airship
/
armada
Code Issues Proposed changes

Chart: Update armada chart 

This PS cleans and updates the armada chart.

Change-Id: Ibe4247fa2caabfcefd294f23fc8ae016094c0dcc
This commit is contained in:
Pete Birley 2018-04-12 00:19:37 -05:00
parent 6b46a8eff8
commit 5f82956cfa
11 changed files with 87 additions and 275 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
charts/armada/templates/configmap-bin.yaml
View File

@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
---
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:

12
charts/armada/templates/configmap-etc.yaml
View File

@ -25,9 +25,7 @@ limitations under the License.
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.armada.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.armada.keystone_authtoken "auth_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- $userIdentity := .Values.endpoints.identity.auth.armada -}}
{{- $userIdentity := .Values.endpoints.identity.auth.user -}}
{{- if empty .Values.conf.armada.keystone_authtoken.project_name -}} {{- if empty .Values.conf.armada.keystone_authtoken.project_name -}}
{{- set .Values.conf.armada.keystone_authtoken "project_name" $userIdentity.project_name | quote | trunc 0 -}} {{- set .Values.conf.armada.keystone_authtoken "project_name" $userIdentity.project_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
@ -50,10 +48,10 @@ kind: ConfigMap
metadata: metadata:
name: armada-etc name: armada-etc
data: data:
armada.conf: |+ armada.conf: |
{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.armada | indent 4 }} {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.armada | indent 4 }}
api-paste.ini: |+ api-paste.ini: |
{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }} {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }}
policy.yaml: |+ policy.yaml: |
{{ toYaml .Values.conf.policy | indent 4 }} {{ toYaml .Values.conf.policy | indent 4 }}
{{- end }} {{- end }}

5
charts/armada/templates/deployment-api.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.deployment_api }} {{- if .Values.manifests.deployment_api }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $dependencies := .Values.dependencies.api }} {{- $dependencies := .Values.dependencies.static.api }}
{{- $mounts_armada_api := .Values.pod.mounts.armada_api.armada_api }} {{- $mounts_armada_api := .Values.pod.mounts.armada_api.armada_api }}
{{- $mounts_armada_api_init := .Values.pod.mounts.armada_api.init_container }} {{- $mounts_armada_api_init := .Values.pod.mounts.armada_api.init_container }}
{{- $serviceAccountName := "armada-api" }} {{- $serviceAccountName := "armada-api" }}
@ -104,7 +104,8 @@ spec:
securityContext: securityContext:
runAsUser: {{ .Values.pod.user.armada.uid }} runAsUser: {{ .Values.pod.user.armada.uid }}
ports: ports:
- containerPort: {{ .Values.conf.armada.armada_api.bind_port }} - name: armada-api
containerPort: {{ tuple "armada" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /api/v1.0/health path: /api/v1.0/health

45
charts/armada/templates/ingress-api.yaml
View File

@ -14,46 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests.ingress_api }} {{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }}
{{- $envAll := . }} {{- $ingressOpts := dict "envAll" . "backendServiceType" "armada" "backendPort" "armada-api" -}}
{{- if .Values.network.api.ingress.public }} {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
{{- $backendServiceType := "armada" }}
{{- $backendPort := "http" }}
{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ $ingressName }}
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
spec:
rules:
{{ if ne $hostNameNamespaced $hostNameFull }}
{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }}
- host: {{ $vHost }}
http:
paths:
- path: /
backend:
serviceName: {{ $backendName }}
servicePort: {{ $backendPort }}
{{- end }}
{{- else }}
{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced }}
- host: {{ $vHost }}
http:
paths:
- path: /
backend:
serviceName: {{ $backendName }}
servicePort: {{ $backendPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }} {{- end }}

58
charts/armada/templates/job-ks-endpoints.yaml
View File

@ -13,60 +13,8 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
---
{{- if .Values.manifests.job_ks_endpoints }} {{- if .Values.manifests.job_ks_endpoints }}
{{- $envAll := . }} {{- $ksServiceJob := dict "envAll" . "serviceName" "armada" "serviceTypes" ( tuple "armada" ) -}}
{{- $dependencies := .Values.dependencies.ks_endpoints }} {{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }}
{{- $serviceAccountName := "armada-ks-endpoints" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: armada-ks-endpoints
spec:
template:
metadata:
labels:
{{ tuple $envAll "armada" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
{{- range $key1, $osServiceType := tuple "armada" }}
{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
- name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }}
image: {{ $envAll.Values.images.tags.ks_endpoints }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-endpoints.sh
volumeMounts:
- name: ks-endpoints-sh
mountPath: /tmp/ks-endpoints.sh
subPath: ks-endpoints.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: OS_SVC_ENDPOINT
value: {{ $osServiceEndPoint }}
- name: OS_SERVICE_NAME
value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
- name: OS_SERVICE_TYPE
value: {{ $osServiceType }}
- name: OS_SERVICE_ENDPOINT
value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
{{- end }}
{{- end }}
volumes:
- name: ks-endpoints-sh
configMap:
name: armada-bin
defaultMode: 0555
{{- end -}}

50
charts/armada/templates/job-ks-service.yaml
View File

@ -15,52 +15,6 @@ limitations under the License.
*/}} */}}
{{- if .Values.manifests.job_ks_service }} {{- if .Values.manifests.job_ks_service }}
{{- $envAll := . }} {{- $ksServiceJob := dict "envAll" . "serviceName" "armada" "serviceTypes" ( tuple "armada" ) -}}
{{- $dependencies := .Values.dependencies.ks_service }} {{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }}
{{- $serviceAccountName := "armada-ks-service" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: armada-ks-service
spec:
template:
metadata:
labels:
{{ tuple $envAll "armada" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
{{- range $key1, $osServiceType := tuple "armada" }}
- name: {{ $osServiceType }}-ks-service-registration
image: {{ $envAll.Values.images.tags.ks_service }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_service | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-service.sh
volumeMounts:
- name: ks-service-sh
mountPath: /tmp/ks-service.sh
subPath: ks-service.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: OS_SERVICE_NAME
value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
- name: OS_SERVICE_TYPE
value: {{ $osServiceType }}
{{- end }}
volumes:
- name: ks-service-sh
configMap:
name: armada-bin
defaultMode: 0555
{{- end }} {{- end }}

51
charts/armada/templates/job-ks-user.yaml
View File

@ -15,53 +15,6 @@ limitations under the License.
*/}} */}}
{{- if .Values.manifests.job_ks_user }} {{- if .Values.manifests.job_ks_user }}
{{- $envAll := . }} {{- $ksUserJob := dict "envAll" . "serviceName" "armada" -}}
{{- $dependencies := .Values.dependencies.ks_user }} {{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- $serviceAccountName := "armada-ks-user" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: armada-ks-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "armada" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: armada-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "armada"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: armada-bin
defaultMode: 0555
{{- end }} {{- end }}

2
charts/armada/templates/secret-keystone-env.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }} {{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "armada" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

18
charts/armada/templates/service-ingress.yaml
View File

@ -14,19 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests.service_ingress_api }} {{- if and .Values.manifests.service_ingress .Values.network.api.ingress.public }}
{{- $envAll := . }} {{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "armada" -}}
{{- if .Values.network.api.ingress.public }} {{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "armada" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: http
port: 80
selector:
app: ingress-api
{{- end }}
{{- end }} {{- end }}

4
charts/armada/templates/service.yaml
View File

@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests.service_api }} {{- if .Values.manifests.service }}
{{- $envAll := . }} {{- $envAll := . }}
--- ---
apiVersion: v1 apiVersion: v1
@ -24,7 +24,7 @@ metadata:
spec: spec:
ports: ports:
- name: armada-api - name: armada-api
port: {{ .Values.conf.armada.armada_api.bind_port }} port: {{ tuple "armada" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ if .Values.network.api.node_port.enabled }} {{ if .Values.network.api.node_port.enabled }}
nodePort: {{ .Values.network.api.node_port.port }} nodePort: {{ .Values.network.api.node_port.port }}
{{ end }} {{ end }}

116
charts/armada/values.yaml
View File

@ -17,49 +17,57 @@
release_group: null release_group: null
labels: labels:
job:
node_selector_key: ucp-control-plane
node_selector_value: enabled
node_selector_key: ucp-control-plane node_selector_key: ucp-control-plane
node_selector_value: enabled node_selector_value: enabled
images: images:
pull_policy: IfNotPresent
tags: tags:
api: quay.io/attcomdev/armada:latest api: 'quay.io/attcomdev/armada:latest'
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 dep_check: 'quay.io/stackanetes/kubernetes-entrypoint:v0.3.0'
ks_endpoints: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 ks_endpoints: 'docker.io/openstackhelm/heat:newton'
ks_service: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 ks_service: 'docker.io/openstackhelm/heat:newton'
ks_user: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 ks_user: 'docker.io/openstackhelm/heat:newton'
pull_policy: "IfNotPresent"
network: network:
api: api:
ingress: ingress:
public: false annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
classes:
cluster: nginx-cluster
namespace: nginx
public: true
node_port: node_port:
enabled: true enabled: false
port: 31903 port: 31903
dependencies: dependencies:
ks_user: static:
services: api:
- service: identity jobs:
endpoint: internal - armada-ks-service
ks_service: - armada-ks-user
services: services:
- service: identity - endpoint: internal
endpoint: internal service: identity
ks_endpoints: ks_endpoints:
jobs: jobs:
- armada-ks-service - armada-ks-service
services: services:
- service: identity - endpoint: internal
endpoint: internal service: identity
api: ks_service:
jobs: services:
- armada-ks-service - endpoint: internal
- armada-ks-user service: identity
services: ks_user:
- service: identity services:
endpoint: internal - endpoint: internal
service: identity
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
@ -76,13 +84,13 @@ endpoints:
region_name: RegionOne region_name: RegionOne
user_domain_name: default user_domain_name: default
username: admin username: admin
user: armada:
password: armada password: password
project_domain_name: ucp project_domain_name: default
project_name: service project_name: service
region_name: RegionOne region_name: RegionOne
role: admin role: admin
user_domain_name: ucp user_domain_name: default
username: armada username: armada
hosts: hosts:
default: keystone-api default: keystone-api
@ -116,35 +124,35 @@ endpoints:
secrets: secrets:
identity: identity:
admin: armada-keystone-admin admin: armada-keystone-admin
user: armada-keystone-user armada: armada-keystone-user
conf: conf:
armada: armada:
armada_api:
bind_port: 8000
keystone_authtoken: keystone_authtoken:
auth_type: password auth_type: password
auth_version: 3 auth_version: 3
delay_auth_decision: true delay_auth_decision: true
armada_api:
bind_port: 8000
oslo_policy: oslo_policy:
policy_file: "policy.yaml" policy_file: policy.yaml
paste: paste:
app:armada-api: 'app:armada-api':
paste.app_factory: armada.api.server:paste_start_armada paste.app_factory: 'armada.api.server:paste_start_armada'
pipeline:main: 'filter:authtoken':
paste.filter_factory: 'keystonemiddleware.auth_token:filter_factory'
'pipeline:main':
pipeline: authtoken armada-api pipeline: authtoken armada-api
filter:authtoken:
paste.filter_factory: keystonemiddleware.auth_token:filter_factory
policy: policy:
admin_required: "role:admin" admin_required: 'role:admin'
service_or_admin: "rule:admin_required or rule:service_role" 'armada:create_endpoints': 'rule:admin_required'
service_role: "role:service" 'armada:test_manifest': 'rule:admin_required'
armada:create_endpoints: "rule:admin_required" 'armada:test_release': 'rule:admin_required'
armada:validate_manifest: "rule:admin_required" 'armada:validate_manifest': 'rule:admin_required'
armada:test_release: "rule:admin_required" service_or_admin: 'rule:admin_required or rule:service_role'
armada:test_manifest: "rule:admin_required" service_role: 'role:service'
tiller:get_status: "rule:admin_required" 'tiller:get_released': 'rule:admin_required'
tiller:get_released: "rule:admin_required" 'tiller:get_status': 'rule:admin_required'
pod: pod:
env: env:
@ -241,6 +249,6 @@ manifests:
job_ks_service: true job_ks_service: true
job_ks_user: true job_ks_user: true
secret_keystone: true secret_keystone: true
service_api: true service: true
service_ingress_api: true service_ingress: true
test_armada_api: true test_armada_api: true