From 8060aa9783080f46e3ca19fc8b0a3e36ec22895d Mon Sep 17 00:00:00 2001 From: Anthony Lin Date: Mon, 14 May 2018 14:12:03 +0000 Subject: [PATCH] Update HTK Path - OSH Infra Updated configurations to point to openstack-helm-infra for reference to helm-toolkit as helm-toolkit has been removed from the openstack-helm repo [0] Also aligned with changes to the keystone user set up in OSH using Helm ToolKit so as to get pass Helm Lint. [0] https://review.openstack.org/#/c/558065/ Change-Id: I10645c907565df4fd7920ae6ef0615348517f969 --- charts/promenade/templates/configmap-etc.yaml | 2 +- .../promenade/templates/job-ks-endpoints.yaml | 59 ++------------- .../promenade/templates/job-ks-service.yaml | 72 ++++--------------- charts/promenade/templates/job-ks-user.yaml | 59 ++------------- .../templates/secret-keystone-env.yaml | 2 +- .../templates/tests/test-promenade-api.yaml | 4 +- charts/promenade/values.yaml | 58 +++++++++------ examples/basic/armada-resources.yaml | 2 +- examples/complete/armada-resources.yaml | 2 +- .../bootstrap-armada-config.yaml | 2 +- tools/helm_tk.sh | 4 +- 11 files changed, 65 insertions(+), 201 deletions(-) diff --git a/charts/promenade/templates/configmap-etc.yaml b/charts/promenade/templates/configmap-etc.yaml index 27411764..6971cee5 100644 --- a/charts/promenade/templates/configmap-etc.yaml +++ b/charts/promenade/templates/configmap-etc.yaml @@ -27,7 +27,7 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.promenade.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -{{- $userIdentity := .Values.endpoints.identity.auth.user -}} +{{- $userIdentity := .Values.endpoints.identity.auth.promenade -}} {{- if empty .Values.conf.promenade.keystone_authtoken.project_name -}} {{- set .Values.conf.promenade.keystone_authtoken "project_name" $userIdentity.project_name | quote | trunc 0 -}} diff --git a/charts/promenade/templates/job-ks-endpoints.yaml b/charts/promenade/templates/job-ks-endpoints.yaml index 5f6279cd..6c9874e8 100644 --- a/charts/promenade/templates/job-ks-endpoints.yaml +++ b/charts/promenade/templates/job-ks-endpoints.yaml @@ -11,61 +11,10 @@ # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and -# limitations under the License. */}} +# limitations under the License. +*/}} {{- if .Values.manifests.job_ks_endpoints }} -{{- $envAll := . }} -{{- $dependencies := .Values.dependencies.ks_endpoints }} -{{- $serviceAccountName := "promenade-ks-endpoints" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: promenade-ks-endpoints -spec: - template: - metadata: - labels: -{{ tuple $envAll "promenade" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: -{{- range $key1, $osServiceType := tuple "kubernetesprovisioner" }} -{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} - - name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }} - image: {{ $envAll.Values.images.tags.ks_endpoints }} - imagePullPolicy: {{ $envAll.Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ks-endpoints.sh - volumeMounts: - - name: ks-endpoints-sh - mountPath: /tmp/ks-endpoints.sh - subPath: ks-endpoints.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - - name: OS_SVC_ENDPOINT - value: {{ $osServiceEndPoint }} - - name: OS_SERVICE_NAME - value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }} - - name: OS_SERVICE_TYPE - value: {{ $osServiceType }} - - name: OS_SERVICE_ENDPOINT - value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} -{{- end }} -{{- end }} - volumes: - - name: ks-endpoints-sh - configMap: - name: promenade-bin - defaultMode: 0555 +{{- $ksServiceJob := dict "envAll" . "serviceName" "promenade" "serviceTypes" ( tuple "kubernetesprovisioner" ) -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} {{- end -}} diff --git a/charts/promenade/templates/job-ks-service.yaml b/charts/promenade/templates/job-ks-service.yaml index 41e0ec87..785d51b8 100644 --- a/charts/promenade/templates/job-ks-service.yaml +++ b/charts/promenade/templates/job-ks-service.yaml @@ -1,66 +1,20 @@ {{/* -# copyright (c) 2017 at&t intellectual property. all rights reserved. +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. # -# licensed under the apache license, version 2.0 (the "license"); -# you may not use this file except in compliance with the license. -# you may obtain a copy of the license at +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at # -# http://www.apache.org/licenses/license-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # -# unless required by applicable law or agreed to in writing, software -# distributed under the license is distributed on an "as is" basis, -# without warranties or conditions of any kind, either express or implied. -# see the license for the specific language governing permissions and -# limitations under the license. */}} +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} {{- if .Values.manifests.job_ks_service -}} - -{{- $envAll := . }} -{{- $ksAdminSecret := .Values.secrets.identity.admin }} -{{- $dependencies := .Values.dependencies.ks_service }} -{{- $serviceAccountName := "promenade-ks-service" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: promenade-ks-service -spec: - template: - metadata: - labels: -{{ tuple $envAll "promenade" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: -{{- range $key1, $osServiceType := tuple "kubernetesprovisioner" }} - - name: {{ $osServiceType }}-ks-service-registration - image: {{ $envAll.Values.images.tags.ks_service }} - imagePullPolicy: {{ $envAll.Values.images.pull_policy }} - command: - - /tmp/ks-service.sh - volumeMounts: - - name: ks-service-sh - mountPath: /tmp/ks-service.sh - subPath: ks-service.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" $ksAdminSecret }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - - name: OS_SERVICE_NAME - value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }} - - name: OS_SERVICE_TYPE - value: {{ $osServiceType }} -{{- end }} - volumes: - - name: ks-service-sh - configMap: - name: promenade-bin - defaultMode: 0555 +{{- $ksServiceJob := dict "envAll" . "serviceName" "promenade" "serviceTypes" ( tuple "kubernetesprovisioner" ) -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} {{- end -}} diff --git a/charts/promenade/templates/job-ks-user.yaml b/charts/promenade/templates/job-ks-user.yaml index 38067a1c..98ef2e85 100644 --- a/charts/promenade/templates/job-ks-user.yaml +++ b/charts/promenade/templates/job-ks-user.yaml @@ -11,61 +11,10 @@ # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and -# limitations under the License. */}} +# limitations under the License. +*/}} {{- if .Values.manifests.job_ks_user }} - -{{- $ksAdminSecret := .Values.secrets.identity.admin }} -{{- $ksUserSecret := .Values.secrets.identity.user }} -{{- $envAll := . }} -{{- $dependencies := .Values.dependencies.ks_user }} -{{- $serviceAccountName := "promenade-ks-user" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: promenade-ks-user -spec: - template: - metadata: - labels: -{{ tuple $envAll "promenade" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: promenade-ks-user - image: {{ .Values.images.tags.ks_user }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ks-user.sh - volumeMounts: - - name: ks-user-sh - mountPath: /tmp/ks-user.sh - subPath: ks-user.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" $ksAdminSecret }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_SERVICE_NAME - value: {{ $envAll.Values.endpoints.kubernetesprovisioner.name | quote }} - - name: SERVICE_OS_DOMAIN_NAME - value: {{ $envAll.Values.endpoints.identity.auth.user.project_domain_name | quote }} -{{- with $env := dict "ksUserSecret" $ksUserSecret }} -{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_ROLE - value: {{ $envAll.Values.endpoints.identity.auth.user.role | quote }} - volumes: - - name: ks-user-sh - configMap: - name: promenade-bin - defaultMode: 0555 +{{- $ksUserJob := dict "envAll" . "serviceName" "promenade" -}} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} {{- end -}} diff --git a/charts/promenade/templates/secret-keystone-env.yaml b/charts/promenade/templates/secret-keystone-env.yaml index 94ea6e74..02ed3650 100644 --- a/charts/promenade/templates/secret-keystone-env.yaml +++ b/charts/promenade/templates/secret-keystone-env.yaml @@ -13,7 +13,7 @@ */}} {{- if .Values.manifests.secret_keystone }} {{- $envAll := . }} -{{- range $key1, $userClass := tuple "admin" "user" }} +{{- range $key1, $userClass := tuple "admin" "promenade" }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }} --- apiVersion: v1 diff --git a/charts/promenade/templates/tests/test-promenade-api.yaml b/charts/promenade/templates/tests/test-promenade-api.yaml index 37dcdd4a..f9d27b8e 100644 --- a/charts/promenade/templates/tests/test-promenade-api.yaml +++ b/charts/promenade/templates/tests/test-promenade-api.yaml @@ -17,7 +17,7 @@ Test that the API is up and the health endpoint returns a 2XX code */}} {{- if .Values.manifests.test_promenade_api }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.test }} +{{- $mounts_promenade_api_init := .Values.pod.mounts.promenade_api.init_container }} --- apiVersion: v1 kind: Pod @@ -28,7 +28,7 @@ metadata: spec: restartPolicy: Never initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }} +{{ tuple $envAll "test" $mounts_promenade_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: "{{ .Release.Name }}-api-test" env: diff --git a/charts/promenade/values.yaml b/charts/promenade/values.yaml index 9347ad6a..d51f888b 100644 --- a/charts/promenade/values.yaml +++ b/charts/promenade/values.yaml @@ -33,19 +33,23 @@ conf: images: tags: - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 promenade: quay.io/attcomdev/promenade:latest ks_user: docker.io/openstackhelm/heat:newton ks_service: docker.io/openstackhelm/heat:newton ks_endpoints: docker.io/openstackhelm/heat:newton - pull_policy: IfNotPresent - -dependencies: - test: - services: - - service: promenade-api + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 + image_repo_sync: docker.io/docker:17.07.0 + pull_policy: "IfNotPresent" + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync labels: + job: + node_selector_key: ucp-control-plane + node_selector_value: enabled node_selector_key: ucp-control-plane node_selector_value: enabled @@ -69,32 +73,36 @@ network: public: true dependencies: - ks_user: - services: - - service: identity - endpoint: internal - ks_service: - services: - - service: identity - endpoint: internal - ks_endpoints: - jobs: - - promenade-ks-service - services: - - service: identity - endpoint: internal + static: + test: + services: + - service: promenade-api + ks_user: + services: + - service: identity + endpoint: internal + ks_service: + services: + - service: identity + endpoint: internal + ks_endpoints: + jobs: + - promenade-ks-service + services: + - service: identity + endpoint: internal secrets: identity: admin: promenade-keystone-admin - user: promenade-keystone-user + promenade: promenade-keystone-user endpoints: cluster_domain_suffix: cluster.local identity: name: keystone auth: - user: + promenade: region_name: RegionOne role: admin project_name: service @@ -145,6 +153,10 @@ pod: default: preferredDuringSchedulingIgnoredDuringExecution topologyKey: default: kubernetes.io/hostname + mounts: + promenade_api: + init_container: null + promenade_api: env: promenade_api: # - name: http_proxy diff --git a/examples/basic/armada-resources.yaml b/examples/basic/armada-resources.yaml index 7a61236b..14051576 100644 --- a/examples/basic/armada-resources.yaml +++ b/examples/basic/armada-resources.yaml @@ -111,7 +111,7 @@ data: values: {} source: type: git - location: https://git.openstack.org/openstack/openstack-helm + location: https://git.openstack.org/openstack/openstack-helm-infra subpath: helm-toolkit reference: master dependencies: [] diff --git a/examples/complete/armada-resources.yaml b/examples/complete/armada-resources.yaml index 0c34a979..076c7d27 100644 --- a/examples/complete/armada-resources.yaml +++ b/examples/complete/armada-resources.yaml @@ -151,7 +151,7 @@ data: values: {} source: type: git - location: https://git.openstack.org/openstack/openstack-helm + location: https://git.openstack.org/openstack/openstack-helm-infra subpath: helm-toolkit reference: master dependencies: [] diff --git a/tools/gate/config-templates/bootstrap-armada-config.yaml b/tools/gate/config-templates/bootstrap-armada-config.yaml index e5374650..089238e8 100644 --- a/tools/gate/config-templates/bootstrap-armada-config.yaml +++ b/tools/gate/config-templates/bootstrap-armada-config.yaml @@ -106,7 +106,7 @@ data: values: {} source: type: git - location: https://git.openstack.org/openstack/openstack-helm + location: https://git.openstack.org/openstack/openstack-helm-infra subpath: helm-toolkit reference: master dependencies: [] diff --git a/tools/helm_tk.sh b/tools/helm_tk.sh index cae68db9..eede4b7d 100755 --- a/tools/helm_tk.sh +++ b/tools/helm_tk.sh @@ -58,8 +58,8 @@ ${HELM} repo add local http://localhost:8879/charts { cd "${SERVE_DIR}" - git clone --depth 1 https://git.openstack.org/openstack/openstack-helm.git || true - cd openstack-helm + git clone --depth 1 https://git.openstack.org/openstack/openstack-helm-infra.git || true + cd openstack-helm-infra make helm-toolkit }