diff --git a/Makefile b/Makefile index 8539a8e..b83f5c9 100644 --- a/Makefile +++ b/Makefile @@ -13,9 +13,9 @@ # limitations under the License. MAAS_IMAGE_COMMON ?= maas -REGION_SUFFIX ?= regiond +REGION_SUFFIX ?= region REGION_IMG_DIR ?= images/maas-region-controller -RACK_SUFFIX ?= rackd +RACK_SUFFIX ?= rack RACK_IMG_DIR ?= images/maas-rack-controller CACHE_SUFFIX ?= cache CACHE_IMG_DIR ?= images/sstream-cache diff --git a/README.md b/README.md index c19cce5..da383dc 100644 --- a/README.md +++ b/README.md @@ -1 +1,56 @@ -# maas \ No newline at end of file +# MaaS Helm Artifacts + +This repository holds artifacts supporting the deployment of [Canonical MaaS](https://maas.io) +in a Kubernetes cluster. + +## Images + +The MaaS install is made up of two required imags and one optional image. The Dockerfiles +in this repo can be used to build all three. These images are intended to be deployed +via a Kubernetes Helm chart. + +### MaaS Region Controller + +The regiond [Dockerfile](images/maas-region-controller/Dockerfile) builds a systemD-based +Docker image to run the MaaS Region API server and metadata server. + +### MaaS Rack Controller + +The rackd [Dockerfile](images/maas-rack-controller/Dockerfile) builds a systemD-based +Docker image to run the MaaS Rack controller and dependent services (DHCPd, TFTPd, etc...). +This image needs to be run in privileged host networking mode to function. + +### MaaS Image Cache + +The cache image [Dockerfile](images/sstream-cache/Dockerfile) simply provides a point-in-time +mirror of the maas.io image repository so that if you are deploying MaaS somewhere +without network connectivity, you have a local copy of Ubuntu. Currently this only +mirrors Ubuntu 16.04 Xenial and does not update the mirror after image creation. + +## Charts + +Also provided is a Kubernetes [Helm chart](charts/maas) to deploy the MaaS pieces and +integrates them. This chart depends on a previous deployment of Postgres. The recommended +avenue for this is the [Openstack Helm Postgres chart](https://github.com/openstack/openstack-helm/tree/master/postgresql) +but any Postgres instance should work. + +### Overrides + +Chart overrides are likely required to deploy MaaS into your environment + +* values.labels.rack.node_selector_key - This is the Kubernetes label key for selecting nodes to deploy the rack controller +* values.labels.rack.node_selector_value - This is the Kubernetges label value for selecting nodes to deploy the rack controller +* values.labels.region.node_selector_key - this is the Kubernetes label key for selecting nodes to deploy the region controller +* values.labels.region.node_selector_value - This is the Kubernetes label value for selecting nodes to deploy the region controller +* values.conf.cache.enabled - Boolean on whether to use the repo cache image in the deployment +* values.conf.maas.url.maas_url - The URL rack controllers and nodes should use for accessing the region API (e.g. http://10.10.10.10:8080/MAAS) + +### Deployment Flow + +During deployment, the chart executes the below steps: + +1. Initializes the Postgres DB for MaaS +1. Starts a Pod with the region controller and optionally the image cache sidecar container +1. Once the region controller is running, deploy a Pod with the rack controller and join it to the region controller. +1. Initialize the configuration of MaaS and start the image sync +1. Export an API key into a Kubernetes secret so other Pods can access the API if needed diff --git a/charts/maas/templates/bin/_import-boot-resources.sh.tpl b/charts/maas/templates/bin/_import-boot-resources.sh.tpl index 829b2ea..a816181 100644 --- a/charts/maas/templates/bin/_import-boot-resources.sh.tpl +++ b/charts/maas/templates/bin/_import-boot-resources.sh.tpl @@ -49,6 +49,13 @@ function configure_dns { maas ${ADMIN_USERNAME} maas set-config name=upstream_dns value=${MAAS_DNS_SERVERS} } +function configure_boot_sources { + if [[ $USE_IMAGE_CACHE == 'true' ]] + then + maas ${ADMIN_USERNAME} boot-source update 1 url=http://localhost:8888/maas/images/ephemeral-v3/daily/ + fi +} + KEY=$(maas-region apikey --username=${ADMIN_USERNAME}) maas login ${ADMIN_USERNAME} ${MAAS_ENDPOINT} $KEY @@ -57,6 +64,7 @@ configure_ntp configure_dns # make call to import images +configure_boot_sources maas ${ADMIN_USERNAME} boot-resources import # see if we can find > 0 images sleep ${RETRY_TIMER} diff --git a/charts/maas/templates/bin/_register-rack-controller.sh.tpl b/charts/maas/templates/bin/_register-rack-controller.sh.tpl new file mode 100644 index 0000000..6accb29 --- /dev/null +++ b/charts/maas/templates/bin/_register-rack-controller.sh.tpl @@ -0,0 +1,18 @@ +#!/bin/bash + +set -x + +echo "register-rack-controller URL: ${MAAS_ENDPOINT}" + +# register forever +while [ 1 ]; +do + if maas-rack register --url=${MAAS_ENDPOINT} --secret="${MAAS_REGION_SECRET}"; + then + echo "Successfully registered with MaaS Region Controller" + break + else + echo "Unable to register with ${MAAS_ENDPOINT}... will try again" + sleep 10 + fi; +done; diff --git a/charts/maas/templates/deployment-rack.yaml b/charts/maas/templates/deployment-rack.yaml index 83c4260..4e7f837 100644 --- a/charts/maas/templates/deployment-rack.yaml +++ b/charts/maas/templates/deployment-rack.yaml @@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.rack_deployment }} {{- if empty .Values.conf.maas.url.maas_url -}} {{- tuple "maas_region_ui" "default" "region_ui" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.maas.url "maas_url" | quote | trunc 0 -}} {{- end -}} @@ -86,3 +87,4 @@ spec: name: maas-etc defaultMode: 0444 {{ if $mounts_maas_rack.volumes }}{{ toYaml $mounts_maas_rack.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/charts/maas/templates/job-import.yaml b/charts/maas/templates/job-import.yaml index d607825..0ee40ba 100644 --- a/charts/maas/templates/job-import.yaml +++ b/charts/maas/templates/job-import.yaml @@ -37,6 +37,8 @@ spec: image: {{ .Values.images.tags.maas_region }} imagePullPolicy: {{ .Values.images.pull_policy }} env: + - name: USE_IMAGE_CACHE + value: {{ .Values.conf.cache.enabled | quote }} - name: JOB_TIMEOUT value: {{ .Values.jobs.import_boot_resources.timeout | quote }} - name: ADMIN_USERNAME diff --git a/charts/maas/templates/service-region.yaml b/charts/maas/templates/service-region.yaml index c4bcc97..25d6336 100644 --- a/charts/maas/templates/service-region.yaml +++ b/charts/maas/templates/service-region.yaml @@ -8,6 +8,7 @@ You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software + app: maas-region distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and @@ -35,7 +36,7 @@ spec: {{ end }} name: proxy selector: - app: maas-region +{{ tuple $envAll "maas" "region" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{ if .Values.network.proxy.node_port.enabled }} type: NodePort {{ end }} diff --git a/charts/maas/templates/statefulset-region.yaml b/charts/maas/templates/statefulset-region.yaml index db84d7d..c1820ae 100644 --- a/charts/maas/templates/statefulset-region.yaml +++ b/charts/maas/templates/statefulset-region.yaml @@ -1,19 +1,18 @@ {{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. */}} +{{- if .Values.manifests.region_statefulset }} {{- $envAll := . }} {{- $dependencies := .Values.dependencies.region_controller }} {{- $mounts_maas_region := .Values.pod.mounts.maas_region.maas_region }} @@ -29,7 +28,7 @@ spec: template: metadata: labels: - app: maas-region +{{ tuple $envAll "maas" "region" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} annotations: spec: affinity: @@ -39,47 +38,52 @@ spec: initContainers: {{ tuple $envAll $dependencies $mounts_maas_region_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - - name: maas-region - image: {{ .Values.images.tags.maas_region }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.maas_region | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - ports: - - name: r-ui - containerPort: {{ .Values.network.port.region_container }} - readinessProbe: - tcpSocket: - port: {{ .Values.network.port.region_container }} - securityContext: - privileged: true - command: - - /tmp/start.sh - volumeMounts: - - name: maas-region-secret - mountPath: /var/lib/maas/secret - subPath: REGION_SECRET - readOnly: true - - name: maas-etc - mountPath: /etc/bind/named.conf.options - subPath: named.conf.options - readOnly: true - - name: maas-etc - mountPath: /etc/maas/regiond.conf - subPath: regiond.conf - readOnly: true -{{- if .Values.conf.curtin.override }} - - name: maas-etc - mountPath: /etc/maas/preseeds/curtin_userdata - subPath: curtin_userdata - readOnly: true +{{- if .Values.conf.cache.enabled }} + - name: maas-cache + image: {{ .Values.images.tags.maas_cache }} + imagePullPolicy: {{ .Values.images.pull_policy }} {{- end }} - - name: maas-bin - mountPath: /tmp/start.sh - subPath: start.sh - readOnly: true - - name: maas-etc - mountPath: /etc/nsswitch.conf - subPath: nsswitch.conf - readOnly: true + - name: maas-region + image: {{ .Values.images.tags.maas_region }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.maas_region | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + ports: + - name: r-ui + containerPort: {{ .Values.network.port.region_container }} + readinessProbe: + tcpSocket: + port: {{ .Values.network.port.region_container }} + securityContext: + privileged: true + command: + - /tmp/start.sh + volumeMounts: + - name: maas-region-secret + mountPath: /var/lib/maas/secret + subPath: REGION_SECRET + readOnly: true + - name: maas-etc + mountPath: /etc/bind/named.conf.options + subPath: named.conf.options + readOnly: true + - name: maas-etc + mountPath: /etc/maas/regiond.conf + subPath: regiond.conf + readOnly: true +{{- if .Values.conf.curtin.override }} + - name: maas-etc + mountPath: /etc/maas/preseeds/curtin_userdata + subPath: curtin_userdata + readOnly: true +{{- end }} + - name: maas-bin + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: maas-etc + mountPath: /etc/nsswitch.conf + subPath: nsswitch.conf + readOnly: true {{- if $mounts_maas_region.volumeMounts }}{{ toYaml $mounts_maas_region.volumeMounts | indent 12 }}{{ end }} volumes: - name: maas-etc @@ -94,3 +98,5 @@ spec: secret: secretName: {{ .Values.secrets.maas_region.name }} {{- if $mounts_maas_region.volumes }}{{ toYaml $mounts_maas_region.volumes | indent 8 }}{{ end }} +... +{{- end }} diff --git a/charts/maas/values.yaml b/charts/maas/values.yaml index 039e066..9a1b9ee 100644 --- a/charts/maas/values.yaml +++ b/charts/maas/values.yaml @@ -61,6 +61,9 @@ dependencies: - service: maas_db endpoint: internal +manifests: + region_statefulset: true + rack_deployment: true images: tags: @@ -70,6 +73,7 @@ images: maas_region: quay.io/attcomdev/maas-region:master bootstrap: quay.io/attcomdev/maas-region:master export_api_key: quay.io/attcomdev/maas-region:master + maas_cache: quay.io/attcomdev/maas-cache:master dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 pull_policy: IfNotPresent @@ -113,6 +117,8 @@ conf: override: true drydock: bootaction_url: null + cache: + enabled: true maas: override: append: @@ -179,6 +185,13 @@ pod: region: 1 resources: enabled: false + test: + limits: + memory: "128Mi" + cpu: "500m" + requests: + memory: "128Mi" + cpu: "500m" maas_rack: limits: memory: "128Mi"