From 767cac7d57f6799bc083a487d2e2194a4427673f Mon Sep 17 00:00:00 2001 From: gardlt Date: Tue, 24 Oct 2017 20:14:21 +0000 Subject: [PATCH] feat(chart): adding armada - providing armada as a chart Change-Id: Ic5b8e7f74579073fd483995b449d0bb8d9b5e10d --- .gitignore | 8 + charts/armada/.helmignore | 21 ++ charts/armada/Chart.yaml | 27 +++ charts/armada/requirements.yaml | 18 ++ charts/armada/templates/configmap-bin.yaml | 29 +++ charts/armada/templates/configmap-etc.yaml | 59 +++++ charts/armada/templates/deployment-api.yaml | 85 +++++++ charts/armada/templates/ingress-api.yaml | 59 +++++ charts/armada/templates/job-ks-endpoints.yaml | 69 ++++++ charts/armada/templates/job-ks-service.yaml | 63 +++++ charts/armada/templates/job-ks-user.yaml | 65 +++++ .../armada/templates/secret-keystone-env.yaml | 31 +++ charts/armada/templates/service-ingress.yaml | 32 +++ charts/armada/templates/service.yaml | 36 +++ charts/armada/values.yaml | 224 ++++++++++++++++++ 15 files changed, 826 insertions(+) create mode 100644 charts/armada/.helmignore create mode 100644 charts/armada/Chart.yaml create mode 100644 charts/armada/requirements.yaml create mode 100644 charts/armada/templates/configmap-bin.yaml create mode 100644 charts/armada/templates/configmap-etc.yaml create mode 100644 charts/armada/templates/deployment-api.yaml create mode 100644 charts/armada/templates/ingress-api.yaml create mode 100644 charts/armada/templates/job-ks-endpoints.yaml create mode 100644 charts/armada/templates/job-ks-service.yaml create mode 100644 charts/armada/templates/job-ks-user.yaml create mode 100644 charts/armada/templates/secret-keystone-env.yaml create mode 100644 charts/armada/templates/service-ingress.yaml create mode 100644 charts/armada/templates/service.yaml create mode 100644 charts/armada/values.yaml diff --git a/.gitignore b/.gitignore index 5872473c..a91da7da 100644 --- a/.gitignore +++ b/.gitignore @@ -89,3 +89,11 @@ ENV/ # Rope project settings .ropeproject + +# Helm internals +*.lock +*/*.lock +*.tgz +**/*.tgz +**/_partials.tpl +**/_globals.tpl diff --git a/charts/armada/.helmignore b/charts/armada/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/charts/armada/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/armada/Chart.yaml b/charts/armada/Chart.yaml new file mode 100644 index 00000000..7c52b3f3 --- /dev/null +++ b/charts/armada/Chart.yaml @@ -0,0 +1,27 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: A Helm chart for Armada +name: armada +version: 0.1.0 +keywords: +- armada +home: http://armada-helm.readthedocs.io/en/latest/ +sources: +- https://github.com/att-comdev/armada +- https://github.com/att-comdev/aic-helm +maintainers: +- name: att-comdev +engine: gotpl diff --git a/charts/armada/requirements.yaml b/charts/armada/requirements.yaml new file mode 100644 index 00000000..53782e69 --- /dev/null +++ b/charts/armada/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/charts/armada/templates/configmap-bin.yaml b/charts/armada/templates/configmap-bin.yaml new file mode 100644 index 00000000..95138ca1 --- /dev/null +++ b/charts/armada/templates/configmap-bin.yaml @@ -0,0 +1,29 @@ +{{/* +Copyright 2017 The Armada Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: armada-bin +data: + ks-service.sh: | +{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }} + ks-endpoints.sh: | +{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }} + ks-user.sh: | +{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} + ks-domain-user.sh: | +{{- include "helm-toolkit.scripts.keystone_domain_user" . | indent 4 }} diff --git a/charts/armada/templates/configmap-etc.yaml b/charts/armada/templates/configmap-etc.yaml new file mode 100644 index 00000000..9589dc85 --- /dev/null +++ b/charts/armada/templates/configmap-etc.yaml @@ -0,0 +1,59 @@ +{{/* +Copyright 2017 The Armada Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_etc }} +{{- $envAll := . }} + +{{- if empty .Values.conf.armada.keystone_authtoken.auth_uri -}} +{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.armada.keystone_authtoken "auth_uri" | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.armada.keystone_authtoken.auth_url -}} +{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.armada.keystone_authtoken "auth_url" | quote | trunc 0 -}} +{{- end -}} + + +{{- $userIdentity := .Values.endpoints.identity.auth.user -}} + +{{- if empty .Values.conf.armada.keystone_authtoken.project_name -}} +{{- set .Values.conf.armada.keystone_authtoken "project_name" $userIdentity.project_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.armada.keystone_authtoken.project_domain_name -}} +{{- set .Values.conf.armada.keystone_authtoken "project_domain_name" $userIdentity.project_domain_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.armada.keystone_authtoken.user_domain_name -}} +{{- set .Values.conf.armada.keystone_authtoken "user_domain_name" $userIdentity.user_domain_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.armada.keystone_authtoken.username -}} +{{- set .Values.conf.armada.keystone_authtoken "username" $userIdentity.username | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.armada.keystone_authtoken.password -}} +{{- set .Values.conf.armada.keystone_authtoken "password" $userIdentity.password | quote | trunc 0 -}} +{{- end -}} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: armada-etc +data: + armada.conf: |+ +{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.armada | indent 4 }} + api-paste.ini: |+ +{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }} + policy.yaml: |+ +{{ toYaml .Values.conf.policy | indent 4 }} +{{- end }} diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml new file mode 100644 index 00000000..8ca9700d --- /dev/null +++ b/charts/armada/templates/deployment-api.yaml @@ -0,0 +1,85 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_api }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.api }} +{{- $mounts_armada_api := .Values.pod.mounts.armada_api.armada_api }} +{{- $mounts_armada_api_init := .Values.pod.mounts.armada_api.init_container }} +--- +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: armada-api +spec: + replicas: {{ .Values.pod.replicas.api }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "armada" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + affinity: +{{ tuple $envAll "armada" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }} + initContainers: +{{ tuple $envAll $dependencies $mounts_armada_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: armada-api + image: {{ .Values.images.tags.api }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + runAsUser: {{ .Values.pod.user.armada.uid }} + ports: + - containerPort: {{ .Values.conf.armada.armada_api.bind_port }} + readinessProbe: + tcpSocket: + port: {{ .Values.conf.armada.armada_api.bind_port }} + volumeMounts: + - name: pod-etc-armada + mountPath: /etc/armada + - name: armada-etc + mountPath: /etc/armada/armada.conf + subPath: armada.conf + readOnly: true + - name: armada-etc + mountPath: /etc/armada/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: armada-etc + mountPath: /etc/armada/policy.yaml + subPath: policy.yaml + readOnly: true +{{ if $mounts_armada_api.volumeMounts }}{{ toYaml $mounts_armada_api.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-etc-armada + emptyDir: {} + - name: armada-bin + configMap: + name: armada-bin + defaultMode: 0555 + - name: armada-etc + configMap: + name: armada-etc + defaultMode: 0444 +{{ if $mounts_armada_api.volumes }}{{ toYaml $mounts_armada_api.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/charts/armada/templates/ingress-api.yaml b/charts/armada/templates/ingress-api.yaml new file mode 100644 index 00000000..eafa0ca8 --- /dev/null +++ b/charts/armada/templates/ingress-api.yaml @@ -0,0 +1,59 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.ingress_api }} +{{- $envAll := . }} +{{- if .Values.network.api.ingress.public }} +{{- $backendServiceType := "armada" }} +{{- $backendPort := "http" }} +{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} +{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $ingressName }} + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / +spec: + rules: +{{ if ne $hostNameNamespaced $hostNameFull }} +{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }} + - host: {{ $vHost }} + http: + paths: + - path: / + backend: + serviceName: {{ $backendName }} + servicePort: {{ $backendPort }} +{{- end }} +{{- else }} +{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced }} + - host: {{ $vHost }} + http: + paths: + - path: / + backend: + serviceName: {{ $backendName }} + servicePort: {{ $backendPort }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/armada/templates/job-ks-endpoints.yaml b/charts/armada/templates/job-ks-endpoints.yaml new file mode 100644 index 00000000..b8a2d03f --- /dev/null +++ b/charts/armada/templates/job-ks-endpoints.yaml @@ -0,0 +1,69 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +--- +{{- if .Values.manifests.job_ks_endpoints }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.ks_endpoints }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: armada-ks-endpoints +spec: + template: + metadata: + labels: +{{ tuple $envAll "armada" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +{{- range $key1, $osServiceType := tuple "armada" }} +{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} + - name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }} + image: {{ $envAll.Values.images.tags.ks_endpoints }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-endpoints.sh + volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: OS_SVC_ENDPOINT + value: {{ $osServiceEndPoint }} + - name: OS_SERVICE_NAME + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType }} + - name: OS_SERVICE_ENDPOINT + value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} +{{- end }} +{{- end }} + volumes: + - name: ks-endpoints-sh + configMap: + name: armada-bin + defaultMode: 0555 +{{- end -}} diff --git a/charts/armada/templates/job-ks-service.yaml b/charts/armada/templates/job-ks-service.yaml new file mode 100644 index 00000000..408118e3 --- /dev/null +++ b/charts/armada/templates/job-ks-service.yaml @@ -0,0 +1,63 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_service }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.ks_service }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: armada-ks-service +spec: + template: + metadata: + labels: +{{ tuple $envAll "armada" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +{{- range $key1, $osServiceType := tuple "armada" }} + - name: {{ $osServiceType }}-ks-service-registration + image: {{ $envAll.Values.images.tags.ks_service }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_service | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-service.sh + volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: OS_SERVICE_NAME + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType }} +{{- end }} + volumes: + - name: ks-service-sh + configMap: + name: armada-bin + defaultMode: 0555 +{{- end }} diff --git a/charts/armada/templates/job-ks-user.yaml b/charts/armada/templates/job-ks-user.yaml new file mode 100644 index 00000000..40583e0c --- /dev/null +++ b/charts/armada/templates/job-ks-user.yaml @@ -0,0 +1,65 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_user }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.ks_user }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: armada-ks-user +spec: + template: + metadata: + labels: +{{ tuple $envAll "armada" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: armada-ks-user + image: {{ .Values.images.tags.ks_user }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_SERVICE_NAME + value: "armada" +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }} +{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_ROLE + value: {{ .Values.endpoints.identity.auth.user.role | quote }} + volumes: + - name: ks-user-sh + configMap: + name: armada-bin + defaultMode: 0555 +{{- end }} + diff --git a/charts/armada/templates/secret-keystone-env.yaml b/charts/armada/templates/secret-keystone-env.yaml new file mode 100644 index 00000000..750da107 --- /dev/null +++ b/charts/armada/templates/secret-keystone-env.yaml @@ -0,0 +1,31 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_keystone }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "user" }} +{{- $secretName := index $envAll.Values.secrets.identity $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: +{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}} +{{- end }} +{{- end }} + diff --git a/charts/armada/templates/service-ingress.yaml b/charts/armada/templates/service-ingress.yaml new file mode 100644 index 00000000..2e50e4f7 --- /dev/null +++ b/charts/armada/templates/service-ingress.yaml @@ -0,0 +1,32 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_ingress_api }} +{{- $envAll := . }} +{{- if .Values.network.api.ingress.public }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "armada" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 80 + selector: + app: ingress-api +{{- end }} +{{- end }} diff --git a/charts/armada/templates/service.yaml b/charts/armada/templates/service.yaml new file mode 100644 index 00000000..3d44c568 --- /dev/null +++ b/charts/armada/templates/service.yaml @@ -0,0 +1,36 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_api }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "armada" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: armada-api + port: {{ .Values.conf.armada.armada_api.bind_port }} + {{ if .Values.network.api.node_port.enabled }} + nodePort: {{ .Values.network.api.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "armada" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.api.node_port.enabled }} + type: NodePort + {{ end }} +{{- end }} diff --git a/charts/armada/values.yaml b/charts/armada/values.yaml new file mode 100644 index 00000000..9a22f788 --- /dev/null +++ b/charts/armada/values.yaml @@ -0,0 +1,224 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file provides defaults for armada + +release_group: null + +labels: + node_selector_key: ucp-control-plane + node_selector_value: enabled + +images: + tags: + api: quay.io/attcomdev/armada:latest + dep_check: docker.io/kolla/ubuntu-source-kubernetes-entrypoint:4.0.0 + ks_endpoints: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3 + ks_service: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3 + ks_user: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3 + + pull_policy: "IfNotPresent" + +network: + api: + ingress: + public: false + node_port: + enabled: true + port: 31903 + +dependencies: + ks_user: + services: + - service: identity + endpoint: internal + ks_service: + services: + - service: identity + endpoint: internal + ks_endpoints: + jobs: + - armada-ks-service + services: + - service: identity + endpoint: internal + api: + jobs: + - armada-ks-service + - armada-ks-user + services: + - service: identity + endpoint: internal + +# typically overriden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + cluster_domain_suffix: cluster.local + identity: + name: keystone + auth: + admin: + password: password + project_domain_name: default + project_name: admin + region_name: RegionOne + user_domain_name: default + username: admin + user: + password: armada + project_domain_name: ucp + project_name: service + region_name: RegionOne + role: admin + user_domain_name: ucp + username: armada + hosts: + default: keystone-api + public: keystone + path: + default: /v3 + scheme: + default: http + port: + admin: + default: 35357 + api: + default: 80 + host_fqdn_override: + default: null + armada: + name: armada + hosts: + default: armada-api + public: armada + port: + api: + default: 8000 + path: + default: /api/v1.0 + scheme: + default: http + host_fqdn_override: + default: null + +secrets: + identity: + admin: armada-keystone-admin + user: armada-keystone-user + +conf: + armada: + DEFAULT: + keystone_authtoken: + auth_type: password + auth_version: 3 + delay_auth_decision: true + password: armada + project_domain_name: ucp + project_name: service + user_domain_name: ucp + user_name: armada + armada_api: + bind_port: 8000 + paste: + app:armada-api: + paste.app_factory: armada.api.server:paste_start_armada + pipeline:main: + pipeline: authtoken armada-api + filter:authtoken: + paste.filter_factory: keystonemiddleware.auth_token:filter_factory + policy: + admin_required: "role:admin" + service_or_admin: "rule:admin_required or rule:service_role" + service_role: "role:service" + armada:create_endpoints: "rule:admin_required" + armada:validate_manifest: "rule:admin_required" + armada:test_release: "rule:admin_required" + armada:test_manifest: "rule:admin_required" + tiller:get_status: "rule:admin_required" + tiller:get_released: "rule:admin_required" + +pod: + mounts: + armada_api: + init_container: null + user: + armada: + uid: 1000 + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + replicas: + api: 1 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + disruption_budget: + api: + min_available: 0 + termination_grace_period: + api: + timeout: 30 + resources: + enabled: false + api: + limits: + memory: "128Mi" + cpu: "100m" + requests: + memory: "128Mi" + cpu: "100m" + jobs: + ks_user: + limits: + memory: "128Mi" + cpu: "100m" + requests: + memory: "128Mi" + cpu: "100m" + ks_service: + limits: + memory: "128Mi" + cpu: "100m" + requests: + memory: "128Mi" + cpu: "100m" + ks_endpoints: + limits: + memory: "128Mi" + cpu: "100m" + requests: + memory: "128Mi" + cpu: "100m" + +manifests: + configmap_bin: true + configmap_etc: true + deployment_api: true + ingress_api: true + job_ks_endpoints: true + job_ks_service: true + job_ks_user: true + secret_keystone: true + service_api: true + service_ingress_api: true