From 436845541bbd345f7f40dde3a17df4bfc0318fc7 Mon Sep 17 00:00:00 2001 From: intlabs Date: Thu, 2 Nov 2017 03:13:07 -0500 Subject: [PATCH] Image local repo jobs and multiple namespace support This PS introduces support for using a local docker repo to store images if desired, and adds multiple namespace support to the entrypoint lookup functions. Change-Id: Ib51aa30d3cc033795fe13f6c40a57d46171ad586 --- .../clusterrole-calico-cni-plugin.yaml | 2 + .../clusterrole-calico-policy-controller.yaml | 2 + .../clusterrolebinding-calico-cni-plugin.yaml | 2 + ...rrolebinding-calico-policy-controller.yaml | 2 + calico/templates/configmap-bin.yaml | 27 ++++++++ calico/templates/configmap-calico-config.yaml | 2 + calico/templates/daemonset-calico-etcd.yaml | 10 +++ calico/templates/daemonset-calico-node.yaml | 12 +++- .../deployment-calico-policy-controller.yaml | 10 ++- calico/templates/job-image-repo-sync.yaml | 65 ++++++++++++++++++ calico/templates/rbac-entrypoint.yaml | 2 + calico/templates/service-calico-etcd.yaml | 2 + .../serviceaccount-calico-cni-plugin.yaml | 2 + ...rviceaccount-calico-policy-controller.yaml | 2 + calico/values.yaml | 66 +++++++++++++++++- flannel/templates/clusterrole-flannel.yaml | 2 + .../templates/clusterrolebinding-flannel.yaml | 2 + flannel/templates/configmap-bin.yaml | 27 ++++++++ .../templates/configmap-kube-flannel-cfg.yaml | 2 + .../templates/daemonset-kube-flannel-ds.yaml | 10 +++ flannel/templates/job-image-repo-sync.yaml | 65 ++++++++++++++++++ flannel/templates/rbac-entrypoint.yaml | 19 ++++++ flannel/templates/serviceaccount-flannel.yaml | 2 + flannel/values.yaml | 66 +++++++++++++++++- ...ce_name_endpoint_with_namespace_lookup.tpl | 34 ++++++++++ .../templates/scripts/_image-repo-sync.sh.tpl | 26 +++++++ helm-toolkit/templates/snippets/_image.tpl | 5 +- .../_kubernetes_entrypoint_init_container.tpl | 5 +- ...ist.tpl => _comma_joined_service_list.tpl} | 4 +- .../templates/utils/_image_sync_list.tpl | 27 ++++++++ kube-dns/templates/configmap-bin.yaml | 27 ++++++++ kube-dns/templates/configmap-kube-dns.yaml | 2 + kube-dns/templates/deployment-kube-dns.yaml | 8 +++ kube-dns/templates/job-image-repo-sync.yaml | 65 ++++++++++++++++++ kube-dns/templates/rbac-entrypoint.yaml | 19 ++++++ kube-dns/templates/service-kube-dns.yaml | 2 + .../templates/serviceaccount-kube-dns.yaml | 2 + kube-dns/values.yaml | 65 +++++++++++++++++- nfs-provisioner/templates/configmap-bin.yaml | 27 ++++++++ nfs-provisioner/templates/deployment.yaml | 8 +++ .../templates/job-image-repo-sync.yaml | 65 ++++++++++++++++++ .../templates/rbac-entrypoint.yaml | 19 ++++++ nfs-provisioner/values.yaml | 48 ++++++++++++- redis/templates/configmap-bin.yaml | 27 ++++++++ redis/templates/deployment.yaml | 19 ++++-- redis/templates/job-image-repo-sync.yaml | 65 ++++++++++++++++++ redis/templates/rbac-entrypoint.yaml | 19 ++++++ redis/templates/service.yaml | 3 + redis/values.yaml | 67 ++++++++++++++++--- registry/templates/configmap-etc.yaml | 2 +- .../templates/daemonset-registry-proxy.yaml | 10 ++- registry/templates/deployment-registry.yaml | 10 ++- registry/templates/job-bootstrap.yaml | 10 ++- registry/templates/rbac-entrypoint.yaml | 2 + registry/values.yaml | 32 ++++++--- .../templates/clusterrolebinding-tiller.yaml | 2 + tiller/templates/configmap-bin.yaml | 27 ++++++++ tiller/templates/deployment-tiller.yaml | 11 +++ tiller/templates/job-image-repo-sync.yaml | 65 ++++++++++++++++++ tiller/templates/rbac-entrypoint.yaml | 19 ++++++ tiller/templates/service-tiller-deploy.yaml | 2 + tiller/templates/serviceaccount-tiller.yaml | 2 + tiller/values.yaml | 63 ++++++++++++++++- .../tasks/generate-dynamic-over-rides.yaml | 13 ---- tools/gate/playbooks/vars.yaml | 26 +++---- tools/gate/playbooks/zuul-pre.yaml | 13 +++- 66 files changed, 1289 insertions(+), 81 deletions(-) create mode 100644 calico/templates/configmap-bin.yaml create mode 100644 calico/templates/job-image-repo-sync.yaml create mode 100644 flannel/templates/configmap-bin.yaml create mode 100644 flannel/templates/job-image-repo-sync.yaml create mode 100644 flannel/templates/rbac-entrypoint.yaml create mode 100644 helm-toolkit/templates/endpoints/_service_name_endpoint_with_namespace_lookup.tpl create mode 100644 helm-toolkit/templates/scripts/_image-repo-sync.sh.tpl rename helm-toolkit/templates/utils/{_comma_joined_hostname_list.tpl => _comma_joined_service_list.tpl} (86%) create mode 100644 helm-toolkit/templates/utils/_image_sync_list.tpl create mode 100644 kube-dns/templates/configmap-bin.yaml create mode 100644 kube-dns/templates/job-image-repo-sync.yaml create mode 100644 kube-dns/templates/rbac-entrypoint.yaml create mode 100644 nfs-provisioner/templates/configmap-bin.yaml create mode 100644 nfs-provisioner/templates/job-image-repo-sync.yaml create mode 100644 nfs-provisioner/templates/rbac-entrypoint.yaml create mode 100644 redis/templates/configmap-bin.yaml create mode 100644 redis/templates/job-image-repo-sync.yaml create mode 100644 redis/templates/rbac-entrypoint.yaml create mode 100644 tiller/templates/configmap-bin.yaml create mode 100644 tiller/templates/job-image-repo-sync.yaml create mode 100644 tiller/templates/rbac-entrypoint.yaml diff --git a/calico/templates/clusterrole-calico-cni-plugin.yaml b/calico/templates/clusterrole-calico-cni-plugin.yaml index 5d08e5eb4..8903d1129 100644 --- a/calico/templates/clusterrole-calico-cni-plugin.yaml +++ b/calico/templates/clusterrole-calico-cni-plugin.yaml @@ -14,6 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.clusterrole_calico_cni_plugin }} {{- $envAll := . }} --- kind: ClusterRole @@ -27,3 +28,4 @@ rules: - nodes verbs: - get +{{- end }} diff --git a/calico/templates/clusterrole-calico-policy-controller.yaml b/calico/templates/clusterrole-calico-policy-controller.yaml index 8a9724f64..e567dd35e 100644 --- a/calico/templates/clusterrole-calico-policy-controller.yaml +++ b/calico/templates/clusterrole-calico-policy-controller.yaml @@ -14,6 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.clusterrole_calico_policy_controller }} {{- $envAll := . }} --- kind: ClusterRole @@ -31,3 +32,4 @@ rules: verbs: - watch - list +{{- end }} diff --git a/calico/templates/clusterrolebinding-calico-cni-plugin.yaml b/calico/templates/clusterrolebinding-calico-cni-plugin.yaml index 3fbe6850a..f662c6a4d 100644 --- a/calico/templates/clusterrolebinding-calico-cni-plugin.yaml +++ b/calico/templates/clusterrolebinding-calico-cni-plugin.yaml @@ -14,6 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.clusterrolebinding_calico_cni_plugin }} {{- $envAll := . }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 @@ -28,3 +29,4 @@ subjects: - kind: ServiceAccount name: calico-cni-plugin namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/calico/templates/clusterrolebinding-calico-policy-controller.yaml b/calico/templates/clusterrolebinding-calico-policy-controller.yaml index ac65ba95a..fb281ce2f 100644 --- a/calico/templates/clusterrolebinding-calico-policy-controller.yaml +++ b/calico/templates/clusterrolebinding-calico-policy-controller.yaml @@ -14,6 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.clusterrolebinding_calico_policy_controller }} {{- $envAll := . }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 @@ -28,3 +29,4 @@ subjects: - kind: ServiceAccount name: calico-policy-controller namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/calico/templates/configmap-bin.yaml b/calico/templates/configmap-bin.yaml new file mode 100644 index 000000000..15bfd9522 --- /dev/null +++ b/calico/templates/configmap-bin.yaml @@ -0,0 +1,27 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: calico-bin +data: + image-repo-sync.sh: |+ +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} diff --git a/calico/templates/configmap-calico-config.yaml b/calico/templates/configmap-calico-config.yaml index ef21fce71..f2f63e4c9 100644 --- a/calico/templates/configmap-calico-config.yaml +++ b/calico/templates/configmap-calico-config.yaml @@ -14,6 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.configmap_calico_config }} {{- $envAll := . }} --- # This ConfigMap is used to configure a self-hosted Calico installation. @@ -50,3 +51,4 @@ data: "kubeconfig": "/etc/cni/net.d/__KUBECONFIG_FILENAME__" } } +{{- end }} diff --git a/calico/templates/daemonset-calico-etcd.yaml b/calico/templates/daemonset-calico-etcd.yaml index a9e0bfee2..d048f949a 100644 --- a/calico/templates/daemonset-calico-etcd.yaml +++ b/calico/templates/daemonset-calico-etcd.yaml @@ -14,7 +14,13 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.daemonset_calico_etcd }} {{- $envAll := . }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.etcd .Values.conditional_dependencies.local_image_registry) -}} +{{- else -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.etcd -}} +{{- end -}} --- # This manifest installs the Calico etcd on the kubeadm master. This uses a DaemonSet # to force it to run on the master even when the master isn't schedulable, and uses @@ -49,6 +55,8 @@ spec: nodeSelector: node-role.kubernetes.io/master: "" hostNetwork: true + initContainers: +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: calico-etcd {{ tuple $envAll "calico_etcd" | include "helm-toolkit.snippets.image" | indent 10 }} @@ -68,6 +76,8 @@ spec: - name: var-etcd mountPath: /var/etcd volumes: +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} - name: var-etcd hostPath: path: /var/etcd +{{- end }} diff --git a/calico/templates/daemonset-calico-node.yaml b/calico/templates/daemonset-calico-node.yaml index e40f69b17..31e9b7965 100644 --- a/calico/templates/daemonset-calico-node.yaml +++ b/calico/templates/daemonset-calico-node.yaml @@ -14,8 +14,13 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.daemonset_calico_node }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.calico_node }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.calico_node .Values.conditional_dependencies.local_image_registry) -}} +{{- else -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.calico_node -}} +{{- end -}} --- # This manifest installs the calico/node container, as well # as the Calico CNI plugins and network config on @@ -54,7 +59,7 @@ spec: operator: Exists serviceAccountName: calico-cni-plugin initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: # Runs calico/node container on each Kubernetes node. This # container programs network policy and routes on each @@ -155,6 +160,7 @@ spec: - mountPath: /host/etc/cni/net.d name: cni-net-dir volumes: +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} # Used by calico/node. - name: lib-modules hostPath: @@ -169,4 +175,4 @@ spec: - name: cni-net-dir hostPath: path: /etc/cni/net.d -{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} +{{- end }} diff --git a/calico/templates/deployment-calico-policy-controller.yaml b/calico/templates/deployment-calico-policy-controller.yaml index f993f8861..2fe0b4d49 100644 --- a/calico/templates/deployment-calico-policy-controller.yaml +++ b/calico/templates/deployment-calico-policy-controller.yaml @@ -14,8 +14,13 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.deployment_calico_policy_controller }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.calico_policy_controller }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.calico_policy_controller .Values.conditional_dependencies.local_image_registry) -}} +{{- else -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.calico_policy_controller -}} +{{- end -}} --- # This manifest deploys the Calico policy controller on Kubernetes. # See https://github.com/projectcalico/k8s-policy @@ -55,7 +60,7 @@ spec: operator: Exists serviceAccountName: calico-policy-controller initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: calico-policy-controller {{ tuple $envAll "calico_kube_policy_controller" | include "helm-toolkit.snippets.image" | indent 10 }} @@ -77,3 +82,4 @@ spec: value: "true" volumes: {{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} +{{- end }} diff --git a/calico/templates/job-image-repo-sync.yaml b/calico/templates/job-image-repo-sync.yaml new file mode 100644 index 000000000..6b5e664f1 --- /dev/null +++ b/calico/templates/job-image-repo-sync.yaml @@ -0,0 +1,65 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_image_repo_sync }} +{{- $envAll := . }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.image_repo_sync -}} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: calico-image-repo-sync +spec: + template: + metadata: + labels: +{{ tuple $envAll "calico" "image-repo-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: image-repo-sync +{{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.image_repo_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: LOCAL_REPO + value: "{{ tuple "local_image_registry" "node" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}:{{ tuple "local_image_registry" "node" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}" + - name: IMAGE_SYNC_LIST + value: "{{ include "helm-toolkit.utils.image_sync_list" . }}" + command: + - /tmp/image-repo-sync.sh + volumeMounts: + - name: calico-bin + mountPath: /tmp/image-repo-sync.sh + subPath: image-repo-sync.sh + readOnly: true + - name: docker-socket + mountPath: /var/run/docker.sock + volumes: +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} + - name: calico-bin + configMap: + name: calico-bin + defaultMode: 0555 + - name: docker-socket + hostPath: + path: /var/run/docker.sock +{{- end }} +{{- end }} diff --git a/calico/templates/rbac-entrypoint.yaml b/calico/templates/rbac-entrypoint.yaml index c05fe8889..311712ea9 100644 --- a/calico/templates/rbac-entrypoint.yaml +++ b/calico/templates/rbac-entrypoint.yaml @@ -14,4 +14,6 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.rbac_entrypoint }} {{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_rbac"}} +{{- end }} diff --git a/calico/templates/service-calico-etcd.yaml b/calico/templates/service-calico-etcd.yaml index 6a37c196a..75c5187cb 100644 --- a/calico/templates/service-calico-etcd.yaml +++ b/calico/templates/service-calico-etcd.yaml @@ -14,6 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.service_calico_etcd }} {{- $envAll := . }} --- # This manifest installs the Service which gets traffic to the Calico @@ -35,3 +36,4 @@ spec: clusterIP: 10.96.232.136 ports: - port: {{ tuple "etcd" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- end }} diff --git a/calico/templates/serviceaccount-calico-cni-plugin.yaml b/calico/templates/serviceaccount-calico-cni-plugin.yaml index 3d1c94957..f055437c3 100644 --- a/calico/templates/serviceaccount-calico-cni-plugin.yaml +++ b/calico/templates/serviceaccount-calico-cni-plugin.yaml @@ -14,9 +14,11 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.serviceaccount_calico_cni_plugin }} {{- $envAll := . }} --- apiVersion: v1 kind: ServiceAccount metadata: name: calico-cni-plugin +{{- end }} diff --git a/calico/templates/serviceaccount-calico-policy-controller.yaml b/calico/templates/serviceaccount-calico-policy-controller.yaml index e65be437e..19912fb59 100644 --- a/calico/templates/serviceaccount-calico-policy-controller.yaml +++ b/calico/templates/serviceaccount-calico-policy-controller.yaml @@ -14,9 +14,11 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.serviceaccount_calico_policy_controller }} {{- $envAll := . }} --- apiVersion: v1 kind: ServiceAccount metadata: name: calico-policy-controller +{{- end }} diff --git a/calico/values.yaml b/calico/values.yaml index 3b9ab0ee7..ccdc80f09 100644 --- a/calico/values.yaml +++ b/calico/values.yaml @@ -20,6 +20,10 @@ # calico/cni:v1.10.0 # calico/kube-policy-controller:v0.7.0 +labels: + node_selector_key: openstack-control-plane + node_selector_value: enabled + images: tags: calico_etcd: quay.io/coreos/etcd:v3.1.10 @@ -27,11 +31,33 @@ images: calico_cni: quay.io/calico/cni:v1.10.0 calico_kube_policy_controller: quay.io/calico/kube-policy-controller:v0.7.0 dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent - registry: - prefix: null + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + - calico_etcd + - calico_node + - calico_cni + - calico_kube_policy_controller + +pod: + resources: + enabled: false + jobs: + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" dependencies: + etcd: + services: null calico_node: services: - service: etcd @@ -41,8 +67,28 @@ dependencies: - service: etcd endpoint: internal +conditional_dependencies: + local_image_registry: + jobs: + - calico-image-repo-sync + services: + - service: local_image_registry + endpoint: node + endpoints: cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 etcd: hosts: default: calico-etcd @@ -56,3 +102,19 @@ endpoints: networking: podSubnet: 192.168.0.0/16 + +manifests: + clusterrole_calico_cni_plugin: true + clusterrole_calico_policy_controller: true + clusterrolebinding_calico_cni_plugin: true + clusterrolebinding_calico_policy_controller: true + configmap_bin: true + configmap_calico_config: true + daemonset_calico_etcd: true + daemonset_calico_node: true + deployment_calico_policy_controller: true + job_image_repo_sync: true + rbac_entrypoint: true + service_calico_etcd: true + serviceaccount_calico_cni_plugin: true + serviceaccount_calico_policy_controller: true diff --git a/flannel/templates/clusterrole-flannel.yaml b/flannel/templates/clusterrole-flannel.yaml index c6a314381..88062ac72 100644 --- a/flannel/templates/clusterrole-flannel.yaml +++ b/flannel/templates/clusterrole-flannel.yaml @@ -14,6 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.clusterrole_flannel }} {{- $envAll := . }} --- kind: ClusterRole @@ -40,3 +41,4 @@ rules: - nodes/status verbs: - patch +{{- end }} diff --git a/flannel/templates/clusterrolebinding-flannel.yaml b/flannel/templates/clusterrolebinding-flannel.yaml index ada0db445..05e47f498 100644 --- a/flannel/templates/clusterrolebinding-flannel.yaml +++ b/flannel/templates/clusterrolebinding-flannel.yaml @@ -14,6 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.clusterrolebinding_flannel }} {{- $envAll := . }} --- kind: ClusterRoleBinding @@ -28,3 +29,4 @@ subjects: - kind: ServiceAccount name: flannel namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/flannel/templates/configmap-bin.yaml b/flannel/templates/configmap-bin.yaml new file mode 100644 index 000000000..02e2442af --- /dev/null +++ b/flannel/templates/configmap-bin.yaml @@ -0,0 +1,27 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: flannel-bin +data: + image-repo-sync.sh: |+ +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} diff --git a/flannel/templates/configmap-kube-flannel-cfg.yaml b/flannel/templates/configmap-kube-flannel-cfg.yaml index 84e050e82..83beac956 100644 --- a/flannel/templates/configmap-kube-flannel-cfg.yaml +++ b/flannel/templates/configmap-kube-flannel-cfg.yaml @@ -14,6 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.configmap_kube_flannel_cfg }} {{- $envAll := . }} --- kind: ConfigMap @@ -39,3 +40,4 @@ data: "Type": "vxlan" } } +{{- end }} diff --git a/flannel/templates/daemonset-kube-flannel-ds.yaml b/flannel/templates/daemonset-kube-flannel-ds.yaml index 9fd628be6..0a2303c40 100644 --- a/flannel/templates/daemonset-kube-flannel-ds.yaml +++ b/flannel/templates/daemonset-kube-flannel-ds.yaml @@ -14,7 +14,13 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.daemonset_kube_flannel_ds }} {{- $envAll := . }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.flannel .Values.conditional_dependencies.local_image_registry) -}} +{{- else -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.flannel -}} +{{- end -}} --- apiVersion: extensions/v1beta1 kind: DaemonSet @@ -40,6 +46,8 @@ spec: operator: Exists effect: NoSchedule serviceAccountName: flannel + initContainers: +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: kube-flannel {{ tuple $envAll "flannel" | include "helm-toolkit.snippets.image" | indent 10 }} @@ -69,6 +77,7 @@ spec: - name: flannel-cfg mountPath: /etc/kube-flannel/ volumes: +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} - name: run hostPath: path: /run @@ -78,3 +87,4 @@ spec: - name: flannel-cfg configMap: name: kube-flannel-cfg +{{- end }} diff --git a/flannel/templates/job-image-repo-sync.yaml b/flannel/templates/job-image-repo-sync.yaml new file mode 100644 index 000000000..36f38429d --- /dev/null +++ b/flannel/templates/job-image-repo-sync.yaml @@ -0,0 +1,65 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_image_repo_sync }} +{{- $envAll := . }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.image_repo_sync -}} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: flannel-image-repo-sync +spec: + template: + metadata: + labels: +{{ tuple $envAll "flannel" "image-repo-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: image-repo-sync +{{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.image_repo_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: LOCAL_REPO + value: "{{ tuple "local_image_registry" "node" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}:{{ tuple "local_image_registry" "node" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}" + - name: IMAGE_SYNC_LIST + value: "{{ include "helm-toolkit.utils.image_sync_list" . }}" + command: + - /tmp/image-repo-sync.sh + volumeMounts: + - name: flannel-bin + mountPath: /tmp/image-repo-sync.sh + subPath: image-repo-sync.sh + readOnly: true + - name: docker-socket + mountPath: /var/run/docker.sock + volumes: +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} + - name: flannel-bin + configMap: + name: flannel-bin + defaultMode: 0555 + - name: docker-socket + hostPath: + path: /var/run/docker.sock +{{- end }} +{{- end }} diff --git a/flannel/templates/rbac-entrypoint.yaml b/flannel/templates/rbac-entrypoint.yaml new file mode 100644 index 000000000..311712ea9 --- /dev/null +++ b/flannel/templates/rbac-entrypoint.yaml @@ -0,0 +1,19 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.rbac_entrypoint }} +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_rbac"}} +{{- end }} diff --git a/flannel/templates/serviceaccount-flannel.yaml b/flannel/templates/serviceaccount-flannel.yaml index 558cf7842..3b1095833 100644 --- a/flannel/templates/serviceaccount-flannel.yaml +++ b/flannel/templates/serviceaccount-flannel.yaml @@ -14,9 +14,11 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.serviceaccount_flannel }} {{- $envAll := . }} --- apiVersion: v1 kind: ServiceAccount metadata: name: flannel +{{- end }} diff --git a/flannel/values.yaml b/flannel/values.yaml index e89f45b36..5c7db77d0 100644 --- a/flannel/values.yaml +++ b/flannel/values.yaml @@ -14,12 +14,74 @@ # https://raw.githubusercontent.com/coreos/flannel/v0.8.0/Documentation/kube-flannel.yml +labels: + node_selector_key: openstack-control-plane + node_selector_value: enabled + images: tags: flannel: quay.io/coreos/flannel:v0.8.0-amd64 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent - registry: - prefix: null + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + - flannel + +pod: + resources: + enabled: false + jobs: + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" networking: podSubnet: 192.168.0.0/16 + +dependencies: + flannel: + services: null + image_repo_sync: + services: + - service: local_image_registry + endpoint: internal + +conditional_dependencies: + local_image_registry: + jobs: + - flannel-image-repo-sync + services: + - service: local_image_registry + endpoint: node + +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + +manifests: + clusterrole_flannel: true + clusterrolebinding_flannel: true + configmap_bin: true + configmap_kube_flannel_cfg: true + daemonset_kube_flannel_ds: true + job_image_repo_sync: true + rbac_entrypoint: true diff --git a/helm-toolkit/templates/endpoints/_service_name_endpoint_with_namespace_lookup.tpl b/helm-toolkit/templates/endpoints/_service_name_endpoint_with_namespace_lookup.tpl new file mode 100644 index 000000000..c4a82a60a --- /dev/null +++ b/helm-toolkit/templates/endpoints/_service_name_endpoint_with_namespace_lookup.tpl @@ -0,0 +1,34 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function returns endpoint ":" pair from an endpoint +# definition. This is used in kubernetes-entrypoint to support dependencies +# between different services in different namespaces. +# returns: the endpoint namespace and the service name, delimited by a colon + +{{- define "helm-toolkit.endpoints.service_name_endpoint_with_namespace_lookup" -}} +{{- $type := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $context := index . 2 -}} +{{- $typeYamlSafe := $type | replace "-" "_" }} +{{- $endpointMap := index $context.Values.endpoints $typeYamlSafe }} +{{- with $endpointMap -}} +{{- $endpointScheme := .scheme }} +{{- $endpointName := index .hosts $endpoint | default .hosts.default}} +{{- $endpointNamespace := .namespace | default $context.Release.Namespace }} +{{- printf "%s:%s" $endpointNamespace $endpointName -}} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/scripts/_image-repo-sync.sh.tpl b/helm-toolkit/templates/scripts/_image-repo-sync.sh.tpl new file mode 100644 index 000000000..a9c2b1e45 --- /dev/null +++ b/helm-toolkit/templates/scripts/_image-repo-sync.sh.tpl @@ -0,0 +1,26 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.scripts.image_repo_sync" }} +#!/bin/sh +set -ex + +IFS=','; for IMAGE in ${IMAGE_SYNC_LIST}; do + docker pull ${IMAGE} + docker tag ${IMAGE} ${LOCAL_REPO}/${IMAGE} + docker push ${LOCAL_REPO}/${IMAGE} +done +{{- end }} diff --git a/helm-toolkit/templates/snippets/_image.tpl b/helm-toolkit/templates/snippets/_image.tpl index 428b8117e..d2d8e47eb 100644 --- a/helm-toolkit/templates/snippets/_image.tpl +++ b/helm-toolkit/templates/snippets/_image.tpl @@ -18,8 +18,9 @@ limitations under the License. {{- $envAll := index . 0 -}} {{- $image := index . 1 -}} {{- $imageTag := index $envAll.Values.images.tags $image -}} -{{- if $envAll.Values.images.registry.prefix -}} -image: {{ printf "%s/%s" $envAll.Values.images.registry.prefix $imageTag | quote }} +{{- if and ($envAll.Values.images.local_registry.active) (not (has $image $envAll.Values.images.local_registry.exclude )) -}} +{{- $registryPrefix := printf "%s:%s" (tuple "local_image_registry" "node" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup") (tuple "local_image_registry" "node" "registry" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup") -}} +image: {{ printf "%s/%s" $registryPrefix $imageTag | quote }} {{- else -}} image: {{ $imageTag | quote }} {{- end }} diff --git a/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl b/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl index 30dff46bc..234bc94da 100644 --- a/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl +++ b/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl @@ -21,8 +21,7 @@ limitations under the License. {{- $mountServiceAccount := dict "mountPath" "/var/run/secrets/kubernetes.io/serviceaccount" "name" "entrypoint-serviceaccount-secret" "readOnly" true -}} {{- $mountsEntrypoint := append $mounts $mountServiceAccount -}} - name: init - image: {{ $envAll.Values.images.tags.dep_check }} - imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll "dep_check" | include "helm-toolkit.snippets.image" | indent 2 }} env: - name: POD_NAME valueFrom: @@ -37,7 +36,7 @@ limitations under the License. - name: INTERFACE_NAME value: eth0 - name: DEPENDENCY_SERVICE - value: "{{ tuple $deps.services $envAll | include "helm-toolkit.utils.comma_joined_hostname_list" }}" + value: "{{ tuple $deps.services $envAll | include "helm-toolkit.utils.comma_joined_service_list" }}" - name: DEPENDENCY_JOBS value: "{{ include "helm-toolkit.utils.joinListWithComma" $deps.jobs }}" - name: DEPENDENCY_DAEMONSET diff --git a/helm-toolkit/templates/utils/_comma_joined_hostname_list.tpl b/helm-toolkit/templates/utils/_comma_joined_service_list.tpl similarity index 86% rename from helm-toolkit/templates/utils/_comma_joined_hostname_list.tpl rename to helm-toolkit/templates/utils/_comma_joined_service_list.tpl index 69747687e..7f965eade 100644 --- a/helm-toolkit/templates/utils/_comma_joined_hostname_list.tpl +++ b/helm-toolkit/templates/utils/_comma_joined_service_list.tpl @@ -14,8 +14,8 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- define "helm-toolkit.utils.comma_joined_hostname_list" -}} +{{- define "helm-toolkit.utils.comma_joined_service_list" -}} {{- $deps := index . 0 -}} {{- $envAll := index . 1 -}} -{{- range $k, $v := $deps -}}{{- if $k -}},{{- end -}}{{ tuple $v.service $v.endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}{{- end -}} +{{- range $k, $v := $deps -}}{{- if $k -}},{{- end -}}{{ tuple $v.service $v.endpoint $envAll | include "helm-toolkit.endpoints.service_name_endpoint_with_namespace_lookup" }}{{- end -}} {{- end -}} diff --git a/helm-toolkit/templates/utils/_image_sync_list.tpl b/helm-toolkit/templates/utils/_image_sync_list.tpl new file mode 100644 index 000000000..54dea4287 --- /dev/null +++ b/helm-toolkit/templates/utils/_image_sync_list.tpl @@ -0,0 +1,27 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.utils.image_sync_list" -}} +{{- $imageExcludeList := .Values.images.local_registry.exclude -}} +{{- $imageDict := .Values.images.tags -}} +{{- $local := dict "first" true -}} +{{- range $k, $v := $imageDict -}} +{{- if not $local.first -}},{{- end -}} +{{- if (not (has $k $imageExcludeList )) -}} +{{- index $imageDict $k -}} +{{- $_ := set $local "first" false -}} +{{- end -}}{{- end -}} +{{- end -}} diff --git a/kube-dns/templates/configmap-bin.yaml b/kube-dns/templates/configmap-bin.yaml new file mode 100644 index 000000000..961d54d8a --- /dev/null +++ b/kube-dns/templates/configmap-bin.yaml @@ -0,0 +1,27 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: kube-dns-bin +data: + image-repo-sync.sh: |+ +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} diff --git a/kube-dns/templates/configmap-kube-dns.yaml b/kube-dns/templates/configmap-kube-dns.yaml index 3d686d0b2..279729c05 100644 --- a/kube-dns/templates/configmap-kube-dns.yaml +++ b/kube-dns/templates/configmap-kube-dns.yaml @@ -14,6 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.configmap_kube_dns }} {{- $envAll := . }} --- apiVersion: v1 @@ -22,3 +23,4 @@ metadata: name: kube-dns labels: addonmanager.kubernetes.io/mode: EnsureExists +{{- end }} diff --git a/kube-dns/templates/deployment-kube-dns.yaml b/kube-dns/templates/deployment-kube-dns.yaml index 847d5c4c7..eb2f86119 100644 --- a/kube-dns/templates/deployment-kube-dns.yaml +++ b/kube-dns/templates/deployment-kube-dns.yaml @@ -14,7 +14,13 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.deployment_kube_dns }} {{- $envAll := . }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.kube_dns .Values.conditional_dependencies.local_image_registry) -}} +{{- else -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.kube_dns -}} +{{- end -}} --- apiVersion: extensions/v1beta1 kind: Deployment @@ -181,8 +187,10 @@ spec: - effect: NoSchedule key: node-role.kubernetes.io/master volumes: +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 6 }} - configMap: defaultMode: 420 name: kube-dns optional: true name: kube-dns-config +{{- end }} diff --git a/kube-dns/templates/job-image-repo-sync.yaml b/kube-dns/templates/job-image-repo-sync.yaml new file mode 100644 index 000000000..9bc962e36 --- /dev/null +++ b/kube-dns/templates/job-image-repo-sync.yaml @@ -0,0 +1,65 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_image_repo_sync }} +{{- $envAll := . }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.image_repo_sync -}} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: kube-dns-image-repo-sync +spec: + template: + metadata: + labels: +{{ tuple $envAll "kube-dns" "image-repo-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: image-repo-sync +{{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.image_repo_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: LOCAL_REPO + value: "{{ tuple "local_image_registry" "node" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}:{{ tuple "local_image_registry" "node" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}" + - name: IMAGE_SYNC_LIST + value: "{{ include "helm-toolkit.utils.image_sync_list" . }}" + command: + - /tmp/image-repo-sync.sh + volumeMounts: + - name: kube-dns-bin + mountPath: /tmp/image-repo-sync.sh + subPath: image-repo-sync.sh + readOnly: true + - name: docker-socket + mountPath: /var/run/docker.sock + volumes: + - name: kube-dns-bin + configMap: + name: kube-dns-bin + defaultMode: 0555 + - name: docker-socket + hostPath: + path: /var/run/docker.sock +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} +{{- end }} +{{- end }} diff --git a/kube-dns/templates/rbac-entrypoint.yaml b/kube-dns/templates/rbac-entrypoint.yaml new file mode 100644 index 000000000..311712ea9 --- /dev/null +++ b/kube-dns/templates/rbac-entrypoint.yaml @@ -0,0 +1,19 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.rbac_entrypoint }} +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_rbac"}} +{{- end }} diff --git a/kube-dns/templates/service-kube-dns.yaml b/kube-dns/templates/service-kube-dns.yaml index 8bed035f7..7e5723a0e 100644 --- a/kube-dns/templates/service-kube-dns.yaml +++ b/kube-dns/templates/service-kube-dns.yaml @@ -14,6 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.service_kube_dns }} {{- $envAll := . }} --- apiVersion: v1 @@ -41,3 +42,4 @@ spec: selector: k8s-app: kube-dns {{ tuple $envAll "kubernetes" "dns" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- end }} diff --git a/kube-dns/templates/serviceaccount-kube-dns.yaml b/kube-dns/templates/serviceaccount-kube-dns.yaml index a6d093a29..7465cd8b8 100644 --- a/kube-dns/templates/serviceaccount-kube-dns.yaml +++ b/kube-dns/templates/serviceaccount-kube-dns.yaml @@ -14,6 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.serviceaccount_kube_dns }} {{- $envAll := . }} --- apiVersion: v1 @@ -23,3 +24,4 @@ metadata: labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile +{{- end }} diff --git a/kube-dns/values.yaml b/kube-dns/values.yaml index da7b19e2d..7e12e8ac2 100644 --- a/kube-dns/values.yaml +++ b/kube-dns/values.yaml @@ -14,15 +14,76 @@ # https://raw.githubusercontent.com/coreos/flannel/v0.8.0/Documentation/kube-flannel.yml +labels: + node_selector_key: openstack-control-plane + node_selector_value: enabled + images: tags: kube_dns: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5 kube_dns_nanny: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5 kube_dns_sidecar: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent - registry: - prefix: null + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +pod: + resources: + enabled: false + jobs: + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" networking: dnsDomain: cluster.local dnsIP: 10.96.0.10 + +dependencies: + kube_dns: + services: null + image_repo_sync: + services: + - service: local_image_registry + endpoint: internal + +conditional_dependencies: + local_image_registry: + jobs: + - kube-dns-image-repo-sync + services: + - service: local_image_registry + endpoint: node + +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + +manifests: + configmap_bin: true + configmap_kube_dns: true + deployment_kube_dns: true + job_image_repo_sync: true + rbac_entrypoint: true + service_kube_dns: true + serviceaccount_kube_dns: true diff --git a/nfs-provisioner/templates/configmap-bin.yaml b/nfs-provisioner/templates/configmap-bin.yaml new file mode 100644 index 000000000..37e65dcfc --- /dev/null +++ b/nfs-provisioner/templates/configmap-bin.yaml @@ -0,0 +1,27 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nfs-bin +data: + image-repo-sync.sh: |+ +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} diff --git a/nfs-provisioner/templates/deployment.yaml b/nfs-provisioner/templates/deployment.yaml index a333fbe9b..df41be211 100644 --- a/nfs-provisioner/templates/deployment.yaml +++ b/nfs-provisioner/templates/deployment.yaml @@ -16,6 +16,11 @@ limitations under the License. {{- if .Values.manifests.deployment }} {{- $envAll := . }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.nfs .Values.conditional_dependencies.local_image_registry) -}} +{{- else -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.nfs -}} +{{- end -}} --- kind: Deployment apiVersion: apps/v1beta1 @@ -34,6 +39,8 @@ spec: {{ tuple $envAll "nfs" "provisioner" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: nfs-provisioner {{ tuple $envAll "nfs_provisioner" | include "helm-toolkit.snippets.image" | indent 10 }} @@ -71,6 +78,7 @@ spec: - name: export-volume mountPath: /export volumes: +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} - name: export-volume hostPath: path: {{ .Values.storage.host.host_path }} diff --git a/nfs-provisioner/templates/job-image-repo-sync.yaml b/nfs-provisioner/templates/job-image-repo-sync.yaml new file mode 100644 index 000000000..60bc42a82 --- /dev/null +++ b/nfs-provisioner/templates/job-image-repo-sync.yaml @@ -0,0 +1,65 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_image_repo_sync }} +{{- $envAll := . }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.image_repo_sync -}} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: nfs-image-repo-sync +spec: + template: + metadata: + labels: +{{ tuple $envAll "nfs" "image-repo-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: image-repo-sync +{{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.image_repo_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: LOCAL_REPO + value: "{{ tuple "local_image_registry" "node" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}:{{ tuple "local_image_registry" "node" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}" + - name: IMAGE_SYNC_LIST + value: "{{ include "helm-toolkit.utils.image_sync_list" . }}" + command: + - /tmp/image-repo-sync.sh + volumeMounts: + - name: nfs-bin + mountPath: /tmp/image-repo-sync.sh + subPath: image-repo-sync.sh + readOnly: true + - name: docker-socket + mountPath: /var/run/docker.sock + volumes: + - name: nfs-bin + configMap: + name: nfs-bin + defaultMode: 0555 + - name: docker-socket + hostPath: + path: /var/run/docker.sock +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} +{{- end }} +{{- end }} diff --git a/nfs-provisioner/templates/rbac-entrypoint.yaml b/nfs-provisioner/templates/rbac-entrypoint.yaml new file mode 100644 index 000000000..311712ea9 --- /dev/null +++ b/nfs-provisioner/templates/rbac-entrypoint.yaml @@ -0,0 +1,19 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.rbac_entrypoint }} +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_rbac"}} +{{- end }} diff --git a/nfs-provisioner/values.yaml b/nfs-provisioner/values.yaml index d9bc1ede5..88cdd4a79 100644 --- a/nfs-provisioner/values.yaml +++ b/nfs-provisioner/values.yaml @@ -35,13 +35,26 @@ pod: limits: memory: "1024Mi" cpu: "2000m" + jobs: + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" images: tags: nfs_provisioner: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.8 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent - registry: - prefix: null + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync storage: host: @@ -55,8 +68,36 @@ storageclass: provisioner: example.com/nfs name: general +dependencies: + nfs: + services: null + image_repo_sync: + services: + - service: local_image_registry + endpoint: internal + +conditional_dependencies: + local_image_registry: + jobs: + - nfs-image-repo-sync + services: + - service: local_image_registry + endpoint: node + endpoints: cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 nfs: hosts: default: nfs-provisioner @@ -69,6 +110,9 @@ endpoints: default: null manifests: + configmap_bin: true deployment: true + job_image_repo_sync: true + rbac_entrypoint: true service: true storage_class: true diff --git a/redis/templates/configmap-bin.yaml b/redis/templates/configmap-bin.yaml new file mode 100644 index 000000000..50ee33613 --- /dev/null +++ b/redis/templates/configmap-bin.yaml @@ -0,0 +1,27 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: redis-bin +data: + image-repo-sync.sh: |+ +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} diff --git a/redis/templates/deployment.yaml b/redis/templates/deployment.yaml index 369e39122..b68d39824 100644 --- a/redis/templates/deployment.yaml +++ b/redis/templates/deployment.yaml @@ -14,7 +14,13 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.deployment }} {{- $envAll := . }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.redis .Values.conditional_dependencies.local_image_registry) -}} +{{- else -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.redis -}} +{{- end -}} --- apiVersion: apps/v1beta1 kind: Deployment @@ -32,16 +38,21 @@ spec: {{ tuple $envAll "redis" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: redis {{ tuple $envAll "redis" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: ["sh", "-xec"] - args: - - | - exec redis-server --port {{ .Values.network.port }} + command: + - redis-server + - --port + - {{ .Values.network.port | quote }} ports: - containerPort: {{ .Values.network.port }} readinessProbe: tcpSocket: port: {{ .Values.network.port }} + volumes: +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} +{{- end }} diff --git a/redis/templates/job-image-repo-sync.yaml b/redis/templates/job-image-repo-sync.yaml new file mode 100644 index 000000000..75eff2272 --- /dev/null +++ b/redis/templates/job-image-repo-sync.yaml @@ -0,0 +1,65 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_image_repo_sync }} +{{- $envAll := . }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.image_repo_sync -}} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: redis-image-repo-sync +spec: + template: + metadata: + labels: +{{ tuple $envAll "redis" "image-repo-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: image-repo-sync +{{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.image_repo_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: LOCAL_REPO + value: "{{ tuple "local_image_registry" "node" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}:{{ tuple "local_image_registry" "node" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}" + - name: IMAGE_SYNC_LIST + value: "{{ include "helm-toolkit.utils.image_sync_list" . }}" + command: + - /tmp/image-repo-sync.sh + volumeMounts: + - name: redis-bin + mountPath: /tmp/image-repo-sync.sh + subPath: image-repo-sync.sh + readOnly: true + - name: docker-socket + mountPath: /var/run/docker.sock + volumes: + - name: redis-bin + configMap: + name: redis-bin + defaultMode: 0555 + - name: docker-socket + hostPath: + path: /var/run/docker.sock +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} +{{- end }} +{{- end }} diff --git a/redis/templates/rbac-entrypoint.yaml b/redis/templates/rbac-entrypoint.yaml new file mode 100644 index 000000000..311712ea9 --- /dev/null +++ b/redis/templates/rbac-entrypoint.yaml @@ -0,0 +1,19 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.rbac_entrypoint }} +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_rbac"}} +{{- end }} diff --git a/redis/templates/service.yaml b/redis/templates/service.yaml index 66cbc467d..fee7ea175 100644 --- a/redis/templates/service.yaml +++ b/redis/templates/service.yaml @@ -13,6 +13,8 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */}} + +{{- if .Values.manifests.service }} {{- $envAll := . }} --- apiVersion: v1 @@ -25,3 +27,4 @@ spec: - port: {{ .Values.network.port }} selector: {{ tuple $envAll "redis" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- end }} diff --git a/redis/values.yaml b/redis/values.yaml index 036300d01..4990cf200 100644 --- a/redis/values.yaml +++ b/redis/values.yaml @@ -20,17 +20,22 @@ images: tags: redis: docker.io/redis:4.0.1 - pull_policy: "IfNotPresent" - registry: - prefix: null + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + image_repo_sync: docker.io/docker:17.07.0 + pull_policy: IfNotPresent + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync pod: affinity: - anti: - type: - default: preferredDuringSchedulingIgnoredDuringExecution - topologyKey: - default: kubernetes.io/hostname + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname replicas: server: 1 lifecycle: @@ -50,6 +55,14 @@ pod: requests: memory: "128Mi" cpu: "500m" + jobs: + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" labels: node_selector_key: openstack-control-plane @@ -57,3 +70,41 @@ labels: network: port: 6379 + +dependencies: + redis: + services: null + image_repo_sync: + services: + - service: local_image_registry + endpoint: internal + +conditional_dependencies: + local_image_registry: + jobs: + - redis-image-repo-sync + services: + - service: local_image_registry + endpoint: node + +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + +manifests: + configmap_bin: true + deployment: true + job_image_repo_sync: true + rbac_entrypoint: true + service: true diff --git a/registry/templates/configmap-etc.yaml b/registry/templates/configmap-etc.yaml index 839da4a1c..fe6ee325a 100644 --- a/registry/templates/configmap-etc.yaml +++ b/registry/templates/configmap-etc.yaml @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.configmap_bin }} +{{- if .Values.manifests.configmap_etc }} {{- $envAll := . }} {{- if empty .Values.conf.registry.http.addr -}} diff --git a/registry/templates/daemonset-registry-proxy.yaml b/registry/templates/daemonset-registry-proxy.yaml index 5af130cc0..f90238f10 100644 --- a/registry/templates/daemonset-registry-proxy.yaml +++ b/registry/templates/daemonset-registry-proxy.yaml @@ -16,7 +16,11 @@ limitations under the License. {{- if .Values.manifests.daemonset_registry_proxy }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.registry_proxy }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.registry_proxy .Values.conditional_dependencies.local_image_registry) -}} +{{- else -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.registry_proxy -}} +{{- end -}} --- apiVersion: extensions/v1beta1 kind: DaemonSet @@ -36,7 +40,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet hostNetwork: true initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: registry-proxy {{ tuple $envAll "registry_proxy" | include "helm-toolkit.snippets.image" | indent 8 }} @@ -53,6 +57,7 @@ spec: subPath: default.conf readOnly: true volumes: +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} - name: registry-bin configMap: name: registry-bin @@ -61,5 +66,4 @@ spec: configMap: name: registry-etc defaultMode: 0444 -{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} {{- end }} diff --git a/registry/templates/deployment-registry.yaml b/registry/templates/deployment-registry.yaml index 20bab7b0c..574c5db0e 100644 --- a/registry/templates/deployment-registry.yaml +++ b/registry/templates/deployment-registry.yaml @@ -16,7 +16,11 @@ limitations under the License. {{- if .Values.manifests.deployment_registry }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.registry }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.registry .Values.conditional_dependencies.local_image_registry) -}} +{{- else -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.registry -}} +{{- end -}} --- apiVersion: apps/v1beta1 kind: Deployment @@ -38,7 +42,7 @@ spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: registry {{ tuple $envAll "registry" | include "helm-toolkit.snippets.image" | indent 10 }} @@ -60,6 +64,7 @@ spec: - name: docker-images mountPath: {{ .Values.conf.registry.storage.filesystem.rootdirectory }} volumes: +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} - name: registry-bin configMap: name: registry-bin @@ -71,5 +76,4 @@ spec: - name: docker-images persistentVolumeClaim: claimName: docker-images -{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} {{- end }} diff --git a/registry/templates/job-bootstrap.yaml b/registry/templates/job-bootstrap.yaml index 64cfddd13..f2548302d 100644 --- a/registry/templates/job-bootstrap.yaml +++ b/registry/templates/job-bootstrap.yaml @@ -17,7 +17,11 @@ limitations under the License. {{- if .Values.manifests.job_bootstrap }} {{- $envAll := . }} {{- if .Values.bootstrap.enabled }} -{{- $dependencies := .Values.dependencies.bootstrap }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.bootstrap .Values.conditional_dependencies.local_image_registry) -}} +{{- else -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.bootstrap -}} +{{- end -}} --- apiVersion: batch/v1 kind: Job @@ -33,7 +37,7 @@ spec: nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: docker-bootstrap {{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.image" | indent 10 }} @@ -53,6 +57,7 @@ spec: - name: docker-socket mountPath: /var/run/docker.sock volumes: +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} - name: registry-bin configMap: name: registry-bin @@ -60,6 +65,5 @@ spec: - name: docker-socket hostPath: path: /var/run/docker.sock -{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} {{- end }} {{- end }} diff --git a/registry/templates/rbac-entrypoint.yaml b/registry/templates/rbac-entrypoint.yaml index c05fe8889..311712ea9 100644 --- a/registry/templates/rbac-entrypoint.yaml +++ b/registry/templates/rbac-entrypoint.yaml @@ -14,4 +14,6 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.rbac_entrypoint }} {{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_rbac"}} +{{- end }} diff --git a/registry/values.yaml b/registry/values.yaml index ff7637710..403fb95ee 100644 --- a/registry/values.yaml +++ b/registry/values.yaml @@ -30,8 +30,10 @@ images: bootstrap: docker.io/docker:17.07.0 dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 pull_policy: "IfNotPresent" - registry: - prefix: null + local_registry: + active: false + exclude: + - dep_check volume: class_name: general @@ -115,7 +117,7 @@ bootstrap: script: docker info preload_images: - - gcr.io/google_containers/ubuntu-slim:0.14 + - quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 dependencies: registry: @@ -135,16 +137,27 @@ dependencies: endpoints: cluster_domain_suffix: cluster.local - docker_registry: + local_image_registry: name: docker-registry + namespace: docker-registry hosts: - default: docker-registry + default: localhost + internal: docker-registry + node: localhost host_fqdn_override: default: null - path: + port: + registry: + default: 5000 + docker_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: default: null - scheme: - default: http port: registry: default: 5000 @@ -160,8 +173,11 @@ endpoints: manifests: configmap_bin: true + configmap_etc: true daemonset_registry_proxy: true deployment_registry: true job_bootstrap: true + job_image_repo_sync: true pvc_images: true + rbac_entrypoint: true service_registry: true diff --git a/tiller/templates/clusterrolebinding-tiller.yaml b/tiller/templates/clusterrolebinding-tiller.yaml index aa33c61c8..fe05590bf 100644 --- a/tiller/templates/clusterrolebinding-tiller.yaml +++ b/tiller/templates/clusterrolebinding-tiller.yaml @@ -14,6 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.clusterrolebinding_tiller }} {{- $envAll := . }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -28,3 +29,4 @@ subjects: - kind: ServiceAccount name: tiller namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/tiller/templates/configmap-bin.yaml b/tiller/templates/configmap-bin.yaml new file mode 100644 index 000000000..540a978e9 --- /dev/null +++ b/tiller/templates/configmap-bin.yaml @@ -0,0 +1,27 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: tiller-bin +data: + image-repo-sync.sh: |+ +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} diff --git a/tiller/templates/deployment-tiller.yaml b/tiller/templates/deployment-tiller.yaml index 366751837..5262e24c7 100644 --- a/tiller/templates/deployment-tiller.yaml +++ b/tiller/templates/deployment-tiller.yaml @@ -14,7 +14,13 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.deployment_tiller }} {{- $envAll := . }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.tiller .Values.conditional_dependencies.local_image_registry) -}} +{{- else -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.tiller -}} +{{- end -}} --- apiVersion: extensions/v1beta1 kind: Deployment @@ -40,6 +46,8 @@ spec: app: helm name: tiller spec: + initContainers: +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - env: - name: TILLER_NAMESPACE @@ -82,3 +90,6 @@ spec: serviceAccount: tiller serviceAccountName: tiller terminationGracePeriodSeconds: 30 + volumes: +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} +{{- end }} diff --git a/tiller/templates/job-image-repo-sync.yaml b/tiller/templates/job-image-repo-sync.yaml new file mode 100644 index 000000000..20faec96c --- /dev/null +++ b/tiller/templates/job-image-repo-sync.yaml @@ -0,0 +1,65 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_image_repo_sync }} +{{- $envAll := . }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.image_repo_sync -}} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: tiller-image-repo-sync +spec: + template: + metadata: + labels: +{{ tuple $envAll "tiller" "image-repo-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: image-repo-sync +{{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.image_repo_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: LOCAL_REPO + value: "{{ tuple "local_image_registry" "node" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}:{{ tuple "local_image_registry" "node" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}" + - name: IMAGE_SYNC_LIST + value: "{{ include "helm-toolkit.utils.image_sync_list" . }}" + command: + - /tmp/image-repo-sync.sh + volumeMounts: + - name: tiller-bin + mountPath: /tmp/image-repo-sync.sh + subPath: image-repo-sync.sh + readOnly: true + - name: docker-socket + mountPath: /var/run/docker.sock + volumes: + - name: tiller-bin + configMap: + name: tiller-bin + defaultMode: 0555 + - name: docker-socket + hostPath: + path: /var/run/docker.sock +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} +{{- end }} +{{- end }} diff --git a/tiller/templates/rbac-entrypoint.yaml b/tiller/templates/rbac-entrypoint.yaml new file mode 100644 index 000000000..311712ea9 --- /dev/null +++ b/tiller/templates/rbac-entrypoint.yaml @@ -0,0 +1,19 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.rbac_entrypoint }} +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_rbac"}} +{{- end }} diff --git a/tiller/templates/service-tiller-deploy.yaml b/tiller/templates/service-tiller-deploy.yaml index 191ecceff..86ccf28d9 100644 --- a/tiller/templates/service-tiller-deploy.yaml +++ b/tiller/templates/service-tiller-deploy.yaml @@ -14,6 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.service_tiller_deploy }} {{- $envAll := . }} --- apiVersion: v1 @@ -34,3 +35,4 @@ spec: name: tiller sessionAffinity: None type: ClusterIP +{{- end }} diff --git a/tiller/templates/serviceaccount-tiller.yaml b/tiller/templates/serviceaccount-tiller.yaml index 4e0993314..d69975a31 100644 --- a/tiller/templates/serviceaccount-tiller.yaml +++ b/tiller/templates/serviceaccount-tiller.yaml @@ -14,9 +14,11 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.serviceaccount_tiller }} {{- $envAll := . }} --- apiVersion: v1 kind: ServiceAccount metadata: name: tiller +{{- end }} diff --git a/tiller/values.yaml b/tiller/values.yaml index c34aa330f..38a79b967 100644 --- a/tiller/values.yaml +++ b/tiller/values.yaml @@ -26,6 +26,63 @@ release_group: null images: tags: tiller: gcr.io/kubernetes-helm/tiller:v2.7.0-rc1 - pull_policy: "IfNotPresent" - registry: - prefix: null + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + image_repo_sync: docker.io/docker:17.07.0 + pull_policy: IfNotPresent + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +pod: + resources: + enabled: false + jobs: + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +dependencies: + tiller: + services: null + image_repo_sync: + services: + - service: local_image_registry + endpoint: internal + +conditional_dependencies: + local_image_registry: + jobs: + - tiller-image-repo-sync + services: + - service: local_image_registry + endpoint: node + +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + +manifests: + clusterrolebinding_tiller: true + configmap_bin: true + deployment_tiller: true + job_image_repo_sync: true + rbac_entrypoint: true + service_tiller_deploy: true + serviceaccount_tiller: true diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml b/tools/gate/playbooks/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml index e04a2e375..7738af531 100644 --- a/tools/gate/playbooks/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml +++ b/tools/gate/playbooks/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml @@ -13,20 +13,7 @@ # This set of tasks creates over-rides that need to be generated dyamicly and # injected at runtime. -- name: Ensure docker python packages deployed - include_role: - name: deploy-package - tasks_from: pip - vars: - packages: - - yq - - name: setup directorys on host file: path: "{{ work_dir }}/tools/gate/local-overrides/" state: directory - -- name: generate overides for bootstrap-registry-registry release - shell: "./tools/image-repo-overides.sh > ./tools/gate/local-overrides/bootstrap-registry-registry.yaml" - args: - chdir: "{{ work_dir }}" diff --git a/tools/gate/playbooks/vars.yaml b/tools/gate/playbooks/vars.yaml index 56090fb9a..21f783628 100644 --- a/tools/gate/playbooks/vars.yaml +++ b/tools/gate/playbooks/vars.yaml @@ -50,18 +50,18 @@ nodes: value: enabled chart_groups: - - name: bootstrap_registry + - name: docker_registry timeout: 600 charts: - - bootstrap_registry_nfs_provisioner - - bootstrap_registry_redis - - bootstrap_registry_registry + - docker_registry_nfs_provisioner + - docker_registry_redis + - docker_registry charts: - bootstrap_registry_nfs_provisioner: + docker_registry_nfs_provisioner: chart_name: nfs-provisioner - release: bootstrap-registry-nfs-provisioner - namespace: bootstrap-registry + release: docker-registry-nfs-provisioner + namespace: docker-registry upgrade: pre: delete: @@ -77,19 +77,19 @@ charts: storageclass: name: openstack-helm-bootstrap - bootstrap_registry_redis: + docker_registry_redis: chart_name: redis - release: bootstrap-registry-redis - namespace: bootstrap-registry + release: docker-registry-redis + namespace: docker-registry values: labels: node_selector_key: openstack-helm-node-class node_selector_value: primary - bootstrap_registry_registry: + docker_registry: chart_name: registry - release: bootstrap-registry-registry - namespace: bootstrap-registry + release: docker-registry + namespace: docker-registry values: labels: node_selector_key: openstack-helm-node-class diff --git a/tools/gate/playbooks/zuul-pre.yaml b/tools/gate/playbooks/zuul-pre.yaml index c303baf9f..4d8875ead 100644 --- a/tools/gate/playbooks/zuul-pre.yaml +++ b/tools/gate/playbooks/zuul-pre.yaml @@ -59,8 +59,17 @@ gather_facts: False become: yes roles: - - pull-images - build-images tags: - - pull-images - build-images + +- hosts: primary + vars_files: + - vars.yaml + vars: + work_dir: "{{ zuul.project.src_dir }}" + gather_facts: True + roles: + - pull-images + tags: + - pull-images