diff --git a/glance/templates/configmap-bin.yaml b/glance/templates/configmap-bin.yaml index 8e2f2840cb..1cd58c1c02 100644 --- a/glance/templates/configmap-bin.yaml +++ b/glance/templates/configmap-bin.yaml @@ -19,5 +19,9 @@ metadata: data: init.sh: |+ {{ tuple "bin/_init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} - post.sh: |+ -{{ tuple "bin/_post.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} + ks-service.sh: |+ +{{- include "helm-toolkit.keystone_service" . | indent 4 }} + ks-endpoints.sh: |+ +{{- include "helm-toolkit.keystone_endpoints" . | indent 4 }} + ks-user.sh: |+ +{{- include "helm-toolkit.keystone_user" . | indent 4 }} diff --git a/glance/templates/job-db-init.yaml b/glance/templates/job-db-init.yaml index 7b2abe7310..2e5029b372 100644 --- a/glance/templates/job-db-init.yaml +++ b/glance/templates/job-db-init.yaml @@ -13,7 +13,7 @@ # limitations under the License. {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.init }} +{{- $dependencies := .Values.dependencies.db_init }} apiVersion: batch/v1 kind: Job metadata: diff --git a/glance/templates/job-ks-endpoints.yaml b/glance/templates/job-ks-endpoints.yaml new file mode 100644 index 0000000000..f2b4b67167 --- /dev/null +++ b/glance/templates/job-ks-endpoints.yaml @@ -0,0 +1,73 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $envAll := . }} +{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "glance-env-keystone-admin" }} +{{- $dependencies := .Values.dependencies.ks_endpoints }} +apiVersion: batch/v1 +kind: Job +metadata: + name: glance-ks-endpoints +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependencies | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }} + ]' + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: +{{- range $key1, $osServiceType := tuple "image" }} +{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} + - name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }} + image: {{ $envAll.Values.images.ks_endpoints }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} + {{- if $envAll.Values.resources.enabled }} + resources: + requests: + memory: {{ $envAll.Values.resources.glance_ks_endpoints.requests.memory | quote }} + cpu: {{ $envAll.Values.resources.glance_ks_endpoints.requests.cpu | quote }} + limits: + memory: {{ $envAll.Values.resources.glance_ks_endpoints.limits.memory | quote }} + cpu: {{ $envAll.Values.resources.glance_ks_endpoints.limits.cpu | quote }} + {{- end }} + command: + - bash + - /tmp/ks-endpoints.sh + volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "helm-toolkit.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: OS_SVC_ENDPOINT + value: {{ $osServiceEndPoint }} + - name: OS_SERVICE_NAME + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.keystone_endpoint_name_lookup" }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType }} + - name: OS_SERVICE_ENDPOINT + value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.keystone_endpoint_uri_lookup" }} +{{- end }} +{{- end }} + volumes: + - name: ks-endpoints-sh + configMap: + name: glance-bin diff --git a/glance/templates/job-ks-service.yaml b/glance/templates/job-ks-service.yaml new file mode 100644 index 0000000000..e49b028060 --- /dev/null +++ b/glance/templates/job-ks-service.yaml @@ -0,0 +1,67 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $envAll := . }} +{{- $ksAdminSecret := .Values.keystone.admin_secret | default "glance-env-keystone-admin" }} +{{- $dependencies := .Values.dependencies.ks_service }} +apiVersion: batch/v1 +kind: Job +metadata: + name: glance-ks-service +spec: + template: + metadata: + annotations: + pod.beta.kubernetes.io/init-containers: '[ +{{ tuple $envAll $dependencies | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }} + ]' + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: +{{- range $key1, $osServiceType := tuple "image" }} + - name: {{ $osServiceType }}-ks-service-registration + image: {{ $envAll.Values.images.ks_service }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} + {{- if $envAll.Values.resources.enabled }} + resources: + requests: + memory: {{ $envAll.Values.resources.glance_ks_service.requests.memory | quote }} + cpu: {{ $envAll.Values.resources.glance_ks_service.requests.cpu | quote }} + limits: + memory: {{ $envAll.Values.resources.glance_ks_service.limits.memory | quote }} + cpu: {{ $envAll.Values.resources.glance_ks_service.limits.cpu | quote }} + {{- end }} + command: + - bash + - /tmp/ks-service.sh + volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "helm-toolkit.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: OS_SERVICE_NAME + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.keystone_endpoint_name_lookup" }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType }} +{{- end }} + volumes: + - name: ks-service-sh + configMap: + name: glance-bin diff --git a/glance/templates/job-post.yaml b/glance/templates/job-ks-user.yaml similarity index 51% rename from glance/templates/job-post.yaml rename to glance/templates/job-ks-user.yaml index 54680a90fe..828f89302d 100644 --- a/glance/templates/job-post.yaml +++ b/glance/templates/job-ks-user.yaml @@ -12,12 +12,14 @@ # See the License for the specific language governing permissions and # limitations under the License. +{{- $ksAdminSecret := .Values.keystone.admin_secret | default "glance-env-keystone-admin" }} +{{- $ksUserSecret := .Values.keystone.user_secret | default "glance-env-keystone-user" }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.post }} +{{- $dependencies := .Values.dependencies.ks_user }} apiVersion: batch/v1 kind: Job metadata: - name: glance-post + name: glance-ks-user spec: template: metadata: @@ -26,33 +28,42 @@ spec: {{ tuple $envAll $dependencies | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }} ]' spec: + restartPolicy: OnFailure nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - restartPolicy: OnFailure containers: - - name: glance-post - image: {{ .Values.images.post }} + - name: glance-ks-user + image: {{ .Values.images.ks_user }} imagePullPolicy: {{ .Values.images.pull_policy }} {{- if .Values.resources.enabled }} resources: - limits: - cpu: {{ .Values.resources.jobs.post.limits.cpu | quote }} - memory: {{ .Values.resources.jobs.post.limits.memory | quote }} requests: - cpu: {{ .Values.resources.jobs.post.requests.cpu | quote }} - memory: {{ .Values.resources.jobs.post.requests.memory | quote }} + memory: {{ .Values.resources.glance_ks_user.requests.memory | quote }} + cpu: {{ .Values.resources.glance_ks_user.requests.cpu | quote }} + limits: + memory: {{ .Values.resources.glance_ks_user.limits.memory | quote }} + cpu: {{ .Values.resources.glance_ks_user.limits.cpu | quote }} {{- end }} command: - bash - - /tmp/post.sh + - /tmp/ks-user.sh volumeMounts: - - name: postsh - mountPath: /tmp/post.sh - subPath: post.sh + - name: ks-user-sh + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + readOnly: true env: - - name: ANSIBLE_LIBRARY - value: /usr/share/ansible/ +{{- with $env := dict "ksUserSecret" $ksAdminSecret }} +{{- include "helm-toolkit.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_SERVICE_NAME + value: "glance" +{{- with $env := dict "ksUserSecret" $ksUserSecret }} +{{- include "helm-toolkit.keystone_user_create_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_ROLE + value: {{ .Values.keystone.glance_user_role | quote }} volumes: - - name: postsh + - name: ks-user-sh configMap: name: glance-bin diff --git a/glance/templates/secret-keystone-admin.env.yaml b/glance/templates/secret-keystone-admin.env.yaml new file mode 100644 index 0000000000..3f563c6b41 --- /dev/null +++ b/glance/templates/secret-keystone-admin.env.yaml @@ -0,0 +1,34 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: glance-env-keystone-admin +type: Opaque +data: + OS_AUTH_URL: | +{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.keystone_endpoint_uri_lookup" | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.admin_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.admin_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.admin_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.admin_password | b64enc | indent 4 }} diff --git a/glance/templates/secret-keystone-user.env.yaml b/glance/templates/secret-keystone-user.env.yaml new file mode 100644 index 0000000000..c446688ad6 --- /dev/null +++ b/glance/templates/secret-keystone-user.env.yaml @@ -0,0 +1,34 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: glance-env-keystone-user +type: Opaque +data: + OS_AUTH_URL: | +{{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" | b64enc | indent 4 }} + OS_REGION_NAME: | +{{ .Values.keystone.glance_region_name | b64enc | indent 4 }} + OS_PROJECT_DOMAIN_NAME: | +{{ .Values.keystone.glance_project_domain | b64enc | indent 4 }} + OS_PROJECT_NAME: | +{{ .Values.keystone.glance_project_name | b64enc | indent 4 }} + OS_USER_DOMAIN_NAME: | +{{ .Values.keystone.glance_user_domain | b64enc | indent 4 }} + OS_USERNAME: | +{{ .Values.keystone.glance_user | b64enc | indent 4 }} + OS_PASSWORD: | +{{ .Values.keystone.glance_password | b64enc | indent 4 }} diff --git a/glance/values.yaml b/glance/values.yaml index 4d09b50c4d..19a36f9430 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -32,9 +32,11 @@ labels: images: db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton db_sync: quay.io/stackanetes/stackanetes-glance-api:newton + ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton api: quay.io/stackanetes/stackanetes-glance-api:newton registry: quay.io/stackanetes/stackanetes-glance-registry:newton - post: quay.io/stackanetes/stackanetes-kolla-toolbox:newton dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 pull_policy: "IfNotPresent" @@ -129,48 +131,44 @@ resources: cpu: "500m" dependencies: - api: + db_init: + jobs: + - mariadb-seed + service: + - mariadb + db_sync: jobs: - glance-db-init + service: + - mariadb + ks_user: + service: + - keystone-api + ks_service: + service: + - keystone-api + ks_endpoints: + jobs: + - glance-ks-service + service: + - keystone-api + api: + jobs: - glance-db-sync - - keystone-db-sync + - glance-ks-user + - glance-ks-endpoints service: - keystone-api - mariadb registry: jobs: - - glance-db-init - glance-db-sync - - keystone-db-sync + - glance-ks-user + - glance-ks-endpoints service: - keystone-api - mariadb - glance-api - db_sync: - jobs: - - keystone-db-init - - keystone-db-sync - - glance-db-init - - mariadb-seed - service: - - mariadb - init: - jobs: - - mariadb-seed - service: - - mariadb - post: - jobs: - - glance-db-init - - glance-db-sync - - keystone-db-sync - - keystone-db-init - - mariadb-seed - service: - - mariadb - - keystone-api - - glance-api - - glance-registry # typically overriden by environmental # values, but should include all endpoints