summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorScott Hussey <sh8121@att.com>2018-10-03 16:52:59 -0500
committerScott Hussey <sthussey@att.com>2018-11-05 21:08:15 +0000
commit1c0485e3e63c916c2896fa6bb629da7875d7be66 (patch)
tree411c4639a1d10a4eddb73177cdd49aacaef398ee
parent66eb874e63a6d276baf4967dbb91ff3f0aefaf62 (diff)
Support MAAS HA
- Create two replicas of rack and region pods - Use required anti-affinity between rack pods - Remove the MAAS ingress controller from the rack pod and into dedicated deployment - Update rack registration script to harvest the systemid from the underlying host when available Change-Id: I41e21b7bb5256d04b37a70fbd2088c617b5d239a
Notes
Notes (review): Code-Review+2: Bryan Strassner <bryan.strassner@gmail.com> Code-Review+1: Dan Crank <dan.no@att.com> Code-Review+2: Mark Burnett <mark.m.burnett@gmail.com> Workflow+1: Scott Hussey <sthussey@att.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Mon, 05 Nov 2018 21:30:07 +0000 Reviewed-on: https://review.openstack.org/607725 Project: openstack/airship-maas Branch: refs/heads/master
-rw-r--r--charts/maas/templates/bin/_register-rack-controller.sh.tpl79
-rw-r--r--charts/maas/templates/configmap-ingress.yaml2
-rw-r--r--charts/maas/templates/deployment-maas-ingress.yaml267
-rw-r--r--charts/maas/templates/service-ingress-error.yaml2
-rw-r--r--charts/maas/templates/statefulset-rack.yaml218
-rw-r--r--charts/maas/values.yaml15
-rw-r--r--images/maas-rack-controller/Dockerfile7
7 files changed, 362 insertions, 228 deletions
diff --git a/charts/maas/templates/bin/_register-rack-controller.sh.tpl b/charts/maas/templates/bin/_register-rack-controller.sh.tpl
index 85256e9..3280643 100644
--- a/charts/maas/templates/bin/_register-rack-controller.sh.tpl
+++ b/charts/maas/templates/bin/_register-rack-controller.sh.tpl
@@ -2,23 +2,80 @@
2 2
3set -x 3set -x
4 4
5if [[ -r ~maas/maas_id && -r ~maas/secret ]] 5# Path where the host's cloud-init data is mounted
6then 6# to source the maas system_id
7 echo "Found existing maas_id and secret, assuming already registered." 7HOST_MOUNT_PATH=${HOST_MOUNT_PATH:-"/host_cloud-init/"}
8 exit 0 8
9fi 9unregister_maas_rack() {
10 sys_id="$1"
11 echo "Deregister this pod as MAAS rack controller ${sys_id}."
12 maas login local "$MAAS_ENDPOINT" "$MAAS_API_KEY"
13 maas local rack-controller delete "$sys_id"
14 rm -f ~maas/maas_id
15 rm -f ~maas/secret
16}
10 17
11echo "register-rack-controller URL: ${MAAS_ENDPOINT}" 18register_maas_rack() {
19 sys_id=${1:-""}
20 echo "register-rack-controller URL: ${MAAS_ENDPOINT}"
12 21
13# register forever 22 if [[ ! -z "$sys_id" ]]
14while [ 1 ]; 23 then
15do 24 echo "Using provided system id ${sys_id}."
25 echo "$sys_id" > ~maas/maas_id
26 fi
27
28 # register forever
29 while [ 1 ];
30 do
16 if maas-rack register --url=${MAAS_ENDPOINT} --secret="${MAAS_REGION_SECRET}"; 31 if maas-rack register --url=${MAAS_ENDPOINT} --secret="${MAAS_REGION_SECRET}";
17 then 32 then
18 echo "Successfully registered with MaaS Region Controller" 33 echo "Successfully registered with MaaS Region Controller"
19 break 34 break
20 else 35 else
21 echo "Unable to register with ${MAAS_ENDPOINT}... will try again" 36 echo "Unable to register with ${MAAS_ENDPOINT}... will try again"
22 sleep 10 37 sleep 30
23 fi; 38 fi;
24done; 39 done;
40}
41
42get_host_identity() {
43 # Check if the underlying host was deployed by MAAS
44 if [[ -r "${HOST_MOUNT_PATH}/instance-data.json" ]]
45 then
46 grep -E 'instance-id' "${HOST_MOUNT_PATH}/instance-data.json" | head -1 | tr -d ' ",' | cut -d: -f 2
47 else
48 echo ""
49 fi
50}
51
52get_pod_identity() {
53 if [[ -r ~maas/maas_id ]]
54 then
55 cat ~maas/maas_id
56 else
57 echo ""
58 fi
59}
60
61HOST_SYSTEM_ID=$(get_host_identity)
62POD_SYSTEM_ID=$(get_pod_identity)
63
64# This Pod state already has a MAAS identity
65if [[ ! -z "$POD_SYSTEM_ID" ]]
66then
67 # If the pod maas identity doesn't match the
68 # host maas identity, unregister the pod identity
69 # as a rack controller
70 if [[ "$HOST_SYSTEM_ID" != "$POD_SYSTEM_ID" ]]
71 then
72 unregister_maas_rack "$POD_SYSTEM_ID"
73 register_maas_rack "$HOST_SYTEM_ID"
74 else
75 echo "Found existing maas_id, assuming already registered."
76 fi
77
78 exit 0
79else
80 register_maas_rack
81fi
diff --git a/charts/maas/templates/configmap-ingress.yaml b/charts/maas/templates/configmap-ingress.yaml
index e289e27..d2dde34 100644
--- a/charts/maas/templates/configmap-ingress.yaml
+++ b/charts/maas/templates/configmap-ingress.yaml
@@ -33,6 +33,6 @@ metadata:
33data: 33data:
34 enable-underscores-in-headers: "true" 34 enable-underscores-in-headers: "true"
35 bind-address: {{ index $bind_address_cidr 0 | quote }} 35 bind-address: {{ index $bind_address_cidr 0 | quote }}
36 diable-ipv6: "true" 36 disable-ipv6: "true"
37... 37...
38{{- end }} 38{{- end }}
diff --git a/charts/maas/templates/deployment-maas-ingress.yaml b/charts/maas/templates/deployment-maas-ingress.yaml
new file mode 100644
index 0000000..a46e597
--- /dev/null
+++ b/charts/maas/templates/deployment-maas-ingress.yaml
@@ -0,0 +1,267 @@
1
2{{/*
3Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
4
5Licensed under the Apache License, Version 2.0 (the "License");
6you may not use this file except in compliance with the License.
7You may obtain a copy of the License at
8
9 http://www.apache.org/licenses/LICENSE-2.0
10
11Unless required by applicable law or agreed to in writing, software
12distributed under the License is distributed on an "AS IS" BASIS,
13WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14See the License for the specific language governing permissions and
15limitations under the License.
16*/}}
17
18{{- if .Values.manifests.maas_ingress }}
19{{- $envAll := . }}
20{{- $serviceAccountName := "maas-ingress" }}
21{{- $mounts_maas_ingress := .Values.pod.mounts.maas_ingress }}
22{{- $mounts_maas_ingress_init := .Values.pod.mounts.maas_ingress.init_container }}
23
24{{ tuple $envAll "maas_ingress" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
25---
26apiVersion: rbac.authorization.k8s.io/v1beta1
27kind: ClusterRole
28metadata:
29 name: {{ $serviceAccountName }}
30rules:
31 - apiGroups:
32 - ""
33 resources:
34 - configmaps
35 - endpoints
36 - nodes
37 - pods
38 - secrets
39 verbs:
40 - list
41 - watch
42 - apiGroups:
43 - ""
44 resources:
45 - nodes
46 verbs:
47 - get
48 - apiGroups:
49 - ""
50 resources:
51 - services
52 verbs:
53 - get
54 - list
55 - watch
56 - apiGroups:
57 - "extensions"
58 resources:
59 - ingresses
60 verbs:
61 - get
62 - list
63 - watch
64 - apiGroups:
65 - ""
66 resources:
67 - events
68 verbs:
69 - create
70 - patch
71 - apiGroups:
72 - "extensions"
73 resources:
74 - ingresses/status
75 verbs:
76 - update
77---
78apiVersion: rbac.authorization.k8s.io/v1beta1
79kind: ClusterRoleBinding
80metadata:
81 name: {{ $serviceAccountName }}
82roleRef:
83 apiGroup: rbac.authorization.k8s.io
84 kind: ClusterRole
85 name: {{ $serviceAccountName }}
86subjects:
87 - kind: ServiceAccount
88 name: {{ $serviceAccountName }}
89 namespace: {{ $envAll.Release.Namespace }}
90---
91apiVersion: rbac.authorization.k8s.io/v1beta1
92kind: Role
93metadata:
94 name: {{ $serviceAccountName }}
95 namespace: {{ $envAll.Release.Namespace }}
96rules:
97 - apiGroups:
98 - ""
99 resources:
100 - configmaps
101 - pods
102 - secrets
103 - namespaces
104 verbs:
105 - get
106 - apiGroups:
107 - ""
108 resources:
109 - configmaps
110 resourceNames:
111 - {{ printf "%s-maas-ingress" .Release.Name | quote }}
112 verbs:
113 - get
114 - update
115 - apiGroups:
116 - ""
117 resources:
118 - configmaps
119 verbs:
120 - create
121 - apiGroups:
122 - ""
123 resources:
124 - endpoints
125 verbs:
126 - get
127 - create
128 - update
129---
130apiVersion: rbac.authorization.k8s.io/v1beta1
131kind: RoleBinding
132metadata:
133 name: {{ $serviceAccountName }}
134 namespace: {{ $envAll.Release.Namespace }}
135roleRef:
136 apiGroup: rbac.authorization.k8s.io
137 kind: Role
138 name: {{ $serviceAccountName }}
139subjects:
140 - kind: ServiceAccount
141 name: {{ $serviceAccountName }}
142 namespace: {{ $envAll.Release.Namespace }}
143---
144---
145apiVersion: apps/v1beta1
146kind: Deployment
147metadata:
148 name: maas-ingress
149 annotations:
150 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
151spec:
152 replicas: {{ .Values.pod.replicas.ingress }}
153 template:
154 metadata:
155 labels:
156{{ tuple $envAll "maas" "ingress" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
157 annotations:
158 configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
159 configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
160 spec:
161 serviceAccountName: {{ $serviceAccountName }}
162 affinity:
163{{- tuple $envAll "maas" "ingress" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
164 nodeSelector:
165 {{ .Values.labels.ingress.node_selector_key }}: {{ .Values.labels.rack.node_selector_value }}
166 hostNetwork: true
167 dnsPolicy: ClusterFirstWithHostNet
168 initContainers:
169{{ tuple $envAll "maas_ingress" $mounts_maas_ingress_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
170 - name: maas-ingress-vip-init
171 image: {{ .Values.images.tags.ingress }}
172 imagePullPolicy: {{ .Values.images.pull_policy }}
173{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
174 securityContext:
175 capabilities:
176 add:
177 - 'NET_ADMIN'
178 - 'SYS_MODULE'
179 runAsUser: 0
180 command:
181 - /tmp/maas-vip-configure.sh
182 - start
183 env:
184{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.maas_ingress | indent 12 }}
185 volumeMounts:
186 - mountPath: /tmp/maas-vip-configure.sh
187 name: maas-bin
188 subPath: maas-vip-configure
189 readOnly: true
190 - mountPath: /mnt/host-rootfs
191 name: host-rootfs
192 readOnly: true
193 containers:
194 - name: maas-ingress-vip
195 image: {{ .Values.images.tags.ingress }}
196 imagePullPolicy: {{ .Values.images.pull_policy }}
197{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
198 securityContext:
199 capabilities:
200 add:
201 - 'NET_ADMIN'
202 runAsUser: 0
203 command:
204 - /tmp/maas-vip-configure.sh
205 - sleep
206 env:
207{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.maas_ingress | indent 12 }}
208 volumeMounts:
209 - mountPath: /tmp/maas-vip-configure.sh
210 name: maas-bin
211 subPath: maas-vip-configure
212 readOnly: true
213 lifecycle:
214 preStop:
215 exec:
216 command:
217 - /tmp/maas-vip-configure.sh
218 - stop
219 - name: maas-ingress
220 image: {{ .Values.images.tags.ingress }}
221 imagePullPolicy: {{ .Values.images.pull_policy }}
222{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
223 securityContext:
224 capabilities:
225 add:
226 - 'NET_BIND_SERVICE'
227 runAsUser: 0
228 command:
229 - /tmp/maas-ingress.sh
230 - start
231 env:
232 - name: POD_NAMESPACE
233 valueFrom:
234 fieldRef:
235 fieldPath: metadata.namespace
236 - name: POD_NAME
237 valueFrom:
238 fieldRef:
239 fieldPath: metadata.name
240 - name: RELEASE_NAME
241 value: {{ .Release.Name | quote }}
242 - name: HTTP_PORT
243 value: "8808"
244 - name: HTTPS_PORT
245 value: "8543"
246 - name: HEALTHZ_PORT
247 value: {{ tuple "maas_ingress" "podport" "healthz" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
248 - name: STATUS_PORT
249 value: {{ tuple "maas_ingress" "podport" "status" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
250 - name: ERROR_PAGE_SERVICE
251 value: {{ tuple "maas_ingress" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | quote }}
252 volumeMounts:
253 - mountPath: /tmp/maas-ingress.sh
254 name: maas-bin
255 subPath: maas-ingress
256 readOnly: true
257{{ if $mounts_maas_ingress.volumeMounts }}{{ toYaml $mounts_maas_ingress.volumeMounts | indent 12 }}{{ end }}
258 volumes:
259 - name: maas-bin
260 configMap:
261 name: maas-bin
262 defaultMode: 0555
263 - name: host-rootfs
264 hostPath:
265 path: /
266{{ if $mounts_maas_ingress.volumes }}{{ toYaml $mounts_maas_ingress.volumes | indent 8 }}{{ end }}
267{{- end }}
diff --git a/charts/maas/templates/service-ingress-error.yaml b/charts/maas/templates/service-ingress-error.yaml
index 4ff0712..fd9bfb0 100644
--- a/charts/maas/templates/service-ingress-error.yaml
+++ b/charts/maas/templates/service-ingress-error.yaml
@@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13See the License for the specific language governing permissions and 13See the License for the specific language governing permissions and
14limitations under the License. 14limitations under the License.
15*/}} 15*/}}
16{{- if .Values.manifests.maas_ingress }}
16--- 17---
17apiVersion: v1 18apiVersion: v1
18kind: Service 19kind: Service
@@ -26,3 +27,4 @@ spec:
26 selector: 27 selector:
27{{ tuple . "maas" "ingress-errors" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} 28{{ tuple . "maas" "ingress-errors" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
28... 29...
30{{- end }}
diff --git a/charts/maas/templates/statefulset-rack.yaml b/charts/maas/templates/statefulset-rack.yaml
index 6b3832f..47a5cba 100644
--- a/charts/maas/templates/statefulset-rack.yaml
+++ b/charts/maas/templates/statefulset-rack.yaml
@@ -23,125 +23,6 @@ limitations under the License.
23 23
24{{ tuple $envAll "rack_controller" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} 24{{ tuple $envAll "rack_controller" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
25--- 25---
26apiVersion: rbac.authorization.k8s.io/v1beta1
27kind: ClusterRole
28metadata:
29 name: {{ $serviceAccountName }}
30rules:
31 - apiGroups:
32 - ""
33 resources:
34 - configmaps
35 - endpoints
36 - nodes
37 - pods
38 - secrets
39 verbs:
40 - list
41 - watch
42 - apiGroups:
43 - ""
44 resources:
45 - nodes
46 verbs:
47 - get
48 - apiGroups:
49 - ""
50 resources:
51 - services
52 verbs:
53 - get
54 - list
55 - watch
56 - apiGroups:
57 - "extensions"
58 resources:
59 - ingresses
60 verbs:
61 - get
62 - list
63 - watch
64 - apiGroups:
65 - ""
66 resources:
67 - events
68 verbs:
69 - create
70 - patch
71 - apiGroups:
72 - "extensions"
73 resources:
74 - ingresses/status
75 verbs:
76 - update
77---
78apiVersion: rbac.authorization.k8s.io/v1beta1
79kind: ClusterRoleBinding
80metadata:
81 name: {{ $serviceAccountName }}
82roleRef:
83 apiGroup: rbac.authorization.k8s.io
84 kind: ClusterRole
85 name: {{ $serviceAccountName }}
86subjects:
87 - kind: ServiceAccount
88 name: {{ $serviceAccountName }}
89 namespace: {{ $envAll.Release.Namespace }}
90---
91apiVersion: rbac.authorization.k8s.io/v1beta1
92kind: Role
93metadata:
94 name: {{ $serviceAccountName }}
95 namespace: {{ $envAll.Release.Namespace }}
96rules:
97 - apiGroups:
98 - ""
99 resources:
100 - configmaps
101 - pods
102 - secrets
103 - namespaces
104 verbs:
105 - get
106 - apiGroups:
107 - ""
108 resources:
109 - configmaps
110 resourceNames:
111 - {{ printf "%s-maas-ingress" .Release.Name | quote }}
112 verbs:
113 - get
114 - update
115 - apiGroups:
116 - ""
117 resources:
118 - configmaps
119 verbs:
120 - create
121 - apiGroups:
122 - ""
123 resources:
124 - endpoints
125 verbs:
126 - get
127 - create
128 - update
129---
130apiVersion: rbac.authorization.k8s.io/v1beta1
131kind: RoleBinding
132metadata:
133 name: {{ $serviceAccountName }}
134 namespace: {{ $envAll.Release.Namespace }}
135roleRef:
136 apiGroup: rbac.authorization.k8s.io
137 kind: Role
138 name: {{ $serviceAccountName }}
139subjects:
140 - kind: ServiceAccount
141 name: {{ $serviceAccountName }}
142 namespace: {{ $envAll.Release.Namespace }}
143---
144---
145apiVersion: apps/v1beta1 26apiVersion: apps/v1beta1
146kind: StatefulSet 27kind: StatefulSet
147metadata: 28metadata:
@@ -151,6 +32,7 @@ metadata:
151spec: 32spec:
152 serviceName: maas-rack 33 serviceName: maas-rack
153 replicas: {{ .Values.pod.replicas.rack }} 34 replicas: {{ .Values.pod.replicas.rack }}
35 podManagementPolicy: 'Parallel'
154 updateStrategy: 36 updateStrategy:
155 type: 'RollingUpdate' 37 type: 'RollingUpdate'
156 template: 38 template:
@@ -170,93 +52,7 @@ spec:
170 dnsPolicy: ClusterFirstWithHostNet 52 dnsPolicy: ClusterFirstWithHostNet
171 initContainers: 53 initContainers:
172{{ tuple $envAll "rack_controller" $mounts_maas_rack_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} 54{{ tuple $envAll "rack_controller" $mounts_maas_rack_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
173 - name: maas-ingress-vip-init
174 image: {{ .Values.images.tags.ingress }}
175 imagePullPolicy: {{ .Values.images.pull_policy }}
176{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
177 securityContext:
178 capabilities:
179 add:
180 - 'NET_ADMIN'
181 - 'SYS_MODULE'
182 runAsUser: 0
183 command:
184 - /tmp/maas-vip-configure.sh
185 - start
186 env:
187{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.maas_ingress | indent 12 }}
188 volumeMounts:
189 - mountPath: /tmp/maas-vip-configure.sh
190 name: maas-bin
191 subPath: maas-vip-configure
192 readOnly: true
193 - mountPath: /mnt/host-rootfs
194 name: host-rootfs
195 readOnly: true
196 containers: 55 containers:
197 - name: maas-ingress-vip
198 image: {{ .Values.images.tags.ingress }}
199 imagePullPolicy: {{ .Values.images.pull_policy }}
200{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
201 securityContext:
202 capabilities:
203 add:
204 - 'NET_ADMIN'
205 runAsUser: 0
206 command:
207 - /tmp/maas-vip-configure.sh
208 - sleep
209 env:
210{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.maas_ingress | indent 12 }}
211 volumeMounts:
212 - mountPath: /tmp/maas-vip-configure.sh
213 name: maas-bin
214 subPath: maas-vip-configure
215 readOnly: true
216 lifecycle:
217 preStop:
218 exec:
219 command:
220 - /tmp/maas-vip-configure.sh
221 - stop
222 - name: maas-ingress
223 image: {{ .Values.images.tags.ingress }}
224 imagePullPolicy: {{ .Values.images.pull_policy }}
225{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
226 securityContext:
227 capabilities:
228 add:
229 - 'NET_BIND_SERVICE'
230 runAsUser: 0
231 command:
232 - /tmp/maas-ingress.sh
233 - start
234 env:
235 - name: POD_NAMESPACE
236 valueFrom:
237 fieldRef:
238 fieldPath: metadata.namespace
239 - name: POD_NAME
240 valueFrom:
241 fieldRef:
242 fieldPath: metadata.name
243 - name: RELEASE_NAME
244 value: {{ .Release.Name | quote }}
245 - name: HTTP_PORT
246 value: "8808"
247 - name: HTTPS_PORT
248 value: "8543"
249 - name: HEALTHZ_PORT
250 value: {{ tuple "maas_ingress" "podport" "healthz" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
251 - name: STATUS_PORT
252 value: {{ tuple "maas_ingress" "podport" "status" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
253 - name: ERROR_PAGE_SERVICE
254 value: {{ tuple "maas_ingress" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | quote }}
255 volumeMounts:
256 - mountPath: /tmp/maas-ingress.sh
257 name: maas-bin
258 subPath: maas-ingress
259 readOnly: true
260 - name: maas-rack 56 - name: maas-rack
261 image: {{ .Values.images.tags.maas_rack }} 57 image: {{ .Values.images.tags.maas_rack }}
262 imagePullPolicy: {{ .Values.images.pull_policy }} 58 imagePullPolicy: {{ .Values.images.pull_policy }}
@@ -269,6 +65,11 @@ spec:
269 secretKeyRef: 65 secretKeyRef:
270 name: {{ .Values.secrets.maas_region.name }} 66 name: {{ .Values.secrets.maas_region.name }}
271 key: REGION_SECRET 67 key: REGION_SECRET
68 - name: MAAS_API_KEY
69 valueFrom:
70 secretKeyRef:
71 name: {{ .Values.conf.maas.credentials.secret.name }}
72 key: 'token'
272{{ tuple $envAll $envAll.Values.pod.resources.maas_rack | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} 73{{ tuple $envAll $envAll.Values.pod.resources.maas_rack | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
273 command: 74 command:
274 - /tmp/start.sh 75 - /tmp/start.sh
@@ -284,6 +85,9 @@ spec:
284 name: pod-run-lock 85 name: pod-run-lock
285 - mountPath: /tmp 86 - mountPath: /tmp
286 name: pod-tmp 87 name: pod-tmp
88 - mountPath: /host_cloud-init
89 name: host-cloud-init
90 readOnly: true
287{{- if .Values.conf.maas.ntp.disable_ntpd_rack }} 91{{- if .Values.conf.maas.ntp.disable_ntpd_rack }}
288 - name: maas-bin 92 - name: maas-bin
289 mountPath: /usr/sbin/ntpd 93 mountPath: /usr/sbin/ntpd
@@ -324,9 +128,9 @@ spec:
324 - name: host-sys-fs-cgroup 128 - name: host-sys-fs-cgroup
325 hostPath: 129 hostPath:
326 path: /sys/fs/cgroup 130 path: /sys/fs/cgroup
327 - name: host-rootfs 131 - name: host-cloud-init
328 hostPath: 132 hostPath:
329 path: / 133 path: /run/cloud-init
330 - name: pod-run 134 - name: pod-run
331 emptyDir: {} 135 emptyDir: {}
332 - name: pod-run-lock 136 - name: pod-run-lock
diff --git a/charts/maas/values.yaml b/charts/maas/values.yaml
index 98f72aa..bfcaf2c 100644
--- a/charts/maas/values.yaml
+++ b/charts/maas/values.yaml
@@ -19,10 +19,13 @@
19 19
20dependencies: 20dependencies:
21 static: 21 static:
22 maas_ingress: {}
22 rack_controller: 23 rack_controller:
23 services: 24 services:
24 - service: maas_region 25 - service: maas_region
25 endpoint: internal 26 endpoint: internal
27 jobs:
28 - maas-export-api-key
26 region_controller: 29 region_controller:
27 jobs: 30 jobs:
28 - maas-db-sync 31 - maas-db-sync
@@ -64,6 +67,7 @@ manifests:
64 secret_ssh_key: false 67 secret_ssh_key: false
65 ingress_region: true 68 ingress_region: true
66 configmap_ingress: true 69 configmap_ingress: true
70 maas_ingress: true
67 71
68images: 72images:
69 tags: 73 tags:
@@ -98,6 +102,9 @@ labels:
98 region: 102 region:
99 node_selector_key: ucp-control-plane 103 node_selector_key: ucp-control-plane
100 node_selector_value: enabled 104 node_selector_value: enabled
105 ingress:
106 node_selector_key: ucp-control-plane
107 node_selector_value: enabled
101 108
102network: 109network:
103 maas_ingress: 110 maas_ingress:
@@ -226,6 +233,7 @@ pod:
226 affinity: 233 affinity:
227 anti: 234 anti:
228 type: 235 type:
236 rack: requiredDuringSchedulingIgnoredDuringExecution
229 default: preferredDuringSchedulingIgnoredDuringExecution 237 default: preferredDuringSchedulingIgnoredDuringExecution
230 topologyKey: 238 topologyKey:
231 default: kubernetes.io/hostname 239 default: kubernetes.io/hostname
@@ -239,9 +247,12 @@ pod:
239 export_api_key: 247 export_api_key:
240 init_container: [] 248 init_container: []
241 export_api_key: 249 export_api_key:
250 maas_ingress:
251 init_container: []
252 maas_region:
242 replicas: 253 replicas:
243 rack: 1 254 rack: 2
244 region: 1 255 region: 2
245 resources: 256 resources:
246 enabled: false 257 enabled: false
247 test: 258 test:
diff --git a/images/maas-rack-controller/Dockerfile b/images/maas-rack-controller/Dockerfile
index 73510ac..f99f5a7 100644
--- a/images/maas-rack-controller/Dockerfile
+++ b/images/maas-rack-controller/Dockerfile
@@ -40,13 +40,6 @@ ENV MAAS_VERSION 2.3.5-6511-gf466fdb-0ubuntu1
40# install maas 40# install maas
41RUN rsyslogd; apt-get install -y maas-cli=$MAAS_VERSION maas-rack-controller=$MAAS_VERSION 41RUN rsyslogd; apt-get install -y maas-cli=$MAAS_VERSION maas-rack-controller=$MAAS_VERSION
42 42
43COPY scripts/register-rack-controller.sh /usr/local/bin
44RUN chmod +x /usr/local/bin/register-rack-controller.sh
45
46# register ourselves with the region controller
47COPY scripts/register-rack-controller.service /lib/systemd/system/register-rack-controller.service
48RUN systemctl enable register-rack-controller.service
49
50RUN mv /usr/sbin/tcpdump /usr/bin/tcpdump 43RUN mv /usr/sbin/tcpdump /usr/bin/tcpdump
51RUN ln -s /usr/bin/tcpdump /usr/sbin/tcpdump 44RUN ln -s /usr/bin/tcpdump /usr/sbin/tcpdump
52 45