Chart: Update armada chart
This PS cleans and updates the armada chart. Change-Id: Ibe4247fa2caabfcefd294f23fc8ae016094c0dcc
This commit is contained in:
parent
6b46a8eff8
commit
5f82956cfa
|
@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -25,9 +25,7 @@ limitations under the License.
|
||||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.armada.keystone_authtoken "auth_url" | quote | trunc 0 -}}
|
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.armada.keystone_authtoken "auth_url" | quote | trunc 0 -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- $userIdentity := .Values.endpoints.identity.auth.armada -}}
|
||||||
{{- $userIdentity := .Values.endpoints.identity.auth.user -}}
|
|
||||||
|
|
||||||
{{- if empty .Values.conf.armada.keystone_authtoken.project_name -}}
|
{{- if empty .Values.conf.armada.keystone_authtoken.project_name -}}
|
||||||
{{- set .Values.conf.armada.keystone_authtoken "project_name" $userIdentity.project_name | quote | trunc 0 -}}
|
{{- set .Values.conf.armada.keystone_authtoken "project_name" $userIdentity.project_name | quote | trunc 0 -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
@ -50,10 +48,10 @@ kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
name: armada-etc
|
name: armada-etc
|
||||||
data:
|
data:
|
||||||
armada.conf: |+
|
armada.conf: |
|
||||||
{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.armada | indent 4 }}
|
{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.armada | indent 4 }}
|
||||||
api-paste.ini: |+
|
api-paste.ini: |
|
||||||
{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }}
|
{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }}
|
||||||
policy.yaml: |+
|
policy.yaml: |
|
||||||
{{ toYaml .Values.conf.policy | indent 4 }}
|
{{ toYaml .Values.conf.policy | indent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||||
|
|
||||||
{{- if .Values.manifests.deployment_api }}
|
{{- if .Values.manifests.deployment_api }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $dependencies := .Values.dependencies.api }}
|
{{- $dependencies := .Values.dependencies.static.api }}
|
||||||
{{- $mounts_armada_api := .Values.pod.mounts.armada_api.armada_api }}
|
{{- $mounts_armada_api := .Values.pod.mounts.armada_api.armada_api }}
|
||||||
{{- $mounts_armada_api_init := .Values.pod.mounts.armada_api.init_container }}
|
{{- $mounts_armada_api_init := .Values.pod.mounts.armada_api.init_container }}
|
||||||
{{- $serviceAccountName := "armada-api" }}
|
{{- $serviceAccountName := "armada-api" }}
|
||||||
|
@ -104,7 +104,8 @@ spec:
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsUser: {{ .Values.pod.user.armada.uid }}
|
runAsUser: {{ .Values.pod.user.armada.uid }}
|
||||||
ports:
|
ports:
|
||||||
- containerPort: {{ .Values.conf.armada.armada_api.bind_port }}
|
- name: armada-api
|
||||||
|
containerPort: {{ tuple "armada" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
path: /api/v1.0/health
|
path: /api/v1.0/health
|
||||||
|
|
|
@ -14,46 +14,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
{{- if .Values.manifests.ingress_api }}
|
{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }}
|
||||||
{{- $envAll := . }}
|
{{- $ingressOpts := dict "envAll" . "backendServiceType" "armada" "backendPort" "armada-api" -}}
|
||||||
{{- if .Values.network.api.ingress.public }}
|
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
|
||||||
{{- $backendServiceType := "armada" }}
|
|
||||||
{{- $backendPort := "http" }}
|
|
||||||
{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
|
||||||
{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
|
||||||
{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
|
||||||
{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
|
|
||||||
{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
|
|
||||||
---
|
|
||||||
apiVersion: extensions/v1beta1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: {{ $ingressName }}
|
|
||||||
annotations:
|
|
||||||
kubernetes.io/ingress.class: "nginx"
|
|
||||||
ingress.kubernetes.io/rewrite-target: /
|
|
||||||
spec:
|
|
||||||
rules:
|
|
||||||
{{ if ne $hostNameNamespaced $hostNameFull }}
|
|
||||||
{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }}
|
|
||||||
- host: {{ $vHost }}
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
backend:
|
|
||||||
serviceName: {{ $backendName }}
|
|
||||||
servicePort: {{ $backendPort }}
|
|
||||||
{{- end }}
|
|
||||||
{{- else }}
|
|
||||||
{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced }}
|
|
||||||
- host: {{ $vHost }}
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
backend:
|
|
||||||
serviceName: {{ $backendName }}
|
|
||||||
servicePort: {{ $backendPort }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -13,60 +13,8 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
See the License for the specific language governing permissions and
|
See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
---
|
|
||||||
{{- if .Values.manifests.job_ks_endpoints }}
|
{{- if .Values.manifests.job_ks_endpoints }}
|
||||||
{{- $envAll := . }}
|
{{- $ksServiceJob := dict "envAll" . "serviceName" "armada" "serviceTypes" ( tuple "armada" ) -}}
|
||||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }}
|
||||||
{{- $serviceAccountName := "armada-ks-endpoints" }}
|
|
||||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
|
||||||
---
|
|
||||||
apiVersion: batch/v1
|
|
||||||
kind: Job
|
|
||||||
metadata:
|
|
||||||
name: armada-ks-endpoints
|
|
||||||
spec:
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
{{ tuple $envAll "armada" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
|
||||||
spec:
|
|
||||||
serviceAccountName: {{ $serviceAccountName }}
|
|
||||||
restartPolicy: OnFailure
|
|
||||||
nodeSelector:
|
|
||||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
|
||||||
initContainers:
|
|
||||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
|
||||||
containers:
|
|
||||||
{{- range $key1, $osServiceType := tuple "armada" }}
|
|
||||||
{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
|
|
||||||
- name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }}
|
|
||||||
image: {{ $envAll.Values.images.tags.ks_endpoints }}
|
|
||||||
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
|
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
|
||||||
command:
|
|
||||||
- /tmp/ks-endpoints.sh
|
|
||||||
volumeMounts:
|
|
||||||
- name: ks-endpoints-sh
|
|
||||||
mountPath: /tmp/ks-endpoints.sh
|
|
||||||
subPath: ks-endpoints.sh
|
|
||||||
readOnly: true
|
|
||||||
env:
|
|
||||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: OS_SVC_ENDPOINT
|
|
||||||
value: {{ $osServiceEndPoint }}
|
|
||||||
- name: OS_SERVICE_NAME
|
|
||||||
value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
|
|
||||||
- name: OS_SERVICE_TYPE
|
|
||||||
value: {{ $osServiceType }}
|
|
||||||
- name: OS_SERVICE_ENDPOINT
|
|
||||||
value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
volumes:
|
|
||||||
- name: ks-endpoints-sh
|
|
||||||
configMap:
|
|
||||||
name: armada-bin
|
|
||||||
defaultMode: 0555
|
|
||||||
{{- end -}}
|
|
||||||
|
|
|
@ -15,52 +15,6 @@ limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
{{- if .Values.manifests.job_ks_service }}
|
{{- if .Values.manifests.job_ks_service }}
|
||||||
{{- $envAll := . }}
|
{{- $ksServiceJob := dict "envAll" . "serviceName" "armada" "serviceTypes" ( tuple "armada" ) -}}
|
||||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }}
|
||||||
{{- $serviceAccountName := "armada-ks-service" }}
|
|
||||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
|
||||||
---
|
|
||||||
apiVersion: batch/v1
|
|
||||||
kind: Job
|
|
||||||
metadata:
|
|
||||||
name: armada-ks-service
|
|
||||||
spec:
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
{{ tuple $envAll "armada" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
|
||||||
spec:
|
|
||||||
serviceAccountName: {{ $serviceAccountName }}
|
|
||||||
restartPolicy: OnFailure
|
|
||||||
nodeSelector:
|
|
||||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
|
||||||
initContainers:
|
|
||||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
|
||||||
containers:
|
|
||||||
{{- range $key1, $osServiceType := tuple "armada" }}
|
|
||||||
- name: {{ $osServiceType }}-ks-service-registration
|
|
||||||
image: {{ $envAll.Values.images.tags.ks_service }}
|
|
||||||
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
|
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_service | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
|
||||||
command:
|
|
||||||
- /tmp/ks-service.sh
|
|
||||||
volumeMounts:
|
|
||||||
- name: ks-service-sh
|
|
||||||
mountPath: /tmp/ks-service.sh
|
|
||||||
subPath: ks-service.sh
|
|
||||||
readOnly: true
|
|
||||||
env:
|
|
||||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
|
||||||
{{- end }}
|
|
||||||
- name: OS_SERVICE_NAME
|
|
||||||
value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
|
|
||||||
- name: OS_SERVICE_TYPE
|
|
||||||
value: {{ $osServiceType }}
|
|
||||||
{{- end }}
|
|
||||||
volumes:
|
|
||||||
- name: ks-service-sh
|
|
||||||
configMap:
|
|
||||||
name: armada-bin
|
|
||||||
defaultMode: 0555
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -15,53 +15,6 @@ limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
{{- if .Values.manifests.job_ks_user }}
|
{{- if .Values.manifests.job_ks_user }}
|
||||||
{{- $envAll := . }}
|
{{- $ksUserJob := dict "envAll" . "serviceName" "armada" -}}
|
||||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
|
||||||
{{- $serviceAccountName := "armada-ks-user" }}
|
|
||||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
|
||||||
---
|
|
||||||
apiVersion: batch/v1
|
|
||||||
kind: Job
|
|
||||||
metadata:
|
|
||||||
name: armada-ks-user
|
|
||||||
spec:
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
{{ tuple $envAll "armada" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
|
||||||
spec:
|
|
||||||
serviceAccountName: {{ $serviceAccountName }}
|
|
||||||
restartPolicy: OnFailure
|
|
||||||
nodeSelector:
|
|
||||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
|
||||||
initContainers:
|
|
||||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
|
||||||
containers:
|
|
||||||
- name: armada-ks-user
|
|
||||||
image: {{ .Values.images.tags.ks_user }}
|
|
||||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
|
||||||
command:
|
|
||||||
- /tmp/ks-user.sh
|
|
||||||
volumeMounts:
|
|
||||||
- name: ks-user-sh
|
|
||||||
mountPath: /tmp/ks-user.sh
|
|
||||||
subPath: ks-user.sh
|
|
||||||
readOnly: true
|
|
||||||
env:
|
|
||||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
|
||||||
{{- end }}
|
|
||||||
- name: SERVICE_OS_SERVICE_NAME
|
|
||||||
value: "armada"
|
|
||||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
|
||||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
|
||||||
{{- end }}
|
|
||||||
- name: SERVICE_OS_ROLE
|
|
||||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
|
||||||
volumes:
|
|
||||||
- name: ks-user-sh
|
|
||||||
configMap:
|
|
||||||
name: armada-bin
|
|
||||||
defaultMode: 0555
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||||
|
|
||||||
{{- if .Values.manifests.secret_keystone }}
|
{{- if .Values.manifests.secret_keystone }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
{{- range $key1, $userClass := tuple "admin" "armada" }}
|
||||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
|
|
|
@ -14,19 +14,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
{{- if .Values.manifests.service_ingress_api }}
|
{{- if and .Values.manifests.service_ingress .Values.network.api.ingress.public }}
|
||||||
{{- $envAll := . }}
|
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "armada" -}}
|
||||||
{{- if .Values.network.api.ingress.public }}
|
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: {{ tuple "armada" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
|
||||||
spec:
|
|
||||||
ports:
|
|
||||||
- name: http
|
|
||||||
port: 80
|
|
||||||
selector:
|
|
||||||
app: ingress-api
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
{{- if .Values.manifests.service_api }}
|
{{- if .Values.manifests.service }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
|
@ -24,7 +24,7 @@ metadata:
|
||||||
spec:
|
spec:
|
||||||
ports:
|
ports:
|
||||||
- name: armada-api
|
- name: armada-api
|
||||||
port: {{ .Values.conf.armada.armada_api.bind_port }}
|
port: {{ tuple "armada" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
{{ if .Values.network.api.node_port.enabled }}
|
{{ if .Values.network.api.node_port.enabled }}
|
||||||
nodePort: {{ .Values.network.api.node_port.port }}
|
nodePort: {{ .Values.network.api.node_port.port }}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
|
@ -17,49 +17,57 @@
|
||||||
release_group: null
|
release_group: null
|
||||||
|
|
||||||
labels:
|
labels:
|
||||||
|
job:
|
||||||
|
node_selector_key: ucp-control-plane
|
||||||
|
node_selector_value: enabled
|
||||||
node_selector_key: ucp-control-plane
|
node_selector_key: ucp-control-plane
|
||||||
node_selector_value: enabled
|
node_selector_value: enabled
|
||||||
|
|
||||||
images:
|
images:
|
||||||
|
pull_policy: IfNotPresent
|
||||||
tags:
|
tags:
|
||||||
api: quay.io/attcomdev/armada:latest
|
api: 'quay.io/attcomdev/armada:latest'
|
||||||
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0
|
dep_check: 'quay.io/stackanetes/kubernetes-entrypoint:v0.3.0'
|
||||||
ks_endpoints: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
|
ks_endpoints: 'docker.io/openstackhelm/heat:newton'
|
||||||
ks_service: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
|
ks_service: 'docker.io/openstackhelm/heat:newton'
|
||||||
ks_user: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
|
ks_user: 'docker.io/openstackhelm/heat:newton'
|
||||||
|
|
||||||
pull_policy: "IfNotPresent"
|
|
||||||
|
|
||||||
network:
|
network:
|
||||||
api:
|
api:
|
||||||
ingress:
|
ingress:
|
||||||
public: false
|
annotations:
|
||||||
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||||
|
classes:
|
||||||
|
cluster: nginx-cluster
|
||||||
|
namespace: nginx
|
||||||
|
public: true
|
||||||
node_port:
|
node_port:
|
||||||
enabled: true
|
enabled: false
|
||||||
port: 31903
|
port: 31903
|
||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
ks_user:
|
static:
|
||||||
services:
|
api:
|
||||||
- service: identity
|
jobs:
|
||||||
endpoint: internal
|
- armada-ks-service
|
||||||
ks_service:
|
- armada-ks-user
|
||||||
services:
|
services:
|
||||||
- service: identity
|
- endpoint: internal
|
||||||
endpoint: internal
|
service: identity
|
||||||
ks_endpoints:
|
ks_endpoints:
|
||||||
jobs:
|
jobs:
|
||||||
- armada-ks-service
|
- armada-ks-service
|
||||||
services:
|
services:
|
||||||
- service: identity
|
- endpoint: internal
|
||||||
endpoint: internal
|
service: identity
|
||||||
api:
|
ks_service:
|
||||||
jobs:
|
services:
|
||||||
- armada-ks-service
|
- endpoint: internal
|
||||||
- armada-ks-user
|
service: identity
|
||||||
services:
|
ks_user:
|
||||||
- service: identity
|
services:
|
||||||
endpoint: internal
|
- endpoint: internal
|
||||||
|
service: identity
|
||||||
|
|
||||||
# typically overriden by environmental
|
# typically overriden by environmental
|
||||||
# values, but should include all endpoints
|
# values, but should include all endpoints
|
||||||
|
@ -76,13 +84,13 @@ endpoints:
|
||||||
region_name: RegionOne
|
region_name: RegionOne
|
||||||
user_domain_name: default
|
user_domain_name: default
|
||||||
username: admin
|
username: admin
|
||||||
user:
|
armada:
|
||||||
password: armada
|
password: password
|
||||||
project_domain_name: ucp
|
project_domain_name: default
|
||||||
project_name: service
|
project_name: service
|
||||||
region_name: RegionOne
|
region_name: RegionOne
|
||||||
role: admin
|
role: admin
|
||||||
user_domain_name: ucp
|
user_domain_name: default
|
||||||
username: armada
|
username: armada
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
|
@ -116,35 +124,35 @@ endpoints:
|
||||||
secrets:
|
secrets:
|
||||||
identity:
|
identity:
|
||||||
admin: armada-keystone-admin
|
admin: armada-keystone-admin
|
||||||
user: armada-keystone-user
|
armada: armada-keystone-user
|
||||||
|
|
||||||
conf:
|
conf:
|
||||||
armada:
|
armada:
|
||||||
|
armada_api:
|
||||||
|
bind_port: 8000
|
||||||
keystone_authtoken:
|
keystone_authtoken:
|
||||||
auth_type: password
|
auth_type: password
|
||||||
auth_version: 3
|
auth_version: 3
|
||||||
delay_auth_decision: true
|
delay_auth_decision: true
|
||||||
armada_api:
|
|
||||||
bind_port: 8000
|
|
||||||
oslo_policy:
|
oslo_policy:
|
||||||
policy_file: "policy.yaml"
|
policy_file: policy.yaml
|
||||||
paste:
|
paste:
|
||||||
app:armada-api:
|
'app:armada-api':
|
||||||
paste.app_factory: armada.api.server:paste_start_armada
|
paste.app_factory: 'armada.api.server:paste_start_armada'
|
||||||
pipeline:main:
|
'filter:authtoken':
|
||||||
|
paste.filter_factory: 'keystonemiddleware.auth_token:filter_factory'
|
||||||
|
'pipeline:main':
|
||||||
pipeline: authtoken armada-api
|
pipeline: authtoken armada-api
|
||||||
filter:authtoken:
|
|
||||||
paste.filter_factory: keystonemiddleware.auth_token:filter_factory
|
|
||||||
policy:
|
policy:
|
||||||
admin_required: "role:admin"
|
admin_required: 'role:admin'
|
||||||
service_or_admin: "rule:admin_required or rule:service_role"
|
'armada:create_endpoints': 'rule:admin_required'
|
||||||
service_role: "role:service"
|
'armada:test_manifest': 'rule:admin_required'
|
||||||
armada:create_endpoints: "rule:admin_required"
|
'armada:test_release': 'rule:admin_required'
|
||||||
armada:validate_manifest: "rule:admin_required"
|
'armada:validate_manifest': 'rule:admin_required'
|
||||||
armada:test_release: "rule:admin_required"
|
service_or_admin: 'rule:admin_required or rule:service_role'
|
||||||
armada:test_manifest: "rule:admin_required"
|
service_role: 'role:service'
|
||||||
tiller:get_status: "rule:admin_required"
|
'tiller:get_released': 'rule:admin_required'
|
||||||
tiller:get_released: "rule:admin_required"
|
'tiller:get_status': 'rule:admin_required'
|
||||||
|
|
||||||
pod:
|
pod:
|
||||||
env:
|
env:
|
||||||
|
@ -241,6 +249,6 @@ manifests:
|
||||||
job_ks_service: true
|
job_ks_service: true
|
||||||
job_ks_user: true
|
job_ks_user: true
|
||||||
secret_keystone: true
|
secret_keystone: true
|
||||||
service_api: true
|
service: true
|
||||||
service_ingress_api: true
|
service_ingress: true
|
||||||
test_armada_api: true
|
test_armada_api: true
|
||||||
|
|
Loading…
Reference in New Issue