From 3c953ae67e1e6c469868f3a34deeada7fbbea7cc Mon Sep 17 00:00:00 2001 From: Robert Church Date: Tue, 6 Nov 2018 11:22:33 -0500 Subject: [PATCH] Enable StarlingX helm charts for stx-openstack app Use an application RPM to build and collect application artifacts. This follows the same mechanism that is used to build the openstack-helm and openstack-helm-infra charts. The custom StarlingX charts are built and the application specific armada manifests are included in the RPM. This application RPM will be used to produce some of the required build artifacts (custom helm tarballs + armada manifests) but is not intended to be installed on the system. These artifacts are extracted later for proper application packaging with additional required metadata. Changes also include: - Update the README describing the new layouts for applications. - Move the nova-api-proxy chart from the common area to be included as a chart specific to the stx-openstack app. Change-Id: I1140760d56035249324519be93bb913e18f394d9 Story: 2004005 Task: 27801 Depends-On: I57c5ec5f3565e9e585f0935af745e495699aa28c Signed-off-by: Robert Church --- stx-openstack-helm/centos/build_srpm.data | 2 + .../centos/stx-openstack-helm.spec | 54 + .../stx-openstack-helm/Makefile | 43 + stx-openstack-helm/stx-openstack-helm/README | 5 + .../helm-charts/nova-api-proxy/Chart.yaml | 5 + .../nova-api-proxy/requirements.yaml | 10 + .../templates/bin/_nova-api-proxy.sh.tpl | 13 + .../templates/configmap-bin.yaml | 19 + .../templates/configmap-etc.yaml | 55 + .../nova-api-proxy/templates/deployment.yaml | 88 ++ .../templates/image_repo_sync.yaml | 13 + .../nova-api-proxy/templates/ingress.yaml | 12 + .../templates/job-ks-endpoints.yaml | 12 + .../templates/secret-ingress-tls.yaml | 11 + .../templates/secret-keystone.yaml | 22 + .../nova-api-proxy/templates/service.yaml | 31 + .../helm-charts/nova-api-proxy/values.yaml | 306 +++++ .../manifests/manifest.yaml | 1214 +++++++++++++++++ 18 files changed, 1915 insertions(+) create mode 100644 stx-openstack-helm/centos/build_srpm.data create mode 100644 stx-openstack-helm/centos/stx-openstack-helm.spec create mode 100644 stx-openstack-helm/stx-openstack-helm/Makefile create mode 100644 stx-openstack-helm/stx-openstack-helm/README create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/Chart.yaml create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/requirements.yaml create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/bin/_nova-api-proxy.sh.tpl create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/configmap-bin.yaml create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/configmap-etc.yaml create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/deployment.yaml create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/image_repo_sync.yaml create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/ingress.yaml create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/job-ks-endpoints.yaml create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/secret-ingress-tls.yaml create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/secret-keystone.yaml create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/service.yaml create mode 100644 stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/values.yaml create mode 100644 stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml diff --git a/stx-openstack-helm/centos/build_srpm.data b/stx-openstack-helm/centos/build_srpm.data new file mode 100644 index 00000000..5fb9f681 --- /dev/null +++ b/stx-openstack-helm/centos/build_srpm.data @@ -0,0 +1,2 @@ +SRC_DIR="stx-openstack-helm" +TIS_PATCH_VER=1 diff --git a/stx-openstack-helm/centos/stx-openstack-helm.spec b/stx-openstack-helm/centos/stx-openstack-helm.spec new file mode 100644 index 00000000..80e5d0cd --- /dev/null +++ b/stx-openstack-helm/centos/stx-openstack-helm.spec @@ -0,0 +1,54 @@ +%global helm_folder /usr/lib/helm +%global armada_folder /usr/lib/armada +%global toolkit_version 0.1.0 +%global helmchart_version 0.1.0 + +Summary: StarlingX Openstack Application Helm charts +Name: stx-openstack-helm +Version: 1.0 +Release: %{tis_patch_ver}%{?_tis_dist} +License: Apache-2.0 +Group: base +Packager: Wind River +URL: unknown + +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +BuildRequires: helm +BuildRequires: openstack-helm-infra +Requires: openstack-helm-infra + +%description +StarlingX Openstack Application Helm charts + +%prep +%setup + +%build +# initialize helm and stage the toolkit +helm init --client-only +# Host a server for the charts +cp %{helm_folder}/helm-toolkit-%{toolkit_version}.tgz . +helm serve --repo-path . & +helm repo rm local +helm repo add local http://localhost:8879/charts + +# Make the charts. These produce a tgz file +make nova-api-proxy + +# remove helm-toolkit. This will be packaged with openstack-helm-infra +rm ./helm-toolkit-%{toolkit_version}.tgz + +%install +# helm_folder is created by openstack-helm-infra +install -d -m 755 ${RPM_BUILD_ROOT}%{helm_folder} +install -p -D -m 755 *.tgz ${RPM_BUILD_ROOT}%{helm_folder} +install -d -m 755 ${RPM_BUILD_ROOT}%{armada_folder} +install -p -D -m 755 manifests/*.yaml ${RPM_BUILD_ROOT}%{armada_folder} + +%files +#helm_folder is owned by openstack-helm-infra +%defattr(-,root,root,-) +%{helm_folder}/* +%{armada_folder}/* diff --git a/stx-openstack-helm/stx-openstack-helm/Makefile b/stx-openstack-helm/stx-openstack-helm/Makefile new file mode 100644 index 00000000..5cf4447e --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/Makefile @@ -0,0 +1,43 @@ +# +# Copyright 2017 The Openstack-Helm Authors. +# +# Copyright (c) 2018 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# It's necessary to set this because some environments don't link sh -> bash. +SHELL := /bin/bash +TASK := build + +EXCLUDES := helm-toolkit doc tests tools logs tmp +CHARTS := helm-toolkit $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) + +.PHONY: $(EXCLUDES) $(CHARTS) + +all: $(CHARTS) + +$(CHARTS): + @if [ -d $@ ]; then \ + echo; \ + echo "===== Processing [$@] chart ====="; \ + make $(TASK)-$@; \ + fi + +init-%: + if [ -f $*/Makefile ]; then make -C $*; fi + if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: init-% + if [ -d $* ]; then helm lint $*; fi + +build-%: lint-% + if [ -d $* ]; then helm package $*; fi + +clean: + @echo "Clean all build artifacts" + rm -f */templates/_partials.tpl */templates/_globals.tpl + rm -f *tgz */charts/*tgz */requirements.lock + rm -rf */charts */tmpcharts + +%: + @: diff --git a/stx-openstack-helm/stx-openstack-helm/README b/stx-openstack-helm/stx-openstack-helm/README new file mode 100644 index 00000000..4ad61101 --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/README @@ -0,0 +1,5 @@ +This directory contains all StarlingX charts that need to be built for this +application. Some charts are common across applications. These common charts +reside in the stx-config/kubernetes/helm-charts directory. To include these in +this application update the build_srpm.data file and use the COPY_LIST_TO_TAR +mechanism to populate these commom charts. diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/Chart.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/Chart.yaml new file mode 100644 index 00000000..0a92ed38 --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: StarlingX-Helm nova-api-proxy +name: nova-api-proxy +version: 0.1.0 diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/requirements.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/requirements.yaml new file mode 100644 index 00000000..cb3c0440 --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/requirements.yaml @@ -0,0 +1,10 @@ +# +# Copyright (c) 2018 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/bin/_nova-api-proxy.sh.tpl b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/bin/_nova-api-proxy.sh.tpl new file mode 100644 index 00000000..63d20deb --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/bin/_nova-api-proxy.sh.tpl @@ -0,0 +1,13 @@ +#!/bin/bash + +{{/* +# +# Copyright (c) 2018 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +set -ex + +nova-api-proxy --config-file=/etc/proxy/nova-api-proxy.conf diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/configmap-bin.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/configmap-bin.yaml new file mode 100644 index 00000000..91240106 --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/configmap-bin.yaml @@ -0,0 +1,19 @@ +{{/* +# +# Copyright (c) 2018 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nova-api-proxy-bin +data: + nova-api-proxy.sh: | +{{ tuple "bin/_nova-api-proxy.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/configmap-etc.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/configmap-etc.yaml new file mode 100644 index 00000000..68e1e468 --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/configmap-etc.yaml @@ -0,0 +1,55 @@ +{{/* +# +# Copyright (c) 2018 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- define "nova_proxy.configmap.etc" }} +{{- $envAll := index . 1 }} +{{- with $envAll }} + +{{- if empty .Values.conf.nova_api_proxy.keystone_authtoken.auth_uri -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova_api_proxy.keystone_authtoken "auth_uri" -}} +{{- end -}} +{{- if empty .Values.conf.nova_api_proxy.keystone_authtoken.auth_url -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova_api_proxy.keystone_authtoken "auth_url" -}} +{{- end -}} + +{{- if empty .Values.conf.nova_api_proxy.keystone_authtoken.region_name -}} +{{- $_ := set .Values.conf.nova_api_proxy.keystone_authtoken "region_name" .Values.endpoints.identity.auth.nova.region_name -}} +{{- end -}} +{{- if empty .Values.conf.nova_api_proxy.keystone_authtoken.project_name -}} +{{- $_ := set .Values.conf.nova_api_proxy.keystone_authtoken "project_name" .Values.endpoints.identity.auth.nova.project_name -}} +{{- end -}} +{{- if empty .Values.conf.nova_api_proxy.keystone_authtoken.project_domain_name -}} +{{- $_ := set .Values.conf.nova_api_proxy.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.nova.project_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.nova_api_proxy.keystone_authtoken.user_domain_name -}} +{{- $_ := set .Values.conf.nova_api_proxy.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.nova.user_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.nova_api_proxy.keystone_authtoken.username -}} +{{- $_ := set .Values.conf.nova_api_proxy.keystone_authtoken "username" .Values.endpoints.identity.auth.nova.username -}} +{{- end -}} +{{- if empty .Values.conf.nova_api_proxy.keystone_authtoken.password -}} +{{- $_ := set .Values.conf.nova_api_proxy.keystone_authtoken "password" .Values.endpoints.identity.auth.nova.password -}} +{{- end -}} + + +apiVersion: v1 +kind: ConfigMap +metadata: + name: nova-api-proxy-etc +data: + nova-api-proxy.conf: | +{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_api_proxy | indent 4 }} + api-proxy-paste.ini: | +{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.paste | indent 4 }} + logging.conf: | +{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | indent 4 }} +{{- end }} +{{- end }} +{{- if .Values.manifests.configmap_etc }} +{{- list "nova-proxy-etc" . | include "nova_proxy.configmap.etc" }} +{{- end }} diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/deployment.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/deployment.yaml new file mode 100644 index 00000000..c9972779 --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/deployment.yaml @@ -0,0 +1,88 @@ +{{/* +# +# Copyright (c) 2018 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.deployment_api_proxy }} +{{- $envAll := . }} + +{{- $mounts_nova_api_proxy := .Values.pod.mounts.nova_api_proxy.nova_api_proxy }} +{{- $mounts_nova_api_proxy_init := .Values.pod.mounts.nova_api_proxy.init_container }} + +{{- $serviceAccountName := "nova-api-proxy" }} +{{ tuple $envAll "proxy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nova-api-proxy + labels: +{{ tuple $envAll "nova" "api-proxy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.proxy }} + selector: + matchLabels: +{{ tuple $envAll "nova" "api-proxy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "nova" "api-proxy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "nova" "api-proxy" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.api_proxy.node_selector_key }}: {{ .Values.labels.api_proxy.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api_proxy.timeout | default "30" }} + initContainers: +{{ tuple $envAll "api" $mounts_nova_api_proxy_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: nova-api-proxy +{{ tuple $envAll "nova_api_proxy" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.api_proxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + runAsUser: {{ .Values.pod.user.nova_api_proxy.uid }} + command: + - /tmp/nova-api-proxy.sh + ports: + - name: n-api + containerPort: {{ tuple "compute" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + readinessProbe: + tcpSocket: + port: {{ tuple "compute" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + volumeMounts: + - name: nova-api-proxy-bin + mountPath: /tmp/nova-api-proxy.sh + subPath: nova-api-proxy.sh + readOnly: true + - name: nova-api-proxy-etc + mountPath: /etc/proxy/nova-api-proxy.conf + subPath: nova-api-proxy.conf + readOnly: true + - name: nova-api-proxy-etc + mountPath: /etc/proxy/logging.conf + subPath: logging.conf + readOnly: true + - name: nova-api-proxy-etc + mountPath: /etc/proxy/api-proxy-paste.ini + subPath: api-proxy-paste.ini + readOnly: true +{{ if $mounts_nova_api_proxy.volumeMounts }}{{ toYaml $mounts_nova_api_proxy.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: nova-api-proxy-bin + configMap: + name: nova-api-proxy-bin + defaultMode: 0777 + - name: nova-api-proxy-etc + configMap: + name: nova-api-proxy-etc + defaultMode: 0777 +{{ if $mounts_nova_api_proxy.volumes}}{{ toYaml $mounts_nova_api_proxy.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/image_repo_sync.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/image_repo_sync.yaml new file mode 100644 index 00000000..c41c530f --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/image_repo_sync.yaml @@ -0,0 +1,13 @@ +{{/* +# +# Copyright (c) 2018 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} +{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "nova-api-proxy" -}} +{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} +{{- end }} + diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/ingress.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/ingress.yaml new file mode 100644 index 00000000..3fd8de5d --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/ingress.yaml @@ -0,0 +1,12 @@ +{{/* +# +# Copyright (c) 2018 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if and .Values.manifests.ingress .Values.network.api_proxy.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendServiceType" "compute" "backendPort" "n-api-proxy" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/job-ks-endpoints.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/job-ks-endpoints.yaml new file mode 100644 index 00000000..0c8524de --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/job-ks-endpoints.yaml @@ -0,0 +1,12 @@ +{{/* +# +# Copyright (c) 2018 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.job_ks_endpoints }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "nova" "serviceTypes" ( tuple "compute" ) -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} +{{- end }} diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/secret-ingress-tls.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/secret-ingress-tls.yaml new file mode 100644 index 00000000..71fc3060 --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/secret-ingress-tls.yaml @@ -0,0 +1,11 @@ +{{/* +# +#Copyright (c) 2018 Wind River Systems, Inc. +# +#SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.secret_ingress_tls }} +{{ include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendService" "osapi" "backendServiceType" "compute" ) }} +{{- end }} diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/secret-keystone.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/secret-keystone.yaml new file mode 100644 index 00000000..62dde02f --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/secret-keystone.yaml @@ -0,0 +1,22 @@ +{{/* +# +# Copyright (c) 2018 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.secret_keystone }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "nova" "test" }} +{{- $secretName := index $envAll.Values.secrets.identity $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: +{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}} +{{- end }} +{{- end }} diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/service.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/service.yaml new file mode 100644 index 00000000..0d8584b0 --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/service.yaml @@ -0,0 +1,31 @@ +{{/* +# +# Copyright (c) 2018 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.service_api }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "nova" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: n-api-proxy + port: {{ tuple "compute" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{ if .Values.network.api.node_port.enabled }} + nodePort: {{ .Values.network.api.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "nova" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.api.node_port.enabled }} + type: NodePort + {{ if .Values.network.api.external_policy_local }} + externalTrafficPolicy: Local + {{ end }} + {{ end }} +{{- end }} diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/values.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/values.yaml new file mode 100644 index 00000000..33ed6642 --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/values.yaml @@ -0,0 +1,306 @@ +# +# Copyright (c) 2018 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +# Default values for nova-api-proxy. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +labels: + api_proxy: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +images: + tags: + nova_api_proxy: 128.224.186.231:9001/abailey/stx-nova-api-proxy:latest + ks_endpoints: docker.io/openstackhelm/heat:pike + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 + pullPolicy: IfNotPresent + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +network: + api_proxy: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + external_policy_local: false + node_port: + enabled: false + port: 8774 + +conf: + nova_api_proxy: + DEFAULT: + log_config_append: /etc/proxy/logging.conf + api_paste_config: api-proxy-paste.ini + auth_strategy: keystone + debug: False + use_syslog: False + show_request_body: False + pool_size: 256 + osapi_proxy_listen: 0.0.0.0 + osapi_proxy_listen_port: 8774 + osapi_compute_listen: nova-api.openstack.svc.cluster.local + osapi_compute_listen_port: 8774 + nfvi_compute_listen_port: 30003 + nfvi_compute_listen: 0.0.0.0 + keystone_authtoken: + auth_type: password + auth_version: v3 + + paste: + pipeline:nova-api-proxy: + pipeline: version authtoken acceptor proxyapp + filter:debug_header: + paste.filter_factory: nova_api_proxy.apps.acceptor:DebugHeaders.factory + filter:version: + paste.filter_factory: nova_api_proxy.apps.acceptor:VersionAcceptor.factory + filter:authtoken: + paste.filter_factory: keystonemiddleware.auth_token:filter_factory + filter:acceptor: + paste.filter_factory: nova_api_proxy.apps.acceptor:Acceptor.factory + app:proxyapp: + paste.app_factory: nova_api_proxy.apps.proxy:Proxy.factory + + logging: + loggers: + keys: + - root + - nova_api_proxy + - keystonemiddleware + handlers: + keys: + - stdout + - stderr + - "null" + formatters: + keys: + - context + - default + logger_root: + level: WARNING + handlers: null + logger_nova_api_proxy: + level: INFO + handlers: + - stdout + qualname: nova_api_proxy + logger_keystonemiddleware: + level: INFO + handlers: + - stdout + qualname: keystonemiddleware + logger_amqp: + level: WARNING + handlers: stderr + qualname: amqp + logger_amqplib: + level: WARNING + handlers: stderr + qualname: amqplib + logger_eventletwsgi: + level: WARNING + handlers: stderr + qualname: eventlet.wsgi.server + logger_sqlalchemy: + level: WARNING + handlers: stderr + qualname: sqlalchemy + logger_boto: + level: WARNING + handlers: stderr + qualname: boto + handler_null: + class: logging.NullHandler + formatter: default + args: () + handler_stdout: + class: StreamHandler + args: (sys.stdout,) + formatter: context + handler_stderr: + class: StreamHandler + args: (sys.stderr,) + formatter: context + formatter_context: + class: oslo_log.formatters.ContextFormatter + formatter_default: + format: "%(message)s" + +dependencies: + dynamic: + common: + local_image_registry: + jobs: + - image-repo-sync + services: + - endpoint: node + service: local_image_registry + static: + ks_endpoints: + jobs: + - nova-ks-service + services: + - endpoint: internal + service: identity + + +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + identity: + name: keystone + auth: + admin: + region_name: RegionOne + username: admin + password: password + project_name: admin + user_domain_name: default + project_domain_name: default + nova: + role: admin + region_name: RegionOne + username: nova + password: password + project_name: service + user_domain_name: service + project_domain_name: service + hosts: + default: keystone-api + public: keystone + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: http + port: + admin: + default: 35357 + api: + default: 80 + compute: + name: nova + hosts: + default: nova-api-proxy + public: nova-api-proxy + host_fqdn_override: + default: null + # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public + # endpoints using the following format: + # public: + # host: null + # tls: + # crt: null + # key: null + path: + default: "/v2.1/%(tenant_id)s" + scheme: + default: 'http' + port: + api: + default: 8774 + public: 80 + +pod: + user: + nova_api_proxy: + uid: 42424 + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + mounts: + nova_api_proxy: + init_container: null + nova_api_proxy: + replicas: + proxy: 1 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + daemonsets: + pod_replacement_strategy: RollingUpdate + compute: + enabled: true + min_ready_seconds: 0 + max_unavailable: 1 + disruption_budget: + api_proxy: + min_available: 0 + termination_grace_period: + api_proxy: + timeout: 30 + resources: + enabled: false + api_proxy: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + jobs: + ks_endpoints: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +secrets: + identity: + admin: nova-keystone-admin + nova: nova-keystone-user + + +manifests: + configmap_bin: true + configmap_etc: true + deployment_api_proxy: true + ingress_api: true + job_ks_endpoints: false + +resources: {} + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml b/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml new file mode 100644 index 00000000..56741d47 --- /dev/null +++ b/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml @@ -0,0 +1,1214 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: helm-toolkit +data: + chart_name: helm-toolkit + release: helm-toolkit + namespace: helm-toolkit + values: {} + source: + type: tar + location: http://172.17.0.1/helm_charts/helm-toolkit-0.1.0.tgz + subpath: helm-toolkit + reference: master + dependencies: [] +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kube-system-ingress +data: + chart_name: ingress + release: kube-system-ingress + namespace: kube-system + wait: + timeout: 1800 + labels: + release_group: osh-kube-system-ingress + install: + no_hooks: False + upgrade: + no_hooks: False + pre: + delete: + - type: job + labels: + release_group: osh-kube-system-ingress + values: + labels: + server: + node_selector_key: openstack-control-plane + node_selector_value: enabled + error_server: + node_selector_key: openstack-control-plane + node_selector_value: enabled + pod: + replicas: + error_page: 2 + ingress: 2 + source: + type: tar + location: http://172.17.0.1/helm_charts/ingress-0.1.0.tgz + subpath: ingress + reference: master + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-ingress +data: + chart_name: ingress + release: openstack-ingress + namespace: openstack + wait: + timeout: 1800 + labels: + release_group: osh-openstack-ingress + install: + no_hooks: False + upgrade: + no_hooks: False + pre: + delete: + - type: job + labels: + release_group: osh-openstack-ingress + values: + labels: + server: + node_selector_key: openstack-control-plane + node_selector_value: enabled + error_server: + node_selector_key: openstack-control-plane + node_selector_value: enabled + pod: + replicas: + error_page: 2 + ingress: 2 + source: + type: tar + location: http://172.17.0.1/helm_charts/ingress-0.1.0.tgz + subpath: ingress + reference: master + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: default-provisioner +data: + chart_name: provisioner + release: default-provisioner + namespace: default + wait: + timeout: 1800 + labels: + app: local-volume-provisioner + install: + no_hooks: False + upgrade: + no_hooks: False + pre: + delete: + - type: job + labels: + app: local-volume-provisioner + source: + type: tar + location: http://172.17.0.1/helm_charts/provisioner-2.0.0.tgz + subpath: provisioner + reference: master + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kube-system-rbd-provisioner +data: + chart_name: rbd-provisioner + release: kube-system-rbd-provisioner + namespace: kube-system + wait: + timeout: 1800 + labels: + app: rbd-provisioner + install: + no_hooks: False + upgrade: + no_hooks: False + pre: + delete: + - type: job + labels: + app: rbd-provisioner + source: + type: tar + location: http://172.17.0.1/helm_charts/rbd-provisioner-0.1.0.tgz + subpath: rbd-provisioner + reference: master + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-mariadb +data: + chart_name: mariadb + release: openstack-mariadb + namespace: openstack + wait: + timeout: 1800 + labels: + release_group: osh-openstack-mariadb + install: + no_hooks: False + upgrade: + no_hooks: False + pre: + delete: + - type: job + labels: + release_group: osh-openstack-mariadb + values: + endpoints: + oslo_db: + auth: + admin: + password: CmA1aNGMQV0BkWubdURG + monitoring: + prometheus: + enabled: True + labels: + server: + node_selector_key: openstack-control-plane + node_selector_value: enabled + prometheus_mysql_exporter: + node_selector_key: openstack-control-plane + node_selector_value: enabled + source: + type: tar + location: http://172.17.0.1/helm_charts/mariadb-0.1.0.tgz + subpath: mariadb + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-memcached +data: + chart_name: memcached + release: openstack-memcached + namespace: openstack + wait: + timeout: 1800 + labels: + release_group: osh-openstack-memcached + install: + no_hooks: False + upgrade: + no_hooks: False + pre: + delete: + - type: job + labels: + release_group: osh-openstack-memcached + values: + labels: + server: + node_selector_key: openstack-control-plane + node_selector_value: enabled + prometheus_memcached_exporter: + node_selector_key: openstack-control-plane + node_selector_value: enabled + monitoring: + prometheus: + enabled: true + source: + type: tar + location: http://172.17.0.1/helm_charts/memcached-0.1.0.tgz + subpath: memcached + reference: master + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-rabbitmq +data: + chart_name: rabbitmq + release: openstack-rabbitmq + namespace: openstack + wait: + timeout: 1800 + labels: + release_group: osh-openstack-rabbitmq + test: + enabled: true + install: + no_hooks: False + upgrade: + no_hooks: False + pre: + delete: + - type: job + labels: + release_group: osh-openstack-rabbitmq + - type: pod + labels: + release_group: osh-openstack-rabbitmq + component: test + values: + endpoints: + oslo_messaging: + auth: + user: + username: rabbitmq-admin + password: 4xWhfGjdQts1SyvXJXs5 + monitoring: + prometheus: + enabled: True + labels: + server: + node_selector_key: openstack-control-plane + node_selector_value: enabled + prometheus_rabbitmq_exporter: + node_selector_key: openstack-control-plane + node_selector_value: enabled + source: + type: tar + location: http://172.17.0.1/helm_charts/rabbitmq-0.1.0.tgz + subpath: rabbitmq + reference: master + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-keystone +data: + chart_name: keystone + release: openstack-keystone + namespace: openstack + wait: + timeout: 1800 + labels: + release_group: osh-openstack-keystone + test: + enabled: false + install: + no_hooks: False + upgrade: + no_hooks: False + pre: + delete: + - type: job + labels: + release_group: osh-openstack-keystone + - type: pod + labels: + release_group: osh-openstack-keystone + component: test + values: + endpoints: + identity: + name: keystone + namespace: openstack + auth: + admin: + password: BhKhCWNYckYuVIcTW52Q + oslo_cache: + auth: + memcache_secret_key: DO9IThaQIbbxxB6wiAcJ + oslo_db: + auth: + admin: + password: CmA1aNGMQV0BkWubdURG + keystone: + password: Xq49RaT1dPhvAK9qewcc + oslo_messaging: + auth: + admin: + username: rabbitmq-admin + password: 4xWhfGjdQts1SyvXJXs5 + keystone: + username: keystone-rabbitmq-user + password: W8e12kM78YD8tsftnFxK + labels: + api: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + pod: + replicas: + api: 2 + source: + type: tar + location: http://172.17.0.1/helm_charts/keystone-0.1.0.tgz + subpath: keystone + reference: master + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-glance +data: + chart_name: glance + release: openstack-glance + namespace: openstack + wait: + timeout: 1800 + labels: + release_group: osh-openstack-glance + test: + enabled: true + install: + no_hooks: False + upgrade: + no_hooks: False + pre: + delete: + - type: job + labels: + release_group: osh-openstack-glance + - type: pod + labels: + release_group: osh-openstack-glance + component: test + values: + endpoints: + identity: + auth: + admin: + password: BhKhCWNYckYuVIcTW52Q + glance: + password: 8a4DxWzxiWDEmKkfMhWg + oslo_db: + auth: + admin: + password: CmA1aNGMQV0BkWubdURG + glance: + password: TWursD54scxUJpPyE3VO + oslo_cache: + auth: + memcache_secret_key: DO9IThaQIbbxxB6wiAcJ + oslo_messaging: + auth: + admin: + username: rabbitmq-admin + password: 4xWhfGjdQts1SyvXJXs5 + glance: + username: glance-rabbitmq-user + password: YkR31SCdsFYKiP6wvEgp + labels: + api: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + registry: + node_selector_key: openstack-control-plane + node_selector_value: enabled + pod: + replicas: + api: 2 + registry: 2 + source: + type: tar + location: http://172.17.0.1/helm_charts/glance-0.1.0.tgz + subpath: glance + reference: master + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-cinder +data: + chart_name: cinder + release: openstack-cinder + namespace: openstack + wait: + timeout: 1800 + labels: + release_group: osh-openstack-cinder + test: + enabled: true + install: + no_hooks: False + upgrade: + no_hooks: False + pre: + delete: + - type: job + labels: + release_group: osh-openstack-cinder + - type: pod + labels: + release_group: osh-openstack-cinder + component: test + values: + endpoints: + identity: + auth: + admin: + password: BhKhCWNYckYuVIcTW52Q + cinder: + password: YXWfRQIcnBUub4G537Sv + oslo_db: + auth: + admin: + password: CmA1aNGMQV0BkWubdURG + cinder: + password: Ejfga0IWLPbVDfL2rQuY + oslo_cache: + auth: + memcache_secret_key: DO9IThaQIbbxxB6wiAcJ + oslo_messaging: + auth: + admin: + username: rabbitmq-admin + password: 4xWhfGjdQts1SyvXJXs5 + cinder: + username: cinder-rabbitmq-user + password: HJfBmxrfWdkW1MNpXFrB + labels: + api: + node_selector_key: openstack-control-plane + node_selector_value: enabled + backup: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + scheduler: + node_selector_key: openstack-control-plane + node_selector_value: enabled + volume: + node_selector_key: openstack-control-plane + node_selector_value: enabled + pod: + replicas: + api: 2 + volume: 1 + scheduler: 1 + backup: 1 + conf: + cinder: + DEFAULT: + backup_driver: cinder.backup.drivers.swift + source: + type: tar + location: http://172.17.0.1/helm_charts/cinder-0.1.0.tgz + subpath: cinder + reference: master + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-libvirt +data: + chart_name: libvirt + release: openstack-libvirt + namespace: openstack + install: + no_hooks: False + upgrade: + no_hooks: False + values: + labels: + agent: + libvirt: + node_selector_key: openstack-compute-node + node_selector_value: enabled + source: + type: tar + location: http://172.17.0.1/helm_charts/libvirt-0.1.0.tgz + subpath: libvirt + reference: master + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-nova +data: + chart_name: nova + release: openstack-nova + namespace: openstack + test: + enabled: false + install: + no_hooks: False + upgrade: + no_hooks: False + pre: + delete: + - type: job + labels: + application: nova + component: db-init + - type: job + labels: + application: nova + component: db-sync + - type: job + labels: + application: nova + component: ks-user + - type: job + labels: + application: nova + component: ks-service + - type: job + labels: + application: nova + component: ks-endpoints + - type: job + labels: + application: placement + component: ks-user + - type: job + labels: + application: placement + component: ks-service + - type: job + labels: + application: placement + component: ks-endpoints + - type: job + labels: + application: nova + component: cell-setup + values: + endpoints: + identity: + name: keystone + auth: + admin: + password: BhKhCWNYckYuVIcTW52Q + nova: + password: oGbphe9vHjGK4cR21ZQn + neutron: + password: fgtvWl00tUbDjedDBnQS + placement: + password: cL8kJkLLmPP6VhmoKdK3 + oslo_db: + auth: + admin: + password: CmA1aNGMQV0BkWubdURG + nova: + password: 7oPQP9dTxDtvMZRz5eZK + oslo_db_api: + auth: + admin: + password: CmA1aNGMQV0BkWubdURG + nova: + password: 7oPQP9dTxDtvMZRz5eZK + oslo_db_cell0: + auth: + admin: + password: CmA1aNGMQV0BkWubdURG + nova: + password: 7oPQP9dTxDtvMZRz5eZK + oslo_cache: + auth: + memcache_secret_key: DO9IThaQIbbxxB6wiAcJ + oslo_messaging: + auth: + admin: + username: rabbitmq-admin + password: 4xWhfGjdQts1SyvXJXs5 + nova: + username: nova-rabbitmq-user + password: ocx0315VoRlRhw7hx3Ge + labels: + agent: + compute: + node_selector_key: openstack-compute-node + node_selector_value: enabled + compute_ironic: + node_selector_key: openstack-compute-node + node_selector_value: enabled + api_metadata: + node_selector_key: openstack-control-plane + node_selector_value: enabled + conductor: + node_selector_key: openstack-control-plane + node_selector_value: enabled + consoleauth: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + novncproxy: + node_selector_key: openstack-control-plane + node_selector_value: enabled + osapi: + node_selector_key: openstack-control-plane + node_selector_value: enabled + placement: + node_selector_key: openstack-control-plane + node_selector_value: enabled + scheduler: + node_selector_key: openstack-control-plane + node_selector_value: enabled + spiceproxy: + node_selector_key: openstack-control-plane + node_selector_value: enabled + test: + node_selector_key: openstack-control-plane + node_selector_value: enabled + pod: + replicas: + api_metadata: 1 + placement: 1 + osapi: 1 + conductor: 1 + consoleauth: 1 + scheduler: 1 + novncproxy: 1 + conf: + nova: + libvirt: + virt_type: qemu + cpu_mode: none + source: + type: tar + location: http://172.17.0.1/helm_charts/nova-0.1.0.tgz + subpath: nova + reference: master + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-neutron +data: + chart_name: neutron + release: openstack-neutron + namespace: openstack + install: + no_hooks: False + upgrade: + no_hooks: False + pre: + delete: + - type: job + labels: + application: neutron + component: db-init + - type: job + labels: + application: neutron + component: db-sync + - type: job + labels: + application: neutron + component: ks-user + - type: job + labels: + application: neutron + component: ks-service + - type: job + labels: + application: neutron + component: ks-endpoints + values: + endpoints: + identity: + auth: + admin: + password: BhKhCWNYckYuVIcTW52Q + neutron: + password: fgtvWl00tUbDjedDBnQS + nova: + password: oGbphe9vHjGK4cR21ZQn + oslo_db: + auth: + admin: + password: CmA1aNGMQV0BkWubdURG + neutron: + password: SJMFLxwCwp64mk2xVmTI + oslo_cache: + auth: + memcache_secret_key: DO9IThaQIbbxxB6wiAcJ + oslo_messaging: + auth: + admin: + username: rabbitmq-admin + password: 4xWhfGjdQts1SyvXJXs5 + neutron: + username: neutron-rabbitmq-user + password: Q2vgX1jZerJyPgCW3t1D + pod: + replicas: + server: 2 + labels: + agent: + dhcp: + node_selector_key: openstack-control-plane + node_selector_value: enabled + l3: + node_selector_key: openstack-control-plane + node_selector_value: enabled + metadata: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + lb: + node_selector_key: linuxbridge + node_selector_value: enabled + # ovs is a special case, requiring a special + # label that can apply to both control hosts + # and compute hosts, until we get more sophisticated + # with our daemonset scheduling + ovs: + node_selector_key: openvswitch + node_selector_value: enabled + server: + node_selector_key: openstack-control-plane + node_selector_value: enabled + test: + node_selector_key: openstack-control-plane + node_selector_value: enabled + network: + interface: + tunnel: enp0s3 + conf: + neutron: + DEFAULT: + l3_ha: True + min_l3_agents_per_router: 2 + max_l3_agents_per_router: 5 + l3_ha_network_type: vxlan + dhcp_agents_per_network: 2 + plugins: + ml2_conf: + ml2_type_flat: + flat_networks: public + openvswitch_agent: + agent: + tunnel_types: vxlan + ovs: + bridge_mappings: public:br-ex + source: + type: tar + location: http://172.17.0.1/helm_charts/neutron-0.1.0.tgz + subpath: neutron + reference: master + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-heat +data: + chart_name: heat + release: openstack-heat + namespace: openstack + wait: + timeout: 1800 + labels: + release_group: osh-openstack-heat + test: + enabled: true + install: + no_hooks: False + upgrade: + no_hooks: False + pre: + delete: + - type: job + labels: + release_group: osh-openstack-heat + - type: pod + labels: + release_group: osh-openstack-heat + component: test + values: + endpoints: + identity: + auth: + admin: + password: BhKhCWNYckYuVIcTW52Q + heat: + password: UV3v0doQfatnu4b5xkNN + heat_trustee: + password: hGIslXC4trwZuQqITNmE + heat_stack_user: + password: QJTmPxjFw0a8FkCWDKvu + oslo_db: + auth: + admin: + password: CmA1aNGMQV0BkWubdURG + heat: + password: XZHzE0p1hZ1PfFY1TFHr + oslo_cache: + hosts: + default: heat-memcached + oslo_messaging: + auth: + admin: + username: rabbitmq-admin + password: 4xWhfGjdQts1SyvXJXs5 + heat: + username: heat-rabbitmq-user + password: ukniwaxwmVfgRqSoA9mn + labels: + api: + node_selector_key: openstack-control-plane + node_selector_value: enabled + cfn: + node_selector_key: openstack-control-plane + node_selector_value: enabled + cloudwatch: + node_selector_key: openstack-control-plane + node_selector_value: enabled + engine: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + pod: + replicas: + api: 2 + cfn: 2 + cloudwatch: 2 + engine: 2 + source: + type: tar + location: http://172.17.0.1/helm_charts/heat-0.1.0.tgz + subpath: heat + reference: master + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-gnocchi +data: + chart_name: gnocchi + release: openstack-gnocchi + namespace: openstack + wait: + timeout: 1800 + labels: + release_group: osh-openstack-gnocchi + test: + enabled: False + install: + no_hooks: False + upgrade: + no_hooks: False + pre: + delete: + - type: job + labels: + release_group: osh-openstack-gnocchi + - type: pod + labels: + release_group: osh-openstack-gnocchi + component: test + values: + endpoints: + identity: + auth: + admin: + password: BhKhCWNYckYuVIcTW52Q + gnocchi: + password: VR3JaxBM5w4N3s1n07eB + oslo_db: + auth: + admin: + password: CmA1aNGMQV0BkWubdURG + gnocchi: + password: SPrX7Gb43I3iS3exQXOL + oslo_cache: + auth: + memcache_secret_key: DO9IThaQIbbxxB6wiAcJ + conf: + apache: | + Listen 0.0.0.0:{{ tuple "metric" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + + SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded + CustomLog /dev/stdout combined env=!forwarded + CustomLog /dev/stdout proxy env=forwarded + + + WSGIDaemonProcess gnocchi processes=1 threads=2 user=gnocchi group=gnocchi display-name=%{GROUP} + WSGIProcessGroup gnocchi + WSGIScriptAlias / "/var/lib/openstack/bin/gnocchi-api" + WSGIApplicationGroup %{GLOBAL} + + ErrorLog /dev/stdout + SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded + CustomLog /dev/stdout combined env=!forwarded + CustomLog /dev/stdout proxy env=forwarded + + + Require all granted + + + paste: + composite:gnocchi+basic: + use: egg:Paste#urlmap + /: gnocchiversions_pipeline + /v1: gnocchiv1+noauth + /healthcheck: healthcheck + composite:gnocchi+keystone: + use: egg:Paste#urlmap + /: gnocchiversions_pipeline + /v1: gnocchiv1+keystone + /healthcheck: healthcheck + composite:gnocchi+remoteuser: + use: egg:Paste#urlmap + /: gnocchiversions_pipeline + /v1: gnocchiv1+noauth + /healthcheck: healthcheck + pipeline:gnocchiv1+noauth: + pipeline: http_proxy_to_wsgi gnocchiv1 + pipeline:gnocchiv1+keystone: + pipeline: http_proxy_to_wsgi keystone_authtoken gnocchiv1 + pipeline:gnocchiversions_pipeline: + pipeline: http_proxy_to_wsgi gnocchiversions + app:gnocchiversions: + paste.app_factory: gnocchi.rest.app:app_factory + root: gnocchi.rest.api.VersionsController + app:gnocchiv1: + paste.app_factory: gnocchi.rest.app:app_factory + root: gnocchi.rest.api.V1Controller + filter:keystone_authtoken: + use: egg:keystonemiddleware#auth_token + oslo_config_project: gnocchi + filter:http_proxy_to_wsgi: + use: egg:oslo.middleware#http_proxy_to_wsgi + oslo_config_project: gnocchi + app:healthcheck: + use: egg:oslo.middleware#healthcheck + oslo_config_project: gnocchi + source: + type: tar + location: http://172.17.0.1/helm_charts/gnocchi-0.1.0.tgz + subpath: gnocchi + reference: master + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-horizon +data: + chart_name: horizon + release: openstack-horizon + namespace: openstack + wait: + timeout: 1800 + labels: + release_group: osh-openstack-horizon + install: + no_hooks: False + upgrade: + no_hooks: False + pre: + delete: + - type: job + labels: + release_group: osh-openstack-horizon + values: + endpoints: + oslo_db: + auth: + admin: + password: CmA1aNGMQV0BkWubdURG + horizon: + password: WoPQP9dTxYtvMZRz5eZK + source: + type: tar + location: http://172.17.0.1/helm_charts/horizon-0.1.0.tgz + subpath: horizon + reference: master + dependencies: + - helm-toolkit +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: kube-system-ingress +data: + description: "System Ingress Controller" + sequenced: False + chart_group: + - kube-system-ingress +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-ingress +data: + description: "OpenStack Ingress Controller" + sequenced: False + chart_group: + - openstack-ingress +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: provisioner +data: + description: "Provisioner" + sequenced: False + chart_group: + - default-provisioner +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-mariadb +data: + description: "Mariadb" + sequenced: True + chart_group: + - openstack-mariadb +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-memcached +data: + description: "Memcached" + sequenced: True + chart_group: + - openstack-memcached +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-rabbitmq +data: + description: "Rabbitmq" + sequenced: True + chart_group: + - openstack-rabbitmq +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-keystone +data: + description: "Deploy keystone" + sequenced: True + chart_group: + - openstack-keystone +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-glance +data: + description: "Deploy glance" + sequenced: True + chart_group: + - openstack-glance +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-cinder +data: + description: "Deploy cinder" + sequenced: True + chart_group: + - openstack-cinder +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-compute-kit +data: + description: "Deploy nova and neutron, as well as supporting services" + sequenced: False + chart_group: + - openstack-libvirt + - openstack-nova + - openstack-neutron +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-heat +data: + description: "Deploy heat" + sequenced: True + chart_group: + - openstack-heat +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-gnocchi +data: + description: "Deploy gnocchi" + sequenced: False + chart_group: + - openstack-gnocchi +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: openstack-horizon +data: + description: "Deploy horizon" + sequenced: False + chart_group: + - openstack-horizon +--- +schema: armada/Manifest/v1 +metadata: + schema: metadata/Document/v1 + name: armada-manifest +data: + release_prefix: osh + chart_groups: + - kube-system-ingress + - openstack-ingress + - provisioner + - openstack-mariadb + - openstack-memcached + - openstack-rabbitmq + - openstack-keystone + - openstack-glance + # gnocchi is only supported on systems with ceph + # once ceph is enabled on all systems, this can be uncommented + # - openstack-gnocchi + - openstack-compute-kit + - openstack-heat + - openstack-horizon + - openstack-cinder