Chart Runner: Add NFS provisoner and Docker Registry

This PS adds the NFS provisioner and Docker Registry to the OSH-Infra Repo,
these are being used as initial candidates for moving as they are simple
charts and allow the chart runner logic to be developed in the gate
playbooks.

Change-Id: Ie80b8578aafd3fe7252d3dcb603ea6af7586776e

.gitignore

@@ -71,3 +71,5 @@ releasenotes/build
 
 # Gate and Check Logs
 logs/
+tools/gate/local-overrides/
+tools/gate/playbooks/*.retry

calico/templates/daemonset-calico-etcd.yaml

@@ -51,7 +51,7 @@ spec:
       hostNetwork: true
       containers:
         - name: calico-etcd
-          image: {{ .Values.images.tags.calico_etcd }}
+{{ tuple $envAll "calico_etcd" | include "helm-toolkit.snippets.image" | indent 10 }}
           env:
             - name: CALICO_ETCD_IP
               valueFrom:

calico/templates/daemonset-calico-node.yaml

@@ -57,7 +57,7 @@ spec:
         # container programs network policy and routes on each
         # host.
         - name: calico-node
-          image: {{ .Values.images.tags.calico_node }}
+{{ tuple $envAll "calico_node" | include "helm-toolkit.snippets.image" | indent 10 }}
           env:
             # The location of the Calico etcd cluster.
             - name: ETCD_ENDPOINTS

calico/templates/deployment-calico-policy-controller.yaml

@@ -55,7 +55,7 @@ spec:
       serviceAccountName: calico-policy-controller
       containers:
         - name: calico-policy-controller
-          image: {{ .Values.images.tags.calico_kube_policy_controller }}
+{{ tuple $envAll "calico_kube_policy_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
           env:
             # The location of the Calico etcd cluster.
             - name: ETCD_ENDPOINTS

calico/values.yaml

@@ -26,6 +26,9 @@ images:
     calico_node: quay.io/calico/node:v2.4.1
     calico_cni: quay.io/calico/cni:v1.10.0
     calico_kube_policy_controller: quay.io/calico/kube-policy-controller:v0.7.0
+  pull_policy: IfNotPresent
+  registry:
+    prefix: null
 
 networking:
   podSubnet: 192.168.0.0/16

flannel/templates/daemonset-kube-flannel-ds.yaml

@@ -42,7 +42,7 @@ spec:
       serviceAccountName: flannel
       containers:
         - name: kube-flannel
-          image: {{ .Values.images.tags.flannel }}
+{{ tuple $envAll "flannel" | include "helm-toolkit.snippets.image" | indent 10 }}
           command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr" ]
           securityContext:
             privileged: true

flannel/values.yaml

@@ -17,6 +17,9 @@
 images:
   tags:
     flannel: quay.io/coreos/flannel:v0.8.0-amd64
+  pull_policy: IfNotPresent
+  registry:
+    prefix: null
 
 networking:
   podSubnet: 192.168.0.0/16

helm-toolkit/templates/snippets/_image.tpl

@@ -0,0 +1,27 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- define "helm-toolkit.snippets.image" -}}
+{{- $envAll := index . 0 -}}
+{{- $image := index . 1 -}}
+{{- $imageTag := index $envAll.Values.images.tags $image -}}
+{{- if $envAll.Values.images.registry.prefix -}}
+image: {{ printf "%s/%s" $envAll.Values.images.registry.prefix $imageTag | quote }}
+{{- else -}}
+image: {{ $imageTag | quote }}
+{{- end }}
+imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
+{{- end -}}

kube-dns/templates/deployment-kube-dns.yaml

@@ -51,8 +51,7 @@ spec:
                       - amd64
       containers:
         - name: kubedns
-          image: {{ .Values.images.tags.kube_dns }}
+{{ tuple $envAll "kube_dns" | include "helm-toolkit.snippets.image" | indent 10 }}
-          imagePullPolicy: IfNotPresent
           args:
             - --domain={{ .Values.networking.dnsDomain }}.
             - --dns-port=10053
@@ -103,8 +102,7 @@ spec:
             - mountPath: /kube-dns-config
               name: kube-dns-config
         - name: dnsmasq
-          image: {{ .Values.images.tags.kube_dns_nanny }}
+{{ tuple $envAll "kube_dns_nanny" | include "helm-toolkit.snippets.image" | indent 10 }}
-          imagePullPolicy: IfNotPresent
           args:
             - -v=2
             - -logtostderr
@@ -144,8 +142,7 @@ spec:
             - mountPath: /etc/k8s/dns/dnsmasq-nanny
               name: kube-dns-config
         - name: sidecar
-          image: {{ .Values.images.tags.kube_dns_sidecar }}
+{{ tuple $envAll "kube_dns_sidecar" | include "helm-toolkit.snippets.image" | indent 10 }}
-          imagePullPolicy: IfNotPresent
           args:
             - --v=2
             - --logtostderr

kube-dns/values.yaml

@@ -19,6 +19,9 @@ images:
     kube_dns: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5
     kube_dns_nanny: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5
     kube_dns_sidecar: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5
+  pull_policy: IfNotPresent
+  registry:
+    prefix: null
 
 networking:
   dnsDomain: cluster.local

nfs-provisioner/Chart.yaml

@@ -0,0 +1,24 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: OpenStack-Helm NFS
+name: nfs-provisioner
+version: 0.1.0
+home: https://github.com/kubernetes-incubator/external-storage
+sources:
+  - https://github.com/kubernetes-incubator/external-storage
+  - https://git.openstack.org/cgit/openstack/openstack-helm
+maintainers:
+  - name: OpenStack-Helm Authors

nfs-provisioner/requirements.yaml

@@ -0,0 +1,19 @@
+
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: helm-toolkit
+    repository: http://localhost:8879/charts
+    version: 0.1.0

nfs-provisioner/templates/deployment.yaml

@@ -0,0 +1,77 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.deployment }}
+{{- $envAll := . }}
+---
+kind: Deployment
+apiVersion: apps/v1beta1
+metadata:
+  name: nfs-provisioner
+spec:
+  replicas: {{ .Values.pod.replicas.server }}
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+{{ tuple $envAll "nfs" "provisioner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+    spec:
+      affinity:
+{{ tuple $envAll "nfs" "provisioner" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+      nodeSelector:
+        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
+      containers:
+        - name: nfs-provisioner
+{{ tuple $envAll "nfs_provisioner" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+          securityContext:
+            capabilities:
+              add:
+                - DAC_READ_SEARCH
+                - SYS_RESOURCE
+          ports:
+            - name: nfs
+              containerPort: 2049
+            - name: mountd
+              containerPort: 20048
+            - name: rpcbind
+              containerPort: 111
+            - name: rpcbind-udp
+              containerPort: 111
+              protocol: UDP
+          env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: SERVICE_NAME
+              value: {{ tuple "nfs" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          args:
+            - "-provisioner={{ .Values.storageclass.provisioner }}"
+            - "-grace-period=10"
+          volumeMounts:
+            - name: export-volume
+              mountPath: /export
+      volumes:
+        - name: export-volume
+          hostPath:
+            path: {{ .Values.storage.host.host_path }}
+{{- end }}

nfs-provisioner/templates/service.yaml

@@ -0,0 +1,39 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.service }}
+{{- $envAll := . }}
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: {{ tuple "nfs" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
+  labels:
+{{ tuple $envAll "nfs" "provisioner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+spec:
+  ports:
+    - name: nfs
+      port: 2049
+    - name: mountd
+      port: 20048
+    - name: rpcbind
+      port: 111
+    - name: rpcbind-udp
+      port: 111
+      protocol: UDP
+  selector:
+{{ tuple $envAll "nfs" "provisioner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+{{- end }}

nfs-provisioner/templates/storage_class.yaml

@@ -0,0 +1,27 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.storage_class }}
+{{- $envAll := . }}
+---
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: {{ .Values.storageclass.name }}
+provisioner: {{ .Values.storageclass.provisioner }}
+parameters:
+  mountOptions: vers=4.1
+{{- end }}

nfs-provisioner/values.yaml

@@ -0,0 +1,74 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for NFS.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+pod:
+  affinity:
+    anti:
+      type:
+        default: preferredDuringSchedulingIgnoredDuringExecution
+      topologyKey:
+        default: kubernetes.io/hostname
+  replicas:
+    #only 1 replica currently supported
+    server: 1
+  resources:
+    enabled: false
+    server:
+      requests:
+        memory: "128Mi"
+        cpu: "100m"
+      limits:
+        memory: "1024Mi"
+        cpu: "2000m"
+
+images:
+  tags:
+    nfs_provisioner: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.8
+  pull_policy: IfNotPresent
+  registry:
+    prefix: null
+
+storage:
+  host:
+    host_path: /var/lib/openstack-helm/nfs
+
+labels:
+  node_selector_key: openstack-control-plane
+  node_selector_value: enabled
+
+storageclass:
+  provisioner: example.com/nfs
+  name: general
+
+endpoints:
+  cluster_domain_suffix: cluster.local
+  nfs:
+    hosts:
+      default: nfs-provisioner
+    host_fqdn_override:
+      default: null
+    path: null
+    scheme: null
+    port:
+      nfs:
+        default: null
+
+manifests:
+  deployment: true
+  service: true
+  storage_class: true

redis/Chart.yaml

@@ -0,0 +1,18 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: OpenStack-Helm Redis
+name: redis
+version: 0.1.0

redis/requirements.yaml

@@ -0,0 +1,18 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: helm-toolkit
+    repository: http://localhost:8879/charts
+    version: 0.1.0

redis/templates/deployment.yaml

@@ -0,0 +1,47 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- $envAll := . }}
+---
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+  name: redis
+spec:
+  replicas: {{ .Values.pod.replicas.server }}
+{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
+  template:
+    metadata:
+      labels:
+{{ tuple $envAll "redis" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+    spec:
+      affinity:
+{{ tuple $envAll "redis" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+      nodeSelector:
+        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
+      containers:
+        - name: redis
+{{ tuple $envAll "redis" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+          command: ["sh", "-xec"]
+          args:
+            - |
+              exec redis-server --port {{ .Values.network.port }}
+          ports:
+            - containerPort: {{ .Values.network.port }}
+          readinessProbe:
+            tcpSocket:
+              port: {{ .Values.network.port }}

redis/templates/service.yaml

@@ -0,0 +1,27 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+{{- $envAll := . }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis
+spec:
+  clusterIP: None
+  ports:
+    - port: {{ .Values.network.port }}
+  selector:
+{{ tuple $envAll "redis" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}

redis/values.yaml

@@ -0,0 +1,59 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for redis.
+# This is a YAML-formatted file.
+# Declare name/value pairs to be passed into your templates.
+# name: value
+
+images:
+  tags:
+    redis: docker.io/redis:4.0.1
+  pull_policy: "IfNotPresent"
+  registry:
+    prefix: null
+
+pod:
+  affinity:
+      anti:
+        type:
+          default: preferredDuringSchedulingIgnoredDuringExecution
+        topologyKey:
+          default: kubernetes.io/hostname
+  replicas:
+    server: 1
+  lifecycle:
+    upgrades:
+      deployments:
+        revision_history: 3
+        pod_replacement_strategy: RollingUpdate
+        rolling_update:
+          max_unavailable: 1
+          max_surge: 3
+  resources:
+    enabled: false
+    server:
+      limits:
+        memory: "128Mi"
+        cpu: "500m"
+      requests:
+        memory: "128Mi"
+        cpu: "500m"
+
+labels:
+  node_selector_key: openstack-control-plane
+  node_selector_value: enabled
+
+network:
+  port: 6379

registry/Chart.yaml

@@ -0,0 +1,22 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+description: OpenStack-Helm Docker Registry
+name: registry
+version: 0.1.0
+home: https://github.com/kubernetes/ingress
+sources:
+  - https://git.openstack.org/cgit/openstack/openstack-helm
+maintainers:
+  - name: OpenStack-Helm Authors

registry/requirements.yaml

@@ -0,0 +1,18 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: helm-toolkit
+    repository: http://localhost:8879/charts
+    version: 0.1.0

registry/templates/bin/_bootstrap.sh.tpl

@@ -0,0 +1,27 @@
+#!/bin/sh
+
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+{{ .Values.bootstrap.script | default "echo 'Not Enabled'" }}
+
+IFS=',' ; for IMAGE in ${PRELOAD_IMAGES}; do
+  docker pull ${IMAGE}
+  docker tag ${IMAGE} ${LOCAL_REPO}/${IMAGE}
+  docker push ${LOCAL_REPO}/${IMAGE}
+done

registry/templates/bin/_registry-proxy.sh.tpl

@@ -0,0 +1,21 @@
+#!/bin/sh
+
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+exec nginx -g "daemon off;"

registry/templates/bin/_registry.sh.tpl

@@ -0,0 +1,21 @@
+#!/bin/sh
+
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+exec registry serve /etc/docker/registry/config.yml

registry/templates/configmap-bin.yaml

@@ -0,0 +1,31 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.configmap_bin }}
+{{- $envAll := . }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: registry-bin
+data:
+  bootstrap.sh: |+
+{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  registry.sh: |+
+{{ tuple "bin/_registry.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  registry-proxy.sh: |+
+{{ tuple "bin/_registry-proxy.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- end }}

registry/templates/configmap-etc.yaml

@@ -0,0 +1,38 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.configmap_bin }}
+{{- $envAll := . }}
+
+{{- if empty .Values.conf.registry.http.addr -}}
+{{ cat "0.0.0.0" (tuple "docker_registry" "internal" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup") | replace " " ":" | set .Values.conf.registry.http "addr" | quote | trunc 0 -}}
+{{- end -}}
+
+{{- if empty .Values.conf.registry.redis.addr -}}
+{{ tuple "redis" "internal" "redis" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.registry.redis "addr" | quote | trunc 0 -}}
+{{- end -}}
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: registry-etc
+data:
+  config.yml: |+
+{{  toYaml .Values.conf.registry | indent 4 }}
+  default.conf: |+
+{{ tuple "etc/_default.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- end }}

registry/templates/daemonset-registry-proxy.yaml

@@ -0,0 +1,64 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.daemonset_registry_proxy }}
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.registry_proxy }}
+---
+apiVersion: extensions/v1beta1
+kind: DaemonSet
+metadata:
+  name: docker-registry-proxy
+spec:
+  template:
+    metadata:
+      labels:
+{{ tuple $envAll "docker" "registry-proxy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+      annotations:
+        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+    spec:
+      nodeSelector:
+        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
+      dnsPolicy: ClusterFirstWithHostNet
+      hostNetwork: true
+      initContainers:
+{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+      containers:
+      - name: registry-proxy
+{{ tuple $envAll "registry_proxy" | include "helm-toolkit.snippets.image" | indent 8 }}
+{{ tuple $envAll $envAll.Values.pod.resources.registry_proxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+        command:
+          - /tmp/registry-proxy.sh
+        volumeMounts:
+          - name: registry-bin
+            mountPath: /tmp/registry-proxy.sh
+            subPath: registry-proxy.sh
+            readOnly: true
+          - name: registry-etc
+            mountPath: /etc/nginx/conf.d/default.conf
+            subPath: default.conf
+            readOnly: true
+      volumes:
+        - name: registry-bin
+          configMap:
+            name: registry-bin
+            defaultMode: 0555
+        - name: registry-etc
+          configMap:
+            name: registry-etc
+            defaultMode: 0444
+{{- end }}

registry/templates/deployment-registry.yaml

@@ -0,0 +1,74 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.deployment_registry }}
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.registry }}
+---
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+  name: docker-registry
+spec:
+  replicas: {{ .Values.pod.replicas.registry }}
+{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
+  template:
+    metadata:
+      labels:
+{{ tuple $envAll "docker" "registry" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+      annotations:
+        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+    spec:
+      affinity:
+{{ tuple $envAll "docker" "registry" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+      nodeSelector:
+        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
+      initContainers:
+{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+      containers:
+        - name: registry
+{{ tuple $envAll "registry" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.registry | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+          ports:
+            - name: d-reg
+              containerPort: {{ tuple "docker_registry" "internal" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+          command:
+            - /tmp/registry.sh
+          volumeMounts:
+          - name: registry-bin
+            mountPath: /tmp/registry.sh
+            subPath: registry.sh
+            readOnly: true
+          - name: registry-etc
+            mountPath: /etc/docker/registry/config.yml
+            subPath: config.yml
+            readOnly: true
+          - name: docker-images
+            mountPath: {{ .Values.conf.registry.storage.filesystem.rootdirectory }}
+      volumes:
+        - name: registry-bin
+          configMap:
+            name: registry-bin
+            defaultMode: 0555
+        - name: registry-etc
+          configMap:
+            name: registry-etc
+            defaultMode: 0444
+        - name: docker-images
+          persistentVolumeClaim:
+            claimName: docker-images
+{{- end }}

registry/templates/etc/_default.conf.tpl

@@ -0,0 +1,28 @@
+# Docker registry proxy for api version 2
+
+upstream docker-registry {
+    server {{ tuple "docker_registry" "internal" "registry" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }};
+}
+
+# No client auth or TLS
+# TODO(bacongobbler): experiment with authenticating the registry if it's using TLS
+server {
+    listen {{ tuple "docker_registry" "public" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }};
+    server_name localhost;
+
+    # disable any limits to avoid HTTP 413 for large image uploads
+    client_max_body_size 0;
+
+    # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
+    chunked_transfer_encoding on;
+
+    location / {
+        # Do not allow connections from docker 1.5 and earlier
+        # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
+        if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
+            return 404;
+        }
+
+        include docker-registry.conf;
+    }
+}

registry/templates/job-bootstrap.yaml

@@ -0,0 +1,64 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.job_bootstrap }}
+{{- $envAll := . }}
+{{- if .Values.bootstrap.enabled }}
+{{- $dependencies := .Values.dependencies.bootstrap }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: docker-bootstrap
+spec:
+  template:
+    metadata:
+      labels:
+{{ tuple $envAll "docker" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+    spec:
+      restartPolicy: OnFailure
+      nodeSelector:
+        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
+      initContainers:
+{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container"  | indent 8 }}
+      containers:
+        - name: docker-bootstrap
+{{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+          env:
+            - name: LOCAL_REPO
+              value: "localhost:{{ tuple "docker_registry" "public" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
+            - name: PRELOAD_IMAGES
+              value: "{{  include "helm-toolkit.utils.joinListWithComma" .Values.bootstrap.preload_images }}"
+          command:
+            - /tmp/bootstrap.sh
+          volumeMounts:
+            - name: registry-bin
+              mountPath: /tmp/bootstrap.sh
+              subPath: bootstrap.sh
+              readOnly: true
+            - name: docker-socket
+              mountPath: /var/run/docker.sock
+      volumes:
+        - name: registry-bin
+          configMap:
+            name: registry-bin
+            defaultMode: 0555
+        - name: docker-socket
+          hostPath:
+            path: /var/run/docker.sock
+{{- end }}
+{{- end }}

registry/templates/pvc-images.yaml

@@ -0,0 +1,30 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.pvc_images }}
+{{- $envAll := . }}
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: docker-images
+spec:
+  accessModes: [ "ReadWriteOnce" ]
+  resources:
+    requests:
+      storage: {{ .Values.volume.size }}
+  storageClassName: {{ .Values.volume.class_name }}
+{{- end }}

registry/templates/service-registry.yaml

@@ -0,0 +1,36 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.service_registry }}
+{{- $envAll := . }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ tuple "docker_registry" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
+spec:
+  ports:
+    - name: d-reg
+      port: {{ tuple "docker_registry" "internal" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+    {{ if .Values.network.registry.node_port.enabled }}
+      nodePort: {{ .Values.network.registry.node_port.port }}
+    {{ end }}
+  selector:
+{{ tuple $envAll "docker" "registry" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+  {{ if .Values.network.registry.node_port.enabled }}
+  type: NodePort
+  {{ end }}
+{{- end }}

registry/values.yaml

@@ -0,0 +1,167 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for docker registry.
+# This is a YAML-formatted file.
+# Declare name/value pairs to be passed into your templates.
+# name: value
+
+labels:
+  node_selector_key: openstack-control-plane
+  node_selector_value: enabled
+
+release_group: null
+
+images:
+  tags:
+    registry: docker.io/registry:2
+    registry_proxy: gcr.io/google_containers/kube-registry-proxy:0.4
+    bootstrap: docker.io/docker:17.07.0
+    dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
+  pull_policy: "IfNotPresent"
+  registry:
+    prefix: null
+
+volume:
+  class_name: general
+  size: 2Gi
+
+network:
+  registry:
+    ingress:
+      public: false
+    node_port:
+      enabled: false
+      port: 5000
+
+conf:
+  registry:
+    version: 0.1
+    log:
+      fields:
+        service: registry
+    storage:
+      cache:
+        blobdescriptor: redis
+      filesystem:
+        rootdirectory: /var/lib/registry
+    http:
+      secret: not-so-secret-secret
+      headers:
+        X-Content-Type-Options: [nosniff]
+    health:
+      storagedriver:
+        enabled: true
+        interval: 10s
+        threshold: 3
+    redis:
+      addr: null
+
+pod:
+  affinity:
+      anti:
+        type:
+          default: preferredDuringSchedulingIgnoredDuringExecution
+        topologyKey:
+          default: kubernetes.io/hostname
+  replicas:
+    registry: 1
+  lifecycle:
+    upgrades:
+      deployments:
+        revision_history: 3
+        pod_replacement_strategy: RollingUpdate
+        rolling_update:
+          max_unavailable: 1
+          max_surge: 3
+  resources:
+    enabled: false
+    registry:
+      requests:
+        memory: "128Mi"
+        cpu: "100m"
+      limits:
+        memory: "1024Mi"
+        cpu: "2000m"
+    registry_proxy:
+      requests:
+        memory: "128Mi"
+        cpu: "100m"
+      limits:
+        memory: "1024Mi"
+        cpu: "2000m"
+    jobs:
+      bootstrap:
+        requests:
+          memory: "128Mi"
+          cpu: "100m"
+        limits:
+          memory: "1024Mi"
+          cpu: "2000m"
+
+bootstrap:
+  enabled: true
+  script:
+    docker info
+  preload_images:
+    - gcr.io/google_containers/ubuntu-slim:0.14
+
+dependencies:
+  registry:
+    services:
+    - service: redis
+      endpoint: internal
+  registry_proxy:
+    services:
+    - service: docker_registry
+      endpoint: internal
+  bootstrap:
+    daemonset:
+    - docker-registry-proxy
+    services:
+    - service: docker_registry
+      endpoint: internal
+
+endpoints:
+  cluster_domain_suffix: cluster.local
+  docker_registry:
+    name: docker-registry
+    hosts:
+      default: docker-registry
+    host_fqdn_override:
+      default: null
+    path:
+      default: null
+    scheme:
+      default: http
+    port:
+      registry:
+        default: 5000
+  redis:
+    namespace: null
+    hosts:
+      default: redis
+    host_fqdn_override:
+      default: null
+    port:
+      redis:
+        default: 6379
+
+manifests:
+  configmap_bin: true
+  daemonset_registry_proxy: true
+  deployment_registry: true
+  job_bootstrap: true
+  pvc_images: true
+  service_registry: true

tiller/requirements.yaml

@@ -0,0 +1,18 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: helm-toolkit
+    repository: http://localhost:8879/charts
+    version: 0.1.0

tiller/templates/deployment-tiller.yaml

@@ -46,8 +46,7 @@ spec:
           value: {{ .Release.Namespace }}
         - name: TILLER_HISTORY_MAX
           value: "0"
-        image: gcr.io/kubernetes-helm/tiller:v2.7.0-rc1
+{{ tuple $envAll "tiller" | include "helm-toolkit.snippets.image" | indent 8 }}
-        imagePullPolicy: IfNotPresent
         livenessProbe:
           failureThreshold: 3
           httpGet:

tiller/values.yaml

@@ -0,0 +1,31 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for helm tiller
+# This is a YAML-formatted file.
+# Declare name/value pairs to be passed into your templates.
+# name: value
+
+labels:
+  node_selector_key: openstack-control-plane
+  node_selector_value: enabled
+
+release_group: null
+
+images:
+  tags:
+    tiller: gcr.io/kubernetes-helm/tiller:v2.7.0-rc1
+  pull_policy: "IfNotPresent"
+  registry:
+    prefix: null

tools/gate/playbooks/build-helm-packages/tasks/setup-helm-serve.yaml

@@ -33,14 +33,8 @@
       shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository'
       register: helm_server_running
       ignore_errors: True
-    - name: launching local helm server via systemd
-      when: ( ansible_distribution == 'Fedora' ) and ( helm_server_running | failed )
-      shell: |
-              export XDG_RUNTIME_DIR="/run/user/$UID"
-              export DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus"
-              systemd-run --user --unit helm-server helm serve
     - name: launching local helm server via shell
-      when: ( ansible_distribution != 'Fedora' ) and ( helm_server_running | failed )
+      when: helm_server_running | failed
       shell: helm serve &
     - name: wait for helm server to be ready
       shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository'

tools/gate/playbooks/clean-host/tasks/main.yaml

@@ -0,0 +1,22 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: remove osh directory
+  become: yes
+  become_user: root
+  file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    - /var/lib/openstack-helm

tools/gate/playbooks/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml

@@ -0,0 +1,32 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This set of tasks creates over-rides that need to be generated dyamicly and
+# injected at runtime.
+
+- name: Ensure docker python packages deployed
+  include_role:
+    name: deploy-package
+    tasks_from: pip
+  vars:
+    packages:
+      - yq
+
+- name: setup directorys on host
+  file:
+    path: "{{ work_dir }}/tools/gate/local-overrides/"
+    state: directory
+
+- name: generate overides for bootstrap-registry-registry release
+  shell: "./tools/image-repo-overides.sh > ./tools/gate/local-overrides/bootstrap-registry-registry.yaml"
+  args:
+    chdir: "{{ work_dir }}"

tools/gate/playbooks/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml

@@ -0,0 +1,55 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: installing OS-H dev tools
+  include_role:
+    name: deploy-package
+    tasks_from: dist
+  vars:
+    packages:
+      deb:
+        - git
+        - make
+        - curl
+        - ca-certificates
+        - jq
+      rpm:
+        - git
+        - make
+        - curl
+        - jq
+
+- block:
+    - name: removing jq binary on centos
+      become: true
+      become_user: root
+      when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+      file:
+        path: "{{ item }}"
+        state: absent
+      with_items:
+        - /usr/bin/jq
+    - name: installing jq 1.5 binary for centos
+      become: true
+      become_user: root
+      when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+      get_url:
+        url: https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64
+        dest: /usr/bin/jq
+        mode: 0555
+
+- name: assemble charts
+  make:
+    chdir: "{{ work_dir }}"
+  register: out
+
+- include: util-setup-dev-environment.yaml

tools/gate/playbooks/deploy-helm-packages/tasks/main.yaml

@@ -0,0 +1,24 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- include: helm-setup-dev-environment.yaml
+
+- include: generate-dynamic-over-rides.yaml
+
+- name: "iterating through Helm chart groups"
+  vars:
+    chart_group_name: "{{ helm_chart_group.name }}"
+    chart_group_items: "{{ helm_chart_group.charts }}"
+  include: util-chart-group.yaml
+  loop_control:
+    loop_var: helm_chart_group
+  with_items: "{{ chart_groups }}"

tools/gate/playbooks/deploy-helm-packages/tasks/util-chart-group.yaml

@@ -0,0 +1,29 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: "{{ helm_chart_group.name }}"
+  vars:
+    chart_def: "{{ charts[helm_chart] }}"
+  loop_control:
+    loop_var: helm_chart
+  include: util-common-helm-chart.yaml
+  with_items: "{{ helm_chart_group.charts }}"
+
+- name: "Running wait for pods for the charts in the {{ helm_chart_group.name }} group"
+  when: ('timeout' in helm_chart_group)
+  include: util-common-wait-for-pods.yaml
+  vars:
+    namespace: "{{ charts[helm_chart].namespace }}"
+    timeout: "{{ helm_chart_group.timeout }}"
+  loop_control:
+    loop_var: helm_chart
+  with_items: "{{ helm_chart_group.charts }}"

tools/gate/playbooks/deploy-helm-packages/tasks/util-common-helm-chart.yaml

@@ -0,0 +1,76 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Helm management common block
+  vars:
+    check_deployed_result: null
+    chart_values_file: null
+    upgrade:
+      pre:
+        delete: null
+
+  block:
+    - name: "create temporary file for {{ chart_def['release'] }}'s values .yaml"
+      tempfile:
+        state: file
+        suffix: .yaml
+      register: chart_values_file
+    - name: "write out values.yaml for {{ chart_def['release'] }}"
+      copy:
+        dest: "{{ chart_values_file.path }}"
+        content: "{% if 'values' in chart_def %}{{ chart_def['values'] | to_nice_yaml }}{% else %}{% endif %}"
+
+    - name: "check if {{ chart_def['release'] }} is deployed"
+      command: helm status "{{ chart_def['release'] }}"
+      register: check_deployed_result
+      ignore_errors: True
+
+    - name: "check if local overrides are present in {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml"
+      stat:
+        path: "{{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml"
+      register: local_overrides
+
+    - name: "try to deploy release {{ chart_def['release'] }} in {{ chart_def['namespace'] }} namespace with {{ chart_def['chart_name'] }} chart"
+      when: check_deployed_result | failed
+      command: "helm install {{ work_dir }}/{{ chart_def['chart_name'] }} --namespace {{ chart_def['namespace'] }} --name {{ chart_def['release'] }} --values={{ chart_values_file.path }}{% if local_overrides.stat.exists %} --values {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml{% endif %}"
+      register: out
+    - name: "display info for the helm {{ chart_def['release'] }} release deploy"
+      when: check_deployed_result | failed
+      debug:
+        var: out.stdout_lines
+
+    - name: "pre-upgrade, delete jobs for {{ chart_def['release'] }} release"
+      when: (check_deployed_result | succeeded) and ( 'upgrade' in chart_def ) and ( 'pre' in chart_def['upgrade'] ) and ( 'delete' in chart_def['upgrade']['pre'] ) and (chart_def.upgrade.pre.delete is not none)
+      with_items: "{{ chart_def.upgrade.pre.delete }}"
+      loop_control:
+        loop_var: helm_upgrade_delete_job
+      command: "kubectl delete --namespace {{ chart_def['namespace'] }} job -l application={{ helm_upgrade_delete_job.labels.application }},component={{ helm_upgrade_delete_job.labels.component }} --ignore-not-found=true"
+    - name: "try to upgrade release {{ chart_def['release'] }} in {{ chart_def['namespace'] }} namespace with {{ chart_def['chart_name'] }} chart"
+      when: check_deployed_result | succeeded
+      command: "helm upgrade {{ chart_def['release'] }} {{ work_dir }}/{{ chart_def['chart_name'] }} --values={{ chart_values_file.path }}{% if local_overrides.stat.exists %} --values {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml{% endif %}"
+      register: out
+    - name: "display info for the helm {{ chart_def['release'] }} release upgrade"
+      when: check_deployed_result | succeeded
+      debug:
+        var: out.stdout_lines
+
+    - include: util-common-wait-for-pods.yaml
+      when: ('timeout' in chart_def)
+      vars:
+        namespace: "{{ chart_def['namespace'] }}"
+        timeout: "{{ chart_def['timeout'] }}"
+
+  always:
+    - name: "remove values.yaml for {{ chart_def['release'] }}"
+      file:
+        path: "{{ chart_values_file.path }}"
+        state: absent

tools/gate/playbooks/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml

@@ -0,0 +1,50 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: wait for pods in namespace
+  vars:
+    namespace: null
+    timeout: 600
+    wait_return_code:
+      rc: 1
+  block:
+    - name: "wait for pods in {{ namespace }} namespace to be ready"
+      shell: |-
+              set -e
+              kubectl get pods --namespace="{{ namespace }}" -o json | jq -r \
+                  '.items[].status.phase' | grep Pending > /dev/null && \
+                  PENDING=True || PENDING=False
+
+              query='.items[]|select(.status.phase=="Running")'
+              query="$query|.status.containerStatuses[].ready"
+              kubectl get pods --namespace="{{ namespace }}" -o json | jq -r "$query" | \
+                  grep false > /dev/null && READY="False" || READY="True"
+
+              kubectl get jobs -o json --namespace="{{ namespace }}" | jq -r \
+                  '.items[] | .spec.completions == .status.succeeded' | \
+                  grep false > /dev/null && JOBR="False" || JOBR="True"
+              [ $PENDING == "False" -a $READY == "True" -a $JOBR == "True" ] && \
+                  exit 0 || exit 1
+      args:
+        executable: /bin/bash
+      register: wait_return_code
+      until: wait_return_code.rc == 0
+      retries: "{{ timeout }}"
+      delay: 1
+  rescue:
+    - name: "pods failed to come up in time, getting kubernetes objects status"
+      command: kubectl get --all-namespaces  all -o wide --show-all
+      register: out
+    - name: "pods failed to come up in time, displaying kubernetes objects status"
+      debug: var=out.stdout_lines
+    - name: "pods failed to come up in time, stopping execution"
+      command: exit 1

tools/gate/playbooks/deploy-helm-packages/tasks/util-setup-dev-environment.yaml

@@ -0,0 +1,31 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: disable rbac
+  block:
+    - name: rbac | moving manifests into place
+      template:
+        src: "{{ item }}.j2"
+        dest: "/tmp/{{ item }}"
+        mode: 0666
+      with_items:
+        - clusterrolebinding.yaml
+    - name: rbac | creating objects
+      command: "kubectl replace -f /tmp/{{ item }}"
+      with_items:
+        - clusterrolebinding.yaml
+    - name: rbac | removing manifests
+      file:
+        path: "/tmp/{{ item }}"
+        state: absent
+      with_items:
+        - clusterrolebinding.yaml

tools/gate/playbooks/deploy-helm-packages/templates/clusterrolebinding.yaml.j2

@@ -0,0 +1,18 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cluster-admin
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: system:masters
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: system:authenticated
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: system:unauthenticated

tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml

@@ -12,7 +12,16 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-- name: master
+
+- name: setting node labels
+  vars:
+    kubeadm_kubelet_labels_node:
+      - "{% if nodes.labels.all is defined %}{% set comma = joiner(\",\") %}{% for item in nodes.labels.all %}{{ comma() }}{{ item.name }}={{ item.value }}{% endfor %}{% else %}\"\"{% endif %}"
+      - "{% set comma = joiner(\",\") %}{% for group in group_names %}{% if nodes.labels[group] is defined %}{% for item in nodes.labels[group] %}{{ comma() }}{{ item.name }}={{ item.value }}{% endfor %}{% else %}\"\"{% endif %}{% endfor %}"
+  set_fact:
+    kubeadm_kubelet_labels: "{% set comma = joiner(\",\") %}{% for item in kubeadm_kubelet_labels_node %}{{ comma() }}{{ item }}{% endfor %}"
+
+- name: deploy-kubelet
   vars:
     kubeadm_aio_action: deploy-kubelet
   include: util-kubeadm-aio-run.yaml

tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml

@@ -15,6 +15,7 @@
 - name: Run Kubeadm-AIO container
   vars:
     kubeadm_aio_action: null
+    kubeadm_kubelet_labels: ""
   block:
     - name: "perfoming {{ kubeadm_aio_action }} action"
       become: true
@@ -48,6 +49,7 @@
           KUBE_NET_POD_SUBNET=192.168.0.0/16
           KUBE_NET_DNS_DOMAIN=cluster.local
           CONTAINER_RUNTIME=docker
+          KUBELET_NODE_LABELS="{{ kubeadm_kubelet_labels }}"
       register: kubeadm_master_deploy
   rescue:
     - name: "getting logs for {{ kubeadm_aio_action }} action"

tools/gate/playbooks/pull-images/tasks/main.yaml

@@ -12,6 +12,14 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: Ensure docker python packages deployed
+  include_role:
+    name: deploy-package
+    tasks_from: pip
+  vars:
+    packages:
+      - yq
+
 - name: pull all images used in repo
   make:
     chdir: "{{ work_dir }}"

tools/gate/playbooks/vars.yaml

@@ -24,3 +24,75 @@ kubernetes:
     default_device: null
   cluster:
     cni: calico
+
+nodes:
+  labels:
+    primary:
+      - name: openstack-helm-node-class
+        value: primary
+    nodes:
+      - name: openstack-helm-node-class
+        value: general
+    all:
+      - name: openstack-control-plane
+        value: enabled
+      - name: openstack-compute-node
+        value: enabled
+      - name: openvswitch
+        value: enabled
+      - name: ceph-mon
+        value: enabled
+      - name: ceph-osd
+        value: enabled
+      - name: ceph-mds
+        value: enabled
+      - name: ceph-rgw
+        value: enabled
+
+chart_groups:
+  - name: bootstrap_registry
+    timeout: 600
+    charts:
+      - bootstrap_registry_nfs_provisioner
+      - bootstrap_registry_redis
+      - bootstrap_registry_registry
+
+charts:
+  bootstrap_registry_nfs_provisioner:
+    chart_name: nfs-provisioner
+    release: bootstrap-registry-nfs-provisioner
+    namespace: bootstrap-registry
+    upgrade:
+      pre:
+        delete:
+          - name: docker-bootstrap
+            type: job
+            labels:
+              application: docker
+              component: bootstrap
+    values:
+      labels:
+        node_selector_key: openstack-helm-node-class
+        node_selector_value: primary
+      storageclass:
+        name: openstack-helm-bootstrap
+
+  bootstrap_registry_redis:
+    chart_name: redis
+    release: bootstrap-registry-redis
+    namespace: bootstrap-registry
+    values:
+      labels:
+        node_selector_key: openstack-helm-node-class
+        node_selector_value: primary
+
+  bootstrap_registry_registry:
+    chart_name: registry
+    release: bootstrap-registry-registry
+    namespace: bootstrap-registry
+    values:
+      labels:
+        node_selector_key: openstack-helm-node-class
+        node_selector_value: primary
+      volume:
+        class_name: openstack-helm-bootstrap

tools/gate/playbooks/zuul-run.yaml

@@ -12,6 +12,16 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- hosts: all
+  vars_files:
+    - vars.yaml
+  vars:
+    work_dir: "{{ zuul.project.src_dir }}"
+  roles:
+    - clean-host
+  tags:
+    - clean-host
+
 - hosts: primary
   vars_files:
     - vars.yaml
@@ -31,3 +41,13 @@
     - deploy-kubeadm-aio-node
   tags:
     - deploy-kubeadm-aio-node
+
+- hosts: primary
+  vars_files:
+    - vars.yaml
+  vars:
+    work_dir: "{{ zuul.project.src_dir }}"
+  roles:
+    - deploy-helm-packages
+  tags:
+    - deploy-helm-packages

tools/image-repo-overides.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+KUBE_VERSION=v1.8.1
+KUBE_IMAGES="gcr.io/google_containers/hyperkube-amd64:${KUBE_VERSION}
+gcr.io/google_containers/kube-apiserver-amd64:${KUBE_VERSION}
+gcr.io/google_containers/kube-controller-manager-amd64:${KUBE_VERSION}
+gcr.io/google_containers/kube-proxy-amd64:${KUBE_VERSION}
+gcr.io/google_containers/kube-scheduler-amd64:${KUBE_VERSION}
+gcr.io/google_containers/pause-amd64:3.0
+gcr.io/google_containers/etcd-amd64:3.0.17"
+
+CHART_IMAGES=""
+for CHART_DIR in ./*/ ; do
+  if [ -e ${CHART_DIR}values.yaml ] && [ "${CHART_DIR}" != "./helm-toolkit/" ]; then
+    CHART_IMAGES+=" $(cat ${CHART_DIR}values.yaml | yq '.images.tags | map(.) | join(" ")' | tr -d '"' )"
+  fi
+done
+ALL_IMAGES="${KUBE_IMAGES} ${CHART_IMAGES}"
+
+jq -n -c -M \
+--arg devclass "$(echo ${ALL_IMAGES})" \
+'{"bootstrap": {"preload_images": ($devclass|split(" "))}}' | \
+python -c 'import sys, yaml, json; yaml.safe_dump(json.load(sys.stdin), sys.stdout, default_flow_style=False)'

tools/images/kubeadm-aio/assets/entrypoint.sh

@@ -52,6 +52,7 @@ fi
 : ${KUBE_API_BIND_ADDR:="${KUBE_BIND_ADDR}"}
 : ${KUBE_CERTS_DIR:="/etc/kubernetes/pki"}
 : ${KUBE_SELF_HOSTED:="false"}
+: ${KUBELET_NODE_LABELS:=""}
 
 PLAYBOOK_VARS="{
   \"my_container_name\": \"${CONTAINER_NAME}\",
@@ -90,12 +91,18 @@ PLAYBOOK_VARS="{
 
 set -x
 if [ "x${ACTION}" == "xdeploy-kubelet" ]; then
+
   if [ "x${KUBE_BIND_ADDR}" != "x" ]; then
     PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".kubelet += {\"bind_addr\": \"${KUBE_BIND_ADDR}\"}")
   elif [ "x${KUBE_BIND_DEVICE}" != "x" ]; then
     PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".kubelet += {\"bind_device\": \"${KUBE_BIND_DEVICE}\"}")
   fi
-  ansible-playbook /opt/playbooks/kubeadm-aio-deploy-kubelet.yaml \
+
+  if [ "x${KUBELET_NODE_LABELS}" != "x" ]; then
+    PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".kubelet += {\"kubelet_labels\": \"${KUBELET_NODE_LABELS}\"}")
+  fi
+
+  exec ansible-playbook /opt/playbooks/kubeadm-aio-deploy-kubelet.yaml \
     --inventory=/opt/playbooks/inventory.ini \
     --inventory=/opt/playbooks/vars.yaml \
     --extra-vars="${PLAYBOOK_VARS}"
@@ -105,12 +112,12 @@ elif [ "x${ACTION}" == "xdeploy-kube" ]; then
   elif [ "x${KUBE_API_BIND_DEVICE}" != "x" ]; then
     PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".k8s.api += {\"advertiseAddressDevice\": \"${KUBE_API_BIND_DEVICE}\"}")
   fi
-  ansible-playbook /opt/playbooks/kubeadm-aio-deploy-master.yaml \
+  exec ansible-playbook /opt/playbooks/kubeadm-aio-deploy-master.yaml \
     --inventory=/opt/playbooks/inventory.ini \
     --inventory=/opt/playbooks/vars.yaml \
     --extra-vars="${PLAYBOOK_VARS}"
 elif [ "x${ACTION}" == "xclean-host" ]; then
-  ansible-playbook /opt/playbooks/kubeadm-aio-clean.yaml \
+  exec ansible-playbook /opt/playbooks/kubeadm-aio-clean.yaml \
     --inventory=/opt/playbooks/inventory.ini \
     --inventory=/opt/playbooks/vars.yaml \
     --extra-vars="${PLAYBOOK_VARS}"

tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2

@@ -6,6 +6,7 @@ Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain={{ k8s.n
 Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt"
 Environment="KUBELET_CADVISOR_ARGS=--cadvisor-port=0"
 Environment="KUBELET_CERTIFICATE_ARGS=--rotate-certificates=true --cert-dir=/var/lib/kubelet/pki"
+Environment="KUBELET_NODE_LABELS=--node-labels {{ kubelet.kubelet_labels }}"
 #ExecStartPre=-+/sbin/restorecon -v /usr/bin/kubelet #SELinux
 ExecStart=
-ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_EXTRA_ARGS
+ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_NODE_LABELS $KUBELET_EXTRA_ARGS

tools/pull-images.sh

@@ -15,23 +15,9 @@
 # limitations under the License.
 
 set -x
-KUBE_VERSION=v1.8.1
+ALL_IMAGES="$(./tools/image-repo-overides.sh | \
-KUBE_IMAGES="gcr.io/google_containers/hyperkube-amd64:${KUBE_VERSION}
+  python -c 'import sys, yaml, json; json.dump(yaml.safe_load(sys.stdin), sys.stdout)' | \
-gcr.io/google_containers/kube-apiserver-amd64:${KUBE_VERSION}
+  jq '.bootstrap.preload_images |map(.) | join(" ")' | tr -d '"')"
-gcr.io/google_containers/kube-controller-manager-amd64:${KUBE_VERSION}
-gcr.io/google_containers/kube-proxy-amd64:${KUBE_VERSION}
-gcr.io/google_containers/kube-scheduler-amd64:${KUBE_VERSION}
-gcr.io/google_containers/pause-amd64:3.0
-gcr.io/google_containers/etcd-amd64:3.0.17"
-
-CHART_IMAGES=""
-for CHART_DIR in ./*/ ; do
-  if [ -e ${CHART_DIR}values.yaml ]; then
-    CHART_IMAGES+=" $(cat ${CHART_DIR}values.yaml | yq '.images.tags | map(.) | join(" ")' | tr -d '"')"
-  fi
-done
-ALL_IMAGES="${KUBE_IMAGES} ${CHART_IMAGES}"
-
 for IMAGE in ${ALL_IMAGES}; do
-  docker inspect $IMAGE >/dev/null|| docker pull $IMAGE
+  docker inspect $IMAGE > /dev/null || docker pull $IMAGE
 done