Add OpenStack clients helm chart

As part of the work to achieve the decoupling of OpenStack clients used
by STX-OpenStack from StarlingX, this change introduces a helm chart,
called `clients`, that combines all OpenStack clients into a single
container.

With this change, after applying STX-OpenStack, it will be possible to
use, in addition to the platform's clients, the container's clients,
which, initially, would be both in the same version.

Although this might seem redundant at first glance, once we are able to
build different versions of the same package, e.g.:

 * `python3-keystoneclient` @ stable/victoria; and
 * `python3-keystoneclient` @ stable/2023.1.

We will be able to choose, for the container's clients, package versions
different from those used by the platform's clients, which means that it
will be possible to study and evaluate the upversion to Antelope without
disrupting the application's functioning in its current version: Ussuri.

Note: This change is *not* the end result of client containerization.
      Rather, it is just the beginning. Soon, other tweaks will come on
      top of this code, to configure volume mounts, permissions, etc.

Test Plan:
PASS - Build python3-k8sapp-openstack package
PASS - Build stx-openstack-helm-fluxcd package
PASS - Build stx-openstack helm charts
PASS - Upload/apply stx-openstack (AIO-SX)
PASS - Upload/apply stx-openstack (AIO-DX)
PASS - Verify that the `clients` container is up and running, with all
       OpenStack clients installed:
       `$ apt list --installed | grep python.*client`
PASS - Remove/delete stx-openstack (AIO-SX)
PASS - Remove/delete stx-openstack (AIO-DX)

Story: 2010774
Task: 48206

Change-Id: I3a58bfdcd06d8383699e1e6c4be51211a343d5dc
Signed-off-by: Luan Nunes Utimura <LuanNunes.Utimura@windriver.com>

python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/common/constants.py

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2019-2021 Wind River Systems, Inc.
+# Copyright (c) 2019-2023 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@@ -19,6 +19,7 @@ HELM_CHART_AODH = 'aodh'
 HELM_CHART_BARBICAN = 'barbican'
 HELM_CHART_CEILOMETER = 'ceilometer'
 HELM_CHART_CINDER = 'cinder'
+HELM_CHART_CLIENTS = 'clients'
 HELM_CHART_FM_REST_API = 'fm-rest-api'
 HELM_CHART_GARBD = 'garbd'
 HELM_CHART_GLANCE = 'glance'
@@ -50,6 +51,7 @@ FLUXCD_HELMRELEASE_AODH = 'aodh'
 FLUXCD_HELMRELEASE_BARBICAN = 'barbican'
 FLUXCD_HELMRELEASE_CEILOMETER = 'ceilometer'
 FLUXCD_HELMRELEASE_CINDER = 'cinder'
+FLUXCD_HELMRELEASE_CLIENTS = 'clients'
 FLUXCD_HELMRELEASE_FM_REST_API = 'fm-rest-api'
 FLUXCD_HELMRELEASE_GARBD = 'garbd'
 FLUXCD_HELMRELEASE_GLANCE = 'glance'

python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/clients.py

@@ -0,0 +1,86 @@
+#
+# Copyright (c) 2023 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+from oslo_log import log as logging
+from sysinv.common import constants
+from sysinv.common import exception
+from sysinv.common import utils
+from sysinv.helm import common
+
+from k8sapp_openstack.common import constants as app_constants
+from k8sapp_openstack.helm import openstack
+
+LOG = logging.getLogger(__name__)
+
+
+class ClientsHelm(openstack.OpenstackBaseHelm):
+    """Class to encapsulate helm operations for the Clients chart."""
+
+    CHART = app_constants.HELM_CHART_CLIENTS
+    HELM_RELEASE = app_constants.FLUXCD_HELMRELEASE_CLIENTS
+
+    SERVICE_NAME = app_constants.HELM_CHART_CLIENTS
+
+    def __init__(self, operator):
+        super(ClientsHelm, self).__init__(operator)
+
+    def get_overrides(self, namespace=None):
+        host_overrides = self._get_per_host_overrides()
+
+        overrides = {
+            common.HELM_NS_OPENSTACK: {
+                "endpoints": self._get_endpoints_overrides(),
+                "conf": {
+                    "overrides": {
+                        "clients_clients": {
+                            "hosts": host_overrides,
+                        }
+                    }
+                }
+            }
+        }
+
+        if namespace in self.SUPPORTED_NAMESPACES:
+            return overrides[namespace]
+        elif namespace:
+            raise exception.InvalidHelmNamespace(chart=self.CHART,
+                                                 namespace=namespace)
+        else:
+            return overrides
+
+    def _get_endpoints_overrides(self):
+        overrides = self._get_common_users_overrides(
+                    common.SERVICE_ADMIN)
+
+        overrides['admin'].update({
+            'project_name': self._get_admin_project_name(),
+            'project_domain_name': self._get_admin_project_domain(),
+            'user_domain_name': self._get_admin_user_domain(),
+        })
+
+        return {
+            'identity': {
+                'auth': overrides
+            },
+        }
+
+    def _get_per_host_overrides(self):
+        host_list = []
+        hosts = self.dbapi.ihost_get_list()
+
+        for host in hosts:
+            if (host.invprovision in [constants.PROVISIONED,
+                                      constants.PROVISIONING]):
+                if constants.WORKER in utils.get_personalities(host):
+
+                    hostname = str(host.hostname)
+
+                    host_clients = {
+                        'name': hostname,
+                        'conf': {}
+                    }
+                    host_list.append(host_clients)
+        return host_list

python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/openstack.py

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2019-2022 Wind River Systems, Inc.
+# Copyright (c) 2019-2023 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@@ -106,6 +106,21 @@ class OpenstackBaseHelm(FluxCDBaseHelm):
             app_constants.HELM_CHART_KEYSTONE]
         return keystone_operator.get_admin_user_name()
 
+    def _get_admin_project_name(self):
+        keystone_operator = self._operator.chart_operators[
+            app_constants.HELM_CHART_KEYSTONE]
+        return keystone_operator.get_admin_project_name()
+
+    def _get_admin_project_domain(self):
+        keystone_operator = self._operator.chart_operators[
+            app_constants.HELM_CHART_KEYSTONE]
+        return keystone_operator.get_admin_project_domain()
+
+    def _get_admin_user_domain(self):
+        keystone_operator = self._operator.chart_operators[
+            app_constants.HELM_CHART_KEYSTONE]
+        return keystone_operator.get_admin_user_domain()
+
     def _get_identity_password(self, service, user):
         passwords = self.context.setdefault('_service_passwords', {})
         if service not in passwords:

python3-k8sapp-openstack/k8sapp_openstack/setup.cfg

@@ -61,6 +61,7 @@ systemconfig.helm_plugins.openstack =
     026_fm-rest-api = k8sapp_openstack.helm.fm_rest_api:FmRestApiHelm
     027_dcdbsync = k8sapp_openstack.helm.dcdbsync:DcdbsyncHelm
     028_pci-irq-affinity-agent = k8sapp_openstack.helm.pci_irq_affinity_agent:PciIrqAffinityAgentHelm
+    029_clients = k8sapp_openstack.helm.clients:ClientsHelm
 
 systemconfig.fluxcd.kustomize_ops =
     openstack = k8sapp_openstack.kustomize.kustomize_openstack:OpenstackFluxCDKustomizeOperator

stx-openstack-helm-fluxcd/debian/deb_folder/rules

@@ -26,6 +26,7 @@ override_dh_auto_build:
 	cd helm-charts && make fm-rest-api
 	cd helm-charts && make nginx-ports-control
 	cd helm-charts && make dcdbsync
+	cd helm-charts && make clients
 	# Terminate the helm chart server.
 	pkill chartmuseum
 	# Remove helm-toolkit. This will be packaged with openstack-helm-infra.

stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: Helm chart for stx-openstack containerized openstack-clients
+name: clients
+version: 0.1.0

stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/requirements.yaml

@@ -0,0 +1,11 @@
+#
+# Copyright (c) 2023 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+dependencies:
+  - name: helm-toolkit
+    repository: http://localhost:8879/charts
+    version: ">= 0.1.0"
+

stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/templates/configmap-etc.yaml

@@ -0,0 +1,27 @@
+{{/*
+#
+# Copyright (c) 2023 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+{{- define "clients.configmap.etc" }}
+{{- $configMapName := index . 0 }}
+{{- $envAll := index . 1 }}
+{{- with $envAll }}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $configMapName }}
+type: Opaque
+data: {}
+{{- end }}
+{{- end }}
+
+{{- if .Values.manifests.configmap_etc }}
+{{- list "clients-etc" . | include "clients.configmap.etc" }}
+{{- end }}
+

stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/templates/daemonset-clients.yaml

@@ -0,0 +1,60 @@
+{{/*
+#
+# Copyright (c) 2023 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+{{- define "clients.daemonset" }}
+{{- $daemonset := index . 0 }}
+{{- $configMapName := index . 1 }}
+{{- $serviceAccountName := index . 2 }}
+{{- $envAll := index . 3 }}
+{{- with $envAll }}
+
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: clients
+  annotations:
+    {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+  labels:
+{{ tuple $envAll "clients" "clients" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+spec:
+  selector:
+    matchLabels:
+{{ tuple $envAll "clients" "clients" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
+  template:
+    metadata:
+      labels:
+{{ tuple $envAll "clients" "clients" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+    spec:
+      serviceAccountName: {{ $serviceAccountName }}
+      nodeSelector:
+        {{ .Values.labels.openstack_clients.node_selector_key }}: {{ .Values.labels.openstack_clients.node_selector_value }}
+      tolerations:
+{{ toYaml .Values.tolerations | indent 8 }}
+      containers:
+        - name: clients
+          command:
+          - /bin/bash
+          stdin: true
+{{ tuple $envAll "openstack_clients" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{- end }}
+{{- end }}
+
+{{- if .Values.manifests.daemonset_clients }}
+{{- $envAll := . }}
+{{- $daemonset := "clients" }}
+{{- $configMapName := "clients-etc" }}
+{{- $serviceAccountName := "clients" }}
+{{- $dependencyOpts := dict "envAll" $envAll "dependencyKey" "clients" -}}
+{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }}
+{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+{{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "clients.daemonset" | toString | fromYaml }}
+{{- $configmap_yaml := "clients.configmap.etc" }}
+{{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }}
+{{- end }}
+

stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/values.yaml

@@ -0,0 +1,100 @@
+#
+# Copyright (c) 2023 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# Default values for clients.
+# This is a YAML-formatted file.
+# Declare name/value pairs to be passed into your templates.
+# name: value
+
+release_group: null
+
+images:
+  tags:
+    openstack_clients: docker.io/starlingx/stx-openstackclients:master-debian-stable-latest
+    dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+  pull_policy: "IfNotPresent"
+  local_registry:
+    active: false
+    exclude:
+      - dep_check
+      - image_repo_sync
+
+labels:
+  openstack_clients:
+    node_selector_key: openstack-control-plane
+    node_selector_value: enabled
+
+dependencies:
+  dynamic:
+    common:
+      local_image_registry:
+        jobs:
+          - image-repo-sync
+        services:
+          - endpoint: node
+            service: local_image_registry
+  static:
+    image_repo_sync:
+      services:
+        - endpoint: internal
+          service: local_image_registry
+    clients:
+      services:
+        - endpoint: internal
+          service: identity
+
+endpoints:
+  cluster_domain_suffix: cluster.local
+  local_image_registry:
+    name: docker-registry
+    namespace: docker-registry
+    hosts:
+      default: localhost
+      internal: docker-registry
+      node: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        node: 5000
+  identity:
+    name: keystone
+    auth:
+      admin:
+        region_name: RegionOne
+        username: admin
+        password: password
+        project_name: admin
+        user_domain_name: default
+        project_domain_name: default
+      nova:
+        role: admin
+        region_name: RegionOne
+        username: nova
+        password: password
+        project_name: service
+        user_domain_name: service
+        project_domain_name: service
+    hosts:
+      default: keystone-api
+      public: keystone
+    host_fqdn_override:
+      default: null
+    path:
+      default: /v3
+    scheme:
+      default: http
+    port:
+      api:
+        default: 80
+        internal: 5000
+
+conf: {}
+
+tolerations: []
+
+manifests:
+  daemonset_clients: true

stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/clients/clients-static-overrides.yaml

@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2023 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+---
+release_group: osh-openstack-clients
+images:
+  tags:
+    openstack_clients: docker.io/starlingx/stx-openstackclients:master-debian-stable-latest
+tolerations:
+  - key: node-role.kubernetes.io/control-plane
+    operator: Exists
+    effect: NoSchedule
+...

stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/clients/helmrelease.yaml

@@ -0,0 +1,41 @@
+#
+# Copyright (c) 2023 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+---
+apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
+kind: HelmRelease
+metadata:
+  name: clients
+  labels:
+    chart_group: clients
+spec:
+  releaseName: osh-openstack-clients
+  chart:
+    spec:
+      chart: clients
+      version: 0.1.0
+      sourceRef:
+        kind: HelmRepository
+        name: starlingx
+  interval: 1m
+  timeout: 30m
+  test:
+    enable: false
+  install:
+    disableHooks: false
+  upgrade:
+    disableHooks: false
+  dependsOn:
+    - name: heat
+      namespace: openstack
+  valuesFrom:
+    - kind: Secret
+      name: clients-static-overrides
+      valuesKey: clients-static-overrides.yaml
+    - kind: Secret
+      name: clients-system-overrides
+      valuesKey: clients-system-overrides.yaml
+...

stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/clients/kustomization.yaml

@@ -0,0 +1,20 @@
+#
+# Copyright (c) 2023 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+---
+namespace: openstack
+resources:
+  - helmrelease.yaml
+secretGenerator:
+  - name: clients-static-overrides
+    files:
+      - clients-static-overrides.yaml
+  - name: clients-system-overrides
+    files:
+      - clients-system-overrides.yaml
+generatorOptions:
+  disableNameSuffixHash: true
+...

stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/kustomization.yaml

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2022 Wind River Systems, Inc.
+# Copyright (c) 2023 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@@ -37,4 +37,5 @@ resources:
   - aodh
   - ceilometer
   - gnocchi
+  - clients
 ...