diff --git a/.helmignore b/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/drydock/Chart.yaml b/charts/drydock/Chart.yaml new file mode 100644 index 00000000..ee50e069 --- /dev/null +++ b/charts/drydock/Chart.yaml @@ -0,0 +1,25 @@ +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: A Helm chart for Drydock +name: drydock +version: 0.1.0 +keywords: +- drydock +home: https://github.com/att-comdev/drydock +sources: +- https://github.com/att-comdev/aic-helm +maintainers: +- name: att-comdev diff --git a/charts/drydock/requirements.yaml b/charts/drydock/requirements.yaml new file mode 100755 index 00000000..6377894f --- /dev/null +++ b/charts/drydock/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/charts/drydock/templates/bin/_db-init.sh.tpl b/charts/drydock/templates/bin/_db-init.sh.tpl new file mode 100644 index 00000000..4ec31de5 --- /dev/null +++ b/charts/drydock/templates/bin/_db-init.sh.tpl @@ -0,0 +1,43 @@ +#!/bin/bash + +{{/* +Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +export HOME=/tmp + +pgsql_superuser_cmd () { + DB_COMMAND="$1" + if [[ ! -z $2 ]]; then + EXPORT PGDATABASE=$2 + fi + + psql \ + -h $DB_FQDN \ + -p $DB_PORT \ + -U ${ROOT_DB_USER} \ + --command="${DB_COMMAND}" +} + +# Create db +pgsql_superuser_cmd "SELECT 1 FROM pg_database WHERE datname = '$DB_NAME';" | grep -q 1 || pgsql_superuser_cmd "CREATE DATABASE $DB_NAME;" + +# Create db user +pgsql_superuser_cmd "SELECT * FROM pg_roles WHERE rolname = '$DB_USER';" | tail -n +3 | head -n -2 | grep -q 1 || \ + pgsql_superuser_cmd "CREATE ROLE ${DB_USER} LOGIN PASSWORD '$DB_PASS';" + +# Grant permissions to user +pgsql_superuser_cmd "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME to $DB_USER;" diff --git a/charts/drydock/templates/bin/_db-sync.sh.tpl b/charts/drydock/templates/bin/_db-sync.sh.tpl new file mode 100644 index 00000000..cc091d55 --- /dev/null +++ b/charts/drydock/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* +Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +alembic upgrade head diff --git a/charts/drydock/templates/configmap-bin.yaml b/charts/drydock/templates/configmap-bin.yaml new file mode 100755 index 00000000..c7b52934 --- /dev/null +++ b/charts/drydock/templates/configmap-bin.yaml @@ -0,0 +1,36 @@ +{{/* +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. */}} + +{{- if .Values.manifests.configmap_bin }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: drydock-bin +data: + ks-service.sh: | +{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }} + ks-endpoints.sh: | +{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }} + ks-user.sh: | +{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} + ks-domain-user.sh: | +{{- include "helm-toolkit.scripts.keystone_domain_user" . | indent 4 }} + db-init.sh: |+ +{{ tuple "bin/_db-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + db-sync.sh: |+ +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +... +{{- end -}} diff --git a/charts/drydock/templates/configmap-etc.yaml b/charts/drydock/templates/configmap-etc.yaml new file mode 100644 index 00000000..f16685b9 --- /dev/null +++ b/charts/drydock/templates/configmap-etc.yaml @@ -0,0 +1,79 @@ +{{/* +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. */}} + +{{- if .Values.manifests.configmap_etc }} +{{- $envAll := . }} + +# Render Database connection string if it is not explicitly configured + +{{- if empty .Values.conf.drydock.database.database_connect_string -}} +{{- tuple "postgresql" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.drydock.database "database_connect_string" | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.drydock.keystone_authtoken.auth_uri -}} +{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.drydock.keystone_authtoken "auth_uri" | quote | trunc 0 -}} +{{- end -}} + +# FIXME(sh8121att) fix for broken keystonemiddleware oslo config gen in newton - will remove in future +{{- if empty .Values.conf.drydock.keystone_authtoken.auth_url -}} +{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.drydock.keystone_authtoken "auth_url" | quote | trunc 0 -}} +{{- end -}} + +{{- $userIdentity := .Values.endpoints.identity.auth.user -}} + +{{- if empty .Values.conf.drydock.keystone_authtoken.project_name -}} +{{- set .Values.conf.drydock.keystone_authtoken "project_name" $userIdentity.project_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.drydock.keystone_authtoken.project_domain_name -}} +{{- set .Values.conf.drydock.keystone_authtoken "project_domain_name" $userIdentity.project_domain_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.drydock.keystone_authtoken.user_domain_name -}} +{{- set .Values.conf.drydock.keystone_authtoken "user_domain_name" $userIdentity.user_domain_name | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.drydock.keystone_authtoken.username -}} +{{- set .Values.conf.drydock.keystone_authtoken "username" $userIdentity.username | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.drydock.keystone_authtoken.password -}} +{{- set .Values.conf.drydock.keystone_authtoken "password" $userIdentity.password | quote | trunc 0 -}} +{{- end -}} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: drydock-etc +data: + drydock.conf: |+ +{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.drydock | indent 4 }} + api-paste.ini: |+ +{{ if .Values.conf.paste.override -}} +{{ .Values.conf.paste.override | indent 4 }} +{{- else -}} +{{- if .Values.conf.paste.prefix -}} +{{ .Values.conf.paste.prefix | indent 4 }} +{{- end }} +{{ tuple "etc/_api-paste.ini.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- if .Values.conf.paste.append -}} +{{ .Values.conf.paste.append | indent 4 }} +{{- end }} +{{- end }} + policy.yaml: |+ +{{ if .Values.conf.policy.override -}} +{{ .Values.conf.policy.override | indent 4 }} +{{- else -}} +{{ tuple "etc/_policy.yaml.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} +... +{{- end }} diff --git a/charts/drydock/templates/deployment.yaml b/charts/drydock/templates/deployment.yaml new file mode 100644 index 00000000..23e13fdd --- /dev/null +++ b/charts/drydock/templates/deployment.yaml @@ -0,0 +1,82 @@ +{{/* +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. */}} + +{{- if .Values.manifests.deployment_drydock }} +{{- $envAll := . -}} +{{- $dependencies := .Values.dependencies.api }} +--- +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: drydock-api +spec: + replicas: {{ .Values.replicas.drydock }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "drydock" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + restartPolicy: Always + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: drydock-api + env: + - name: 'MAAS_API_KEY' + valueFrom: + secretKeyRef: + name: 'maas-api-key' + key: 'token' + image: {{ .Values.images.drydock }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + ports: + - name: drydock-api + containerPort: {{ tuple "physicalprovisioner" "default" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + volumeMounts: + - name: etc-drydock + mountPath: /etc/drydock + - name: drydock-etc + subPath: drydock.conf + mountPath: /etc/drydock/drydock.conf + readOnly: true + - name: drydock-etc + subPath: api-paste.ini + mountPath: /etc/drydock/api-paste.ini + readOnly: true + - name: drydock-etc + subPath: policy.yaml + mountPath: /etc/drydock/policy.yaml + readOnly: true + - name: drydock-bootdata + mountPath: /etc/drydock/bootdata + readOnly: true + volumes: + - name: etc-drydock + emptyDir: {} + - name: drydock-etc + configMap: + name: drydock-etc + defaultMode: 0444 + - name: drydock-bootdata + configMap: + name: promenade-join-sh + defaultMode: 0555 +... +{{- end }} diff --git a/charts/drydock/templates/etc/_api-paste.ini.tpl b/charts/drydock/templates/etc/_api-paste.ini.tpl new file mode 100755 index 00000000..ca288e4f --- /dev/null +++ b/charts/drydock/templates/etc/_api-paste.ini.tpl @@ -0,0 +1,21 @@ +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +[app:drydock-api] +paste.app_factory = drydock_provisioner.drydock:paste_start_drydock + +[pipeline:main] +pipeline = authtoken drydock-api + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory diff --git a/charts/drydock/templates/etc/_policy.yaml.tpl b/charts/drydock/templates/etc/_policy.yaml.tpl new file mode 100755 index 00000000..fb194106 --- /dev/null +++ b/charts/drydock/templates/etc/_policy.yaml.tpl @@ -0,0 +1,46 @@ +# Actions requiring admin authority +#"admin_required": "role:admin or is_admin:1" + +# Get task status +# GET /api/v1.0/tasks +# GET /api/v1.0/tasks/{task_id} +#"physical_provisioner:read_task": "role:admin" + +# Create validate_design task +# POST /api/v1.0/tasks +#"physical_provisioner:validate_design": "role:admin" + +# Create verify_site task +# POST /api/v1.0/tasks +#"physical_provisioner:verify_site": "role:admin" + +# Create prepare_site task +# POST /api/v1.0/tasks +#"physical_provisioner:prepare_site": "role:admin" + +# Create verify_node task +# POST /api/v1.0/tasks +#"physical_provisioner:verify_node": "role:admin" + +# Create prepare_node task +# POST /api/v1.0/tasks +#"physical_provisioner:prepare_node": "role:admin" + +# Create deploy_node task +# POST /api/v1.0/tasks +#"physical_provisioner:deploy_node": "role:admin" + +# Create destroy_node task +# POST /api/v1.0/tasks +#"physical_provisioner:destroy_node": "role:admin" + +# Read loaded design data +# GET /api/v1.0/designs +# GET /api/v1.0/designs/{design_id} +#"physical_provisioner:read_data": "role:admin" + +# Load design data +# POST /api/v1.0/designs +# POST /api/v1.0/designs/{design_id}/parts +#"physical_provisioner:ingest_data": "role:admin" + diff --git a/charts/drydock/templates/job-drydock-db-init.yaml b/charts/drydock/templates/job-drydock-db-init.yaml new file mode 100644 index 00000000..cb7e3291 --- /dev/null +++ b/charts/drydock/templates/job-drydock-db-init.yaml @@ -0,0 +1,58 @@ +{{/* +Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_drydock_db_sync }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.db_sync }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: drydock-db-sync +spec: + template: + metadata: + labels: +{{ tuple $envAll "drydock" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: drydock-db-sync + image: {{ .Values.images.drydock_db_sync | quote }} + imagePullPolicy: {{ .Values.images.pull_policy | quote }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.drydock_db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: DRYDOCK_DB_URL + value: {{ tuple "postgresql" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | quote }} + command: + - /tmp/db-sync.sh + volumeMounts: + - name: drydock-bin + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + readOnly: true + volumes: + - name: drydock-bin + configMap: + name: drydock-bin + defaultMode: 0555 +... +{{- end }} + diff --git a/charts/drydock/templates/job-drydock-db-sync.yaml b/charts/drydock/templates/job-drydock-db-sync.yaml new file mode 100644 index 00000000..746b5823 --- /dev/null +++ b/charts/drydock/templates/job-drydock-db-sync.yaml @@ -0,0 +1,68 @@ +{{/* +Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_drydock_db_init }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.db_init }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: drydock-db-init +spec: + template: + metadata: + labels: +{{ tuple $envAll "drydock" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: drydock-db-init + image: {{ .Values.images.drydock_db_init | quote }} + imagePullPolicy: {{ .Values.images.pull_policy | quote }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.drydock_db_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: DB_NAME + value: {{ .Values.database.postgresql.db_name | quote }} + - name: DB_USER + value: {{ .Values.endpoints.postgresql.auth.user.username | quote }} + - name: DB_PASS + value: {{ .Values.endpoints.postgresql.auth.user.password | quote}} + - name: DB_FQDN + value: {{ tuple "postgresql" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" | quote}} + - name: DB_PORT + value: {{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} + - name: ROOT_DB_USER + value: {{ .Values.endpoints.postgresql.auth.admin.username | quote }} + command: + - /tmp/db-init.sh + volumeMounts: + - name: drydock-bin + mountPath: /tmp/db-init.sh + subPath: db-init.sh + readOnly: true + volumes: + - name: drydock-bin + configMap: + name: drydock-bin + defaultMode: 0555 +... +{{- end }} + diff --git a/charts/drydock/templates/job-ks-endpoints.yaml b/charts/drydock/templates/job-ks-endpoints.yaml new file mode 100755 index 00000000..e01764d0 --- /dev/null +++ b/charts/drydock/templates/job-ks-endpoints.yaml @@ -0,0 +1,70 @@ +{{/* +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. */}} + +{{- if .Values.manifests.job_ks_endpoints }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.ks_endpoints }} + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: drydock-ks-endpoints +spec: + template: + metadata: + labels: +{{ tuple $envAll "drydock" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +{{- range $key1, $osServiceType := tuple "physicalprovisioner" }} +{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} + - name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }} + image: {{ $envAll.Values.images.ks_endpoints }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-endpoints.sh + volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: OS_SVC_ENDPOINT + value: {{ $osServiceEndPoint }} + - name: OS_SERVICE_NAME + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType }} + - name: OS_SERVICE_ENDPOINT + value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} +{{- end }} +{{- end }} + volumes: + - name: ks-endpoints-sh + configMap: + name: drydock-bin + defaultMode: 0555 +... +{{- end -}} diff --git a/charts/drydock/templates/job-ks-service.yaml b/charts/drydock/templates/job-ks-service.yaml new file mode 100755 index 00000000..1e919fb1 --- /dev/null +++ b/charts/drydock/templates/job-ks-service.yaml @@ -0,0 +1,64 @@ +{{/* +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. */}} + +{{- if .Values.manifests.job_ks_service -}} + +{{- $envAll := . }} +{{- $ksAdminSecret := .Values.secrets.identity.admin }} +{{- $dependencies := .Values.dependencies.ks_service }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: drydock-ks-service +spec: + template: + metadata: + labels: +{{ tuple $envAll "drydock" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +{{- range $key1, $osServiceType := tuple "physicalprovisioner" }} + - name: {{ $osServiceType }}-ks-service-registration + image: {{ $envAll.Values.images.ks_service }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} + command: + - /tmp/ks-service.sh + volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: OS_SERVICE_NAME + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType }} +{{- end }} + volumes: + - name: ks-service-sh + configMap: + name: drydock-bin + defaultMode: 0555 +... +{{- end -}} diff --git a/charts/drydock/templates/job-ks-user.yaml b/charts/drydock/templates/job-ks-user.yaml new file mode 100755 index 00000000..8cb2ff17 --- /dev/null +++ b/charts/drydock/templates/job-ks-user.yaml @@ -0,0 +1,67 @@ +{{/* +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. */}} + +{{- if .Values.manifests.job_ks_user }} + +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.ks_user }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: drydock-ks-user +spec: + template: + metadata: + labels: +{{ tuple $envAll "drydock" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: drydock-ks-user + image: {{ .Values.images.ks_user }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_SERVICE_NAME + value: {{ $envAll.Values.endpoints.physicalprovisioner.name | quote }} + - name: SERVICE_OS_DOMAIN_NAME + value: {{ $envAll.Values.endpoints.identity.auth.user.project_domain_name | quote }} +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.user }} +{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_ROLE + value: {{ $envAll.Values.endpoints.identity.auth.user.role | quote }} + volumes: + - name: ks-user-sh + configMap: + name: drydock-bin + defaultMode: 0555 +... +{{- end -}} diff --git a/charts/drydock/templates/secret-keystone-env.yaml b/charts/drydock/templates/secret-keystone-env.yaml new file mode 100755 index 00000000..803493fe --- /dev/null +++ b/charts/drydock/templates/secret-keystone-env.yaml @@ -0,0 +1,30 @@ +{{/* +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if .Values.manifests.secret_keystone }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "user" }} +{{- $secretName := index $envAll.Values.secrets.identity $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: +{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 }} +... +{{- end }} +{{- end }} diff --git a/charts/drydock/templates/service.yaml b/charts/drydock/templates/service.yaml new file mode 100644 index 00000000..96566c9b --- /dev/null +++ b/charts/drydock/templates/service.yaml @@ -0,0 +1,33 @@ +{{/* # Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. */}} +{{- if .Values.manifests.service_drydock }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "physicalprovisioner" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: drydock-api + port: {{ tuple "physicalprovisioner" "default" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{ if .Values.network.api.nodeport.enabled }} + nodePort: {{ tuple "physicalprovisioner" "nodeport" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{ end }} + selector: +{{ tuple . "drydock" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.api.nodeport.enabled }} + type: NodePort + {{ end }} +... +{{- end -}} diff --git a/charts/drydock/values.yaml b/charts/drydock/values.yaml new file mode 100644 index 00000000..00d21268 --- /dev/null +++ b/charts/drydock/values.yaml @@ -0,0 +1,267 @@ +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file provides defaults for drydock + +replicas: + drydock: 2 + +labels: + node_selector_key: ucp-control-plane + node_selector_value: enabled + +images: + drydock: quay.io/attcomdev/drydock:1.0.1 + dep_check: docker.io/kolla/ubuntu-source-kubernetes-entrypoint:4.0.0 + ks_user: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3 + ks_service: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3 + ks_endpoints: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3 + drydock_db_init: docker.io/postgres:9.5 + drydock_db_sync: quay.io/attcomdev/drydock:1.0.1 + pull_policy: "IfNotPresent" + +network: + api: + nodeport: + enabled: true + +pod: + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + resources: + enabled: false + api: + limits: + memory: "128Mi" + cpu: "100m" + requests: + memory: "128Mi" + cpu: "100m" + jobs: + ks_user: + limits: + memory: "128Mi" + cpu: "100m" + requests: + memory: "128Mi" + cpu: "100m" + ks_service: + limits: + memory: "128Mi" + cpu: "100m" + requests: + memory: "128Mi" + cpu: "100m" + ks_endpoints: + limits: + memory: "128Mi" + cpu: "100m" + requests: + memory: "128Mi" + cpu: "100m" + drydock_db_sync: + limits: + memory: "128Mi" + cpu: "100m" + requests: + memory: "128Mi" + cpu: "100m" + drydock_db_init: + limits: + memory: "128Mi" + cpu: "100m" + requests: + memory: "128Mi" + cpu: "100m" + +manifests: + job_ks_service: true + job_ks_user: true + job_ks_endpoints: true + job_drydock_db_init: true + job_drydock_db_sync: true + secret_keystone: true + configmap_etc: true + configmap_bin: true + service_drydock: true + deployment_drydock: true + +dependencies: + db_init: + services: + - service: postgresql + endpoint: internal + db_sync: + services: + - service: postgresql + endpoint: internal + jobs: + - drydock-db-init + ks_user: + services: + - service: identity + endpoint: internal + ks_service: + services: + - service: identity + endpoint: internal + ks_endpoints: + jobs: + - drydock-ks-service + services: + - service: identity + endpoint: internal + api: + jobs: + - drydock-ks-endpoints + - drydock-ks-user + - drydock-ks-endpoints + - drydock-db-init + - drydock-db-sync + services: + - service: identity + endpoint: internal + - service: postgresql + endpoint: internal + +endpoints: + cluster_domain_suffix: cluster.local + identity: + name: keystone + auth: + user: + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: drydock + password: password + admin: + region_name: RegionOne + project_name: admin + password: password + username: admin + user_domain_name: default + project_domain_name: default + hosts: + default: keystone-api + public: keystone + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: http + port: + admin: + default: 35357 + api: + default: 80 + physicalprovisioner: + name: drydock + hosts: + default: drydock-api + port: + api: + default: 9000 + nodeport: 31900 + path: + default: /api/v1.0 + scheme: + default: http + host_fqdn_override: + default: null + postgresql: + name: postgresql + auth: + admin: + username: postgres + password: password + user: + username: drydock + password: password + hosts: + default: postgresql + path: /drydock + scheme: postgresql+psycopg2 + port: + postgresql: + default: 5432 + host_fqdn_override: + default: null + +secrets: + identity: + admin: drydock-keystone-admin + user: drydock-keystone-user + +database: + postgresql: + db_name: drydock + +# Settings for drydock.conf +conf: + drydock: + logging: + log_level: 'DEBUG' + global_logger_name: 'drydock' + oobdriver_logger_name: '${global_logger_name}.oobdriver' + nodedriver_logger_name: '${global_logger_name}.nodedriver' + control_logger_name: '${global_logger_name}.control' + maasdriver: + maas_api_key: 'override_this' + maas_api_url: 'override_this' + plugins: + ingester: + - 'drydock_provisioner.ingester.plugins.yaml.YamlIngester' + oob_driver: + - 'drydock_provisioner.drivers.oob.pyghmi_driver.driver.PyghmiDriver' + - 'drydock_provisioner.drivers.oob.manual_driver.driver.ManualDriver' + node_driver: 'drydock_provisioner.drivers.node.maasdriver.driver.MaasNodeDriver' + timeouts: + drydock_timeout: 5 + create_network_template: 2 + identify_node: 10 + configure_hardware: 30 + apply_node_networking: 5 + apply_node_platform: 5 + deploy_node: 45 + bootdata: + prom_init: '/etc/drydock/bootdata/join.sh' + keystone_authtoken: + delay_auth_decision: true + auth_type: password + auth_section: keystone_authtoken + database: + database_connect_string: null +# end drydock.conf + +# configs for api-paste.ini + paste: + override: + append: +# end api-paste.ini +# configs for policy.yaml + policy: + override: + append: +# end policy.yaml +