From 668fd328d24129bd2919ed3464810c813941c20b Mon Sep 17 00:00:00 2001 From: Scott Hussey Date: Wed, 25 Oct 2017 14:01:11 -0500 Subject: [PATCH] Move MaaS chart into maas repo Change-Id: If1d9e92d9a691892b9a3afcef5b229d704b5dcbc --- .gitreview | 4 + charts/maas/Chart.yaml | 24 ++ charts/maas/README.rst | 66 +++++ charts/maas/requirements.yaml | 18 ++ .../bin/_bootstrap-admin-user.sh.tpl | 19 ++ charts/maas/templates/bin/_db-init.sh.tpl | 63 +++++ charts/maas/templates/bin/_db-sync.sh.tpl | 22 ++ .../maas/templates/bin/_export-api-key.sh.tpl | 74 +++++ .../bin/_import-boot-resources.sh.tpl | 63 +++++ .../maas/templates/bin/_job-readiness.sh.tpl | 19 ++ .../bin/_register-rack-controller.sh | 18 ++ charts/maas/templates/bin/_start.sh.tpl | 22 ++ charts/maas/templates/configmap-bin.yaml | 39 +++ charts/maas/templates/configmap-etc.yaml | 74 +++++ charts/maas/templates/deployment-rack.yaml | 88 ++++++ .../maas/templates/etc/_curtin_userdata.tpl | 53 ++++ charts/maas/templates/etc/_nsswitch.conf.tpl | 20 ++ .../maas/templates/etc/_region-dns-config.tpl | 18 ++ charts/maas/templates/etc/_regiond.conf.tpl | 36 +++ .../etc/_register-rack-controller.service.tpl | 12 + .../templates/job-bootstrap-admin-user.yaml | 66 +++++ charts/maas/templates/job-db-init.yaml | 82 ++++++ charts/maas/templates/job-db-sync.yaml | 59 ++++ charts/maas/templates/job-export-api-key.yaml | 79 ++++++ charts/maas/templates/job-import.yaml | 93 +++++++ charts/maas/templates/secret-db.yaml | 36 +++ charts/maas/templates/secret-region.yaml | 27 ++ charts/maas/templates/service-region.yaml | 41 +++ charts/maas/templates/statefulset-region.yaml | 94 +++++++ charts/maas/values.yaml | 263 ++++++++++++++++++ 30 files changed, 1592 insertions(+) create mode 100644 .gitreview create mode 100755 charts/maas/Chart.yaml create mode 100644 charts/maas/README.rst create mode 100644 charts/maas/requirements.yaml create mode 100644 charts/maas/templates/bin/_bootstrap-admin-user.sh.tpl create mode 100644 charts/maas/templates/bin/_db-init.sh.tpl create mode 100644 charts/maas/templates/bin/_db-sync.sh.tpl create mode 100644 charts/maas/templates/bin/_export-api-key.sh.tpl create mode 100644 charts/maas/templates/bin/_import-boot-resources.sh.tpl create mode 100644 charts/maas/templates/bin/_job-readiness.sh.tpl create mode 100644 charts/maas/templates/bin/_register-rack-controller.sh create mode 100644 charts/maas/templates/bin/_start.sh.tpl create mode 100644 charts/maas/templates/configmap-bin.yaml create mode 100644 charts/maas/templates/configmap-etc.yaml create mode 100644 charts/maas/templates/deployment-rack.yaml create mode 100644 charts/maas/templates/etc/_curtin_userdata.tpl create mode 100644 charts/maas/templates/etc/_nsswitch.conf.tpl create mode 100644 charts/maas/templates/etc/_region-dns-config.tpl create mode 100644 charts/maas/templates/etc/_regiond.conf.tpl create mode 100644 charts/maas/templates/etc/_register-rack-controller.service.tpl create mode 100644 charts/maas/templates/job-bootstrap-admin-user.yaml create mode 100644 charts/maas/templates/job-db-init.yaml create mode 100644 charts/maas/templates/job-db-sync.yaml create mode 100644 charts/maas/templates/job-export-api-key.yaml create mode 100644 charts/maas/templates/job-import.yaml create mode 100644 charts/maas/templates/secret-db.yaml create mode 100644 charts/maas/templates/secret-region.yaml create mode 100644 charts/maas/templates/service-region.yaml create mode 100644 charts/maas/templates/statefulset-region.yaml create mode 100644 charts/maas/values.yaml diff --git a/.gitreview b/.gitreview new file mode 100644 index 0000000..a678889 --- /dev/null +++ b/.gitreview @@ -0,0 +1,4 @@ +[gerrit] +host=review.gerrithub.io +port=29418 +project=att-comdev/maas diff --git a/charts/maas/Chart.yaml b/charts/maas/Chart.yaml new file mode 100755 index 0000000..936c178 --- /dev/null +++ b/charts/maas/Chart.yaml @@ -0,0 +1,24 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Chart to run MaaS +name: maas +version: 0.1.0 +home: https://docs.ubuntu.com/maas +sources: + - https://git.launchpad.net/maas + - https://git.openstack.org/cgit/openstack/openstack-helm +maintainers: + - name: OpenStack-Helm Authors diff --git a/charts/maas/README.rst b/charts/maas/README.rst new file mode 100644 index 0000000..971ea87 --- /dev/null +++ b/charts/maas/README.rst @@ -0,0 +1,66 @@ +openstack-helm-addons/maas +========================== + +This chart installs a working version of MaaS on kubernetes. + +Quickstart +~~~~~~~~~ + +This chart requires a postgresql instance to be running. + +To install postgresql: + +:: + + helm install postgresql --namespace=maas + +Note: Postgresql may take a short time to reach the ‘Running’ state. +Verify that postgresql is running: + +:: + + # kubectl get pods -n maas + NAME READY STATUS RESTARTS AGE + postgresql-0 1/1 Running 0 1m + +To deploy your MaaS chart: + +:: + + helm install maas --namespace=maas + +To verify the helm deployment was successful: + +:: + + # helm ls + NAME REVISION UPDATED STATUS CHART + opining-mule 1 Mon Feb 13 22:20:08 2017 DEPLOYED maas-0.1.0 + sweet-manatee 1 Mon Feb 13 21:57:41 2017 DEPLOYED postgresql-0.1.0 + +To check that all resources are working as intended: + +:: + + # kubectl get all --namespace=maas + NAME READY STATUS RESTARTS AGE + po/maas-rack-3238195061-tn5fv 1/1 Running 0 11m + po/maas-region-0 1/1 Running 0 11m + po/postgresql-0 1/1 Running 0 34m + + NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE + svc/maas-region-ui 10.105.136.244 80/TCP,8000/TCP 11m + svc/postgresql 10.107.159.38 5432/TCP 34m + + NAME DESIRED CURRENT AGE + statefulsets/maas-region 1 1 11m + statefulsets/postgresql 1 1 34m + + NAME DESIRED SUCCESSFUL AGE + jobs/region-import-resources 1 1 11m + + NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE + deploy/maas-rack 1 1 1 1 11m + + NAME DESIRED CURRENT READY AGE + rs/maas-rack-3238195061 1 1 1 11m diff --git a/charts/maas/requirements.yaml b/charts/maas/requirements.yaml new file mode 100644 index 0000000..53782e6 --- /dev/null +++ b/charts/maas/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/charts/maas/templates/bin/_bootstrap-admin-user.sh.tpl b/charts/maas/templates/bin/_bootstrap-admin-user.sh.tpl new file mode 100644 index 0000000..66200d1 --- /dev/null +++ b/charts/maas/templates/bin/_bootstrap-admin-user.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +maas-region createadmin --username=${ADMIN_USERNAME} --password=${ADMIN_PASSWORD} --email=${ADMIN_EMAIL} || true diff --git a/charts/maas/templates/bin/_db-init.sh.tpl b/charts/maas/templates/bin/_db-init.sh.tpl new file mode 100644 index 0000000..b61386a --- /dev/null +++ b/charts/maas/templates/bin/_db-init.sh.tpl @@ -0,0 +1,63 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex +export HOME=/tmp + +pgsql_superuser_cmd () { + DB_COMMAND="$1" + if [[ ! -z $2 ]]; then + EXPORT PGDATABASE=$2 + fi + + psql \ + -h ${DB_HOST} \ + -p 5432 \ + -U ${ROOT_DB_USER} \ + --command="${DB_COMMAND}" +} + +if [[ ! -v DB_HOST ]]; then + echo "environment variable DB_HOST not set" + exit 1 +elif [[ ! -v ROOT_DB_USER ]]; then + echo "environment variable ROOT_DB_USER not set" + exit 1 +elif [[ ! -v ROOT_DB_PASS ]]; then + echo "environment variable ROOT_DB_PASS not set" + exit 1 +elif [[ ! -v USER_DB_USER ]]; then + echo "environment variable USER_DB_USER not set" + exit 1 +elif [[ ! -v USER_DB_PASS ]]; then + echo "environment variable USER_DB_PASS not set" + exit 1 +elif [[ ! -v USER_DB_NAME ]]; then + echo "environment variable USER_DB_NAME not set" + exit 1 +else + echo "Got DB connection info" +fi + +#create db +pgsql_superuser_cmd "SELECT 1 FROM pg_database WHERE datname = '$USER_DB_NAME'" | grep -q 1 || pgsql_superuser_cmd "CREATE DATABASE $USER_DB_NAME" + +#create db user +pgsql_superuser_cmd "SELECT * FROM pg_roles WHERE rolname = '$USER_DB_USER';" | tail -n +3 | head -n -2 | grep -q 1 || \ + pgsql_superuser_cmd "CREATE ROLE ${USER_DB_USER} LOGIN PASSWORD '$USER_DB_PASS';" && pgsql_superuser_cmd "ALTER USER ${USER_DB_USER} WITH SUPERUSER" + +#give permissions to user +pgsql_superuser_cmd "GRANT ALL PRIVILEGES ON DATABASE $USER_DB_NAME to $USER_DB_USER;" diff --git a/charts/maas/templates/bin/_db-sync.sh.tpl b/charts/maas/templates/bin/_db-sync.sh.tpl new file mode 100644 index 0000000..b511c05 --- /dev/null +++ b/charts/maas/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,22 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +rm -f /var/run/rsyslogd.pid +service rsyslog restart + +maas-region dbupgrade diff --git a/charts/maas/templates/bin/_export-api-key.sh.tpl b/charts/maas/templates/bin/_export-api-key.sh.tpl new file mode 100644 index 0000000..9c776d1 --- /dev/null +++ b/charts/maas/templates/bin/_export-api-key.sh.tpl @@ -0,0 +1,74 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +function clear_secret { + wget \ + --server-response \ + --ca-certificate=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt \ + --header='Content-Type: application/json' \ + --header="Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \ + --method=DELETE \ + https://kubernetes.default.svc.cluster.local/api/v1/namespaces/${SECRET_NAMESPACE}/secrets/${SECRET_NAME} +} + +function post_secret { + wget \ + --server-response \ + --ca-certificate=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt \ + --header='Content-Type: application/json' \ + --header="Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \ + --method=POST \ + --body-file=/tmp/secret.json \ + https://kubernetes.default.svc.cluster.local/api/v1/namespaces/${SECRET_NAMESPACE}/secrets \ + 2>&1 | grep -E "HTTP/1.1 (201 Created|409 Conflict)" +} + +KEY=$(maas-region apikey --username=${ADMIN_USERNAME}) + +if [ "x$KEY" != "x" ]; then + ENCODED_KEY=$(echo -n $KEY | base64 -w 0) + cat < /tmp/secret.json +{ + "apiVersion": "v1", + "kind": "Secret", + "type": "Opaque", + "metadata": { + "name": "${SECRET_NAME}" + }, + "data": { + "token": "$ENCODED_KEY" + } +} +EOS + while true; do + result=$(post_secret) + if [ ! -z "$(echo $result | grep 201)" ]; then + echo 'Secret created' + break + elif [ ! -z "$(echo $result | grep 409)" ]; then + echo 'Secret exists, clearing before trying again' + clear_secret + else + echo Secret creation failed + fi + sleep 15 + done +else + echo "Failed to get key from maas." + exit 1 +fi diff --git a/charts/maas/templates/bin/_import-boot-resources.sh.tpl b/charts/maas/templates/bin/_import-boot-resources.sh.tpl new file mode 100644 index 0000000..829b2ea --- /dev/null +++ b/charts/maas/templates/bin/_import-boot-resources.sh.tpl @@ -0,0 +1,63 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +function check_for_download { + + while [[ ${JOB_TIMEOUT} -gt 0 ]]; do + if maas ${ADMIN_USERNAME} boot-resources is-importing | grep -q 'true'; + then + echo -e '\nBoot resources currently importing\n' + let TIMEOUT-=${RETRY_TIMER} + sleep ${RETRY_TIMER} + else + echo 'Boot resources have completed importing' + # TODO(sthussey) Need to check synced images exist - could be a import failure + exit 0 + fi + done + exit 1 + +} + +function configure_proxy { + maas ${ADMIN_USERNAME} maas set-config name=enable_http_proxy value=${MAAS_PROXY_ENABLED} + maas ${ADMIN_USERNAME} maas set-config name=http_proxy value=${MAAS_PROXY_SERVER} +} + +function configure_ntp { + maas ${ADMIN_USERNAME} maas set-config name=ntp_servers value=${MAAS_NTP_SERVERS} + maas ${ADMIN_USERNAME} maas set-config name=ntp_external_only value=${MAAS_NTP_EXTERNAL_ONLY} +} + +function configure_dns { + maas ${ADMIN_USERNAME} maas set-config name=dnssec_validation value=${MAAS_DNS_DNSSEC_REQUIRED} + maas ${ADMIN_USERNAME} maas set-config name=upstream_dns value=${MAAS_DNS_SERVERS} +} + +KEY=$(maas-region apikey --username=${ADMIN_USERNAME}) +maas login ${ADMIN_USERNAME} ${MAAS_ENDPOINT} $KEY + +configure_proxy +configure_ntp +configure_dns + +# make call to import images +maas ${ADMIN_USERNAME} boot-resources import +# see if we can find > 0 images +sleep ${RETRY_TIMER} +check_for_download diff --git a/charts/maas/templates/bin/_job-readiness.sh.tpl b/charts/maas/templates/bin/_job-readiness.sh.tpl new file mode 100644 index 0000000..eb6120a --- /dev/null +++ b/charts/maas/templates/bin/_job-readiness.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +maas-region apikey --username=${ADMIN_USERNAME} || exit 1 diff --git a/charts/maas/templates/bin/_register-rack-controller.sh b/charts/maas/templates/bin/_register-rack-controller.sh new file mode 100644 index 0000000..6accb29 --- /dev/null +++ b/charts/maas/templates/bin/_register-rack-controller.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +set -x + +echo "register-rack-controller URL: ${MAAS_ENDPOINT}" + +# register forever +while [ 1 ]; +do + if maas-rack register --url=${MAAS_ENDPOINT} --secret="${MAAS_REGION_SECRET}"; + then + echo "Successfully registered with MaaS Region Controller" + break + else + echo "Unable to register with ${MAAS_ENDPOINT}... will try again" + sleep 10 + fi; +done; diff --git a/charts/maas/templates/bin/_start.sh.tpl b/charts/maas/templates/bin/_start.sh.tpl new file mode 100644 index 0000000..cff92ff --- /dev/null +++ b/charts/maas/templates/bin/_start.sh.tpl @@ -0,0 +1,22 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# show env +env > /tmp/env + +exec /bin/systemd --system \ No newline at end of file diff --git a/charts/maas/templates/configmap-bin.yaml b/charts/maas/templates/configmap-bin.yaml new file mode 100644 index 0000000..632357f --- /dev/null +++ b/charts/maas/templates/configmap-bin.yaml @@ -0,0 +1,39 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: maas-bin +data: + db-init.sh: |+ +{{ tuple "bin/_db-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + db-sync.sh: |+ +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + bootstrap-admin-user.sh: | +{{ tuple "bin/_bootstrap-admin-user.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + import-boot-resources.sh: | +{{ tuple "bin/_import-boot-resources.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + job-readiness.sh: | +{{ tuple "bin/_job-readiness.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + start.sh: | +{{ tuple "bin/_start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + export-api-key.sh: | +{{ tuple "bin/_export-api-key.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + register-rack-controller.sh: | +{{ tuple "bin/_register-rack-controller.sh" . | include "helm-toolkit.utils.template" | indent 4 }} diff --git a/charts/maas/templates/configmap-etc.yaml b/charts/maas/templates/configmap-etc.yaml new file mode 100644 index 0000000..78ecfce --- /dev/null +++ b/charts/maas/templates/configmap-etc.yaml @@ -0,0 +1,74 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- $envAll := . }} + +{{- include "maas.conf.maas_values_skeleton" .Values.conf.maas | trunc 0 -}} + +{{- if empty .Values.conf.maas.database.database_host -}} +{{- tuple "maas_db" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" | set .Values.conf.maas.database "database_host" | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.maas.url.maas_url -}} +{{- tuple "maas_region_ui" "default" "region_ui" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.maas.url "maas_url" | quote | trunc 0 -}} +{{- end -}} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: maas-etc +data: + curtin_userdata: |+ +{{ if .Values.conf.curtin.override -}} +{{ .Values.conf.curtin.override | indent 4 }} +{{- else -}} +{{- if .Values.conf.curtin.prefix -}} +{{ .Values.conf.curtin.prefix | indent 4 }} +{{- end }} +{{ tuple "etc/_curtin_userdata.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} +{{- if .Values.conf.curtin.append -}} +{{ .Values.conf.curtin.append | indent 4 }} +{{- end }} + named.conf.options: |+ +{{ if .Values.conf.bind.override -}} +{{ .Values.conf.bind.override | indent 4 }} +{{- else -}} +{{- if .Values.conf.bind.prefix -}} +{{ .Values.conf.bind.prefix | indent 4 }} +{{- end }} +{{ tuple "etc/_region-dns-config.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} +{{- if .Values.conf.bind.append -}} +{{ .Values.conf.bind.append | indent 4 }} +{{- end }} + regiond.conf: | +{{ if .Values.conf.maas.override -}} +{{ .Values.conf.maas.override | indent 4 }} +{{- else -}} +{{- if .Values.conf.maas.prefix -}} +{{ .Values.conf.maas.prefix | indent 4 }} +{{- end }} +{{ tuple "etc/_regiond.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} +{{- if .Values.conf.maas.append -}} +{{ .Values.conf.maas.append | indent 4 }} +{{- end }} + nsswitch.conf: | +{{ tuple "etc/_nsswitch.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + register-rack-controller.service: | +{{ tuple "etc/_register-rack-controller.service.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} diff --git a/charts/maas/templates/deployment-rack.yaml b/charts/maas/templates/deployment-rack.yaml new file mode 100644 index 0000000..dfb7f43 --- /dev/null +++ b/charts/maas/templates/deployment-rack.yaml @@ -0,0 +1,88 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if empty .Values.conf.maas.url.maas_url -}} +{{- tuple "maas_region_ui" "default" "region_ui" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.maas.url "maas_url" | quote | trunc 0 -}} +{{- end -}} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.rack_controller }} +{{- $mounts_maas_rack := .Values.pod.mounts.maas_rack }} +{{- $mounts_maas_rack_init := .Values.pod.mounts.maas_rack.init_container }} +--- +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: maas-rack +spec: + replicas: {{ .Values.pod.replicas.rack }} + template: + metadata: + labels: +{{ tuple $envAll "maas" "rack" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + affinity: +{{ tuple $envAll "maas" "rack" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.rack.node_selector_key }}: {{ .Values.labels.rack.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies $mounts_maas_rack_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + hostNetwork: true + dnsPolicy: ClusterFirst + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: maas-rack + image: {{ .Values.images.maas_rack }} + imagePullPolicy: {{ .Values.images.pull_policy }} + env: + - name: MAAS_ENDPOINT + value: {{ .Values.conf.maas.url.maas_url }} + - name: MAAS_REGION_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.maas_region.name }} + key: REGION_SECRET +{{ tuple $envAll $envAll.Values.pod.resources.maas_rack | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/start.sh + securityContext: + privileged: true + volumeMounts: + - name: maas-bin + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: maas-bin + mountPath: /usr/local/bin/register-rack-controller.sh + subPath: register-rack-controller.sh + readOnly: true + - name: maas-etc + mountPath: /lib/systemd/system/register-rack-controller.service + subPath: register-rack-controller.service + readOnly: true +{{ if $mounts_maas_rack.volumeMounts }}{{ toYaml $mounts_maas_rack.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: maas-bin + configMap: + name: maas-bin + defaultMode: 0555 + - name: maas-etc + configMap: + name: maas-etc + defaultMode: 0444 +{{ if $mounts_maas_rack.volumes }}{{ toYaml $mounts_maas_rack.volumes | indent 8 }}{{ end }} diff --git a/charts/maas/templates/etc/_curtin_userdata.tpl b/charts/maas/templates/etc/_curtin_userdata.tpl new file mode 100644 index 0000000..b1445aa --- /dev/null +++ b/charts/maas/templates/etc/_curtin_userdata.tpl @@ -0,0 +1,53 @@ +#cloud-config +debconf_selections: + maas: | + {{ "{{" }}for line in str(curtin_preseed).splitlines(){{ "}}" }} + {{ "{{" }}line{{ "}}" }} + {{ "{{" }}endfor{{ "}}" }} +early_commands: +{{ "{{" }}if third_party_drivers and driver{{ "}}" }} + {{ "{{" }}py: key_string = ''.join(['\\x%x' % x for x in driver['key_binary']]){{ "}}" }} + {{ "{{" }}if driver['key_binary'] and driver['repository'] and driver['package']{{ "}}" }} + driver_00_get_key: /bin/echo -en '{{ "{{" }}key_string{{ "}}" }}' > /tmp/maas-{{ "{{" }}driver['package']{{ "}}" }}.gpg + driver_01_add_key: ["apt-key", "add", "/tmp/maas-{{ "{{" }}driver['package']{{ "}}" }}.gpg"] + {{ "{{" }}endif{{ "}}" }} + {{ "{{" }}if driver['repository']{{ "}}" }} + driver_02_add: ["add-apt-repository", "-y", "deb {{ "{{" }}driver['repository']{{ "}}" }} {{ "{{" }}node.get_distro_series(){{ "}}" }} main"] + {{ "{{" }}endif{{ "}}" }} + {{ "{{" }}if driver['package']{{ "}}" }} + driver_03_update_install: ["sh", "-c", "apt-get update --quiet && apt-get --assume-yes install {{ "{{" }}driver['package']{{ "}}" }}"] + {{ "{{" }}endif{{ "}}" }} + {{ "{{" }}if driver['module']{{ "}}" }} + driver_04_load: ["sh", "-c", "depmod && modprobe {{ "{{" }}driver['module']{{ "}}" }} || echo 'Warning: Failed to load module: {{ "{{" }}driver['module']{{ "}}" }}'"] + {{ "{{" }}endif{{ "}}" }} +{{ "{{" }}else{{ "}}" }} + driver_00: ["sh", "-c", "echo third party drivers not installed or necessary."] +{{ "{{" }}endif{{ "}}" }} +late_commands: + {{ "{{" }}py: bootdata_url = ''.join([{{ .Values.bootdata_url | quote }},node.hostname,"/promconfig"]){{ "}}" }} + {{ "{{" }}py: promsvc_url = ''.join([{{ .Values.bootdata_url | quote }},node.hostname,"/promservice"]){{ "}}" }} + {{ "{{" }}py: vfsvc_url = ''.join([{{ .Values.bootdata_url | quote }},node.hostname,"/vfservice"]){{ "}}" }} + {{ "{{" }}py: prominit_url = ''.join([{{ .Values.bootdata_url | quote }},node.hostname,"/prominit"]){{ "}}" }} + drydock_01: ["curtin", "in-target","--", "wget", "--no-proxy", "{{ "{{" }}bootdata_url{{ "}}" }}", "-O", "/etc/prom_init.yaml"] + drydock_02: ["curtin", "in-target","--", "wget", "--no-proxy", "{{ "{{" }}prominit_url{{ "}}" }}", "-O", "/var/tmp/prom_init.sh"] + drydock_03: ["curtin", "in-target","--", "chmod", "555", "/var/tmp/prom_init.sh"] + drydock_04: ["curtin", "in-target","--", "wget", "--no-proxy", "{{ "{{" }}promsvc_url{{ "}}" }}", "-O", "/lib/systemd/system/prom_init.service"] + drydock_05: ["curtin", "in-target","--", "systemctl", "enable", "prom_init.service"] + drydock_06: ["curtin", "in-target","--", "wget", "--no-proxy", "{{ "{{" }}vfsvc_url{{ "}}" }}", "-O", "/lib/systemd/system/drydock_vf.service"] + drydock_07: ["curtin", "in-target","--", "systemctl", "enable", "drydock_vf.service"] + maas: [wget, '--no-proxy', {{ "{{" }}node_disable_pxe_url|escape.json{{ "}}" }}, '--post-data', {{ "{{" }}node_disable_pxe_data|escape.json{{ "}}" }}, '-O', '/dev/null'] +{{ "{{" }}if third_party_drivers and driver{{ "}}" }} + {{ "{{" }}if driver['key_binary'] and driver['repository'] and driver['package']{{ "}}" }} + driver_00_key_get: curtin in-target -- sh -c "/bin/echo -en '{{ "{{" }}key_string{{ "}}" }}' > /tmp/maas-{{ "{{" }}driver['package']{{ "}}" }}.gpg" + driver_02_key_add: ["curtin", "in-target", "--", "apt-key", "add", "/tmp/maas-{{ "{{" }}driver['package']{{ "}}" }}.gpg"] + {{ "{{" }}endif{{ "}}" }} + {{ "{{" }}if driver['repository']{{ "}}" }} + driver_03_add: ["curtin", "in-target", "--", "add-apt-repository", "-y", "deb {{ "{{" }}driver['repository']{{ "}}" }} {{ "{{" }}node.get_distro_series(){{ "}}" }} main"] + {{ "{{" }}endif{{ "}}" }} + driver_04_update_install: ["curtin", "in-target", "--", "apt-get", "update", "--quiet"] + {{ "{{" }}if driver['package']{{ "}}" }} + driver_05_install: ["curtin", "in-target", "--", "apt-get", "-y", "install", "{{ "{{" }}driver['package']{{ "}}" }}"] + {{ "{{" }}endif{{ "}}" }} + driver_06_depmod: ["curtin", "in-target", "--", "depmod"] + driver_07_update_initramfs: ["curtin", "in-target", "--", "update-initramfs", "-u"] +{{ "{{" }}endif{{ "}}" }} \ No newline at end of file diff --git a/charts/maas/templates/etc/_nsswitch.conf.tpl b/charts/maas/templates/etc/_nsswitch.conf.tpl new file mode 100644 index 0000000..1142be1 --- /dev/null +++ b/charts/maas/templates/etc/_nsswitch.conf.tpl @@ -0,0 +1,20 @@ +# /etc/nsswitch.conf +# +# Example configuration of GNU Name Service Switch functionality. +# If you have the `glibc-doc-reference' and `info' packages installed, try: +# `info libc "Name Service Switch"' for information about this file. + +passwd: compat +group: compat +shadow: compat +gshadow: files + +hosts: files dns +networks: files + +protocols: db files +services: db files +ethers: db files +rpc: db files + +netgroup: nis diff --git a/charts/maas/templates/etc/_region-dns-config.tpl b/charts/maas/templates/etc/_region-dns-config.tpl new file mode 100644 index 0000000..262abde --- /dev/null +++ b/charts/maas/templates/etc/_region-dns-config.tpl @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +options { directory "/var/cache/bind"; +auth-nxdomain no; +listen-on-v6 { any; }; +include "/etc/bind/maas/named.conf.options.inside.maas"; }; diff --git a/charts/maas/templates/etc/_regiond.conf.tpl b/charts/maas/templates/etc/_regiond.conf.tpl new file mode 100644 index 0000000..5b2e610 --- /dev/null +++ b/charts/maas/templates/etc/_regiond.conf.tpl @@ -0,0 +1,36 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "maas.conf.maas_values_skeleton" .Values.conf.maas | trunc 0 }} +{{ include "maas.conf.maas" .Values.conf.maas }} + +{{- define "maas.conf.maas_values_skeleton" -}} +{{- if not .database -}}{{- set . "database" dict -}}{{- end -}} +{{- if not .url -}}{{- set . "url" dict -}}{{- end -}} +{{- end -}} + +{{- if empty .Values.conf.maas.url.maas_url -}} +{{- tuple "maas_region_ui" "default" "region_ui" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.maas.url "maas_url" | quote | trunc 0 -}} +{{- end -}} + + +{{- define "maas.conf.maas" -}} + +database_host: {{ .database.database_host }} +database_name: {{ .database.database_name }} +database_pass: {{ .database.database_password }} +database_user: {{ .database.database_user }} +maas_url: {{ .url.maas_url }} + +{{- end -}} diff --git a/charts/maas/templates/etc/_register-rack-controller.service.tpl b/charts/maas/templates/etc/_register-rack-controller.service.tpl new file mode 100644 index 0000000..0bf64b4 --- /dev/null +++ b/charts/maas/templates/etc/_register-rack-controller.service.tpl @@ -0,0 +1,12 @@ +[Unit] +Description=Register with MaaS Region Controller +Wants=network-online.target +After=network-online.target + +[Service] +Type=oneshot +PassEnvironment=MAAS_ENDPOINT MAAS_REGION_SECRET +ExecStart=/usr/local/bin/register-rack-controller.sh + +[Install] +WantedBy=multi-user.target diff --git a/charts/maas/templates/job-bootstrap-admin-user.yaml b/charts/maas/templates/job-bootstrap-admin-user.yaml new file mode 100644 index 0000000..adc7b92 --- /dev/null +++ b/charts/maas/templates/job-bootstrap-admin-user.yaml @@ -0,0 +1,66 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.bootstrap_admin_user }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: maas-bootstrap-admin-user +spec: + template: + metadata: + labels: +{{ tuple $envAll "maas" "bootstrap-admin-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.region.node_selector_key }}: {{ .Values.labels.region.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: maas-bootstrap-admin-user + image: {{ .Values.images.bootstrap }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap_admin_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: ADMIN_USERNAME + value: {{ .Values.conf.maas.credentials.admin_username }} + - name: ADMIN_PASSWORD + value: {{ .Values.conf.maas.credentials.admin_password }} + - name: ADMIN_EMAIL + value: {{ .Values.conf.maas.credentials.admin_email}} + command: + - /tmp/bootstrap-admin-user.sh + volumeMounts: + - name: maas-bin + mountPath: /tmp/bootstrap-admin-user.sh + subPath: bootstrap-admin-user.sh + readOnly: true + - name: maas-etc + mountPath: /etc/maas/regiond.conf + subPath: regiond.conf + readOnly: true + volumes: + - name: maas-bin + configMap: + name: maas-bin + defaultMode: 0555 + - name: maas-etc + configMap: + name: maas-etc + defaultMode: 0444 diff --git a/charts/maas/templates/job-db-init.yaml b/charts/maas/templates/job-db-init.yaml new file mode 100644 index 0000000..8e68e0c --- /dev/null +++ b/charts/maas/templates/job-db-init.yaml @@ -0,0 +1,82 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.db_init }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: maas-db-init +spec: + template: + metadata: + labels: +{{ tuple $envAll "maas" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.region.node_selector_key }}: {{ .Values.labels.region.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: maas-db-init + image: {{ .Values.images.db_init | quote }} + imagePullPolicy: {{ .Values.images.pull_policy | quote }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: ROOT_DB_USER + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.maas_db.admin }} + key: DATABASE_USERNAME + - name: ROOT_DB_PASS + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.maas_db.admin }} + key: DATABASE_PASSWORD + - name: DB_HOST + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.maas_db.user }} + key: DATABASE_HOST + - name: USER_DB_USER + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.maas_db.user }} + key: DATABASE_USERNAME + - name: USER_DB_PASS + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.maas_db.user }} + key: DATABASE_PASSWORD + - name: USER_DB_NAME + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.maas_db.user }} + key: DATABASE_NAME + command: + - /tmp/db-init.sh + volumeMounts: + - name: maas-bin + mountPath: /tmp/db-init.sh + subPath: db-init.sh + readOnly: true + volumes: + - name: maas-bin + configMap: + name: maas-bin + defaultMode: 0555 diff --git a/charts/maas/templates/job-db-sync.yaml b/charts/maas/templates/job-db-sync.yaml new file mode 100644 index 0000000..0bd4a55 --- /dev/null +++ b/charts/maas/templates/job-db-sync.yaml @@ -0,0 +1,59 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.db_sync }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: maas-db-sync +spec: + template: + metadata: + labels: +{{ tuple $envAll "maas" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.region.node_selector_key }}: {{ .Values.labels.region.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: maas-db-sync + image: {{ .Values.images.db_sync }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/db-sync.sh + volumeMounts: + - name: maas-etc + mountPath: /etc/maas/regiond.conf + subPath: regiond.conf + readOnly: true + - name: maas-bin + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + readOnly: true + volumes: + - name: maas-etc + configMap: + name: maas-etc + defaultMode: 0444 + - name: maas-bin + configMap: + name: maas-bin + defaultMode: 0555 diff --git a/charts/maas/templates/job-export-api-key.yaml b/charts/maas/templates/job-export-api-key.yaml new file mode 100644 index 0000000..44367df --- /dev/null +++ b/charts/maas/templates/job-export-api-key.yaml @@ -0,0 +1,79 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.export_api_key }} +{{- $initMounts := .Values.pod.mounts.export_api_key.export_api_key }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: maas-export-api-key +spec: + template: + metadata: + labels: +{{ tuple $envAll "maas" "export-api-key" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.region.node_selector_key }}: {{ .Values.labels.region.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies $initMounts | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: exporter + image: {{ .Values.images.export_api_key }} + imagePullPolicy: {{ .Values.images.pull_policy }} + env: + - name: SECRET_NAMESPACE + value: {{ .Values.conf.maas.credentials.secret.namespace }} + - name: ADMIN_USERNAME + value: {{ .Values.conf.maas.credentials.admin_username }} + - name: SECRET_NAME + value: {{ .Values.conf.maas.credentials.secret.name }} + command: + - /tmp/export-api-key.sh + readinessProbe: + exec: + command: + - /tmp/job-readiness.sh + initialDelaySeconds: 60 + volumeMounts: + - name: maas-bin + mountPath: /tmp/export-api-key.sh + subPath: export-api-key.sh + readOnly: true + - name: maas-bin + mountPath: /tmp/job-readiness.sh + subPath: job-readiness.sh + readOnly: true + - name: maas-etc + mountPath: /etc/bind/named.conf.options + subPath: named.conf.options + readOnly: true + - name: maas-etc + mountPath: /etc/maas/regiond.conf + subPath: regiond.conf + readOnly: true + volumes: + - name: maas-bin + configMap: + name: maas-bin + defaultMode: 0555 + - name: maas-etc + configMap: + name: maas-etc + defaultMode: 0444 diff --git a/charts/maas/templates/job-import.yaml b/charts/maas/templates/job-import.yaml new file mode 100644 index 0000000..b22ddc1 --- /dev/null +++ b/charts/maas/templates/job-import.yaml @@ -0,0 +1,93 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.import_resources }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: maas-import-resources +spec: + template: + metadata: + labels: +{{ tuple $envAll "maas" "import-resources" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.region.node_selector_key }}: {{ .Values.labels.region.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: region-import-resources + image: {{ .Values.images.maas_region }} + imagePullPolicy: {{ .Values.images.pull_policy }} + env: + - name: JOB_TIMEOUT + value: {{ .Values.jobs.import_boot_resources.timeout | quote }} + - name: ADMIN_USERNAME + value: {{ .Values.conf.maas.credentials.admin_username }} + - name: RETRY_TIMER + value: {{ .Values.jobs.import_boot_resources.retry_timer | quote }} + - name: MAAS_ENDPOINT + value: {{ tuple "maas_region_ui" "default" "region_ui" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} + - name: MAAS_PROXY_ENABLED + value: {{ .Values.conf.maas.proxy.proxy_enabled | quote }} + - name: MAAS_PROXY_SERVER + value: {{ .Values.conf.maas.proxy.proxy_server }} + - name: MAAS_NTP_SERVERS + value: {{ .Values.conf.maas.ntp.ntp_servers }} + - name: MAAS_NTP_EXTERNAL_ONLY + value: {{ .Values.conf.maas.ntp.use_external_only | quote }} + - name: MAAS_DNS_DNSSEC_REQUIRED + value: {{ .Values.conf.maas.dns.require_dnssec | quote }} + - name: MAAS_DNS_SERVERS + value: {{ .Values.conf.maas.dns.dns_servers }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.import_resources | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/import-boot-resources.sh + readinessProbe: + exec: + command: + - /tmp/job-readiness.sh + initialDelaySeconds: 60 + volumeMounts: + - name: maas-bin + mountPath: /tmp/import-boot-resources.sh + subPath: import-boot-resources.sh + readOnly: true + - name: maas-bin + mountPath: /tmp/job-readiness.sh + subPath: job-readiness.sh + readOnly: true + - name: maas-etc + mountPath: /etc/bind/named.conf.options + subPath: named.conf.options + readOnly: true + - name: maas-etc + mountPath: /etc/maas/regiond.conf + subPath: regiond.conf + readOnly: true + volumes: + - name: maas-bin + configMap: + name: maas-bin + defaultMode: 0555 + - name: maas-etc + configMap: + name: maas-etc + defaultMode: 0444 diff --git a/charts/maas/templates/secret-db.yaml b/charts/maas/templates/secret-db.yaml new file mode 100644 index 0000000..08dbdd0 --- /dev/null +++ b/charts/maas/templates/secret-db.yaml @@ -0,0 +1,36 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "user" }} +{{- $secretName := index $envAll.Values.secrets.maas_db $userClass }} +{{- $auth := index $envAll.Values.endpoints.maas_db.auth $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + DATABASE_HOST: |- +{{ tuple "maas_db" "internal" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" | b64enc | indent 4 }} + DATABASE_USERNAME: |- +{{ $auth.username | b64enc | indent 4 }} + DATABASE_PASSWORD: |- +{{ $auth.password | b64enc | indent 4 }} + DATABASE_NAME: |- +{{ $envAll.Values.endpoints.maas_db.path | b64enc | indent 4 }} +{{ end }} diff --git a/charts/maas/templates/secret-region.yaml b/charts/maas/templates/secret-region.yaml new file mode 100644 index 0000000..3ad2223 --- /dev/null +++ b/charts/maas/templates/secret-region.yaml @@ -0,0 +1,27 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- $envAll := . }} +{{- $secretName := index $envAll.Values.secrets.maas_region "name" }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + REGION_SECRET: |- +{{ $envAll.Values.secrets.maas_region.value | b64enc | indent 4 }} diff --git a/charts/maas/templates/service-region.yaml b/charts/maas/templates/service-region.yaml new file mode 100644 index 0000000..c4bcc97 --- /dev/null +++ b/charts/maas/templates/service-region.yaml @@ -0,0 +1,41 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "maas_region_ui" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: r-ui + port: {{ .Values.network.port.service_gui }} + targetPort: {{ .Values.network.port.service_gui_target }} + {{ if .Values.network.gui.node_port.enabled }} + nodePort: {{ .Values.network.gui.node_port.port }} + {{ end }} + - port: {{ .Values.network.port.service_proxy }} + targetPort: {{ .Values.network.port.service_proxy_target }} + {{ if .Values.network.proxy.node_port.enabled }} + nodePort: {{ .Values.network.proxy.node_port.port }} + {{ end }} + name: proxy + selector: + app: maas-region + {{ if .Values.network.proxy.node_port.enabled }} + type: NodePort + {{ end }} diff --git a/charts/maas/templates/statefulset-region.yaml b/charts/maas/templates/statefulset-region.yaml new file mode 100644 index 0000000..e31a3fb --- /dev/null +++ b/charts/maas/templates/statefulset-region.yaml @@ -0,0 +1,94 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.region_controller }} +{{- $mounts_maas_region := .Values.pod.mounts.maas_region.maas_region }} +{{- $mounts_maas_region_init := .Values.pod.mounts.maas_region.init_container }} +--- +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: maas-region +spec: + serviceName: maas-region-ui + replicas: {{ .Values.pod.replicas.region }} + template: + metadata: + labels: + app: maas-region + annotations: + spec: + affinity: +{{ tuple $envAll "maas" "region" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.region.node_selector_key }}: {{ .Values.labels.region.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies $mounts_maas_region_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: maas-region + image: {{ .Values.images.maas_region }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.maas_region | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + ports: + - name: r-ui + containerPort: {{ .Values.network.port.region_container }} + readinessProbe: + tcpSocket: + port: {{ .Values.network.port.region_container }} + securityContext: + privileged: true + command: + - /tmp/start.sh + volumeMounts: + - name: maas-region-secret + mountPath: /var/lib/maas/secret + subPath: REGION_SECRET + readOnly: true + - name: maas-etc + mountPath: /etc/bind/named.conf.options + subPath: named.conf.options + readOnly: true + - name: maas-etc + mountPath: /etc/maas/regiond.conf + subPath: regiond.conf + readOnly: true + - name: maas-etc + mountPath: /etc/maas/preseeds/curtin_userdata + subPath: curtin_userdata + readOnly: true + - name: maas-bin + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: maas-etc + mountPath: /etc/nsswitch.conf + subPath: nsswitch.conf + readOnly: true +{{- if $mounts_maas_region.volumeMounts }}{{ toYaml $mounts_maas_region.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: maas-etc + configMap: + name: maas-etc + defaultMode: 0444 + - name: maas-bin + configMap: + name: maas-bin + defaultMode: 0555 + - name: maas-region-secret + secret: + secretName: {{ .Values.secrets.maas_region.name }} +{{- if $mounts_maas_region.volumes }}{{ toYaml $mounts_maas_region.volumes | indent 8 }}{{ end }} diff --git a/charts/maas/values.yaml b/charts/maas/values.yaml new file mode 100644 index 0000000..f2e8367 --- /dev/null +++ b/charts/maas/values.yaml @@ -0,0 +1,263 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for maas. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +dependencies: + rack_controller: + jobs: + - maas-db-sync + services: + - service: maas_region_ui + endpoint: internal + region_controller: + jobs: + - maas-db-sync + services: + - service: maas_db + endpoint: internal + db_init: + services: + - service: maas_db + endpoint: internal + db_sync: + jobs: + - maas-db-init + bootstrap_admin_user: + jobs: + - maas-db-sync + services: + - service: maas_region_ui + endpoint: internal + - service: maas_db + endpoint: internal + import_resources: + jobs: + - maas-db-sync + services: + - service: maas_region_ui + endpoint: internal + - service: maas_db + endpoint: internal + export_api_key: + jobs: + - maas-db-sync + services: + - service: maas_region_ui + endpoint: internal + - service: maas_db + endpoint: internal + + +images: + db_init: docker.io/postgres:9.5 + db_sync: quay.io/attcomdev/maas-region:master + maas_rack: quay.io/attcomdev/maas-rack:master + maas_region: quay.io/attcomdev/maas-region:master + bootstrap: quay.io/attcomdev/maas-region:master + export_api_key: quay.io/attcomdev/maas-region:master + dep_check: docker.io/kolla/ubuntu-source-kubernetes-entrypoint:4.0.0 + pull_policy: IfNotPresent + +jobs: + import_boot_resources: + retry_timer: 10 + #default timeout: 15 minutes + timeout: 900 + +labels: + rack: + node_selector_key: ucp-control-plane + node_selector_value: enabled + region: + node_selector_key: ucp-control-plane + node_selector_value: enabled + +network: + proxy: + node_port: + enabled: true + port: 31800 + gui: + node_port: + enabled: true + port: 31900 + port: + region_container: 80 + service_gui: 80 + service_gui_target: 80 + service_proxy: 8000 + service_proxy_target: 8000 + db_service: 5432 + db_service_target: 5432 + +conf: + bind: + override: + append: + curtin: + override: + append: + maas: + override: + append: + url: + maas_url: null + ntp: + # Use external only points region and rack serves and deployed nodes directly + # at external NTP servers. Otherwise we have nodes -> rack -> region -> external + use_external_only: 'false' + ntp_servers: null + dns: + require_dnssec: 'no' + # These are upstream servers + dns_servers: null + proxy: + # If proxy_enabled is true and proxy_serer is null, then nodes will use + # MAAS region server as a proxy for Apt and region server will connect directly + # to repos + # If proxy_enabled is false, regin server and all ndoes will connect directly to + # pkg repos + # If proxy_enabled is true and proxy_server is set, then region server and all nodes + # will use the specified proxy_server to connect to pkg repos + proxy_enabled: 'false' + proxy_server: null + database: + database_name: maasdb + database_user: maas + database_password: password + credentials: + admin_username: admin + admin_password: admin + admin_email: support@nowhere.com + secret: + namespace: maas + name: maas-api-key + +secrets: + maas_db: + admin: maas-db-admin + user: maas-db-user + maas_region: + name: maas-region-secret + value: 3858f62230ac3c915f300c664312c63f + +pod: + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + mounts: + maas_rack: + init_container: null + maas_rack: + maas_region: + init_container: null + maas_region: + export_api_key: + init_container: null + export_api_key: + replicas: + rack: 1 + region: 1 + resources: + enabled: false + maas_rack: + limits: + memory: "128Mi" + cpu: "500m" + requests: + memory: "128Mi" + cpu: "500m" + maas_region: + limits: + memory: "128Mi" + cpu: "500m" + requests: + memory: "128Mi" + cpu: "500m" + jobs: + db_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + bootstrap_admin_user: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + import_resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + export_api_key: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +endpoints: + cluster_domain_suffix: cluster.local + maas_db: + auth: + admin: + username: postgres + password: password + user: + username: maas + password: password + path: maasdb + hosts: + default: postgresql + port: + postgresql: + default: 5432 + host_fqdn_override: + default: null + maas_region_ui: + name: maas-region-ui + hosts: + default: maas-region-ui + public: maas + path: + default: /MAAS + scheme: + default: 'http' + port: + region_ui: + default: 80 + public: 80 + host_fqdn_override: + default: null