Move Deckhand Chart

This PS migrates the Deckhand Chart into this repo

Change-Id: I2f16697df2d909e01ce3c35a462474ee857c57e2
This commit is contained in:
Anthony Lin 2017-10-20 13:38:49 +00:00 committed by Felipe Monteiro
parent 21b898f9db
commit 46803b7e60
19 changed files with 1150 additions and 0 deletions

View File

@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

View File

@ -0,0 +1,27 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
description: A Helm chart for Deckhand
name: deckhand
version: 0.1.0
keywords:
- deckhand
home: https://github.com/att-comdev/deckhand
sources:
- https://github.com/att-comdev/aic-helm
- https://git.openstack.org/cgit/openstack/openstack-helm
maintainers:
- name: att-comdev
engine: gotpl

View File

@ -0,0 +1,18 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: 0.1.0

View File

@ -0,0 +1,33 @@
#!/bin/bash
set -ex
export HOME=/tmp
# Extract the DB string from deckhand.conf and get the
# value of the DB host and port
db_string=`grep -i '^connection =' ${DECKHAND_CONFIG_FILE}`
db_fqdn=`echo ${db_string#*@} | cut -f1 -d"."`
db_port=`echo ${db_string#*@} | grep -o "[0-9]\+"`
pgsql_superuser_cmd () {
DB_COMMAND="$1"
if [[ ! -z $2 ]]; then
EXPORT PGDATABASE=$2
fi
psql \
-h $db_fqdn \
-p $db_port \
-U ${ROOT_DB_USER} \
--command="${DB_COMMAND}"
}
# Create db
pgsql_superuser_cmd "SELECT 1 FROM pg_database WHERE datname = '$DB_NAME'" | grep -q 1 || pgsql_superuser_cmd "CREATE DATABASE $DB_NAME"
# Create db user
pgsql_superuser_cmd "SELECT * FROM pg_roles WHERE rolname = '$DB_USER';" | tail -n +3 | head -n -2 | grep -q 1 || \
pgsql_superuser_cmd "CREATE ROLE ${DB_USER} LOGIN PASSWORD '$DB_PASS';" && pgsql_superuser_cmd "ALTER USER ${DB_USER} WITH SUPERUSER"
# Grant permissions to user
pgsql_superuser_cmd "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME to $DB_USER;"

View File

@ -0,0 +1,6 @@
#!/bin/bash
# Pending inputs on what need to be done for db-sync
set -ex
export HOME=/tmp

View File

@ -0,0 +1,29 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: deckhand-bin
data:
ks-service.sh: |
{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }}
ks-endpoints.sh: |
{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
ks-user.sh: |
{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
ks-domain-user.sh: |
{{- include "helm-toolkit.scripts.keystone_domain_user" . | indent 4 }}
db-init.sh: |+
{{ tuple "bin/_db-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
db-sync.sh: |+
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}

View File

@ -0,0 +1,72 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $envAll := . }}
{{- if empty .Values.conf.deckhand.keystone_authtoken.auth_uri -}}
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "auth_uri" | quote | trunc 0 -}}
{{- end -}}
# FIXME fix for broken keystonemiddleware oslo config gen in newton - will remove in future
{{- if empty .Values.conf.deckhand.keystone_authtoken.auth_url -}}
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.deckhand.keystone_authtoken "auth_url" | quote | trunc 0 -}}
{{- end -}}
# Add endpoint URI lookup for Deckhand Postgresql DB Connection
{{- if empty .Values.conf.deckhand.database.connection -}}
{{- tuple "postgresql" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.deckhand.database "connection" | quote | trunc 0 -}}
{{- end -}}
# Add endpoint URI lookup for memcached servers Connection
{{- if empty .Values.conf.deckhand.keystone_authtoken.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
{{- end -}}
{{- $userIdentity := .Values.endpoints.identity.auth.user -}}
{{- if empty .Values.conf.deckhand.keystone_authtoken.project_name -}}
{{- set .Values.conf.deckhand.keystone_authtoken "project_name" $userIdentity.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.deckhand.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.deckhand.keystone_authtoken "project_domain_name" $userIdentity.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.deckhand.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.deckhand.keystone_authtoken "user_domain_name" $userIdentity.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.deckhand.keystone_authtoken.username -}}
{{- set .Values.conf.deckhand.keystone_authtoken "username" $userIdentity.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.deckhand.keystone_authtoken.password -}}
{{- set .Values.conf.deckhand.keystone_authtoken "password" $userIdentity.password | quote | trunc 0 -}}
{{- end -}}
# Set a random string as secret key.
{{- if empty .Values.conf.deckhand.keystone_authtoken.memcache_secret_key -}}
{{- randAlphaNum 64 | set .Values.conf.deckhand.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
{{- end -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: deckhand-etc
data:
deckhand.conf: |+
{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.deckhand | indent 4 }}
logging.conf: |+
{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | indent 4 }}
deckhand-paste.ini: |+
{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.paste | indent 4 }}
policy.yaml: |+
{{ toYaml .Values.conf.policy | indent 4 }}

View File

@ -0,0 +1,80 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- if .Values.manifests.deployment }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.deckhand }}
{{- $mounts_deckhand := .Values.pod.mounts.deckhand.deckhand }}
{{- $mounts_deckhand_init := .Values.pod.mounts.deckhand.init_container }}
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: deckhand
spec:
replicas: {{ .Values.pod.replicas.deckhand }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "deckhand-api" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.deckhand.timeout | default "30" }}
restartPolicy: Always
initContainers:
{{ tuple $envAll $dependencies $mounts_deckhand_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: deckhand
image: {{ .Values.images.deckhand }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
ports:
- containerPort: {{ .Values.network.port }}
readinessProbe:
tcpSocket:
port: {{ .Values.network.port }}
volumeMounts:
- name: etc-deckhand
mountPath: /etc/deckhand
- name: deckhand-etc
mountPath: /etc/deckhand/deckhand.conf
subPath: deckhand.conf
readOnly: true
- name: deckhand-etc
mountPath: /etc/deckhand/logging.conf
subPath: logging.conf
readOnly: true
- name: deckhand-etc
mountPath: /etc/deckhand/deckhand-paste.ini
subPath: deckhand-paste.ini
readOnly: true
- name: deckhand-etc
mountPath: /etc/deckhand/policy.yaml
subPath: policy.yaml
readOnly: true
{{ if $mounts_deckhand.volumeMounts }}{{ toYaml $mounts_deckhand.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: etc-deckhand
emptyDir: {}
- name: deckhand-etc
configMap:
name: deckhand-etc
defaultMode: 0444
{{ if $mounts_deckhand.volumes }}{{ toYaml $mounts_deckhand.volumes | indent 8 }}{{ end }}
{{- end }}

View File

@ -0,0 +1,47 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.ingress_api }}
{{- $envAll := . }}
{{- if .Values.network.ingress.public }}
{{- $backendServiceType := "deckhand" }}
{{- $backendPort := "http" }}
{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ $ingressName }}
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
spec:
rules:
{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }}
- host: {{ $vHost }}
http:
paths:
- path: /
backend:
serviceName: {{ $backendName }}
servicePort: {{ $backendPort }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,85 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_db_init }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.db_init }}
{{- $mounts_deckhand_db_init := .Values.pod.mounts.deckhand_db_init.deckhand_db_init }}
{{- $mounts_deckhand_db_init_init := .Values.pod.mounts.deckhand_db_init.init_container }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: deckhand-db-init
spec:
template:
metadata:
labels:
{{ tuple $envAll "deckhand" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies $mounts_deckhand_db_init_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: deckhand-db-init
image: {{ .Values.images.db_init | quote }}
imagePullPolicy: {{ .Values.images.pull_policy | quote }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: ROOT_DB_CONNECTION
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.postgresql.admin }}
key: DB_CONNECTION
- name: DECKHAND_CONFIG_FILE
value: /etc/deckhand/deckhand.conf
- name: DB_NAME
value: {{ .Values.database.postgresql.db_name }}
- name: DB_USER
value: {{ .Values.endpoints.postgresql.auth.user.username }}
- name: DB_PASS
value: {{ .Values.endpoints.postgresql.auth.user.password }}
- name: ROOT_DB_USER
value: {{ .Values.database.postgresql.db_root_user }}
command:
- /tmp/db-init.sh
volumeMounts:
- name: deckhand-bin
mountPath: /tmp/db-init.sh
subPath: db-init.sh
readOnly: true
- name: etc-deckhand
mountPath: /etc/deckhand
- name: deckhand-etc
mountPath: /etc/deckhand/deckhand.conf
subPath: deckhand.conf
readOnly: true
{{ if $mounts_deckhand_db_init.volumeMounts }}{{ toYaml $mounts_deckhand_db_init.volumeMounts | indent 10 }}{{ end }}
volumes:
- name: etc-deckhand
emptyDir: {}
- name: deckhand-etc
configMap:
name: deckhand-etc
defaultMode: 0444
- name: deckhand-bin
configMap:
name: deckhand-bin
defaultMode: 0555
{{ if $mounts_deckhand_db_init.volumes }}{{ toYaml $mounts_deckhand_db_init.volumes | indent 6 }}{{ end }}
{{- end }}

View File

@ -0,0 +1,83 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_db_sync }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.db_sync }}
{{- $mounts_deckhand_db_sync := .Values.pod.mounts.deckhand_db_sync.deckhand_db_sync }}
{{- $mounts_deckhand_db_sync_init := .Values.pod.mounts.deckhand_db_sync.init_container }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: deckhand-db-sync
spec:
template:
metadata:
labels:
{{ tuple $envAll "deckhand" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies $mounts_deckhand_db_sync_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: deckhand-db-sync
image: {{ .Values.images.db_sync }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: ROOT_DB_CONNECTION
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.postgresql.admin }}
key: DB_CONNECTION
- name: DECKHAND_CONFIG_FILE
value: /etc/deckhand/deckhand.conf
- name: DB_NAME
value: {{ .Values.database.postgresql.db_name }}
- name: DB_USER
value: {{ .Values.endpoints.postgresql.auth.user.username }}
- name: DB_PASS
value: {{ .Values.endpoints.postgresql.auth.user.password }}
command:
- /tmp/db-sync.sh
volumeMounts:
- name: deckhand-bin
mountPath: /tmp/db-sync.sh
subPath: db-sync.sh
readOnly: true
- name: etc-deckhand
mountPath: /etc/deckhand
- name: deckhand-etc
mountPath: /etc/deckhand/deckhand.conf
subPath: deckhand.conf
readOnly: true
{{ if $mounts_deckhand_db_sync.volumeMounts }}{{ toYaml $mounts_deckhand_db_sync.volumeMounts | indent 10 }}{{ end }}
volumes:
- name: etc-deckhand
emptyDir: {}
- name: deckhand-etc
configMap:
name: deckhand-etc
defaultMode: 0444
- name: deckhand-bin
configMap:
name: deckhand-bin
defaultMode: 0555
{{ if $mounts_deckhand_db_sync.volumes }}{{ toYaml $mounts_deckhand_db_sync.volumes | indent 6 }}{{ end }}
{{- end }}

View File

@ -0,0 +1,66 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- if .Values.manifests.job_ks_endpoints }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ks_endpoints }}
apiVersion: batch/v1
kind: Job
metadata:
name: deckhand-ks-endpoints
spec:
template:
metadata:
labels:
{{ tuple $envAll "deckhand" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
{{- range $key1, $osServiceType := tuple "deckhand" }}
{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
- name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }}
image: {{ $envAll.Values.images.ks_endpoints }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-endpoints.sh
volumeMounts:
- name: ks-endpoints-sh
mountPath: /tmp/ks-endpoints.sh
subPath: ks-endpoints.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: OS_SVC_ENDPOINT
value: {{ $osServiceEndPoint }}
- name: OS_SERVICE_NAME
value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
- name: OS_SERVICE_TYPE
value: {{ $osServiceType }}
- name: OS_SERVICE_ENDPOINT
value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
{{- end }}
{{- end }}
volumes:
- name: ks-endpoints-sh
configMap:
name: deckhand-bin
defaultMode: 0555
{{- end -}}

View File

@ -0,0 +1,60 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- if .Values.manifests.job_ks_service -}}
{{- $envAll := . }}
{{- $ksAdminSecret := .Values.secrets.identity.admin }}
{{- $dependencies := .Values.dependencies.ks_service }}
apiVersion: batch/v1
kind: Job
metadata:
name: deckhand-ks-service
spec:
template:
metadata:
labels:
{{ tuple $envAll "deckhand" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
{{- range $key1, $osServiceType := tuple "deckhand" }}
- name: {{ $osServiceType }}-ks-service-registration
image: {{ $envAll.Values.images.ks_service }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
command:
- /tmp/ks-service.sh
volumeMounts:
- name: ks-service-sh
mountPath: /tmp/ks-service.sh
subPath: ks-service.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: OS_SERVICE_NAME
value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
- name: OS_SERVICE_TYPE
value: {{ $osServiceType }}
{{- end }}
volumes:
- name: ks-service-sh
configMap:
name: deckhand-bin
defaultMode: 0555
{{- end -}}

View File

@ -0,0 +1,61 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- if .Values.manifests.job_ks_user }}
{{- $ksAdminSecret := .Values.secrets.identity.admin }}
{{- $ksUserSecret := .Values.secrets.identity.user }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ks_user }}
apiVersion: batch/v1
kind: Job
metadata:
name: deckhand-ks-user
spec:
template:
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: deckhand-ks-user
image: {{ .Values.images.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: {{ $envAll.Values.endpoints.deckhand.name | quote }}
- name: SERVICE_OS_DOMAIN_NAME
value: {{ $envAll.Values.endpoints.identity.auth.user.project_domain_name | quote }}
{{- with $env := dict "ksUserSecret" $ksUserSecret }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ $envAll.Values.endpoints.identity.auth.user.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: deckhand-bin
defaultMode: 0555
{{- end -}}

View File

@ -0,0 +1,30 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.postgresql $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
DB_CONNECTION: {{ tuple "postgresql" "internal" $userClass "postgresql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
{{- end }}
{{- end }}

View File

@ -0,0 +1,28 @@
{{/*
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 }}
...
{{- end }}
{{- end }}

View File

@ -0,0 +1,32 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_ingress }}
{{- $envAll := . }}
{{- if .Values.network.ingress.public }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "deckhand" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: http
port: 9000
selector:
app: ingress-api
{{- end }}
{{- end }}

View File

@ -0,0 +1,43 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "deckhand" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
{{ if .Values.network.enable_node_port }}
- name: http
nodePort: {{ .Values.network.node_port }}
port: {{ .Values.network.port }}
protocol: TCP
targetPort: {{ .Values.network.port }}
{{ else }}
- name: http
port: {{ .Values.network.port }}
protocol: TCP
targetPort: {{ .Values.network.port }}
{{ end }}
selector:
{{ tuple $envAll "deckhand-api" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ if .Values.network.enable_node_port }}
type: NodePort
{{ end }}
{{- end }}

329
charts/deckhand/values.yaml Normal file
View File

@ -0,0 +1,329 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This file provides defaults for deckhand
labels:
node_selector_key: ucp-control-plane
node_selector_value: enabled
images:
deckhand: quay.io/attcomdev/deckhand:latest
dep_check: docker.io/kolla/ubuntu-source-kubernetes-entrypoint:4.0.0
db_init: docker.io/postgres:9.5
db_sync: docker.io/postgres:9.5
ks_user: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
ks_service: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
ks_endpoints: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
pull_policy: "IfNotPresent"
release_group: null
network:
ingress:
public: true
port: 9000
node_port: 31902
enable_node_port: false
dependencies:
db_init:
services:
- service: postgresql
endpoint: internal
db_sync:
jobs:
- deckhand-db-init
services:
- service: postgresql
endpoint: internal
ks_user:
services:
- service: identity
endpoint: internal
ks_service:
services:
- service: identity
endpoint: internal
ks_endpoints:
jobs:
- deckhand-ks-service
services:
- service: identity
endpoint: internal
deckhand:
jobs:
- deckhand-ks-endpoints
- deckhand-ks-user
- deckhand-ks-endpoints
services:
- service: identity
endpoint: internal
- service: key_manager
endpoint: internal
# typically overriden by environmental
# values, but should include all endpoints
# required by this chart
endpoints:
cluster_domain_suffix: cluster.local
identity:
name: keystone
auth:
user:
region_name: RegionOne
role: admin
project_name: service
project_domain_name: default
user_domain_name: default
username: deckhand
password: password
admin:
region_name: RegionOne
project_name: admin
password: password
username: admin
user_domain_name: default
project_domain_name: default
hosts:
default: keystone-api
public: keystone
path:
default: /v3
scheme:
default: http
port:
admin:
default: 35357
api:
default: 80
host_fqdn_override:
default: null
deckhand:
name: deckhand
hosts:
default: deckhand-int
public: deckhand-api
port:
api:
default: 9000
path:
default: /api/v1.0
scheme:
default: http
host_fqdn_override:
default: null
postgresql:
name: postgresql
auth:
admin:
username: deckhand
password: password
user:
username: deckhand
password: password
hosts:
default: postgresql
path: /deckhand
scheme: postgresql+psycopg2
port:
postgresql:
default: 5432
host_fqdn_override:
default: null
key_manager:
name: barbican
hosts:
default: barbican-api
public: barbican
host_fqdn_override:
default: null
path:
default: /v1
scheme:
default: http
port:
api:
default: 9311
public: 80
oslo_cache:
hosts:
default: memcached
host_fqdn_override:
default: null
port:
memcache:
default: 11211
secrets:
identity:
admin: deckhand-keystone-admin
user: deckhand-keystone-user
postgresql:
admin: deckhand-db-admin
user: deckhand-db-user
database:
postgresql:
db_name: deckhand
db_root_user: postgres
conf:
policy:
admin_api: role:admin
deckhand:create_cleartext_documents: rule:admin_api
deckhand:create_encrypted_documents: rule:admin_api
deckhand:list_cleartext_documents: rule:admin_api
deckhand:list_encrypted_documents: rule:admin_api
deckhand:show_revision: rule:admin_api
deckhand:list_revisions: rule:admin_api
deckhand:delete_revisions: rule:admin_api
deckhand:show_revision_diff: rule:admin_api
deckhand:create_tag: rule:admin_api
deckhand:show_tag: rule:admin_api
deckhand:list_tags: rule:admin_api
deckhand:delete_tag: rule:admin_api
deckhand:delete_tags: rule:admin_api
paste:
filter:authtoken:
paste.filter_factory: keystonemiddleware.auth_token:filter_factory
filter:debug:
use: egg:oslo.middleware#debug
filter:cors:
paste.filter_factory: oslo_middleware.cors:filter_factory
oslo_config_project: deckhand
filter:request_id:
paste.filter_factory: oslo_middleware:RequestId.factory
app:api:
paste.app_factory: deckhand.service:deckhand_app_factory
pipeline:deckhand_api:
pipeline: authtoken api
deckhand:
DEFAULT:
debug: true
log_file: deckhand.log
use_stderr: true
use_syslog: true
database:
connection:
keystone_authtoken:
delay_auth_decision: true
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
oslo_policy:
policy_file: policy.yaml
policy_default_rule: default
policy_dirs: policy.d
logging:
loggers:
keys: 'root, deckhand'
handlers:
keys: 'file, null, syslog'
formatters:
keys: 'simple, context'
logger_deckhand:
level: DEBUG
handlers: file
qualname: deckhand
logger_root:
level: WARNING
handlers: null
handler_file:
class: FileHandler
level: DEBUG
args: "('deckhand.log', 'w+')"
formatter: context
handler_null:
class: 'logging.NullHandler'
formatter: context
args: '()'
handler_syslog:
class: 'handlers.SysLogHandler'
level: ERROR
args: "('/dev/log', handlers.SysLogHandler.LOG_USER)"
formatter_context:
class: 'oslo_log.formatters.ContextFormatter'
formatter_simple:
format: "%(asctime)s.%(msecs)03d %(process)d %(levelname)s: %(message)s"
pod:
mounts:
deckhand_db_init:
init_container: null
deckhand_db_init:
deckhand_db_sync:
init_container: null
deckhand_db_sync:
deckhand:
init_container: null
deckhand:
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
termination_grace_period:
deckhand:
timeout: 30
replicas:
deckhand: 1
resources:
enabled: false
api:
limits:
memory: "128Mi"
cpu: "100m"
requests:
memory: "128Mi"
cpu: "100m"
jobs:
ks_user:
limits:
memory: "128Mi"
cpu: "100m"
requests:
memory: "128Mi"
cpu: "100m"
ks_service:
limits:
memory: "128Mi"
cpu: "100m"
requests:
memory: "128Mi"
cpu: "100m"
ks_endpoints:
limits:
memory: "128Mi"
cpu: "100m"
requests:
memory: "128Mi"
cpu: "100m"
manifests:
configmap_bin: true
configmap_etc: true
deployment: true
job_db_init: true
job_db_sync: true
job_ks_endpoints: true
job_ks_service: true
job_ks_user: true
secret_db: true
secret_keystone: true
service_api: true
ingress_api: true
service: true
service_ingress: true