" | indent 6 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} + env: +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }} +{{- end }} +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }} +{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }} +{{- end }} + - name: RALLY_ENV_NAME + value: {{.Release.Name}} + command: + - /tmp/rally-test.sh + volumeMounts: + - name: watcher-etc + mountPath: /etc/rally/rally_tests.yaml + subPath: rally_tests.yaml + readOnly: true + - name: watcher-bin + mountPath: /tmp/rally-test.sh + subPath: rally-test.sh + readOnly: true + - name: rally-db + mountPath: /var/lib/rally + {{- range $key, $value := $envAll.Values.conf.rally_tests.templates }} + - name: watcher-etc + mountPath: {{ $value.name }} + subPath: {{ printf "test_template_%d" $key }} + readOnly: true + {{- end }} +{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} + volumes: + - name: watcher-etc + secret: + secretName: watcher-etc + defaultMode: 0444 + - name: watcher-bin + configMap: + name: watcher-bin + defaultMode: 0555 + - name: rally-db + emptyDir: {} +{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }} +{{- end }} \ No newline at end of file diff --git a/watcher/templates/secret-db.yaml b/watcher/templates/secret-db.yaml new file mode 100644 index 0000000000..daec96f242 --- /dev/null +++ b/watcher/templates/secret-db.yaml @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_db }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "watcher" }} +{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} +{{- end }} +{{- end }} diff --git a/watcher/templates/secret-keystone.yaml b/watcher/templates/secret-keystone.yaml new file mode 100644 index 0000000000..f92b354996 --- /dev/null +++ b/watcher/templates/secret-keystone.yaml @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_keystone }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "watcher" "test" }} +{{- $secretName := index $envAll.Values.secrets.identity $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: +{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}} +{{- end }} +{{- end }} diff --git a/watcher/templates/secret-rabbitmq.yaml b/watcher/templates/secret-rabbitmq.yaml new file mode 100644 index 0000000000..556e72c017 --- /dev/null +++ b/watcher/templates/secret-rabbitmq.yaml @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_rabbitmq }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "watcher" }} +{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }} +{{- end }} +{{- end }} diff --git a/watcher/templates/secret-registry.yaml b/watcher/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/watcher/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/watcher/templates/service-api.yaml b/watcher/templates/service-api.yaml new file mode 100644 index 0000000000..ef52cbe0c0 --- /dev/null +++ b/watcher/templates/service-api.yaml @@ -0,0 +1,34 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_api }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "infra-optim" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: w-api + port: {{ tuple "infra-optim" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{ if .Values.network.api.node_port.enabled }} + nodePort: {{ .Values.network.api.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "watcher" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.api.node_port.enabled }} + type: NodePort + {{ end }} +{{- end }} diff --git a/watcher/templates/service-ingress-api.yaml b/watcher/templates/service-ingress-api.yaml new file mode 100644 index 0000000000..acf067141b --- /dev/null +++ b/watcher/templates/service-ingress-api.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "infra-optim" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} +{{- end }} diff --git a/watcher/templates/statefulset-decision-engine.yaml b/watcher/templates/statefulset-decision-engine.yaml new file mode 100644 index 0000000000..de4ddbb069 --- /dev/null +++ b/watcher/templates/statefulset-decision-engine.yaml @@ -0,0 +1,88 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.statefulset_decision_engine }} +{{- $envAll := . }} + +{{- $mounts_watcher_decision_engine := .Values.pod.mounts.watcher_decision_engine.watcher_decision_engine }} +{{- $mounts_watcher_decision_engine_init := .Values.pod.mounts.watcher_decision_engine.init_container }} + +{{- $serviceAccountName := "watcher-decision-engine" }} +{{ tuple $envAll "decision_engine" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: watcher-decision-engine + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "watcher" "decision-engine" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + serviceName: watcher-decision-engine + replicas: {{ .Values.pod.replicas.engine }} + selector: + matchLabels: +{{ tuple $envAll "watcher" "decision-engine" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} + template: + metadata: + labels: +{{ tuple $envAll "watcher" "decision-engine" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "watcher" "decision-engine" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.decision_engine.node_selector_key }}: {{ .Values.labels.decision_engine.node_selector_value }} + initContainers: +{{ tuple $envAll "decision-engine" $mounts_watcher_decision_engine_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: watcher-decision-engine +{{ tuple $envAll "watcher_decision_engine" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.decision_engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + runAsUser: {{ .Values.pod.user.watcher.uid }} + command: + - /tmp/watcher-decision-engine.sh + volumeMounts: + - name: pod-etc-watcher + mountPath: /etc/watcher + - name: watcher-bin + mountPath: /tmp/watcher-decision-engine.sh + subPath: watcher-decision-engine.sh + readOnly: true + - name: watcher-etc + mountPath: /etc/watcher/watcher.conf + subPath: watcher.conf + readOnly: true + - name: watcher-etc + mountPath: {{ .Values.conf.watcher.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.watcher.DEFAULT.log_config_append }} + readOnly: true +{{ if $mounts_watcher_decision_engine.volumeMounts }}{{ toYaml $mounts_watcher_decision_engine.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-etc-watcher + emptyDir: {} + - name: watcher-bin + configMap: + name: watcher-bin + defaultMode: 0555 + - name: watcher-etc + secret: + secretName: watcher-etc + defaultMode: 0444 +{{ if $mounts_watcher_decision_engine.volumes }}{{ toYaml $mounts_watcher_decision_engine.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/watcher/values.yaml b/watcher/values.yaml new file mode 100644 index 0000000000..8341fd3e1b --- /dev/null +++ b/watcher/values.yaml @@ -0,0 +1,609 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for watcher +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +--- +labels: + api: + node_selector_key: openstack-control-plane + node_selector_value: enabled + decision_engine: + node_selector_key: openstack-control-plane + node_selector_value: enabled + applier: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + test: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +release_group: null + +images: + tags: + test: docker.io/xrally/xrally-openstack:2.0.0 + bootstrap: quay.io/airshipit/heat:2024.1-ubuntu_jammy + dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal + db_init: quay.io/airshipit/heat:2024.1-ubuntu_jammy + watcher_db_sync: quay.io/airshipit/watcher:2024.1-ubuntu_jammy + db_drop: quay.io/airshipit/heat:2024.1-ubuntu_jammy + rabbit_init: docker.io/rabbitmq:3.13-management + ks_user: quay.io/airshipit/heat:2024.1-ubuntu_jammy + ks_service: quay.io/airshipit/heat:2024.1-ubuntu_jammy + ks_endpoints: quay.io/airshipit/heat:2024.1-ubuntu_jammy + watcher_api: quay.io/airshipit/watcher:2024.1-ubuntu_jammy + watcher_decision_engine: quay.io/airshipit/watcher:2024.1-ubuntu_jammy + watcher_applier: quay.io/airshipit/watcher:2024.1-ubuntu_jammy + image_repo_sync: docker.io/docker:17.07.0 + pull_policy: "IfNotPresent" + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +network: + api: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + node_port: + enabled: false + port: 31233 + +bootstrap: + enabled: false + ks_user: watcher + script: | + openstack token issue + +dependencies: + dynamic: + common: + local_image_registry: + jobs: + - watcher-image-repo-sync + services: + - endpoint: node + service: local_image_registry + static: + api: + jobs: + - watcher-db-sync + - watcher-ks-user + - watcher-ks-endpoints + - watcher-rabbit-init + services: + - endpoint: internal + service: oslo_db + - endpoint: internal + service: identity + db_drop: + services: + - endpoint: internal + service: oslo_db + db_init: + services: + - endpoint: internal + service: oslo_db + db_sync: + jobs: + - watcher-db-init + services: + - endpoint: internal + service: oslo_db + decision_engine: + jobs: + - watcher-db-sync + - watcher-ks-user + - watcher-ks-endpoints + - watcher-rabbit-init + services: + - endpoint: internal + service: oslo_db + - endpoint: internal + service: identity + applier: + jobs: + - watcher-db-sync + - watcher-ks-user + - watcher-ks-endpoints + - watcher-rabbit-init + services: + - endpoint: internal + service: oslo_db + - endpoint: internal + service: identity + ks_endpoints: + jobs: + - watcher-ks-service + services: + - endpoint: internal + service: identity + ks_service: + services: + - endpoint: internal + service: identity + ks_user: + services: + - endpoint: internal + service: identity + rabbit_init: + services: + - service: oslo_messaging + endpoint: internal + tests: + services: + - endpoint: internal + service: identity + - endpoint: internal + service: infra-optim + image_repo_sync: + services: + - endpoint: internal + service: local_image_registry + +# Names of secrets used by bootstrap and environmental checks +secrets: + identity: + admin: watcher-keystone-admin + watcher: watcher-keystone-user + test: watcher-keystone-test + oslo_db: + admin: watcher-db-admin + watcher: watcher-db-user + oslo_messaging: + admin: watcher-rabbitmq-admin + watcher: watcher-rabbitmq-user + oci_image_registry: + watcher: watcher-oci-image-registry + +# typically overridden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + watcher: + username: watcher + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null + identity: + name: keystone + auth: + admin: + region_name: RegionOne + username: admin + password: password + project_name: admin + user_domain_name: default + project_domain_name: default + watcher: + role: admin + region_name: RegionOne + username: watcher + password: password + project_name: service + user_domain_name: service + project_domain_name: service + test: + role: admin + region_name: RegionOne + username: test + password: password + project_name: test + user_domain_name: service + project_domain_name: service + hosts: + default: keystone + internal: keystone-api + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: http + port: + api: + default: 80 + internal: 5000 + infra_optim: + name: watcher + hosts: + default: watcher-api + public: watcher + host_fqdn_override: + default: null + path: + default: / + scheme: + default: 'http' + port: + api: + default: 9322 + public: 80 + oslo_db: + auth: + admin: + username: root + password: password + watcher: + username: watcher + password: password + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /watcher + scheme: mysql+pymysql + port: + mysql: + default: 3306 + oslo_messaging: + auth: + admin: + username: rabbitmq + password: password + watcher: + username: watcher + password: password + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: /watcher + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + fluentd: + namespace: null + name: fluentd + hosts: + default: fluentd-logging + host_fqdn_override: + default: null + path: + default: null + scheme: 'http' + port: + service: + default: 24224 + metrics: + default: 24220 + +conf: + rally_tests: + run_tempest: false + tests: {} + templates: [] + policy: {} + watcher: + DEFAULT: + log_config_append: /etc/watcher/logging.conf + transport_url: null + api: + host: '0.0.0.0' + database: + max_retries: -1 + keystone_authtoken: + auth_type: password + auth_version: v3 + memcache_security_strategy: ENCRYPT + watcher_clients_auth: + cafile: null + certfile: null + keyfile: null + insecure: false + logging: + loggers: + keys: + - root + - watcher + handlers: + keys: + - stdout + - stderr + - "null" + formatters: + keys: + - context + - default + logger_root: + level: WARNING + handlers: 'null' + logger_watcher: + level: INFO + handlers: + - stdout + qualname: watcher + logger_amqp: + level: WARNING + handlers: stderr + qualname: amqp + logger_amqplib: + level: WARNING + handlers: stderr + qualname: amqplib + logger_eventletwsgi: + level: WARNING + handlers: stderr + qualname: eventlet.wsgi.server + logger_sqlalchemy: + level: WARNING + handlers: stderr + qualname: sqlalchemy + logger_boto: + level: WARNING + handlers: stderr + qualname: boto + handler_null: + class: logging.NullHandler + formatter: default + args: () + handler_stdout: + class: StreamHandler + args: (sys.stdout,) + formatter: context + handler_stderr: + class: StreamHandler + args: (sys.stderr,) + formatter: context + formatter_context: + class: oslo_log.formatters.ContextFormatter + datefmt: "%Y-%m-%d %H:%M:%S" + formatter_default: + format: "%(message)s" + datefmt: "%Y-%m-%d %H:%M:%S" + +pod: + user: + watcher: + uid: 1000 + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + mounts: + watcher_api: + init_container: null + watcher_api: + volumeMounts: + volumes: + watcher_decision_engine: + init_container: null + watcher_decision_engine: + volumeMounts: + volumes: + watcher_applier: + init_container: null + watcher_applier: + volumeMounts: + volumes: + watcher_tests: + init_container: null + watcher_tests: + volumeMounts: + volumes: + replicas: + api: 1 + decision_engine: 1 + applier: 1 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + disruption_budget: + api: + min_available: 0 + termination_grace_period: + api: + timeout: 30 + resources: + enabled: false + api: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + decision_engine: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + applier: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + jobs: + bootstrap: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_drop: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_endpoints: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_service: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_user: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + rabbit_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + tests: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +network_policy: + watcher: + ingress: + - from: + - podSelector: + matchLabels: + application: watcher + - podSelector: + matchLabels: + application: horizon + - podSelector: + matchLabels: + application: ingress + - podSelector: + matchLabels: + application: heat + ports: + - protocol: TCP + port: 80 + - protocol: TCP + port: 9322 + +manifests: + configmap_bin: true + configmap_etc: true + deployment_api: true + deployment_applier: true + ingress_api: true + job_bootstrap: true + job_db_init: true + job_db_sync: true + job_db_drop: false + job_image_repo_sync: true + job_ks_endpoints: true + job_ks_service: true + job_ks_user: true + job_rabbit_init: true + pdb_api: true + pod_rally_test: true + network_policy: false + secret_db: true + secret_keystone: true + secret_rabbitmq: true + secret_registry: true + service_ingress_api: true + service_api: true + statefulset_decision_engine: true +...