diff --git a/charts/drydock/templates/deployment.yaml b/charts/drydock/templates/deployment.yaml index 29d52bd0..9e25f684 100644 --- a/charts/drydock/templates/deployment.yaml +++ b/charts/drydock/templates/deployment.yaml @@ -15,9 +15,8 @@ {{- if .Values.manifests.deployment_drydock }} {{- $envAll := . -}} -{{- $dependencies := .Values.dependencies.api }} {{- $serviceAccountName := "drydock-api" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: apps/v1beta1 kind: Deployment @@ -39,7 +38,7 @@ spec: affinity: {{ tuple $envAll "drydock" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "api" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: drydock-api env: @@ -85,6 +84,7 @@ spec: mountPath: /root/.ssh/config readOnly: true {{- end }} + workingDir: /tmp/drydock volumes: {{- if .Values.manifests.secret_ssh_key }} - name: root-ssh diff --git a/charts/drydock/templates/job-drydock-db-init.yaml b/charts/drydock/templates/job-drydock-db-init.yaml index 9ecfcead..4591ed1d 100644 --- a/charts/drydock/templates/job-drydock-db-init.yaml +++ b/charts/drydock/templates/job-drydock-db-init.yaml @@ -16,9 +16,8 @@ limitations under the License. {{- if .Values.manifests.job_drydock_db_init }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.db_init }} {{- $serviceAccountName := "drydock-db-init" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "db_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -33,9 +32,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "db_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: drydock-db-init image: {{ .Values.images.tags.drydock_db_init | quote }} diff --git a/charts/drydock/templates/job-drydock-db-sync.yaml b/charts/drydock/templates/job-drydock-db-sync.yaml index cc770def..dd8a0619 100644 --- a/charts/drydock/templates/job-drydock-db-sync.yaml +++ b/charts/drydock/templates/job-drydock-db-sync.yaml @@ -16,9 +16,8 @@ limitations under the License. {{- if .Values.manifests.job_drydock_db_sync }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.db_sync }} {{- $serviceAccountName := "drydock-db-sync" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "db_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -33,9 +32,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "db_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: drydock-db-sync image: {{ .Values.images.tags.drydock_db_sync | quote }} @@ -54,6 +53,7 @@ spec: mountPath: /tmp/db-sync.sh subPath: db-sync.sh readOnly: true + workingDir: /tmp/drydock volumes: - name: drydock-bin configMap: diff --git a/charts/drydock/templates/job-ks-endpoints.yaml b/charts/drydock/templates/job-ks-endpoints.yaml index 309874c8..cc779c0c 100755 --- a/charts/drydock/templates/job-ks-endpoints.yaml +++ b/charts/drydock/templates/job-ks-endpoints.yaml @@ -14,59 +14,6 @@ # limitations under the License. */}} {{- if .Values.manifests.job_ks_endpoints }} -{{- $envAll := . }} -{{- $dependencies := .Values.dependencies.ks_endpoints }} -{{- $serviceAccountName := "drydock-ks-endpoints" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: drydock-ks-endpoints -spec: - template: - metadata: - labels: -{{ tuple $envAll "drydock" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: -{{- range $key1, $osServiceType := tuple "physicalprovisioner" }} -{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} - - name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }} - image: {{ $envAll.Values.images.tags.ks_endpoints }} - imagePullPolicy: {{ $envAll.Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ks-endpoints.sh - volumeMounts: - - name: ks-endpoints-sh - mountPath: /tmp/ks-endpoints.sh - subPath: ks-endpoints.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - - name: OS_SVC_ENDPOINT - value: {{ $osServiceEndPoint }} - - name: OS_SERVICE_NAME - value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }} - - name: OS_SERVICE_TYPE - value: {{ $osServiceType }} - - name: OS_SERVICE_ENDPOINT - value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} -{{- end }} -{{- end }} - volumes: - - name: ks-endpoints-sh - configMap: - name: drydock-bin - defaultMode: 0555 -... -{{- end -}} +{{- $ksServiceJob := dict "envAll" . "serviceName" "drydock" "serviceTypes" ( tuple "physicalprovisioner" ) -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} +{{- end }} \ No newline at end of file diff --git a/charts/drydock/templates/job-ks-service.yaml b/charts/drydock/templates/job-ks-service.yaml index a9598ad5..f85e07b0 100755 --- a/charts/drydock/templates/job-ks-service.yaml +++ b/charts/drydock/templates/job-ks-service.yaml @@ -13,56 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{- if .Values.manifests.job_ks_service -}} - -{{- $envAll := . }} -{{- $ksAdminSecret := .Values.secrets.identity.admin }} -{{- $dependencies := .Values.dependencies.ks_service }} -{{- $serviceAccountName := "drydock-ks-service" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: drydock-ks-service -spec: - template: - metadata: - labels: -{{ tuple $envAll "drydock" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: -{{- range $key1, $osServiceType := tuple "physicalprovisioner" }} - - name: {{ $osServiceType }}-ks-service-registration - image: {{ $envAll.Values.images.tags.ks_service }} - imagePullPolicy: {{ $envAll.Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_service | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ks-service.sh - volumeMounts: - - name: ks-service-sh - mountPath: /tmp/ks-service.sh - subPath: ks-service.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - - name: OS_SERVICE_NAME - value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }} - - name: OS_SERVICE_TYPE - value: {{ $osServiceType }} -{{- end }} - volumes: - - name: ks-service-sh - configMap: - name: drydock-bin - defaultMode: 0555 -... -{{- end -}} +{{- if .Values.manifests.job_ks_service }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "drydock" "serviceTypes" ( tuple "physicalprovisioner" ) -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} +{{- end }} \ No newline at end of file diff --git a/charts/drydock/templates/job-ks-user.yaml b/charts/drydock/templates/job-ks-user.yaml index 7be05d90..0f90e9b0 100755 --- a/charts/drydock/templates/job-ks-user.yaml +++ b/charts/drydock/templates/job-ks-user.yaml @@ -14,57 +14,6 @@ # limitations under the License. */}} {{- if .Values.manifests.job_ks_user }} - -{{- $envAll := . }} -{{- $dependencies := .Values.dependencies.ks_user }} -{{- $serviceAccountName := "drydock-ks-user" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: drydock-ks-user -spec: - template: - metadata: - labels: -{{ tuple $envAll "drydock" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: drydock-ks-user - image: {{ .Values.images.tags.ks_user }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ks-user.sh - volumeMounts: - - name: ks-user-sh - mountPath: /tmp/ks-user.sh - subPath: ks-user.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- $ksUserJob := dict "envAll" . "serviceName" "drydock" -}} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} {{- end }} - - name: SERVICE_OS_SERVICE_NAME - value: {{ $envAll.Values.endpoints.physicalprovisioner.name | quote }} - - name: SERVICE_OS_DOMAIN_NAME - value: {{ $envAll.Values.endpoints.identity.auth.user.project_domain_name | quote }} -{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.user }} -{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_ROLE - value: {{ $envAll.Values.endpoints.identity.auth.user.role | quote }} - volumes: - - name: ks-user-sh - configMap: - name: drydock-bin - defaultMode: 0555 -... -{{- end -}} diff --git a/charts/drydock/templates/secret-keystone-env.yaml b/charts/drydock/templates/secret-keystone-env.yaml index 803493fe..addbf235 100755 --- a/charts/drydock/templates/secret-keystone-env.yaml +++ b/charts/drydock/templates/secret-keystone-env.yaml @@ -15,7 +15,7 @@ */}} {{- if .Values.manifests.secret_keystone }} {{- $envAll := . }} -{{- range $key1, $userClass := tuple "admin" "user" }} +{{- range $key1, $userClass := tuple "admin" "drydock" }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }} --- apiVersion: v1 diff --git a/charts/drydock/templates/secret-ssh-key.yaml b/charts/drydock/templates/secret-ssh-key.yaml index 809f4447..0aa92be1 100644 --- a/charts/drydock/templates/secret-ssh-key.yaml +++ b/charts/drydock/templates/secret-ssh-key.yaml @@ -23,6 +23,6 @@ metadata: type: Opaque data: PRIVATE_KEY: |- -{{ .Values.conf.ssh.private_key | b64enc | indent 4 }} +{{ .Values.conf.ssh.private_key | default "" | b64enc | indent 4 }} ... {{- end }} diff --git a/charts/drydock/values.yaml b/charts/drydock/values.yaml index bec98cb4..318a4e3b 100644 --- a/charts/drydock/values.yaml +++ b/charts/drydock/values.yaml @@ -18,19 +18,29 @@ replicas: drydock: 2 labels: - node_selector_key: ucp-control-plane - node_selector_value: enabled + api: + node_selector_key: ucp-control-plane + node_selector_value: enabled + job: + node_selector_key: ucp-control-plane + node_selector_value: enabled images: tags: - drydock: quay.io/attcomdev/drydock:1.0.1 + drydock: quay.io/airshipit/drydock:master dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 ks_user: docker.io/openstackhelm/heat:newton ks_service: docker.io/openstackhelm/heat:newton ks_endpoints: docker.io/openstackhelm/heat:newton drydock_db_init: docker.io/postgres:9.5 - drydock_db_sync: quay.io/attcomdev/drydock:1.0.1 + drydock_db_sync: quay.io/airshipit/drydock:master pull_policy: "IfNotPresent" + #TODO(mattmceuen): This chart does not yet support local image caching + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync network: api: @@ -113,7 +123,7 @@ manifests: job_drydock_db_sync: true secret_keystone: true secret_database: true - secret_ssh_key: false + secret_ssh_key: true configmap_etc: true configmap_bin: true service_drydock: true @@ -122,56 +132,57 @@ manifests: test_drydock_auth: true dependencies: - db_init: - services: - - service: postgresql - endpoint: internal - db_sync: - services: - - service: postgresql - endpoint: internal - jobs: - - drydock-db-init - ks_user: - services: - - service: identity - endpoint: internal - ks_service: - services: - - service: identity - endpoint: internal - ks_endpoints: - jobs: - - drydock-ks-service - services: - - service: identity - endpoint: internal - api: - jobs: - - drydock-ks-endpoints - - drydock-ks-user - - drydock-ks-endpoints - - drydock-db-init - - drydock-db-sync - services: - - service: identity - endpoint: internal - - service: postgresql - endpoint: internal + dynamic: + common: + local_image_registry: + jobs: + - drydock-image-repo-sync + services: + - endpoint: node + service: local_image_registry + static: + db_init: + services: + - service: postgresql + endpoint: internal + db_sync: + services: + - service: postgresql + endpoint: internal + jobs: + - drydock-db-init + ks_user: + services: + - service: identity + endpoint: internal + ks_service: + services: + - service: identity + endpoint: internal + ks_endpoints: + jobs: + - drydock-ks-service + services: + - service: identity + endpoint: internal + api: + jobs: + - drydock-ks-endpoints + - drydock-ks-user + - drydock-ks-service + - drydock-db-init + - drydock-db-sync + services: + - service: identity + endpoint: internal + - service: postgresql + endpoint: internal endpoints: cluster_domain_suffix: cluster.local identity: name: keystone auth: - user: - region_name: RegionOne - role: admin - project_name: service - project_domain_name: default - user_domain_name: default - username: drydock - password: password admin: region_name: RegionOne project_name: admin @@ -179,6 +190,14 @@ endpoints: username: admin user_domain_name: default project_domain_name: default + drydock: + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: drydock + password: password hosts: default: keystone internal: keystone-api @@ -229,7 +248,7 @@ endpoints: secrets: identity: admin: drydock-keystone-admin - user: drydock-keystone-user + drydock: drydock-keystone-user postgresql: admin: drydock-postgresql-admin user: drydock-postgresql-user diff --git a/tools/helm_tk.sh b/tools/helm_tk.sh index 3af967a4..9260734b 100755 --- a/tools/helm_tk.sh +++ b/tools/helm_tk.sh @@ -16,9 +16,9 @@ # Script to setup helm-toolkit and helm dep up the shipyard chart # HELM=$1 -HTK_REPO=${HTK_REPO:-"https://github.com/openstack/openstack-helm"} +HTK_REPO=${HTK_REPO:-"https://github.com/openstack/openstack-helm-infra"} HTK_PATH=${HTK_PATH:-""} -HTK_STABLE_COMMIT=${HTK_COMMIT:-"f902cd14fac7de4c4c9f7d019191268a6b4e9601"} +HTK_STABLE_COMMIT=${HTK_COMMIT:-"274b230dcc8960af4fe44a871addcb5aacef3dba"} DEP_UP_LIST=${DEP_UP_LIST:-"drydock"} BUILD_DIR=${BUILD_DIR:-$(mktemp -d)} @@ -36,7 +36,7 @@ function helm_serve { if [[ -d "$HOME/.helm" ]]; then echo ".helm directory found" else - "${HELM}" init --client-only + ${HELM} init --client-only --skip-refresh fi if [[ -z $(curl --noproxy '*' -s 127.0.0.1:8879 | grep 'Helm Repository') ]]; then "${HELM}" serve & > /dev/null @@ -58,7 +58,7 @@ function helm_serve { mkdir -p "$BUILD_DIR" pushd "$BUILD_DIR" git clone $HTK_REPO || true -pushd openstack-helm/$HTK_PATH +pushd openstack-helm-infra/$HTK_PATH git reset --hard "${HTK_STABLE_COMMIT}" helm_serve