Add initial chart for Promenade API

Co-author: Mark Burnett <mark.m.burnett@gmail.com>
Co-author: Samantha Blanco <spblanco.1@gmail.com>

Change-Id: I2e6af00b7905d9070f79b8c536385ebdae877d50
This commit is contained in:
Mark Burnett 2017-10-26 10:36:11 -05:00
parent eadd41bcba
commit 6caf7fb54d
30 changed files with 867 additions and 19 deletions

View File

@ -1,4 +1,4 @@
# Copyright 2017 The Promenade Authors.
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -17,8 +17,13 @@ FROM python:3.6
VOLUME /etc/promenade
VOLUME /target
RUN mkdir /promenade
WORKDIR /promenade
RUN mkdir /opt/promenade
WORKDIR /opt/promenade
ENV PORT 9000
EXPOSE $PORT
ENTRYPOINT ["/opt/promenade/entrypoint.sh"]
RUN set -ex \
&& curl -Lo /usr/local/bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 \
@ -27,10 +32,13 @@ RUN set -ex \
&& apt-get install --no-install-recommends -y \
libyaml-dev \
rsync \
&& useradd -u 1000 -g users -d /opt/promenade promenade \
&& rm -rf /var/lib/apt/lists/*
COPY requirements-frozen.txt /promenade
COPY requirements-frozen.txt /opt/promenade
RUN pip install --no-cache-dir -r requirements-frozen.txt
COPY . /promenade
RUN pip install -e /promenade
COPY . /opt/promenade
RUN pip install -e /opt/promenade
USER promenade

View File

@ -0,0 +1,4 @@
apiVersion: v1
description: The Promenade API
name: promenade
version: 0.1.0

View File

@ -0,0 +1,4 @@
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: 0.1.0

View File

@ -0,0 +1,32 @@
{{/*
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License. */}}
{{- if .Values.manifests.configmap_bin }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: promenade-bin
data:
ks-service.sh: |
{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }}
ks-endpoints.sh: |
{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
ks-user.sh: |
{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
ks-domain-user.sh: |
{{- include "helm-toolkit.scripts.keystone_domain_user" . | indent 4 }}
...
{{- end -}}

View File

@ -0,0 +1,28 @@
{{/*
Copyright 2017 AT&T Intellectual Property. All other rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_etc }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: promenade-etc
data:
api-paste.ini: |+
{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }}
{{- end }}

View File

@ -0,0 +1,62 @@
{{/*
Copyright 2017 AT&T Intellectual Property. All other rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.deployment_api }}
{{- $envAll := . }}
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: promenade-api
spec:
replicas: {{ .Values.pod.replicas.api }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "promenade" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
affinity:
{{ tuple $envAll "promenade" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
serviceAccountName: promenade
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }}
containers:
- name: promenade-api
image: {{ .Values.images.tags.api }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /opt/promenade/entrypoint.sh
- server
ports:
- name: api-public
containerPort: {{ .Values.network.api.port }}
volumeMounts:
- name: promenade-etc
mountPath: /etc/promenade/api-paste.ini
subPath: api-paste.ini
readOnly: true
volumes:
- name: promenade-etc
configMap:
name: promenade-etc
defaultMode: 0444
{{- end }}

View File

@ -0,0 +1,69 @@
{{/*
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License. */}}
{{- if .Values.manifests.job_ks_endpoints }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ks_endpoints }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: promenade-ks-endpoints
spec:
template:
metadata:
labels:
{{ tuple $envAll "promenade" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
{{- range $key1, $osServiceType := tuple "kubernetesprovisioner" }}
{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
- name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }}
image: {{ $envAll.Values.images.tags.ks_endpoints }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-endpoints.sh
volumeMounts:
- name: ks-endpoints-sh
mountPath: /tmp/ks-endpoints.sh
subPath: ks-endpoints.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: OS_SVC_ENDPOINT
value: {{ $osServiceEndPoint }}
- name: OS_SERVICE_NAME
value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
- name: OS_SERVICE_TYPE
value: {{ $osServiceType }}
- name: OS_SERVICE_ENDPOINT
value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
{{- end }}
{{- end }}
volumes:
- name: ks-endpoints-sh
configMap:
name: promenade-bin
defaultMode: 0555
{{- end -}}

View File

@ -0,0 +1,63 @@
{{/*
# copyright (c) 2017 at&t intellectual property. all rights reserved.
#
# licensed under the apache license, version 2.0 (the "license");
# you may not use this file except in compliance with the license.
# you may obtain a copy of the license at
#
# http://www.apache.org/licenses/license-2.0
#
# unless required by applicable law or agreed to in writing, software
# distributed under the license is distributed on an "as is" basis,
# without warranties or conditions of any kind, either express or implied.
# see the license for the specific language governing permissions and
# limitations under the license. */}}
{{- if .Values.manifests.job_ks_service -}}
{{- $envAll := . }}
{{- $ksAdminSecret := .Values.secrets.identity.admin }}
{{- $dependencies := .Values.dependencies.ks_service }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: promenade-ks-service
spec:
template:
metadata:
labels:
{{ tuple $envAll "promenade" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
{{- range $key1, $osServiceType := tuple "kubernetesprovisioner" }}
- name: {{ $osServiceType }}-ks-service-registration
image: {{ $envAll.Values.images.tags.ks_service }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
command:
- /tmp/ks-service.sh
volumeMounts:
- name: ks-service-sh
mountPath: /tmp/ks-service.sh
subPath: ks-service.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: OS_SERVICE_NAME
value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
- name: OS_SERVICE_TYPE
value: {{ $osServiceType }}
{{- end }}
volumes:
- name: ks-service-sh
configMap:
name: promenade-bin
defaultMode: 0555
{{- end -}}

View File

@ -0,0 +1,67 @@
{{/*
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License. */}}
{{- if .Values.manifests.job_ks_user }}
{{- $ksAdminSecret := .Values.secrets.identity.admin }}
{{- $ksUserSecret := .Values.secrets.identity.user }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ks_user }}
apiVersion: batch/v1
kind: Job
metadata:
name: promenade-ks-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "drydock" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: promenade-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: {{ $envAll.Values.endpoints.kubernetesprovisioner.name | quote }}
- name: SERVICE_OS_DOMAIN_NAME
value: {{ $envAll.Values.endpoints.identity.auth.user.project_domain_name | quote }}
{{- with $env := dict "ksUserSecret" $ksUserSecret }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ $envAll.Values.endpoints.identity.auth.user.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: promenade-bin
defaultMode: 0555
{{- end -}}

View File

@ -0,0 +1,37 @@
{{/*
Copyright 2017 AT&T Intellectual Property. All other rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.rbac }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: promenade
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: promenade
subjects:
- kind: ServiceAccount
name: promenade
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: view
apiGroup: rbac.authorization.k8s.io
{{- end }}

View File

@ -0,0 +1,28 @@
{{/*
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 }}
...
{{- end }}
{{- end }}

View File

@ -0,0 +1,31 @@
{{/*
Copyright 2017 AT&T Intellectual Property. All other rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_api }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: promenade-api
spec:
ports:
- name: http
port: {{ .Values.network.api.port }}
targetPort: {{ .Values.network.api.target_port }}
selector:
{{ tuple $envAll "promenade" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- end }}

View File

@ -0,0 +1,183 @@
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
conf:
paste:
pipeline:main:
pipeline: authtoken promenade-api
filter:authtoken:
paste.filter_factory: keystonemiddleware.auth_token:filter_factory
filter:noauth:
forged_roles: admin
paste.filter_factory: promenade.control.middleware:no_auth_filter_factory
app:promenade-api:
paste.app_factory: promenade.promenade:paste_start_promenade
images:
tags:
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
promenade: quay.io/attcomdev/promenade:latest
ks_user: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
ks_service: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
ks_endpoints: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
pull_policy: IfNotPresent
labels:
node_selector_key: ucp-control-plane
node_selector_value: enabled
manifests:
configmap_bin: true
configmap_etc: true
deployment_api: true
rbac: true
service_api: true
job_ks_endpoints: true
job_ks_service: true
job_ks_user: true
secret_keystone: true
network:
api:
port: 80
target_port: 9000
ingress:
public: true
dependencies:
ks_user:
services:
- service: identity
endpoint: internal
ks_service:
services:
- service: identity
endpoint: internal
ks_endpoints:
jobs:
- promenade-ks-service
services:
- service: identity
endpoint: internal
secrets:
identity:
admin: promenade-keystone-admin
user: promenade-keystone-user
endpoints:
cluster_domain_suffix: cluster.local
identity:
name: keystone
auth:
user:
region_name: RegionOne
role: admin
project_name: service
project_domain_name: default
user_domain_name: default
username: promenade
password: password
admin:
region_name: RegionOne
project_name: admin
password: password
username: admin
user_domain_name: default
project_domain_name: default
hosts:
default: keystone-api
public: keystone
host_fqdn_override:
default: null
path:
default: /v3
scheme:
default: http
port:
admin:
default: 35357
api:
default: 80
kubernetesprovisioner:
name: promenade
hosts:
default: promenade-api
port:
api:
default: 9000
path:
default: /api/v1.0
scheme:
default: http
host_fqdn_override:
default: null
pod:
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
replicas:
api: 1
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
disruption_budget:
api:
min_available: 0
termination_grace_period:
api:
timeout: 30
resources:
enabled: false
api:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
ks_user:
limits:
memory: "128Mi"
cpu: "100m"
requests:
memory: "128Mi"
cpu: "100m"
ks_service:
limits:
memory: "128Mi"
cpu: "100m"
requests:
memory: "128Mi"
cpu: "100m"
ks_endpoints:
limits:
memory: "128Mi"
cpu: "100m"
requests:
memory: "128Mi"
cpu: "100m"
release_group: null

14
entrypoint.sh Executable file
View File

@ -0,0 +1,14 @@
#!/bin/bash
set -ex
PORT=${PORT:-9000}
if [ "$1" = 'server' ]; then
exec uwsgi \
--http :${PORT} \
--paste config:/etc/promenade/api-paste.ini \
--enable-threads -L \
--workers 4
fi
exec ${@}

View File

@ -22,4 +22,4 @@ paste.filter_factory = keystonemiddleware.auth_token:filter_factory
paste.app_factory = promenade.promenade:paste_start_promenade
[pipeline:main]
pipeline = authtoken promenade-api
pipeline = promenade-api

View File

@ -14,4 +14,5 @@ data:
- dns
- kubernetes
- kubernetes-rbac
- ucp-platform
...

View File

@ -66,6 +66,18 @@ data:
- kubernetes-controller-manager
- kubernetes-scheduler
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: ucp-platform
layeringDefinition:
abstract: false
layer: site
data:
description: UCP platform components
chart_group:
- promenade
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
@ -984,4 +996,39 @@ data:
location: /etc/genesis/armada/assets/charts
subpath: rbac
dependencies: []
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: promenade
layeringDefinition:
abstract: false
layer: site
data:
chart_name: promenade
release: promenade
namespace: ucp
timeout: 600
values:
conf:
paste:
pipeline:main:
pipeline: promenade-api
images:
tags:
api: quay.io/attcomdev/promenade:latest
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
manifests:
job_ks_endpoints: false
job_ks_service: false
job_ks_user: false
secret_keystone: false
upgrade:
no_hooks: true
source:
type: local
location: /etc/genesis/armada/assets/charts
subpath: promenade
dependencies:
- helm-toolkit
...

View File

@ -16,4 +16,5 @@ data:
- kubernetes-rbac
- ceph
- ucp-infra
- ucp-platform
...

View File

@ -53,7 +53,7 @@ data:
=Fm3p
-----END PGP PUBLIC KEY BLOCK-----
additional:
- ceph-common=10.2.7-0ubuntu0.16.04.1
- ceph-common=10.2.9-0ubuntu0.16.04.1
- curl
- jq
required:

View File

@ -95,6 +95,18 @@ data:
- ucp-memcached
- ucp-keystone
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: ucp-platform
layeringDefinition:
abstract: false
layer: site
data:
description: UCP platform components
chart_group:
- promenade
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
@ -1273,4 +1285,43 @@ data:
subpath: keystone
dependencies:
- helm-toolkit
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: promenade
layeringDefinition:
abstract: false
layer: site
data:
chart_name: promenade
release: promenade
namespace: ucp
timeout: 600
values:
conf:
paste:
filter:authtoken:
paste.filter_factory: 'keystonemiddleware.auth_token:filter_factory'
admin_password: password
admin_tenant_name: service
admin_user: promenade
identity_uri: 'http://keystone-api.ucp.svc.cluster.local/'
service_token_roles_required: true
images:
tags:
api: quay.io/attcomdev/promenade:latest
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
ks_user: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
ks_service: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
ks_endpoints: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
upgrade:
no_hooks: true
source:
type: local
location: /etc/genesis/armada/assets/charts
subpath: promenade
dependencies:
- helm-toolkit
...

View File

@ -42,8 +42,8 @@ class PKI:
})
self.certificate_authorities[ca_name] = result
return (self._wrap_ca(ca_name, result['cert']), self._wrap_ca_key(
ca_name, result['key']))
return (self._wrap_ca(ca_name, result['cert']),
self._wrap_ca_key(ca_name, result['key']))
def generate_keypair(self, name):
priv_result = self._openssl(['genrsa', '-out', 'priv.pem'])
@ -69,8 +69,8 @@ class PKI:
'csr.json': self.csr(name=cn, groups=groups, hosts=hosts),
})
return (self._wrap_cert(name, result['cert']), self._wrap_cert_key(
name, result['key']))
return (self._wrap_cert(name, result['cert']),
self._wrap_cert_key(name, result['key']))
def csr(self,
*,

View File

@ -31,13 +31,13 @@ def build_tarball_from_roles(config, *, roles, file_specs):
def insert_charts_into_bundler(bundler):
for root, _dirnames, filenames in os.walk(
'/promenade/charts', followlinks=True):
'/opt/promenade/charts', followlinks=True):
for source_filename in filenames:
source_path = os.path.join(root, source_filename)
destination_path = os.path.join('etc/genesis/armada/assets/charts',
os.path.relpath(
source_path,
'/promenade/charts'))
'/opt/promenade/charts'))
stat = os.stat(source_path)
LOG.debug('Copying asset file %s (mode=%o)', source_path,
stat.st_mode)

View File

@ -4,8 +4,9 @@ jinja2==2.9.6
jsonpath-ng==1.4.3
jsonschema==2.6.0
keystonemiddleware==4.17.0
oslo.context>=2.14.0
PasteDeploy==1.5.2
oslo.context==2.14.0
pastedeploy==1.5.2
pbr==3.0.1
pyyaml==3.12
requests==2.18.4
uwsgi==2.0.15

View File

@ -1,19 +1,45 @@
Babel==2.5.1
certifi==2017.7.27.1
chardet==3.0.4
click==6.7
debtcollector==1.18.0
decorator==4.1.2
falcon==1.2.0
idna==2.6
iso8601==0.1.12
Jinja2==2.9.6
jsonpath-ng==1.4.3
jsonschema==2.6.0
keystoneauth1==3.2.0
keystonemiddleware==4.17.0
MarkupSafe==1.0
oslo.context==2.19.1
monotonic==1.4
msgpack-python==0.4.8
netaddr==0.7.19
netifaces==0.10.6
oslo.config==5.0.0
oslo.context==2.14.0
oslo.i18n==3.18.0
oslo.log==3.32.0
oslo.serialization==2.21.2
oslo.utils==3.31.0
PasteDeploy==1.5.2
pbr==3.0.1
ply==3.10
positional==1.2.1
pycadf==2.6.0
pyinotify==0.9.6
pyparsing==2.2.0
python-dateutil==2.6.1
python-keystoneclient==3.13.0
python-mimeparse==1.6.0
pytz==2017.3
PyYAML==3.12
requests==2.18.4
rfc3986==1.1.0
six==1.11.0
urllib3==1.22
stevedore==1.27.1
urllib3==1.22
uWSGI==2.0.15
WebOb==1.7.3
wrapt==1.10.11

20
tools/dev/get-token.sh Executable file
View File

@ -0,0 +1,20 @@
#!/usr/bin/env bash
set -e
curl -is \
-H "Content-Type: application/json" \
-d '
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "admin",
"domain": { "id": "default" },
"password": "password"
}
}
}
}
}' \
http://keystone-api.ucp.svc.cluster.local/v3/auth/tokens | grep 'X-Subject-Token' | awk '{print $2}'

18
tools/dev/server.sh Executable file
View File

@ -0,0 +1,18 @@
#!/usr/bin/env bash
set -eux
SCRIPT_DIR=$(realpath $(dirname $0))
SOURCE_DIR=$(realpath $SCRIPT_DIR/../..)
echo === Building image ===
docker build -t quay.io/attcomdev/promenade:latest ${SOURCE_DIR}
export PROMENADE_DEBUG=${PROMENADE_DEBUG:-1}
exec docker run \
--rm -it \
--publish 9000:9000 \
--volume "${SOURCE_DIR}/etc/promenade":/etc/promenade \
quay.io/attcomdev/promenade:latest \
server

View File

@ -29,6 +29,10 @@ registry_list_images() {
registry_populate() {
log Validating local registry is populated
for image in $(registry_list_images); do
if [[ ${image} =~ promenade ]]; then
continue
fi
if ! docker pull "localhost:5000/${image}" &> /dev/null; then
log Loading image "${image}" into local registry
{

View File

@ -29,7 +29,7 @@
}
],
"vm": {
"memory": 8096,
"memory": 16192,
"names": [
"n0"
],

View File

@ -14,6 +14,7 @@ data:
- dns
- kubernetes
- kubernetes-rbac
- ucp-services
---
schema: armada/ChartGroup/v1
metadata:
@ -68,6 +69,18 @@ data:
- kubernetes-rbac
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: ucp-services
layeringDefinition:
abstract: false
layer: site
data:
description: UCP Services
chart_group:
- promenade
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: kubernetes
@ -963,4 +976,39 @@ data:
location: /etc/genesis/armada/assets/charts
subpath: rbac
dependencies: []
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: promenade
layeringDefinition:
abstract: false
layer: site
data:
chart_name: promenade
release: promenade
namespace: ucp
timeout: 600
values:
conf:
paste:
pipeline:main:
pipeline: promenade-api
images:
tags:
api: ${IMAGE_PROMENADE}
dep_check: ${IMAGE_DEP_CHECK}
manifests:
job_ks_endpoints: false
job_ks_service: false
job_ks_user: false
secret_keystone: false
upgrade:
no_hooks: true
source:
type: local
location: /etc/genesis/armada/assets/charts
subpath: promenade
dependencies:
- helm-toolkit
...

View File

@ -4,6 +4,7 @@ IMAGE_CALICO_CTL=quay.io/calico/ctl:v1.6.1
IMAGE_CALICO_KUBE_CONTROLLERS=quay.io/calico/kube-controllers:v1.0.0
IMAGE_CALICO_NODE=quay.io/calico/node:v2.6.1
IMAGE_COREDNS=coredns/coredns:0.9.9
IMAGE_DEP_CHECK=quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
IMAGE_ETCD=quay.io/coreos/etcd:v3.0.17
IMAGE_HELM=lachlanevenson/k8s-helm:v2.5.1
IMAGE_HYPERKUBE=gcr.io/google_containers/hyperkube-amd64:v1.8.0