From 374b61d70c593694f850bd6f6a74842c12ecf5f8 Mon Sep 17 00:00:00 2001 From: zhipengl Date: Fri, 31 May 2019 06:49:51 +0800 Subject: [PATCH] Add placement chart This commit adds a helm chart to deploy placement. Related test pass on simplex and multi-node setup Story: 2005799 Task: 33532 Change-Id: Ife908628c6379d2d39d15f72073da3018cc26950 Signed-off-by: zhipengl --- placement/Chart.yaml | 9 + placement/requirements.yaml | 10 + placement/templates/bin/_db-sync.sh.tpl | 13 + placement/templates/bin/_placement-api.sh.tpl | 34 +++ placement/templates/configmap-bin.yaml | 31 ++ placement/templates/configmap-etc.yaml | 58 ++++ placement/templates/deployment.yaml | 116 ++++++++ placement/templates/ingress.yaml | 12 + placement/templates/job-db-drop.yaml | 13 + placement/templates/job-db-init.yaml | 15 + placement/templates/job-db-sync.yaml | 12 + placement/templates/job-image-repo-sync.yaml | 12 + placement/templates/job-ks-endpoints.yaml | 12 + placement/templates/job-ks-service.yaml | 12 + placement/templates/job-ks-user.yaml | 12 + placement/templates/network_policy.yaml | 12 + placement/templates/pdb.yaml | 21 ++ placement/templates/secret-db.yaml | 22 ++ placement/templates/secret-ingress-tls.yaml | 11 + placement/templates/secret-keystone.yaml | 22 ++ placement/templates/service-ingress.yaml | 12 + placement/templates/service.yaml | 26 ++ placement/values.yaml | 413 ++++++++++++++++++++++++++ 23 files changed, 910 insertions(+) create mode 100644 placement/Chart.yaml create mode 100644 placement/requirements.yaml create mode 100644 placement/templates/bin/_db-sync.sh.tpl create mode 100644 placement/templates/bin/_placement-api.sh.tpl create mode 100644 placement/templates/configmap-bin.yaml create mode 100644 placement/templates/configmap-etc.yaml create mode 100644 placement/templates/deployment.yaml create mode 100644 placement/templates/ingress.yaml create mode 100644 placement/templates/job-db-drop.yaml create mode 100644 placement/templates/job-db-init.yaml create mode 100644 placement/templates/job-db-sync.yaml create mode 100644 placement/templates/job-image-repo-sync.yaml create mode 100644 placement/templates/job-ks-endpoints.yaml create mode 100644 placement/templates/job-ks-service.yaml create mode 100644 placement/templates/job-ks-user.yaml create mode 100644 placement/templates/network_policy.yaml create mode 100644 placement/templates/pdb.yaml create mode 100644 placement/templates/secret-db.yaml create mode 100644 placement/templates/secret-ingress-tls.yaml create mode 100644 placement/templates/secret-keystone.yaml create mode 100644 placement/templates/service-ingress.yaml create mode 100644 placement/templates/service.yaml create mode 100644 placement/values.yaml diff --git a/placement/Chart.yaml b/placement/Chart.yaml new file mode 100644 index 0000000..e8eb058 --- /dev/null +++ b/placement/Chart.yaml @@ -0,0 +1,9 @@ +# +# Copyright (c) 2019 StarlingX. +# + +apiVersion: v1 +appVersion: "1.0" +description: OpenStack Placement Service +name: placement +version: 0.1.0 diff --git a/placement/requirements.yaml b/placement/requirements.yaml new file mode 100644 index 0000000..3a162a6 --- /dev/null +++ b/placement/requirements.yaml @@ -0,0 +1,10 @@ +# +# Copyright (c) 2019 StarlingX. +# +# SPDX-License-Identifier: Apache-2.0 +# + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/placement/templates/bin/_db-sync.sh.tpl b/placement/templates/bin/_db-sync.sh.tpl new file mode 100644 index 0000000..4a36848 --- /dev/null +++ b/placement/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,13 @@ +#!/bin/bash + +{{/* +# +# Copyright (c) 2019 StarlingX. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +set -ex + +su -s /bin/sh -c "placement-manage db sync" placement diff --git a/placement/templates/bin/_placement-api.sh.tpl b/placement/templates/bin/_placement-api.sh.tpl new file mode 100644 index 0000000..4f82970 --- /dev/null +++ b/placement/templates/bin/_placement-api.sh.tpl @@ -0,0 +1,34 @@ +#!/bin/bash + +{{/* +# +# Copyright (c) 2019 StarlingX. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +set -ex +COMMAND="${@:-start}" + +function start () { + + cp -a $(type -p placement-api) /var/www/cgi-bin/placement/ + + if [ -f /etc/apache2/envvars ]; then + # Loading Apache2 ENV variables + source /etc/apache2/envvars + fi + + # Get rid of stale pid file if present. + rm -f /var/run/apache2/*.pid + + # Start Apache2 + exec apache2 -DFOREGROUND +} + +function stop () { + apachectl -k graceful-stop +} + +$COMMAND diff --git a/placement/templates/configmap-bin.yaml b/placement/templates/configmap-bin.yaml new file mode 100644 index 0000000..3e98ea9 --- /dev/null +++ b/placement/templates/configmap-bin.yaml @@ -0,0 +1,31 @@ +{{/* +# +# Copyright (c) 2019 StarlingX. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: placement-bin +data: + placement-api.sh: | +{{ tuple "bin/_placement-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + db-init.py: | +{{- include "helm-toolkit.scripts.db_init" . | indent 4 }} + db-drop.py: | +{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }} + ks-service.sh: | +{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }} + ks-endpoints.sh: | +{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }} + ks-user.sh: | +{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} +{{- end }} diff --git a/placement/templates/configmap-etc.yaml b/placement/templates/configmap-etc.yaml new file mode 100644 index 0000000..62834cc --- /dev/null +++ b/placement/templates/configmap-etc.yaml @@ -0,0 +1,58 @@ +{{/* +# +# Copyright (c) 2019 StarlingX. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.configmap_etc }} +{{- $envAll := . }} + +{{- if empty .Values.conf.placement.placement_database.connection -}} +{{- $_ := tuple "oslo_db" "internal" "placement" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.placement.placement_database "connection" -}} +{{- end -}} + +{{- if empty .Values.conf.placement.keystone_authtoken.auth_uri -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.placement.keystone_authtoken "auth_uri" -}} +{{- end -}} +{{- if empty .Values.conf.placement.keystone_authtoken.auth_url -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.placement.keystone_authtoken "auth_url" -}} +{{- end -}} + +{{- if empty .Values.conf.placement.keystone_authtoken.os_region_name -}} +{{- $_ := set .Values.conf.placement.keystone_authtoken "os_region_name" .Values.endpoints.identity.auth.placement.region_name -}} +{{- end -}} +{{- if empty .Values.conf.placement.keystone_authtoken.project_name -}} +{{- $_ := set .Values.conf.placement.keystone_authtoken "project_name" .Values.endpoints.identity.auth.placement.project_name -}} +{{- end -}} +{{- if empty .Values.conf.placement.keystone_authtoken.project_domain_name -}} +{{- $_ := set .Values.conf.placement.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.placement.project_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.placement.keystone_authtoken.user_domain_name -}} +{{- $_ := set .Values.conf.placement.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.placement.user_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.placement.keystone_authtoken.username -}} +{{- $_ := set .Values.conf.placement.keystone_authtoken "username" .Values.endpoints.identity.auth.placement.username -}} +{{- end -}} +{{- if empty .Values.conf.placement.keystone_authtoken.password -}} +{{- $_ := set .Values.conf.placement.keystone_authtoken "password" .Values.endpoints.identity.auth.placement.password -}} +{{- end -}} +{{- if empty .Values.conf.placement.keystone_authtoken.memcached_servers -}} +{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.placement.keystone_authtoken "memcached_servers" -}} +{{- end -}} +{{- if empty .Values.conf.placement.keystone_authtoken.memcache_secret_key -}} +{{- $_ := set .Values.conf.placement.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}} +{{- end -}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: placement-etc +type: Opaque +data: + policy.yaml: {{ toYaml .Values.conf.policy | b64enc }} + placement.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.placement | b64enc }} + logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} +{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_placement "key" "wsgi-placement.conf" "format" "Secret" ) | indent 2 }} +{{- end }} diff --git a/placement/templates/deployment.yaml b/placement/templates/deployment.yaml new file mode 100644 index 0000000..922bbcf --- /dev/null +++ b/placement/templates/deployment.yaml @@ -0,0 +1,116 @@ +{{/* +# +# Copyright (c) 2019 StarlingX. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.deployment }} +{{- $envAll := . }} + +{{- $mounts_placement := .Values.pod.mounts.placement.placement }} +{{- $mounts_placement_init := .Values.pod.mounts.placement.init_container }} + +{{- $serviceAccountName := "placement-api" }} +{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: placement-api + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "placement" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.api }} + selector: + matchLabels: +{{ tuple $envAll "placement" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "placement" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "placement" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }} + initContainers: +{{ tuple $envAll "api" $mounts_placement_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: placement-api +{{ tuple $envAll "placement" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/placement-api.sh + - start + lifecycle: + preStop: + exec: + command: + - /tmp/placement-api.sh + - stop + ports: + - name: p-api + containerPort: {{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + readinessProbe: + #NOTE(portdirect): use tcpSocket check as HTTP will return 401 + tcpSocket: + port: {{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + initialDelaySeconds: 15 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: {{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + initialDelaySeconds: 50 + periodSeconds: 10 + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: wsgi-placement + mountPath: /var/www/cgi-bin/placement + - name: placement-bin + mountPath: /tmp/placement-api.sh + subPath: placement-api.sh + readOnly: true + - name: placement-etc + mountPath: /etc/placement/placement.conf + subPath: placement.conf + readOnly: true + - name: placement-etc + mountPath: {{ .Values.conf.placement.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.placement.DEFAULT.log_config_append }} + readOnly: true + - name: placement-etc + mountPath: /etc/placement/policy.yaml + subPath: policy.yaml + readOnly: true + - name: placement-etc + mountPath: /etc/apache2/conf-enabled/wsgi-placement.conf + subPath: wsgi-placement.conf + readOnly: true +{{ if $mounts_placement.volumeMounts }}{{ toYaml $mounts_placement.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: wsgi-placement + emptyDir: {} + - name: placement-bin + configMap: + name: placement-bin + defaultMode: 0555 + - name: placement-etc + secret: + secretName: placement-etc + defaultMode: 0444 +{{ if $mounts_placement.volumes }}{{ toYaml $mounts_placement.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/placement/templates/ingress.yaml b/placement/templates/ingress.yaml new file mode 100644 index 0000000..5dcced8 --- /dev/null +++ b/placement/templates/ingress.yaml @@ -0,0 +1,12 @@ +{{/* +# +# Copyright (c) 2019 StarlingX. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if and .Values.manifests.ingress .Values.network.api.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendServiceType" "placement" "backendPort" "p-api" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} diff --git a/placement/templates/job-db-drop.yaml b/placement/templates/job-db-drop.yaml new file mode 100644 index 0000000..1cdb753 --- /dev/null +++ b/placement/templates/job-db-drop.yaml @@ -0,0 +1,13 @@ +{{/* +# +# Copyright (c) 2019 StarlingX. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.job_db_drop }} +{{- $serviceName := "placement" -}} +{{- $dbDropJob := dict "envAll" . "serviceName" $serviceName -}} +{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} +{{- end }} diff --git a/placement/templates/job-db-init.yaml b/placement/templates/job-db-init.yaml new file mode 100644 index 0000000..4c9d450 --- /dev/null +++ b/placement/templates/job-db-init.yaml @@ -0,0 +1,15 @@ +{{/* +# +# Copyright (c) 2019 StarlingX. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.job_db_init }} +{{- $serviceName := "placement" -}} +{{- $dbApi := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "placement_database" "configDbKey" "connection" -}} +{{- $dbsToInit := list $dbApi }} +{{- $dbInitJob := dict "envAll" . "serviceName" $serviceName "dbsToInit" $dbsToInit -}} +{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} +{{- end }} diff --git a/placement/templates/job-db-sync.yaml b/placement/templates/job-db-sync.yaml new file mode 100644 index 0000000..5aeefba --- /dev/null +++ b/placement/templates/job-db-sync.yaml @@ -0,0 +1,12 @@ +{{/* +# +# Copyright (c) 2019 StarlingX. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.job_db_sync }} +{{- $dbSyncJob := dict "envAll" . "serviceName" "placement" -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} +{{- end }} diff --git a/placement/templates/job-image-repo-sync.yaml b/placement/templates/job-image-repo-sync.yaml new file mode 100644 index 0000000..022b160 --- /dev/null +++ b/placement/templates/job-image-repo-sync.yaml @@ -0,0 +1,12 @@ +{{/* +# +# Copyright (c) 2019 StarlingX. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} +{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "placement" -}} +{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} +{{- end }} diff --git a/placement/templates/job-ks-endpoints.yaml b/placement/templates/job-ks-endpoints.yaml new file mode 100644 index 0000000..d3a43fc --- /dev/null +++ b/placement/templates/job-ks-endpoints.yaml @@ -0,0 +1,12 @@ +{{/* +# +# Copyright (c) 2018 StarlingX. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.job_ks_endpoints }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "placement" "serviceTypes" ( tuple "placement" ) -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} +{{- end }} diff --git a/placement/templates/job-ks-service.yaml b/placement/templates/job-ks-service.yaml new file mode 100644 index 0000000..0dd6d6e --- /dev/null +++ b/placement/templates/job-ks-service.yaml @@ -0,0 +1,12 @@ +{{/* +# +# Copyright (c) 2019 StarlingX. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.job_ks_service }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "placement" "serviceTypes" ( tuple "placement" ) -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} +{{- end }} diff --git a/placement/templates/job-ks-user.yaml b/placement/templates/job-ks-user.yaml new file mode 100644 index 0000000..b0f7799 --- /dev/null +++ b/placement/templates/job-ks-user.yaml @@ -0,0 +1,12 @@ +{{/* +# +# Copyright (c) 2019 StarlingX. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.job_ks_user }} +{{- $ksUserJob := dict "envAll" . "serviceName" "placement" -}} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} +{{- end }} diff --git a/placement/templates/network_policy.yaml b/placement/templates/network_policy.yaml new file mode 100644 index 0000000..6355f90 --- /dev/null +++ b/placement/templates/network_policy.yaml @@ -0,0 +1,12 @@ +{{/* +# +# Copyright (c) 2019 StarlingX. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.network_policy -}} +{{- $netpol_opts := dict "envAll" . "name" "application" "label" "placement" }} +{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }} +{{- end -}} diff --git a/placement/templates/pdb.yaml b/placement/templates/pdb.yaml new file mode 100644 index 0000000..a61fe58 --- /dev/null +++ b/placement/templates/pdb.yaml @@ -0,0 +1,21 @@ +{{/* +# +# Copyright (c) 2019 StarlingX. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.pdb }} +{{- $envAll := . }} +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: placement-api +spec: + minAvailable: {{ .Values.pod.lifecycle.disruption_budget.api.min_available }} + selector: + matchLabels: +{{ tuple $envAll "placement" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{- end }} diff --git a/placement/templates/secret-db.yaml b/placement/templates/secret-db.yaml new file mode 100644 index 0000000..5c7321e --- /dev/null +++ b/placement/templates/secret-db.yaml @@ -0,0 +1,22 @@ +{{/* +# +# Copyright (c) 2019 StarlingX. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.secret_db }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "placement" }} +{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} +{{- end }} +{{- end }} diff --git a/placement/templates/secret-ingress-tls.yaml b/placement/templates/secret-ingress-tls.yaml new file mode 100644 index 0000000..3413b5b --- /dev/null +++ b/placement/templates/secret-ingress-tls.yaml @@ -0,0 +1,11 @@ +{{/* +# +# Copyright (c) 2019 StarlingX. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.secret_ingress_tls }} +{{ include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "placement" ) }} +{{- end }} diff --git a/placement/templates/secret-keystone.yaml b/placement/templates/secret-keystone.yaml new file mode 100644 index 0000000..efc1a17 --- /dev/null +++ b/placement/templates/secret-keystone.yaml @@ -0,0 +1,22 @@ +{{/* +# +# Copyright (c) 2019 StarlingX. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.secret_keystone }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "placement" }} +{{- $secretName := index $envAll.Values.secrets.identity $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: +{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}} +{{- end }} +{{- end }} diff --git a/placement/templates/service-ingress.yaml b/placement/templates/service-ingress.yaml new file mode 100644 index 0000000..75fcd61 --- /dev/null +++ b/placement/templates/service-ingress.yaml @@ -0,0 +1,12 @@ +{{/* +# +# Copyright (c) 2019 StarlingX. +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if and .Values.manifests.service_ingress .Values.network.api.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "placement" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} +{{- end }} diff --git a/placement/templates/service.yaml b/placement/templates/service.yaml new file mode 100644 index 0000000..0bda157 --- /dev/null +++ b/placement/templates/service.yaml @@ -0,0 +1,26 @@ +{{/* +# +# SPDX-License-Identifier: Apache-2.0 +# +*/}} + +{{- if .Values.manifests.service }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "placement" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: p-api + port: {{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{ if .Values.network.api.node_port.enabled }} + nodePort: {{ .Values.network.api.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "placement" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.api.node_port.enabled }} + type: NodePort + {{ end }} +{{- end }} diff --git a/placement/values.yaml b/placement/values.yaml new file mode 100644 index 0000000..33139f0 --- /dev/null +++ b/placement/values.yaml @@ -0,0 +1,413 @@ +# +# SPDX-License-Identifier: Apache-2.0 +# + +# Default values for openstack-placement. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +release_group: null + +labels: + api: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +images: + pull_policy: IfNotPresent + tags: + placement: docker.io/openstackhelm/placement:ocata-ubuntu_xenial + ks_user: docker.io/openstackhelm/heat:ocata-ubuntu_xenial + ks_service: docker.io/openstackhelm/heat:ocata-ubuntu_xenial + ks_endpoints: docker.io/openstackhelm/heat:ocata-ubuntu_xenial + db_init: docker.io/openstackhelm/heat:ocata-ubuntu_xenial + db_drop: docker.io/openstackhelm/heat:ocata-ubuntu_xenial + placement_db_sync: docker.io/openstackhelm/placement:ocata-ubuntu_xenial + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 + image_repo_sync: docker.io/docker:17.07.0 + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +network: + api: + port: 8778 + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + external_policy_local: false + node_port: + enabled: false + port: 30778 + +conf: + policy: + context_is_admin: 'role:admin' + segregation: 'rule:context_is_admin' + admin_or_owner: 'rule:context_is_admin or project_id:%(project_id)s' + default: 'rule:admin_or_owner' + placement: + DEFAULT: + debug: false + use_syslog: false + log_config_append: /etc/placement/logging.conf + placement_database: + connection: null + keystone_authtoken: + auth_version: v3 + auth_type: password + memcache_security_strategy: ENCRYPT + logging: + loggers: + keys: + - root + - placement + handlers: + keys: + - stdout + - stderr + - "null" + formatters: + keys: + - context + - default + logger_root: + level: WARNING + handlers: stdout + logger_placement: + level: INFO + handlers: + - stdout + qualname: placement + logger_amqp: + level: WARNING + handlers: stderr + qualname: amqp + logger_amqplib: + level: WARNING + handlers: stderr + qualname: amqplib + logger_eventletwsgi: + level: WARNING + handlers: stderr + qualname: eventlet.wsgi.server + logger_sqlalchemy: + level: WARNING + handlers: stderr + qualname: sqlalchemy + logger_boto: + level: WARNING + handlers: stderr + qualname: boto + handler_null: + class: logging.NullHandler + formatter: default + args: () + handler_stdout: + class: StreamHandler + args: (sys.stdout,) + formatter: context + handler_stderr: + class: StreamHandler + args: (sys.stderr,) + formatter: context + formatter_context: + class: oslo_log.formatters.ContextFormatter + datefmt: "%Y-%m-%d %H:%M:%S" + formatter_default: + format: "%(message)s" + datefmt: "%Y-%m-%d %H:%M:%S" + wsgi_placement: | + Listen 0.0.0.0:{{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy + SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded + CustomLog /dev/stdout combined env=!forwarded + CustomLog /dev/stdout proxy env=forwarded + + WSGIDaemonProcess placement-api processes=1 threads=4 user=placement group=placement display-name=%{GROUP} + WSGIProcessGroup placement-api + WSGIScriptAlias / /var/www/cgi-bin/placement/placement-api + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + = 2.4> + ErrorLogFormat "%{cu}t %M" + + ErrorLog /dev/stdout + SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded + CustomLog /dev/stdout combined env=!forwarded + CustomLog /dev/stdout proxy env=forwarded + + Alias /placement /var/www/cgi-bin/placement/placement-api + + SetHandler wsgi-script + Options +ExecCGI + WSGIProcessGroup placement-api + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + + +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + oslo_db: + auth: + admin: + username: root + password: password + placement: + username: placement + password: password + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /placement + scheme: mysql+pymysql + port: + mysql: + default: 3306 + oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + identity: + name: keystone + auth: + admin: + region_name: RegionOne + username: admin + password: password + project_name: admin + user_domain_name: default + project_domain_name: default + placement: + role: admin + region_name: RegionOne + username: placement + password: password + project_name: service + user_domain_name: service + project_domain_name: service + hosts: + default: keystone + internal: keystone-api + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: http + port: + api: + default: 80 + internal: 5000 + placement: + name: placement + hosts: + default: placement-api + public: placement + host_fqdn_override: + default: null + path: + default: / + scheme: + default: 'http' + port: + api: + default: 8778 + public: 80 + +pod: + user: + placement: + uid: 42424 + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + mounts: + placement: + init_container: null + placement: + volumeMounts: + volumes: + replicas: + api: 1 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + disruption_budget: + api: + min_available: 0 + termination_grace_period: + api: + timeout: 30 + resources: + enabled: false + api: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + jobs: + db_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_drop: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_endpoints: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_service: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_user: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +secrets: + identity: + admin: placement-keystone-admin + placement: placement-keystone-user + oslo_db: + admin: placement-db-admin + placement: placement-db-user + tls: + placement: + api: + public: placement-tls-public + +dependencies: + dynamic: + common: + local_image_registry: + jobs: + - image-repo-sync + services: + - endpoint: node + service: local_image_registry + static: + api: + jobs: + - placement-db-sync + - placement-ks-service + - placement-ks-user + - placement-ks-endpoints + ks_endpoints: + jobs: + - placement-ks-user + - placement-ks-service + services: + - endpoint: internal + service: identity + ks_service: + services: + - endpoint: internal + service: identity + ks_user: + services: + - endpoint: internal + service: identity + db_drop: + services: + - endpoint: internal + service: oslo_db + db_init: + services: + - endpoint: internal + service: oslo_db + db_sync: + jobs: + - placement-db-init + services: + - endpoint: internal + service: oslo_db + +manifests: + configmap_bin: true + configmap_etc: true + deployment: true + job_image_repo_sync: true + job_db_init: true + job_db_sync: true + job_db_drop: false + job_ks_endpoints: true + job_ks_service: true + job_ks_user: true + network_policy: false + secret_db: true + secret_ingress_tls: true + pdb: true + ingress: true + secret_keystone: true + service_ingress: true + service: true -- 2.7.4