airship/maas
Code Issues Proposed changes

Merge "MAAS support for pod mobility"

Browse Source
This commit is contained in:
Zuul 2018-11-05 20:59:51 +00:00 committed by Gerrit Code Review
commit 66eb874e63
20 changed files with 633 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
charts/maas/templates/bin/_maas-ingress-errors.sh.tpl Normal file
View File

@ -0,0 +1,30 @@
#!/bin/sh
{{/*
Copyright 2018 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.*/}}
set -ex
COMMAND="${@:-start}"
if [ "x${COMMAND}" == "xstart" ]; then
if [[ -z "${BIND_PORT}" ]]
then
exec /server
else
exec /server -port ${BIND_PORT}
fi
elif [ "x${COMMAND}" == "xstop" ]; then
kill -TERM 1
fi

41
charts/maas/templates/bin/_maas-ingress.sh.tpl Normal file
View File

@ -0,0 +1,41 @@
#!/bin/bash
{{/*
Copyright 2018 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.*/}}
set -ex
COMMAND="${1:-start}"
function start () {
exec /usr/bin/dumb-init \
/nginx-ingress-controller \
--http-port="${HTTP_PORT}" \
--watch-namespace="${POD_NAMESPACE}" \
--https-port="${HTTPS_PORT}" \
--status-port="${STATUS_PORT}" \
--healthz-port="${HEALTHZ_PORT}" \
--election-id=${RELEASE_NAME} \
--ingress-class=maas-ingress \
--default-backend-service=${POD_NAMESPACE}/${ERROR_PAGE_SERVICE} \
--configmap=${POD_NAMESPACE}/maas-ingress-config \
--tcp-services-configmap=${POD_NAMESPACE}/maas-ingress-services-tcp
}
function stop () {
kill -TERM 1
}
$COMMAND

60
charts/maas/templates/bin/_maas-vip-configure.sh.tpl Normal file
View File

@ -0,0 +1,60 @@
#!/bin/bash
{{/*
Copyright 2018 The Openstack-Helm Authors.
Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.*/}}
set -ex
COMMAND="${@:-start}"
function kernel_modules () {
chroot /mnt/host-rootfs modprobe dummy
}
function test_vip () {
ip addr show ${interface} | \
awk "/inet / && /${interface}/{print \$2 }" | \
awk -F '/' '{ print $1 }' | \
grep -q "${addr%/*}"
}
function start () {
kernel_modules
ip link show ${interface} > /dev/null || ip link add ${interface} type dummy
if ! test_vip; then
ip addr add ${addr} dev ${interface}
fi
ip link set ${interface} up
}
function sleep () {
exec /usr/bin/dumb-init bash -c "while :; do sleep 2073600; done"
}
function stop () {
ip link show ${interface} > /dev/null || exit 0
if test_vip; then
ip addr del ${addr} dev ${interface}
fi
if [ "$(ip address show ${interface} | \
awk "/inet / && /${interface}/{print \$2 }" | \
wc -l)" -le "0" ]; then
ip link set ${interface} down
ip link del ${interface}
fi
}
$COMMAND

6
charts/maas/templates/configmap-bin.yaml
View File

@ -41,3 +41,9 @@ data:
{{ tuple "bin/_maas-test.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_maas-test.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ntpd.sh: | ntpd.sh: |
{{ tuple "bin/_ntpd.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_ntpd.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
maas-ingress: |
{{ tuple "bin/_maas-ingress.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
maas-ingress-errors: |
{{ tuple "bin/_maas-ingress-errors.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
maas-vip-configure: |
{{ tuple "bin/_maas-vip-configure.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}

38
charts/maas/templates/configmap-ingress.yaml Normal file
View File

@ -0,0 +1,38 @@
{{/*
Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_ingress }}
{{ $bind_address_cidr := .Values.network.maas_ingress.addr | splitList "/" }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: maas-ingress-services-tcp
data:
{{ tuple "maas_region" "public" "region_api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}: "{{- .Release.Namespace -}}/{{- tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" -}}:region-api"
{{ tuple "maas_region" "public" "region_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}: "{{- .Release.Namespace -}}/{{- tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" -}}:region-proxy"
...
---
apiVersion: v1
kind: ConfigMap
metadata:
name: maas-ingress-config
data:
enable-underscores-in-headers: "true"
bind-address: {{ index $bind_address_cidr 0 | quote }}
diable-ipv6: "true"
...
{{- end }}

63
charts/maas/templates/deployment-ingress-errors.yaml Normal file
View File

@ -0,0 +1,63 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.rack_deployment }}
{{- $envAll := . }}
{{- $serviceAccountName := "maas-ingress-errors" }}
{{- $mounts_maas_rack := .Values.pod.mounts.maas_rack }}
{{- $mounts_maas_rack_init := .Values.pod.mounts.maas_rack.init_container }}
{{ tuple $envAll "rack_controller" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: maas-ingress-errors
spec:
serviceName: maas-rack
replicas: {{ .Values.pod.replicas.ingress_errors }}
template:
metadata:
labels:
{{ tuple $envAll "maas" "ingress-errors" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
nodeSelector:
{{ .Values.labels.rack.node_selector_key }}: {{ .Values.labels.rack.node_selector_value }}
dnsPolicy: ClusterFirst
containers:
- name: maas-ingress-errors
image: {{ .Values.images.tags.error_pages }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_errors | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/maas-ingress-errors.sh
- start
env:
- name: BIND_PORT
value: {{ tuple "maas_ingress" "podport" "error_pages" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
volumeMounts:
- mountPath: /tmp/maas-ingress-errors.sh
name: maas-bin
subPath: maas-ingress-errors
readOnly: true
volumes:
- name: maas-bin
configMap:
name: maas-bin
defaultMode: 0555
{{- end }}

5
charts/maas/templates/etc/_curtin_userdata.tpl
View File

@ -1,3 +1,4 @@
{{- $drydock_url := tuple "physicalprovisioner" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" -}}
#cloud-config #cloud-config
debconf_selections: debconf_selections:
maas: | maas: |
@ -34,8 +35,8 @@ def find_ba_key(n):
return False return False
{{ "}}" }} {{ "}}" }}
{{ "{{" }}py: ba_key = find_ba_key(node){{ "}}" }} {{ "{{" }}py: ba_key = find_ba_key(node){{ "}}" }}
{{ "{{" }}py: ba_units_url = ''.join([{{ .Values.conf.drydock.bootaction_url | quote }},node.hostname,'/units']){{ "}}" }} {{ "{{" }}py: ba_units_url = ''.join([{{ quote $drydock_url }},'/bootactions/nodes/',node.hostname,'/units']){{ "}}" }}
{{ "{{" }}py: ba_files_url = ''.join([{{ .Values.conf.drydock.bootaction_url | quote }},node.hostname,'/files']){{ "}}" }} {{ "{{" }}py: ba_files_url = ''.join([{{ quote $drydock_url }},'/bootactions/nodes/',node.hostname,'/files']){{ "}}" }}
{{ "{{" }}if ba_key{{ "}}" }} {{ "{{" }}if ba_key{{ "}}" }}
drydock_00: ["sh", "-c", "echo Installing Drydock Boot Actions."] drydock_00: ["sh", "-c", "echo Installing Drydock Boot Actions."]
drydock_01: ["curtin", "in-target", "--", "wget", "--no-proxy", "--header=X-Bootaction-Key: {{ "{{" }}ba_key{{ "}}" }}", "{{ "{{" }}ba_units_url{{ "}}" }}", "-O", "/tmp/bootaction-units.tar.gz"] drydock_01: ["curtin", "in-target", "--", "wget", "--no-proxy", "--header=X-Bootaction-Key: {{ "{{" }}ba_key{{ "}}" }}", "{{ "{{" }}ba_units_url{{ "}}" }}", "-O", "/tmp/bootaction-units.tar.gz"]

6
charts/maas/templates/etc/_regiond.conf.tpl
View File

@ -14,12 +14,8 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
*/}} */}}
{{- if empty .Values.conf.maas.url.maas_url -}}
{{- tuple "maas_region_ui" "default" "region_ui" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.maas.url "maas_url" | quote | trunc 0 -}}
{{- end }}
database_host: {{ tuple "maas_db" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} database_host: {{ tuple "maas_db" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
database_name: {{ .Values.endpoints.maas_db.auth.user.database }} database_name: {{ .Values.endpoints.maas_db.auth.user.database }}
database_pass: {{ .Values.endpoints.maas_db.auth.user.password }} database_pass: {{ .Values.endpoints.maas_db.auth.user.password }}
database_user: {{ .Values.endpoints.maas_db.auth.user.username }} database_user: {{ .Values.endpoints.maas_db.auth.user.username }}
maas_url: {{ .Values.conf.maas.url.maas_url }} maas_url: {{ tuple "maas_region" "public" "region_api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}

35
charts/maas/templates/ingress-region.yaml Normal file
View File

@ -0,0 +1,35 @@
{{/*
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
{{- if and .Values.manifests.ingress_region .Values.network.region_api.ingress.public }}
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: maas-region-api
annotations:
kubernetes.io/ingress.class: {{ .Values.network.region_api.ingress.classes.cluster | quote }}
spec:
rules:
- host: {{ tuple "maas_region" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
http:
paths:
- path: /
backend:
serviceName: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
servicePort: region-api
...
{{ end }}

4
charts/maas/templates/job-import.yaml
View File

@ -56,7 +56,7 @@ spec:
- name: TRY_LIMIT - name: TRY_LIMIT
value: {{ .Values.jobs.import_boot_resources.try_limit | quote }} value: {{ .Values.jobs.import_boot_resources.try_limit | quote }}
- name: MAAS_ENDPOINT - name: MAAS_ENDPOINT
value: {{ tuple "maas_region_ui" "default" "region_ui" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} value: {{ tuple "maas_region" "public" "region_api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
- name: MAAS_PROXY_ENABLED - name: MAAS_PROXY_ENABLED
value: {{ .Values.conf.maas.proxy.proxy_enabled | quote }} value: {{ .Values.conf.maas.proxy.proxy_enabled | quote }}
- name: MAAS_PEER_PROXY_ENABLED - name: MAAS_PEER_PROXY_ENABLED
@ -64,7 +64,7 @@ spec:
- name: MAAS_PROXY_SERVER - name: MAAS_PROXY_SERVER
value: {{ .Values.conf.maas.proxy.proxy_server }} value: {{ .Values.conf.maas.proxy.proxy_server }}
- name: MAAS_INTERNAL_PROXY_PORT - name: MAAS_INTERNAL_PROXY_PORT
value: {{ .Values.network.port.service_proxy | quote }} value: {{ tuple "maas_region" "default" "region_proxy" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
- name: MAAS_HTTP_BOOT - name: MAAS_HTTP_BOOT
value: {{ .Values.conf.maas.http_boot | quote }} value: {{ .Values.conf.maas.http_boot | quote }}
- name: MAAS_NTP_SERVERS - name: MAAS_NTP_SERVERS

2
charts/maas/templates/secret-admin-user.yaml
View File

@ -17,7 +17,7 @@ limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" }} {{- range $key1, $userClass := tuple "admin" }}
{{- $secretName := index $envAll.Values.secrets.maas_users $userClass }} {{- $secretName := index $envAll.Values.secrets.maas_users $userClass }}
{{- $auth := index $envAll.Values.endpoints.maas_region_ui.auth $userClass }} {{- $auth := index $envAll.Values.endpoints.maas_region.auth $userClass }}
--- ---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret

28
charts/maas/templates/service-ingress-error.yaml Normal file
View File

@ -0,0 +1,28 @@
{{/*
Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "maas_ingress" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: error-pages
port: {{ tuple "maas_ingress" "default" "error_pages" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
targetPort: {{ tuple "maas_ingress" "podport" "error_pages" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
selector:
{{ tuple . "maas" "ingress-errors" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
...

7
charts/maas/templates/service-rack.yaml
View File

@ -1,7 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: maas-rack
spec:
clusterIP: 'None'

25
charts/maas/templates/service-region.yaml
View File

@ -8,7 +8,6 @@ You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0 http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software Unless required by applicable law or agreed to in writing, software
app: maas-region
distributed under the License is distributed on an "AS IS" BASIS, distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and See the License for the specific language governing permissions and
@ -20,23 +19,23 @@ limitations under the License.
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: {{ tuple "maas_region_ui" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec: spec:
ports: ports:
- name: r-ui - name: region-api
port: {{ .Values.network.port.service_gui }} port: {{ tuple "maas_region" "internal" "region_api" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
targetPort: {{ .Values.network.port.service_gui_target }} targetPort: {{ tuple "maas_region" "podport" "region_api" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ if .Values.network.gui.node_port.enabled }} {{ if .Values.network.region_api.node_port.enabled }}
nodePort: {{ .Values.network.gui.node_port.port }} nodePort: {{ tuple "maas_region" "nodeport" "region_api" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ end }} {{ end }}
- port: {{ .Values.network.port.service_proxy }} - name: region-proxy
targetPort: {{ .Values.network.port.service_proxy }} port: {{ tuple "maas_region" "internal" "region_proxy" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ if .Values.network.proxy.node_port.enabled }} targetPort: {{ tuple "maas_region" "podport" "region_proxy" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
nodePort: {{ .Values.network.port.service_proxy }} {{ if .Values.network.region_proxy.node_port.enabled }}
nodePort: {{ tuple "maas_region" "nodeport" "region_proxy" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ end }} {{ end }}
name: proxy
selector: selector:
{{ tuple $envAll "maas" "region" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{ tuple $envAll "maas" "region" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ if .Values.network.proxy.node_port.enabled }} {{ if or .Values.network.region_proxy.node_port.enabled .Values.network.region_api.node_port.enabled }}
type: NodePort type: NodePort
{{ end }} {{ end }}

221
charts/maas/templates/statefulset-rack.yaml
View File

@ -16,9 +16,6 @@ limitations under the License.
*/}} */}}
{{- if .Values.manifests.rack_deployment }} {{- if .Values.manifests.rack_deployment }}
{{- if empty .Values.conf.maas.url.maas_url -}}
{{- tuple "maas_region_ui" "default" "region_ui" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.maas.url "maas_url" | quote | trunc 0 -}}
{{- end -}}
{{- $envAll := . }} {{- $envAll := . }}
{{- $serviceAccountName := "maas-rack" }} {{- $serviceAccountName := "maas-rack" }}
{{- $mounts_maas_rack := .Values.pod.mounts.maas_rack }} {{- $mounts_maas_rack := .Values.pod.mounts.maas_rack }}
@ -26,6 +23,125 @@ limitations under the License.
{{ tuple $envAll "rack_controller" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} {{ tuple $envAll "rack_controller" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
--- ---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ $serviceAccountName }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: {{ $serviceAccountName }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ $serviceAccountName }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- {{ printf "%s-maas-ingress" .Release.Name | quote }}
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- create
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ $serviceAccountName }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
---
---
apiVersion: apps/v1beta1 apiVersion: apps/v1beta1
kind: StatefulSet kind: StatefulSet
metadata: metadata:
@ -47,21 +163,107 @@ spec:
spec: spec:
serviceAccountName: {{ $serviceAccountName }} serviceAccountName: {{ $serviceAccountName }}
affinity: affinity:
{{ tuple $envAll "maas" "rack" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} {{- tuple $envAll "maas" "rack" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector: nodeSelector:
{{ .Values.labels.rack.node_selector_key }}: {{ .Values.labels.rack.node_selector_value }} {{ .Values.labels.rack.node_selector_key }}: {{ .Values.labels.rack.node_selector_value }}
hostNetwork: true hostNetwork: true
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirstWithHostNet
initContainers: initContainers:
{{ tuple $envAll "rack_controller" $mounts_maas_rack_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{ tuple $envAll "rack_controller" $mounts_maas_rack_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: maas-ingress-vip-init
image: {{ .Values.images.tags.ingress }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
capabilities:
add:
- 'NET_ADMIN'
- 'SYS_MODULE'
runAsUser: 0
command:
- /tmp/maas-vip-configure.sh
- start
env:
{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.maas_ingress | indent 12 }}
volumeMounts:
- mountPath: /tmp/maas-vip-configure.sh
name: maas-bin
subPath: maas-vip-configure
readOnly: true
- mountPath: /mnt/host-rootfs
name: host-rootfs
readOnly: true
containers: containers:
- name: maas-ingress-vip
image: {{ .Values.images.tags.ingress }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
capabilities:
add:
- 'NET_ADMIN'
runAsUser: 0
command:
- /tmp/maas-vip-configure.sh
- sleep
env:
{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.maas_ingress | indent 12 }}
volumeMounts:
- mountPath: /tmp/maas-vip-configure.sh
name: maas-bin
subPath: maas-vip-configure
readOnly: true
lifecycle:
preStop:
exec:
command:
- /tmp/maas-vip-configure.sh
- stop
- name: maas-ingress
image: {{ .Values.images.tags.ingress }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
capabilities:
add:
- 'NET_BIND_SERVICE'
runAsUser: 0
command:
- /tmp/maas-ingress.sh
- start
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: RELEASE_NAME
value: {{ .Release.Name | quote }}
- name: HTTP_PORT
value: "8808"
- name: HTTPS_PORT
value: "8543"
- name: HEALTHZ_PORT
value: {{ tuple "maas_ingress" "podport" "healthz" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: STATUS_PORT
value: {{ tuple "maas_ingress" "podport" "status" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: ERROR_PAGE_SERVICE
value: {{ tuple "maas_ingress" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | quote }}
volumeMounts:
- mountPath: /tmp/maas-ingress.sh
name: maas-bin
subPath: maas-ingress
readOnly: true
- name: maas-rack - name: maas-rack
image: {{ .Values.images.tags.maas_rack }} image: {{ .Values.images.tags.maas_rack }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
tty: true tty: true
env: env:
- name: MAAS_ENDPOINT - name: MAAS_ENDPOINT
value: {{ .Values.conf.maas.url.maas_url }} value: {{ tuple "maas_region" "public" "region_api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
- name: MAAS_REGION_SECRET - name: MAAS_REGION_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@ -108,6 +310,10 @@ spec:
mountPath: /var/lib/maas mountPath: /var/lib/maas
subPath: home subPath: home
readOnly: false readOnly: false
- name: maas-etc
mountPath: /etc/nsswitch.conf
subPath: nsswitch.conf
readOnly: true
{{- if .Values.manifests.secret_ssh_key }} {{- if .Values.manifests.secret_ssh_key }}
- name: priv-key - name: priv-key
subPath: PRIVATE_KEY subPath: PRIVATE_KEY
@ -118,6 +324,9 @@ spec:
- name: host-sys-fs-cgroup - name: host-sys-fs-cgroup
hostPath: hostPath:
path: /sys/fs/cgroup path: /sys/fs/cgroup
- name: host-rootfs
hostPath:
path: /
- name: pod-run - name: pod-run
emptyDir: {} emptyDir: {}
- name: pod-run-lock - name: pod-run-lock

8
charts/maas/templates/statefulset-region.yaml
View File

@ -56,11 +56,13 @@ spec:
tty: true tty: true
{{ tuple $envAll $envAll.Values.pod.resources.maas_region | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.maas_region | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
ports: ports:
- name: r-ui - name: region-api
containerPort: {{ .Values.network.port.region_container }} containerPort: {{ tuple "maas_region" "podport" "region_api" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: region-proxy
containerPort: {{ tuple "maas_region" "podport" "region_proxy" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
readinessProbe: readinessProbe:
tcpSocket: tcpSocket:
port: {{ .Values.network.port.region_container }} port: {{ tuple "maas_region" "podport" "region_api" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
securityContext: securityContext:
privileged: true privileged: true
command: command:

2
charts/maas/templates/tests/test-maas-init.yaml
View File

@ -34,7 +34,7 @@ spec:
- name: "{{ .Release.Name }}-api-test" - name: "{{ .Release.Name }}-api-test"
env: env:
- name: 'MAAS_URL' - name: 'MAAS_URL'
value: {{ tuple "maas_region_ui" "internal" "region_ui" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }} value: {{ tuple "maas_region" "internal" "region_api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
- name: 'MAAS_API_KEY' - name: 'MAAS_API_KEY'
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:

116
charts/maas/values.yaml
View File

@ -20,10 +20,8 @@
dependencies: dependencies:
static: static:
rack_controller: rack_controller:
jobs:
- maas-db-sync
services: services:
- service: maas_region_ui - service: maas_region
endpoint: internal endpoint: internal
region_controller: region_controller:
jobs: jobs:
@ -42,23 +40,19 @@ dependencies:
jobs: jobs:
- maas-db-sync - maas-db-sync
services: services:
- service: maas_region_ui - service: maas_region
endpoint: internal endpoint: internal
- service: maas_db - service: maas_db
endpoint: internal endpoint: internal
import_resources: import_resources:
jobs:
- maas-db-sync
services: services:
- service: maas_region_ui - service: maas_region
endpoint: internal endpoint: internal
- service: maas_db - service: maas_db
endpoint: internal endpoint: internal
export_api_key: export_api_key:
jobs:
- maas-db-sync
services: services:
- service: maas_region_ui - service: maas_region
endpoint: internal endpoint: internal
- service: maas_db - service: maas_db
endpoint: internal endpoint: internal
@ -68,6 +62,8 @@ manifests:
rack_deployment: true rack_deployment: true
test_maas_api: true test_maas_api: true
secret_ssh_key: false secret_ssh_key: false
ingress_region: true
configmap_ingress: true
images: images:
tags: tags:
@ -79,6 +75,8 @@ images:
export_api_key: quay.io/airshipit/maas-region-controller:latest export_api_key: quay.io/airshipit/maas-region-controller:latest
maas_cache: quay.io/airshipit/sstream-cache:latest maas_cache: quay.io/airshipit/sstream-cache:latest
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
error_pages: gcr.io/google_containers/defaultbackend:1.0
pull_policy: IfNotPresent pull_policy: IfNotPresent
local_registry: local_registry:
# TODO(portdirect): this chart does not yet support local image cacheing # TODO(portdirect): this chart does not yet support local image cacheing
@ -102,20 +100,23 @@ labels:
node_selector_value: enabled node_selector_value: enabled
network: network:
proxy: maas_ingress:
mode: routed
interface: maas-vip
addr: 172.18.0.2/32
region_proxy:
node_port: node_port:
enabled: true enabled: false
gui: region_api:
ingress:
public: true
classes:
namespace: "maas-ingress"
cluster: "maas-ingress"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: "/"
node_port: node_port:
enabled: true enabled: false
port: 31900
port:
region_container: 80
service_gui: 80
service_gui_target: 80
service_proxy: 31800
db_service: 5432
db_service_target: 5432
storage: storage:
rackd: rackd:
@ -145,8 +146,6 @@ conf:
override: override:
append: append:
http_boot: true http_boot: true
url:
maas_url: null
ntp: ntp:
# These options allow you to mock out the ntpd binary within the container # These options allow you to mock out the ntpd binary within the container
# by overwriting it with a script that simply sleeps - this is useful in # by overwriting it with a script that simply sleeps - this is useful in
@ -266,6 +265,27 @@ pod:
requests: requests:
memory: "128Mi" memory: "128Mi"
cpu: "500m" cpu: "500m"
maas_ingress_vip:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
maas_ingress:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
maas_ingress_errors:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
jobs: jobs:
db_init: db_init:
requests: requests:
@ -305,6 +325,24 @@ pod:
endpoints: endpoints:
cluster_domain_suffix: cluster.local cluster_domain_suffix: cluster.local
maas_ingress:
hosts:
default: maas-ingress
error_pages: maas-ingress-error
host_fqdn_override:
default: null
port:
http:
default: 80
https:
default: 443
error_pages:
default: 8080
podport: 10080
healthz:
podport: 10254
status:
podport: 18080
maas_db: maas_db:
auth: auth:
admin: admin:
@ -322,23 +360,45 @@ endpoints:
default: 5432 default: 5432
host_fqdn_override: host_fqdn_override:
default: null default: null
maas_region_ui: maas_region:
name: maas-region-ui name: maas-region
auth: auth:
admin: admin:
username: admin username: admin
password: admin password: admin
email: none@none email: none@none
hosts: hosts:
default: maas-region-ui default: maas-region
public: maas public: maas
path: path:
default: /MAAS default: /MAAS
scheme: scheme:
default: 'http' default: 'http'
port: port:
region_ui: region_api:
default: 80 default: 80
nodeport: 31900
podport: 80
public: 80 public: 80
region_proxy:
default: 8000
# podport and public need to be the same as of MAAS 2.3.4, so
# comment them out and let the default rule
# podport: 8000
# public: 8000
host_fqdn_override:
default: null
physicalprovisioner:
name: drydock
hosts:
default: drydock-api
port:
api:
default: 9000
nodeport: 31900
path:
default: /api/v1.0
scheme:
default: http
host_fqdn_override: host_fqdn_override:
default: null default: null

2
tools/helm_install.sh
View File

@ -17,7 +17,7 @@
set -x set -x
HELM=$1 HELM=$1
HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://storage.googleapis.com/kubernetes-helm/helm-v2.9.1-linux-amd64.tar.gz"} HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://storage.googleapis.com/kubernetes-helm/helm-v2.10.0-linux-amd64.tar.gz"}
function install_helm_binary { function install_helm_binary {

2
tools/helm_tk.sh
View File

@ -18,7 +18,7 @@
HELM=$1 HELM=$1
HTK_REPO=${HTK_REPO:-"https://github.com/openstack/openstack-helm-infra"} HTK_REPO=${HTK_REPO:-"https://github.com/openstack/openstack-helm-infra"}
HTK_PATH=${HTK_PATH:-""} HTK_PATH=${HTK_PATH:-""}
HTK_STABLE_COMMIT=${HTK_COMMIT:-"master"} HTK_STABLE_COMMIT=${HTK_COMMIT:-"4cd00f3ac539f625e7cd9733ae46232b2082027a"}
DEP_UP_LIST=${DEP_UP_LIST:-"maas"} DEP_UP_LIST=${DEP_UP_LIST:-"maas"}
if [[ ! -z $(echo $http_proxy) ]] if [[ ! -z $(echo $http_proxy) ]]