diff --git a/.zuul.yaml b/.zuul.yaml deleted file mode 100644 index e7c200ac..00000000 --- a/.zuul.yaml +++ /dev/null @@ -1,3 +0,0 @@ -- project: - templates: - - noop-jobs diff --git a/Dockerfiles/mysqlclient-utility/Dockerfile.ubuntu_xenial b/Dockerfiles/mysqlclient-utility/Dockerfile.ubuntu_xenial new file mode 100644 index 00000000..6cb7eb80 --- /dev/null +++ b/Dockerfiles/mysqlclient-utility/Dockerfile.ubuntu_xenial @@ -0,0 +1,28 @@ +ARG FROM=docker.io/ubuntu:xenial +FROM ${FROM} +MAINTAINER Trung Thai + +RUN set -xe \ + && sed -i '/nobody/d' /etc/passwd \ + && echo "nobody:x:65534:65534:nobody:/nonexistent:/bin/bash" >> /etc/passwd ;\ + apt-get update ;\ + apt-get dist-upgrade -y ;\ + apt-get install -y \ + bash \ + moreutils \ + vim \ + sudo \ + screen \ + rsyslog \ + python-oslo.rootwrap \ + python3-oslo.rootwrap \ + mysql-client ;\ + sed -i 's/$PrivDropToUser syslog/$PrivDropToUser nobody/' /etc/rsyslog.conf ; \ + apt-get clean -y ;\ + rm -rf \ + /var/cache/debconf/* \ + /var/lib/apt/lists/* \ + /var/log/* \ + /tmp/* \ + /var/tmp/* +CMD ["/bin/bash"] \ No newline at end of file diff --git a/Dockerfiles/mysqlclient-utility/build.sh b/Dockerfiles/mysqlclient-utility/build.sh new file mode 100644 index 00000000..8af15491 --- /dev/null +++ b/Dockerfiles/mysqlclient-utility/build.sh @@ -0,0 +1,19 @@ +#!/bin/bash +set -xe +SCRIPT=`realpath $0` +SCRIPT_DIR=`dirname ${SCRIPT}` +## Only build from main folder +cd ${SCRIPT_DIR}/.. + +IMAGE="mysqlclient-utility" +VERSION=${VERSION:-latest} +DISTRO=${DISTRO:-ubuntu_xenial} +REGISTRY_URI=${REGISTRY_URI:-"airshipit/"} +EXTRA_TAG_INFO=${EXTRA_TAG_INFO:-""} +docker build \ +-f ${IMAGE}/Dockerfile.${DISTRO} \ +--network=host \ +-t ${REGISTRY_URI}${IMAGE}:${VERSION}-${DISTRO}${EXTRA_TAG_INFO} \ +${extra_build_args} ${IMAGE} + +cd - diff --git a/install_mysqlclient_utility.sh b/install_mysqlclient_utility.sh new file mode 100755 index 00000000..ad63b206 --- /dev/null +++ b/install_mysqlclient_utility.sh @@ -0,0 +1,19 @@ +#!/bin/bash +set -xe + +#NOTE: Lint and package chart +: ${OSH_INFRA_PATH:="../../openstack-helm-infra"} + +typeset uc=mysqlclient-utility + +make ${uc} +helm upgrade --install ${uc} ${uc} --namespace=utility + +#NOTE: Wait for deploy +./${OSH_INFRA_PATH}/tools/deployment/common/wait-for-pods.sh utility + +#NOTE: Validate Deployment info +kubectl get pods -n utility |grep ${uc} +helm status ${uc} + +helm test ${uc} --timeout 900 diff --git a/mysqlclient-utility/Chart.yaml b/mysqlclient-utility/Chart.yaml new file mode 100644 index 00000000..d30d25f6 --- /dev/null +++ b/mysqlclient-utility/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Porthole MySql Client +name: mysqlclient-utility +version: 0.1.0 diff --git a/mysqlclient-utility/README.md b/mysqlclient-utility/README.md new file mode 100644 index 00000000..ca38da98 --- /dev/null +++ b/mysqlclient-utility/README.md @@ -0,0 +1,237 @@ +# MySqlClient Utility Container + +## Prerequisites: Deploy OSH-AIO + +## Installation + +1. Add the below to /etc/sudoers + +>root ALL=(ALL) NOPASSWD: ALL \ +ubuntu ALL=(ALL) NOPASSWD: ALL + +2. Install the latest versions of Git, CA Certs bundle & Make if necessary + +>sudo apt-get update \ +sudo apt-get dist-upgrade -y \ +sudo apt-get install --no-install-recommends -y \ +ca-certificates \ +git \ +make \ +jq \ +nmap \ +curl \ +uuid-runtime + +3. Clone the OpenStack-Helm Repos + +>git clone https://git.openstack.org/openstack/openstack-helm-infra.git \ +git clone https://git.openstack.org/openstack/openstack-helm.git + +4. Proxy Configuration + +In order to deploy OpenStack-Helm behind corporate proxy servers (if any) +add the following entries to openstack-helm-infra/tools/gate/devel/local-vars.yaml + +>proxy: \ +http: http://username:password@host:port \ +https: https://username:password@host:port \ +noproxy: 127.0.0.1,localhost,172.17.0.1,.svc.cluster.local + +Add the address of the Kubernetes API, 172.17.0.1, and .svc.cluster.local to your no_proxy and NO_PROXY environment variables. + +>export no_proxy=${no_proxy},172.17.0.1,.svc.cluster.local \ +export NO_PROXY=${NO_PROXY},172.17.0.1,.svc.cluster.local + + +5. Deploy Kubernetes & Helm +- cd openstack-helm + - ./tools/deployment/developer/common/010-deploy-k8s.sh +- Setup Clients on the host and assemble the charts + - ./tools/deployment/developer/common/020-setup-client.sh +- Deploy the ingress controller + - ./tools/deployment/developer/common/030-ingress.sh +- Deploy Ceph + - ./tools/deployment/developer/ceph/040-ceph.sh +- Activate the namespace to be able to use Ceph + - ./tools/deployment/developer/ceph/045-ceph-ns-activate.sh +-. Deploy Keystone + - ./tools/deployment/developer/ceph/080-keystone.sh +- Deploy Heat + - ./tools/deployment/developer/ceph/090-heat.sh +- Deploy Horizon + - ./tools/deployment/developer/ceph/100-horizon.sh +- Deploy Glance + - ./tools/deployment/developer/ceph/120-glance.sh +- Deploy Cinder + - ./tools/deployment/developer/ceph/130-cinder.sh +- Deploy LibVirt + - ./tools/deployment/developer/ceph/150-libvirt.sh +- Deploy Compute Kit (Nova and Neutron) + - ./tools/deployment/developer/ceph/160-compute-kit.sh +- To run further commands from the CLI manually, execute the following to set up authentication credentials + - export OS_CLOUD=openstack_helm + +6. Clone the Porthole and this utility repo as well. +- $git clone https://review.opendev.org/airship/porthole + +7. $cd porthole + +**Optionally pull in this PS if it's not ready merged; otherwise, skip step below.** +- $git pull https://review.opendev.org/airship/porthole refs/changes/81/674881/[latest change set] + +- **$bash ./install_mysqlclient_utility.sh** +--- +
+ + +../../openstack-helm-infra + + typeset uc=mysqlclient-utility + + make mysqlclient-utility + + ===== Processing [mysqlclient-utility] chart ===== + make[1]: Entering directory '/home/ubuntu/osh/openstack-helm/porthole' + if [ -f mysqlclient-utility/Makefile ]; then make -C mysqlclient-utility; fi + if [ -f mysqlclient-utility/requirements.yaml ]; then helm dep up mysqlclient-utility; fi + Hang tight while we grab the latest from your chart repositories... + ...Successfully got an update from the "local" chart repository + Update Complete. ⎈Happy Helming!⎈ + Saving 1 charts + Downloading helm-toolkit from repo http://localhost:8879/charts + Deleting outdated charts + if [ -d mysqlclient-utility ]; then helm lint mysqlclient-utility; fi + ==> Linting mysqlclient-utility + [INFO] Chart.yaml: icon is recommended + + 1 chart(s) linted, no failures + if [ -d mysqlclient-utility ]; then helm package mysqlclient-utility; fi + Successfully packaged chart and saved it to: /home/ubuntu/osh/openstack-helm/porthole/mysqlclient-utility-0.1.0.tgz + make[1]: Leaving directory '/home/ubuntu/osh/openstack-helm/porthole' + + helm upgrade --install mysqlclient-utility mysqlclient-utility --namespace=utility + Release "mysqlclient-utility" does not exist. Installing it now. + NAME: mysqlclient-utility + LAST DEPLOYED: Fri Jul 19 01:38:55 2019 + NAMESPACE: utility + STATUS: DEPLOYED + + RESOURCES: + ==> v1/ConfigMap + NAME DATA AGE + mysqlclient-utility-bin 2 1s + mysqlclient-utility-bin-utilscli 2 1s + mysqlclient-utility-etc 2 1s + mysqlclient-utility-sudoers 1 1s + + ==> v1/Deployment + NAME READY UP-TO-DATE AVAILABLE AGE + mysqlclient-utility 0/1 1 0 1s + + ==> v1/Pod(related) + NAME READY STATUS RESTARTS AGE + mysqlclient-utility-775bf65c97-8z97s 0/1 ContainerCreating 0 1s + + ==> v1/ServiceAccount + NAME SECRETS AGE + mysqlclient-utility 1 1s + + ==> v1beta1/ClusterRole + NAME AGE + mysqlclient-utility 1s + + ==> v1beta1/ClusterRoleBinding + NAME AGE + mysqlclient-utility 1s + + + ../../openstack-helm-infra/tools/deployment/common/wait-for-pods.sh utility + + kubectl get pods -n utility + + grep mysqlclient-utility + mysqlclient-utility-775bf65c97-8z97s 1/1 Running 0 17s + + helm status mysqlclient-utility + LAST DEPLOYED: Fri Jul 19 01:38:55 2019 + NAMESPACE: utility + STATUS: DEPLOYED + + RESOURCES: + ==> v1/ConfigMap + NAME DATA AGE + mysqlclient-utility-bin 2 18s + mysqlclient-utility-bin-utilscli 2 18s + mysqlclient-utility-etc 2 18s + mysqlclient-utility-sudoers 1 18s + + ==> v1/Deployment + NAME READY UP-TO-DATE AVAILABLE AGE + mysqlclient-utility 1/1 1 1 18s + + ==> v1/Pod(related) + NAME READY STATUS RESTARTS AGE + mysqlclient-utility-775bf65c97-8z97s 1/1 Running 0 18s + + ==> v1/ServiceAccount + NAME SECRETS AGE + mysqlclient-utility 1 18s + + ==> v1beta1/ClusterRole + NAME AGE + mysqlclient-utility 18s + + ==> v1beta1/ClusterRoleBinding + NAME AGE + mysqlclient-utility 18s + + + helm test mysqlclient-utility --timeout 900 + RUNNING: mysqlclient-utility-check-mysql-client-installation + PASSED: mysqlclient-utility-check-mysql-client-installation +
+ + +## POST-Installation + +Validate pods are deployed and running + +$ kubectl get pods -n utility + - NAME READY STATUS RESTARTS AGE + - mysqlclient-utility-775bf65c97-8z97s 1/1 Running 0 8m47s + - mysqlclient-utility-check-mysql-client-installation 0/1 Completed 0 8m29s + + +## Usage & Test + +Get in to the utility pod using kubectl exec, perform the followings: + +### Case 1 - Execute into the pod + $kubectl exec -it -n utility /bin/bash + +### Case 2 - Test connectiviy to Mariadb (optional) + + - Find mariadb pod and its corresponding IP +--- + - $kubectl get pods --all-namespaces |grep -i mariadb-server |awk '{print $1,$2}'|while read a b ; do + kubectl get pod $b -n $a -o wide + done +--- +- An Output should look similar to below + + - NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES + - mariadb-server-0 1/1 Running 0 5h49m 192.168.251.93 mtn13b2 + + - Now connect to the pod as prescribe in Case 1 by providing the arguements accordingly to CLI, like below. + + - $kubectl exec -it -n utility -- mysql -h -u root -p -e 'show databases;' + + It's expected to see an output looks similar to below. + +>--------------------+\ +| Database |\ +|--------------------|\ +| cinder |\ +| glance |\ +| heat |\ +| horizon |\ +| information_schema |\ +| keystone |\ +| mysql |\ +| neutron |\ +| nova |\ +| nova_api |\ +| nova_cell0 |\ +| performance_schema |\ ++--------------------+\ \ No newline at end of file diff --git a/mysqlclient-utility/requirements.yaml b/mysqlclient-utility/requirements.yaml new file mode 100644 index 00000000..e69c985d --- /dev/null +++ b/mysqlclient-utility/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/mysqlclient-utility/templates/bin/_bootstrap.sh.tpl b/mysqlclient-utility/templates/bin/_bootstrap.sh.tpl new file mode 100644 index 00000000..99f7c2b6 --- /dev/null +++ b/mysqlclient-utility/templates/bin/_bootstrap.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +set -ex +sudo ./tmp/start.sh +tail -f /var/log/syslog diff --git a/mysqlclient-utility/templates/bin/_start.sh.tpl b/mysqlclient-utility/templates/bin/_start.sh.tpl new file mode 100644 index 00000000..4defdc00 --- /dev/null +++ b/mysqlclient-utility/templates/bin/_start.sh.tpl @@ -0,0 +1,34 @@ +#!/bin/bash +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +set -ex +# move this into build image v1.0.1 8/13/19 +#sed -i 's/$PrivDropToUser syslog/$PrivDropToUser nobody/' /etc/rsyslog.conf +/etc/init.d/rsyslog start + +# for readiness probe +touch /tmp/done + +{{/* +These lines will disable extra handler, extra formatter, extra level to the +root logger by oslo-rootwrap module, imported in _openstack-utility-rootwrap.tpl. +These lines will get rid of duplicate logs, generated because of the formatter +attached by oslo-rootwrap. +*/}} +sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py +sed -i "/handler.setFormatter/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py +sed -i "/os.path.basename/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py +sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py \ No newline at end of file diff --git a/mysqlclient-utility/templates/bin/_utilscli-sudo.tpl b/mysqlclient-utility/templates/bin/_utilscli-sudo.tpl new file mode 100644 index 00000000..d1db41cb --- /dev/null +++ b/mysqlclient-utility/templates/bin/_utilscli-sudo.tpl @@ -0,0 +1,16 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +nobody ALL=SETENV: NOPASSWD: /tmp/start.sh, /tmp/bootstrap.sh, /usr/local/bin/mysqlclient-utility-rootwrap /etc/mysqlclient-utility/rootwrap.conf * diff --git a/mysqlclient-utility/templates/bin/utility/_mysqlclient-utility-rootwrap.tpl b/mysqlclient-utility/templates/bin/utility/_mysqlclient-utility-rootwrap.tpl new file mode 100644 index 00000000..4a1ee1ad --- /dev/null +++ b/mysqlclient-utility/templates/bin/utility/_mysqlclient-utility-rootwrap.tpl @@ -0,0 +1,49 @@ +#!/usr/bin/python +{{/* +Copyright 2019 The Openstack-Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# PBR Generated from u'console_scripts' +import sys +import os +import logging +import getpass + +from oslo_rootwrap.cmd import main + +exec_name = sys.argv[0] +host_name = os.environ.get("HOSTNAME") +log_level = {{ .Values.conf.mysqlclientrootwrapconf.DEFAULT.syslog_log_level | quote }} +facility = {{ .Values.conf.mysqlclientrootwrapconf.DEFAULT.syslog_log_facility | quote }} + +if "AUSER" in os.environ: + user_id = os.environ["AUSER"] +elif {{ .Values.conf.utility.always_log_user | quote }} == 'true': + user_id = 'development site' +else: + print("No username set in AUSER environment variable, for security reasons access restricted from connecting to container.") + exit() + +try: + handler = logging.handlers.SysLogHandler(address='/dev/log',facility=facility) +except IOError: + print("Unable to setup logging, for security reasons access restricted from connecting to container.") + exit() + +formatter = logging.Formatter('%(asctime)s ' + host_name + ' ' + '%(levelname)s' + os.path.basename(exec_name) + ': ' + 'ActualUser=' + user_id + ': %(message)s') +handler.setFormatter(formatter) +root = logging.getLogger() +root.setLevel(log_level) +root.addHandler(handler) + +if __name__ == "__main__": + sys.exit(main()) diff --git a/mysqlclient-utility/templates/bin/utility/_utilscli.tpl b/mysqlclient-utility/templates/bin/utility/_utilscli.tpl new file mode 100644 index 00000000..309a8bdd --- /dev/null +++ b/mysqlclient-utility/templates/bin/utility/_utilscli.tpl @@ -0,0 +1,17 @@ +#!/bin/bash +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +script -f -a -q /var/log/syslog -c "sudo -E /usr/local/bin/mysqlclient-utility-rootwrap /etc/mysqlclient-utility/rootwrap.conf $*" diff --git a/mysqlclient-utility/templates/configmap-bin.yaml b/mysqlclient-utility/templates/configmap-bin.yaml new file mode 100644 index 00000000..639ddeaf --- /dev/null +++ b/mysqlclient-utility/templates/configmap-bin.yaml @@ -0,0 +1,48 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.configmap_bin .Values.deployment.mysqlclient }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-%s" $envAll.Release.Name "bin" }} +data: +{{- if .Values.images.local_registry.active }} + image-repo-sync.sh: | +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} + + start.sh: | +{{ tuple "bin/_start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + + mysqlclient-utility-rootwrap: | +{{ tuple "bin/utility/_mysqlclient-utility-rootwrap.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-%s" $envAll.Release.Name "bin-utilscli" }} +data: + utilscli: | +{{ tuple "bin/utility/_utilscli.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + + bootstrap.sh: | +{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + +{{- end }} diff --git a/mysqlclient-utility/templates/configmap-etc-client.yaml b/mysqlclient-utility/templates/configmap-etc-client.yaml new file mode 100644 index 00000000..c892bdd9 --- /dev/null +++ b/mysqlclient-utility/templates/configmap-etc-client.yaml @@ -0,0 +1,30 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.configmap_etc_client .Values.deployment.mysqlclient }} +{{- $envAll := . }} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-%s" $envAll.Release.Name "etc" }} +data: + rootwrap.conf: | +{{ include "helm-toolkit.utils.to_ini" .Values.conf.mysqlclientrootwrapconf | indent 4 }} + mysqlclient-rootwrap-filter: | +{{ include "helm-toolkit.utils.to_ini" .Values.conf.mysqlclientfilter | indent 4 }} +{{- end }} diff --git a/mysqlclient-utility/templates/configmap-etc-sudoers.yaml b/mysqlclient-utility/templates/configmap-etc-sudoers.yaml new file mode 100644 index 00000000..9b6357b0 --- /dev/null +++ b/mysqlclient-utility/templates/configmap-etc-sudoers.yaml @@ -0,0 +1,27 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.configmap_etc_sudoers .Values.deployment.mysqlclient }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-%s" $envAll.Release.Name "sudoers" }} +data: + utilscli-sudo: | +{{ tuple "bin/_utilscli-sudo.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} diff --git a/mysqlclient-utility/templates/deployment-utility.yaml b/mysqlclient-utility/templates/deployment-utility.yaml new file mode 100644 index 00000000..7fb2e63a --- /dev/null +++ b/mysqlclient-utility/templates/deployment-utility.yaml @@ -0,0 +1,143 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and .Values.manifests.deployment_utility ( and .Values.deployment.mysqlclient .Values.conf.features.utility) }} +{{- $envAll := . }} + +{{- $serviceAccountName := printf "%s" $envAll.Release.Name }} +{{ tuple $envAll "utility" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: {{ $serviceAccountName }} +rules: + - apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - get + - list + - watch + - exec + - create +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ $serviceAccountName }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ $serviceAccountName }} +subjects: + - kind: ServiceAccount + name: {{ $serviceAccountName }} + namespace: {{ $envAll.Release.Namespace }} +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ printf "%s" $envAll.Release.Name }} + labels: +{{ tuple $envAll "mysqlclient" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.utility }} + selector: + matchLabels: +{{ tuple $envAll "mysqlclient" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} + template: + metadata: + name: {{ printf "%s" $envAll.Release.Name }} + annotations: + {{ tuple . | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "mysqlclient" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + securityContext: + runAsUser: 65534 + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "mysqlclient" "utility" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.utility.node_selector_key }}: {{ .Values.labels.utility.node_selector_value }} + containers: + - name: {{ printf "%s" $envAll.Release.Name }} +{{ tuple $envAll "mysqlclient_utility" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.mysql_utility | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/bootstrap.sh + readinessProbe: + exec: + command: + - cat + - /tmp/done + initialDelaySeconds: 5 + periodSeconds: 15 + livenessProbe: + exec: + command: + - utilscli + initialDelaySeconds: 5 + periodSeconds: 15 + volumeMounts: + - name: mysqlclient-utility-bin-utilscli + mountPath: /tmp/bootstrap.sh + subPath: bootstrap.sh + readOnly: true + - name: mysqlclient-utility-bin + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: mysqlclient-utility-bin-utilscli + mountPath: /usr/local/bin/utilscli + subPath: utilscli + readOnly: true + - name: mysqlclient-utility-bin + mountPath: /usr/local/bin/mysqlclient-utility-rootwrap + subPath: mysqlclient-utility-rootwrap + readOnly: true + - name: mysqlclient-utility-sudoers + mountPath: /etc/sudoers.d/utilscli-sudo + subPath: utilscli-sudo + readOnly: true + - name: mysqlclient-utility-etc + mountPath: /etc/mysqlclient-utility/rootwrap.d/mysqlclient-rootwrap-filter + subPath: mysqlclient-rootwrap-filter + readOnly: true + - name: mysqlclient-utility-etc + mountPath: /etc/mysqlclient-utility/rootwrap.conf + subPath: rootwrap.conf + readOnly: true + volumes: + - name: mysqlclient-utility-sudoers + configMap: + name: {{ printf "%s-%s" $envAll.Release.Name "sudoers" }} + defaultMode: 0644 + - name: mysqlclient-utility-bin + configMap: + name: {{ printf "%s-%s" $envAll.Release.Name "bin" }} + defaultMode: 0555 + - name: mysqlclient-utility-etc + configMap: + name: {{ printf "%s-%s" $envAll.Release.Name "etc" }} + defaultMode: 0555 + - name: mysqlclient-utility-bin-utilscli + configMap: + name: {{ printf "%s-%s" $envAll.Release.Name "bin-utilscli" }} + defaultMode: 0755 +{{- end }} diff --git a/mysqlclient-utility/templates/tests/check-mysql-client.yaml b/mysqlclient-utility/templates/tests/check-mysql-client.yaml new file mode 100644 index 00000000..cbeecbbc --- /dev/null +++ b/mysqlclient-utility/templates/tests/check-mysql-client.yaml @@ -0,0 +1,26 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +apiVersion: v1 + +kind: Pod +metadata: + name: "{{ .Release.Name }}-check-mysql-client-installation" + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: "{{ .Release.Name }}-check-mysql-client-installation" + image: {{ .Values.images.tags.mysqlclient_utility }} + command: ["/bin/bash", "-c", "type mysql"] + restartPolicy: Never diff --git a/mysqlclient-utility/values.yaml b/mysqlclient-utility/values.yaml new file mode 100644 index 00000000..31f3c11a --- /dev/null +++ b/mysqlclient-utility/values.yaml @@ -0,0 +1,161 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for mysql-client. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +deployment: + mysqlclient: true + +release_group: null + +images: + tags: + mysqlclient_utility: 'quay.io/trthai/tuc:mysql-client-utility-v1.0.1' + image_repo_sync: docker.io/docker:18.09.02 + pull_policy: IfNotPresent + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +labels: + utility: + node_selector_key: openstack-helm-node-class + node_selector_value: primary + +pod: + dns_policy: "ClusterFirstWithHostNet" + replicas: + utility: 1 + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + resources: + enabled: false + utility: + requests: + memory: "100Mi" + cpu: "250m" + limits: + memory: "250Mi" + cpu: "500m" + jobs: + bootstrap: + limits: + memory: "1024Mi" + cpu: "2000m" + requests: + memory: "128Mi" + cpu: "500m" + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + + +conf: + features: + utility: true + mysqlclientconf: + etc: mysqlclient-etc + mysqlclientfilter: + Filters: + # mysqlclient-rootwrap command filters for mysqlclient utility container + # This file should be owned by (and only-writeable by) the root user + mysql: CommandFilter, mysql, root + #kubectl: CommandFilter, kubectl, root + mysqlclientrootwrapconf: + DEFAULT: + # Configuration for mysqlclient-rootwrap + # This file should be owned by (and only-writeable by) the root user + # List of directories to load filter definitions from (separated by ','). + # These directories MUST all be only writeable by root ! + filters_path: /etc/mysqlclient-utility/rootwrap.d + # List of directories to search executables in, in case filters do not + # explicitely specify a full path (separated by ',') + # If not specified, defaults to system PATH environment variable. + # These directories MUST all be only writeable by root ! + exec_dirs: /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/tmp + # Enable logging to syslog + # Default value is False + use_syslog: True + # Which syslog facility to use. + # Valid values include auth, authpriv, syslog, local0, local1... + # Default value is 'syslog' + syslog_log_facility: syslog + # Which messages to log. + # INFO means log all usage + # ERROR means only log unsuccessful attempts + syslog_log_level: INFO + #keystone_auth: + # auth_url: http://keystone.openstack.svc.cluster.local/v3 + # auth_version: "3" + utility: + # Set to true for development sites, + # Set to false otherwise + always_log_user: true + +dependencies: + dynamic: + common: + local_image_registry: + jobs: + - mysqlclient-utility-image-repo-sync + services: + - endpoint: node + service: local_image_registry + static: + image_repo_sync: + services: + - endpoint: internal + service: local_image_registry + +bootstrap: + enabled: true + +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + +monitoring: + prometheus: + enabled: true + +manifests: + configmap_bin: true + configmap_etc_client: true + configmap_etc_sudoers: true + deployment_utility: true + diff --git a/tools/gate/playbooks/docker-image-upload.yaml b/tools/gate/playbooks/docker-image-upload.yaml new file mode 100644 index 00000000..03e202b4 --- /dev/null +++ b/tools/gate/playbooks/docker-image-upload.yaml @@ -0,0 +1,112 @@ +- hosts: all + tasks: + - include_vars: vars.yaml + + - name: Install Docker (Debian) + when: ansible_os_family == 'Debian' + block: + - file: + path: "{{ item }}" + state: directory + with_items: + - /etc/docker/ + - /etc/systemd/system/docker.service.d/ + - /var/lib/docker/ + - mount: + path: /var/lib/docker/ + src: tmpfs + fstype: tmpfs + opts: size=25g + state: mounted + - copy: "{{ item }}" + with_items: + - content: "{{ docker_daemon | to_json }}" + dest: /etc/docker/daemon.json + - src: files/docker-systemd.conf + dest: /etc/systemd/system/docker.service.d/ + - apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + - apt_repository: + repo: deb http://{{ zuul_site_mirror_fqdn }}/deb-docker xenial stable + - apt: + name: "{{ item }}" + allow_unauthenticated: True + with_items: + - docker-ce + - python-pip + - pip: + name: docker + version: 2.7.0 + # NOTE(SamYaple): Allow all connections from containers to host so the + # containers can access the http server for git and wheels + - iptables: + action: insert + chain: INPUT + in_interface: docker0 + jump: ACCEPT + become: True + + - name: Debug tag generation inputs + block: + - debug: + var: publish + - debug: + var: tags + - debug: + var: zuul + - debug: + msg: "{{ tags | to_json }}" + + - name: Determine tags + shell: echo '{{ tags | to_json }}' | python {{ zuul.project.src_dir }}/tools/image_tags.py + environment: + BRANCH: "{{ zuul.branch | default('') }}" + CHANGE: "{{ zuul.change | default('') }}" + COMMIT: "{{ zuul.newrev | default('') }}" + PATCHSET: "{{ zuul.patchset | default('') }}" + register: image_tags + + - name: Debug computed tags + debug: + var: image_tags + + - name: Make images + when: not publish + block: + - make: + chdir: "{{ zuul.project.src_dir }}" + target: images + params: + IMAGE_TAG: "{{ item }}" + with_items: "{{ image_tags.stdout_lines }}" + + - shell: "docker images" + register: docker_images + + - debug: + var: docker_images + + become: True + + - name: Publish images + block: + - docker_login: + username: "{{ quay_credentials.username }}" + password: "{{ quay_credentials.password }}" + registry_url: "https://quay.io/api/v1/" + - make: + chdir: "{{ zuul.project.src_dir }}" + target: images + params: + DOCKER_REGISTRY: "quay.io" + IMAGE_PREFIX: "airshipit" + IMAGE_TAG: "{{ item }}" + COMMIT: "{{ zuul.newrev | default('') }}" + PUSH_IMAGE: "true" + with_items: "{{ image_tags.stdout_lines }}" + - shell: "docker images" + register: docker_images + - debug: + var: docker_images + when: publish + become: True \ No newline at end of file diff --git a/tools/gate/playbooks/files/docker-systemd.conf b/tools/gate/playbooks/files/docker-systemd.conf new file mode 100644 index 00000000..6b01af0f --- /dev/null +++ b/tools/gate/playbooks/files/docker-systemd.conf @@ -0,0 +1,8 @@ +# NOTE(SamYaple): CentOS cannot be build with userns-remap enabled. httpd uses +# cap_set_file capability and there is no way to pass that in at build as of +# docker 17.06. +# TODO(SamYaple): Periodically check to see if this is possible in newer +# versions of Docker +[Service] +ExecStart= +ExecStart=/usr/bin/dockerd diff --git a/tools/gate/playbooks/vars.yaml b/tools/gate/playbooks/vars.yaml new file mode 100644 index 00000000..c89b7980 --- /dev/null +++ b/tools/gate/playbooks/vars.yaml @@ -0,0 +1,19 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +docker_daemon: + group: zuul + registry-mirrors: + - "http://{{ zuul_site_mirror_fqdn }}:8082/" + storage-driver: overlay2 diff --git a/tools/gate/playbooks/zuul-linter.yaml b/tools/gate/playbooks/zuul-linter.yaml index b86a1279..44f31473 100644 --- a/tools/gate/playbooks/zuul-linter.yaml +++ b/tools/gate/playbooks/zuul-linter.yaml @@ -1,4 +1,4 @@ -# Copyright 2019 The Openstack-Helm Authors. +# Copyright 2017 The Openstack-Helm Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,6 +15,6 @@ - hosts: primary tasks: - name: Execute a Whitespace Linter check - command: find . -not -path "*/\.*" -not -path "*/doc/build/*" -not -name "*.tgz" -not -name "*.png" -type f -exec egrep -l " +$" {} \; + command: find . -not -path "*/\.*" -not -path "*/doc/build/*" -not -name "*.tgz" -type f -exec egrep -l " +$" {} \; register: result failed_when: result.stdout != "" \ No newline at end of file diff --git a/zuul.d/base.yaml b/zuul.d/base.yaml new file mode 100644 index 00000000..76ba4619 --- /dev/null +++ b/zuul.d/base.yaml @@ -0,0 +1,67 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- nodeset: + name: airship-porthole-single-node + nodes: + - name: primary + label: ubuntu-xenial + +- job: + name: porthole-images-build + parent: build-docker-image + abstract: true + ansible-version: 2.8 + description: | + irrelevant-files: + - ^\.git.* + - ^.*\.(example|md|rst)$ + - ^doc/.* + - ^releasenotes/.* + timeout: 3600 + +- job: + name: porthole-images-upload + parent: upload-docker-image + abstract: true + ansible-version: 2.8 + secrets: + name: quay_credentials + secret: quay_credentials + pass-to-parent: true + timeout: 3600 + +- secret: + name: quay_credentials + data: + username: !encrypted/pkcs1-oaep + - SQ0e+mvFN7eU+snMDhXC417r3yy+OoZ+QQcAPAoI2xuUDbZOrCSXIlRATrNZX+NrRx/sT + GoxeeScqpX3hnBTHAvWn6iDzVoSIOgW8aG4+/kCjU1dtKzPgyuo4t+rFEe1iplLFyG1P1 + xshMrc8dRpAJTjyUwWzY1zatb46LEBK1DD15kkAaS+6KKfD2dH/AX3XYzp3671cdsXtC7 + R7Lm8lKh2MYYmF+ybuCd/JbeuH2aLQc1pLnigPBWJgslzxQ2F2hLXssj8cd+rGSxQ8jVG + SCqFkyggBdv/TGQdhihnse8Taj8tqgmqbh5KPZIKeCM5ekXbsCMuI1KNH0Fr7UeffOYNU + 5CJsWnuZoX5xQxcRHWAprBaGr8jr6EeklW896GC7wMcFq+C4166H1Y44NMrLtzAlXEs8p + uO6Vl2AGqt4/ORkJ7aIUdjI21u0r7ULEFcj+Q7hMoC0q81f1RVqbvTWtAi6CfjiUdpEwm + vwpyfwUP4JugjC3UALe4tMyMO5pQiAIPzYs34/skqxvEQN+5+8BrBnr2tNAIbxMmgpZOU + Ov89WfURzb7pxBbVgC6HuyX2mQi3OHdYS33TM9e+pXgLN8XK7dzASaCFXa0zjA1xj4pHh + oBO66rVON6DsjEmliMUHLnkgXJnqqm9pLEa+avCuK0Kt7i5st1DBnxK/Goy2ec= + password: !encrypted/pkcs1-oaep + - CuInAjNp1dAXxxNzfs9O9I7+T6OJLx4gaPeafLxfjJs4uCRC8L6N1Kcyc1QPYlr6hfvFz + D8Er9OKTzbmQixDxGzCSJh/RRcpjwh8GJMn7cvGYMTsrWcYzvK2RC5778huxVnwT0gWiB + TaqUqOBsHQMlXumEAKO7qqaKxJ4LadXMp/eqcyVfCw1roEOO69QqhBajwhk/5RS3qm6QZ + KGr0T3AfDAtF276e4GI9L5paVNjME7Au22+S1pVaIxX91/qx3HFAz+HSErvhxGHVKhHr4 + 4G/YygeSJMWyKpk28kjoncxgzHNwREXZXbRabMwXoGuweOB4ZZ7JXy9yEkagojx0buBtn + Phv48p/8C/7ZN3v8xOiHRAnLk6jsWA4cu5Zhplark22Uq+d7MtlEgRpWvqDBWNF+9GCOQ + Vlpomy02Nj4PkZZDKY7Eo3uf/+3aa8/hhvJursqv6VvqwYl75euT8Immo1EUw/Hw4PBpJ + JXcwlGoK6kvXmYaG2c7yEiH2xNtTzVTai10fsalubQWR4FTmJA5LU9+HatHBa46XLy4gS + vMHs2uJudmxhqLIhs5Er248FVjfxw7le5dPun3ir4J7Mjgypu5y8eLCMZAFIwpeqlJrVU + uih8ByaTlSEh6FBzle7Hb330RjSztC4pX6xiNAmtkpxhF2rEEFS66B/ixwCphQ= diff --git a/zuul.d/mysqlclient-utility.yaml b/zuul.d/mysqlclient-utility.yaml new file mode 100644 index 00000000..a7ba6236 --- /dev/null +++ b/zuul.d/mysqlclient-utility.yaml @@ -0,0 +1,75 @@ +# Copyright 2019 The Airship Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- project: + check: + jobs: + - porthole-mysqlclient-lint-ws + - porthole-mysqlclient-images-build + + gate: + jobs: + - porthole-mysqlclient-lint-ws + - porthole-mysqlclient-images-build + + post: + jobs: + - porthole-mysqlclient-images-upload + +- job: + name: porthole-mysqlclient-lint-ws + description: | + Lints all files for trailing whitespace + run: tools/gate/playbooks/zuul-linter.yaml + timeout: 300 + nodeset: airship-porthole-single-node + +- job: + name: porthole-mysqlclient-images-build + parent: porthole-images-build + description: Build mysqclient images + vars: &mysqlclient_vars + currentdate: "{{ now(utc=True,fmt='%Y%m%d') }}" + docker_images: + - context: Dockerfiles/mysqlclient-utility + repository: porthole/mysqlclient-utility + dockerfile: Dockerfile.ubuntu_xenial + tags: + - latest-ubuntu_xenial + - "ubuntu_xenial-{{ currentdate }}" + files: &mysqlclient_files + - Dockerfiles/mysqlclient-utility/.* + - zuul.d/mysqlclient-utility.yaml + +- job: + name: porthole-mysqlclient-images-upload + timeout: 1800 + run: tools/gate/playbooks/docker-image-upload.yaml + nodeset: airship-porthole-single-node + secrets: + - quay_credentials + vars: + publish: true + tags: + dynamic: + branch: true + commit: true + static: + - latest + irrelevant-files: + - ^charts/.*$ + - ^etc/.*$ + - ^tests/.*$ + - ^tools/.*$ +