summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatt McEuen <matt.mceuen@att.com>2018-07-20 16:32:30 -0500
committerFelipe Monteiro <felipe.monteiro@att.com>2018-08-09 02:53:13 +0000
commit07186243de2bf6b40e6981eac8a64755b6b23f78 (patch)
tree069222e9a3f0e565c52e694fac0e9f9889f95114
parent64975c820afa84a9753fb6d71670f3e65e8d9824 (diff)
Update Deckhand for latest HTK
This updates Deckhand to be compatible with the current OpenStack-Helm Helm Toolkit. This includes: - Using HTK manifest templates - Refactoring values.yaml structure - Some other small cleanup Change-Id: Ib7c2451b46fab20935edb1c768ac56cc6353aa16
Notes
Notes (review): Code-Review+2: Felipe Monteiro <felipe.monteiro@att.com> Code-Review+2: Pete Birley <petebirley@gmail.com> Workflow+1: Felipe Monteiro <felipe.monteiro@att.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Thu, 09 Aug 2018 17:55:37 +0000 Reviewed-on: https://review.openstack.org/584517 Project: openstack/airship-deckhand Branch: refs/heads/master
-rw-r--r--charts/deckhand/templates/configmap-bin.yaml5
-rw-r--r--charts/deckhand/templates/configmap-etc.yaml28
-rw-r--r--charts/deckhand/templates/deployment.yaml9
-rw-r--r--charts/deckhand/templates/ingress-api.yaml33
-rw-r--r--charts/deckhand/templates/job-db-init.yaml7
-rw-r--r--charts/deckhand/templates/job-db-sync.yaml7
-rw-r--r--charts/deckhand/templates/job-image-repo-sync.yaml20
-rw-r--r--charts/deckhand/templates/job-ks-endpoints.yaml82
-rw-r--r--charts/deckhand/templates/job-ks-service.yaml78
-rw-r--r--charts/deckhand/templates/job-ks-user.yaml82
-rw-r--r--charts/deckhand/templates/secret-keystone-env.yaml3
-rw-r--r--charts/deckhand/templates/service-ingress.yaml18
-rw-r--r--charts/deckhand/templates/service.yaml16
-rw-r--r--charts/deckhand/values.yaml132
14 files changed, 205 insertions, 315 deletions
diff --git a/charts/deckhand/templates/configmap-bin.yaml b/charts/deckhand/templates/configmap-bin.yaml
index 993de47..4b9e357 100644
--- a/charts/deckhand/templates/configmap-bin.yaml
+++ b/charts/deckhand/templates/configmap-bin.yaml
@@ -1,3 +1,4 @@
1{{/*
1# Licensed under the Apache License, Version 2.0 (the "License"); 2# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License. 3# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at 4# You may obtain a copy of the License at
@@ -9,6 +10,9 @@
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and 11# See the License for the specific language governing permissions and
11# limitations under the License. 12# limitations under the License.
13*/}}
14
15{{- if .Values.manifests.configmap_bin }}
12 16
13apiVersion: v1 17apiVersion: v1
14kind: ConfigMap 18kind: ConfigMap
@@ -27,3 +31,4 @@ data:
27{{ tuple "bin/_db-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} 31{{ tuple "bin/_db-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
28 db-sync.sh: |+ 32 db-sync.sh: |+
29{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} 33{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
34{{- end }} \ No newline at end of file
diff --git a/charts/deckhand/templates/configmap-etc.yaml b/charts/deckhand/templates/configmap-etc.yaml
index b019680..10ee24b 100644
--- a/charts/deckhand/templates/configmap-etc.yaml
+++ b/charts/deckhand/templates/configmap-etc.yaml
@@ -1,3 +1,4 @@
1{{/*
1# Copyright 2017 The Openstack-Helm Authors. 2# Copyright 2017 The Openstack-Helm Authors.
2# 3#
3# Licensed under the Apache License, Version 2.0 (the "License"); 4# Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,54 +12,56 @@
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and 13# See the License for the specific language governing permissions and
13# limitations under the License. 14# limitations under the License.
15*/}}
14 16
17{{- if .Values.manifests.configmap_etc }}
15{{- $envAll := . }} 18{{- $envAll := . }}
16 19
17{{- if empty .Values.conf.deckhand.keystone_authtoken.auth_uri -}} 20{{- if empty .Values.conf.deckhand.keystone_authtoken.auth_uri -}}
18{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "auth_uri" | quote | trunc 0 -}} 21{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "auth_uri" -}}
19{{- end -}} 22{{- end -}}
20 23
21# FIXME fix for broken keystonemiddleware oslo config gen in newton - will remove in future 24# FIXME fix for broken keystonemiddleware oslo config gen in newton - will remove in future
22{{- if empty .Values.conf.deckhand.keystone_authtoken.auth_url -}} 25{{- if empty .Values.conf.deckhand.keystone_authtoken.auth_url -}}
23{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "auth_url" | quote | trunc 0 -}} 26{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "auth_url" -}}
24{{- end -}} 27{{- end -}}
25 28
26# Add endpoint URI lookup for Deckhand Postgresql DB Connection 29# Add endpoint URI lookup for Deckhand Postgresql DB Connection
27{{- if empty .Values.conf.deckhand.database.connection -}} 30{{- if empty .Values.conf.deckhand.database.connection -}}
28{{- tuple "postgresql" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.deckhand.database "connection" | quote | trunc 0 -}} 31{{- tuple "postgresql" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.deckhand.database "connection" -}}
29{{- end -}} 32{{- end -}}
30 33
31# Add endpoint URI lookup for memcached servers Connection 34# Add endpoint URI lookup for memcached servers Connection
32{{- if empty .Values.conf.deckhand.keystone_authtoken.memcached_servers -}} 35{{- if empty .Values.conf.deckhand.keystone_authtoken.memcached_servers -}}
33{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} 36{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "memcached_servers" -}}
34{{- end -}} 37{{- end -}}
35 38
36# Add endpoint URI lookup for barbican 39# Add endpoint URI lookup for barbican
37{{- if empty .Values.conf.deckhand.barbican.api_endpoint -}} 40{{- if empty .Values.conf.deckhand.barbican.api_endpoint -}}
38{{- tuple "barbican" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.barbican "api_endpoint" | quote | trunc 0 -}} 41{{- tuple "key_manager" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.barbican "api_endpoint" -}}
39{{- end -}} 42{{- end -}}
40 43
41{{- $userIdentity := .Values.endpoints.identity.auth.user -}} 44{{- $userIdentity := .Values.endpoints.identity.auth.deckhand -}}
42 45
43{{- if empty .Values.conf.deckhand.keystone_authtoken.project_name -}} 46{{- if empty .Values.conf.deckhand.keystone_authtoken.project_name -}}
44{{- set .Values.conf.deckhand.keystone_authtoken "project_name" $userIdentity.project_name | quote | trunc 0 -}} 47{{- set .Values.conf.deckhand.keystone_authtoken "project_name" $userIdentity.project_name -}}
45{{- end -}} 48{{- end -}}
46{{- if empty .Values.conf.deckhand.keystone_authtoken.project_domain_name -}} 49{{- if empty .Values.conf.deckhand.keystone_authtoken.project_domain_name -}}
47{{- set .Values.conf.deckhand.keystone_authtoken "project_domain_name" $userIdentity.project_domain_name | quote | trunc 0 -}} 50{{- set .Values.conf.deckhand.keystone_authtoken "project_domain_name" $userIdentity.project_domain_name -}}
48{{- end -}} 51{{- end -}}
49{{- if empty .Values.conf.deckhand.keystone_authtoken.user_domain_name -}} 52{{- if empty .Values.conf.deckhand.keystone_authtoken.user_domain_name -}}
50{{- set .Values.conf.deckhand.keystone_authtoken "user_domain_name" $userIdentity.user_domain_name | quote | trunc 0 -}} 53{{- set .Values.conf.deckhand.keystone_authtoken "user_domain_name" $userIdentity.user_domain_name -}}
51{{- end -}} 54{{- end -}}
52{{- if empty .Values.conf.deckhand.keystone_authtoken.username -}} 55{{- if empty .Values.conf.deckhand.keystone_authtoken.username -}}
53{{- set .Values.conf.deckhand.keystone_authtoken "username" $userIdentity.username | quote | trunc 0 -}} 56{{- set .Values.conf.deckhand.keystone_authtoken "username" $userIdentity.username -}}
54{{- end -}} 57{{- end -}}
55{{- if empty .Values.conf.deckhand.keystone_authtoken.password -}} 58{{- if empty .Values.conf.deckhand.keystone_authtoken.password -}}
56{{- set .Values.conf.deckhand.keystone_authtoken "password" $userIdentity.password | quote | trunc 0 -}} 59{{- set .Values.conf.deckhand.keystone_authtoken "password" $userIdentity.password -}}
57{{- end -}} 60{{- end -}}
58 61
59# Set a random string as secret key. 62# Set a random string as secret key.
60{{- if empty .Values.conf.deckhand.keystone_authtoken.memcache_secret_key -}} 63{{- if empty .Values.conf.deckhand.keystone_authtoken.memcache_secret_key -}}
61{{- randAlphaNum 64 | set .Values.conf.deckhand.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} 64{{- randAlphaNum 64 | set .Values.conf.deckhand.keystone_authtoken "memcache_secret_key" -}}
62{{- end -}} 65{{- end -}}
63 66
64--- 67---
@@ -75,3 +78,4 @@ data:
75{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }} 78{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }}
76 policy.yaml: |+ 79 policy.yaml: |+
77{{ toYaml .Values.conf.policy | indent 4 }} 80{{ toYaml .Values.conf.policy | indent 4 }}
81{{- end }}
diff --git a/charts/deckhand/templates/deployment.yaml b/charts/deckhand/templates/deployment.yaml
index 3d6ef25..ae2b84b 100644
--- a/charts/deckhand/templates/deployment.yaml
+++ b/charts/deckhand/templates/deployment.yaml
@@ -1,3 +1,4 @@
1{{/*
1# Copyright 2017 The Openstack-Helm Authors. 2# Copyright 2017 The Openstack-Helm Authors.
2# 3#
3# Licensed under the Apache License, Version 2.0 (the "License"); 4# Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,14 +12,14 @@
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and 13# See the License for the specific language governing permissions and
13# limitations under the License. 14# limitations under the License.
15*/}}
14 16
15{{- if .Values.manifests.deployment }} 17{{- if .Values.manifests.deployment }}
16{{- $envAll := . }} 18{{- $envAll := . }}
17{{- $dependencies := .Values.dependencies.deckhand }}
18{{- $mounts_deckhand := .Values.pod.mounts.deckhand.deckhand }} 19{{- $mounts_deckhand := .Values.pod.mounts.deckhand.deckhand }}
19{{- $mounts_deckhand_init := .Values.pod.mounts.deckhand.init_container }} 20{{- $mounts_deckhand_init := .Values.pod.mounts.deckhand.init_container }}
20{{- $serviceAccountName := "deckhand" }} 21{{- $serviceAccountName := "deckhand" }}
21{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} 22{{ tuple $envAll "deckhand" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
22--- 23---
23apiVersion: apps/v1beta1 24apiVersion: apps/v1beta1
24kind: Deployment 25kind: Deployment
@@ -37,11 +38,11 @@ spec:
37 spec: 38 spec:
38 serviceAccountName: {{ $serviceAccountName }} 39 serviceAccountName: {{ $serviceAccountName }}
39 nodeSelector: 40 nodeSelector:
40 {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} 41 {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }}
41 terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.deckhand.timeout | default "30" }} 42 terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.deckhand.timeout | default "30" }}
42 restartPolicy: Always 43 restartPolicy: Always
43 initContainers: 44 initContainers:
44{{ tuple $envAll $dependencies $mounts_deckhand_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} 45{{ tuple $envAll "deckhand" $mounts_deckhand_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
45 containers: 46 containers:
46 - name: deckhand-api 47 - name: deckhand-api
47 env: 48 env:
diff --git a/charts/deckhand/templates/ingress-api.yaml b/charts/deckhand/templates/ingress-api.yaml
index 4041074..d9b15cf 100644
--- a/charts/deckhand/templates/ingress-api.yaml
+++ b/charts/deckhand/templates/ingress-api.yaml
@@ -14,34 +14,7 @@ See the License for the specific language governing permissions and
14limitations under the License. 14limitations under the License.
15*/}} 15*/}}
16 16
17{{- if .Values.manifests.ingress_api }} 17{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }}
18{{- $envAll := . }} 18{{- $ingressOpts := dict "envAll" . "backendServiceType" "deckhand" "backendPort" "http" -}}
19{{- if .Values.network.ingress.public }} 19{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
20{{- $backendServiceType := "deckhand" }}
21{{- $backendPort := "http" }}
22{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
23{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
24{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
25{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
26{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
27---
28apiVersion: extensions/v1beta1
29kind: Ingress
30metadata:
31 name: {{ $ingressName }}
32 annotations:
33 kubernetes.io/ingress.class: "nginx"
34 ingress.kubernetes.io/rewrite-target: /
35spec:
36 rules:
37{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }}
38 - host: {{ $vHost }}
39 http:
40 paths:
41 - path: /
42 backend:
43 serviceName: {{ $backendName }}
44 servicePort: {{ $backendPort }}
45{{- end }}
46{{- end }}
47{{- end }} 20{{- end }}
diff --git a/charts/deckhand/templates/job-db-init.yaml b/charts/deckhand/templates/job-db-init.yaml
index 4019ac6..4624d09 100644
--- a/charts/deckhand/templates/job-db-init.yaml
+++ b/charts/deckhand/templates/job-db-init.yaml
@@ -16,11 +16,10 @@ limitations under the License.
16 16
17{{- if .Values.manifests.job_db_init }} 17{{- if .Values.manifests.job_db_init }}
18{{- $envAll := . }} 18{{- $envAll := . }}
19{{- $dependencies := .Values.dependencies.db_init }}
20{{- $mounts_deckhand_db_init := .Values.pod.mounts.deckhand_db_init.deckhand_db_init }} 19{{- $mounts_deckhand_db_init := .Values.pod.mounts.deckhand_db_init.deckhand_db_init }}
21{{- $mounts_deckhand_db_init_init := .Values.pod.mounts.deckhand_db_init.init_container }} 20{{- $mounts_deckhand_db_init_init := .Values.pod.mounts.deckhand_db_init.init_container }}
22{{- $serviceAccountName := "deckhand-db-init" }} 21{{- $serviceAccountName := "deckhand-db-init" }}
23{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} 22{{ tuple $envAll "db_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
24--- 23---
25apiVersion: batch/v1 24apiVersion: batch/v1
26kind: Job 25kind: Job
@@ -35,9 +34,9 @@ spec:
35 serviceAccountName: {{ $serviceAccountName }} 34 serviceAccountName: {{ $serviceAccountName }}
36 restartPolicy: OnFailure 35 restartPolicy: OnFailure
37 nodeSelector: 36 nodeSelector:
38 {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} 37 {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
39 initContainers: 38 initContainers:
40{{ tuple $envAll $dependencies $mounts_deckhand_db_init_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} 39{{ tuple $envAll "db_init" $mounts_deckhand_db_init_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
41 containers: 40 containers:
42 - name: deckhand-db-init 41 - name: deckhand-db-init
43 image: {{ .Values.images.tags.db_init | quote }} 42 image: {{ .Values.images.tags.db_init | quote }}
diff --git a/charts/deckhand/templates/job-db-sync.yaml b/charts/deckhand/templates/job-db-sync.yaml
index 5098ec2..0320424 100644
--- a/charts/deckhand/templates/job-db-sync.yaml
+++ b/charts/deckhand/templates/job-db-sync.yaml
@@ -16,11 +16,10 @@ limitations under the License.
16 16
17{{- if .Values.manifests.job_db_sync }} 17{{- if .Values.manifests.job_db_sync }}
18{{- $envAll := . }} 18{{- $envAll := . }}
19{{- $dependencies := .Values.dependencies.db_sync }}
20{{- $mounts_deckhand_db_sync := .Values.pod.mounts.deckhand_db_sync.deckhand_db_sync }} 19{{- $mounts_deckhand_db_sync := .Values.pod.mounts.deckhand_db_sync.deckhand_db_sync }}
21{{- $mounts_deckhand_db_sync_init := .Values.pod.mounts.deckhand_db_sync.init_container }} 20{{- $mounts_deckhand_db_sync_init := .Values.pod.mounts.deckhand_db_sync.init_container }}
22{{- $serviceAccountName := "deckhand-db-sync" }} 21{{- $serviceAccountName := "deckhand-db-sync" }}
23{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} 22{{ tuple $envAll "db_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
24--- 23---
25apiVersion: batch/v1 24apiVersion: batch/v1
26kind: Job 25kind: Job
@@ -35,9 +34,9 @@ spec:
35 serviceAccountName: {{ $serviceAccountName }} 34 serviceAccountName: {{ $serviceAccountName }}
36 restartPolicy: OnFailure 35 restartPolicy: OnFailure
37 nodeSelector: 36 nodeSelector:
38 {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} 37 {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
39 initContainers: 38 initContainers:
40{{ tuple $envAll $dependencies $mounts_deckhand_db_sync_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} 39{{ tuple $envAll "db_sync" $mounts_deckhand_db_sync_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
41 containers: 40 containers:
42 - name: deckhand-db-sync 41 - name: deckhand-db-sync
43 image: {{ .Values.images.tags.db_sync | quote }} 42 image: {{ .Values.images.tags.db_sync | quote }}
diff --git a/charts/deckhand/templates/job-image-repo-sync.yaml b/charts/deckhand/templates/job-image-repo-sync.yaml
new file mode 100644
index 0000000..a9233db
--- /dev/null
+++ b/charts/deckhand/templates/job-image-repo-sync.yaml
@@ -0,0 +1,20 @@
1{{/*
2Copyright 2017 The Openstack-Helm Authors.
3
4Licensed under the Apache License, Version 2.0 (the "License");
5you may not use this file except in compliance with the License.
6You may obtain a copy of the License at
7
8 http://www.apache.org/licenses/LICENSE-2.0
9
10Unless required by applicable law or agreed to in writing, software
11distributed under the License is distributed on an "AS IS" BASIS,
12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13See the License for the specific language governing permissions and
14limitations under the License.
15*/}}
16
17{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
18{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "deckhand" -}}
19{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
20{{- end }}
diff --git a/charts/deckhand/templates/job-ks-endpoints.yaml b/charts/deckhand/templates/job-ks-endpoints.yaml
index f088579..264fa8a 100644
--- a/charts/deckhand/templates/job-ks-endpoints.yaml
+++ b/charts/deckhand/templates/job-ks-endpoints.yaml
@@ -1,68 +1,20 @@
1# Licensed under the Apache License, Version 2.0 (the "License"); 1{{/*
2# you may not use this file except in compliance with the License. 2Copyright 2017 The Openstack-Helm Authors.
3# You may obtain a copy of the License at 3
4# 4Licensed under the Apache License, Version 2.0 (the "License");
5# http://www.apache.org/licenses/LICENSE-2.0 5you may not use this file except in compliance with the License.
6# 6You may obtain a copy of the License at
7# Unless required by applicable law or agreed to in writing, software 7
8# distributed under the License is distributed on an "AS IS" BASIS, 8 http://www.apache.org/licenses/LICENSE-2.0
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 9
10# See the License for the specific language governing permissions and 10Unless required by applicable law or agreed to in writing, software
11# limitations under the License. 11distributed under the License is distributed on an "AS IS" BASIS,
12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13See the License for the specific language governing permissions and
14limitations under the License.
15*/}}
12 16
13{{- if .Values.manifests.job_ks_endpoints }} 17{{- if .Values.manifests.job_ks_endpoints }}
14{{- $envAll := . }} 18{{- $ksServiceJob := dict "envAll" . "serviceName" "deckhand" "serviceTypes" ( tuple "deckhand" ) -}}
15{{- $dependencies := .Values.dependencies.ks_endpoints }} 19{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }}
16{{- $serviceAccountName := "deckhand-ks-endpoints" }}
17{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
18---
19apiVersion: batch/v1
20kind: Job
21metadata:
22 name: deckhand-ks-endpoints
23spec:
24 template:
25 metadata:
26 labels:
27{{ tuple $envAll "deckhand" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
28 spec:
29 serviceAccountName: {{ $serviceAccountName }}
30 restartPolicy: OnFailure
31 nodeSelector:
32 {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
33 initContainers:
34{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
35 containers:
36{{- range $key1, $osServiceType := tuple "deckhand" }}
37{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
38 - name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }}
39 image: {{ $envAll.Values.images.tags.ks_endpoints }}
40 imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
41{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
42 command:
43 - /tmp/ks-endpoints.sh
44 volumeMounts:
45 - name: ks-endpoints-sh
46 mountPath: /tmp/ks-endpoints.sh
47 subPath: ks-endpoints.sh
48 readOnly: true
49 env:
50{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
51{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
52{{- end }}
53 - name: OS_SVC_ENDPOINT
54 value: {{ $osServiceEndPoint }}
55 - name: OS_SERVICE_NAME
56 value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
57 - name: OS_SERVICE_TYPE
58 value: {{ $osServiceType }}
59 - name: OS_SERVICE_ENDPOINT
60 value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
61{{- end }}
62{{- end }} 20{{- end }}
63 volumes:
64 - name: ks-endpoints-sh
65 configMap:
66 name: deckhand-bin
67 defaultMode: 0555
68{{- end -}}
diff --git a/charts/deckhand/templates/job-ks-service.yaml b/charts/deckhand/templates/job-ks-service.yaml
index 631b357..c857be8 100644
--- a/charts/deckhand/templates/job-ks-service.yaml
+++ b/charts/deckhand/templates/job-ks-service.yaml
@@ -1,64 +1,20 @@
1# Licensed under the Apache License, Version 2.0 (the "License"); 1{{/*
2# you may not use this file except in compliance with the License. 2Copyright 2017 The Openstack-Helm Authors.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12 3
13{{- if .Values.manifests.job_ks_service -}} 4Licensed under the Apache License, Version 2.0 (the "License");
5you may not use this file except in compliance with the License.
6You may obtain a copy of the License at
14 7
15{{- $envAll := . }} 8 http://www.apache.org/licenses/LICENSE-2.0
16{{- $ksAdminSecret := .Values.secrets.identity.admin }} 9
17{{- $dependencies := .Values.dependencies.ks_service }} 10Unless required by applicable law or agreed to in writing, software
18{{- $serviceAccountName := "deckhand-ks-service" }} 11distributed under the License is distributed on an "AS IS" BASIS,
19{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} 12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20--- 13See the License for the specific language governing permissions and
21apiVersion: batch/v1 14limitations under the License.
22kind: Job 15*/}}
23metadata: 16
24 name: deckhand-ks-service 17{{- if .Values.manifests.job_ks_service }}
25spec: 18{{- $ksServiceJob := dict "envAll" . "serviceName" "deckhand" "serviceTypes" ( tuple "deckhand" ) -}}
26 template: 19{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }}
27 metadata:
28 labels:
29{{ tuple $envAll "deckhand" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
30 spec:
31 serviceAccountName: {{ $serviceAccountName }}
32 restartPolicy: OnFailure
33 nodeSelector:
34 {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
35 initContainers:
36{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
37 containers:
38{{- range $key1, $osServiceType := tuple "deckhand" }}
39 - name: {{ $osServiceType }}-ks-service-registration
40 image: {{ $envAll.Values.images.tags.ks_service }}
41 imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
42{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_service | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
43 command:
44 - /tmp/ks-service.sh
45 volumeMounts:
46 - name: ks-service-sh
47 mountPath: /tmp/ks-service.sh
48 subPath: ks-service.sh
49 readOnly: true
50 env:
51{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
52{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
53{{- end }}
54 - name: OS_SERVICE_NAME
55 value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
56 - name: OS_SERVICE_TYPE
57 value: {{ $osServiceType }}
58{{- end }} 20{{- end }}
59 volumes:
60 - name: ks-service-sh
61 configMap:
62 name: deckhand-bin
63 defaultMode: 0555
64{{- end -}}
diff --git a/charts/deckhand/templates/job-ks-user.yaml b/charts/deckhand/templates/job-ks-user.yaml
index 0780396..97afa9f 100644
--- a/charts/deckhand/templates/job-ks-user.yaml
+++ b/charts/deckhand/templates/job-ks-user.yaml
@@ -1,68 +1,20 @@
1# Licensed under the Apache License, Version 2.0 (the "License"); 1{{/*
2# you may not use this file except in compliance with the License. 2Copyright 2017 The Openstack-Helm Authors.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12 3
13{{- if .Values.manifests.job_ks_user }} 4Licensed under the Apache License, Version 2.0 (the "License");
5you may not use this file except in compliance with the License.
6You may obtain a copy of the License at
14 7
15{{- $ksAdminSecret := .Values.secrets.identity.admin }} 8 http://www.apache.org/licenses/LICENSE-2.0
16{{- $ksUserSecret := .Values.secrets.identity.user }} 9
17{{- $envAll := . }} 10Unless required by applicable law or agreed to in writing, software
18{{- $dependencies := .Values.dependencies.ks_user }} 11distributed under the License is distributed on an "AS IS" BASIS,
19{{- $serviceAccountName := "deckhand-ks-user" }} 12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} 13See the License for the specific language governing permissions and
21--- 14limitations under the License.
22apiVersion: batch/v1 15*/}}
23kind: Job 16
24metadata: 17{{- if .Values.manifests.job_ks_user }}
25 name: deckhand-ks-user 18{{- $ksUserJob := dict "envAll" . "serviceName" "deckhand" -}}
26spec: 19{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
27 template:
28 metadata:
29 labels:
30{{ tuple $envAll "deckhand" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
31 spec:
32 serviceAccountName: {{ $serviceAccountName }}
33 restartPolicy: OnFailure
34 nodeSelector:
35 {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
36 initContainers:
37{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
38 containers:
39 - name: deckhand-ks-user
40 image: {{ .Values.images.tags.ks_user }}
41 imagePullPolicy: {{ .Values.images.pull_policy }}
42{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
43 command:
44 - /tmp/ks-user.sh
45 volumeMounts:
46 - name: ks-user-sh
47 mountPath: /tmp/ks-user.sh
48 subPath: ks-user.sh
49 readOnly: true
50 env:
51{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
52{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
53{{- end }}
54 - name: SERVICE_OS_SERVICE_NAME
55 value: {{ $envAll.Values.endpoints.deckhand.name | quote }}
56 - name: SERVICE_OS_DOMAIN_NAME
57 value: {{ $envAll.Values.endpoints.identity.auth.user.project_domain_name | quote }}
58{{- with $env := dict "ksUserSecret" $ksUserSecret }}
59{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
60{{- end }} 20{{- end }}
61 - name: SERVICE_OS_ROLE
62 value: {{ $envAll.Values.endpoints.identity.auth.user.role | quote }}
63 volumes:
64 - name: ks-user-sh
65 configMap:
66 name: deckhand-bin
67 defaultMode: 0555
68{{- end -}}
diff --git a/charts/deckhand/templates/secret-keystone-env.yaml b/charts/deckhand/templates/secret-keystone-env.yaml
index 94ea6e7..cf597ba 100644
--- a/charts/deckhand/templates/secret-keystone-env.yaml
+++ b/charts/deckhand/templates/secret-keystone-env.yaml
@@ -11,9 +11,10 @@
11# See the License for the specific language governing permissions and 11# See the License for the specific language governing permissions and
12# limitations under the License. 12# limitations under the License.
13*/}} 13*/}}
14
14{{- if .Values.manifests.secret_keystone }} 15{{- if .Values.manifests.secret_keystone }}
15{{- $envAll := . }} 16{{- $envAll := . }}
16{{- range $key1, $userClass := tuple "admin" "user" }} 17{{- range $key1, $userClass := tuple "admin" "deckhand" }}
17{{- $secretName := index $envAll.Values.secrets.identity $userClass }} 18{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
18--- 19---
19apiVersion: v1 20apiVersion: v1
diff --git a/charts/deckhand/templates/service-ingress.yaml b/charts/deckhand/templates/service-ingress.yaml
index 26d35e3..3d62112 100644
--- a/charts/deckhand/templates/service-ingress.yaml
+++ b/charts/deckhand/templates/service-ingress.yaml
@@ -14,19 +14,7 @@ See the License for the specific language governing permissions and
14limitations under the License. 14limitations under the License.
15*/}} 15*/}}
16 16
17{{- if .Values.manifests.service_ingress }} 17{{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }}
18{{- $envAll := . }} 18{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "deckhand" -}}
19{{- if .Values.network.ingress.public }} 19{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
20---
21apiVersion: v1
22kind: Service
23metadata:
24 name: {{ tuple "deckhand" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
25spec:
26 ports:
27 - name: http
28 port: 80
29 selector:
30 app: ingress-api
31{{- end }}
32{{- end }} 20{{- end }}
diff --git a/charts/deckhand/templates/service.yaml b/charts/deckhand/templates/service.yaml
index 14c9560..1259849 100644
--- a/charts/deckhand/templates/service.yaml
+++ b/charts/deckhand/templates/service.yaml
@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
14limitations under the License. 14limitations under the License.
15*/}} 15*/}}
16 16
17{{- if .Values.manifests.service }} 17{{- if .Values.manifests.service_api }}
18{{- $envAll := . }} 18{{- $envAll := . }}
19--- 19---
20apiVersion: v1 20apiVersion: v1
@@ -23,21 +23,21 @@ metadata:
23 name: {{ tuple "deckhand" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} 23 name: {{ tuple "deckhand" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
24spec: 24spec:
25 ports: 25 ports:
26 {{ if .Values.network.enable_node_port }} 26 {{ if .Values.network.api.node_port.enabled }}
27 - name: http 27 - name: http
28 nodePort: {{ .Values.network.node_port }} 28 nodePort: {{ .Values.network.api.node_port }}
29 port: {{ .Values.network.port }} 29 port: {{ .Values.network.api.port }}
30 protocol: TCP 30 protocol: TCP
31 targetPort: {{ .Values.network.port }} 31 targetPort: {{ .Values.network.api.port }}
32 {{ else }} 32 {{ else }}
33 - name: http 33 - name: http
34 port: {{ .Values.network.port }} 34 port: {{ tuple "deckhand" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
35 protocol: TCP 35 protocol: TCP
36 targetPort: {{ .Values.network.port }} 36 targetPort: {{ .Values.network.api.port }}
37 {{ end }} 37 {{ end }}
38 selector: 38 selector:
39{{ tuple $envAll "deckhand" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} 39{{ tuple $envAll "deckhand" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
40 {{ if .Values.network.enable_node_port }} 40 {{ if .Values.network.api.enable_node_port }}
41 type: NodePort 41 type: NodePort
42 {{ end }} 42 {{ end }}
43{{- end }} 43{{- end }}
diff --git a/charts/deckhand/values.yaml b/charts/deckhand/values.yaml
index 2bab287..363bc88 100644
--- a/charts/deckhand/values.yaml
+++ b/charts/deckhand/values.yaml
@@ -15,8 +15,15 @@
15# This file provides defaults for deckhand 15# This file provides defaults for deckhand
16 16
17labels: 17labels:
18 node_selector_key: ucp-control-plane 18 api:
19 node_selector_value: enabled 19 node_selector_key: ucp-control-plane
20 node_selector_value: enabled
21 job:
22 node_selector_key: ucp-control-plane
23 node_selector_value: enabled
24 test:
25 node_selector_key: ucp-control-plane
26 node_selector_value: enabled
20 27
21images: 28images:
22 tags: 29 tags:
@@ -24,65 +31,98 @@ images:
24 dep_check: "quay.io/stackanetes/kubernetes-entrypoint:v0.3.1" 31 dep_check: "quay.io/stackanetes/kubernetes-entrypoint:v0.3.1"
25 db_init: docker.io/postgres:9.5 32 db_init: docker.io/postgres:9.5
26 db_sync: quay.io/attcomdev/deckhand:latest 33 db_sync: quay.io/attcomdev/deckhand:latest
34 image_repo_sync: docker.io/docker:17.07.0
27 ks_endpoints: docker.io/openstackhelm/heat:newton 35 ks_endpoints: docker.io/openstackhelm/heat:newton
28 ks_service: docker.io/openstackhelm/heat:newton 36 ks_service: docker.io/openstackhelm/heat:newton
29 ks_user: docker.io/openstackhelm/heat:newton 37 ks_user: docker.io/openstackhelm/heat:newton
30 pull_policy: "IfNotPresent" 38 pull_policy: "IfNotPresent"
39 local_registry:
40 active: false
41 exclude:
42 - dep_check
43 - image_repo_sync
31 44
32release_group: null 45release_group: null
33 46
34network: 47network:
35 ingress: 48 api:
36 public: true 49 ingress:
37 port: 9000 50 public: true
38 node_port: 31902 51 classes:
39 enable_node_port: false 52 namespace: "nginx"
53 cluster: "nginx-cluster"
54 annotations:
55 nginx.ingress.kubernetes.io/rewrite-target: /
56 node_port:
57 enabled: false
58 port: 301902
40 59
41dependencies: 60dependencies:
42 db_init: 61 dynamic:
43 services: 62 common:
44 - service: postgresql 63 local_image_registry:
45 endpoint: internal 64 jobs:
46 db_sync: 65 - glance-image-repo-sync
47 jobs: 66 services:
48 - deckhand-db-init 67 - endpoint: node
49 services: 68 service: local_image_registry
50 - service: postgresql 69 static:
51 endpoint: internal 70 db_init:
52 ks_user: 71 services:
53 services: 72 - service: postgresql
54 - service: identity 73 endpoint: internal
55 endpoint: internal 74 db_sync:
56 ks_service: 75 jobs:
57 services: 76 - deckhand-db-init
58 - service: identity 77 services:
59 endpoint: internal 78 - service: postgresql
60 ks_endpoints: 79 endpoint: internal
61 jobs: 80 ks_user:
62 - deckhand-ks-service 81 services:
63 services: 82 - service: identity
64 - service: identity 83 endpoint: internal
65 endpoint: internal 84 ks_service:
66 deckhand: 85 services:
67 jobs: 86 - service: identity
68 - deckhand-ks-endpoints 87 endpoint: internal
69 - deckhand-ks-user 88 ks_endpoints:
70 - deckhand-ks-endpoints 89 jobs:
71 services: 90 - deckhand-ks-service
72 - service: identity 91 services:
73 endpoint: internal 92 - service: identity
74 - service: key_manager 93 endpoint: internal
75 endpoint: internal 94 deckhand:
95 jobs:
96 - deckhand-ks-endpoints
97 - deckhand-ks-user
98 - deckhand-ks-endpoints
99 services:
100 - service: identity
101 endpoint: internal
102 - service: key_manager
103 endpoint: internal
76 104
77# typically overridden by environmental 105# typically overridden by environmental
78# values, but should include all endpoints 106# values, but should include all endpoints
79# required by this chart 107# required by this chart
80endpoints: 108endpoints:
81 cluster_domain_suffix: cluster.local 109 cluster_domain_suffix: cluster.local
110 local_image_registry:
111 name: docker-registry
112 namespace: docker-registry
113 hosts:
114 default: localhost
115 internal: docker-registry
116 node: localhost
117 host_fqdn_override:
118 default: null
119 port:
120 registry:
121 node: 5000
82 identity: 122 identity:
83 name: keystone 123 name: keystone
84 auth: 124 auth:
85 user: 125 deckhand:
86 region_name: RegionOne 126 region_name: RegionOne
87 role: admin 127 role: admin
88 project_name: service 128 project_name: service
@@ -172,7 +212,7 @@ endpoints:
172secrets: 212secrets:
173 identity: 213 identity:
174 admin: deckhand-keystone-admin 214 admin: deckhand-keystone-admin
175 user: deckhand-keystone-user 215 deckhand: deckhand-keystone-user
176 postgresql: 216 postgresql:
177 admin: deckhand-db-admin 217 admin: deckhand-db-admin
178 user: deckhand-db-user 218 user: deckhand-db-user
@@ -339,15 +379,15 @@ manifests:
339 configmap_bin: true 379 configmap_bin: true
340 configmap_etc: true 380 configmap_etc: true
341 deployment: true 381 deployment: true
382 ingress_api: true
342 job_db_init: true 383 job_db_init: true
343 job_db_sync: true 384 job_db_sync: true
385 job_image_repo_sync: true
344 job_ks_endpoints: true 386 job_ks_endpoints: true
345 job_ks_service: true 387 job_ks_service: true
346 job_ks_user: true 388 job_ks_user: true
347 secret_db: true 389 secret_db: true
348 secret_keystone: true 390 secret_keystone: true
349 service_api: true 391 service_api: true
350 ingress_api: true 392 service_ingress_api: true
351 service: true
352 service_ingress: true
353 test_deckhand_api: true 393 test_deckhand_api: true