From 8c9f70401ad5f55976a5f179afc657ac8094465b Mon Sep 17 00:00:00 2001 From: intlabs Date: Tue, 24 Oct 2017 20:57:48 -0500 Subject: [PATCH] Helm-Toolkit: Import into infra repo from primary This PS imports helm-toolkit into the Helm Infra repo Change-Id: Ife3451f9af5a40dbd5aa2414fc6226b26f81ede1 --- calico/requirements.yaml | 18 ++ .../clusterrole-calico-policy-controller.yaml | 4 +- .../clusterrolebinding-calico-cni-plugin.yaml | 6 +- ...rrolebinding-calico-policy-controller.yaml | 6 +- calico/templates/daemonset-calico-etcd.yaml | 2 + calico/templates/daemonset-calico-node.yaml | 15 +- .../deployment-calico-policy-controller.yaml | 2 + calico/templates/service-calico-etcd.yaml | 2 + flannel/requirements.yaml | 18 ++ .../templates/daemonset-kube-flannel-ds.yaml | 62 +++-- helm-toolkit/.gitignore | 3 + helm-toolkit/.helmignore | 27 ++ helm-toolkit/Chart.yaml | 18 ++ helm-toolkit/Makefile | 21 ++ helm-toolkit/requirements.yaml | 15 + .../_authenticated_endpoint_uri_lookup.tpl | 48 ++++ .../endpoints/_endpoint_port_lookup.tpl | 37 +++ .../_host_and_port_endpoint_uri_lookup.tpl | 43 +++ .../_hostname_fqdn_endpoint_lookup.tpl | 38 +++ .../_hostname_namespaced_endpoint_lookup.tpl | 37 +++ .../_hostname_short_endpoint_lookup.tpl | 35 +++ .../_keystone_endpoint_name_lookup.tpl | 29 ++ .../_keystone_endpoint_path_lookup.tpl | 33 +++ .../_keystone_endpoint_uri_lookup.tpl | 41 +++ .../templates/scripts/_db-drop.py.tpl | 132 +++++++++ .../templates/scripts/_db-init.py.tpl | 144 ++++++++++ .../templates/scripts/_ks-domain-user.sh.tpl | 74 +++++ .../templates/scripts/_ks-endpoints.sh.tpl | 81 ++++++ .../templates/scripts/_ks-service.sh.tpl | 53 ++++ .../templates/scripts/_ks-user.sh.tpl | 104 +++++++ .../templates/scripts/_rally_test.sh.tpl | 37 +++ .../snippets/_keystone_openrc_env_vars.tpl | 56 ++++ .../snippets/_keystone_secret_openrc.tpl | 29 ++ .../_keystone_user_create_env_vars.tpl | 49 ++++ .../_kubernetes_entrypoint_init_container.tpl | 50 ++++ .../snippets/_kubernetes_kubectl_params.tpl | 22 ++ .../snippets/_kubernetes_metadata_labels.tpl | 24 ++ .../_kubernetes_pod_anti_affinity.tpl | 42 +++ .../snippets/_kubernetes_resources.tpl | 29 ++ .../_kubernetes_upgrades_daemonset.tpl | 35 +++ .../_kubernetes_upgrades_deployment.tpl | 29 ++ .../utils/_comma_joined_hostname_list.tpl | 21 ++ .../templates/utils/_configmap_templater.tpl | 32 +++ helm-toolkit/templates/utils/_hash.tpl | 23 ++ .../templates/utils/_joinListWithComma.tpl | 20 ++ helm-toolkit/templates/utils/_template.tpl | 23 ++ helm-toolkit/templates/utils/_to_ini.tpl | 30 ++ .../templates/utils/_to_oslo_conf.tpl | 36 +++ helm-toolkit/values.yaml | 26 ++ kube-dns/requirements.yaml | 18 ++ kube-dns/templates/deployment-kube-dns.yaml | 256 +++++++++--------- kube-dns/templates/service-kube-dns.yaml | 22 +- tools/gate/devel/local-vars.yaml | 2 +- .../build-helm-packages/tasks/main.yaml | 18 ++ .../tasks/setup-helm-serve.yaml | 62 +++++ tools/gate/playbooks/zuul-pre.yaml | 11 + 56 files changed, 1968 insertions(+), 182 deletions(-) create mode 100644 calico/requirements.yaml create mode 100644 flannel/requirements.yaml create mode 100644 helm-toolkit/.gitignore create mode 100644 helm-toolkit/.helmignore create mode 100644 helm-toolkit/Chart.yaml create mode 100644 helm-toolkit/Makefile create mode 100644 helm-toolkit/requirements.yaml create mode 100644 helm-toolkit/templates/endpoints/_authenticated_endpoint_uri_lookup.tpl create mode 100644 helm-toolkit/templates/endpoints/_endpoint_port_lookup.tpl create mode 100644 helm-toolkit/templates/endpoints/_host_and_port_endpoint_uri_lookup.tpl create mode 100644 helm-toolkit/templates/endpoints/_hostname_fqdn_endpoint_lookup.tpl create mode 100644 helm-toolkit/templates/endpoints/_hostname_namespaced_endpoint_lookup.tpl create mode 100644 helm-toolkit/templates/endpoints/_hostname_short_endpoint_lookup.tpl create mode 100644 helm-toolkit/templates/endpoints/_keystone_endpoint_name_lookup.tpl create mode 100644 helm-toolkit/templates/endpoints/_keystone_endpoint_path_lookup.tpl create mode 100644 helm-toolkit/templates/endpoints/_keystone_endpoint_uri_lookup.tpl create mode 100644 helm-toolkit/templates/scripts/_db-drop.py.tpl create mode 100644 helm-toolkit/templates/scripts/_db-init.py.tpl create mode 100644 helm-toolkit/templates/scripts/_ks-domain-user.sh.tpl create mode 100755 helm-toolkit/templates/scripts/_ks-endpoints.sh.tpl create mode 100644 helm-toolkit/templates/scripts/_ks-service.sh.tpl create mode 100644 helm-toolkit/templates/scripts/_ks-user.sh.tpl create mode 100644 helm-toolkit/templates/scripts/_rally_test.sh.tpl create mode 100644 helm-toolkit/templates/snippets/_keystone_openrc_env_vars.tpl create mode 100644 helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl create mode 100644 helm-toolkit/templates/snippets/_keystone_user_create_env_vars.tpl create mode 100644 helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl create mode 100644 helm-toolkit/templates/snippets/_kubernetes_kubectl_params.tpl create mode 100644 helm-toolkit/templates/snippets/_kubernetes_metadata_labels.tpl create mode 100644 helm-toolkit/templates/snippets/_kubernetes_pod_anti_affinity.tpl create mode 100644 helm-toolkit/templates/snippets/_kubernetes_resources.tpl create mode 100644 helm-toolkit/templates/snippets/_kubernetes_upgrades_daemonset.tpl create mode 100644 helm-toolkit/templates/snippets/_kubernetes_upgrades_deployment.tpl create mode 100644 helm-toolkit/templates/utils/_comma_joined_hostname_list.tpl create mode 100644 helm-toolkit/templates/utils/_configmap_templater.tpl create mode 100644 helm-toolkit/templates/utils/_hash.tpl create mode 100644 helm-toolkit/templates/utils/_joinListWithComma.tpl create mode 100644 helm-toolkit/templates/utils/_template.tpl create mode 100644 helm-toolkit/templates/utils/_to_ini.tpl create mode 100644 helm-toolkit/templates/utils/_to_oslo_conf.tpl create mode 100644 helm-toolkit/values.yaml create mode 100644 kube-dns/requirements.yaml create mode 100644 tools/gate/playbooks/build-helm-packages/tasks/main.yaml create mode 100644 tools/gate/playbooks/build-helm-packages/tasks/setup-helm-serve.yaml diff --git a/calico/requirements.yaml b/calico/requirements.yaml new file mode 100644 index 000000000..53782e69b --- /dev/null +++ b/calico/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/calico/templates/clusterrole-calico-policy-controller.yaml b/calico/templates/clusterrole-calico-policy-controller.yaml index f43f2fdd2..8a9724f64 100644 --- a/calico/templates/clusterrole-calico-policy-controller.yaml +++ b/calico/templates/clusterrole-calico-policy-controller.yaml @@ -22,8 +22,8 @@ metadata: name: calico-policy-controller rules: - apiGroups: - - "" - - extensions + - "" + - extensions resources: - pods - namespaces diff --git a/calico/templates/clusterrolebinding-calico-cni-plugin.yaml b/calico/templates/clusterrolebinding-calico-cni-plugin.yaml index a22971bd6..3fbe6850a 100644 --- a/calico/templates/clusterrolebinding-calico-cni-plugin.yaml +++ b/calico/templates/clusterrolebinding-calico-cni-plugin.yaml @@ -25,6 +25,6 @@ roleRef: kind: ClusterRole name: calico-cni-plugin subjects: -- kind: ServiceAccount - name: calico-cni-plugin - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: calico-cni-plugin + namespace: {{ .Release.Namespace }} diff --git a/calico/templates/clusterrolebinding-calico-policy-controller.yaml b/calico/templates/clusterrolebinding-calico-policy-controller.yaml index eac2437d8..ac65ba95a 100644 --- a/calico/templates/clusterrolebinding-calico-policy-controller.yaml +++ b/calico/templates/clusterrolebinding-calico-policy-controller.yaml @@ -25,6 +25,6 @@ roleRef: kind: ClusterRole name: calico-policy-controller subjects: -- kind: ServiceAccount - name: calico-policy-controller - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: calico-policy-controller + namespace: {{ .Release.Namespace }} diff --git a/calico/templates/daemonset-calico-etcd.yaml b/calico/templates/daemonset-calico-etcd.yaml index e9a8d81d1..4b2b83533 100644 --- a/calico/templates/daemonset-calico-etcd.yaml +++ b/calico/templates/daemonset-calico-etcd.yaml @@ -25,11 +25,13 @@ metadata: name: calico-etcd labels: k8s-app: calico-etcd +{{ tuple $envAll "calico" "etcd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} spec: template: metadata: labels: k8s-app: calico-etcd +{{ tuple $envAll "calico" "etcd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} annotations: # Mark this pod as a critical add-on; when enabled, the critical add-on scheduler # reserves resources for critical add-on pods so that they can be rescheduled after diff --git a/calico/templates/daemonset-calico-node.yaml b/calico/templates/daemonset-calico-node.yaml index 094c8f33f..b37ec04d6 100644 --- a/calico/templates/daemonset-calico-node.yaml +++ b/calico/templates/daemonset-calico-node.yaml @@ -26,14 +26,17 @@ metadata: namespace: kube-system labels: k8s-app: calico-node +{{ tuple $envAll "calico" "node" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} spec: selector: matchLabels: k8s-app: calico-node +{{ tuple $envAll "calico" "node" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} template: metadata: labels: k8s-app: calico-node +{{ tuple $envAll "calico" "node" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} annotations: # Mark this pod as a critical add-on; when enabled, the critical add-on scheduler # reserves resources for critical add-on pods so that they can be rescheduled after @@ -42,12 +45,12 @@ spec: spec: hostNetwork: true tolerations: - - key: node-role.kubernetes.io/master - effect: NoSchedule - # Allow this pod to be rescheduled while the node is in "critical add-ons only" mode. - # This, along with the annotation above marks this pod as a critical add-on. - - key: CriticalAddonsOnly - operator: Exists + - key: node-role.kubernetes.io/master + effect: NoSchedule + # Allow this pod to be rescheduled while the node is in "critical add-ons only" mode. + # This, along with the annotation above marks this pod as a critical add-on. + - key: CriticalAddonsOnly + operator: Exists serviceAccountName: calico-cni-plugin containers: # Runs calico/node container on each Kubernetes node. This diff --git a/calico/templates/deployment-calico-policy-controller.yaml b/calico/templates/deployment-calico-policy-controller.yaml index d00bb82ed..4280690c1 100644 --- a/calico/templates/deployment-calico-policy-controller.yaml +++ b/calico/templates/deployment-calico-policy-controller.yaml @@ -24,6 +24,7 @@ metadata: name: calico-policy-controller labels: k8s-app: calico-policy +{{ tuple $envAll "calico" "policy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} spec: # The policy controller can only have a single active instance. replicas: 1 @@ -34,6 +35,7 @@ spec: name: calico-policy-controller labels: k8s-app: calico-policy-controller +{{ tuple $envAll "calico" "policy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} annotations: # Mark this pod as a critical add-on; when enabled, the critical add-on scheduler # reserves resources for critical add-on pods so that they can be rescheduled after diff --git a/calico/templates/service-calico-etcd.yaml b/calico/templates/service-calico-etcd.yaml index 2e2879c56..f0aa97b16 100644 --- a/calico/templates/service-calico-etcd.yaml +++ b/calico/templates/service-calico-etcd.yaml @@ -23,11 +23,13 @@ kind: Service metadata: labels: k8s-app: calico-etcd +{{ tuple $envAll "calico" "etcd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} name: calico-etcd spec: # Select the calico-etcd pod running on the master. selector: k8s-app: calico-etcd +{{ tuple $envAll "calico" "etcd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} # This ClusterIP needs to be known in advance, since we cannot rely # on DNS to get access to etcd. clusterIP: 10.96.232.136 diff --git a/flannel/requirements.yaml b/flannel/requirements.yaml new file mode 100644 index 000000000..53782e69b --- /dev/null +++ b/flannel/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/flannel/templates/daemonset-kube-flannel-ds.yaml b/flannel/templates/daemonset-kube-flannel-ds.yaml index 07ffc3dc7..192185acd 100644 --- a/flannel/templates/daemonset-kube-flannel-ds.yaml +++ b/flannel/templates/daemonset-kube-flannel-ds.yaml @@ -23,49 +23,51 @@ metadata: labels: tier: node app: flannel +{{ tuple $envAll "flannel" "node" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} spec: template: metadata: labels: tier: node app: flannel +{{ tuple $envAll "flannel" "node" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} spec: hostNetwork: true nodeSelector: beta.kubernetes.io/arch: amd64 tolerations: - - key: node-role.kubernetes.io/master - operator: Exists - effect: NoSchedule + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule serviceAccountName: flannel containers: - - name: kube-flannel - image: {{ .Values.images.tags.flannel }} - command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr" ] - securityContext: - privileged: true - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: run - mountPath: /run - - name: flannel-cfg - mountPath: /etc/kube-flannel/ - - name: install-cni - image: {{ .Values.images.tags.flannel }} - command: [ "/bin/sh", "-c", "set -e -x; cp -f /etc/kube-flannel/cni-conf.json /etc/cni/net.d/10-flannel.conf; while true; do sleep 3600; done" ] - volumeMounts: - - name: cni - mountPath: /etc/cni/net.d - - name: flannel-cfg - mountPath: /etc/kube-flannel/ + - name: kube-flannel + image: {{ .Values.images.tags.flannel }} + command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr" ] + securityContext: + privileged: true + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: run + mountPath: /run + - name: flannel-cfg + mountPath: /etc/kube-flannel/ + - name: install-cni + image: {{ .Values.images.tags.flannel }} + command: [ "/bin/sh", "-c", "set -e -x; cp -f /etc/kube-flannel/cni-conf.json /etc/cni/net.d/10-flannel.conf; while true; do sleep 3600; done" ] + volumeMounts: + - name: cni + mountPath: /etc/cni/net.d + - name: flannel-cfg + mountPath: /etc/kube-flannel/ volumes: - name: run hostPath: diff --git a/helm-toolkit/.gitignore b/helm-toolkit/.gitignore new file mode 100644 index 000000000..e1bd7e85a --- /dev/null +++ b/helm-toolkit/.gitignore @@ -0,0 +1,3 @@ +secrets/* +!secrets/.gitkeep +templates/_secrets.tpl diff --git a/helm-toolkit/.helmignore b/helm-toolkit/.helmignore new file mode 100644 index 000000000..e8ef5ffab --- /dev/null +++ b/helm-toolkit/.helmignore @@ -0,0 +1,27 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj + +bin/ +etc/ +patches/ +*.py +Makefile diff --git a/helm-toolkit/Chart.yaml b/helm-toolkit/Chart.yaml new file mode 100644 index 000000000..4e81afaa5 --- /dev/null +++ b/helm-toolkit/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: OpenStack-Helm Helm-Toolkit +name: helm-toolkit +version: 0.1.0 diff --git a/helm-toolkit/Makefile b/helm-toolkit/Makefile new file mode 100644 index 000000000..9662e57a8 --- /dev/null +++ b/helm-toolkit/Makefile @@ -0,0 +1,21 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +EXCLUDE := templates/* charts/* Chart.yaml requirement* values.yaml Makefile utils/* helm-toolkit/Chart.yaml +SECRETS := $(shell find secrets -type f $(foreach e,$(EXCLUDE), -not -path "$(e)") ) + +templates/_secrets.tpl: Makefile $(SECRETS) + echo Generating $(CURDIR)/$@ + rm -f $@ + for i in $(SECRETS); do printf '{{ define "'$$i'" }}' >> $@; cat $$i >> $@; printf "{{ end }}\n" >> $@; done diff --git a/helm-toolkit/requirements.yaml b/helm-toolkit/requirements.yaml new file mode 100644 index 000000000..7a4ed34ee --- /dev/null +++ b/helm-toolkit/requirements.yaml @@ -0,0 +1,15 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: [] diff --git a/helm-toolkit/templates/endpoints/_authenticated_endpoint_uri_lookup.tpl b/helm-toolkit/templates/endpoints/_authenticated_endpoint_uri_lookup.tpl new file mode 100644 index 000000000..2065551f8 --- /dev/null +++ b/helm-toolkit/templates/endpoints/_authenticated_endpoint_uri_lookup.tpl @@ -0,0 +1,48 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function helps resolve database style endpoints: +# +# Presuming that .Values contains an endpoint: definition for 'neutron-db' with the +# appropriate attributes, a call such as: +# { tuple "neutron-db" "internal" "userClass" "portName" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" } +# where portName is optional if a default port has been defined in .Values +# returns: mysql+pymysql://username:password@internal_host:3306/dbname + +{{- define "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}} +{{- $type := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $userclass := index . 2 -}} +{{- $port := index . 3 -}} +{{- $context := index . 4 -}} +{{- $typeYamlSafe := $type | replace "-" "_" }} +{{- $endpointMap := index $context.Values.endpoints $typeYamlSafe }} +{{- $userMap := index $endpointMap.auth $userclass }} +{{- $clusterSuffix := printf "%s.%s" "svc" $context.Values.endpoints.cluster_domain_suffix }} +{{- with $endpointMap -}} +{{- $namespace := .namespace | default $context.Release.Namespace }} +{{- $endpointScheme := .scheme }} +{{- $endpointUser := index $userMap "username" }} +{{- $endpointPass := index $userMap "password" }} +{{- $endpointHost := index .hosts $endpoint | default .hosts.default}} +{{- $endpointPortMAP := index .port $port }} +{{- $endpointPort := index $endpointPortMAP $endpoint | default (index $endpointPortMAP "default") }} +{{- $endpointPath := .path | default "" }} +{{- $endpointClusterHostname := printf "%s.%s.%s" $endpointHost $namespace $clusterSuffix }} +{{- $endpointHostname := index .host_fqdn_override $endpoint | default .host_fqdn_override.default | default $endpointClusterHostname }} +{{- printf "%s://%s:%s@%s:%1.f%s" $endpointScheme $endpointUser $endpointPass $endpointHostname $endpointPort $endpointPath -}} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/endpoints/_endpoint_port_lookup.tpl b/helm-toolkit/templates/endpoints/_endpoint_port_lookup.tpl new file mode 100644 index 000000000..26c476839 --- /dev/null +++ b/helm-toolkit/templates/endpoints/_endpoint_port_lookup.tpl @@ -0,0 +1,37 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function returns hostnames from endpoint definitions for use cases +# where the uri style return is not appropriate, and only the hostname +# portion is used or relevant in the template: +# { tuple "memcache" "internal" "portName" . | include "helm-toolkit.endpoints.endpoint_port_lookup" } +# returns: internal_host:port +# +# Output that requires the port aspect striped could simply split the output based on ':' + +{{- define "helm-toolkit.endpoints.endpoint_port_lookup" -}} +{{- $type := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $port := index . 2 -}} +{{- $context := index . 3 -}} +{{- $typeYamlSafe := $type | replace "-" "_" }} +{{- $endpointMap := index $context.Values.endpoints $typeYamlSafe }} +{{- with $endpointMap -}} +{{- $endpointPortMAP := index .port $port }} +{{- $endpointPort := index $endpointPortMAP $endpoint | default (index $endpointPortMAP "default") }} +{{- printf "%1.f" $endpointPort -}} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/endpoints/_host_and_port_endpoint_uri_lookup.tpl b/helm-toolkit/templates/endpoints/_host_and_port_endpoint_uri_lookup.tpl new file mode 100644 index 000000000..fc0beb72a --- /dev/null +++ b/helm-toolkit/templates/endpoints/_host_and_port_endpoint_uri_lookup.tpl @@ -0,0 +1,43 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function returns hostnames from endpoint definitions for use cases +# where the uri style return is not appropriate, and only the hostname +# portion is used or relevant in the template: +# { tuple "memcache" "internal" "portName" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" } +# returns: internal_host:port +# +# Output that requires the port aspect striped could simply split the output based on ':' + +{{- define "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" -}} +{{- $type := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $port := index . 2 -}} +{{- $context := index . 3 -}} +{{- $typeYamlSafe := $type | replace "-" "_" }} +{{- $clusterSuffix := printf "%s.%s" "svc" $context.Values.endpoints.cluster_domain_suffix }} +{{- $endpointMap := index $context.Values.endpoints $typeYamlSafe }} +{{- with $endpointMap -}} +{{- $namespace := .namespace | default $context.Release.Namespace }} +{{- $endpointScheme := .scheme }} +{{- $endpointHost := index .hosts $endpoint | default .hosts.default }} +{{- $endpointPortMAP := index .port $port }} +{{- $endpointPort := index $endpointPortMAP $endpoint | default (index $endpointPortMAP "default") }} +{{- $endpointClusterHostname := printf "%s.%s.%s" $endpointHost $namespace $clusterSuffix }} +{{- $endpointHostname := index .host_fqdn_override $endpoint | default .host_fqdn_override.default | default $endpointClusterHostname }} +{{- printf "%s:%1.f" $endpointHostname $endpointPort -}} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/endpoints/_hostname_fqdn_endpoint_lookup.tpl b/helm-toolkit/templates/endpoints/_hostname_fqdn_endpoint_lookup.tpl new file mode 100644 index 000000000..20a1cff86 --- /dev/null +++ b/helm-toolkit/templates/endpoints/_hostname_fqdn_endpoint_lookup.tpl @@ -0,0 +1,38 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function returns hostnames from endpoint definitions for use cases +# where the uri style return is not appropriate, and only the hostname +# portion is used or relevant in the template: +# { tuple "memcache" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" } +# returns: internal_host_fqdn + +{{- define "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" -}} +{{- $type := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $context := index . 2 -}} +{{- $typeYamlSafe := $type | replace "-" "_" }} +{{- $clusterSuffix := printf "%s.%s" "svc" $context.Values.endpoints.cluster_domain_suffix }} +{{- $endpointMap := index $context.Values.endpoints $typeYamlSafe }} +{{- with $endpointMap -}} +{{- $namespace := .namespace | default $context.Release.Namespace }} +{{- $endpointScheme := .scheme }} +{{- $endpointHost := index .hosts $endpoint | default .hosts.default }} +{{- $endpointClusterHostname := printf "%s.%s.%s" $endpointHost $namespace $clusterSuffix }} +{{- $endpointHostname := index .host_fqdn_override $endpoint | default .host_fqdn_override.default | default $endpointClusterHostname }} +{{- printf "%s" $endpointHostname -}} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/endpoints/_hostname_namespaced_endpoint_lookup.tpl b/helm-toolkit/templates/endpoints/_hostname_namespaced_endpoint_lookup.tpl new file mode 100644 index 000000000..b3f234d3f --- /dev/null +++ b/helm-toolkit/templates/endpoints/_hostname_namespaced_endpoint_lookup.tpl @@ -0,0 +1,37 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function returns hostnames from endpoint definitions for use cases +# where the uri style return is not appropriate, and only the hostname +# portion is used or relevant in the template: +# { tuple "memcache" "internal" . | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" } +# returns: internal_host_namespaced + +{{- define "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" -}} +{{- $type := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $context := index . 2 -}} +{{- $typeYamlSafe := $type | replace "-" "_" }} +{{- $endpointMap := index $context.Values.endpoints $typeYamlSafe }} +{{- with $endpointMap -}} +{{- $namespace := .namespace | default $context.Release.Namespace }} +{{- $endpointScheme := .scheme }} +{{- $endpointHost := index .hosts $endpoint | default .hosts.default }} +{{- $endpointClusterHostname := printf "%s.%s" $endpointHost $namespace }} +{{- $endpointHostname := index .host_fqdn_override $endpoint | default .host_fqdn_override.default | default $endpointClusterHostname }} +{{- printf "%s" $endpointHostname -}} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/endpoints/_hostname_short_endpoint_lookup.tpl b/helm-toolkit/templates/endpoints/_hostname_short_endpoint_lookup.tpl new file mode 100644 index 000000000..cc1fe8af8 --- /dev/null +++ b/helm-toolkit/templates/endpoints/_hostname_short_endpoint_lookup.tpl @@ -0,0 +1,35 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function returns hostnames from endpoint definitions for use cases +# where the uri style return is not appropriate, and only the short hostname or +# kubernetes servicename is used or relevant in the template: +# { tuple "memcache" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" } +# returns: the short internal hostname, which will also match the service name + +{{- define "helm-toolkit.endpoints.hostname_short_endpoint_lookup" -}} +{{- $type := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $context := index . 2 -}} +{{- $typeYamlSafe := $type | replace "-" "_" }} +{{- $endpointMap := index $context.Values.endpoints $typeYamlSafe }} +{{- with $endpointMap -}} +{{- $endpointScheme := .scheme }} +{{- $endpointHost := index .hosts $endpoint | default .hosts.default}} +{{- $endpointHostname := printf "%s" $endpointHost }} +{{- printf "%s" $endpointHostname -}} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/endpoints/_keystone_endpoint_name_lookup.tpl b/helm-toolkit/templates/endpoints/_keystone_endpoint_name_lookup.tpl new file mode 100644 index 000000000..2f6cf081e --- /dev/null +++ b/helm-toolkit/templates/endpoints/_keystone_endpoint_name_lookup.tpl @@ -0,0 +1,29 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function is used in endpoint management templates +# it returns the service type for an openstack service eg: +# { tuple orchestration . | include "keystone_endpoint_name_lookup" } +# will return "heat" + +{{- define "helm-toolkit.endpoints.keystone_endpoint_name_lookup" -}} +{{- $type := index . 0 -}} +{{- $context := index . 1 -}} +{{- $typeYamlSafe := $type | replace "-" "_" }} +{{- $endpointMap := index $context.Values.endpoints $typeYamlSafe }} +{{- $endpointName := index $endpointMap "name" }} +{{- $endpointName | quote -}} +{{- end -}} diff --git a/helm-toolkit/templates/endpoints/_keystone_endpoint_path_lookup.tpl b/helm-toolkit/templates/endpoints/_keystone_endpoint_path_lookup.tpl new file mode 100644 index 000000000..0945be626 --- /dev/null +++ b/helm-toolkit/templates/endpoints/_keystone_endpoint_path_lookup.tpl @@ -0,0 +1,33 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function returns the path for a service, it takes an tuple +# input in the form: service-type, endpoint-class, port-name. eg: +# { tuple "orchestration" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_path_lookup" } +# will return the appropriate path. + +{{- define "helm-toolkit.endpoints.keystone_endpoint_path_lookup" -}} +{{- $type := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $port := index . 2 -}} +{{- $context := index . 3 -}} +{{- $typeYamlSafe := $type | replace "-" "_" }} +{{- $endpointMap := index $context.Values.endpoints $typeYamlSafe }} +{{- with $endpointMap -}} +{{- $endpointPath := index .path $endpoint | default .path.default | default "/" }} +{{- printf "%s" $endpointPath -}} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/endpoints/_keystone_endpoint_uri_lookup.tpl b/helm-toolkit/templates/endpoints/_keystone_endpoint_uri_lookup.tpl new file mode 100644 index 000000000..25837d168 --- /dev/null +++ b/helm-toolkit/templates/endpoints/_keystone_endpoint_uri_lookup.tpl @@ -0,0 +1,41 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function returns the endpoint uri for a service, it takes an tuple +# input in the form: service-type, endpoint-class, port-name. eg: +# { tuple "orchestration" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" } +# will return the appropriate URI. + +{{- define "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" -}} +{{- $type := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $port := index . 2 -}} +{{- $context := index . 3 -}} +{{- $typeYamlSafe := $type | replace "-" "_" }} +{{- $clusterSuffix := printf "%s.%s" "svc" $context.Values.endpoints.cluster_domain_suffix }} +{{- $endpointMap := index $context.Values.endpoints $typeYamlSafe }} +{{- with $endpointMap -}} +{{- $namespace := $endpointMap.namespace | default $context.Release.Namespace }} +{{- $endpointScheme := index .scheme $endpoint | default .scheme.default }} +{{- $endpointHost := index .hosts $endpoint | default .hosts.default }} +{{- $endpointPortMAP := index .port $port }} +{{- $endpointPort := index $endpointPortMAP $endpoint | default (index $endpointPortMAP "default") }} +{{- $endpointPath := index .path $endpoint | default .path.default | default "/" }} +{{- $endpointClusterHostname := printf "%s.%s.%s" $endpointHost $namespace $clusterSuffix }} +{{- $endpointHostname := index .host_fqdn_override $endpoint | default .host_fqdn_override.default | default $endpointClusterHostname }} +{{- printf "%s://%s:%1.f%s" $endpointScheme $endpointHostname $endpointPort $endpointPath -}} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/scripts/_db-drop.py.tpl b/helm-toolkit/templates/scripts/_db-drop.py.tpl new file mode 100644 index 000000000..2f661bccf --- /dev/null +++ b/helm-toolkit/templates/scripts/_db-drop.py.tpl @@ -0,0 +1,132 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.scripts.db_drop" }} +#!/usr/bin/env python + +# Drops db and user for an OpenStack Service: +# Set ROOT_DB_CONNECTION and DB_CONNECTION environment variables to contain +# SQLAlchemy strings for the root connection to the database and the one you +# wish the service to use. Alternatively, you can use an ini formatted config +# at the location specified by OPENSTACK_CONFIG_FILE, and extract the string +# from the key OPENSTACK_CONFIG_DB_KEY, in the section specified by +# OPENSTACK_CONFIG_DB_SECTION. + +import os +import sys +import ConfigParser +import logging +from sqlalchemy import create_engine + +# Create logger, console handler and formatter +logger = logging.getLogger('OpenStack-Helm DB Drop') +logger.setLevel(logging.DEBUG) +ch = logging.StreamHandler() +ch.setLevel(logging.DEBUG) +formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s') + +# Set the formatter and add the handler +ch.setFormatter(formatter) +logger.addHandler(ch) + + +# Get the connection string for the service db root user +if "ROOT_DB_CONNECTION" in os.environ: + db_connection = os.environ['ROOT_DB_CONNECTION'] + logger.info('Got DB root connection') +else: + logger.critical('environment variable ROOT_DB_CONNECTION not set') + sys.exit(1) + +# Get the connection string for the service db +if "OPENSTACK_CONFIG_FILE" in os.environ: + os_conf = os.environ['OPENSTACK_CONFIG_FILE'] + if "OPENSTACK_CONFIG_DB_SECTION" in os.environ: + os_conf_section = os.environ['OPENSTACK_CONFIG_DB_SECTION'] + else: + logger.critical('environment variable OPENSTACK_CONFIG_DB_SECTION not set') + sys.exit(1) + if "OPENSTACK_CONFIG_DB_KEY" in os.environ: + os_conf_key = os.environ['OPENSTACK_CONFIG_DB_KEY'] + else: + logger.critical('environment variable OPENSTACK_CONFIG_DB_KEY not set') + sys.exit(1) + try: + config = ConfigParser.RawConfigParser() + logger.info("Using {0} as db config source".format(os_conf)) + config.read(os_conf) + logger.info("Trying to load db config from {0}:{1}".format( + os_conf_section, os_conf_key)) + user_db_conn = config.get(os_conf_section, os_conf_key) + logger.info("Got config from {0}".format(os_conf)) + except: + logger.critical("Tried to load config from {0} but failed.".format(os_conf)) + raise +elif "DB_CONNECTION" in os.environ: + user_db_conn = os.environ['DB_CONNECTION'] + logger.info('Got config from DB_CONNECTION env var') +else: + logger.critical('Could not get db config, either from config file or env var') + sys.exit(1) + +# Root DB engine +try: + root_engine_full = create_engine(db_connection) + root_user = root_engine_full.url.username + root_password = root_engine_full.url.password + drivername = root_engine_full.url.drivername + host = root_engine_full.url.host + port = root_engine_full.url.port + root_engine_url = ''.join([drivername, '://', root_user, ':', root_password, '@', host, ':', str (port)]) + root_engine = create_engine(root_engine_url) + connection = root_engine.connect() + connection.close() + logger.info("Tested connection to DB @ {0}:{1} as {2}".format( + host, port, root_user)) +except: + logger.critical('Could not connect to database as root user') + raise + +# User DB engine +try: + user_engine = create_engine(user_db_conn) + # Get our user data out of the user_engine + database = user_engine.url.database + user = user_engine.url.username + password = user_engine.url.password + logger.info('Got user db config') +except: + logger.critical('Could not get user database config') + raise + +# Delete DB +try: + root_engine.execute("DROP DATABASE IF EXISTS {0}".format(database)) + logger.info("Deleted database {0}".format(database)) +except: + logger.critical("Could not drop database {0}".format(database)) + raise + +# Delete DB User +try: + root_engine.execute("DROP USER IF EXISTS {0}".format(user)) + logger.info("Deleted user {0}".format(user)) +except: + logger.critical("Could not delete user {0}".format(user)) + raise + +logger.info('Finished DB Management') +{{- end }} diff --git a/helm-toolkit/templates/scripts/_db-init.py.tpl b/helm-toolkit/templates/scripts/_db-init.py.tpl new file mode 100644 index 000000000..c3a1b6dff --- /dev/null +++ b/helm-toolkit/templates/scripts/_db-init.py.tpl @@ -0,0 +1,144 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.scripts.db_init" }} +#!/usr/bin/env python + +# Creates db and user for an OpenStack Service: +# Set ROOT_DB_CONNECTION and DB_CONNECTION environment variables to contain +# SQLAlchemy strings for the root connection to the database and the one you +# wish the service to use. Alternatively, you can use an ini formatted config +# at the location specified by OPENSTACK_CONFIG_FILE, and extract the string +# from the key OPENSTACK_CONFIG_DB_KEY, in the section specified by +# OPENSTACK_CONFIG_DB_SECTION. + +import os +import sys +import ConfigParser +import logging +from sqlalchemy import create_engine + +# Create logger, console handler and formatter +logger = logging.getLogger('OpenStack-Helm DB Init') +logger.setLevel(logging.DEBUG) +ch = logging.StreamHandler() +ch.setLevel(logging.DEBUG) +formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s') + +# Set the formatter and add the handler +ch.setFormatter(formatter) +logger.addHandler(ch) + + +# Get the connection string for the service db root user +if "ROOT_DB_CONNECTION" in os.environ: + db_connection = os.environ['ROOT_DB_CONNECTION'] + logger.info('Got DB root connection') +else: + logger.critical('environment variable ROOT_DB_CONNECTION not set') + sys.exit(1) + +# Get the connection string for the service db +if "OPENSTACK_CONFIG_FILE" in os.environ: + os_conf = os.environ['OPENSTACK_CONFIG_FILE'] + if "OPENSTACK_CONFIG_DB_SECTION" in os.environ: + os_conf_section = os.environ['OPENSTACK_CONFIG_DB_SECTION'] + else: + logger.critical('environment variable OPENSTACK_CONFIG_DB_SECTION not set') + sys.exit(1) + if "OPENSTACK_CONFIG_DB_KEY" in os.environ: + os_conf_key = os.environ['OPENSTACK_CONFIG_DB_KEY'] + else: + logger.critical('environment variable OPENSTACK_CONFIG_DB_KEY not set') + sys.exit(1) + try: + config = ConfigParser.RawConfigParser() + logger.info("Using {0} as db config source".format(os_conf)) + config.read(os_conf) + logger.info("Trying to load db config from {0}:{1}".format( + os_conf_section, os_conf_key)) + user_db_conn = config.get(os_conf_section, os_conf_key) + logger.info("Got config from {0}".format(os_conf)) + except: + logger.critical("Tried to load config from {0} but failed.".format(os_conf)) + raise +elif "DB_CONNECTION" in os.environ: + user_db_conn = os.environ['DB_CONNECTION'] + logger.info('Got config from DB_CONNECTION env var') +else: + logger.critical('Could not get db config, either from config file or env var') + sys.exit(1) + +# Root DB engine +try: + root_engine_full = create_engine(db_connection) + root_user = root_engine_full.url.username + root_password = root_engine_full.url.password + drivername = root_engine_full.url.drivername + host = root_engine_full.url.host + port = root_engine_full.url.port + root_engine_url = ''.join([drivername, '://', root_user, ':', root_password, '@', host, ':', str (port)]) + root_engine = create_engine(root_engine_url) + connection = root_engine.connect() + connection.close() + logger.info("Tested connection to DB @ {0}:{1} as {2}".format( + host, port, root_user)) +except: + logger.critical('Could not connect to database as root user') + raise + +# User DB engine +try: + user_engine = create_engine(user_db_conn) + # Get our user data out of the user_engine + database = user_engine.url.database + user = user_engine.url.username + password = user_engine.url.password + logger.info('Got user db config') +except: + logger.critical('Could not get user database config') + raise + +# Create DB +try: + root_engine.execute("CREATE DATABASE IF NOT EXISTS {0}".format(database)) + logger.info("Created database {0}".format(database)) +except: + logger.critical("Could not create database {0}".format(database)) + raise + +# Create DB User +try: + root_engine.execute( + "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\'".format( + database, user, password)) + logger.info("Created user {0} for {1}".format(user, database)) +except: + logger.critical("Could not create user {0} for {1}".format(user, database)) + raise + +# Test connection +try: + connection = user_engine.connect() + connection.close() + logger.info("Tested connection to DB @ {0}:{1}/{2} as {3}".format( + host, port, database, user)) +except: + logger.critical('Could not connect to database as user') + raise + +logger.info('Finished DB Management') +{{- end }} diff --git a/helm-toolkit/templates/scripts/_ks-domain-user.sh.tpl b/helm-toolkit/templates/scripts/_ks-domain-user.sh.tpl new file mode 100644 index 000000000..e80c0f696 --- /dev/null +++ b/helm-toolkit/templates/scripts/_ks-domain-user.sh.tpl @@ -0,0 +1,74 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.scripts.keystone_domain_user" }} +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Manage domain +SERVICE_OS_DOMAIN_ID=$(openstack domain create --or-show --enable -f value -c id \ + --description="Service Domain for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_DOMAIN_NAME}" \ + "${SERVICE_OS_DOMAIN_NAME}") + +# Display domain +openstack domain show "${SERVICE_OS_DOMAIN_ID}" + +# Manage user +SERVICE_OS_USERID=$(openstack user create --or-show --enable -f value -c id \ + --domain="${SERVICE_OS_DOMAIN_ID}" \ + --description "Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_DOMAIN_NAME}" \ + --password="${SERVICE_OS_PASSWORD}" \ + "${SERVICE_OS_USERNAME}") + +# Manage user password (we do this to ensure the password is updated if required) +openstack user set --password="${SERVICE_OS_PASSWORD}" "${SERVICE_OS_USERID}" + +# Display user +openstack user show "${SERVICE_OS_USERID}" + +# Manage role +SERVICE_OS_ROLE_ID=$(openstack role show -f value -c id \ + "${SERVICE_OS_ROLE}" || openstack role create -f value -c id \ + "${SERVICE_OS_ROLE}" ) + +# Manage user role assignment +openstack role add \ + --domain="${SERVICE_OS_DOMAIN_ID}" \ + --user="${SERVICE_OS_USERID}" \ + --user-domain="${SERVICE_OS_DOMAIN_ID}" \ + "${SERVICE_OS_ROLE_ID}" + +# Display user role assignment +openstack role assignment list \ + --role="${SERVICE_OS_ROLE_ID}" \ + --user-domain="${SERVICE_OS_DOMAIN_ID}" \ + --user="${SERVICE_OS_USERID}" +{{- end }} diff --git a/helm-toolkit/templates/scripts/_ks-endpoints.sh.tpl b/helm-toolkit/templates/scripts/_ks-endpoints.sh.tpl new file mode 100755 index 000000000..b1609456f --- /dev/null +++ b/helm-toolkit/templates/scripts/_ks-endpoints.sh.tpl @@ -0,0 +1,81 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.scripts.keystone_endpoints" }} +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Get Service ID +OS_SERVICE_ID=$( openstack service list -f csv --quote none | \ + grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \ + sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" ) + +# Get Endpoint ID if it exists +OS_ENDPOINT_ID=$( openstack endpoint list -f csv --quote none | \ + grep "^[a-z0-9]*,${OS_REGION_NAME},${OS_SERVICE_NAME},${OS_SERVICE_TYPE},True,${OS_SVC_ENDPOINT}," | \ + awk -F ',' '{ print $1 }' ) + +# Making sure only a single endpoint exists for a service within a region +if [ "$(echo $OS_ENDPOINT_ID | wc -w)" -gt "1" ]; then + echo "More than one endpoint found, cleaning up" + for ENDPOINT_ID in $OS_ENDPOINT_ID; do + openstack endpoint delete ${ENDPOINT_ID} + done + unset OS_ENDPOINT_ID +fi + +# Determine if Endpoint needs updated +if [[ ${OS_ENDPOINT_ID} ]]; then + OS_ENDPOINT_URL_CURRENT=$(openstack endpoint show ${OS_ENDPOINT_ID} -f value -c url) + if [ "${OS_ENDPOINT_URL_CURRENT}" == "${OS_SERVICE_ENDPOINT}" ]; then + echo "Endpoints Match: no action required" + OS_ENDPOINT_UPDATE="False" + else + echo "Endpoints Dont Match: removing existing entries" + openstack endpoint delete ${OS_ENDPOINT_ID} + OS_ENDPOINT_UPDATE="True" + fi +else + OS_ENDPOINT_UPDATE="True" +fi + +# Update Endpoint if required +if [[ "${OS_ENDPOINT_UPDATE}" == "True" ]]; then + OS_ENDPOINT_ID=$( openstack endpoint create -f value -c id \ + --region="${OS_REGION_NAME}" \ + "${OS_SERVICE_ID}" \ + ${OS_SVC_ENDPOINT} \ + "${OS_SERVICE_ENDPOINT}" ) +fi + +# Display the Endpoint +openstack endpoint show ${OS_ENDPOINT_ID} +{{- end }} diff --git a/helm-toolkit/templates/scripts/_ks-service.sh.tpl b/helm-toolkit/templates/scripts/_ks-service.sh.tpl new file mode 100644 index 000000000..ef122be17 --- /dev/null +++ b/helm-toolkit/templates/scripts/_ks-service.sh.tpl @@ -0,0 +1,53 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.scripts.keystone_service" }} +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Service boilerplate description +OS_SERVICE_DESC="${OS_REGION_NAME}: ${OS_SERVICE_NAME} (${OS_SERVICE_TYPE}) service" + +# Get Service ID if it exists +unset OS_SERVICE_ID +OS_SERVICE_ID=$( openstack service list -f csv --quote none | \ + grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \ + sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" ) + +# If a Service ID was not found, then create the service +if [[ -z ${OS_SERVICE_ID} ]]; then + OS_SERVICE_ID=$(openstack service create -f value -c id \ + --name="${OS_SERVICE_NAME}" \ + --description "${OS_SERVICE_DESC}" \ + --enable \ + "${OS_SERVICE_TYPE}") +fi +{{- end }} diff --git a/helm-toolkit/templates/scripts/_ks-user.sh.tpl b/helm-toolkit/templates/scripts/_ks-user.sh.tpl new file mode 100644 index 000000000..1b61371bd --- /dev/null +++ b/helm-toolkit/templates/scripts/_ks-user.sh.tpl @@ -0,0 +1,104 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.scripts.keystone_user" }} +#!/bin/bash + +# Copyright 2017 Pete Birley +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Manage project domain +PROJECT_DOMAIN_ID=$(openstack domain create --or-show --enable -f value -c id \ + --description="Domain for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + "${SERVICE_OS_PROJECT_DOMAIN_NAME}") + +# Display project domain +openstack domain show "${PROJECT_DOMAIN_ID}" + +# Manage user project +USER_PROJECT_DESC="Service Project for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}" +USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \ + --domain="${PROJECT_DOMAIN_ID}" \ + --description="${USER_PROJECT_DESC}" \ + "${SERVICE_OS_PROJECT_NAME}"); + +# Display project +openstack project show "${USER_PROJECT_ID}" + +# Manage user domain +USER_DOMAIN_ID=$(openstack domain create --or-show --enable -f value -c id \ + --description="Domain for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}" \ + "${SERVICE_OS_USER_DOMAIN_NAME}") + +# Display user domain +openstack domain show "${USER_DOMAIN_ID}" + +# Manage user +USER_DESC="Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}/${SERVICE_OS_SERVICE_NAME}" +USER_ID=$(openstack user create --or-show --enable -f value -c id \ + --domain="${USER_DOMAIN_ID}" \ + --project-domain="${PROJECT_DOMAIN_ID}" \ + --project="${USER_PROJECT_ID}" \ + --description="${USER_DESC}" \ + --password="${SERVICE_OS_PASSWORD}" \ + "${SERVICE_OS_USERNAME}"); + +# Manage user password (we do this to ensure the password is updated if required) +openstack user set --password="${SERVICE_OS_PASSWORD}" "${USER_ID}" + +# Display user +openstack user show "${USER_ID}" + +function ks_assign_user_role () { + # Manage user role assignment + openstack role add \ + --user="${USER_ID}" \ + --user-domain="${USER_DOMAIN_ID}" \ + --project-domain="${PROJECT_DOMAIN_ID}" \ + --project="${USER_PROJECT_ID}" \ + "${USER_ROLE_ID}" + + # Display user role assignment + openstack role assignment list \ + --role="${USER_ROLE_ID}" \ + --user-domain="${USER_DOMAIN_ID}" \ + --user="${USER_ID}" +} + +# Manage user service role +export USER_ROLE_ID=$(openstack role create --or-show -f value -c id \ + "${SERVICE_OS_ROLE}"); +ks_assign_user_role + +# Manage user member role +: ${MEMBER_OS_ROLE:="_member_"} +export USER_ROLE_ID=$(openstack role create --or-show -f value -c id \ + "${MEMBER_OS_ROLE}"); +ks_assign_user_role +{{- end }} diff --git a/helm-toolkit/templates/scripts/_rally_test.sh.tpl b/helm-toolkit/templates/scripts/_rally_test.sh.tpl new file mode 100644 index 000000000..5da4a0fbf --- /dev/null +++ b/helm-toolkit/templates/scripts/_rally_test.sh.tpl @@ -0,0 +1,37 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.scripts.rally_test" -}} +#!/bin/bash +set -ex +{{- $rallyTests := index . 0 }} + +: ${RALLY_ENV_NAME:="openstack-helm"} +rally-manage db create +rally deployment create --fromenv --name ${RALLY_ENV_NAME} +rally deployment use ${RALLY_ENV_NAME} +rally deployment check +{{- if $rallyTests.run_tempest }} +rally verify create-verifier --name ${RALLY_ENV_NAME}-tempest --type tempest +SERVICE_TYPE=$(rally deployment check | grep ${RALLY_ENV_NAME} | awk -F \| '{print $3}' | tr -d ' ' | tr -d '\n') +rally verify start --pattern tempest.api.$SERVICE_TYPE* +rally verify delete-verifier --id ${RALLY_ENV_NAME}-tempest --force +{{- end }} +rally task validate /etc/rally/rally_tests.yaml +rally task start /etc/rally/rally_tests.yaml +rally deployment destroy --deployment ${RALLY_ENV_NAME} +rally task sla-check +{{- end }} diff --git a/helm-toolkit/templates/snippets/_keystone_openrc_env_vars.tpl b/helm-toolkit/templates/snippets/_keystone_openrc_env_vars.tpl new file mode 100644 index 000000000..dfded6433 --- /dev/null +++ b/helm-toolkit/templates/snippets/_keystone_openrc_env_vars.tpl @@ -0,0 +1,56 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.keystone_openrc_env_vars" }} +{{- $ksUserSecret := .ksUserSecret }} +- name: OS_IDENTITY_API_VERSION + value: "3" +- name: OS_AUTH_URL + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_AUTH_URL +- name: OS_REGION_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_REGION_NAME +- name: OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PROJECT_DOMAIN_NAME +- name: OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PROJECT_NAME +- name: OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_USER_DOMAIN_NAME +- name: OS_USERNAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_USERNAME +- name: OS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PASSWORD +{{- end }} diff --git a/helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl b/helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl new file mode 100644 index 000000000..66568f213 --- /dev/null +++ b/helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl @@ -0,0 +1,29 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.keystone_secret_openrc" }} +{{- $userClass := index . 0 -}} +{{- $identityEndpoint := index . 1 -}} +{{- $context := index . 2 -}} +{{- $userContext := index $context.Values.endpoints.identity.auth $userClass }} +OS_AUTH_URL: {{ tuple "identity" $identityEndpoint "api" $context | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc }} +OS_REGION_NAME: {{ $userContext.region_name | b64enc }} +OS_PROJECT_DOMAIN_NAME: {{ $userContext.project_domain_name | b64enc }} +OS_PROJECT_NAME: {{ $userContext.project_name | b64enc }} +OS_USER_DOMAIN_NAME: {{ $userContext.user_domain_name | b64enc }} +OS_USERNAME: {{ $userContext.username | b64enc }} +OS_PASSWORD: {{ $userContext.password | b64enc }} +{{- end }} diff --git a/helm-toolkit/templates/snippets/_keystone_user_create_env_vars.tpl b/helm-toolkit/templates/snippets/_keystone_user_create_env_vars.tpl new file mode 100644 index 000000000..dd16e68c3 --- /dev/null +++ b/helm-toolkit/templates/snippets/_keystone_user_create_env_vars.tpl @@ -0,0 +1,49 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.keystone_user_create_env_vars" }} +{{- $ksUserSecret := .ksUserSecret }} +- name: SERVICE_OS_REGION_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_REGION_NAME +- name: SERVICE_OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PROJECT_DOMAIN_NAME +- name: SERVICE_OS_PROJECT_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PROJECT_NAME +- name: SERVICE_OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_USER_DOMAIN_NAME +- name: SERVICE_OS_USERNAME + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_USERNAME +- name: SERVICE_OS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $ksUserSecret }} + key: OS_PASSWORD +{{- end }} diff --git a/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl b/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl new file mode 100644 index 000000000..3c96d0718 --- /dev/null +++ b/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl @@ -0,0 +1,50 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.kubernetes_entrypoint_init_container" -}} +{{- $envAll := index . 0 -}} +{{- $deps := index . 1 -}} +{{- $mounts := index . 2 -}} +- name: init + image: {{ $envAll.Values.images.tags.dep_check }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: INTERFACE_NAME + value: eth0 + - name: DEPENDENCY_SERVICE + value: "{{ tuple $deps.services $envAll | include "helm-toolkit.utils.comma_joined_hostname_list" }}" + - name: DEPENDENCY_JOBS + value: "{{ include "helm-toolkit.utils.joinListWithComma" $deps.jobs }}" + - name: DEPENDENCY_DAEMONSET + value: "{{ include "helm-toolkit.utils.joinListWithComma" $deps.daemonset }}" + - name: DEPENDENCY_CONTAINER + value: "{{ include "helm-toolkit.utils.joinListWithComma" $deps.container }}" + - name: COMMAND + value: "echo done" + command: + - kubernetes-entrypoint + volumeMounts: {{ $mounts | default "[]"}} +{{- end -}} diff --git a/helm-toolkit/templates/snippets/_kubernetes_kubectl_params.tpl b/helm-toolkit/templates/snippets/_kubernetes_kubectl_params.tpl new file mode 100644 index 000000000..988292943 --- /dev/null +++ b/helm-toolkit/templates/snippets/_kubernetes_kubectl_params.tpl @@ -0,0 +1,22 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.kubernetes_kubectl_params" -}} +{{- $envAll := index . 0 -}} +{{- $application := index . 1 -}} +{{- $component := index . 2 -}} +{{ print "-l application=" $application " -l component=" $component }} +{{- end -}} diff --git a/helm-toolkit/templates/snippets/_kubernetes_metadata_labels.tpl b/helm-toolkit/templates/snippets/_kubernetes_metadata_labels.tpl new file mode 100644 index 000000000..19d32ab4e --- /dev/null +++ b/helm-toolkit/templates/snippets/_kubernetes_metadata_labels.tpl @@ -0,0 +1,24 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.kubernetes_metadata_labels" -}} +{{- $envAll := index . 0 -}} +{{- $application := index . 1 -}} +{{- $component := index . 2 -}} +release_group: {{ $envAll.Values.release_group | default $envAll.Release.Name }} +application: {{ $application }} +component: {{ $component }} +{{- end -}} diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_anti_affinity.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_anti_affinity.tpl new file mode 100644 index 000000000..4981015ca --- /dev/null +++ b/helm-toolkit/templates/snippets/_kubernetes_pod_anti_affinity.tpl @@ -0,0 +1,42 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.kubernetes_pod_anti_affinity" -}} +{{- $envAll := index . 0 -}} +{{- $application := index . 1 -}} +{{- $component := index . 2 -}} +{{- $antiAffinityType := index $envAll.Values.pod.affinity.anti.type $component | default $envAll.Values.pod.affinity.anti.type.default }} +{{- $antiAffinityKey := index $envAll.Values.pod.affinity.anti.topologyKey $component | default $envAll.Values.pod.affinity.anti.topologyKey.default }} +podAntiAffinity: + {{ $antiAffinityType }}: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: release_group + operator: In + values: + - {{ $envAll.Values.release_group | default $envAll.Release.Name }} + - key: application + operator: In + values: + - {{ $application }} + - key: component + operator: In + values: + - {{ $component }} + topologyKey: {{ $antiAffinityKey }} + weight: 10 +{{- end -}} diff --git a/helm-toolkit/templates/snippets/_kubernetes_resources.tpl b/helm-toolkit/templates/snippets/_kubernetes_resources.tpl new file mode 100644 index 000000000..fe62b8dbd --- /dev/null +++ b/helm-toolkit/templates/snippets/_kubernetes_resources.tpl @@ -0,0 +1,29 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.kubernetes_resources" -}} +{{- $envAll := index . 0 -}} +{{- $component := index . 1 -}} +{{- if $envAll.Values.pod.resources.enabled -}} +resources: + limits: + cpu: {{ $component.limits.cpu | quote }} + memory: {{ $component.limits.memory | quote }} + requests: + cpu: {{ $component.requests.cpu | quote }} + memory: {{ $component.requests.memory | quote }} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/snippets/_kubernetes_upgrades_daemonset.tpl b/helm-toolkit/templates/snippets/_kubernetes_upgrades_daemonset.tpl new file mode 100644 index 000000000..eaef2a558 --- /dev/null +++ b/helm-toolkit/templates/snippets/_kubernetes_upgrades_daemonset.tpl @@ -0,0 +1,35 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.kubernetes_upgrades_daemonset" -}} +{{- $envAll := index . 0 -}} +{{- $component := index . 1 -}} +{{- $upgradeMap := index $envAll.Values.pod.lifecycle.upgrades.daemonsets $component -}} +{{- $pod_replacement_strategy := $envAll.Values.pod.lifecycle.upgrades.daemonsets.pod_replacement_strategy -}} +{{- with $upgradeMap -}} +{{- if .enabled }} +minReadySeconds: {{ .min_ready_seconds }} +updateStrategy: + type: {{ $pod_replacement_strategy }} + {{- if $pod_replacement_strategy }} + {{- if eq $pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .max_unavailable }} + {{- end }} + {{- end }} +{{- end }} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/snippets/_kubernetes_upgrades_deployment.tpl b/helm-toolkit/templates/snippets/_kubernetes_upgrades_deployment.tpl new file mode 100644 index 000000000..3184b0d08 --- /dev/null +++ b/helm-toolkit/templates/snippets/_kubernetes_upgrades_deployment.tpl @@ -0,0 +1,29 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.kubernetes_upgrades_deployment" -}} +{{- $envAll := index . 0 -}} +{{- with $envAll.Values.pod.lifecycle.upgrades.deployments -}} +revisionHistoryLimit: {{ .revision_history }} +strategy: + type: {{ .pod_replacement_strategy }} + {{- if eq .pod_replacement_strategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .rolling_update.max_unavailable }} + maxSurge: {{ .rolling_update.max_surge }} + {{- end }} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/utils/_comma_joined_hostname_list.tpl b/helm-toolkit/templates/utils/_comma_joined_hostname_list.tpl new file mode 100644 index 000000000..69747687e --- /dev/null +++ b/helm-toolkit/templates/utils/_comma_joined_hostname_list.tpl @@ -0,0 +1,21 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.utils.comma_joined_hostname_list" -}} +{{- $deps := index . 0 -}} +{{- $envAll := index . 1 -}} +{{- range $k, $v := $deps -}}{{- if $k -}},{{- end -}}{{ tuple $v.service $v.endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/utils/_configmap_templater.tpl b/helm-toolkit/templates/utils/_configmap_templater.tpl new file mode 100644 index 000000000..9f168b18e --- /dev/null +++ b/helm-toolkit/templates/utils/_configmap_templater.tpl @@ -0,0 +1,32 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.utils.configmap_templater" }} +{{- $keyRoot := index . 0 -}} +{{- $configTemplate := index . 1 -}} +{{- $context := index . 2 -}} +{{ if $keyRoot.override -}} +{{ $keyRoot.override | indent 4 }} +{{- else -}} +{{- if $keyRoot.prefix -}} +{{ $keyRoot.prefix | indent 4 }} +{{- end }} +{{ tuple $configTemplate $context | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} +{{- if $keyRoot.append -}} +{{ $keyRoot.append | indent 4 }} +{{- end }} +{{- end -}} diff --git a/helm-toolkit/templates/utils/_hash.tpl b/helm-toolkit/templates/utils/_hash.tpl new file mode 100644 index 000000000..1041ec000 --- /dev/null +++ b/helm-toolkit/templates/utils/_hash.tpl @@ -0,0 +1,23 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.utils.hash" -}} +{{- $name := index . 0 -}} +{{- $context := index . 1 -}} +{{- $last := base $context.Template.Name }} +{{- $wtf := $context.Template.Name | replace $last $name -}} +{{- include $wtf $context | sha256sum | quote -}} +{{- end -}} diff --git a/helm-toolkit/templates/utils/_joinListWithComma.tpl b/helm-toolkit/templates/utils/_joinListWithComma.tpl new file mode 100644 index 000000000..1a1e09958 --- /dev/null +++ b/helm-toolkit/templates/utils/_joinListWithComma.tpl @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.utils.joinListWithComma" -}} +{{- $local := dict "first" true -}} +{{- range $k, $v := . -}}{{- if not $local.first -}},{{- end -}}{{- $v -}}{{- $_ := set $local "first" false -}}{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/utils/_template.tpl b/helm-toolkit/templates/utils/_template.tpl new file mode 100644 index 000000000..3f5f348d0 --- /dev/null +++ b/helm-toolkit/templates/utils/_template.tpl @@ -0,0 +1,23 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.utils.template" -}} +{{- $name := index . 0 -}} +{{- $context := index . 1 -}} +{{- $last := base $context.Template.Name }} +{{- $wtf := $context.Template.Name | replace $last $name -}} +{{ include $wtf $context }} +{{- end -}} diff --git a/helm-toolkit/templates/utils/_to_ini.tpl b/helm-toolkit/templates/utils/_to_ini.tpl new file mode 100644 index 000000000..cc9e3f837 --- /dev/null +++ b/helm-toolkit/templates/utils/_to_ini.tpl @@ -0,0 +1,30 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.utils.to_ini" -}} +{{- range $section, $values := . -}} +{{- if kindIs "map" $values -}} +[{{ $section }}] +{{range $key, $value := $values -}} +{{- if kindIs "slice" $value -}} +{{ $key }} = {{ include "helm-toolkit.utils.joinListWithComma" $value }} +{{else -}} +{{ $key }} = {{ $value }} +{{end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/utils/_to_oslo_conf.tpl b/helm-toolkit/templates/utils/_to_oslo_conf.tpl new file mode 100644 index 000000000..96f0c01d4 --- /dev/null +++ b/helm-toolkit/templates/utils/_to_oslo_conf.tpl @@ -0,0 +1,36 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.utils.to_oslo_conf" -}} +{{- range $section, $values := . -}} +{{- if kindIs "map" $values -}} +[{{ $section }}] +{{ range $key, $value := $values -}} +{{- if kindIs "slice" $value -}} +{{ $key }} = {{ include "helm-toolkit.utils.joinListWithComma" $value }} +{{ else if kindIs "map" $value -}} +{{- if eq $value.type "multistring" }} +{{- range $k, $multistringValue := $value.values -}} +{{ $key }} = {{ $multistringValue }} +{{ end -}} +{{- end -}} +{{- else -}} +{{ $key }} = {{ $value }} +{{ end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/values.yaml b/helm-toolkit/values.yaml new file mode 100644 index 000000000..9a2b0c22d --- /dev/null +++ b/helm-toolkit/values.yaml @@ -0,0 +1,26 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for utils. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +global: + region: cluster + tld: local + +endpoints: + fqdn: null + diff --git a/kube-dns/requirements.yaml b/kube-dns/requirements.yaml new file mode 100644 index 000000000..53782e69b --- /dev/null +++ b/kube-dns/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/kube-dns/templates/deployment-kube-dns.yaml b/kube-dns/templates/deployment-kube-dns.yaml index 6a0406a84..2c0d447f4 100644 --- a/kube-dns/templates/deployment-kube-dns.yaml +++ b/kube-dns/templates/deployment-kube-dns.yaml @@ -21,12 +21,14 @@ kind: Deployment metadata: labels: k8s-app: kube-dns +{{ tuple $envAll "kubernetes" "dns" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} name: kube-dns spec: replicas: 1 selector: matchLabels: k8s-app: kube-dns +{{ tuple $envAll "kubernetes" "dns" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} strategy: rollingUpdate: maxSurge: 10% @@ -34,141 +36,141 @@ spec: type: RollingUpdate template: metadata: - creationTimestamp: null labels: k8s-app: kube-dns +{{ tuple $envAll "kubernetes" "dns" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - - matchExpressions: - - key: beta.kubernetes.io/arch - operator: In - values: - - amd64 + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 containers: - - args: - - --domain={{ .Values.networking.dnsDomain }}. - - --dns-port=10053 - - --config-dir=/kube-dns-config - - --v=2 - env: - - name: PROMETHEUS_PORT - value: "10055" - image: {{ .Values.images.tags.kube_dns }} - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthcheck/kubedns - port: 10054 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: kubedns - ports: - - containerPort: 10053 - name: dns-local - protocol: UDP - - containerPort: 10053 - name: dns-tcp-local - protocol: TCP - - containerPort: 10055 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readiness - port: 8081 - scheme: HTTP - initialDelaySeconds: 3 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - memory: 170Mi - requests: - cpu: 100m - memory: 70Mi - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /kube-dns-config - name: kube-dns-config - - args: - - -v=2 - - -logtostderr - - -configDir=/etc/k8s/dns/dnsmasq-nanny - - -restartDnsmasq=true - - -- - - -k - - --cache-size=1000 - - --log-facility=- - - --server=/{{ .Values.networking.dnsDomain }}/127.0.0.1#10053 - - --server=/in-addr.arpa/127.0.0.1#10053 - - --server=/ip6.arpa/127.0.0.1#10053 - image: {{ .Values.images.tags.kube_dns_nanny }} - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthcheck/dnsmasq - port: 10054 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: dnsmasq - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - resources: - requests: - cpu: 150m - memory: 20Mi - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /etc/k8s/dns/dnsmasq-nanny - name: kube-dns-config - - args: - - --v=2 - - --logtostderr - - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.{{ .Values.networking.dnsDomain }},5,A - - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.{{ .Values.networking.dnsDomain }},5,A - image: {{ .Values.images.tags.kube_dns_sidecar }} - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 5 - httpGet: - path: /metrics - port: 10054 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: sidecar - ports: - - containerPort: 10054 - name: metrics - protocol: TCP - resources: - requests: - cpu: 10m - memory: 20Mi - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File + - name: kubedns + image: {{ .Values.images.tags.kube_dns }} + imagePullPolicy: IfNotPresent + args: + - --domain={{ .Values.networking.dnsDomain }}. + - --dns-port=10053 + - --config-dir=/kube-dns-config + - --v=2 + env: + - name: PROMETHEUS_PORT + value: "10055" + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthcheck/kubedns + port: 10054 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + ports: + - containerPort: 10053 + name: dns-local + protocol: UDP + - containerPort: 10053 + name: dns-tcp-local + protocol: TCP + - containerPort: 10055 + name: metrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readiness + port: 8081 + scheme: HTTP + initialDelaySeconds: 3 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + memory: 170Mi + requests: + cpu: 100m + memory: 70Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /kube-dns-config + name: kube-dns-config + - name: dnsmasq + image: {{ .Values.images.tags.kube_dns_nanny }} + imagePullPolicy: IfNotPresent + args: + - -v=2 + - -logtostderr + - -configDir=/etc/k8s/dns/dnsmasq-nanny + - -restartDnsmasq=true + - -- + - -k + - --cache-size=1000 + - --log-facility=- + - --server=/{{ .Values.networking.dnsDomain }}/127.0.0.1#10053 + - --server=/in-addr.arpa/127.0.0.1#10053 + - --server=/ip6.arpa/127.0.0.1#10053 + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthcheck/dnsmasq + port: 10054 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + ports: + - containerPort: 53 + name: dns + protocol: UDP + - containerPort: 53 + name: dns-tcp + protocol: TCP + resources: + requests: + cpu: 150m + memory: 20Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/k8s/dns/dnsmasq-nanny + name: kube-dns-config + - name: sidecar + image: {{ .Values.images.tags.kube_dns_sidecar }} + imagePullPolicy: IfNotPresent + args: + - --v=2 + - --logtostderr + - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.{{ .Values.networking.dnsDomain }},5,A + - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.{{ .Values.networking.dnsDomain }},5,A + livenessProbe: + failureThreshold: 5 + httpGet: + path: /metrics + port: 10054 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + ports: + - containerPort: 10054 + name: metrics + protocol: TCP + resources: + requests: + cpu: 10m + memory: 20Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File dnsPolicy: Default restartPolicy: Always schedulerName: default-scheduler diff --git a/kube-dns/templates/service-kube-dns.yaml b/kube-dns/templates/service-kube-dns.yaml index 37fbf1ba0..8bed035f7 100644 --- a/kube-dns/templates/service-kube-dns.yaml +++ b/kube-dns/templates/service-kube-dns.yaml @@ -23,19 +23,21 @@ metadata: k8s-app: kube-dns kubernetes.io/cluster-service: "true" kubernetes.io/name: KubeDNS +{{ tuple $envAll "kubernetes" "dns" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} name: kube-dns spec: + type: ClusterIP clusterIP: {{ .Values.networking.dnsIP }} + sessionAffinity: None ports: - - name: dns - port: 53 - protocol: UDP - targetPort: 53 - - name: dns-tcp - port: 53 - protocol: TCP - targetPort: 53 + - name: dns + port: 53 + protocol: UDP + targetPort: 53 + - name: dns-tcp + port: 53 + protocol: TCP + targetPort: 53 selector: k8s-app: kube-dns - sessionAffinity: None - type: ClusterIP +{{ tuple $envAll "kubernetes" "dns" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} diff --git a/tools/gate/devel/local-vars.yaml b/tools/gate/devel/local-vars.yaml index 2048b605f..8c769abb0 100644 --- a/tools/gate/devel/local-vars.yaml +++ b/tools/gate/devel/local-vars.yaml @@ -16,4 +16,4 @@ kubernetes: network: default_device: docker0 cluster: - cni: calcio + cni: calico diff --git a/tools/gate/playbooks/build-helm-packages/tasks/main.yaml b/tools/gate/playbooks/build-helm-packages/tasks/main.yaml new file mode 100644 index 000000000..1bd179c2e --- /dev/null +++ b/tools/gate/playbooks/build-helm-packages/tasks/main.yaml @@ -0,0 +1,18 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: setup-helm-serve.yaml + +- name: build all charts in repo + make: + chdir: "{{ work_dir }}" + target: all diff --git a/tools/gate/playbooks/build-helm-packages/tasks/setup-helm-serve.yaml b/tools/gate/playbooks/build-helm-packages/tasks/setup-helm-serve.yaml new file mode 100644 index 000000000..819c2b5dc --- /dev/null +++ b/tools/gate/playbooks/build-helm-packages/tasks/setup-helm-serve.yaml @@ -0,0 +1,62 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- block: + - name: check if correct version of helm client already installed + shell: "[ \"x$($(type -p helm) version --client --short | awk '{ print $NF }' | awk -F '+' '{ print $1 }')\" == \"x${HELM_VERSION}\" ] || exit 1" + environment: + HELM_VERSION: "{{ helm.version }}" + register: need_helm + ignore_errors: True + - name: install helm client + when: need_helm | failed + become_user: root + shell: | + TMP_DIR=$(mktemp -d) + curl -sSL https://storage.googleapis.com/kubernetes-helm/helm-{{ helm.version }}-linux-amd64.tar.gz | tar -zxv --strip-components=1 -C ${TMP_DIR} + sudo mv ${TMP_DIR}/helm /usr/bin/helm + rm -rf ${TMP_DIR} + - name: setting up helm client + command: helm init --client-only + +- block: + - name: checking if local helm server is running + shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository' + register: helm_server_running + ignore_errors: True + - name: launching local helm server via systemd + when: ( ansible_distribution == 'Fedora' ) and ( helm_server_running | failed ) + shell: | + export XDG_RUNTIME_DIR="/run/user/$UID" + export DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus" + systemd-run --user --unit helm-server helm serve + - name: launching local helm server via shell + when: ( ansible_distribution != 'Fedora' ) and ( helm_server_running | failed ) + shell: helm serve & + - name: wait for helm server to be ready + shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository' + register: wait_for_helm_server + until: wait_for_helm_server.rc == 0 + retries: 120 + delay: 5 + +- block: + - name: checking if helm 'stable' repo is present + shell: helm repo list | grep -q "^stable" + register: helm_stable_repo_present + ignore_errors: True + - name: checking if helm 'stable' repo is present + when: helm_stable_repo_present | succeeded + command: helm repo remove stable + +- name: adding helm local repo + command: helm repo add local http://localhost:8879/charts diff --git a/tools/gate/playbooks/zuul-pre.yaml b/tools/gate/playbooks/zuul-pre.yaml index f136f9beb..c303baf9f 100644 --- a/tools/gate/playbooks/zuul-pre.yaml +++ b/tools/gate/playbooks/zuul-pre.yaml @@ -24,6 +24,17 @@ tags: - deploy-python +- hosts: primary + vars_files: + - vars.yaml + vars: + work_dir: "{{ zuul.project.src_dir }}" + gather_facts: True + roles: + - build-helm-packages + tags: + - build-helm-packages + - hosts: all vars_files: - vars.yaml