diff --git a/.gitignore b/.gitignore index 77095eb5a..b3fe119b6 100644 --- a/.gitignore +++ b/.gitignore @@ -71,3 +71,5 @@ releasenotes/build # Gate and Check Logs logs/ +tools/gate/local-overrides/ +tools/gate/playbooks/*.retry diff --git a/calico/templates/daemonset-calico-etcd.yaml b/calico/templates/daemonset-calico-etcd.yaml index 4b2b83533..018e4c38c 100644 --- a/calico/templates/daemonset-calico-etcd.yaml +++ b/calico/templates/daemonset-calico-etcd.yaml @@ -51,7 +51,7 @@ spec: hostNetwork: true containers: - name: calico-etcd - image: {{ .Values.images.tags.calico_etcd }} +{{ tuple $envAll "calico_etcd" | include "helm-toolkit.snippets.image" | indent 10 }} env: - name: CALICO_ETCD_IP valueFrom: diff --git a/calico/templates/daemonset-calico-node.yaml b/calico/templates/daemonset-calico-node.yaml index b37ec04d6..02a94f8d5 100644 --- a/calico/templates/daemonset-calico-node.yaml +++ b/calico/templates/daemonset-calico-node.yaml @@ -57,7 +57,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: {{ .Values.images.tags.calico_node }} +{{ tuple $envAll "calico_node" | include "helm-toolkit.snippets.image" | indent 10 }} env: # The location of the Calico etcd cluster. - name: ETCD_ENDPOINTS diff --git a/calico/templates/deployment-calico-policy-controller.yaml b/calico/templates/deployment-calico-policy-controller.yaml index 4280690c1..20431bf69 100644 --- a/calico/templates/deployment-calico-policy-controller.yaml +++ b/calico/templates/deployment-calico-policy-controller.yaml @@ -55,7 +55,7 @@ spec: serviceAccountName: calico-policy-controller containers: - name: calico-policy-controller - image: {{ .Values.images.tags.calico_kube_policy_controller }} +{{ tuple $envAll "calico_kube_policy_controller" | include "helm-toolkit.snippets.image" | indent 10 }} env: # The location of the Calico etcd cluster. - name: ETCD_ENDPOINTS diff --git a/calico/values.yaml b/calico/values.yaml index 5dae057e6..36f03aa67 100644 --- a/calico/values.yaml +++ b/calico/values.yaml @@ -26,6 +26,9 @@ images: calico_node: quay.io/calico/node:v2.4.1 calico_cni: quay.io/calico/cni:v1.10.0 calico_kube_policy_controller: quay.io/calico/kube-policy-controller:v0.7.0 + pull_policy: IfNotPresent + registry: + prefix: null networking: podSubnet: 192.168.0.0/16 diff --git a/flannel/templates/daemonset-kube-flannel-ds.yaml b/flannel/templates/daemonset-kube-flannel-ds.yaml index 192185acd..9fd628be6 100644 --- a/flannel/templates/daemonset-kube-flannel-ds.yaml +++ b/flannel/templates/daemonset-kube-flannel-ds.yaml @@ -42,7 +42,7 @@ spec: serviceAccountName: flannel containers: - name: kube-flannel - image: {{ .Values.images.tags.flannel }} +{{ tuple $envAll "flannel" | include "helm-toolkit.snippets.image" | indent 10 }} command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr" ] securityContext: privileged: true diff --git a/flannel/values.yaml b/flannel/values.yaml index b295f0608..e89f45b36 100644 --- a/flannel/values.yaml +++ b/flannel/values.yaml @@ -17,6 +17,9 @@ images: tags: flannel: quay.io/coreos/flannel:v0.8.0-amd64 + pull_policy: IfNotPresent + registry: + prefix: null networking: podSubnet: 192.168.0.0/16 diff --git a/helm-toolkit/templates/snippets/_image.tpl b/helm-toolkit/templates/snippets/_image.tpl new file mode 100644 index 000000000..428b8117e --- /dev/null +++ b/helm-toolkit/templates/snippets/_image.tpl @@ -0,0 +1,27 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.snippets.image" -}} +{{- $envAll := index . 0 -}} +{{- $image := index . 1 -}} +{{- $imageTag := index $envAll.Values.images.tags $image -}} +{{- if $envAll.Values.images.registry.prefix -}} +image: {{ printf "%s/%s" $envAll.Values.images.registry.prefix $imageTag | quote }} +{{- else -}} +image: {{ $imageTag | quote }} +{{- end }} +imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{- end -}} diff --git a/kube-dns/templates/deployment-kube-dns.yaml b/kube-dns/templates/deployment-kube-dns.yaml index 2c0d447f4..847d5c4c7 100644 --- a/kube-dns/templates/deployment-kube-dns.yaml +++ b/kube-dns/templates/deployment-kube-dns.yaml @@ -51,8 +51,7 @@ spec: - amd64 containers: - name: kubedns - image: {{ .Values.images.tags.kube_dns }} - imagePullPolicy: IfNotPresent +{{ tuple $envAll "kube_dns" | include "helm-toolkit.snippets.image" | indent 10 }} args: - --domain={{ .Values.networking.dnsDomain }}. - --dns-port=10053 @@ -103,8 +102,7 @@ spec: - mountPath: /kube-dns-config name: kube-dns-config - name: dnsmasq - image: {{ .Values.images.tags.kube_dns_nanny }} - imagePullPolicy: IfNotPresent +{{ tuple $envAll "kube_dns_nanny" | include "helm-toolkit.snippets.image" | indent 10 }} args: - -v=2 - -logtostderr @@ -144,8 +142,7 @@ spec: - mountPath: /etc/k8s/dns/dnsmasq-nanny name: kube-dns-config - name: sidecar - image: {{ .Values.images.tags.kube_dns_sidecar }} - imagePullPolicy: IfNotPresent +{{ tuple $envAll "kube_dns_sidecar" | include "helm-toolkit.snippets.image" | indent 10 }} args: - --v=2 - --logtostderr diff --git a/kube-dns/values.yaml b/kube-dns/values.yaml index 824099837..da7b19e2d 100644 --- a/kube-dns/values.yaml +++ b/kube-dns/values.yaml @@ -19,6 +19,9 @@ images: kube_dns: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5 kube_dns_nanny: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5 kube_dns_sidecar: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5 + pull_policy: IfNotPresent + registry: + prefix: null networking: dnsDomain: cluster.local diff --git a/nfs-provisioner/Chart.yaml b/nfs-provisioner/Chart.yaml new file mode 100644 index 000000000..1ac8815f7 --- /dev/null +++ b/nfs-provisioner/Chart.yaml @@ -0,0 +1,24 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: OpenStack-Helm NFS +name: nfs-provisioner +version: 0.1.0 +home: https://github.com/kubernetes-incubator/external-storage +sources: + - https://github.com/kubernetes-incubator/external-storage + - https://git.openstack.org/cgit/openstack/openstack-helm +maintainers: + - name: OpenStack-Helm Authors diff --git a/nfs-provisioner/requirements.yaml b/nfs-provisioner/requirements.yaml new file mode 100644 index 000000000..00a045b4e --- /dev/null +++ b/nfs-provisioner/requirements.yaml @@ -0,0 +1,19 @@ + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/nfs-provisioner/templates/deployment.yaml b/nfs-provisioner/templates/deployment.yaml new file mode 100644 index 000000000..a333fbe9b --- /dev/null +++ b/nfs-provisioner/templates/deployment.yaml @@ -0,0 +1,77 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment }} +{{- $envAll := . }} +--- +kind: Deployment +apiVersion: apps/v1beta1 +metadata: + name: nfs-provisioner +spec: + replicas: {{ .Values.pod.replicas.server }} + strategy: + type: Recreate + template: + metadata: + labels: +{{ tuple $envAll "nfs" "provisioner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + affinity: +{{ tuple $envAll "nfs" "provisioner" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: nfs-provisioner +{{ tuple $envAll "nfs_provisioner" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + capabilities: + add: + - DAC_READ_SEARCH + - SYS_RESOURCE + ports: + - name: nfs + containerPort: 2049 + - name: mountd + containerPort: 20048 + - name: rpcbind + containerPort: 111 + - name: rpcbind-udp + containerPort: 111 + protocol: UDP + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_NAME + value: {{ tuple "nfs" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + args: + - "-provisioner={{ .Values.storageclass.provisioner }}" + - "-grace-period=10" + volumeMounts: + - name: export-volume + mountPath: /export + volumes: + - name: export-volume + hostPath: + path: {{ .Values.storage.host.host_path }} +{{- end }} diff --git a/nfs-provisioner/templates/service.yaml b/nfs-provisioner/templates/service.yaml new file mode 100644 index 000000000..7ece1f5cb --- /dev/null +++ b/nfs-provisioner/templates/service.yaml @@ -0,0 +1,39 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service }} +{{- $envAll := . }} +--- +kind: Service +apiVersion: v1 +metadata: + name: {{ tuple "nfs" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + labels: +{{ tuple $envAll "nfs" "provisioner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + ports: + - name: nfs + port: 2049 + - name: mountd + port: 20048 + - name: rpcbind + port: 111 + - name: rpcbind-udp + port: 111 + protocol: UDP + selector: +{{ tuple $envAll "nfs" "provisioner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- end }} diff --git a/nfs-provisioner/templates/storage_class.yaml b/nfs-provisioner/templates/storage_class.yaml new file mode 100644 index 000000000..1fa0c8946 --- /dev/null +++ b/nfs-provisioner/templates/storage_class.yaml @@ -0,0 +1,27 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.storage_class }} +{{- $envAll := . }} +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: {{ .Values.storageclass.name }} +provisioner: {{ .Values.storageclass.provisioner }} +parameters: + mountOptions: vers=4.1 +{{- end }} diff --git a/nfs-provisioner/values.yaml b/nfs-provisioner/values.yaml new file mode 100644 index 000000000..d9bc1ede5 --- /dev/null +++ b/nfs-provisioner/values.yaml @@ -0,0 +1,74 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for NFS. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +pod: + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + replicas: + #only 1 replica currently supported + server: 1 + resources: + enabled: false + server: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +images: + tags: + nfs_provisioner: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.8 + pull_policy: IfNotPresent + registry: + prefix: null + +storage: + host: + host_path: /var/lib/openstack-helm/nfs + +labels: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +storageclass: + provisioner: example.com/nfs + name: general + +endpoints: + cluster_domain_suffix: cluster.local + nfs: + hosts: + default: nfs-provisioner + host_fqdn_override: + default: null + path: null + scheme: null + port: + nfs: + default: null + +manifests: + deployment: true + service: true + storage_class: true diff --git a/redis/Chart.yaml b/redis/Chart.yaml new file mode 100644 index 000000000..0fc101471 --- /dev/null +++ b/redis/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: OpenStack-Helm Redis +name: redis +version: 0.1.0 diff --git a/redis/requirements.yaml b/redis/requirements.yaml new file mode 100644 index 000000000..53782e69b --- /dev/null +++ b/redis/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/redis/templates/deployment.yaml b/redis/templates/deployment.yaml new file mode 100644 index 000000000..369e39122 --- /dev/null +++ b/redis/templates/deployment.yaml @@ -0,0 +1,47 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- $envAll := . }} +--- +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: redis +spec: + replicas: {{ .Values.pod.replicas.server }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "redis" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + affinity: +{{ tuple $envAll "redis" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: redis +{{ tuple $envAll "redis" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: ["sh", "-xec"] + args: + - | + exec redis-server --port {{ .Values.network.port }} + ports: + - containerPort: {{ .Values.network.port }} + readinessProbe: + tcpSocket: + port: {{ .Values.network.port }} diff --git a/redis/templates/service.yaml b/redis/templates/service.yaml new file mode 100644 index 000000000..66cbc467d --- /dev/null +++ b/redis/templates/service.yaml @@ -0,0 +1,27 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: redis +spec: + clusterIP: None + ports: + - port: {{ .Values.network.port }} + selector: +{{ tuple $envAll "redis" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} diff --git a/redis/values.yaml b/redis/values.yaml new file mode 100644 index 000000000..036300d01 --- /dev/null +++ b/redis/values.yaml @@ -0,0 +1,59 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for redis. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +images: + tags: + redis: docker.io/redis:4.0.1 + pull_policy: "IfNotPresent" + registry: + prefix: null + +pod: + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + replicas: + server: 1 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + resources: + enabled: false + server: + limits: + memory: "128Mi" + cpu: "500m" + requests: + memory: "128Mi" + cpu: "500m" + +labels: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +network: + port: 6379 diff --git a/registry/Chart.yaml b/registry/Chart.yaml new file mode 100644 index 000000000..116bec42d --- /dev/null +++ b/registry/Chart.yaml @@ -0,0 +1,22 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +description: OpenStack-Helm Docker Registry +name: registry +version: 0.1.0 +home: https://github.com/kubernetes/ingress +sources: + - https://git.openstack.org/cgit/openstack/openstack-helm +maintainers: + - name: OpenStack-Helm Authors diff --git a/registry/requirements.yaml b/registry/requirements.yaml new file mode 100644 index 000000000..53782e69b --- /dev/null +++ b/registry/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/registry/templates/bin/_bootstrap.sh.tpl b/registry/templates/bin/_bootstrap.sh.tpl new file mode 100644 index 000000000..bd93ee4f1 --- /dev/null +++ b/registry/templates/bin/_bootstrap.sh.tpl @@ -0,0 +1,27 @@ +#!/bin/sh + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +{{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} + +IFS=',' ; for IMAGE in ${PRELOAD_IMAGES}; do + docker pull ${IMAGE} + docker tag ${IMAGE} ${LOCAL_REPO}/${IMAGE} + docker push ${LOCAL_REPO}/${IMAGE} +done diff --git a/registry/templates/bin/_registry-proxy.sh.tpl b/registry/templates/bin/_registry-proxy.sh.tpl new file mode 100644 index 000000000..2744bb2f0 --- /dev/null +++ b/registry/templates/bin/_registry-proxy.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/sh + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +exec nginx -g "daemon off;" diff --git a/registry/templates/bin/_registry.sh.tpl b/registry/templates/bin/_registry.sh.tpl new file mode 100644 index 000000000..d17a7d06a --- /dev/null +++ b/registry/templates/bin/_registry.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/sh + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +exec registry serve /etc/docker/registry/config.yml diff --git a/registry/templates/configmap-bin.yaml b/registry/templates/configmap-bin.yaml new file mode 100644 index 000000000..92a86a406 --- /dev/null +++ b/registry/templates/configmap-bin.yaml @@ -0,0 +1,31 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: registry-bin +data: + bootstrap.sh: |+ +{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + registry.sh: |+ +{{ tuple "bin/_registry.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + registry-proxy.sh: |+ +{{ tuple "bin/_registry-proxy.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} diff --git a/registry/templates/configmap-etc.yaml b/registry/templates/configmap-etc.yaml new file mode 100644 index 000000000..839da4a1c --- /dev/null +++ b/registry/templates/configmap-etc.yaml @@ -0,0 +1,38 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} + +{{- if empty .Values.conf.registry.http.addr -}} +{{ cat "0.0.0.0" (tuple "docker_registry" "internal" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup") | replace " " ":" | set .Values.conf.registry.http "addr" | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.registry.redis.addr -}} +{{ tuple "redis" "internal" "redis" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.registry.redis "addr" | quote | trunc 0 -}} +{{- end -}} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: registry-etc +data: + config.yml: |+ +{{ toYaml .Values.conf.registry | indent 4 }} + default.conf: |+ +{{ tuple "etc/_default.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} diff --git a/registry/templates/daemonset-registry-proxy.yaml b/registry/templates/daemonset-registry-proxy.yaml new file mode 100644 index 000000000..0212528cb --- /dev/null +++ b/registry/templates/daemonset-registry-proxy.yaml @@ -0,0 +1,64 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.daemonset_registry_proxy }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.registry_proxy }} +--- +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: docker-registry-proxy +spec: + template: + metadata: + labels: +{{ tuple $envAll "docker" "registry-proxy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: registry-proxy +{{ tuple $envAll "registry_proxy" | include "helm-toolkit.snippets.image" | indent 8 }} +{{ tuple $envAll $envAll.Values.pod.resources.registry_proxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/registry-proxy.sh + volumeMounts: + - name: registry-bin + mountPath: /tmp/registry-proxy.sh + subPath: registry-proxy.sh + readOnly: true + - name: registry-etc + mountPath: /etc/nginx/conf.d/default.conf + subPath: default.conf + readOnly: true + volumes: + - name: registry-bin + configMap: + name: registry-bin + defaultMode: 0555 + - name: registry-etc + configMap: + name: registry-etc + defaultMode: 0444 +{{- end }} diff --git a/registry/templates/deployment-registry.yaml b/registry/templates/deployment-registry.yaml new file mode 100644 index 000000000..6f2b9da73 --- /dev/null +++ b/registry/templates/deployment-registry.yaml @@ -0,0 +1,74 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_registry }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.registry }} +--- +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: docker-registry +spec: + replicas: {{ .Values.pod.replicas.registry }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "docker" "registry" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + affinity: +{{ tuple $envAll "docker" "registry" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: registry +{{ tuple $envAll "registry" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.registry | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + ports: + - name: d-reg + containerPort: {{ tuple "docker_registry" "internal" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + command: + - /tmp/registry.sh + volumeMounts: + - name: registry-bin + mountPath: /tmp/registry.sh + subPath: registry.sh + readOnly: true + - name: registry-etc + mountPath: /etc/docker/registry/config.yml + subPath: config.yml + readOnly: true + - name: docker-images + mountPath: {{ .Values.conf.registry.storage.filesystem.rootdirectory }} + volumes: + - name: registry-bin + configMap: + name: registry-bin + defaultMode: 0555 + - name: registry-etc + configMap: + name: registry-etc + defaultMode: 0444 + - name: docker-images + persistentVolumeClaim: + claimName: docker-images +{{- end }} diff --git a/registry/templates/etc/_default.conf.tpl b/registry/templates/etc/_default.conf.tpl new file mode 100644 index 000000000..c387fe4cc --- /dev/null +++ b/registry/templates/etc/_default.conf.tpl @@ -0,0 +1,28 @@ +# Docker registry proxy for api version 2 + +upstream docker-registry { + server {{ tuple "docker_registry" "internal" "registry" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}; +} + +# No client auth or TLS +# TODO(bacongobbler): experiment with authenticating the registry if it's using TLS +server { + listen {{ tuple "docker_registry" "public" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}; + server_name localhost; + + # disable any limits to avoid HTTP 413 for large image uploads + client_max_body_size 0; + + # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) + chunked_transfer_encoding on; + + location / { + # Do not allow connections from docker 1.5 and earlier + # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents + if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) { + return 404; + } + + include docker-registry.conf; + } +} diff --git a/registry/templates/job-bootstrap.yaml b/registry/templates/job-bootstrap.yaml new file mode 100644 index 000000000..d873eb5d9 --- /dev/null +++ b/registry/templates/job-bootstrap.yaml @@ -0,0 +1,64 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_bootstrap }} +{{- $envAll := . }} +{{- if .Values.bootstrap.enabled }} +{{- $dependencies := .Values.dependencies.bootstrap }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: docker-bootstrap +spec: + template: + metadata: + labels: +{{ tuple $envAll "docker" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: docker-bootstrap +{{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: LOCAL_REPO + value: "localhost:{{ tuple "docker_registry" "public" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}" + - name: PRELOAD_IMAGES + value: "{{ include "helm-toolkit.utils.joinListWithComma" .Values.bootstrap.preload_images }}" + command: + - /tmp/bootstrap.sh + volumeMounts: + - name: registry-bin + mountPath: /tmp/bootstrap.sh + subPath: bootstrap.sh + readOnly: true + - name: docker-socket + mountPath: /var/run/docker.sock + volumes: + - name: registry-bin + configMap: + name: registry-bin + defaultMode: 0555 + - name: docker-socket + hostPath: + path: /var/run/docker.sock +{{- end }} +{{- end }} diff --git a/registry/templates/pvc-images.yaml b/registry/templates/pvc-images.yaml new file mode 100644 index 000000000..375446ff6 --- /dev/null +++ b/registry/templates/pvc-images.yaml @@ -0,0 +1,30 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.pvc_images }} +{{- $envAll := . }} +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: docker-images +spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: {{ .Values.volume.size }} + storageClassName: {{ .Values.volume.class_name }} +{{- end }} diff --git a/registry/templates/service-registry.yaml b/registry/templates/service-registry.yaml new file mode 100644 index 000000000..b2bad736d --- /dev/null +++ b/registry/templates/service-registry.yaml @@ -0,0 +1,36 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_registry }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "docker_registry" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: d-reg + port: {{ tuple "docker_registry" "internal" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{ if .Values.network.registry.node_port.enabled }} + nodePort: {{ .Values.network.registry.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "docker" "registry" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.registry.node_port.enabled }} + type: NodePort + {{ end }} +{{- end }} diff --git a/registry/values.yaml b/registry/values.yaml new file mode 100644 index 000000000..ff7637710 --- /dev/null +++ b/registry/values.yaml @@ -0,0 +1,167 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for docker registry. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +labels: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +release_group: null + +images: + tags: + registry: docker.io/registry:2 + registry_proxy: gcr.io/google_containers/kube-registry-proxy:0.4 + bootstrap: docker.io/docker:17.07.0 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + pull_policy: "IfNotPresent" + registry: + prefix: null + +volume: + class_name: general + size: 2Gi + +network: + registry: + ingress: + public: false + node_port: + enabled: false + port: 5000 + +conf: + registry: + version: 0.1 + log: + fields: + service: registry + storage: + cache: + blobdescriptor: redis + filesystem: + rootdirectory: /var/lib/registry + http: + secret: not-so-secret-secret + headers: + X-Content-Type-Options: [nosniff] + health: + storagedriver: + enabled: true + interval: 10s + threshold: 3 + redis: + addr: null + +pod: + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + replicas: + registry: 1 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + resources: + enabled: false + registry: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + registry_proxy: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + jobs: + bootstrap: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +bootstrap: + enabled: true + script: + docker info + preload_images: + - gcr.io/google_containers/ubuntu-slim:0.14 + +dependencies: + registry: + services: + - service: redis + endpoint: internal + registry_proxy: + services: + - service: docker_registry + endpoint: internal + bootstrap: + daemonset: + - docker-registry-proxy + services: + - service: docker_registry + endpoint: internal + +endpoints: + cluster_domain_suffix: cluster.local + docker_registry: + name: docker-registry + hosts: + default: docker-registry + host_fqdn_override: + default: null + path: + default: null + scheme: + default: http + port: + registry: + default: 5000 + redis: + namespace: null + hosts: + default: redis + host_fqdn_override: + default: null + port: + redis: + default: 6379 + +manifests: + configmap_bin: true + daemonset_registry_proxy: true + deployment_registry: true + job_bootstrap: true + pvc_images: true + service_registry: true diff --git a/tiller/requirements.yaml b/tiller/requirements.yaml new file mode 100644 index 000000000..53782e69b --- /dev/null +++ b/tiller/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/tiller/templates/deployment-tiller.yaml b/tiller/templates/deployment-tiller.yaml index 6a7744e90..366751837 100644 --- a/tiller/templates/deployment-tiller.yaml +++ b/tiller/templates/deployment-tiller.yaml @@ -46,8 +46,7 @@ spec: value: {{ .Release.Namespace }} - name: TILLER_HISTORY_MAX value: "0" - image: gcr.io/kubernetes-helm/tiller:v2.7.0-rc1 - imagePullPolicy: IfNotPresent +{{ tuple $envAll "tiller" | include "helm-toolkit.snippets.image" | indent 8 }} livenessProbe: failureThreshold: 3 httpGet: diff --git a/tiller/values.yaml b/tiller/values.yaml new file mode 100644 index 000000000..c34aa330f --- /dev/null +++ b/tiller/values.yaml @@ -0,0 +1,31 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for helm tiller +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +labels: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +release_group: null + +images: + tags: + tiller: gcr.io/kubernetes-helm/tiller:v2.7.0-rc1 + pull_policy: "IfNotPresent" + registry: + prefix: null diff --git a/tools/gate/playbooks/build-helm-packages/tasks/setup-helm-serve.yaml b/tools/gate/playbooks/build-helm-packages/tasks/setup-helm-serve.yaml index 819c2b5dc..ff1a65ea6 100644 --- a/tools/gate/playbooks/build-helm-packages/tasks/setup-helm-serve.yaml +++ b/tools/gate/playbooks/build-helm-packages/tasks/setup-helm-serve.yaml @@ -33,14 +33,8 @@ shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository' register: helm_server_running ignore_errors: True - - name: launching local helm server via systemd - when: ( ansible_distribution == 'Fedora' ) and ( helm_server_running | failed ) - shell: | - export XDG_RUNTIME_DIR="/run/user/$UID" - export DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus" - systemd-run --user --unit helm-server helm serve - name: launching local helm server via shell - when: ( ansible_distribution != 'Fedora' ) and ( helm_server_running | failed ) + when: helm_server_running | failed shell: helm serve & - name: wait for helm server to be ready shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository' diff --git a/tools/gate/playbooks/clean-host/tasks/main.yaml b/tools/gate/playbooks/clean-host/tasks/main.yaml new file mode 100644 index 000000000..77eee4369 --- /dev/null +++ b/tools/gate/playbooks/clean-host/tasks/main.yaml @@ -0,0 +1,22 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: remove osh directory + become: yes + become_user: root + file: + path: "{{ item }}" + state: absent + with_items: + - /var/lib/openstack-helm diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml b/tools/gate/playbooks/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml new file mode 100644 index 000000000..e04a2e375 --- /dev/null +++ b/tools/gate/playbooks/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml @@ -0,0 +1,32 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This set of tasks creates over-rides that need to be generated dyamicly and +# injected at runtime. + +- name: Ensure docker python packages deployed + include_role: + name: deploy-package + tasks_from: pip + vars: + packages: + - yq + +- name: setup directorys on host + file: + path: "{{ work_dir }}/tools/gate/local-overrides/" + state: directory + +- name: generate overides for bootstrap-registry-registry release + shell: "./tools/image-repo-overides.sh > ./tools/gate/local-overrides/bootstrap-registry-registry.yaml" + args: + chdir: "{{ work_dir }}" diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml b/tools/gate/playbooks/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml new file mode 100644 index 000000000..d782546e3 --- /dev/null +++ b/tools/gate/playbooks/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml @@ -0,0 +1,55 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: installing OS-H dev tools + include_role: + name: deploy-package + tasks_from: dist + vars: + packages: + deb: + - git + - make + - curl + - ca-certificates + - jq + rpm: + - git + - make + - curl + - jq + +- block: + - name: removing jq binary on centos + become: true + become_user: root + when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' + file: + path: "{{ item }}" + state: absent + with_items: + - /usr/bin/jq + - name: installing jq 1.5 binary for centos + become: true + become_user: root + when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' + get_url: + url: https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64 + dest: /usr/bin/jq + mode: 0555 + +- name: assemble charts + make: + chdir: "{{ work_dir }}" + register: out + +- include: util-setup-dev-environment.yaml diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/main.yaml b/tools/gate/playbooks/deploy-helm-packages/tasks/main.yaml new file mode 100644 index 000000000..8a3098310 --- /dev/null +++ b/tools/gate/playbooks/deploy-helm-packages/tasks/main.yaml @@ -0,0 +1,24 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: helm-setup-dev-environment.yaml + +- include: generate-dynamic-over-rides.yaml + +- name: "iterating through Helm chart groups" + vars: + chart_group_name: "{{ helm_chart_group.name }}" + chart_group_items: "{{ helm_chart_group.charts }}" + include: util-chart-group.yaml + loop_control: + loop_var: helm_chart_group + with_items: "{{ chart_groups }}" diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/util-chart-group.yaml b/tools/gate/playbooks/deploy-helm-packages/tasks/util-chart-group.yaml new file mode 100644 index 000000000..a114ff370 --- /dev/null +++ b/tools/gate/playbooks/deploy-helm-packages/tasks/util-chart-group.yaml @@ -0,0 +1,29 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: "{{ helm_chart_group.name }}" + vars: + chart_def: "{{ charts[helm_chart] }}" + loop_control: + loop_var: helm_chart + include: util-common-helm-chart.yaml + with_items: "{{ helm_chart_group.charts }}" + +- name: "Running wait for pods for the charts in the {{ helm_chart_group.name }} group" + when: ('timeout' in helm_chart_group) + include: util-common-wait-for-pods.yaml + vars: + namespace: "{{ charts[helm_chart].namespace }}" + timeout: "{{ helm_chart_group.timeout }}" + loop_control: + loop_var: helm_chart + with_items: "{{ helm_chart_group.charts }}" diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/util-common-helm-chart.yaml b/tools/gate/playbooks/deploy-helm-packages/tasks/util-common-helm-chart.yaml new file mode 100644 index 000000000..e3f4865f9 --- /dev/null +++ b/tools/gate/playbooks/deploy-helm-packages/tasks/util-common-helm-chart.yaml @@ -0,0 +1,76 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Helm management common block + vars: + check_deployed_result: null + chart_values_file: null + upgrade: + pre: + delete: null + + block: + - name: "create temporary file for {{ chart_def['release'] }}'s values .yaml" + tempfile: + state: file + suffix: .yaml + register: chart_values_file + - name: "write out values.yaml for {{ chart_def['release'] }}" + copy: + dest: "{{ chart_values_file.path }}" + content: "{% if 'values' in chart_def %}{{ chart_def['values'] | to_nice_yaml }}{% else %}{% endif %}" + + - name: "check if {{ chart_def['release'] }} is deployed" + command: helm status "{{ chart_def['release'] }}" + register: check_deployed_result + ignore_errors: True + + - name: "check if local overrides are present in {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml" + stat: + path: "{{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml" + register: local_overrides + + - name: "try to deploy release {{ chart_def['release'] }} in {{ chart_def['namespace'] }} namespace with {{ chart_def['chart_name'] }} chart" + when: check_deployed_result | failed + command: "helm install {{ work_dir }}/{{ chart_def['chart_name'] }} --namespace {{ chart_def['namespace'] }} --name {{ chart_def['release'] }} --values={{ chart_values_file.path }}{% if local_overrides.stat.exists %} --values {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml{% endif %}" + register: out + - name: "display info for the helm {{ chart_def['release'] }} release deploy" + when: check_deployed_result | failed + debug: + var: out.stdout_lines + + - name: "pre-upgrade, delete jobs for {{ chart_def['release'] }} release" + when: (check_deployed_result | succeeded) and ( 'upgrade' in chart_def ) and ( 'pre' in chart_def['upgrade'] ) and ( 'delete' in chart_def['upgrade']['pre'] ) and (chart_def.upgrade.pre.delete is not none) + with_items: "{{ chart_def.upgrade.pre.delete }}" + loop_control: + loop_var: helm_upgrade_delete_job + command: "kubectl delete --namespace {{ chart_def['namespace'] }} job -l application={{ helm_upgrade_delete_job.labels.application }},component={{ helm_upgrade_delete_job.labels.component }} --ignore-not-found=true" + - name: "try to upgrade release {{ chart_def['release'] }} in {{ chart_def['namespace'] }} namespace with {{ chart_def['chart_name'] }} chart" + when: check_deployed_result | succeeded + command: "helm upgrade {{ chart_def['release'] }} {{ work_dir }}/{{ chart_def['chart_name'] }} --values={{ chart_values_file.path }}{% if local_overrides.stat.exists %} --values {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml{% endif %}" + register: out + - name: "display info for the helm {{ chart_def['release'] }} release upgrade" + when: check_deployed_result | succeeded + debug: + var: out.stdout_lines + + - include: util-common-wait-for-pods.yaml + when: ('timeout' in chart_def) + vars: + namespace: "{{ chart_def['namespace'] }}" + timeout: "{{ chart_def['timeout'] }}" + + always: + - name: "remove values.yaml for {{ chart_def['release'] }}" + file: + path: "{{ chart_values_file.path }}" + state: absent diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml b/tools/gate/playbooks/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml new file mode 100644 index 000000000..19d8785b1 --- /dev/null +++ b/tools/gate/playbooks/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml @@ -0,0 +1,50 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: wait for pods in namespace + vars: + namespace: null + timeout: 600 + wait_return_code: + rc: 1 + block: + - name: "wait for pods in {{ namespace }} namespace to be ready" + shell: |- + set -e + kubectl get pods --namespace="{{ namespace }}" -o json | jq -r \ + '.items[].status.phase' | grep Pending > /dev/null && \ + PENDING=True || PENDING=False + + query='.items[]|select(.status.phase=="Running")' + query="$query|.status.containerStatuses[].ready" + kubectl get pods --namespace="{{ namespace }}" -o json | jq -r "$query" | \ + grep false > /dev/null && READY="False" || READY="True" + + kubectl get jobs -o json --namespace="{{ namespace }}" | jq -r \ + '.items[] | .spec.completions == .status.succeeded' | \ + grep false > /dev/null && JOBR="False" || JOBR="True" + [ $PENDING == "False" -a $READY == "True" -a $JOBR == "True" ] && \ + exit 0 || exit 1 + args: + executable: /bin/bash + register: wait_return_code + until: wait_return_code.rc == 0 + retries: "{{ timeout }}" + delay: 1 + rescue: + - name: "pods failed to come up in time, getting kubernetes objects status" + command: kubectl get --all-namespaces all -o wide --show-all + register: out + - name: "pods failed to come up in time, displaying kubernetes objects status" + debug: var=out.stdout_lines + - name: "pods failed to come up in time, stopping execution" + command: exit 1 diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/util-setup-dev-environment.yaml b/tools/gate/playbooks/deploy-helm-packages/tasks/util-setup-dev-environment.yaml new file mode 100644 index 000000000..cee4c8108 --- /dev/null +++ b/tools/gate/playbooks/deploy-helm-packages/tasks/util-setup-dev-environment.yaml @@ -0,0 +1,31 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: disable rbac + block: + - name: rbac | moving manifests into place + template: + src: "{{ item }}.j2" + dest: "/tmp/{{ item }}" + mode: 0666 + with_items: + - clusterrolebinding.yaml + - name: rbac | creating objects + command: "kubectl replace -f /tmp/{{ item }}" + with_items: + - clusterrolebinding.yaml + - name: rbac | removing manifests + file: + path: "/tmp/{{ item }}" + state: absent + with_items: + - clusterrolebinding.yaml diff --git a/tools/gate/playbooks/deploy-helm-packages/templates/clusterrolebinding.yaml.j2 b/tools/gate/playbooks/deploy-helm-packages/templates/clusterrolebinding.yaml.j2 new file mode 100644 index 000000000..fb3e98427 --- /dev/null +++ b/tools/gate/playbooks/deploy-helm-packages/templates/clusterrolebinding.yaml.j2 @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cluster-admin +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:masters +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:authenticated +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:unauthenticated diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml b/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml index 91fb234e5..968faebaf 100644 --- a/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml +++ b/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml @@ -12,7 +12,16 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: master + +- name: setting node labels + vars: + kubeadm_kubelet_labels_node: + - "{% if nodes.labels.all is defined %}{% set comma = joiner(\",\") %}{% for item in nodes.labels.all %}{{ comma() }}{{ item.name }}={{ item.value }}{% endfor %}{% else %}\"\"{% endif %}" + - "{% set comma = joiner(\",\") %}{% for group in group_names %}{% if nodes.labels[group] is defined %}{% for item in nodes.labels[group] %}{{ comma() }}{{ item.name }}={{ item.value }}{% endfor %}{% else %}\"\"{% endif %}{% endfor %}" + set_fact: + kubeadm_kubelet_labels: "{% set comma = joiner(\",\") %}{% for item in kubeadm_kubelet_labels_node %}{{ comma() }}{{ item }}{% endfor %}" + +- name: deploy-kubelet vars: kubeadm_aio_action: deploy-kubelet include: util-kubeadm-aio-run.yaml diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml b/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml index 073a7ba57..75098e09c 100644 --- a/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml +++ b/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml @@ -15,6 +15,7 @@ - name: Run Kubeadm-AIO container vars: kubeadm_aio_action: null + kubeadm_kubelet_labels: "" block: - name: "perfoming {{ kubeadm_aio_action }} action" become: true @@ -48,6 +49,7 @@ KUBE_NET_POD_SUBNET=192.168.0.0/16 KUBE_NET_DNS_DOMAIN=cluster.local CONTAINER_RUNTIME=docker + KUBELET_NODE_LABELS="{{ kubeadm_kubelet_labels }}" register: kubeadm_master_deploy rescue: - name: "getting logs for {{ kubeadm_aio_action }} action" diff --git a/tools/gate/playbooks/pull-images/tasks/main.yaml b/tools/gate/playbooks/pull-images/tasks/main.yaml index 7271b8282..ec335009d 100644 --- a/tools/gate/playbooks/pull-images/tasks/main.yaml +++ b/tools/gate/playbooks/pull-images/tasks/main.yaml @@ -12,6 +12,14 @@ # See the License for the specific language governing permissions and # limitations under the License. +- name: Ensure docker python packages deployed + include_role: + name: deploy-package + tasks_from: pip + vars: + packages: + - yq + - name: pull all images used in repo make: chdir: "{{ work_dir }}" diff --git a/tools/gate/playbooks/vars.yaml b/tools/gate/playbooks/vars.yaml index 7962f639e..56090fb9a 100644 --- a/tools/gate/playbooks/vars.yaml +++ b/tools/gate/playbooks/vars.yaml @@ -24,3 +24,75 @@ kubernetes: default_device: null cluster: cni: calico + +nodes: + labels: + primary: + - name: openstack-helm-node-class + value: primary + nodes: + - name: openstack-helm-node-class + value: general + all: + - name: openstack-control-plane + value: enabled + - name: openstack-compute-node + value: enabled + - name: openvswitch + value: enabled + - name: ceph-mon + value: enabled + - name: ceph-osd + value: enabled + - name: ceph-mds + value: enabled + - name: ceph-rgw + value: enabled + +chart_groups: + - name: bootstrap_registry + timeout: 600 + charts: + - bootstrap_registry_nfs_provisioner + - bootstrap_registry_redis + - bootstrap_registry_registry + +charts: + bootstrap_registry_nfs_provisioner: + chart_name: nfs-provisioner + release: bootstrap-registry-nfs-provisioner + namespace: bootstrap-registry + upgrade: + pre: + delete: + - name: docker-bootstrap + type: job + labels: + application: docker + component: bootstrap + values: + labels: + node_selector_key: openstack-helm-node-class + node_selector_value: primary + storageclass: + name: openstack-helm-bootstrap + + bootstrap_registry_redis: + chart_name: redis + release: bootstrap-registry-redis + namespace: bootstrap-registry + values: + labels: + node_selector_key: openstack-helm-node-class + node_selector_value: primary + + bootstrap_registry_registry: + chart_name: registry + release: bootstrap-registry-registry + namespace: bootstrap-registry + values: + labels: + node_selector_key: openstack-helm-node-class + node_selector_value: primary + volume: + class_name: openstack-helm-bootstrap diff --git a/tools/gate/playbooks/zuul-run.yaml b/tools/gate/playbooks/zuul-run.yaml index 14c3b8220..46abb99a2 100644 --- a/tools/gate/playbooks/zuul-run.yaml +++ b/tools/gate/playbooks/zuul-run.yaml @@ -12,6 +12,16 @@ # See the License for the specific language governing permissions and # limitations under the License. +- hosts: all + vars_files: + - vars.yaml + vars: + work_dir: "{{ zuul.project.src_dir }}" + roles: + - clean-host + tags: + - clean-host + - hosts: primary vars_files: - vars.yaml @@ -31,3 +41,13 @@ - deploy-kubeadm-aio-node tags: - deploy-kubeadm-aio-node + +- hosts: primary + vars_files: + - vars.yaml + vars: + work_dir: "{{ zuul.project.src_dir }}" + roles: + - deploy-helm-packages + tags: + - deploy-helm-packages diff --git a/tools/image-repo-overides.sh b/tools/image-repo-overides.sh new file mode 100755 index 000000000..ea217d17e --- /dev/null +++ b/tools/image-repo-overides.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +KUBE_VERSION=v1.8.1 +KUBE_IMAGES="gcr.io/google_containers/hyperkube-amd64:${KUBE_VERSION} +gcr.io/google_containers/kube-apiserver-amd64:${KUBE_VERSION} +gcr.io/google_containers/kube-controller-manager-amd64:${KUBE_VERSION} +gcr.io/google_containers/kube-proxy-amd64:${KUBE_VERSION} +gcr.io/google_containers/kube-scheduler-amd64:${KUBE_VERSION} +gcr.io/google_containers/pause-amd64:3.0 +gcr.io/google_containers/etcd-amd64:3.0.17" + +CHART_IMAGES="" +for CHART_DIR in ./*/ ; do + if [ -e ${CHART_DIR}values.yaml ] && [ "${CHART_DIR}" != "./helm-toolkit/" ]; then + CHART_IMAGES+=" $(cat ${CHART_DIR}values.yaml | yq '.images.tags | map(.) | join(" ")' | tr -d '"' )" + fi +done +ALL_IMAGES="${KUBE_IMAGES} ${CHART_IMAGES}" + +jq -n -c -M \ +--arg devclass "$(echo ${ALL_IMAGES})" \ +'{"bootstrap": {"preload_images": ($devclass|split(" "))}}' | \ +python -c 'import sys, yaml, json; yaml.safe_dump(json.load(sys.stdin), sys.stdout, default_flow_style=False)' diff --git a/tools/images/kubeadm-aio/assets/entrypoint.sh b/tools/images/kubeadm-aio/assets/entrypoint.sh index 1edb2508e..3a60abdc0 100755 --- a/tools/images/kubeadm-aio/assets/entrypoint.sh +++ b/tools/images/kubeadm-aio/assets/entrypoint.sh @@ -52,6 +52,7 @@ fi : ${KUBE_API_BIND_ADDR:="${KUBE_BIND_ADDR}"} : ${KUBE_CERTS_DIR:="/etc/kubernetes/pki"} : ${KUBE_SELF_HOSTED:="false"} +: ${KUBELET_NODE_LABELS:=""} PLAYBOOK_VARS="{ \"my_container_name\": \"${CONTAINER_NAME}\", @@ -90,12 +91,18 @@ PLAYBOOK_VARS="{ set -x if [ "x${ACTION}" == "xdeploy-kubelet" ]; then + if [ "x${KUBE_BIND_ADDR}" != "x" ]; then PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".kubelet += {\"bind_addr\": \"${KUBE_BIND_ADDR}\"}") elif [ "x${KUBE_BIND_DEVICE}" != "x" ]; then PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".kubelet += {\"bind_device\": \"${KUBE_BIND_DEVICE}\"}") fi - ansible-playbook /opt/playbooks/kubeadm-aio-deploy-kubelet.yaml \ + + if [ "x${KUBELET_NODE_LABELS}" != "x" ]; then + PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".kubelet += {\"kubelet_labels\": \"${KUBELET_NODE_LABELS}\"}") + fi + + exec ansible-playbook /opt/playbooks/kubeadm-aio-deploy-kubelet.yaml \ --inventory=/opt/playbooks/inventory.ini \ --inventory=/opt/playbooks/vars.yaml \ --extra-vars="${PLAYBOOK_VARS}" @@ -105,12 +112,12 @@ elif [ "x${ACTION}" == "xdeploy-kube" ]; then elif [ "x${KUBE_API_BIND_DEVICE}" != "x" ]; then PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".k8s.api += {\"advertiseAddressDevice\": \"${KUBE_API_BIND_DEVICE}\"}") fi - ansible-playbook /opt/playbooks/kubeadm-aio-deploy-master.yaml \ + exec ansible-playbook /opt/playbooks/kubeadm-aio-deploy-master.yaml \ --inventory=/opt/playbooks/inventory.ini \ --inventory=/opt/playbooks/vars.yaml \ --extra-vars="${PLAYBOOK_VARS}" elif [ "x${ACTION}" == "xclean-host" ]; then - ansible-playbook /opt/playbooks/kubeadm-aio-clean.yaml \ + exec ansible-playbook /opt/playbooks/kubeadm-aio-clean.yaml \ --inventory=/opt/playbooks/inventory.ini \ --inventory=/opt/playbooks/vars.yaml \ --extra-vars="${PLAYBOOK_VARS}" diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2 b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2 index 6a557fbf8..f12679ea2 100644 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2 +++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2 @@ -6,6 +6,7 @@ Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain={{ k8s.n Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt" Environment="KUBELET_CADVISOR_ARGS=--cadvisor-port=0" Environment="KUBELET_CERTIFICATE_ARGS=--rotate-certificates=true --cert-dir=/var/lib/kubelet/pki" +Environment="KUBELET_NODE_LABELS=--node-labels {{ kubelet.kubelet_labels }}" #ExecStartPre=-+/sbin/restorecon -v /usr/bin/kubelet #SELinux ExecStart= -ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_EXTRA_ARGS +ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_NODE_LABELS $KUBELET_EXTRA_ARGS diff --git a/tools/pull-images.sh b/tools/pull-images.sh index 837333796..79b7daa4a 100755 --- a/tools/pull-images.sh +++ b/tools/pull-images.sh @@ -15,23 +15,9 @@ # limitations under the License. set -x -KUBE_VERSION=v1.8.1 -KUBE_IMAGES="gcr.io/google_containers/hyperkube-amd64:${KUBE_VERSION} -gcr.io/google_containers/kube-apiserver-amd64:${KUBE_VERSION} -gcr.io/google_containers/kube-controller-manager-amd64:${KUBE_VERSION} -gcr.io/google_containers/kube-proxy-amd64:${KUBE_VERSION} -gcr.io/google_containers/kube-scheduler-amd64:${KUBE_VERSION} -gcr.io/google_containers/pause-amd64:3.0 -gcr.io/google_containers/etcd-amd64:3.0.17" - -CHART_IMAGES="" -for CHART_DIR in ./*/ ; do - if [ -e ${CHART_DIR}values.yaml ]; then - CHART_IMAGES+=" $(cat ${CHART_DIR}values.yaml | yq '.images.tags | map(.) | join(" ")' | tr -d '"')" - fi -done -ALL_IMAGES="${KUBE_IMAGES} ${CHART_IMAGES}" - +ALL_IMAGES="$(./tools/image-repo-overides.sh | \ + python -c 'import sys, yaml, json; json.dump(yaml.safe_load(sys.stdin), sys.stdout)' | \ + jq '.bootstrap.preload_images |map(.) | join(" ")' | tr -d '"')" for IMAGE in ${ALL_IMAGES}; do - docker inspect $IMAGE >/dev/null|| docker pull $IMAGE + docker inspect $IMAGE > /dev/null || docker pull $IMAGE done