diff --git a/kubernetes/helm-charts/rbd-provisioner/templates/daemonset.yaml b/kubernetes/helm-charts/rbd-provisioner/templates/daemonset.yaml index ec5db0d0aa..7d6be68e96 100644 --- a/kubernetes/helm-charts/rbd-provisioner/templates/daemonset.yaml +++ b/kubernetes/helm-charts/rbd-provisioner/templates/daemonset.yaml @@ -43,6 +43,5 @@ spec: {{- end }} env: - name: PROVISIONER_NAME - value: ceph.com/rbd + value: {{ .Values.global.provisioner_name }} {{- end}} - diff --git a/kubernetes/helm-charts/rbd-provisioner/templates/deployment.yaml b/kubernetes/helm-charts/rbd-provisioner/templates/deployment.yaml index d928638ce4..8868a45296 100644 --- a/kubernetes/helm-charts/rbd-provisioner/templates/deployment.yaml +++ b/kubernetes/helm-charts/rbd-provisioner/templates/deployment.yaml @@ -39,7 +39,7 @@ spec: image: {{ .Values.images.tags.rbd_provisioner | quote }} env: - name: PROVISIONER_NAME - value: ceph.com/rbd + value: {{ .Values.global.provisioner_name }} {{- if .Values.global.nodeSelector }} nodeSelector: {{ .Values.global.nodeSelector | toYaml | trim | indent 8 }} diff --git a/kubernetes/helm-charts/rbd-provisioner/templates/storageclass.yaml b/kubernetes/helm-charts/rbd-provisioner/templates/storageclass.yaml index 87457a3d77..7cf49a5c16 100644 --- a/kubernetes/helm-charts/rbd-provisioner/templates/storageclass.yaml +++ b/kubernetes/helm-charts/rbd-provisioner/templates/storageclass.yaml @@ -9,12 +9,13 @@ {{- if .Values.global.provisionStorageClass }} {{ $namespace := .Release.Namespace }} {{ $defaults := .Values.classdefaults}} +{{ $provisioner := .Values.global.provisioner_name }} {{- range $classConfig := .Values.classes }} apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: {{ $classConfig.name }} -provisioner: ceph.com/rbd +provisioner: {{ $provisioner }} parameters: monitors: {{ $monitors := or $classConfig.monitors $defaults.monitors }}{{ join "," $monitors}} adminId: {{ or $classConfig.adminId $defaults.adminId}} @@ -27,4 +28,4 @@ parameters: imageFeatures: {{ or $classConfig.imageFeatures $defaults.imageFeatures}} --- {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/kubernetes/helm-charts/rbd-provisioner/values.yaml b/kubernetes/helm-charts/rbd-provisioner/values.yaml index b056e66326..22c42b4b0c 100644 --- a/kubernetes/helm-charts/rbd-provisioner/values.yaml +++ b/kubernetes/helm-charts/rbd-provisioner/values.yaml @@ -9,10 +9,14 @@ # Defaults should be fine in most cases. global: # - # Defines the name of a Provisioner. + # Defines the application name of the provisioner. # name: "rbd-provisioner" # + # Defines the name of the provisioner associated with a set of storage classes + # + provisioner_name: "ceph.com/rbd" + # # Execute initialization job to verify external Ceph cluster access # and setup additional dependencies assumed by dependent helm charts # (i.e. configmap and secrets). diff --git a/kubernetes/platform/stx-platform/stx-platform-helm/centos/build_srpm.data b/kubernetes/platform/stx-platform/stx-platform-helm/centos/build_srpm.data index 5138d04860..6f1a08c7c5 100644 --- a/kubernetes/platform/stx-platform/stx-platform-helm/centos/build_srpm.data +++ b/kubernetes/platform/stx-platform/stx-platform-helm/centos/build_srpm.data @@ -5,4 +5,4 @@ $PKG_BASE/../../../helm-charts/node-feature-discovery \ $PKG_BASE/../../../helm-charts/rbd-provisioner \ $PKG_BASE/../../../helm-charts/ceph-pools-audit" -TIS_PATCH_VER=2 +TIS_PATCH_VER=3 diff --git a/kubernetes/platform/stx-platform/stx-platform-helm/stx-platform-helm/manifests/manifest.yaml b/kubernetes/platform/stx-platform/stx-platform-helm/stx-platform-helm/manifests/manifest.yaml index 9b84f9c4ee..fe800401ea 100644 --- a/kubernetes/platform/stx-platform/stx-platform-helm/stx-platform-helm/manifests/manifest.yaml +++ b/kubernetes/platform/stx-platform/stx-platform-helm/stx-platform-helm/manifests/manifest.yaml @@ -37,10 +37,10 @@ data: labels: app: rbd-provisioner values: - images: - tags: - # TODO: Remove after ceph upgrade - rbd_provisioner_storage_init: docker.io/starlingx/stx-ceph-config-helper:master-centos-stable-latest + global: + # TODO (rchurch): Remove after enabling the stx-openstack application to + # use the default system provisioner. + provisioner_name: "ceph.com/rbd-platform" rbac: clusterRole: stx-rbd-provisioner clusterRoleBinding: stx-rbd-provisioner diff --git a/sysinv/sysinv/centos/build_srpm.data b/sysinv/sysinv/centos/build_srpm.data index e25835b3c5..bbdd071fd3 100644 --- a/sysinv/sysinv/centos/build_srpm.data +++ b/sysinv/sysinv/centos/build_srpm.data @@ -1,2 +1,2 @@ SRC_DIR="sysinv" -TIS_PATCH_VER=313 +TIS_PATCH_VER=314 diff --git a/sysinv/sysinv/sysinv/setup.cfg b/sysinv/sysinv/sysinv/setup.cfg index a3c0711062..f8de5df1e5 100644 --- a/sysinv/sysinv/sysinv/setup.cfg +++ b/sysinv/sysinv/sysinv/setup.cfg @@ -75,6 +75,12 @@ systemconfig.puppet_plugins = systemconfig.helm_applications = stx-openstack = systemconfig.helm_plugins.stx_openstack + platform-integ-apps = systemconfig.helm_plugins.platform_integ_apps + +systemconfig.helm_plugins.platform_integ_apps = + 001_helm-toolkit = sysinv.helm.helm_toolkit:HelmToolkitHelm + 002_rbd-provisioner = sysinv.helm.rbd_provisioner:RbdProvisionerHelm + 003_ceph-pools-audit = sysinv.helm.ceph_pools_audit:CephPoolsAuditHelm systemconfig.helm_plugins.stx_openstack = 001_ingress = sysinv.helm.ingress:IngressHelm diff --git a/sysinv/sysinv/sysinv/sysinv/common/constants.py b/sysinv/sysinv/sysinv/sysinv/common/constants.py index 7e363aab08..6f96255e25 100644 --- a/sysinv/sysinv/sysinv/sysinv/common/constants.py +++ b/sysinv/sysinv/sysinv/sysinv/common/constants.py @@ -1457,9 +1457,11 @@ HELM_CHART_KEYSTONE_API_PROXY = 'keystone-api-proxy' # Helm: Supported application (aka chart bundles) HELM_APP_OPENSTACK = 'stx-openstack' +HELM_APP_PLATFORM = 'platform-integ-apps' -SUPPORTED_HELM_APP_NAMES = [ - HELM_APP_OPENSTACK +HELM_APPS_SUPPORTED = [ + HELM_APP_OPENSTACK, + HELM_APP_PLATFORM, ] # Apply mode for openstack app diff --git a/sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py b/sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py index eccacbf656..e430cd670c 100644 --- a/sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py +++ b/sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py @@ -933,7 +933,8 @@ class AppOperator(object): :param tarfile: location of application tarfile """ - app = AppOperator.Application(rpc_app) + app = AppOperator.Application(rpc_app, + rpc_app.get('name') in self._helm.get_helm_applications()) LOG.info("Application (%s) upload started." % app.name) try: @@ -1005,7 +1006,8 @@ class AppOperator(object): :return boolean: whether application apply was successful """ - app = AppOperator.Application(rpc_app) + app = AppOperator.Application(rpc_app, + rpc_app.get('name') in self._helm.get_helm_applications()) LOG.info("Application (%s) apply started." % app.name) overrides_str = '' @@ -1067,7 +1069,8 @@ class AppOperator(object): :return boolean: whether application remove was successful """ - app = AppOperator.Application(rpc_app) + app = AppOperator.Application(rpc_app, + rpc_app.get('name') in self._helm.get_helm_applications()) LOG.info("Application (%s) remove started." % app.name) app.charts = self._get_list_of_charts(app.armada_mfile_abs) @@ -1079,8 +1082,11 @@ class AppOperator(object): try: self._delete_local_registry_secrets(app.name) - self._delete_persistent_volume_claim(common.HELM_NS_OPENSTACK) - self._delete_namespace(common.HELM_NS_OPENSTACK) + # TODO (rchurch): Clean up needs to be conditional based on + # the application. For now only clean up the stx-openstack. + if app.name == constants.HELM_APP_OPENSTACK: + self._delete_persistent_volume_claim(common.HELM_NS_OPENSTACK) + self._delete_namespace(common.HELM_NS_OPENSTACK) except Exception as e: self._abort_operation(app, constants.APP_REMOVE_OP) LOG.exception(e) @@ -1104,7 +1110,8 @@ class AppOperator(object): :param rpc_app: application object in the RPC request """ - app = AppOperator.Application(rpc_app) + app = AppOperator.Application(rpc_app, + rpc_app.get('name') in self._helm.get_helm_applications()) try: self._dbapi.kube_app_destroy(app.name) self._cleanup(app) @@ -1124,7 +1131,7 @@ class AppOperator(object): support application related operations. """ - def __init__(self, rpc_app): + def __init__(self, rpc_app, is_system_app): self._kube_app = rpc_app self.path = os.path.join(constants.APP_INSTALL_PATH, self._kube_app.get('name')) @@ -1132,9 +1139,7 @@ class AppOperator(object): self.images_dir = os.path.join(self.path, 'images') self.tarfile = None self.downloaded_tarfile = False - self.system_app =\ - (self._kube_app.get('name') == constants.HELM_APP_OPENSTACK) - + self.system_app = is_system_app self.armada_mfile = generate_armada_manifest_filename( self._kube_app.get('name'), self._kube_app.get('manifest_file')) diff --git a/sysinv/sysinv/sysinv/sysinv/helm/base.py b/sysinv/sysinv/sysinv/sysinv/helm/base.py index a387a6e70e..2d24200017 100644 --- a/sysinv/sysinv/sysinv/sysinv/helm/base.py +++ b/sysinv/sysinv/sysinv/sysinv/helm/base.py @@ -28,6 +28,7 @@ class BaseHelm(object): DEFAULT_REGION_NAME = 'RegionOne' CEPH_MON_SERVICE_PORT = 6789 SUPPORTED_NAMESPACES = [] + SUPPORTED_APP_NAMESPACES = {} SYSTEM_CONTROLLER_SERVICES = [ constants.HELM_CHART_KEYSTONE_API_PROXY, ] @@ -205,6 +206,15 @@ class BaseHelm(object): """ return self.SUPPORTED_NAMESPACES + def get_namespaces_by_app(self, app_name): + """ + Return list of namespaces supported by an applcation + """ + if app_name in self.SUPPORTED_APP_NAMESPACES: + return self.SUPPORTED_APP_NAMESPACES[app_name] + else: + return [] + def get_overrides(self, namespace=None): """ Return chart-specific values overrides diff --git a/sysinv/sysinv/sysinv/sysinv/helm/ceph_pools_audit.py b/sysinv/sysinv/sysinv/sysinv/helm/ceph_pools_audit.py index bcfb63a6b0..9255d3819b 100644 --- a/sysinv/sysinv/sysinv/sysinv/helm/ceph_pools_audit.py +++ b/sysinv/sysinv/sysinv/sysinv/helm/ceph_pools_audit.py @@ -18,9 +18,15 @@ class CephPoolsAuditHelm(base.BaseHelm): """Class to encapsulate helm operations for the ceph-pools-audit chart""" CHART = constants.HELM_CHART_CEPH_POOLS_AUDIT - SUPPORTED_NAMESPACES = [ - common.HELM_NS_OPENSTACK - ] + SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \ + [common.HELM_NS_OPENSTACK, + common.HELM_NS_KUBE_SYSTEM] + SUPPORTED_APP_NAMESPACES = { + constants.HELM_APP_OPENSTACK: + base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_OPENSTACK], + constants.HELM_APP_PLATFORM: + base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_KUBE_SYSTEM], + } SERVICE_NAME = 'ceph-pools' @@ -63,6 +69,9 @@ class CephPoolsAuditHelm(base.BaseHelm): tiers_cfg.append(tier_cfg) overrides = { + # TODO (rchurch): Support running in both namespaces for the near + # term. A future commit will remove this from the stx-openstack + # application common.HELM_NS_OPENSTACK: { 'conf': { 'ceph': { @@ -70,6 +79,14 @@ class CephPoolsAuditHelm(base.BaseHelm): 'storage_tiers': tiers_cfg } } + }, + common.HELM_NS_KUBE_SYSTEM: { + 'conf': { + 'ceph': { + 'monitors': monitors, + 'storage_tiers': tiers_cfg + } + } } } diff --git a/sysinv/sysinv/sysinv/sysinv/helm/helm.py b/sysinv/sysinv/sysinv/sysinv/helm/helm.py index 47d2ee3205..250faf4fcb 100644 --- a/sysinv/sysinv/sysinv/sysinv/helm/helm.py +++ b/sysinv/sysinv/sysinv/sysinv/helm/helm.py @@ -86,6 +86,23 @@ class HelmOperator(object): thread_context = eventlet.greenthread.getcurrent() return getattr(thread_context, '_helm_context') + def get_helm_chart_namespaces_by_app(self, chart_name, app_name): + """Get supported chart namespaces for a given application. + + This method retrieves the namespace supported by a given chart. + + :param chart_name: name of the chart + :param app_name: name of the application + :returns: list of supported namespaces that associated overrides may be + provided. + """ + + namespaces = [] + if chart_name in self.chart_operators: + namespaces = self.chart_operators[chart_name].get_namespaces_by_app( + app_name) + return namespaces + def get_helm_chart_namespaces(self, chart_name): """Get supported chart namespaces. @@ -167,9 +184,10 @@ class HelmOperator(object): if app_name in self.helm_applications: for chart_name in self.helm_applications[app_name]: try: - app_namespaces.update({chart_name: - self.get_helm_chart_namespaces( - chart_name)}) + app_namespaces.update( + {chart_name: + self.get_helm_chart_namespaces_by_app( + chart_name, app_name)}) except exception.InvalidHelmNamespace as e: LOG.info(e) return app_namespaces diff --git a/sysinv/sysinv/sysinv/sysinv/helm/openstack.py b/sysinv/sysinv/sysinv/sysinv/helm/openstack.py index 5a7a4b2087..cd621bd5fd 100644 --- a/sysinv/sysinv/sysinv/sysinv/helm/openstack.py +++ b/sysinv/sysinv/sysinv/sysinv/helm/openstack.py @@ -26,6 +26,10 @@ class OpenstackBaseHelm(base.BaseHelm): SUPPORTED_NAMESPACES = \ base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_OPENSTACK] + SUPPORTED_APP_NAMESPACES = { + constants.HELM_APP_OPENSTACK: + base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_OPENSTACK] + } def _get_service_config(self, service): configs = self.context.setdefault('_service_configs', {}) diff --git a/sysinv/sysinv/sysinv/sysinv/helm/rbd_provisioner.py b/sysinv/sysinv/sysinv/sysinv/helm/rbd_provisioner.py index d7232840b6..db26e0c9e6 100644 --- a/sysinv/sysinv/sysinv/sysinv/helm/rbd_provisioner.py +++ b/sysinv/sysinv/sysinv/sysinv/helm/rbd_provisioner.py @@ -4,6 +4,8 @@ # SPDX-License-Identifier: Apache-2.0 # +import copy + from sysinv.common import constants from sysinv.common import exception from sysinv.common.storage_backend_conf import K8RbdProvisioner @@ -19,8 +21,15 @@ class RbdProvisionerHelm(base.BaseHelm): """Class to encapsulate helm operations for the rbd-provisioner chart""" CHART = constants.HELM_CHART_RBD_PROVISIONER - SUPPORTED_NAMESPACES = \ - base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_OPENSTACK] + SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \ + [common.HELM_NS_OPENSTACK, + common.HELM_NS_KUBE_SYSTEM] + SUPPORTED_APP_NAMESPACES = { + constants.HELM_APP_OPENSTACK: + base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_OPENSTACK], + constants.HELM_APP_PLATFORM: + base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_KUBE_SYSTEM], + } SERVICE_NAME = 'rbd-provisioner' SERVICE_PORT_MON = 6789 @@ -69,13 +78,34 @@ class RbdProvisionerHelm(base.BaseHelm): "replicas": self._num_controllers() } - overrides = { + overrides = {} + # TODO(rchurch): Multiple rbd-provsioners can be run in the k8s cluster. + # This will be the case for the near term until an update is provided to + # the stx-openstack application to support using the default system + # provisioner which will be installed in the kube-system namespace. + overrides.update({ common.HELM_NS_OPENSTACK: { + "classdefaults": copy.deepcopy(classdefaults), + "classes": copy.deepcopy(classes), + "global": global_settings + } + }) + + # TODO(rchurch): For the near term ensure, provisioner isolation + classdefaults["adminId"] += '-platform' + classdefaults["adminSecretName"] += '-platform' + for c in classes: + c["name"] += '-platform' + c["pool_name"] += '-platform' + c["userId"] += '-platform' + c["userSecretName"] += '-platform' + overrides.update({ + common.HELM_NS_KUBE_SYSTEM: { "classdefaults": classdefaults, "classes": classes, "global": global_settings } - } + }) if namespace in self.SUPPORTED_NAMESPACES: return overrides[namespace]