openstack/openstack-helm
Code Issues Proposed changes

Magnum: restore basic API functionality to chart

Browse Source 
This PS restores basic API functionality to the Magnum chart.

Change-Id: If75c63308ad416758930b35eea71e9eed98441f2
This commit is contained in:
Pete Birley 2018-05-03 18:59:52 -05:00
parent 73f89ba970
commit da17862126
7 changed files with 126 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
magnum/templates/configmap-bin.yaml
View File

@ -38,6 +38,8 @@ data:
{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
ks-user.sh: |
{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
ks-domain-user.sh: |
{{- include "helm-toolkit.scripts.keystone_domain_user" . | indent 4 }}
magnum-api.sh: |
{{ tuple "bin/_magnum-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
magnum-conductor.sh: |

10
magnum/templates/configmap-etc.yaml
View File

@ -63,6 +63,16 @@ limitations under the License.
{{- tuple "container-infra" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.magnum.api "port" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.trust.trustee_domain_name -}}
{{- set .Values.conf.magnum.trust "trustee_domain_name" .Values.endpoints.identity.auth.magnum_stack_user.domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.trust.trustee_domain_admin_name -}}
{{- set .Values.conf.magnum.trust "trustee_domain_admin_name" .Values.endpoints.identity.auth.magnum_stack_user.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.trust.trustee_domain_admin_password -}}
{{- set .Values.conf.magnum.trust "trustee_domain_admin_password" .Values.endpoints.identity.auth.magnum_stack_user.password | quote | trunc 0 -}}
{{- end -}}
---
apiVersion: v1
kind: ConfigMap

6
magnum/templates/deployment-api.yaml
View File

@ -67,8 +67,12 @@ spec:
- name: m-api
containerPort: {{ tuple "container-infra" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
readinessProbe:
tcpSocket:
httpGet:
scheme: HTTP
path: /
port: {{ tuple "container-infra" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
initialDelaySeconds: 15
periodSeconds: 10
volumeMounts:
- name: magnum-bin
mountPath: /tmp/magnum-api.sh

84
magnum/templates/job-ks-user-domain.yaml Normal file
View File

@ -0,0 +1,84 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_ks_user_domain }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.static.ks_user }}
{{- $serviceAccountName := "magnum-ks-user-domain" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: magnum-domain-ks-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "magnum" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: magnum-ks-domain-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
command:
- /tmp/ks-domain-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-domain-user.sh
subPath: ks-domain-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "magnum"
- name: SERVICE_OS_REGION_NAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.identity.magnum_stack_user }}
key: OS_REGION_NAME
- name: SERVICE_OS_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.identity.magnum_stack_user }}
key: OS_DOMAIN_NAME
- name: SERVICE_OS_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.identity.magnum_stack_user }}
key: OS_USERNAME
- name: SERVICE_OS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.identity.magnum_stack_user }}
key: OS_PASSWORD
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.magnum_stack_user.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: magnum-bin
defaultMode: 0555
{{- end }}

1
magnum/templates/job-rabbit-init.yaml
View File

@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "magnum" -}}
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}

12
magnum/templates/secret-keystone.yaml
View File

@ -27,4 +27,16 @@ type: Opaque
data:
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $envAll.Values.secrets.identity.magnum_stack_user }}
type: Opaque
data:
OS_AUTH_URL: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: {{ .Values.endpoints.identity.auth.magnum_stack_user.region_name | b64enc | indent 4 }}
OS_DOMAIN_NAME: {{ .Values.endpoints.identity.auth.magnum_stack_user.domain_name | b64enc | indent 4 }}
OS_USERNAME: {{ .Values.endpoints.identity.auth.magnum_stack_user.username | b64enc | indent 4 }}
OS_PASSWORD: {{ .Values.endpoints.identity.auth.magnum_stack_user.password | b64enc | indent 4 }}
{{- end }}

12
magnum/values.yaml
View File

@ -111,6 +111,8 @@ conf:
transport_url: null
database:
max_retries: -1
trust:
trustee_domain_name: null
keystone_authtoken:
auth_type: password
auth_version: v3
@ -147,6 +149,7 @@ dependencies:
jobs:
- magnum-db-sync
- magnum-ks-user
- magnum-domain-ks-user
- magnum-ks-endpoints
- magnum-rabbit-init
services:
@ -160,6 +163,7 @@ dependencies:
jobs:
- magnum-db-sync
- magnum-ks-user
- magnum-domain-ks-user
- magnum-ks-endpoints
- magnum-rabbit-init
services:
@ -206,6 +210,7 @@ secrets:
identity:
admin: magnum-keystone-admin
magnum: magnum-keystone-user
magnum_stack_user: magnum-keystone-stack-user
oslo_db:
admin: magnum-db-admin
magnum: magnum-db-user
@ -236,6 +241,12 @@ endpoints:
project_name: service
user_domain_name: default
project_domain_name: default
magnum_stack_user:
role: admin
region_name: RegionOne
username: magnum-domain
password: password
domain_name: magnum
hosts:
default: keystone-api
public: keystone
@ -446,6 +457,7 @@ manifests:
job_db_drop: false
job_ks_endpoints: true
job_ks_service: true
job_ks_user_domain: true
job_ks_user: true
job_rabbit_init: true
pdb_api: true