From 70e5f095d6d7605da9a86a9a34448bfed1f7751b Mon Sep 17 00:00:00 2001 From: Scott Hussey Date: Fri, 14 Sep 2018 12:19:29 -0500 Subject: [PATCH] (fix) Add nodeSelector to Drydock Pod Add ingress support - Add nodeSelectors to the PodSpec for the Drydock API pod - Physical nodes bootstrapping need to access the Drydock API to retrieve the bootactions that should be executed during deployment. This moves that access from a nodeport to ingress. Change-Id: I3db41932c567cc85e89ad003389b7a019a10715f --- Makefile | 2 +- charts/drydock/templates/configmap-etc.yaml | 2 +- charts/drydock/templates/deployment.yaml | 8 +++++--- charts/drydock/templates/ingress.yaml | 17 +++++++++++++++++ charts/drydock/values.yaml | 12 +++++++++++- 5 files changed, 35 insertions(+), 6 deletions(-) create mode 100644 charts/drydock/templates/ingress.yaml diff --git a/Makefile b/Makefile index 1583645a..39301cee 100644 --- a/Makefile +++ b/Makefile @@ -87,7 +87,7 @@ lint: pep8 helm_lint # Dry run templating of chart .PHONY: dry-run -dry-run: clean helm-init +dry-run: helm-init $(HELM) template --set manifests.secret_ssh_key=true --set conf.ssh.private_key=foo charts/drydock # Initialize local helm config diff --git a/charts/drydock/templates/configmap-etc.yaml b/charts/drydock/templates/configmap-etc.yaml index 4f7876d5..95759159 100644 --- a/charts/drydock/templates/configmap-etc.yaml +++ b/charts/drydock/templates/configmap-etc.yaml @@ -31,7 +31,7 @@ {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.drydock.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -{{- $userIdentity := .Values.endpoints.identity.auth.user -}} +{{- $userIdentity := .Values.endpoints.identity.auth.drydock -}} {{- if empty .Values.conf.drydock.keystone_authtoken.project_name -}} {{- set .Values.conf.drydock.keystone_authtoken "project_name" $userIdentity.project_name | quote | trunc 0 -}} diff --git a/charts/drydock/templates/deployment.yaml b/charts/drydock/templates/deployment.yaml index 9e25f684..6a9b6e87 100644 --- a/charts/drydock/templates/deployment.yaml +++ b/charts/drydock/templates/deployment.yaml @@ -33,6 +33,8 @@ spec: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} spec: + nodeSelector: + {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value | quote }} serviceAccountName: {{ $serviceAccountName }} restartPolicy: Always affinity: @@ -41,6 +43,9 @@ spec: {{ tuple $envAll "api" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: drydock-api + image: {{ .Values.images.tags.drydock }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} env: - name: 'MAAS_API_KEY' valueFrom: @@ -51,9 +56,6 @@ spec: value: {{ .Values.conf.uwsgi.workers | default 1 | quote }} - name: 'DRYDOCK_API_THREADS' value: {{ .Values.conf.uwsgi.threads | default 1 | quote }} - image: {{ .Values.images.tags.drydock }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} ports: - name: drydock-api containerPort: {{ tuple "physicalprovisioner" "default" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} diff --git a/charts/drydock/templates/ingress.yaml b/charts/drydock/templates/ingress.yaml new file mode 100644 index 00000000..638774e5 --- /dev/null +++ b/charts/drydock/templates/ingress.yaml @@ -0,0 +1,17 @@ + +{{/* # Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. */}} +{{- if .Values.manifests.ingress_drydock }} +{{ dict "envAll" . "backendServiceType" "physicalprovisioner" "backendPort" "drydock-api" | include "helm-toolkit.manifests.ingress" }} +{{- end -}} diff --git a/charts/drydock/values.yaml b/charts/drydock/values.yaml index 318a4e3b..73336572 100644 --- a/charts/drydock/values.yaml +++ b/charts/drydock/values.yaml @@ -45,7 +45,14 @@ images: network: api: nodeport: - enabled: true + enabled: false + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / pod: lifecycle: @@ -127,6 +134,7 @@ manifests: configmap_etc: true configmap_bin: true service_drydock: true + ingress_drydock: true deployment_drydock: true test_drydock_api: true test_drydock_auth: true @@ -215,6 +223,7 @@ endpoints: name: drydock hosts: default: drydock-api + public: drydock port: api: default: 9000 @@ -225,6 +234,7 @@ endpoints: default: http host_fqdn_override: default: null + public: drydock.test.local postgresql: name: postgresql auth: