Add image cache sidecar

- If conf.cache.enabled is true, deploy a sidecar container
  in the region pod with a simplestreams repo populated w/ a Ubuntu image
- If conf.cache.enabled is true, configure MaaS to source the image
  from the sidecar
- Update README

Closes #1

Change-Id: I968614d6fb7ca86589dc6e2efd1f66ae920d03a8

Makefile

@@ -13,9 +13,9 @@
 # limitations under the License.
 
 MAAS_IMAGE_COMMON          ?= maas
-REGION_SUFFIX              ?= regiond
+REGION_SUFFIX              ?= region
 REGION_IMG_DIR             ?= images/maas-region-controller
-RACK_SUFFIX                ?= rackd
+RACK_SUFFIX                ?= rack
 RACK_IMG_DIR               ?= images/maas-rack-controller
 CACHE_SUFFIX               ?= cache
 CACHE_IMG_DIR              ?= images/sstream-cache

README.md

@@ -1 +1,56 @@
-# maas
+# MaaS Helm Artifacts
+
+This repository holds artifacts supporting the deployment of [Canonical MaaS](https://maas.io)
+in a Kubernetes cluster.
+
+## Images
+
+The MaaS install is made up of two required imags and one optional image. The Dockerfiles
+in this repo can be used to build all three. These images are intended to be deployed
+via a Kubernetes Helm chart.
+
+### MaaS Region Controller
+
+The regiond [Dockerfile](images/maas-region-controller/Dockerfile) builds a systemD-based
+Docker image to run the MaaS Region API server and metadata server.
+
+### MaaS Rack Controller
+
+The rackd [Dockerfile](images/maas-rack-controller/Dockerfile) builds a systemD-based
+Docker image to run the MaaS Rack controller and dependent services (DHCPd, TFTPd, etc...).
+This image needs to be run in privileged host networking mode to function.
+
+### MaaS Image Cache
+
+The cache image [Dockerfile](images/sstream-cache/Dockerfile) simply provides a point-in-time
+mirror of the maas.io image repository so that if you are deploying MaaS somewhere
+without network connectivity, you have a local copy of Ubuntu. Currently this only
+mirrors Ubuntu 16.04 Xenial and does not update the mirror after image creation.
+
+## Charts
+
+Also provided is a Kubernetes [Helm chart](charts/maas) to deploy the MaaS pieces and
+integrates them. This chart depends on a previous deployment of Postgres. The recommended
+avenue for this is the [Openstack Helm Postgres chart](https://github.com/openstack/openstack-helm/tree/master/postgresql)
+but any Postgres instance should work.
+
+### Overrides
+
+Chart overrides are likely required to deploy MaaS into your environment
+
+* values.labels.rack.node_selector_key - This is the Kubernetes label key for selecting nodes to deploy the rack controller
+* values.labels.rack.node_selector_value - This is the Kubernetges label value for selecting nodes to deploy the rack controller
+* values.labels.region.node_selector_key - this is the Kubernetes label key for selecting nodes to deploy the region controller
+* values.labels.region.node_selector_value - This is the Kubernetes label value for selecting nodes to deploy the region controller
+* values.conf.cache.enabled - Boolean on whether to use the repo cache image in the deployment
+* values.conf.maas.url.maas_url - The URL rack controllers and nodes should use for accessing the region API (e.g. http://10.10.10.10:8080/MAAS)
+
+### Deployment Flow
+
+During deployment, the chart executes the below steps:
+
+1. Initializes the Postgres DB for MaaS
+1. Starts a Pod with the region controller and optionally the image cache sidecar container
+1. Once the region controller is running, deploy a Pod with the rack controller and join it to the region controller.
+1. Initialize the configuration of MaaS and start the image sync
+1. Export an API key into a Kubernetes secret so other Pods can access the API if needed

charts/maas/templates/bin/_import-boot-resources.sh.tpl

@@ -49,6 +49,13 @@ function configure_dns {
   maas ${ADMIN_USERNAME} maas set-config name=upstream_dns value=${MAAS_DNS_SERVERS}
 }
 
+function configure_boot_sources {
+  if [[ $USE_IMAGE_CACHE == 'true' ]]
+  then
+    maas ${ADMIN_USERNAME} boot-source update 1 url=http://localhost:8888/maas/images/ephemeral-v3/daily/
+  fi
+}
+
 KEY=$(maas-region apikey --username=${ADMIN_USERNAME})
 maas login ${ADMIN_USERNAME} ${MAAS_ENDPOINT} $KEY
 
@@ -57,6 +64,7 @@ configure_ntp
 configure_dns
 
 # make call to import images
+configure_boot_sources
 maas ${ADMIN_USERNAME} boot-resources import
 # see if we can find > 0 images
 sleep ${RETRY_TIMER}

charts/maas/templates/bin/_register-rack-controller.sh.tpl

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+set -x
+
+echo "register-rack-controller URL: ${MAAS_ENDPOINT}"
+
+# register forever
+while [ 1 ];
+do
+    if maas-rack register --url=${MAAS_ENDPOINT} --secret="${MAAS_REGION_SECRET}";
+    then
+        echo "Successfully registered with MaaS Region Controller"
+        break
+    else
+        echo "Unable to register with ${MAAS_ENDPOINT}... will try again"
+        sleep 10
+    fi;
+done;

charts/maas/templates/deployment-rack.yaml

@@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */}}
+{{- if .Values.manifests.rack_deployment }}
 {{- if empty .Values.conf.maas.url.maas_url -}}
 {{- tuple "maas_region_ui" "default" "region_ui" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.maas.url "maas_url" | quote | trunc 0 -}}
 {{- end -}}
@@ -86,3 +87,4 @@ spec:
             name: maas-etc
             defaultMode: 0444
 {{ if $mounts_maas_rack.volumes }}{{ toYaml $mounts_maas_rack.volumes | indent 8 }}{{ end }}
+{{- end }}

charts/maas/templates/job-import.yaml

@@ -37,6 +37,8 @@ spec:
           image: {{ .Values.images.tags.maas_region }}
           imagePullPolicy: {{ .Values.images.pull_policy }}
           env:
+            - name: USE_IMAGE_CACHE
+              value: {{ .Values.conf.cache.enabled | quote }}
             - name: JOB_TIMEOUT
               value: {{ .Values.jobs.import_boot_resources.timeout | quote }}
             - name: ADMIN_USERNAME

charts/maas/templates/service-region.yaml

@@ -8,6 +8,7 @@ You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
+    app: maas-region
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
@@ -35,7 +36,7 @@ spec:
     {{ end }}
     name: proxy
   selector:
-    app: maas-region
+{{ tuple $envAll "maas" "region" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if .Values.network.proxy.node_port.enabled }}
   type: NodePort
   {{ end }}

charts/maas/templates/statefulset-region.yaml

@@ -1,19 +1,18 @@
 {{/*
-Copyright 2017 The Openstack-Helm Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-   http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
+# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License. */}}
+{{- if .Values.manifests.region_statefulset }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.region_controller }}
 {{- $mounts_maas_region := .Values.pod.mounts.maas_region.maas_region }}
@@ -29,7 +28,7 @@ spec:
   template:
     metadata:
       labels:
-        app: maas-region
+{{ tuple $envAll "maas" "region" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
       annotations:
     spec:
       affinity:
@@ -39,47 +38,52 @@ spec:
       initContainers:
 {{ tuple $envAll $dependencies $mounts_maas_region_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
       containers:
-      - name: maas-region
-        image: {{ .Values.images.tags.maas_region }}
-        imagePullPolicy: {{ .Values.images.pull_policy }}
-{{ tuple $envAll $envAll.Values.pod.resources.maas_region | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-        ports:
-        - name: r-ui
-          containerPort: {{ .Values.network.port.region_container }}
-        readinessProbe:
-          tcpSocket:
-            port: {{ .Values.network.port.region_container }}
-        securityContext:
-          privileged: true
-        command:
-          - /tmp/start.sh
-        volumeMounts:
-        - name: maas-region-secret
-          mountPath: /var/lib/maas/secret
-          subPath: REGION_SECRET
-          readOnly: true
-        - name: maas-etc
-          mountPath: /etc/bind/named.conf.options
-          subPath: named.conf.options
-          readOnly: true
-        - name: maas-etc
-          mountPath: /etc/maas/regiond.conf
-          subPath: regiond.conf
-          readOnly: true
-{{- if .Values.conf.curtin.override }}
-        - name: maas-etc
-          mountPath: /etc/maas/preseeds/curtin_userdata
-          subPath: curtin_userdata
-          readOnly: true
+{{- if .Values.conf.cache.enabled }}
+        - name: maas-cache
+          image: {{ .Values.images.tags.maas_cache }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
 {{- end }}
-        - name: maas-bin
-          mountPath: /tmp/start.sh
-          subPath: start.sh
-          readOnly: true
-        - name: maas-etc
-          mountPath: /etc/nsswitch.conf
-          subPath: nsswitch.conf
-          readOnly: true
+        - name: maas-region
+          image: {{ .Values.images.tags.maas_region }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+{{ tuple $envAll $envAll.Values.pod.resources.maas_region | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+          ports:
+            - name: r-ui
+              containerPort: {{ .Values.network.port.region_container }}
+          readinessProbe:
+            tcpSocket:
+              port: {{ .Values.network.port.region_container }}
+          securityContext:
+            privileged: true
+          command:
+            - /tmp/start.sh
+          volumeMounts:
+            - name: maas-region-secret
+              mountPath: /var/lib/maas/secret
+              subPath: REGION_SECRET
+              readOnly: true
+            - name: maas-etc
+              mountPath: /etc/bind/named.conf.options
+              subPath: named.conf.options
+              readOnly: true
+            - name: maas-etc
+              mountPath: /etc/maas/regiond.conf
+              subPath: regiond.conf
+              readOnly: true
+{{- if .Values.conf.curtin.override }}
+            - name: maas-etc
+              mountPath: /etc/maas/preseeds/curtin_userdata
+              subPath: curtin_userdata
+              readOnly: true
+{{- end }}
+            - name: maas-bin
+              mountPath: /tmp/start.sh
+              subPath: start.sh
+              readOnly: true
+            - name: maas-etc
+              mountPath: /etc/nsswitch.conf
+              subPath: nsswitch.conf
+              readOnly: true
 {{- if $mounts_maas_region.volumeMounts }}{{ toYaml $mounts_maas_region.volumeMounts | indent 12 }}{{ end }}
       volumes:
         - name: maas-etc
@@ -94,3 +98,5 @@ spec:
           secret:
             secretName: {{ .Values.secrets.maas_region.name }}
 {{- if $mounts_maas_region.volumes }}{{ toYaml $mounts_maas_region.volumes | indent 8 }}{{ end }}
+...
+{{- end }}

charts/maas/values.yaml

@@ -61,6 +61,9 @@ dependencies:
       - service: maas_db
         endpoint: internal
 
+manifests:
+  region_statefulset: true
+  rack_deployment: true
 
 images:
   tags:
@@ -70,6 +73,7 @@ images:
     maas_region: quay.io/attcomdev/maas-region:master
     bootstrap: quay.io/attcomdev/maas-region:master
     export_api_key: quay.io/attcomdev/maas-region:master
+    maas_cache: quay.io/attcomdev/maas-cache:master
     dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
   pull_policy: IfNotPresent
 
@@ -113,6 +117,8 @@ conf:
     override: true
   drydock:
     bootaction_url: null
+  cache:
+    enabled: true
   maas:
     override:
     append:
@@ -179,6 +185,13 @@ pod:
     region: 1
   resources:
     enabled: false
+    test:
+      limits:
+        memory: "128Mi"
+        cpu: "500m"
+      requests:
+        memory: "128Mi"
+        cpu: "500m"
     maas_rack:
       limits:
         memory: "128Mi"