From 9ba60e1a1408782817d1178c2daa955ccece756e Mon Sep 17 00:00:00 2001 From: Luan Nunes Utimura Date: Thu, 8 Jun 2023 13:57:01 -0300 Subject: [PATCH] Add OpenStack clients helm chart As part of the work to achieve the decoupling of OpenStack clients used by STX-OpenStack from StarlingX, this change introduces a helm chart, called `clients`, that combines all OpenStack clients into a single container. With this change, after applying STX-OpenStack, it will be possible to use, in addition to the platform's clients, the container's clients, which, initially, would be both in the same version. Although this might seem redundant at first glance, once we are able to build different versions of the same package, e.g.: * `python3-keystoneclient` @ stable/victoria; and * `python3-keystoneclient` @ stable/2023.1. We will be able to choose, for the container's clients, package versions different from those used by the platform's clients, which means that it will be possible to study and evaluate the upversion to Antelope without disrupting the application's functioning in its current version: Ussuri. Note: This change is *not* the end result of client containerization. Rather, it is just the beginning. Soon, other tweaks will come on top of this code, to configure volume mounts, permissions, etc. Test Plan: PASS - Build python3-k8sapp-openstack package PASS - Build stx-openstack-helm-fluxcd package PASS - Build stx-openstack helm charts PASS - Upload/apply stx-openstack (AIO-SX) PASS - Upload/apply stx-openstack (AIO-DX) PASS - Verify that the `clients` container is up and running, with all OpenStack clients installed: `$ apt list --installed | grep python.*client` PASS - Remove/delete stx-openstack (AIO-SX) PASS - Remove/delete stx-openstack (AIO-DX) Story: 2010774 Task: 48206 Change-Id: I3a58bfdcd06d8383699e1e6c4be51211a343d5dc Signed-off-by: Luan Nunes Utimura --- .../k8sapp_openstack/common/constants.py | 4 +- .../k8sapp_openstack/helm/clients.py | 86 +++++++++++++++ .../k8sapp_openstack/helm/openstack.py | 17 ++- .../k8sapp_openstack/setup.cfg | 1 + .../debian/deb_folder/rules | 1 + .../helm-charts/clients/Chart.yaml | 5 + .../helm-charts/clients/requirements.yaml | 11 ++ .../clients/templates/configmap-etc.yaml | 27 +++++ .../clients/templates/daemonset-clients.yaml | 60 +++++++++++ .../helm-charts/clients/values.yaml | 100 ++++++++++++++++++ .../clients/clients-static-overrides.yaml | 16 +++ .../clients/clients-system-overrides.yaml | 0 .../manifests/clients/helmrelease.yaml | 41 +++++++ .../manifests/clients/kustomization.yaml | 20 ++++ .../manifests/kustomization.yaml | 3 +- 15 files changed, 389 insertions(+), 3 deletions(-) create mode 100644 python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/clients.py create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/Chart.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/requirements.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/templates/configmap-etc.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/templates/daemonset-clients.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/values.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/clients/clients-static-overrides.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/clients/clients-system-overrides.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/clients/helmrelease.yaml create mode 100644 stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/clients/kustomization.yaml diff --git a/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/common/constants.py b/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/common/constants.py index 92941dac..0fd09c3f 100644 --- a/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/common/constants.py +++ b/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/common/constants.py @@ -1,5 +1,5 @@ # -# Copyright (c) 2019-2021 Wind River Systems, Inc. +# Copyright (c) 2019-2023 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -19,6 +19,7 @@ HELM_CHART_AODH = 'aodh' HELM_CHART_BARBICAN = 'barbican' HELM_CHART_CEILOMETER = 'ceilometer' HELM_CHART_CINDER = 'cinder' +HELM_CHART_CLIENTS = 'clients' HELM_CHART_FM_REST_API = 'fm-rest-api' HELM_CHART_GARBD = 'garbd' HELM_CHART_GLANCE = 'glance' @@ -50,6 +51,7 @@ FLUXCD_HELMRELEASE_AODH = 'aodh' FLUXCD_HELMRELEASE_BARBICAN = 'barbican' FLUXCD_HELMRELEASE_CEILOMETER = 'ceilometer' FLUXCD_HELMRELEASE_CINDER = 'cinder' +FLUXCD_HELMRELEASE_CLIENTS = 'clients' FLUXCD_HELMRELEASE_FM_REST_API = 'fm-rest-api' FLUXCD_HELMRELEASE_GARBD = 'garbd' FLUXCD_HELMRELEASE_GLANCE = 'glance' diff --git a/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/clients.py b/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/clients.py new file mode 100644 index 00000000..1d872e77 --- /dev/null +++ b/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/clients.py @@ -0,0 +1,86 @@ +# +# Copyright (c) 2023 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +from oslo_log import log as logging +from sysinv.common import constants +from sysinv.common import exception +from sysinv.common import utils +from sysinv.helm import common + +from k8sapp_openstack.common import constants as app_constants +from k8sapp_openstack.helm import openstack + +LOG = logging.getLogger(__name__) + + +class ClientsHelm(openstack.OpenstackBaseHelm): + """Class to encapsulate helm operations for the Clients chart.""" + + CHART = app_constants.HELM_CHART_CLIENTS + HELM_RELEASE = app_constants.FLUXCD_HELMRELEASE_CLIENTS + + SERVICE_NAME = app_constants.HELM_CHART_CLIENTS + + def __init__(self, operator): + super(ClientsHelm, self).__init__(operator) + + def get_overrides(self, namespace=None): + host_overrides = self._get_per_host_overrides() + + overrides = { + common.HELM_NS_OPENSTACK: { + "endpoints": self._get_endpoints_overrides(), + "conf": { + "overrides": { + "clients_clients": { + "hosts": host_overrides, + } + } + } + } + } + + if namespace in self.SUPPORTED_NAMESPACES: + return overrides[namespace] + elif namespace: + raise exception.InvalidHelmNamespace(chart=self.CHART, + namespace=namespace) + else: + return overrides + + def _get_endpoints_overrides(self): + overrides = self._get_common_users_overrides( + common.SERVICE_ADMIN) + + overrides['admin'].update({ + 'project_name': self._get_admin_project_name(), + 'project_domain_name': self._get_admin_project_domain(), + 'user_domain_name': self._get_admin_user_domain(), + }) + + return { + 'identity': { + 'auth': overrides + }, + } + + def _get_per_host_overrides(self): + host_list = [] + hosts = self.dbapi.ihost_get_list() + + for host in hosts: + if (host.invprovision in [constants.PROVISIONED, + constants.PROVISIONING]): + if constants.WORKER in utils.get_personalities(host): + + hostname = str(host.hostname) + + host_clients = { + 'name': hostname, + 'conf': {} + } + host_list.append(host_clients) + return host_list diff --git a/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/openstack.py b/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/openstack.py index 95920bf6..2268867a 100644 --- a/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/openstack.py +++ b/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/openstack.py @@ -1,5 +1,5 @@ # -# Copyright (c) 2019-2022 Wind River Systems, Inc. +# Copyright (c) 2019-2023 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -106,6 +106,21 @@ class OpenstackBaseHelm(FluxCDBaseHelm): app_constants.HELM_CHART_KEYSTONE] return keystone_operator.get_admin_user_name() + def _get_admin_project_name(self): + keystone_operator = self._operator.chart_operators[ + app_constants.HELM_CHART_KEYSTONE] + return keystone_operator.get_admin_project_name() + + def _get_admin_project_domain(self): + keystone_operator = self._operator.chart_operators[ + app_constants.HELM_CHART_KEYSTONE] + return keystone_operator.get_admin_project_domain() + + def _get_admin_user_domain(self): + keystone_operator = self._operator.chart_operators[ + app_constants.HELM_CHART_KEYSTONE] + return keystone_operator.get_admin_user_domain() + def _get_identity_password(self, service, user): passwords = self.context.setdefault('_service_passwords', {}) if service not in passwords: diff --git a/python3-k8sapp-openstack/k8sapp_openstack/setup.cfg b/python3-k8sapp-openstack/k8sapp_openstack/setup.cfg index 04bf031a..7911a348 100644 --- a/python3-k8sapp-openstack/k8sapp_openstack/setup.cfg +++ b/python3-k8sapp-openstack/k8sapp_openstack/setup.cfg @@ -61,6 +61,7 @@ systemconfig.helm_plugins.openstack = 026_fm-rest-api = k8sapp_openstack.helm.fm_rest_api:FmRestApiHelm 027_dcdbsync = k8sapp_openstack.helm.dcdbsync:DcdbsyncHelm 028_pci-irq-affinity-agent = k8sapp_openstack.helm.pci_irq_affinity_agent:PciIrqAffinityAgentHelm + 029_clients = k8sapp_openstack.helm.clients:ClientsHelm systemconfig.fluxcd.kustomize_ops = openstack = k8sapp_openstack.kustomize.kustomize_openstack:OpenstackFluxCDKustomizeOperator diff --git a/stx-openstack-helm-fluxcd/debian/deb_folder/rules b/stx-openstack-helm-fluxcd/debian/deb_folder/rules index 6d66a9c0..30317fa7 100755 --- a/stx-openstack-helm-fluxcd/debian/deb_folder/rules +++ b/stx-openstack-helm-fluxcd/debian/deb_folder/rules @@ -26,6 +26,7 @@ override_dh_auto_build: cd helm-charts && make fm-rest-api cd helm-charts && make nginx-ports-control cd helm-charts && make dcdbsync + cd helm-charts && make clients # Terminate the helm chart server. pkill chartmuseum # Remove helm-toolkit. This will be packaged with openstack-helm-infra. diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/Chart.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/Chart.yaml new file mode 100644 index 00000000..fa32cfa9 --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: Helm chart for stx-openstack containerized openstack-clients +name: clients +version: 0.1.0 diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/requirements.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/requirements.yaml new file mode 100644 index 00000000..7351dd22 --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/requirements.yaml @@ -0,0 +1,11 @@ +# +# Copyright (c) 2023 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: ">= 0.1.0" + diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/templates/configmap-etc.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/templates/configmap-etc.yaml new file mode 100644 index 00000000..cda4f14d --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/templates/configmap-etc.yaml @@ -0,0 +1,27 @@ +{{/* +# +# Copyright (c) 2023 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- define "clients.configmap.etc" }} +{{- $configMapName := index . 0 }} +{{- $envAll := index . 1 }} +{{- with $envAll }} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $configMapName }} +type: Opaque +data: {} +{{- end }} +{{- end }} + +{{- if .Values.manifests.configmap_etc }} +{{- list "clients-etc" . | include "clients.configmap.etc" }} +{{- end }} + diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/templates/daemonset-clients.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/templates/daemonset-clients.yaml new file mode 100644 index 00000000..5fd2a0bb --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/templates/daemonset-clients.yaml @@ -0,0 +1,60 @@ +{{/* +# +# Copyright (c) 2023 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- define "clients.daemonset" }} +{{- $daemonset := index . 0 }} +{{- $configMapName := index . 1 }} +{{- $serviceAccountName := index . 2 }} +{{- $envAll := index . 3 }} +{{- with $envAll }} + +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: clients + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "clients" "clients" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + selector: + matchLabels: +{{ tuple $envAll "clients" "clients" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} + template: + metadata: + labels: +{{ tuple $envAll "clients" "clients" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + nodeSelector: + {{ .Values.labels.openstack_clients.node_selector_key }}: {{ .Values.labels.openstack_clients.node_selector_value }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + containers: + - name: clients + command: + - /bin/bash + stdin: true +{{ tuple $envAll "openstack_clients" | include "helm-toolkit.snippets.image" | indent 10 }} +{{- end }} +{{- end }} + +{{- if .Values.manifests.daemonset_clients }} +{{- $envAll := . }} +{{- $daemonset := "clients" }} +{{- $configMapName := "clients-etc" }} +{{- $serviceAccountName := "clients" }} +{{- $dependencyOpts := dict "envAll" $envAll "dependencyKey" "clients" -}} +{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }} +{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "clients.daemonset" | toString | fromYaml }} +{{- $configmap_yaml := "clients.configmap.etc" }} +{{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }} +{{- end }} + diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/values.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/values.yaml new file mode 100644 index 00000000..83aed642 --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/helm-charts/clients/values.yaml @@ -0,0 +1,100 @@ +# +# Copyright (c) 2023 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +# Default values for clients. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +release_group: null + +images: + tags: + openstack_clients: docker.io/starlingx/stx-openstackclients:master-debian-stable-latest + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 + pull_policy: "IfNotPresent" + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +labels: + openstack_clients: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +dependencies: + dynamic: + common: + local_image_registry: + jobs: + - image-repo-sync + services: + - endpoint: node + service: local_image_registry + static: + image_repo_sync: + services: + - endpoint: internal + service: local_image_registry + clients: + services: + - endpoint: internal + service: identity + +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + identity: + name: keystone + auth: + admin: + region_name: RegionOne + username: admin + password: password + project_name: admin + user_domain_name: default + project_domain_name: default + nova: + role: admin + region_name: RegionOne + username: nova + password: password + project_name: service + user_domain_name: service + project_domain_name: service + hosts: + default: keystone-api + public: keystone + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: http + port: + api: + default: 80 + internal: 5000 + +conf: {} + +tolerations: [] + +manifests: + daemonset_clients: true diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/clients/clients-static-overrides.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/clients/clients-static-overrides.yaml new file mode 100644 index 00000000..dfa67fb0 --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/clients/clients-static-overrides.yaml @@ -0,0 +1,16 @@ +# +# Copyright (c) 2023 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +release_group: osh-openstack-clients +images: + tags: + openstack_clients: docker.io/starlingx/stx-openstackclients:master-debian-stable-latest +tolerations: + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/clients/clients-system-overrides.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/clients/clients-system-overrides.yaml new file mode 100644 index 00000000..e69de29b diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/clients/helmrelease.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/clients/helmrelease.yaml new file mode 100644 index 00000000..fc265b3b --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/clients/helmrelease.yaml @@ -0,0 +1,41 @@ +# +# Copyright (c) 2023 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +apiVersion: "helm.toolkit.fluxcd.io/v2beta1" +kind: HelmRelease +metadata: + name: clients + labels: + chart_group: clients +spec: + releaseName: osh-openstack-clients + chart: + spec: + chart: clients + version: 0.1.0 + sourceRef: + kind: HelmRepository + name: starlingx + interval: 1m + timeout: 30m + test: + enable: false + install: + disableHooks: false + upgrade: + disableHooks: false + dependsOn: + - name: heat + namespace: openstack + valuesFrom: + - kind: Secret + name: clients-static-overrides + valuesKey: clients-static-overrides.yaml + - kind: Secret + name: clients-system-overrides + valuesKey: clients-system-overrides.yaml +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/clients/kustomization.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/clients/kustomization.yaml new file mode 100644 index 00000000..2f626099 --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/clients/kustomization.yaml @@ -0,0 +1,20 @@ +# +# Copyright (c) 2023 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +namespace: openstack +resources: + - helmrelease.yaml +secretGenerator: + - name: clients-static-overrides + files: + - clients-static-overrides.yaml + - name: clients-system-overrides + files: + - clients-system-overrides.yaml +generatorOptions: + disableNameSuffixHash: true +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/kustomization.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/kustomization.yaml index 6e39d896..43e020fe 100644 --- a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/kustomization.yaml +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/kustomization.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2022 Wind River Systems, Inc. +# Copyright (c) 2023 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -37,4 +37,5 @@ resources: - aodh - ceilometer - gnocchi + - clients ...