airship
/
drydock
Code Issues Proposed changes

Drydock chart 

This PS migrates the Drydock chart into this repo.

Update chart with input from previous repo

- Remove default secret names for Keystone jobs
- Use endpoints section for defining ports in service manifest
- Use manifests section for enabling all deployed manifests

Add DB integration

- Introduction of postgresql endpoint for Postgresql
- Addition of db_init and db_sync jobs
- Addition of db-init.sh and db-sync.sh scripts
- Convert conf file to use helm-toolkit templater
- Add database connect string to rendered conf file

Fix copyright notices for AT&T compliance

Change-Id: I1676a41ddbbd05c38f68b2b787924fc973411413
This commit is contained in:
Larry Rensing 2017-06-08 19:07:33 +00:00 committed by Scott Hussey
parent d12ef71f9f
commit 50277a63ec
18 changed files with 1049 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
.helmignore Normal file
View File

@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

25
charts/drydock/Chart.yaml Normal file
View File

@ -0,0 +1,25 @@
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
description: A Helm chart for Drydock
name: drydock
version: 0.1.0
keywords:
- drydock
home: https://github.com/att-comdev/drydock
sources:
- https://github.com/att-comdev/aic-helm
maintainers:
- name: att-comdev

18
charts/drydock/requirements.yaml Executable file
View File

@ -0,0 +1,18 @@
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: 0.1.0

43
charts/drydock/templates/bin/_db-init.sh.tpl Normal file
View File

@ -0,0 +1,43 @@
#!/bin/bash
{{/*
Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
export HOME=/tmp
pgsql_superuser_cmd () {
DB_COMMAND="$1"
if [[ ! -z $2 ]]; then
EXPORT PGDATABASE=$2
fi
psql \
-h $DB_FQDN \
-p $DB_PORT \
-U ${ROOT_DB_USER} \
--command="${DB_COMMAND}"
}
# Create db
pgsql_superuser_cmd "SELECT 1 FROM pg_database WHERE datname = '$DB_NAME';" | grep -q 1 || pgsql_superuser_cmd "CREATE DATABASE $DB_NAME;"
# Create db user
pgsql_superuser_cmd "SELECT * FROM pg_roles WHERE rolname = '$DB_USER';" | tail -n +3 | head -n -2 | grep -q 1 || \
pgsql_superuser_cmd "CREATE ROLE ${DB_USER} LOGIN PASSWORD '$DB_PASS';"
# Grant permissions to user
pgsql_superuser_cmd "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME to $DB_USER;"

21
charts/drydock/templates/bin/_db-sync.sh.tpl Normal file
View File

@ -0,0 +1,21 @@
#!/bin/bash
{{/*
Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
alembic upgrade head

36
charts/drydock/templates/configmap-bin.yaml Executable file
View File

@ -0,0 +1,36 @@
{{/*
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License. */}}
{{- if .Values.manifests.configmap_bin }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: drydock-bin
data:
ks-service.sh: |
{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }}
ks-endpoints.sh: |
{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
ks-user.sh: |
{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
ks-domain-user.sh: |
{{- include "helm-toolkit.scripts.keystone_domain_user" . | indent 4 }}
db-init.sh: |+
{{ tuple "bin/_db-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
db-sync.sh: |+
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
...
{{- end -}}

79
charts/drydock/templates/configmap-etc.yaml Normal file
View File

@ -0,0 +1,79 @@
{{/*
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License. */}}
{{- if .Values.manifests.configmap_etc }}
{{- $envAll := . }}
# Render Database connection string if it is not explicitly configured
{{- if empty .Values.conf.drydock.database.database_connect_string -}}
{{- tuple "postgresql" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.drydock.database "database_connect_string" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.drydock.keystone_authtoken.auth_uri -}}
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.drydock.keystone_authtoken "auth_uri" | quote | trunc 0 -}}
{{- end -}}
# FIXME(sh8121att) fix for broken keystonemiddleware oslo config gen in newton - will remove in future
{{- if empty .Values.conf.drydock.keystone_authtoken.auth_url -}}
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.drydock.keystone_authtoken "auth_url" | quote | trunc 0 -}}
{{- end -}}
{{- $userIdentity := .Values.endpoints.identity.auth.user -}}
{{- if empty .Values.conf.drydock.keystone_authtoken.project_name -}}
{{- set .Values.conf.drydock.keystone_authtoken "project_name" $userIdentity.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.drydock.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.drydock.keystone_authtoken "project_domain_name" $userIdentity.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.drydock.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.drydock.keystone_authtoken "user_domain_name" $userIdentity.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.drydock.keystone_authtoken.username -}}
{{- set .Values.conf.drydock.keystone_authtoken "username" $userIdentity.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.drydock.keystone_authtoken.password -}}
{{- set .Values.conf.drydock.keystone_authtoken "password" $userIdentity.password | quote | trunc 0 -}}
{{- end -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: drydock-etc
data:
drydock.conf: |+
{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.drydock | indent 4 }}
api-paste.ini: |+
{{ if .Values.conf.paste.override -}}
{{ .Values.conf.paste.override | indent 4 }}
{{- else -}}
{{- if .Values.conf.paste.prefix -}}
{{ .Values.conf.paste.prefix | indent 4 }}
{{- end }}
{{ tuple "etc/_api-paste.ini.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- if .Values.conf.paste.append -}}
{{ .Values.conf.paste.append | indent 4 }}
{{- end }}
{{- end }}
policy.yaml: |+
{{ if .Values.conf.policy.override -}}
{{ .Values.conf.policy.override | indent 4 }}
{{- else -}}
{{ tuple "etc/_policy.yaml.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}
...
{{- end }}

82
charts/drydock/templates/deployment.yaml Normal file
View File

@ -0,0 +1,82 @@
{{/*
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License. */}}
{{- if .Values.manifests.deployment_drydock }}
{{- $envAll := . -}}
{{- $dependencies := .Values.dependencies.api }}
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: drydock-api
spec:
replicas: {{ .Values.replicas.drydock }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "drydock" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
restartPolicy: Always
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: drydock-api
env:
- name: 'MAAS_API_KEY'
valueFrom:
secretKeyRef:
name: 'maas-api-key'
key: 'token'
image: {{ .Values.images.drydock }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
ports:
- name: drydock-api
containerPort: {{ tuple "physicalprovisioner" "default" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
volumeMounts:
- name: etc-drydock
mountPath: /etc/drydock
- name: drydock-etc
subPath: drydock.conf
mountPath: /etc/drydock/drydock.conf
readOnly: true
- name: drydock-etc
subPath: api-paste.ini
mountPath: /etc/drydock/api-paste.ini
readOnly: true
- name: drydock-etc
subPath: policy.yaml
mountPath: /etc/drydock/policy.yaml
readOnly: true
- name: drydock-bootdata
mountPath: /etc/drydock/bootdata
readOnly: true
volumes:
- name: etc-drydock
emptyDir: {}
- name: drydock-etc
configMap:
name: drydock-etc
defaultMode: 0444
- name: drydock-bootdata
configMap:
name: promenade-join-sh
defaultMode: 0555
...
{{- end }}

21
charts/drydock/templates/etc/_api-paste.ini.tpl Executable file
View File

@ -0,0 +1,21 @@
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[app:drydock-api]
paste.app_factory = drydock_provisioner.drydock:paste_start_drydock
[pipeline:main]
pipeline = authtoken drydock-api
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory

46
charts/drydock/templates/etc/_policy.yaml.tpl Executable file
View File

@ -0,0 +1,46 @@
# Actions requiring admin authority
#"admin_required": "role:admin or is_admin:1"
# Get task status
# GET /api/v1.0/tasks
# GET /api/v1.0/tasks/{task_id}
#"physical_provisioner:read_task": "role:admin"
# Create validate_design task
# POST /api/v1.0/tasks
#"physical_provisioner:validate_design": "role:admin"
# Create verify_site task
# POST /api/v1.0/tasks
#"physical_provisioner:verify_site": "role:admin"
# Create prepare_site task
# POST /api/v1.0/tasks
#"physical_provisioner:prepare_site": "role:admin"
# Create verify_node task
# POST /api/v1.0/tasks
#"physical_provisioner:verify_node": "role:admin"
# Create prepare_node task
# POST /api/v1.0/tasks
#"physical_provisioner:prepare_node": "role:admin"
# Create deploy_node task
# POST /api/v1.0/tasks
#"physical_provisioner:deploy_node": "role:admin"
# Create destroy_node task
# POST /api/v1.0/tasks
#"physical_provisioner:destroy_node": "role:admin"
# Read loaded design data
# GET /api/v1.0/designs
# GET /api/v1.0/designs/{design_id}
#"physical_provisioner:read_data": "role:admin"
# Load design data
# POST /api/v1.0/designs
# POST /api/v1.0/designs/{design_id}/parts
#"physical_provisioner:ingest_data": "role:admin"

58
charts/drydock/templates/job-drydock-db-init.yaml Normal file
View File

@ -0,0 +1,58 @@
{{/*
Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_drydock_db_sync }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.db_sync }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: drydock-db-sync
spec:
template:
metadata:
labels:
{{ tuple $envAll "drydock" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: drydock-db-sync
image: {{ .Values.images.drydock_db_sync | quote }}
imagePullPolicy: {{ .Values.images.pull_policy | quote }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.drydock_db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: DRYDOCK_DB_URL
value: {{ tuple "postgresql" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | quote }}
command:
- /tmp/db-sync.sh
volumeMounts:
- name: drydock-bin
mountPath: /tmp/db-sync.sh
subPath: db-sync.sh
readOnly: true
volumes:
- name: drydock-bin
configMap:
name: drydock-bin
defaultMode: 0555
...
{{- end }}

68
charts/drydock/templates/job-drydock-db-sync.yaml Normal file
View File

@ -0,0 +1,68 @@
{{/*
Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_drydock_db_init }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.db_init }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: drydock-db-init
spec:
template:
metadata:
labels:
{{ tuple $envAll "drydock" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: drydock-db-init
image: {{ .Values.images.drydock_db_init | quote }}
imagePullPolicy: {{ .Values.images.pull_policy | quote }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.drydock_db_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: DB_NAME
value: {{ .Values.database.postgresql.db_name | quote }}
- name: DB_USER
value: {{ .Values.endpoints.postgresql.auth.user.username | quote }}
- name: DB_PASS
value: {{ .Values.endpoints.postgresql.auth.user.password | quote}}
- name: DB_FQDN
value: {{ tuple "postgresql" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" | quote}}
- name: DB_PORT
value: {{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: ROOT_DB_USER
value: {{ .Values.endpoints.postgresql.auth.admin.username | quote }}
command:
- /tmp/db-init.sh
volumeMounts:
- name: drydock-bin
mountPath: /tmp/db-init.sh
subPath: db-init.sh
readOnly: true
volumes:
- name: drydock-bin
configMap:
name: drydock-bin
defaultMode: 0555
...
{{- end }}

70
charts/drydock/templates/job-ks-endpoints.yaml Executable file
View File

@ -0,0 +1,70 @@
{{/*
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License. */}}
{{- if .Values.manifests.job_ks_endpoints }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ks_endpoints }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: drydock-ks-endpoints
spec:
template:
metadata:
labels:
{{ tuple $envAll "drydock" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
{{- range $key1, $osServiceType := tuple "physicalprovisioner" }}
{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
- name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }}
image: {{ $envAll.Values.images.ks_endpoints }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-endpoints.sh
volumeMounts:
- name: ks-endpoints-sh
mountPath: /tmp/ks-endpoints.sh
subPath: ks-endpoints.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: OS_SVC_ENDPOINT
value: {{ $osServiceEndPoint }}
- name: OS_SERVICE_NAME
value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
- name: OS_SERVICE_TYPE
value: {{ $osServiceType }}
- name: OS_SERVICE_ENDPOINT
value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
{{- end }}
{{- end }}
volumes:
- name: ks-endpoints-sh
configMap:
name: drydock-bin
defaultMode: 0555
...
{{- end -}}

64
charts/drydock/templates/job-ks-service.yaml Executable file
View File

@ -0,0 +1,64 @@
{{/*
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License. */}}
{{- if .Values.manifests.job_ks_service -}}
{{- $envAll := . }}
{{- $ksAdminSecret := .Values.secrets.identity.admin }}
{{- $dependencies := .Values.dependencies.ks_service }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: drydock-ks-service
spec:
template:
metadata:
labels:
{{ tuple $envAll "drydock" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
{{- range $key1, $osServiceType := tuple "physicalprovisioner" }}
- name: {{ $osServiceType }}-ks-service-registration
image: {{ $envAll.Values.images.ks_service }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
command:
- /tmp/ks-service.sh
volumeMounts:
- name: ks-service-sh
mountPath: /tmp/ks-service.sh
subPath: ks-service.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: OS_SERVICE_NAME
value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
- name: OS_SERVICE_TYPE
value: {{ $osServiceType }}
{{- end }}
volumes:
- name: ks-service-sh
configMap:
name: drydock-bin
defaultMode: 0555
...
{{- end -}}

67
charts/drydock/templates/job-ks-user.yaml Executable file
View File

@ -0,0 +1,67 @@
{{/*
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License. */}}
{{- if .Values.manifests.job_ks_user }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ks_user }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: drydock-ks-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "drydock" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: drydock-ks-user
image: {{ .Values.images.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: {{ $envAll.Values.endpoints.physicalprovisioner.name | quote }}
- name: SERVICE_OS_DOMAIN_NAME
value: {{ $envAll.Values.endpoints.identity.auth.user.project_domain_name | quote }}
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.user }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ $envAll.Values.endpoints.identity.auth.user.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: drydock-bin
defaultMode: 0555
...
{{- end -}}

30
charts/drydock/templates/secret-keystone-env.yaml Executable file
View File

@ -0,0 +1,30 @@
{{/*
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 }}
...
{{- end }}
{{- end }}

33
charts/drydock/templates/service.yaml Normal file
View File

@ -0,0 +1,33 @@
{{/* # Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License. */}}
{{- if .Values.manifests.service_drydock }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "physicalprovisioner" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: drydock-api
port: {{ tuple "physicalprovisioner" "default" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ if .Values.network.api.nodeport.enabled }}
nodePort: {{ tuple "physicalprovisioner" "nodeport" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ end }}
selector:
{{ tuple . "drydock" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ if .Values.network.api.nodeport.enabled }}
type: NodePort
{{ end }}
...
{{- end -}}

267
charts/drydock/values.yaml Normal file
View File

@ -0,0 +1,267 @@
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This file provides defaults for drydock
replicas:
drydock: 2
labels:
node_selector_key: ucp-control-plane
node_selector_value: enabled
images:
drydock: quay.io/attcomdev/drydock:1.0.1
dep_check: docker.io/kolla/ubuntu-source-kubernetes-entrypoint:4.0.0
ks_user: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
ks_service: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
ks_endpoints: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
drydock_db_init: docker.io/postgres:9.5
drydock_db_sync: quay.io/attcomdev/drydock:1.0.1
pull_policy: "IfNotPresent"
network:
api:
nodeport:
enabled: true
pod:
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
resources:
enabled: false
api:
limits:
memory: "128Mi"
cpu: "100m"
requests:
memory: "128Mi"
cpu: "100m"
jobs:
ks_user:
limits:
memory: "128Mi"
cpu: "100m"
requests:
memory: "128Mi"
cpu: "100m"
ks_service:
limits:
memory: "128Mi"
cpu: "100m"
requests:
memory: "128Mi"
cpu: "100m"
ks_endpoints:
limits:
memory: "128Mi"
cpu: "100m"
requests:
memory: "128Mi"
cpu: "100m"
drydock_db_sync:
limits:
memory: "128Mi"
cpu: "100m"
requests:
memory: "128Mi"
cpu: "100m"
drydock_db_init:
limits:
memory: "128Mi"
cpu: "100m"
requests:
memory: "128Mi"
cpu: "100m"
manifests:
job_ks_service: true
job_ks_user: true
job_ks_endpoints: true
job_drydock_db_init: true
job_drydock_db_sync: true
secret_keystone: true
configmap_etc: true
configmap_bin: true
service_drydock: true
deployment_drydock: true
dependencies:
db_init:
services:
- service: postgresql
endpoint: internal
db_sync:
services:
- service: postgresql
endpoint: internal
jobs:
- drydock-db-init
ks_user:
services:
- service: identity
endpoint: internal
ks_service:
services:
- service: identity
endpoint: internal
ks_endpoints:
jobs:
- drydock-ks-service
services:
- service: identity
endpoint: internal
api:
jobs:
- drydock-ks-endpoints
- drydock-ks-user
- drydock-ks-endpoints
- drydock-db-init
- drydock-db-sync
services:
- service: identity
endpoint: internal
- service: postgresql
endpoint: internal
endpoints:
cluster_domain_suffix: cluster.local
identity:
name: keystone
auth:
user:
region_name: RegionOne
role: admin
project_name: service
project_domain_name: default
user_domain_name: default
username: drydock
password: password
admin:
region_name: RegionOne
project_name: admin
password: password
username: admin
user_domain_name: default
project_domain_name: default
hosts:
default: keystone-api
public: keystone
host_fqdn_override:
default: null
path:
default: /v3
scheme:
default: http
port:
admin:
default: 35357
api:
default: 80
physicalprovisioner:
name: drydock
hosts:
default: drydock-api
port:
api:
default: 9000
nodeport: 31900
path:
default: /api/v1.0
scheme:
default: http
host_fqdn_override:
default: null
postgresql:
name: postgresql
auth:
admin:
username: postgres
password: password
user:
username: drydock
password: password
hosts:
default: postgresql
path: /drydock
scheme: postgresql+psycopg2
port:
postgresql:
default: 5432
host_fqdn_override:
default: null
secrets:
identity:
admin: drydock-keystone-admin
user: drydock-keystone-user
database:
postgresql:
db_name: drydock
# Settings for drydock.conf
conf:
drydock:
logging:
log_level: 'DEBUG'
global_logger_name: 'drydock'
oobdriver_logger_name: '${global_logger_name}.oobdriver'
nodedriver_logger_name: '${global_logger_name}.nodedriver'
control_logger_name: '${global_logger_name}.control'
maasdriver:
maas_api_key: 'override_this'
maas_api_url: 'override_this'
plugins:
ingester:
- 'drydock_provisioner.ingester.plugins.yaml.YamlIngester'
oob_driver:
- 'drydock_provisioner.drivers.oob.pyghmi_driver.driver.PyghmiDriver'
- 'drydock_provisioner.drivers.oob.manual_driver.driver.ManualDriver'
node_driver: 'drydock_provisioner.drivers.node.maasdriver.driver.MaasNodeDriver'
timeouts:
drydock_timeout: 5
create_network_template: 2
identify_node: 10
configure_hardware: 30
apply_node_networking: 5
apply_node_platform: 5
deploy_node: 45
bootdata:
prom_init: '/etc/drydock/bootdata/join.sh'
keystone_authtoken:
delay_auth_decision: true
auth_type: password
auth_section: keystone_authtoken
database:
database_connect_string: null
# end drydock.conf
# configs for api-paste.ini
paste:
override:
append:
# end api-paste.ini
# configs for policy.yaml
policy:
override:
append:
# end policy.yaml