upstream/openstack/openstack-helm/files/0005-Add-Panko-Chart.patch
Angie Wang 07a4d31742 Add helm charts for Aodh and Panko to openstack-helm
This commit includes two patches for adding helm charts to
deloy Aodh and Panko services.

The charts are created based on the upstream unfinished ones:
https://review.openstack.org/#/c/468530/
https://review.openstack.org/#/c/469180/

Change-Id: I7c012ea023481aa1be9b69657f58dd9f733a58ab
Story: 2004005
Task: 27947
Signed-off-by: Angie Wang <angie.wang@windriver.com>
2018-11-15 10:38:53 -05:00

1697 lines
57 KiB
Diff

From 37fd9663c087532e35d3e514d91b29994022abfa Mon Sep 17 00:00:00 2001
From: Angie Wang <angie.wang@windriver.com>
Date: Wed, 14 Nov 2018 11:58:17 -0500
Subject: [PATCH 1/1] Add Panko Chart
This commit adds a helm chart to deploy Panko.
Panko chart is created based on the upstream unfinished one:
https://review.openstack.org/#/c/469180/
---
panko/Chart.yaml | 24 +
panko/requirements.yaml | 18 +
panko/templates/bin/_bootstrap.sh.tpl | 20 +
panko/templates/bin/_db-sync.sh.tpl | 21 +
panko/templates/bin/_panko-api.sh.tpl | 40 ++
panko/templates/bin/_panko-events-cleaner.sh.tpl | 21 +
panko/templates/bin/_panko-test.sh.tpl | 29 ++
panko/templates/configmap-bin.yaml | 51 +++
panko/templates/configmap-etc.yaml | 91 ++++
panko/templates/cron-job-events-cleaner.yaml | 84 ++++
panko/templates/deployment-api.yaml | 121 +++++
panko/templates/ingress-api.yaml | 20 +
panko/templates/job-bootstrap.yaml | 20 +
panko/templates/job-db-drop.yaml | 20 +
panko/templates/job-db-init.yaml | 20 +
panko/templates/job-db-sync.yaml | 20 +
panko/templates/job-image-repo-sync.yaml | 20 +
panko/templates/job-ks-endpoints.yaml | 20 +
panko/templates/job-ks-service.yaml | 20 +
panko/templates/job-ks-user.yaml | 20 +
panko/templates/pdb-api.yaml | 29 ++
panko/templates/pod-panko-test.yaml | 72 +++
panko/templates/secret-db.yaml | 30 ++
panko/templates/secret-keystone.yaml | 30 ++
panko/templates/service-api.yaml | 39 ++
panko/templates/service-ingress-api.yaml | 20 +
panko/values.yaml | 535 +++++++++++++++++++++++
27 files changed, 1455 insertions(+)
create mode 100755 panko/Chart.yaml
create mode 100755 panko/requirements.yaml
create mode 100755 panko/templates/bin/_bootstrap.sh.tpl
create mode 100755 panko/templates/bin/_db-sync.sh.tpl
create mode 100755 panko/templates/bin/_panko-api.sh.tpl
create mode 100755 panko/templates/bin/_panko-events-cleaner.sh.tpl
create mode 100755 panko/templates/bin/_panko-test.sh.tpl
create mode 100755 panko/templates/configmap-bin.yaml
create mode 100755 panko/templates/configmap-etc.yaml
create mode 100755 panko/templates/cron-job-events-cleaner.yaml
create mode 100755 panko/templates/deployment-api.yaml
create mode 100755 panko/templates/ingress-api.yaml
create mode 100755 panko/templates/job-bootstrap.yaml
create mode 100755 panko/templates/job-db-drop.yaml
create mode 100755 panko/templates/job-db-init.yaml
create mode 100755 panko/templates/job-db-sync.yaml
create mode 100755 panko/templates/job-image-repo-sync.yaml
create mode 100755 panko/templates/job-ks-endpoints.yaml
create mode 100755 panko/templates/job-ks-service.yaml
create mode 100755 panko/templates/job-ks-user.yaml
create mode 100755 panko/templates/pdb-api.yaml
create mode 100755 panko/templates/pod-panko-test.yaml
create mode 100755 panko/templates/secret-db.yaml
create mode 100755 panko/templates/secret-keystone.yaml
create mode 100755 panko/templates/service-api.yaml
create mode 100755 panko/templates/service-ingress-api.yaml
create mode 100755 panko/values.yaml
diff --git a/panko/Chart.yaml b/panko/Chart.yaml
new file mode 100755
index 0000000..7c5842a
--- /dev/null
+++ b/panko/Chart.yaml
@@ -0,0 +1,24 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Openstack-Helm Panko
+name: panko
+version: 0.1.0
+home: https://docs.openstack.org/developer/panko
+sources:
+ - https://git.openstack.org/cgit/openstack/panko
+ - https://git.openstack.org/cgit/openstack/openstack-helm
+maintainers:
+ - name: OpenStack-Helm Authors
diff --git a/panko/requirements.yaml b/panko/requirements.yaml
new file mode 100755
index 0000000..53782e6
--- /dev/null
+++ b/panko/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: helm-toolkit
+ repository: http://localhost:8879/charts
+ version: 0.1.0
diff --git a/panko/templates/bin/_bootstrap.sh.tpl b/panko/templates/bin/_bootstrap.sh.tpl
new file mode 100755
index 0000000..81a93b4
--- /dev/null
+++ b/panko/templates/bin/_bootstrap.sh.tpl
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+{{ .Values.bootstrap.script | default "echo 'Not Enabled'" }}
\ No newline at end of file
diff --git a/panko/templates/bin/_db-sync.sh.tpl b/panko/templates/bin/_db-sync.sh.tpl
new file mode 100755
index 0000000..8ca583a
--- /dev/null
+++ b/panko/templates/bin/_db-sync.sh.tpl
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+exec panko-dbsync
diff --git a/panko/templates/bin/_panko-api.sh.tpl b/panko/templates/bin/_panko-api.sh.tpl
new file mode 100755
index 0000000..bd08a43
--- /dev/null
+++ b/panko/templates/bin/_panko-api.sh.tpl
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+COMMAND="${@:-start}"
+
+function start () {
+
+ cp -a $(type -p panko-api) /var/www/cgi-bin/panko/
+
+ if [ -f /etc/apache2/envvars ]; then
+ # Loading Apache2 ENV variables
+ source /etc/apache2/envvars
+ fi
+
+ # Start Apache2
+ exec apache2 -DFOREGROUND
+}
+
+function stop () {
+ kill -TERM 1
+}
+
+$COMMAND
+
diff --git a/panko/templates/bin/_panko-events-cleaner.sh.tpl b/panko/templates/bin/_panko-events-cleaner.sh.tpl
new file mode 100755
index 0000000..10f3a86
--- /dev/null
+++ b/panko/templates/bin/_panko-events-cleaner.sh.tpl
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+panko-expirer
diff --git a/panko/templates/bin/_panko-test.sh.tpl b/panko/templates/bin/_panko-test.sh.tpl
new file mode 100755
index 0000000..28273f9
--- /dev/null
+++ b/panko/templates/bin/_panko-test.sh.tpl
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+export HOME=/tmp
+
+echo "Test: list event types"
+openstack event type list
+sleep 5
+
+echo "Test: list events"
+openstack event list
+
+exit 0
diff --git a/panko/templates/configmap-bin.yaml b/panko/templates/configmap-bin.yaml
new file mode 100755
index 0000000..2eb73f4
--- /dev/null
+++ b/panko/templates/configmap-bin.yaml
@@ -0,0 +1,51 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.configmap_bin }}
+{{- $envAll := . }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: panko-bin
+data:
+{{- if .Values.images.local_registry.active }}
+ image-repo-sync.sh: |
+{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
+{{- end }}
+{{- if .Values.bootstrap.enabled }}
+ bootstrap.sh: |
+{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- end }}
+ panko-test.sh: |
+{{ tuple "bin/_panko-test.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ db-init.py: |
+{{- include "helm-toolkit.scripts.db_init" . | indent 4 }}
+ db-sync.sh: |
+{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ db-drop.py: |
+{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }}
+ panko-api.sh: |
+{{ tuple "bin/_panko-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ panko-events-cleaner.sh: |
+{{ tuple "bin/_panko-events-cleaner.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ ks-service.sh: |
+{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }}
+ ks-endpoints.sh: |
+{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
+ ks-user.sh: |
+{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
+{{- end }}
diff --git a/panko/templates/configmap-etc.yaml b/panko/templates/configmap-etc.yaml
new file mode 100755
index 0000000..f2d02c8
--- /dev/null
+++ b/panko/templates/configmap-etc.yaml
@@ -0,0 +1,91 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.configmap_etc }}
+{{- $envAll := . }}
+
+{{- if empty .Values.conf.panko.keystone_authtoken.auth_uri -}}
+{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.panko.keystone_authtoken "auth_uri" -}}
+{{- end -}}
+
+{{- if empty .Values.conf.panko.keystone_authtoken.auth_url -}}
+{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.panko.keystone_authtoken "auth_url" -}}
+{{- end -}}
+
+{{- if empty .Values.conf.panko.keystone_authtoken.region_name -}}
+{{- $_ := set .Values.conf.panko.keystone_authtoken "region_name" .Values.endpoints.identity.auth.panko.region_name -}}
+{{- end -}}
+
+{{- if empty .Values.conf.panko.keystone_authtoken.project_name -}}
+{{- $_ := set .Values.conf.panko.keystone_authtoken "project_name" .Values.endpoints.identity.auth.panko.project_name -}}
+{{- end -}}
+
+{{- if empty .Values.conf.panko.keystone_authtoken.project_domain_name -}}
+{{- $_ := set .Values.conf.panko.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.panko.project_domain_name -}}
+{{- end -}}
+
+{{- if empty .Values.conf.panko.keystone_authtoken.user_domain_name -}}
+{{- $_ := set .Values.conf.panko.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.panko.user_domain_name -}}
+{{- end -}}
+
+{{- if empty .Values.conf.panko.keystone_authtoken.username -}}
+{{- $_ := set .Values.conf.panko.keystone_authtoken "username" .Values.endpoints.identity.auth.panko.username -}}
+{{- end -}}
+
+{{- if empty .Values.conf.panko.keystone_authtoken.password -}}
+{{- $_ := set .Values.conf.panko.keystone_authtoken "password" .Values.endpoints.identity.auth.panko.password -}}
+{{- end -}}
+
+{{- if empty .Values.conf.panko.keystone_authtoken.memcached_servers -}}
+{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.panko.keystone_authtoken "memcached_servers" -}}
+{{- end -}}
+
+{{- if empty .Values.conf.panko.keystone_authtoken.memcache_secret_key -}}
+{{- $_ := set .Values.conf.panko.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
+{{- end -}}
+
+{{- if empty .Values.conf.panko.database.connection -}}
+{{- $_ := tuple "oslo_db" "internal" "panko" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.panko.database "connection" -}}
+{{- end -}}
+
+{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
+{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
+{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .Release.Name $fluentd_host $fluentd_port }}
+{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}}
+{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}}
+{{- end -}}
+
+{{- if and (empty .Values.conf.logging.formatter_fluent) (has "fluent" .Values.conf.logging.formatters.keys) -}}
+{{- $formatter_fluent := dict "class" "oslo_log.formatters.FluentFormatter" -}}
+{{- $_ := set .Values.conf.logging "formatter_fluent" $formatter_fluent -}}
+{{- end -}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: panko-etc
+data:
+ panko.conf: |
+{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.panko | indent 4 }}
+ logging.conf: |
+{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | indent 4 }}
+ api_paste.ini: |
+{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }}
+ policy.json: |
+{{ toJson .Values.conf.policy | indent 4 }}
+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_panko "key" "wsgi-panko.conf" ) | indent 2 }}
+{{- end }}
diff --git a/panko/templates/cron-job-events-cleaner.yaml b/panko/templates/cron-job-events-cleaner.yaml
new file mode 100755
index 0000000..b0794b5
--- /dev/null
+++ b/panko/templates/cron-job-events-cleaner.yaml
@@ -0,0 +1,84 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.cron_job_events_cleaner }}
+{{- $envAll := . }}
+
+{{- $mounts_panko_events_cleaner := .Values.pod.mounts.panko_events_cleaner.panko_events_cleaner }}
+{{- $mounts_panko_events_cleaner_init := .Values.pod.mounts.panko_events_cleaner.init_container }}
+
+{{- $serviceAccountName := "panko-events-cleaner" }}
+{{ tuple $envAll "events_cleaner" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+ name: panko-events-cleaner
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+spec:
+ schedule: {{ .Values.jobs.events_cleaner.cron | quote }}
+ successfulJobsHistoryLimit: {{ .Values.jobs.events_cleaner.history.success }}
+ failedJobsHistoryLimit: {{ .Values.jobs.events_cleaner.history.failed }}
+ concurrencyPolicy: Forbid
+ jobTemplate:
+ metadata:
+ labels:
+{{ tuple $envAll "panko" "events-cleaner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+ spec:
+ template:
+ spec:
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ nodeSelector:
+ {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
+ initContainers:
+{{ tuple $envAll "events_cleaner" $mounts_panko_events_cleaner_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }}
+ containers:
+ - name: panko-events-cleaner
+{{ tuple $envAll "panko_events_cleaner" | include "helm-toolkit.snippets.image" | indent 14 }}
+{{ tuple $envAll $envAll.Values.pod.resources.jobs.events_cleaner | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }}
+ command:
+ - /tmp/panko-events-cleaner.sh
+ volumeMounts:
+ - name: panko-bin
+ mountPath: /tmp/panko-events-cleaner.sh
+ subPath: panko-events-cleaner.sh
+ readOnly: true
+ - name: etcpanko
+ mountPath: /etc/panko
+ - name: panko-etc
+ mountPath: /etc/panko/panko.conf
+ subPath: panko.conf
+ readOnly: true
+ - name: panko-etc
+ mountPath: {{ .Values.conf.panko.DEFAULT.log_config_append }}
+ subPath: {{ base .Values.conf.panko.DEFAULT.log_config_append }}
+ readOnly: true
+{{ if $mounts_panko_events_cleaner.volumeMounts }}{{ toYaml $mounts_panko_events_cleaner.volumeMounts | indent 14 }}{{ end }}
+ volumes:
+ - name: etcpanko
+ emptyDir: {}
+ - name: panko-etc
+ configMap:
+ name: panko-etc
+ defaultMode: 0444
+ - name: panko-bin
+ configMap:
+ name: panko-bin
+ defaultMode: 0555
+{{ if $mounts_panko_events_cleaner.volumes }}{{ toYaml $mounts_panko_events_cleaner.volumes | indent 10 }}{{ end }}
+{{- end }}
diff --git a/panko/templates/deployment-api.yaml b/panko/templates/deployment-api.yaml
new file mode 100755
index 0000000..93c3ada
--- /dev/null
+++ b/panko/templates/deployment-api.yaml
@@ -0,0 +1,121 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.deployment_api }}
+{{- $envAll := . }}
+
+{{- $mounts_panko_api := .Values.pod.mounts.panko_api.panko_api }}
+{{- $mounts_panko_api_init := .Values.pod.mounts.panko_api.init_container }}
+
+{{- $serviceAccountName := "panko-api" }}
+{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: panko-api
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+ labels:
+{{ tuple $envAll "panko" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+spec:
+ replicas: {{ .Values.pod.replicas.api }}
+ selector:
+ matchLabels:
+{{ tuple $envAll "panko" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
+{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
+ template:
+ metadata:
+ labels:
+{{ tuple $envAll "panko" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+ annotations:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+{{ tuple $envAll "panko" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+ nodeSelector:
+ {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }}
+ terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }}
+ initContainers:
+{{ tuple $envAll "api" $mounts_panko_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ containers:
+ - name: panko-api
+{{ tuple $envAll "panko_api" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ securityContext:
+ runAsUser: {{ .Values.pod.user.panko.uid }}
+ command:
+ - /tmp/panko-api.sh
+ - start
+ lifecycle:
+ preStop:
+ exec:
+ command:
+ - /tmp/panko-api.sh
+ - stop
+ ports:
+ - name: p-api
+ containerPort: {{ tuple "event" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ tuple "event" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+ volumeMounts:
+ - name: wsgi-panko
+ mountPath: /var/www/cgi-bin/panko
+ - name: etcpanko
+ mountPath: /etc/panko
+ - name: panko-etc
+ mountPath: /etc/panko/panko.conf
+ subPath: panko.conf
+ readOnly: true
+ - name: panko-etc
+ mountPath: {{ .Values.conf.panko.DEFAULT.log_config_append }}
+ subPath: {{ base .Values.conf.panko.DEFAULT.log_config_append }}
+ readOnly: true
+ - name: panko-etc
+ mountPath: /etc/panko/api_paste.ini
+ subPath: api_paste.ini
+ readOnly: true
+ - name: panko-etc
+ mountPath: /etc/panko/policy.json
+ subPath: policy.json
+ readOnly: true
+ - name: panko-etc
+ mountPath: /etc/apache2/conf-enabled/wsgi-panko.conf
+ subPath: wsgi-panko.conf
+ readOnly: true
+ - name: panko-bin
+ mountPath: /tmp/panko-api.sh
+ subPath: panko-api.sh
+ readOnly: true
+{{ if $mounts_panko_api.volumeMounts }}{{ toYaml $mounts_panko_api.volumeMounts | indent 12 }}{{ end }}
+ volumes:
+ - name: wsgi-panko
+ emptyDir: {}
+ - name: etcpanko
+ emptyDir: {}
+ - name: panko-etc
+ configMap:
+ name: panko-etc
+ defaultMode: 0444
+ - name: panko-bin
+ configMap:
+ name: panko-bin
+ defaultMode: 0555
+{{ if $mounts_panko_api.volumes }}{{ toYaml $mounts_panko_api.volumes | indent 8 }}{{ end }}
+{{- end }}
diff --git a/panko/templates/ingress-api.yaml b/panko/templates/ingress-api.yaml
new file mode 100755
index 0000000..d6d0e88
--- /dev/null
+++ b/panko/templates/ingress-api.yaml
@@ -0,0 +1,20 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }}
+{{- $ingressOpts := dict "envAll" . "backendServiceType" "event" "backendPort" "p-api" -}}
+{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
+{{- end }}
diff --git a/panko/templates/job-bootstrap.yaml b/panko/templates/job-bootstrap.yaml
new file mode 100755
index 0000000..7321d4b
--- /dev/null
+++ b/panko/templates/job-bootstrap.yaml
@@ -0,0 +1,20 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }}
+{{- $bootstrapJob := dict "envAll" . "serviceName" "panko" "keystoneUser" .Values.bootstrap.ks_user -}}
+{{ $bootstrapJob | include "helm-toolkit.manifests.job_bootstrap" }}
+{{- end }}
diff --git a/panko/templates/job-db-drop.yaml b/panko/templates/job-db-drop.yaml
new file mode 100755
index 0000000..7e50dbe
--- /dev/null
+++ b/panko/templates/job-db-drop.yaml
@@ -0,0 +1,20 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.job_db_drop }}
+{{- $dbDropJob := dict "envAll" . "serviceName" "panko" -}}
+{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }}
+{{- end }}
\ No newline at end of file
diff --git a/panko/templates/job-db-init.yaml b/panko/templates/job-db-init.yaml
new file mode 100755
index 0000000..22f4ddb
--- /dev/null
+++ b/panko/templates/job-db-init.yaml
@@ -0,0 +1,20 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.job_db_init }}
+{{- $dbInitJob := dict "envAll" . "serviceName" "panko" -}}
+{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }}
+{{- end }}
\ No newline at end of file
diff --git a/panko/templates/job-db-sync.yaml b/panko/templates/job-db-sync.yaml
new file mode 100755
index 0000000..4b2fe73
--- /dev/null
+++ b/panko/templates/job-db-sync.yaml
@@ -0,0 +1,20 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.job_db_sync }}
+{{- $dbSyncJob := dict "envAll" . "serviceName" "panko" -}}
+{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }}
+{{- end }}
\ No newline at end of file
diff --git a/panko/templates/job-image-repo-sync.yaml b/panko/templates/job-image-repo-sync.yaml
new file mode 100755
index 0000000..8faed5b
--- /dev/null
+++ b/panko/templates/job-image-repo-sync.yaml
@@ -0,0 +1,20 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
+{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "panko" -}}
+{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
+{{- end }}
\ No newline at end of file
diff --git a/panko/templates/job-ks-endpoints.yaml b/panko/templates/job-ks-endpoints.yaml
new file mode 100755
index 0000000..77457ba
--- /dev/null
+++ b/panko/templates/job-ks-endpoints.yaml
@@ -0,0 +1,20 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.job_ks_endpoints }}
+{{- $ksServiceJob := dict "envAll" . "serviceName" "panko" "serviceTypes" ( tuple "event" ) -}}
+{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }}
+{{- end }}
\ No newline at end of file
diff --git a/panko/templates/job-ks-service.yaml b/panko/templates/job-ks-service.yaml
new file mode 100755
index 0000000..1531564
--- /dev/null
+++ b/panko/templates/job-ks-service.yaml
@@ -0,0 +1,20 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.job_ks_service }}
+{{- $ksServiceJob := dict "envAll" . "serviceName" "panko" "serviceTypes" ( tuple "event" ) -}}
+{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }}
+{{- end }}
\ No newline at end of file
diff --git a/panko/templates/job-ks-user.yaml b/panko/templates/job-ks-user.yaml
new file mode 100755
index 0000000..bff96ed
--- /dev/null
+++ b/panko/templates/job-ks-user.yaml
@@ -0,0 +1,20 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.job_ks_user }}
+{{- $ksUserJob := dict "envAll" . "serviceName" "panko" -}}
+{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
+{{- end }}
\ No newline at end of file
diff --git a/panko/templates/pdb-api.yaml b/panko/templates/pdb-api.yaml
new file mode 100755
index 0000000..fc6fcd0
--- /dev/null
+++ b/panko/templates/pdb-api.yaml
@@ -0,0 +1,29 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.pdb_api }}
+{{- $envAll := . }}
+---
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: panko-api
+spec:
+ minAvailable: {{ .Values.pod.lifecycle.disruption_budget.api.min_available }}
+ selector:
+ matchLabels:
+{{ tuple $envAll "cinder" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
+{{- end }}
diff --git a/panko/templates/pod-panko-test.yaml b/panko/templates/pod-panko-test.yaml
new file mode 100755
index 0000000..2acc43a
--- /dev/null
+++ b/panko/templates/pod-panko-test.yaml
@@ -0,0 +1,72 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.pod_panko_test }}
+{{- $envAll := . }}
+
+{{- $mounts_tests := .Values.pod.mounts.panko_tests.panko_tests }}
+{{- $mounts_tests_init := .Values.pod.mounts.panko_tests.init_container }}
+
+{{- $serviceAccountName := print $envAll.Release.Name "-test" }}
+{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
+apiVersion: v1
+kind: Pod
+metadata:
+ name: {{ print $envAll.Release.Name "-test" }}
+ labels:
+{{ tuple $envAll "panko" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+ annotations:
+ "helm.sh/hook": test-success
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+spec:
+ restartPolicy: Never
+ nodeSelector:
+ {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
+ serviceAccountName: {{ $serviceAccountName }}
+ initContainers:
+{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
+ containers:
+ - name: {{ .Release.Name }}-test
+{{ tuple $envAll "panko_api" | include "helm-toolkit.snippets.image" | indent 6 }}
+{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
+ env:
+{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
+{{- end }}
+ command:
+ - /tmp/panko-test.sh
+ volumeMounts:
+ - name: panko-etc
+ mountPath: /etc/panko/panko.conf
+ subPath: panko.conf
+ readOnly: true
+ - name: panko-bin
+ mountPath: /tmp/panko-test.sh
+ subPath: panko-test.sh
+ readOnly: true
+{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }}
+ volumes:
+ - name: panko-etc
+ configMap:
+ name: panko-etc
+ defaultMode: 0444
+ - name: panko-bin
+ configMap:
+ name: panko-bin
+ defaultMode: 0555
+{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }}
+{{- end }}
diff --git a/panko/templates/secret-db.yaml b/panko/templates/secret-db.yaml
new file mode 100755
index 0000000..58edac4
--- /dev/null
+++ b/panko/templates/secret-db.yaml
@@ -0,0 +1,30 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.secret_db }}
+{{- $envAll := . }}
+{{- range $key1, $userClass := tuple "admin" "panko" }}
+{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ $secretName }}
+type: Opaque
+data:
+ DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/panko/templates/secret-keystone.yaml b/panko/templates/secret-keystone.yaml
new file mode 100755
index 0000000..9b44ceb
--- /dev/null
+++ b/panko/templates/secret-keystone.yaml
@@ -0,0 +1,30 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.secret_keystone }}
+{{- $envAll := . }}
+{{- range $key1, $userClass := tuple "admin" "panko" }}
+{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ $secretName }}
+type: Opaque
+data:
+{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
+{{- end }}
+{{- end }}
diff --git a/panko/templates/service-api.yaml b/panko/templates/service-api.yaml
new file mode 100755
index 0000000..893d9e3
--- /dev/null
+++ b/panko/templates/service-api.yaml
@@ -0,0 +1,39 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.service_api }}
+{{- $envAll := . }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ tuple "event" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
+spec:
+ ports:
+ - name: p-api
+ port: {{ tuple "event" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+ {{ if .Values.network.api.node_port.enabled }}
+ nodePort: {{ .Values.network.api.node_port.port }}
+ {{ end }}
+ selector:
+{{ tuple $envAll "panko" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+ {{ if .Values.network.api.node_port.enabled }}
+ type: NodePort
+ {{ if .Values.network.api.external_policy_local }}
+ externalTrafficPolicy: Local
+ {{ end }}
+ {{ end }}
+{{- end }}
diff --git a/panko/templates/service-ingress-api.yaml b/panko/templates/service-ingress-api.yaml
new file mode 100755
index 0000000..422e74d
--- /dev/null
+++ b/panko/templates/service-ingress-api.yaml
@@ -0,0 +1,20 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }}
+{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "event" -}}
+{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
+{{- end }}
\ No newline at end of file
diff --git a/panko/values.yaml b/panko/values.yaml
new file mode 100755
index 0000000..a206a31
--- /dev/null
+++ b/panko/values.yaml
@@ -0,0 +1,535 @@
+# Default values for panko.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+release_group: null
+
+labels:
+ api:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ test:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+
+images:
+ tags:
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ db_init: docker.io/kolla/ubuntu-source-panko-api:3.0.3-beta.1
+ db_drop: docker.io/openstackhelm/heat:newton
+ bootstrap: docker.io/openstackhelm/heat:newton
+ panko_db_sync: docker.io/kolla/ubuntu-source-panko-api:3.0.3-beta.1
+ ks_user: docker.io/openstackhelm/heat:newton
+ ks_service: docker.io/openstackhelm/heat:newton
+ ks_endpoints: docker.io/openstackhelm/heat:newton
+ panko_api: docker.io/kolla/ubuntu-source-panko-api:3.0.3-beta.1
+ panko_events_cleaner: docker.io/kolla/ubuntu-source-panko-base:3.0.3-beta.1
+ image_repo_sync: docker.io/docker:17.07.0
+ pull_policy: "IfNotPresent"
+ local_registry:
+ active: false
+ exclude:
+ - dep_check
+ - image_repo_sync
+
+jobs:
+ events_cleaner:
+ # hourly
+ cron: "0 * * * *"
+ history:
+ success: 3
+ failed: 1
+
+network:
+ api:
+ ingress:
+ public: true
+ classes:
+ namespace: "nginx"
+ cluster: "nginx-cluster"
+ annotations:
+ nginx.ingress.kubernetes.io/rewrite-target: /
+ external_policy_local: false
+ node_port:
+ enabled: false
+ port: 8977
+
+dependencies:
+ dynamic:
+ common:
+ local_image_registry:
+ jobs:
+ - panko-image-repo-sync
+ services:
+ - endpoint: node
+ service: local_image_registry
+ static:
+ api:
+ jobs:
+ - panko-db-sync
+ - panko-ks-user
+ - panko-ks-endpoints
+ services:
+ - endpoint: internal
+ service: oslo_db
+ - endpoint: internal
+ service: identity
+ events_cleaner:
+ jobs:
+ - panko-db-sync
+ - panko-ks-user
+ - panko-ks-endpoints
+ services:
+ - endpoint: internal
+ service: oslo_db
+ - endpoint: internal
+ service: identity
+ bootstrap:
+ services:
+ - endpoint: internal
+ service: identity
+ db_init:
+ services:
+ - endpoint: internal
+ service: oslo_db
+ db_sync:
+ jobs:
+ - panko-db-init
+ services:
+ - endpoint: internal
+ service: oslo_db
+ db_drop:
+ services:
+ - endpoint: internal
+ service: oslo_db
+ ks_endpoints:
+ jobs:
+ - panko-ks-service
+ services:
+ - endpoint: internal
+ service: identity
+ ks_service:
+ services:
+ - endpoint: internal
+ service: identity
+ ks_user:
+ services:
+ - endpoint: internal
+ service: identity
+ image_repo_sync:
+ services:
+ - endpoint: internal
+ service: local_image_registry
+ tests:
+ jobs:
+ - panko-db-sync
+ services:
+ - endpoint: internal
+ service: identity
+ - endpoint: internal
+ service: oslo_db
+ - endpoint: internal
+ service: event
+
+# Names of secrets used by bootstrap and environmental checks
+secrets:
+ identity:
+ admin: panko-keystone-admin
+ panko: panko-keystone-user
+ oslo_db:
+ admin: panko-db-admin
+ panko: panko-db-user
+
+bootstrap:
+ enabled: false
+ ks_user: panko
+ script: |
+ openstack token issue
+
+conf:
+ wsgi_panko: |
+ Listen 0.0.0.0:{{ tuple "event" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+
+ SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+ CustomLog /dev/stdout combined env=!forwarded
+ CustomLog /dev/stdout proxy env=forwarded
+
+ <VirtualHost *:{{ tuple "event" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
+ WSGIDaemonProcess panko processes=1 threads=2 user=panko group=panko display-name=%{GROUP}
+ WSGIProcessGroup panko
+ WSGIScriptAlias / /var/www/cgi-bin/panko/panko-api
+ WSGIApplicationGroup %{GLOBAL}
+ <IfVersion >= 2.4>
+ ErrorLogFormat "%{cu}t %M"
+ </IfVersion>
+
+ ErrorLog /dev/stdout
+ SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+ CustomLog /dev/stdout combined env=!forwarded
+ CustomLog /dev/stdout proxy env=forwarded
+ </VirtualHost>
+ paste:
+ composite:panko+noauth:
+ use: egg:Paste#urlmap
+ /: pankoversions_pipeline
+ /v2: pankov2_noauth_pipeline
+ composite:panko+keystone:
+ use: egg:Paste#urlmap
+ /: pankoversions_pipeline
+ /v2: pankov2_keystone_pipeline
+ pipeline:pankoversions_pipeline:
+ pipeline: cors http_proxy_to_wsgi pankoversions
+ app:pankoversions:
+ paste.app_factory: panko.api.app:app_factory
+ root: panko.api.controllers.root.VersionsController
+ pipeline:pankov2_keystone_pipeline:
+ pipeline: cors http_proxy_to_wsgi request_id authtoken pankov2
+ pipeline:pankov2_noauth_pipeline:
+ pipeline: cors http_proxy_to_wsgi request_id pankov2
+ app:pankov2:
+ paste.app_factory: panko.api.app:app_factory
+ root: panko.api.controllers.v2.root.V2Controller
+ filter:authtoken:
+ paste.filter_factory: keystonemiddleware.auth_token:filter_factory
+ oslo_config_project: panko
+ filter:request_id:
+ paste.filter_factory: oslo_middleware:RequestId.factory
+ filter:cors:
+ paste.filter_factory: oslo_middleware.cors:filter_factory
+ oslo_config_project: panko
+ filter:http_proxy_to_wsgi:
+ paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
+ oslo_config_project: panko
+ policy:
+ context_is_admin: role:admin
+ segregation: rule:context_is_admin
+ telemetry:events:index: ''
+ telemetry:events:show: ''
+ panko:
+ DEFAULT:
+ debug: false
+ log_config_append: /etc/panko/logging.conf
+ database:
+ event_time_to_live: 86400
+ max_retries: -1
+ keystone_authtoken:
+ auth_version: v3
+ auth_type: password
+ memcache_security_strategy: ENCRYPT
+ logging:
+ loggers:
+ keys:
+ - root
+ - panko
+ handlers:
+ keys:
+ - stdout
+ - stderr
+ - "null"
+ formatters:
+ keys:
+ - context
+ - default
+ logger_root:
+ level: WARNING
+ handlers: 'null'
+ logger_panko:
+ level: INFO
+ handlers:
+ - stdout
+ qualname: panko
+ logger_amqp:
+ level: WARNING
+ handlers: stderr
+ qualname: amqp
+ logger_amqplib:
+ level: WARNING
+ handlers: stderr
+ qualname: amqplib
+ logger_eventletwsgi:
+ level: WARNING
+ handlers: stderr
+ qualname: eventlet.wsgi.server
+ logger_sqlalchemy:
+ level: WARNING
+ handlers: stderr
+ qualname: sqlalchemy
+ logger_boto:
+ level: WARNING
+ handlers: stderr
+ qualname: boto
+ handler_null:
+ class: logging.NullHandler
+ formatter: default
+ args: ()
+ handler_stdout:
+ class: StreamHandler
+ args: (sys.stdout,)
+ formatter: context
+ handler_stderr:
+ class: StreamHandler
+ args: (sys.stderr,)
+ formatter: context
+ formatter_context:
+ class: oslo_log.formatters.ContextFormatter
+ formatter_default:
+ format: "%(message)s"
+
+# typically overriden by environmental
+# values, but should include all endpoints
+# required by this chart
+endpoints:
+ cluster_domain_suffix: cluster.local
+ local_image_registry:
+ name: docker-registry
+ namespace: docker-registry
+ hosts:
+ default: localhost
+ internal: docker-registry
+ node: localhost
+ host_fqdn_override:
+ default: null
+ port:
+ registry:
+ node: 5000
+ identity:
+ name: keystone
+ auth:
+ admin:
+ region_name: RegionOne
+ username: admin
+ password: password
+ project_name: admin
+ user_domain_name: default
+ project_domain_name: default
+ panko:
+ role: admin
+ region_name: RegionOne
+ username: panko
+ password: password
+ project_name: service
+ user_domain_name: service
+ project_domain_name: service
+ hosts:
+ default: keystone
+ internal: keystone-api
+ host_fqdn_override:
+ default: null
+ path:
+ default: /v3
+ scheme:
+ default: 'http'
+ port:
+ api:
+ default: 80
+ internal: 5000
+ event:
+ name: panko
+ hosts:
+ default: panko-api
+ public: panko
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: 'http'
+ port:
+ api:
+ default: 8977
+ public: 80
+ oslo_db:
+ auth:
+ admin:
+ username: root
+ password: password
+ panko:
+ username: panko
+ password: password
+ hosts:
+ default: mariadb
+ host_fqdn_override:
+ default: null
+ path: /panko
+ scheme: mysql+pymysql
+ port:
+ mysql:
+ default: 3306
+ oslo_cache:
+ auth:
+ # NOTE: this is used to define the value for keystone
+ # authtoken cache encryption key, if not set it will be populated
+ # automatically with a random value, but to take advantage of
+ # this feature all services should be set to use the same key,
+ # and memcache service.
+ memcache_secret_key: null
+ hosts:
+ default: memcached
+ host_fqdn_override:
+ default: null
+ port:
+ memcache:
+ default: 11211
+ fluentd:
+ namespace: null
+ name: fluentd
+ hosts:
+ default: fluentd-logging
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme: 'http'
+ port:
+ service:
+ default: 24224
+ metrics:
+ default: 24220
+
+pod:
+ user:
+ panko:
+ uid: 42424
+ affinity:
+ anti:
+ type:
+ default: preferredDuringSchedulingIgnoredDuringExecution
+ topologyKey:
+ default: kubernetes.io/hostname
+ mounts:
+ panko_api:
+ init_container: null
+ panko_api:
+ panko_events_cleaner:
+ init_container: null
+ panko_events_cleaner:
+ panko_bootstrap:
+ init_container: null
+ panko_bootstrap:
+ panko_tests:
+ init_container: null
+ panko_tests:
+ replicas:
+ api: 1
+ lifecycle:
+ upgrades:
+ deployments:
+ revision_history: 3
+ pod_replacement_strategy: RollingUpdate
+ rolling_update:
+ max_unavailable: 1
+ max_surge: 3
+ disruption_budget:
+ api:
+ min_available: 0
+ termination_grace_period:
+ api:
+ timeout: 600
+ resources:
+ enabled: false
+ api:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ jobs:
+ bootstrap:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ db_sync:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ db_init:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ ks_user:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ ks_service:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ ks_endpoints:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ events_cleaner:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ db_drop:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ tests:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ image_repo_sync:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+
+manifests:
+ configmap_bin: true
+ configmap_etc: true
+ cron_job_events_cleaner: true
+ deployment_api: true
+ ingress_api: true
+ job_bootstrap: true
+ job_db_drop: false
+ job_db_init: true
+ job_image_repo_sync: true
+ job_db_sync: true
+ job_ks_endpoints: true
+ job_ks_service: true
+ job_ks_user: true
+ pdb_api: true
+ pod_panko_test: true
+ secret_db: true
+ secret_keystone: true
+ service_api: true
+ service_ingress_api: true
+
--
1.8.3.1