airship/drydock
Code Issues Proposed changes

Uplift Drydock to master Helm-Toolkit

Browse Source 
Update the Drydock chart to be compatible with the latest Helm-Toolkit,
including taking advantage of some HTK manifest generation functionality
and updating the helm_tk.sh script to pull down master
openstack-helm-infra. Also update the default drydock image to point
to the current airshipit master rather than the old attcomdev in quay.

Change-Id: I9a818ae054361749ce16e9a6213fbeed82581f02
Co-Authored-By: Pete Birley <pete@port.direct>
Signed-off-by: Pete Birley <pete@port.direct>
This commit is contained in:
Matt McEuen 2018-08-23 17:12:18 -05:00 committed by Scott Hussey
parent 472fc0f232
commit 2bfb9c59cd
10 changed files with 94 additions and 229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
charts/drydock/templates/deployment.yaml
View File

@ -15,9 +15,8 @@
{{- if .Values.manifests.deployment_drydock }}
{{- $envAll := . -}}
{{- $dependencies := .Values.dependencies.api }}
{{- $serviceAccountName := "drydock-api" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1beta1
kind: Deployment
@ -39,7 +38,7 @@ spec:
affinity:
{{ tuple $envAll "drydock" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{ tuple $envAll "api" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: drydock-api
env:
@ -85,6 +84,7 @@ spec:
mountPath: /root/.ssh/config
readOnly: true
{{- end }}
workingDir: /tmp/drydock
volumes:
{{- if .Values.manifests.secret_ssh_key }}
- name: root-ssh

7
charts/drydock/templates/job-drydock-db-init.yaml
View File

@ -16,9 +16,8 @@ limitations under the License.
{{- if .Values.manifests.job_drydock_db_init }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.db_init }}
{{- $serviceAccountName := "drydock-db-init" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
{{ tuple $envAll "db_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
@ -33,9 +32,9 @@ spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{ tuple $envAll "db_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: drydock-db-init
image: {{ .Values.images.tags.drydock_db_init | quote }}

8
charts/drydock/templates/job-drydock-db-sync.yaml
View File

@ -16,9 +16,8 @@ limitations under the License.
{{- if .Values.manifests.job_drydock_db_sync }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.db_sync }}
{{- $serviceAccountName := "drydock-db-sync" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
{{ tuple $envAll "db_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
@ -33,9 +32,9 @@ spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{ tuple $envAll "db_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: drydock-db-sync
image: {{ .Values.images.tags.drydock_db_sync | quote }}
@ -54,6 +53,7 @@ spec:
mountPath: /tmp/db-sync.sh
subPath: db-sync.sh
readOnly: true
workingDir: /tmp/drydock
volumes:
- name: drydock-bin
configMap:

57
charts/drydock/templates/job-ks-endpoints.yaml
View File

@ -14,59 +14,6 @@
# limitations under the License. */}}
{{- if .Values.manifests.job_ks_endpoints }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ks_endpoints }}
{{- $serviceAccountName := "drydock-ks-endpoints" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: drydock-ks-endpoints
spec:
template:
metadata:
labels:
{{ tuple $envAll "drydock" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
{{- range $key1, $osServiceType := tuple "physicalprovisioner" }}
{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
- name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }}
image: {{ $envAll.Values.images.tags.ks_endpoints }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-endpoints.sh
volumeMounts:
- name: ks-endpoints-sh
mountPath: /tmp/ks-endpoints.sh
subPath: ks-endpoints.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "drydock" "serviceTypes" ( tuple "physicalprovisioner" ) -}}
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }}
{{- end }}
- name: OS_SVC_ENDPOINT
value: {{ $osServiceEndPoint }}
- name: OS_SERVICE_NAME
value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
- name: OS_SERVICE_TYPE
value: {{ $osServiceType }}
- name: OS_SERVICE_ENDPOINT
value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
{{- end }}
{{- end }}
volumes:
- name: ks-endpoints-sh
configMap:
name: drydock-bin
defaultMode: 0555
...
{{- end -}}

55
charts/drydock/templates/job-ks-service.yaml
View File

@ -13,56 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License. */}}
{{- if .Values.manifests.job_ks_service -}}
{{- $envAll := . }}
{{- $ksAdminSecret := .Values.secrets.identity.admin }}
{{- $dependencies := .Values.dependencies.ks_service }}
{{- $serviceAccountName := "drydock-ks-service" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: drydock-ks-service
spec:
template:
metadata:
labels:
{{ tuple $envAll "drydock" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
{{- range $key1, $osServiceType := tuple "physicalprovisioner" }}
- name: {{ $osServiceType }}-ks-service-registration
image: {{ $envAll.Values.images.tags.ks_service }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_service | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-service.sh
volumeMounts:
- name: ks-service-sh
mountPath: /tmp/ks-service.sh
subPath: ks-service.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- if .Values.manifests.job_ks_service }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "drydock" "serviceTypes" ( tuple "physicalprovisioner" ) -}}
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }}
{{- end }}
- name: OS_SERVICE_NAME
value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
- name: OS_SERVICE_TYPE
value: {{ $osServiceType }}
{{- end }}
volumes:
- name: ks-service-sh
configMap:
name: drydock-bin
defaultMode: 0555
...
{{- end -}}

55
charts/drydock/templates/job-ks-user.yaml
View File

@ -14,57 +14,6 @@
# limitations under the License. */}}
{{- if .Values.manifests.job_ks_user }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ks_user }}
{{- $serviceAccountName := "drydock-ks-user" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: drydock-ks-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "drydock" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: drydock-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- $ksUserJob := dict "envAll" . "serviceName" "drydock" -}}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: {{ $envAll.Values.endpoints.physicalprovisioner.name | quote }}
- name: SERVICE_OS_DOMAIN_NAME
value: {{ $envAll.Values.endpoints.identity.auth.user.project_domain_name | quote }}
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.user }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ $envAll.Values.endpoints.identity.auth.user.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: drydock-bin
defaultMode: 0555
...
{{- end -}}

2
charts/drydock/templates/secret-keystone-env.yaml
View File

@ -15,7 +15,7 @@
*/}}
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "drydock" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

2
charts/drydock/templates/secret-ssh-key.yaml
View File

@ -23,6 +23,6 @@ metadata:
type: Opaque
data:
PRIVATE_KEY: |-
{{ .Values.conf.ssh.private_key | b64enc | indent 4 }}
{{ .Values.conf.ssh.private_key | default "" | b64enc | indent 4 }}
...
{{- end }}

119
charts/drydock/values.yaml
View File

@ -18,19 +18,29 @@ replicas:
drydock: 2
labels:
node_selector_key: ucp-control-plane
node_selector_value: enabled
api:
node_selector_key: ucp-control-plane
node_selector_value: enabled
job:
node_selector_key: ucp-control-plane
node_selector_value: enabled
images:
tags:
drydock: quay.io/attcomdev/drydock:1.0.1
drydock: quay.io/airshipit/drydock:master
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
ks_user: docker.io/openstackhelm/heat:newton
ks_service: docker.io/openstackhelm/heat:newton
ks_endpoints: docker.io/openstackhelm/heat:newton
drydock_db_init: docker.io/postgres:9.5
drydock_db_sync: quay.io/attcomdev/drydock:1.0.1
drydock_db_sync: quay.io/airshipit/drydock:master
pull_policy: "IfNotPresent"
#TODO(mattmceuen): This chart does not yet support local image caching
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
network:
api:
@ -113,7 +123,7 @@ manifests:
job_drydock_db_sync: true
secret_keystone: true
secret_database: true
secret_ssh_key: false
secret_ssh_key: true
configmap_etc: true
configmap_bin: true
service_drydock: true
@ -122,56 +132,57 @@ manifests:
test_drydock_auth: true
dependencies:
db_init:
services:
- service: postgresql
endpoint: internal
db_sync:
services:
- service: postgresql
endpoint: internal
jobs:
- drydock-db-init
ks_user:
services:
- service: identity
endpoint: internal
ks_service:
services:
- service: identity
endpoint: internal
ks_endpoints:
jobs:
- drydock-ks-service
services:
- service: identity
endpoint: internal
api:
jobs:
- drydock-ks-endpoints
- drydock-ks-user
- drydock-ks-endpoints
- drydock-db-init
- drydock-db-sync
services:
- service: identity
endpoint: internal
- service: postgresql
endpoint: internal
dynamic:
common:
local_image_registry:
jobs:
- drydock-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
db_init:
services:
- service: postgresql
endpoint: internal
db_sync:
services:
- service: postgresql
endpoint: internal
jobs:
- drydock-db-init
ks_user:
services:
- service: identity
endpoint: internal
ks_service:
services:
- service: identity
endpoint: internal
ks_endpoints:
jobs:
- drydock-ks-service
services:
- service: identity
endpoint: internal
api:
jobs:
- drydock-ks-endpoints
- drydock-ks-user
- drydock-ks-service
- drydock-db-init
- drydock-db-sync
services:
- service: identity
endpoint: internal
- service: postgresql
endpoint: internal
endpoints:
cluster_domain_suffix: cluster.local
identity:
name: keystone
auth:
user:
region_name: RegionOne
role: admin
project_name: service
project_domain_name: default
user_domain_name: default
username: drydock
password: password
admin:
region_name: RegionOne
project_name: admin
@ -179,6 +190,14 @@ endpoints:
username: admin
user_domain_name: default
project_domain_name: default
drydock:
region_name: RegionOne
role: admin
project_name: service
project_domain_name: default
user_domain_name: default
username: drydock
password: password
hosts:
default: keystone
internal: keystone-api
@ -229,7 +248,7 @@ endpoints:
secrets:
identity:
admin: drydock-keystone-admin
user: drydock-keystone-user
drydock: drydock-keystone-user
postgresql:
admin: drydock-postgresql-admin
user: drydock-postgresql-user

8
tools/helm_tk.sh
View File

@ -16,9 +16,9 @@
# Script to setup helm-toolkit and helm dep up the shipyard chart
#
HELM=$1
HTK_REPO=${HTK_REPO:-"https://github.com/openstack/openstack-helm"}
HTK_REPO=${HTK_REPO:-"https://github.com/openstack/openstack-helm-infra"}
HTK_PATH=${HTK_PATH:-""}
HTK_STABLE_COMMIT=${HTK_COMMIT:-"f902cd14fac7de4c4c9f7d019191268a6b4e9601"}
HTK_STABLE_COMMIT=${HTK_COMMIT:-"274b230dcc8960af4fe44a871addcb5aacef3dba"}
DEP_UP_LIST=${DEP_UP_LIST:-"drydock"}
BUILD_DIR=${BUILD_DIR:-$(mktemp -d)}
@ -36,7 +36,7 @@ function helm_serve {
if [[ -d "$HOME/.helm" ]]; then
echo ".helm directory found"
else
"${HELM}" init --client-only
${HELM} init --client-only --skip-refresh
fi
if [[ -z $(curl --noproxy '*' -s 127.0.0.1:8879 | grep 'Helm Repository') ]]; then
"${HELM}" serve & > /dev/null
@ -58,7 +58,7 @@ function helm_serve {
mkdir -p "$BUILD_DIR"
pushd "$BUILD_DIR"
git clone $HTK_REPO || true
pushd openstack-helm/$HTK_PATH
pushd openstack-helm-infra/$HTK_PATH
git reset --hard "${HTK_STABLE_COMMIT}"
helm_serve