airship/porthole
Code Issues Proposed changes

Chart/Dockerfile for etcdctl Utility Container

Browse Source 
This etcdctl utility container will help the Operation user
to check the state/stats of etcdctl resources in the K8s Cluster

Change-Id: If0c46b9c19bf8492be3e92c8c215cc9980886981
This commit is contained in:
Kavva, Jagan Mohan (jk330k) 2019-08-07 16:39:32 -05:00 committed by Jagan Kavva
parent 08388af8f3
commit 9255a73837
18 changed files with 867 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
charts/etcdctl-utility/Chart.yaml Normal file
View File

@ -0,0 +1,18 @@
# Copyright 2019 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
description: etcdctl Client
name: etcdctl-utility
version: 0.1.0

18
charts/etcdctl-utility/requirements.yaml Normal file
View File

@ -0,0 +1,18 @@
# Copyright 2019 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: 0.1.0

19
charts/etcdctl-utility/templates/bin/_bootstrap.sh.tpl Normal file
View File

@ -0,0 +1,19 @@
#!/bin/bash
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
sudo /tmp/start.sh
tail -f /var/log/syslog

24
charts/etcdctl-utility/templates/bin/_start.sh.tpl Normal file
View File

@ -0,0 +1,24 @@
#!/bin/bash
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
sed -i 's/$PrivDropToUser syslog/$PrivDropToUser nobody/' /etc/rsyslog.conf
/etc/init.d/rsyslog start
sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
sed -i "/handler.setFormatter/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
sed -i "/os.path.basename/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py

16
charts/etcdctl-utility/templates/bin/_utilscli-sudo.tpl Normal file
View File

@ -0,0 +1,16 @@
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
nobody ALL=SETENV: NOPASSWD: /tmp/start.sh, /tmp/bootstrap.sh, /usr/local/bin/etcdctl-utility-rootwrap /etc/etcdctl-utility/rootwrap.conf *

59
charts/etcdctl-utility/templates/bin/utility/_etcdctl-utility-rootwrap.tpl Normal file
View File

@ -0,0 +1,59 @@
#!/usr/bin/python
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
# PBR Generated from u'console_scripts'
import logging
import os
import sys
from oslo_rootwrap.cmd import main
exec_name = sys.argv[0]
host_name = os.environ.get("HOSTNAME")
log_level = {{
.Values.conf.etcdctlrootwrapconf.DEFAULT.syslog_log_level | quote}}
facility = {{
.Values.conf.etcdctlrootwrapconf.DEFAULT.syslog_log_facility | quote}}
if "AUSER" in os.environ:
user_id = os.environ["AUSER"]
elif {{.Values.conf.utility.always_log_user | quote}} == 'true':
user_id = 'development site'
else:
print("No username set in AUSER environment variable, " +
"for security reasons access restricted from " +
"connecting to container.")
exit()
try:
handler = logging.handlers.SysLogHandler(
address='/dev/log', facility=facility)
except IOError:
print("Unable to setup logging, for security " +
"reasons access restricted from connecting to container.")
exit()
formatter = logging.Formatter(
'%(asctime)s ' + host_name + ' ' +
'%(levelname)s' + os.path.basename(exec_name) + ': ' +
'ActualUser=' + user_id + ': %(message)s')
handler.setFormatter(formatter)
root = logging.getLogger()
root.setLevel(log_level)
root.addHandler(handler)
if __name__ == "__main__":
sys.exit(main())

17
charts/etcdctl-utility/templates/bin/utility/_utilscli.tpl Normal file
View File

@ -0,0 +1,17 @@
#!/bin/bash
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
script -f -a -q /var/log/syslog -c "sudo -E /usr/local/bin/etcdctl-utility-rootwrap /etc/etcdctl-utility/rootwrap.conf $*"

50
charts/etcdctl-utility/templates/configmap-bin.yaml Normal file
View File

@ -0,0 +1,50 @@
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.configmap_bin .Values.deployment.etcdctl }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-%s" $envAll.Release.Name "bin" }}
data:
{{- if .Values.images.local_registry.active }}
image-repo-sync.sh: |
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
{{- end }}
start.sh: |
{{ tuple "bin/_start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
etcdctl-utility-rootwrap: |
{{ tuple "bin/utility/_etcdctl-utility-rootwrap.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-%s" $envAll.Release.Name "bin-utilscli" }}
data:
utilscli: |
{{ tuple "bin/utility/_utilscli.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- if .Values.bootstrap.enabled }}
bootstrap.sh: |
{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}
{{- end }}

27
charts/etcdctl-utility/templates/configmap-etc-sudoers.yaml Normal file
View File

@ -0,0 +1,27 @@
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.configmap_etc_sudoers .Values.deployment.etcdctl }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-%s" $envAll.Release.Name "sudoers" }}
data:
utilscli-sudo: |
{{ tuple "bin/_utilscli-sudo.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}

42
charts/etcdctl-utility/templates/configmap-etc.yaml Normal file
View File

@ -0,0 +1,42 @@
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.configmap_etc_client .Values.deployment.etcdctl }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-%s" $envAll.Release.Name "etc" }}
data:
rootwrap.conf: |
{{ include "helm-toolkit.utils.to_ini" .Values.conf.etcdctlrootwrapconf | indent 4 }}
etcdctl-rootwrap-filter: |
{{ include "helm-toolkit.utils.to_ini" .Values.conf.etcdctlfilter | indent 4 }}
etcdctl.cfg: |
apiVersion: v1
kind: ConfigMap
metadata:
spec:
datastoreType: "etcdv3"
etcdEndpoints: {{ tuple "etcd" "internal" "client" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
etcdCertFile: {{ .Values.endpoints.etcd.auth.client.path.crt }}
etcdCACertFile: {{ .Values.endpoints.etcd.auth.client.path.ca }}
etcdKeyFile: {{ .Values.endpoints.etcd.auth.client.path.key }}
{{- end }}

168
charts/etcdctl-utility/templates/deployment-etcdctl-utility.yaml Normal file
View File

@ -0,0 +1,168 @@
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.deployment_etcdctl_utility ( and .Values.deployment.etcdctl) }}
{{- $envAll := . }}
{{- $serviceAccountName := printf "%s" $envAll.Release.Name }}
{{ tuple $envAll "utility" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ $serviceAccountName }}
rules:
- apiGroups: [""]
resources:
- namespaces
- nodes
- pods
- persistentvolumeclaims
- persistentvolumes
verbs:
- get
- list
- watch
- create
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: {{ $serviceAccountName }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ $serviceAccountName }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: {{ printf "%s" $envAll.Release.Name }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "utility" "etcdctl-util" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
replicas: {{ .Values.pod.replicas.utility }}
selector:
matchLabels:
{{ tuple $envAll "utility" "etcdctl-util" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
template:
metadata:
name: {{ printf "%s" $envAll.Release.Name }}
labels:
{{ tuple $envAll "utility" "etcdctl-util" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
spec:
securityContext:
runAsUser: 65534
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "etcdctl" "utility" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.utility.node_selector_key }}: {{ .Values.labels.utility.node_selector_value }}
containers:
- name: {{ printf "%s" $envAll.Release.Name }}
{{ tuple $envAll "etcdctl_utility" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.etcdctl_utility | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: ETCDCTL_API
value: "{{ .Values.conf.etcd.etcdctl_api }}"
- name: ETCDCTL_DIAL_TIMEOUT
value: 10s
- name: ETCDCTL_CACERT
value: /etc/kubernetes/apiserver/pki/etcd-client-ca.pem
- name: ETCDCTL_CERT
value: /etc/kubernetes/apiserver/pki/etcd-client.pem
- name: ETCDCTL_KEY
value: /etc/kubernetes/apiserver/pki/etcd-client-key.pem
- name: ETCDCTL_ENDPOINTS
value: https://{{ .Values.conf.etcd.endpoints }}:{{ .Values.endpoints.etcd.port.client.default }}
command:
- /tmp/bootstrap.sh
volumeMounts:
- name: etcdctl-etcd-secrets
mountPath: {{ .Values.endpoints.etcd.auth.client.path.ca }}
subPath: tls.ca
readOnly: true
- name: etcdctl-etcd-secrets
mountPath: {{ .Values.endpoints.etcd.auth.client.path.crt }}
subPath: tls.crt
readOnly: true
- name: etcdctl-etcd-secrets
mountPath: {{ .Values.endpoints.etcd.auth.client.path.key }}
subPath: tls.key
readOnly: true
- name: etcdctl-utility-bin-utilscli
mountPath: /tmp/bootstrap.sh
subPath: bootstrap.sh
readOnly: true
- name: etcdctl-utility-bin
mountPath: /tmp/start.sh
subPath: start.sh
readOnly: true
- name: etcdctl-utility-bin-utilscli
mountPath: /usr/local/bin/utilscli
subPath: utilscli
readOnly: true
- name: etcdctl-utility-bin
mountPath: /usr/local/bin/etcdctl-utility-rootwrap
subPath: etcdctl-utility-rootwrap
readOnly: true
- name: etcdctl-utility-sudoers
mountPath: /etc/sudoers.d/utilscli-sudo
subPath: utilscli-sudo
readOnly: true
- name: etcdctl-utility-etc
mountPath: /etc/etcdctl-utility/rootwrap.d/etcdctl-rootwrap-filter
subPath: etcdctl-rootwrap-filter
readOnly: true
- name: etcdctl-utility-etc
mountPath: /etc/etcdctl-utility/rootwrap.conf
subPath: rootwrap.conf
readOnly: true
- name: etcdctl-utility-etc
mountPath: /etc/etcd/etcdctl.cfg
subPath: etcdctl.cfg
readOnly: true
volumes:
- name: etcdctl-utility-sudoers
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "sudoers" }}
defaultMode: 0644
- name: etcdctl-utility-bin
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "bin" }}
defaultMode: 0500
- name: etcdctl-utility-etc
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "etc" }}
defaultMode: 0400
- name: etcdctl-utility-bin-utilscli
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "bin-utilscli" }}
defaultMode: 0755
- name: etcdctl-etcd-secrets
secret:
secretName: etcdctl-etcd-secrets
defaultMode: 0444
{{- end }}

21
charts/etcdctl-utility/templates/job-image-repo-sync.yaml Normal file
View File

@ -0,0 +1,21 @@
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "etcdctl-utility" -}}
{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
{{- end }}

30
charts/etcdctl-utility/templates/secret-etcd-certificates.yaml Normal file
View File

@ -0,0 +1,30 @@
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_certificates }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Secret
type: kubernetes.io/tls
metadata:
name: etcdctl-etcd-secrets
data:
tls.ca: {{ .Values.endpoints.etcd.auth.client.tls.ca | default "" | b64enc }}
tls.key: {{ .Values.endpoints.etcd.auth.client.tls.key | default "" | b64enc }}
tls.crt: {{ .Values.endpoints.etcd.auth.client.tls.crt | default "" | b64enc }}
{{- end }}

199
charts/etcdctl-utility/values.yaml Normal file
View File

@ -0,0 +1,199 @@
# Copyright 2019 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for etcdctl-utility.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# name: value
deployment:
etcdctl: true
release_group: null
images:
pull_policy: IfNotPresent
tags:
etcdctl_utility: 'quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_xenial'
image_repo_sync: docker.io/docker:18.09.02
pull_policy: "IfNotPresent"
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
labels:
utility:
node_selector_key: util-etcdctl
node_selector_value: enabled
job:
node_selector_key: openstack-helm-node-class
node_selector_value: primary
pod:
dns_policy: "ClusterFirstWithHostNet"
replicas:
utility: 1
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
resources:
enabled: false
utility:
requests:
memory: "128Mi"
cpu: "250m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
bootstrap:
limits:
memory: "1024Mi"
cpu: "2000m"
requests:
memory: "128Mi"
cpu: "500m"
image_repo_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
test:
etcdctl:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
conf:
etcdctlfilter:
Filters:
# etcdctl-rootwrap command filters for etcdctl utility container
# This file should be owned by (and only-writeable by) the root user
etcdctl: CommandFilter, etcdctl, root
etcdctlrootwrapconf:
DEFAULT:
# Configuration for etcdctl-rootwrap
# This file should be owned by (and only-writeable by) the root user
# List of directories to load filter definitions from (separated by ',').
# These directories MUST all be only writeable by root !
filters_path: /etc/etcdctl-utility/rootwrap.d
# List of directories to search executables in, in case filters do not
# explicitely specify a full path (separated by ',')
# If not specified, defaults to system PATH environment variable.
# These directories MUST all be only writeable by root !
exec_dirs: /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin
# Enable logging to syslog
# Default value is False
use_syslog: True
# Which syslog facility to use.
# Valid values include auth, authpriv, syslog, local0, local1...
# Default value is 'syslog'
syslog_log_facility: syslog
# Which messages to log.
# INFO means log all usage
# ERROR means only log unsuccessful attempts
syslog_log_level: INFO
etcd:
endpoints: kubernetes-etcd.kube-system.svc.cluster.local
etcdctl_api: "3"
utility:
location_corridor: c1
# Set to true for development sites,
# Set to false otherwise
always_log_user: true
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- etcdctl-utility-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
image_repo_sync:
services:
- endpoint: internal
service: local_image_registry
etcdctl_utility:
services:
- endpoint: internal
service: kubernetes-etcd
bootstrap:
enabled: true
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
etcd:
auth:
client:
tls:
crt: null
ca: null
key: null
path:
crt: /etc/kubernetes/apiserver/pki/etcd-client.pem
ca: /etc/kubernetes/apiserver/pki/etcd-client-ca.pem
key: /etc/kubernetes/apiserver/pki/etcd-client-key.pem
scheme:
default: https
path:
default: ' ' # space required to provide a truly empty path
hosts:
default: 10.96.0.2
host_fqdn_override:
default: null
service:
name: null
port:
client:
default: 2379
peer:
default: 2380
monitoring:
prometheus:
enabled: true
manifests:
configmap_bin: true
configmap_etc_client: true
configmap_etc_sudoers: true
deployment_etcdctl_utility: true
job_image_repo_sync: false
secret_certificates: true

42
images/etcdctl-utility/Dockerfile.ubuntu_xenial Normal file
View File

@ -0,0 +1,42 @@
ARG FROM=ubuntu:16.04
FROM ${FROM}
LABEL org.opencontainers.image.authors='airship-discuss@lists.airshipit.org, irc://#airshipit@freenode' \
org.opencontainers.image.url='https://airshipit.org' \
org.opencontainers.image.documentation='https://opendev.org/airship/porthole' \
org.opencontainers.image.source='https://opendev.org/airship/porthole' \
org.opencontainers.image.vendor='The Airship Authors' \
org.opencontainers.image.licenses='Apache-2.0'
ARG ETCDCTL_VERSION=3.3.12
RUN set -xe && \
export DEBIAN_FRONTEND=noninteractive && \
sed -i '/nobody/d' /etc/passwd && \
echo "nobody:x:65534:65534:nobody:/nonexistent:/bin/bash" >> /etc/passwd && \
apt-get update && \
apt-get install -y \
wget curl \
apt-transport-https \
ca-certificates \
gnupg && \
apt-get install -y \
bash \
moreutils \
python-oslo.rootwrap \
python3-oslo.rootwrap \
screen \
sudo \
rsyslog \
vim && \
TMP_DIR=$(mktemp --directory) && \
cd ${TMP_DIR} && \
curl -sSL https://github.com/coreos/etcd/releases/download/v${ETCDCTL_VERSION}/etcd-v${ETCDCTL_VERSION}-linux-amd64.tar.gz \
| tar xfz - && \
mv ${TMP_DIR}/etcd-v${ETCDCTL_VERSION}-linux-amd64/etcdctl /usr/local/bin/etcdctl && \
chmod +xr /usr/local/bin/etcdctl && \
apt-get clean -y && \
rm -rf \
/var/lib/apt/lists/* \
${TMP_DIR}
CMD ["/bin/bash"]

70
images/etcdctl-utility/README.md Normal file
View File

@ -0,0 +1,70 @@
# etcdctl utility Container
## Prerequisites: Deploy Airship in a Bottle(AIAB)
To get started, run the following in a fresh Ubuntu 16.04 VM (minimum 4vCPU/20GB RAM/32GB disk).
This will deploy Airship and Openstack Helm (OSH).
1. Add the below to /etc/sudoers
```
root ALL=(ALL) NOPASSWD: ALL
ubuntu ALL=(ALL) NOPASSWD: ALL
```
2. Install the latest versions of Git, CA Certs & bundle & Make if necessary
```
set -xe \
sudo apt-get update \
sudo apt-get install --no-install-recommends -y \
ca-certificates \
git \
make \
jq \
nmap \
curl \
uuid-runtime
```
## Deploy Airship in a Bottle(AIAB)
Deploy AirShip in a Bottle(AIAB) which will deploy etcdctl-utility pod.
```
sudo -i \
mkdir -p root/deploy && cd "$_" \
git clone https://opendev.org/airship/treasuremap \
cd /root/deploy/treasuremap/tools/deployment/aiab \
./airship-in-a-bottle.sh
```
## Usage and Test
Get in to the etcdctl-utility pod using kubectl exec.
To perform any operation use the below example.
```
$kubectl exec -it <POD_NAME> -n utility -- /bin/bash
```
example:
```
utilscli etcdctl member list
utilscli etcdctl endpoint health
utilscli etcdctl endpoint status
nobody@airship-etcdctl-utility-998b4f4d6-65x6d:/$ utilscli etcdctl member list
90d1b75fa1b31b89, started, ubuntu, https://10.0.2.15:2380, https://10.0.2.15:2379
ab1f60375c5ef1d3, started, auxiliary-1, https://10.0.2.15:22380, https://10.0.2.15:22379
d8ed590018245b3c, started, auxiliary-0, https://10.0.2.15:12380, https://10.0.2.15:12379
nobody@airship-etcdctl-utility-998b4f4d6-65x6d:/$ utilscli etcdctl endpoint health
https://kubernetes-etcd.kube-system.svc.cluster.local:2379 is healthy:
successfully committed proposal: took = 1.787714ms
nobody@airship-etcdctl-utility-998b4f4d6-65x6d:/$ utilscli etcdctl alarm list
nobody@airship-etcdctl-utility-998b4f4d6-65x6d:/$ utilscli etcdctl version
etcdctl version: 3.3.12
API version: 3.3
nobody@airship-etcdctl-utility-998b4f4d6-65x6d:/$
```

9
zuul.d/base.yaml
View File

@ -16,19 +16,22 @@
check:
jobs:
- airship-porthole-linter
- airship-porthole-images-build-gate-mysqlclient-utility
- airship-porthole-images-build-gate-ceph-utility
- airship-porthole-images-build-gate-etcdctl-utility
- airship-porthole-images-build-gate-mysqlclient-utility
gate:
jobs:
- airship-porthole-linter
- airship-porthole-images-build-gate-mysqlclient-utility
- airship-porthole-images-build-gate-ceph-utility
- airship-porthole-images-build-gate-etcdctl-utility
- airship-porthole-images-build-gate-mysqlclient-utility
post:
jobs:
- airship-porthole-images-publish-mysqlclient-utility
- airship-porthole-images-publish-ceph-utility
- airship-porthole-images-publish-etcdctl-utility
- airship-porthole-images-publish-mysqlclient-utility
- nodeset:
name: airship-porthole-single-node

41
zuul.d/etcdctl-utility.yaml Normal file
View File

@ -0,0 +1,41 @@
# Copyright 2019 AT&T Intellectual Property. All other rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- job:
name: airship-porthole-images-build-gate-etcdctl-utility
parent: &parent airship-porthole-images
vars:
image_name: &image_name porthole-etcdctl-utility
distro_suffix: &distro_suffix ubuntu_xenial
files:
- ^images/etcdctl-utility/.*$
- ^charts/etcdctl-utility/.*$
- ^Makefile$
- ^tools/.*$
- ^zuul.d/.*$
- job:
name: airship-porthole-images-publish-etcdctl-utility
parent: *parent
secrets:
- name: quay_credentials
secret: quay_credentials
pass-to-parent: true
vars:
image_name: *image_name
distro_suffix: *distro_suffix
publish: true
tags:
dynamic:
commit: true