Uplift Drydock to master Helm-Toolkit

Update the Drydock chart to be compatible with the latest Helm-Toolkit,
including taking advantage of some HTK manifest generation functionality
and updating the helm_tk.sh script to pull down master
openstack-helm-infra. Also update the default drydock image to point
to the current airshipit master rather than the old attcomdev in quay.

Change-Id: I9a818ae054361749ce16e9a6213fbeed82581f02
Co-Authored-By: Pete Birley <pete@port.direct>
Signed-off-by: Pete Birley <pete@port.direct>
This commit is contained in:
Matt McEuen 2018-08-23 17:12:18 -05:00 committed by Scott Hussey
parent 472fc0f232
commit 2bfb9c59cd
10 changed files with 94 additions and 229 deletions

View File

@ -15,9 +15,8 @@
{{- if .Values.manifests.deployment_drydock }}
{{- $envAll := . -}}
{{- $dependencies := .Values.dependencies.api }}
{{- $serviceAccountName := "drydock-api" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1beta1
kind: Deployment
@ -39,7 +38,7 @@ spec:
affinity:
{{ tuple $envAll "drydock" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{ tuple $envAll "api" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: drydock-api
env:
@ -85,6 +84,7 @@ spec:
mountPath: /root/.ssh/config
readOnly: true
{{- end }}
workingDir: /tmp/drydock
volumes:
{{- if .Values.manifests.secret_ssh_key }}
- name: root-ssh

View File

@ -16,9 +16,8 @@ limitations under the License.
{{- if .Values.manifests.job_drydock_db_init }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.db_init }}
{{- $serviceAccountName := "drydock-db-init" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
{{ tuple $envAll "db_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
@ -33,9 +32,9 @@ spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{ tuple $envAll "db_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: drydock-db-init
image: {{ .Values.images.tags.drydock_db_init | quote }}

View File

@ -16,9 +16,8 @@ limitations under the License.
{{- if .Values.manifests.job_drydock_db_sync }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.db_sync }}
{{- $serviceAccountName := "drydock-db-sync" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
{{ tuple $envAll "db_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
@ -33,9 +32,9 @@ spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{ tuple $envAll "db_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: drydock-db-sync
image: {{ .Values.images.tags.drydock_db_sync | quote }}
@ -54,6 +53,7 @@ spec:
mountPath: /tmp/db-sync.sh
subPath: db-sync.sh
readOnly: true
workingDir: /tmp/drydock
volumes:
- name: drydock-bin
configMap:

View File

@ -14,59 +14,6 @@
# limitations under the License. */}}
{{- if .Values.manifests.job_ks_endpoints }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ks_endpoints }}
{{- $serviceAccountName := "drydock-ks-endpoints" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: drydock-ks-endpoints
spec:
template:
metadata:
labels:
{{ tuple $envAll "drydock" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
{{- range $key1, $osServiceType := tuple "physicalprovisioner" }}
{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
- name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }}
image: {{ $envAll.Values.images.tags.ks_endpoints }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-endpoints.sh
volumeMounts:
- name: ks-endpoints-sh
mountPath: /tmp/ks-endpoints.sh
subPath: ks-endpoints.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: OS_SVC_ENDPOINT
value: {{ $osServiceEndPoint }}
- name: OS_SERVICE_NAME
value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
- name: OS_SERVICE_TYPE
value: {{ $osServiceType }}
- name: OS_SERVICE_ENDPOINT
value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
{{- end }}
{{- end }}
volumes:
- name: ks-endpoints-sh
configMap:
name: drydock-bin
defaultMode: 0555
...
{{- end -}}
{{- $ksServiceJob := dict "envAll" . "serviceName" "drydock" "serviceTypes" ( tuple "physicalprovisioner" ) -}}
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }}
{{- end }}

View File

@ -13,56 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License. */}}
{{- if .Values.manifests.job_ks_service -}}
{{- $envAll := . }}
{{- $ksAdminSecret := .Values.secrets.identity.admin }}
{{- $dependencies := .Values.dependencies.ks_service }}
{{- $serviceAccountName := "drydock-ks-service" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: drydock-ks-service
spec:
template:
metadata:
labels:
{{ tuple $envAll "drydock" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
{{- range $key1, $osServiceType := tuple "physicalprovisioner" }}
- name: {{ $osServiceType }}-ks-service-registration
image: {{ $envAll.Values.images.tags.ks_service }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_service | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-service.sh
volumeMounts:
- name: ks-service-sh
mountPath: /tmp/ks-service.sh
subPath: ks-service.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: OS_SERVICE_NAME
value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
- name: OS_SERVICE_TYPE
value: {{ $osServiceType }}
{{- end }}
volumes:
- name: ks-service-sh
configMap:
name: drydock-bin
defaultMode: 0555
...
{{- end -}}
{{- if .Values.manifests.job_ks_service }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "drydock" "serviceTypes" ( tuple "physicalprovisioner" ) -}}
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }}
{{- end }}

View File

@ -14,57 +14,6 @@
# limitations under the License. */}}
{{- if .Values.manifests.job_ks_user }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ks_user }}
{{- $serviceAccountName := "drydock-ks-user" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: drydock-ks-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "drydock" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: drydock-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- $ksUserJob := dict "envAll" . "serviceName" "drydock" -}}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: {{ $envAll.Values.endpoints.physicalprovisioner.name | quote }}
- name: SERVICE_OS_DOMAIN_NAME
value: {{ $envAll.Values.endpoints.identity.auth.user.project_domain_name | quote }}
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.user }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ $envAll.Values.endpoints.identity.auth.user.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: drydock-bin
defaultMode: 0555
...
{{- end -}}

View File

@ -15,7 +15,7 @@
*/}}
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "drydock" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

View File

@ -23,6 +23,6 @@ metadata:
type: Opaque
data:
PRIVATE_KEY: |-
{{ .Values.conf.ssh.private_key | b64enc | indent 4 }}
{{ .Values.conf.ssh.private_key | default "" | b64enc | indent 4 }}
...
{{- end }}

View File

@ -18,19 +18,29 @@ replicas:
drydock: 2
labels:
node_selector_key: ucp-control-plane
node_selector_value: enabled
api:
node_selector_key: ucp-control-plane
node_selector_value: enabled
job:
node_selector_key: ucp-control-plane
node_selector_value: enabled
images:
tags:
drydock: quay.io/attcomdev/drydock:1.0.1
drydock: quay.io/airshipit/drydock:master
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
ks_user: docker.io/openstackhelm/heat:newton
ks_service: docker.io/openstackhelm/heat:newton
ks_endpoints: docker.io/openstackhelm/heat:newton
drydock_db_init: docker.io/postgres:9.5
drydock_db_sync: quay.io/attcomdev/drydock:1.0.1
drydock_db_sync: quay.io/airshipit/drydock:master
pull_policy: "IfNotPresent"
#TODO(mattmceuen): This chart does not yet support local image caching
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
network:
api:
@ -113,7 +123,7 @@ manifests:
job_drydock_db_sync: true
secret_keystone: true
secret_database: true
secret_ssh_key: false
secret_ssh_key: true
configmap_etc: true
configmap_bin: true
service_drydock: true
@ -122,56 +132,57 @@ manifests:
test_drydock_auth: true
dependencies:
db_init:
services:
- service: postgresql
endpoint: internal
db_sync:
services:
- service: postgresql
endpoint: internal
jobs:
- drydock-db-init
ks_user:
services:
- service: identity
endpoint: internal
ks_service:
services:
- service: identity
endpoint: internal
ks_endpoints:
jobs:
- drydock-ks-service
services:
- service: identity
endpoint: internal
api:
jobs:
- drydock-ks-endpoints
- drydock-ks-user
- drydock-ks-endpoints
- drydock-db-init
- drydock-db-sync
services:
- service: identity
endpoint: internal
- service: postgresql
endpoint: internal
dynamic:
common:
local_image_registry:
jobs:
- drydock-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
db_init:
services:
- service: postgresql
endpoint: internal
db_sync:
services:
- service: postgresql
endpoint: internal
jobs:
- drydock-db-init
ks_user:
services:
- service: identity
endpoint: internal
ks_service:
services:
- service: identity
endpoint: internal
ks_endpoints:
jobs:
- drydock-ks-service
services:
- service: identity
endpoint: internal
api:
jobs:
- drydock-ks-endpoints
- drydock-ks-user
- drydock-ks-service
- drydock-db-init
- drydock-db-sync
services:
- service: identity
endpoint: internal
- service: postgresql
endpoint: internal
endpoints:
cluster_domain_suffix: cluster.local
identity:
name: keystone
auth:
user:
region_name: RegionOne
role: admin
project_name: service
project_domain_name: default
user_domain_name: default
username: drydock
password: password
admin:
region_name: RegionOne
project_name: admin
@ -179,6 +190,14 @@ endpoints:
username: admin
user_domain_name: default
project_domain_name: default
drydock:
region_name: RegionOne
role: admin
project_name: service
project_domain_name: default
user_domain_name: default
username: drydock
password: password
hosts:
default: keystone
internal: keystone-api
@ -229,7 +248,7 @@ endpoints:
secrets:
identity:
admin: drydock-keystone-admin
user: drydock-keystone-user
drydock: drydock-keystone-user
postgresql:
admin: drydock-postgresql-admin
user: drydock-postgresql-user

View File

@ -16,9 +16,9 @@
# Script to setup helm-toolkit and helm dep up the shipyard chart
#
HELM=$1
HTK_REPO=${HTK_REPO:-"https://github.com/openstack/openstack-helm"}
HTK_REPO=${HTK_REPO:-"https://github.com/openstack/openstack-helm-infra"}
HTK_PATH=${HTK_PATH:-""}
HTK_STABLE_COMMIT=${HTK_COMMIT:-"f902cd14fac7de4c4c9f7d019191268a6b4e9601"}
HTK_STABLE_COMMIT=${HTK_COMMIT:-"274b230dcc8960af4fe44a871addcb5aacef3dba"}
DEP_UP_LIST=${DEP_UP_LIST:-"drydock"}
BUILD_DIR=${BUILD_DIR:-$(mktemp -d)}
@ -36,7 +36,7 @@ function helm_serve {
if [[ -d "$HOME/.helm" ]]; then
echo ".helm directory found"
else
"${HELM}" init --client-only
${HELM} init --client-only --skip-refresh
fi
if [[ -z $(curl --noproxy '*' -s 127.0.0.1:8879 | grep 'Helm Repository') ]]; then
"${HELM}" serve & > /dev/null
@ -58,7 +58,7 @@ function helm_serve {
mkdir -p "$BUILD_DIR"
pushd "$BUILD_DIR"
git clone $HTK_REPO || true
pushd openstack-helm/$HTK_PATH
pushd openstack-helm-infra/$HTK_PATH
git reset --hard "${HTK_STABLE_COMMIT}"
helm_serve