diff --git a/panko/Chart.yaml b/panko/Chart.yaml new file mode 100644 index 0000000000..c5d6f9c601 --- /dev/null +++ b/panko/Chart.yaml @@ -0,0 +1,24 @@ +# Copyright 2019 Wind River Systems, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Openstack-Helm Panko +name: panko +version: 0.1.0 +home: https://docs.openstack.org/panko/latest/ +sources: + - https://git.openstack.org/cgit/openstack/panko + - https://git.openstack.org/cgit/openstack/openstack-helm +maintainers: + - name: OpenStack-Helm Authors diff --git a/panko/requirements.yaml b/panko/requirements.yaml new file mode 100644 index 0000000000..780e525c43 --- /dev/null +++ b/panko/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2019 Wind River Systems, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/panko/templates/bin/_bootstrap.sh.tpl b/panko/templates/bin/_bootstrap.sh.tpl new file mode 100644 index 0000000000..6deaab5bfe --- /dev/null +++ b/panko/templates/bin/_bootstrap.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +{{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} diff --git a/panko/templates/bin/_db-sync.sh.tpl b/panko/templates/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..9f360586ee --- /dev/null +++ b/panko/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +exec panko-dbsync diff --git a/panko/templates/bin/_panko-api.sh.tpl b/panko/templates/bin/_panko-api.sh.tpl new file mode 100644 index 0000000000..39488edb6e --- /dev/null +++ b/panko/templates/bin/_panko-api.sh.tpl @@ -0,0 +1,43 @@ +#!/bin/bash + +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +COMMAND="${@:-start}" + +function start () { + + cp -a $(type -p panko-api) /var/www/cgi-bin/panko/ + + if [ -f /etc/apache2/envvars ]; then + # Loading Apache2 ENV variables + source /etc/apache2/envvars + fi + + # Get rid of stale pid file if present. + rm -f /var/run/apache2/*.pid + + # Start Apache2 + exec apache2 -DFOREGROUND +} + +function stop () { + apachectl -k graceful-stop +} + +$COMMAND diff --git a/panko/templates/bin/_panko-events-cleaner.sh.tpl b/panko/templates/bin/_panko-events-cleaner.sh.tpl new file mode 100644 index 0000000000..ad59ddd567 --- /dev/null +++ b/panko/templates/bin/_panko-events-cleaner.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +exec panko-expirer diff --git a/panko/templates/configmap-bin.yaml b/panko/templates/configmap-bin.yaml new file mode 100644 index 0000000000..b12d5240c8 --- /dev/null +++ b/panko/templates/configmap-bin.yaml @@ -0,0 +1,52 @@ +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +{{- $rallyTests := .Values.conf.rally_tests }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: panko-bin +data: +{{- if .Values.images.local_registry.active }} + image-repo-sync.sh: | +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} +{{- if .Values.bootstrap.enabled }} + bootstrap.sh: | +{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} + rally-test.sh: | +{{ tuple $rallyTests | include "helm-toolkit.scripts.rally_test" | indent 4 }} + db-init.py: | +{{- include "helm-toolkit.scripts.db_init" . | indent 4 }} + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + db-drop.py: | +{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }} + panko-api.sh: | +{{ tuple "bin/_panko-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + panko-events-cleaner.sh: | +{{ tuple "bin/_panko-events-cleaner.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + ks-service.sh: | +{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }} + ks-endpoints.sh: | +{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }} + ks-user.sh: | +{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} +{{- end }} diff --git a/panko/templates/configmap-etc.yaml b/panko/templates/configmap-etc.yaml new file mode 100644 index 0000000000..41f6980e31 --- /dev/null +++ b/panko/templates/configmap-etc.yaml @@ -0,0 +1,89 @@ +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_etc }} +{{- $envAll := . }} + +{{- if empty .Values.conf.panko.keystone_authtoken.auth_uri -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.panko.keystone_authtoken "auth_uri" -}} +{{- end -}} + +{{- if empty .Values.conf.panko.keystone_authtoken.auth_url -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.panko.keystone_authtoken "auth_url" -}} +{{- end -}} + +{{- if empty .Values.conf.panko.keystone_authtoken.region_name -}} +{{- $_ := set .Values.conf.panko.keystone_authtoken "region_name" .Values.endpoints.identity.auth.panko.region_name -}} +{{- end -}} + +{{- if empty .Values.conf.panko.keystone_authtoken.project_name -}} +{{- $_ := set .Values.conf.panko.keystone_authtoken "project_name" .Values.endpoints.identity.auth.panko.project_name -}} +{{- end -}} + +{{- if empty .Values.conf.panko.keystone_authtoken.project_domain_name -}} +{{- $_ := set .Values.conf.panko.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.panko.project_domain_name -}} +{{- end -}} + +{{- if empty .Values.conf.panko.keystone_authtoken.user_domain_name -}} +{{- $_ := set .Values.conf.panko.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.panko.user_domain_name -}} +{{- end -}} + +{{- if empty .Values.conf.panko.keystone_authtoken.username -}} +{{- $_ := set .Values.conf.panko.keystone_authtoken "username" .Values.endpoints.identity.auth.panko.username -}} +{{- end -}} + +{{- if empty .Values.conf.panko.keystone_authtoken.password -}} +{{- $_ := set .Values.conf.panko.keystone_authtoken "password" .Values.endpoints.identity.auth.panko.password -}} +{{- end -}} + +{{- if empty .Values.conf.panko.keystone_authtoken.memcached_servers -}} +{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.panko.keystone_authtoken "memcached_servers" -}} +{{- end -}} + +{{- if empty .Values.conf.panko.keystone_authtoken.memcache_secret_key -}} +{{- $_ := set .Values.conf.panko.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}} +{{- end -}} + +{{- if empty .Values.conf.panko.database.connection -}} +{{- $_ := tuple "oslo_db" "internal" "panko" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.panko.database "connection" -}} +{{- end -}} + +{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}} +{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} +{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .Release.Name $fluentd_host $fluentd_port }} +{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}} +{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}} +{{- end -}} + +{{- if and (empty .Values.conf.logging.formatter_fluent) (has "fluent" .Values.conf.logging.formatters.keys) -}} +{{- $formatter_fluent := dict "class" "oslo_log.formatters.FluentFormatter" -}} +{{- $_ := set .Values.conf.logging "formatter_fluent" $formatter_fluent -}} +{{- end -}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: panko-etc +type: Opaque +data: + rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }} + panko.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.panko | b64enc }} + logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} + api_paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} + policy.json: {{ toJson .Values.conf.policy | b64enc }} +{{ include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_panko "key" "wsgi-panko.conf" "format" "Secret" ) | indent 2 }} +{{- end }} diff --git a/panko/templates/cron-job-events-cleaner.yaml b/panko/templates/cron-job-events-cleaner.yaml new file mode 100644 index 0000000000..8c07ea723a --- /dev/null +++ b/panko/templates/cron-job-events-cleaner.yaml @@ -0,0 +1,84 @@ +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.cron_job_events_cleaner }} +{{- $envAll := . }} + +{{- $mounts_panko_events_cleaner := .Values.pod.mounts.panko_events_cleaner.panko_events_cleaner }} +{{- $mounts_panko_events_cleaner_init := .Values.pod.mounts.panko_events_cleaner.init_container }} + +{{- $serviceAccountName := "panko-events-cleaner" }} +{{ tuple $envAll "events_cleaner" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: panko-events-cleaner + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +spec: + schedule: {{ .Values.jobs.events_cleaner.cron | quote }} + successfulJobsHistoryLimit: {{ .Values.jobs.events_cleaner.history.success }} + failedJobsHistoryLimit: {{ .Values.jobs.events_cleaner.history.failed }} + concurrencyPolicy: Forbid + jobTemplate: + metadata: + labels: +{{ tuple $envAll "panko" "events-cleaner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + template: + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + initContainers: +{{ tuple $envAll "events_cleaner" $mounts_panko_events_cleaner_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }} + containers: + - name: panko-events-cleaner +{{ tuple $envAll "panko_events_cleaner" | include "helm-toolkit.snippets.image" | indent 14 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.events_cleaner | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }} + command: + - /tmp/panko-events-cleaner.sh + volumeMounts: + - name: panko-bin + mountPath: /tmp/panko-events-cleaner.sh + subPath: panko-events-cleaner.sh + readOnly: true + - name: etcpanko + mountPath: /etc/panko + - name: panko-etc + mountPath: /etc/panko/panko.conf + subPath: panko.conf + readOnly: true + - name: panko-etc + mountPath: {{ .Values.conf.panko.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.panko.DEFAULT.log_config_append }} + readOnly: true +{{ if $mounts_panko_events_cleaner.volumeMounts }}{{ toYaml $mounts_panko_events_cleaner.volumeMounts | indent 14 }}{{ end }} + volumes: + - name: etcpanko + emptyDir: {} + - name: panko-etc + secret: + secretName: panko-etc + defaultMode: 0444 + - name: panko-bin + configMap: + name: panko-bin + defaultMode: 0555 +{{ if $mounts_panko_events_cleaner.volumes }}{{ toYaml $mounts_panko_events_cleaner.volumes | indent 10 }}{{ end }} +{{- end }} diff --git a/panko/templates/deployment-api.yaml b/panko/templates/deployment-api.yaml new file mode 100644 index 0000000000..3efa5a0fc8 --- /dev/null +++ b/panko/templates/deployment-api.yaml @@ -0,0 +1,122 @@ +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_api }} +{{- $envAll := . }} + +{{- $mounts_panko_api := .Values.pod.mounts.panko_api.panko_api }} +{{- $mounts_panko_api_init := .Values.pod.mounts.panko_api.init_container }} + +{{- $serviceAccountName := "panko-api" }} +{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: panko-api + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "panko" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.api }} + selector: + matchLabels: +{{ tuple $envAll "panko" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "panko" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccountName: {{ $serviceAccountName }} +{{ dict "envAll" $envAll "application" "panko" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: +{{ tuple $envAll "panko" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }} + initContainers: +{{ tuple $envAll "api" $mounts_panko_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: panko-api +{{ tuple $envAll "panko_api" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "panko" "container" "panko_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/panko-api.sh + - start + lifecycle: + preStop: + exec: + command: + - /tmp/panko-api.sh + - stop + ports: + - name: p-api + containerPort: {{ tuple "event" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + readinessProbe: + tcpSocket: + port: {{ tuple "event" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + volumeMounts: + - name: wsgi-panko + mountPath: /var/www/cgi-bin/panko + - name: etcpanko + mountPath: /etc/panko + - name: panko-etc + mountPath: /etc/panko/panko.conf + subPath: panko.conf + readOnly: true + - name: panko-etc + mountPath: {{ .Values.conf.panko.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.panko.DEFAULT.log_config_append }} + readOnly: true + - name: panko-etc + mountPath: /etc/panko/api_paste.ini + subPath: api_paste.ini + readOnly: true + - name: panko-etc + mountPath: /etc/panko/policy.json + subPath: policy.json + readOnly: true + - name: panko-etc + mountPath: /etc/apache2/conf-enabled/wsgi-panko.conf + subPath: wsgi-panko.conf + readOnly: true + - name: panko-bin + mountPath: /tmp/panko-api.sh + subPath: panko-api.sh + readOnly: true +{{ if $mounts_panko_api.volumeMounts }}{{ toYaml $mounts_panko_api.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: wsgi-panko + emptyDir: {} + - name: etcpanko + emptyDir: {} + - name: panko-etc + secret: + secretName: panko-etc + defaultMode: 0444 + - name: panko-bin + configMap: + name: panko-bin + defaultMode: 0555 +{{ if $mounts_panko_api.volumes }}{{ toYaml $mounts_panko_api.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/panko/templates/ingress-api.yaml b/panko/templates/ingress-api.yaml new file mode 100644 index 0000000000..e1ffc8ceac --- /dev/null +++ b/panko/templates/ingress-api.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendServiceType" "event" "backendPort" "p-api" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} diff --git a/panko/templates/job-bootstrap.yaml b/panko/templates/job-bootstrap.yaml new file mode 100644 index 0000000000..abe1565da6 --- /dev/null +++ b/panko/templates/job-bootstrap.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }} +{{- $bootstrapJob := dict "envAll" . "serviceName" "panko" "keystoneUser" .Values.bootstrap.ks_user -}} +{{ $bootstrapJob | include "helm-toolkit.manifests.job_bootstrap" }} +{{- end }} diff --git a/panko/templates/job-db-drop.yaml b/panko/templates/job-db-drop.yaml new file mode 100644 index 0000000000..e434704102 --- /dev/null +++ b/panko/templates/job-db-drop.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_drop }} +{{- $dbDropJob := dict "envAll" . "serviceName" "panko" -}} +{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} +{{- end }} diff --git a/panko/templates/job-db-init.yaml b/panko/templates/job-db-init.yaml new file mode 100644 index 0000000000..8365759f55 --- /dev/null +++ b/panko/templates/job-db-init.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_init }} +{{- $dbInitJob := dict "envAll" . "serviceName" "panko" -}} +{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} +{{- end }} diff --git a/panko/templates/job-db-sync.yaml b/panko/templates/job-db-sync.yaml new file mode 100644 index 0000000000..0a22cc0cc3 --- /dev/null +++ b/panko/templates/job-db-sync.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_sync }} +{{- $dbSyncJob := dict "envAll" . "serviceName" "panko" -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} +{{- end }} diff --git a/panko/templates/job-image-repo-sync.yaml b/panko/templates/job-image-repo-sync.yaml new file mode 100644 index 0000000000..7c08ba4aa2 --- /dev/null +++ b/panko/templates/job-image-repo-sync.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} +{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "panko" -}} +{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} +{{- end }} diff --git a/panko/templates/job-ks-endpoints.yaml b/panko/templates/job-ks-endpoints.yaml new file mode 100644 index 0000000000..69ca43a83f --- /dev/null +++ b/panko/templates/job-ks-endpoints.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_endpoints }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "panko" "serviceTypes" ( tuple "event" ) -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} +{{- end }} diff --git a/panko/templates/job-ks-service.yaml b/panko/templates/job-ks-service.yaml new file mode 100644 index 0000000000..c8a7802b2f --- /dev/null +++ b/panko/templates/job-ks-service.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_service }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "panko" "serviceTypes" ( tuple "event" ) -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} +{{- end }} diff --git a/panko/templates/job-ks-user.yaml b/panko/templates/job-ks-user.yaml new file mode 100644 index 0000000000..841af26079 --- /dev/null +++ b/panko/templates/job-ks-user.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_user }} +{{- $ksUserJob := dict "envAll" . "serviceName" "panko" -}} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} +{{- end }} diff --git a/panko/templates/pdb-api.yaml b/panko/templates/pdb-api.yaml new file mode 100644 index 0000000000..f62aee8c1a --- /dev/null +++ b/panko/templates/pdb-api.yaml @@ -0,0 +1,29 @@ +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.pdb_api }} +{{- $envAll := . }} +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: panko-api +spec: + minAvailable: {{ .Values.pod.lifecycle.disruption_budget.api.min_available }} + selector: + matchLabels: +{{ tuple $envAll "panko" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{- end }} diff --git a/panko/templates/pod-rally-test.yaml b/panko/templates/pod-rally-test.yaml new file mode 100644 index 0000000000..ac6b27862f --- /dev/null +++ b/panko/templates/pod-rally-test.yaml @@ -0,0 +1,102 @@ +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.pod_rally_test }} +{{- $envAll := . }} + +{{- $mounts_tests := .Values.pod.mounts.panko_tests.panko_tests }} +{{- $mounts_tests_init := .Values.pod.mounts.panko_tests.init_container }} + +{{- $serviceAccountName := print $envAll.Release.Name "-test" }} +{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: v1 +kind: Pod +metadata: + name: {{ print $envAll.Release.Name "-test" }} + labels: +{{ tuple $envAll "panko" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + annotations: + "helm.sh/hook": test-success + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +spec: + restartPolicy: Never + nodeSelector: + {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} + serviceAccountName: {{ $serviceAccountName }} + initContainers: +{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }} + - name: {{ .Release.Name }}-test-ks-user +{{ tuple $envAll "ks_user" | include "helm-toolkit.snippets.image" | indent 6 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} + command: + - /tmp/ks-user.sh + volumeMounts: + - name: panko-bin + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }} +{{- end }} + - name: SERVICE_OS_SERVICE_NAME + value: "test" +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }} +{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }} +{{- end }} + - name: SERVICE_OS_ROLE + value: {{ .Values.endpoints.identity.auth.test.role | quote }} + containers: + - name: {{ .Release.Name }}-test +{{ tuple $envAll "test" | include "helm-toolkit.snippets.image" | indent 6 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} + env: +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }} +{{- end }} +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }} +{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }} +{{- end }} + - name: RALLY_ENV_NAME + value: {{.Release.Name}} + command: + - /tmp/rally-test.sh + volumeMounts: + - name: panko-etc + mountPath: /etc/rally/rally_tests.yaml + subPath: rally_tests.yaml + readOnly: true + - name: panko-bin + mountPath: /tmp/rally-test.sh + subPath: rally-test.sh + readOnly: true + - name: rally-db + mountPath: /var/lib/rally +{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} + volumes: + - name: panko-etc + secret: + secretName: panko-etc + defaultMode: 0444 + - name: panko-bin + configMap: + name: panko-bin + defaultMode: 0555 + - name: rally-db + emptyDir: {} +{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }} +{{- end }} diff --git a/panko/templates/secret-db.yaml b/panko/templates/secret-db.yaml new file mode 100644 index 0000000000..b354e1d943 --- /dev/null +++ b/panko/templates/secret-db.yaml @@ -0,0 +1,30 @@ +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_db }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "panko" }} +{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} +{{- end }} +{{- end }} diff --git a/panko/templates/secret-keystone.yaml b/panko/templates/secret-keystone.yaml new file mode 100644 index 0000000000..c32a632051 --- /dev/null +++ b/panko/templates/secret-keystone.yaml @@ -0,0 +1,30 @@ +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_keystone }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "panko" "test" }} +{{- $secretName := index $envAll.Values.secrets.identity $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: +{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}} +{{- end }} +{{- end }} diff --git a/panko/templates/service-api.yaml b/panko/templates/service-api.yaml new file mode 100644 index 0000000000..ca640fcd0a --- /dev/null +++ b/panko/templates/service-api.yaml @@ -0,0 +1,39 @@ +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_api }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "event" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: p-api + port: {{ tuple "event" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{ if .Values.network.api.node_port.enabled }} + nodePort: {{ .Values.network.api.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "panko" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.api.node_port.enabled }} + type: NodePort + {{ if .Values.network.api.external_policy_local }} + externalTrafficPolicy: Local + {{ end }} + {{ end }} +{{- end }} diff --git a/panko/templates/service-ingress-api.yaml b/panko/templates/service-ingress-api.yaml new file mode 100644 index 0000000000..b49375f717 --- /dev/null +++ b/panko/templates/service-ingress-api.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2019 Wind River Systems, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "event" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} +{{- end }} diff --git a/panko/values.yaml b/panko/values.yaml new file mode 100644 index 0000000000..7adefd039b --- /dev/null +++ b/panko/values.yaml @@ -0,0 +1,585 @@ +# Copyright 2019 Wind River Systems, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for panko. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +release_group: null + +labels: + api: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + test: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +images: + tags: + test: docker.io/xrally/xrally-openstack:1.3.0 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 + db_init: docker.io/openstackhelm/heat:ocata + db_drop: docker.io/openstackhelm/heat:ocata + bootstrap: docker.io/openstackhelm/heat:ocata + panko_db_sync: docker.io/kolla/ubuntu-source-panko-api:ocata + ks_user: docker.io/openstackhelm/heat:ocata + ks_service: docker.io/openstackhelm/heat:ocata + ks_endpoints: docker.io/openstackhelm/heat:ocata + panko_api: docker.io/kolla/ubuntu-source-panko-api:ocata + panko_events_cleaner: docker.io/kolla/ubuntu-source-panko-base:ocata + image_repo_sync: docker.io/docker:17.07.0 + pull_policy: "IfNotPresent" + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +jobs: + events_cleaner: + # hourly + cron: "0 * * * *" + history: + success: 3 + failed: 1 + +network: + api: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + external_policy_local: false + node_port: + enabled: false + port: 8977 + +dependencies: + dynamic: + common: + local_image_registry: + jobs: + - panko-image-repo-sync + services: + - endpoint: node + service: local_image_registry + static: + api: + jobs: + - panko-db-sync + - panko-ks-user + - panko-ks-endpoints + services: + - endpoint: internal + service: oslo_db + - endpoint: internal + service: identity + events_cleaner: + jobs: + - panko-db-sync + - panko-ks-user + - panko-ks-endpoints + services: + - endpoint: internal + service: oslo_db + - endpoint: internal + service: identity + bootstrap: + services: + - endpoint: internal + service: identity + db_init: + services: + - endpoint: internal + service: oslo_db + db_sync: + jobs: + - panko-db-init + services: + - endpoint: internal + service: oslo_db + db_drop: + services: + - endpoint: internal + service: oslo_db + ks_endpoints: + jobs: + - panko-ks-service + services: + - endpoint: internal + service: identity + ks_service: + services: + - endpoint: internal + service: identity + ks_user: + services: + - endpoint: internal + service: identity + image_repo_sync: + services: + - endpoint: internal + service: local_image_registry + tests: + jobs: + - panko-db-sync + services: + - endpoint: internal + service: identity + - endpoint: internal + service: oslo_db + - endpoint: internal + service: event + +# Names of secrets used by bootstrap and environmental checks +secrets: + identity: + admin: panko-keystone-admin + panko: panko-keystone-user + test: panko-keystone-test + oslo_db: + admin: panko-db-admin + panko: panko-db-user + +bootstrap: + enabled: false + ks_user: panko + script: | + openstack token issue + +conf: + rally_tests: + run_tempest: false + tests: + CeilometerEvents.create_user_and_get_event: + - runner: + concurrency: 1 + times: 1 + type: constant + sla: + failure_rate: + max: 0 + CeilometerEvents.create_user_and_list_event_types: + - runner: + concurrency: 1 + times: 1 + type: constant + sla: + failure_rate: + max: 0 + CeilometerEvents.create_user_and_list_events: + - runner: + concurrency: 1 + times: 1 + type: constant + sla: + failure_rate: + max: 0 + wsgi_panko: | + Listen 0.0.0.0:{{ tuple "event" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy + + SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded + CustomLog /dev/stdout combined env=!forwarded + CustomLog /dev/stdout proxy env=forwarded + + + WSGIDaemonProcess panko processes=1 threads=2 user=panko group=panko display-name=%{GROUP} + WSGIProcessGroup panko + WSGIScriptAlias / /var/www/cgi-bin/panko/panko-api + WSGIApplicationGroup %{GLOBAL} + = 2.4> + ErrorLogFormat "%{cu}t %M" + + + ErrorLog /dev/stdout + SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded + CustomLog /dev/stdout combined env=!forwarded + CustomLog /dev/stdout proxy env=forwarded + + paste: + pipeline:main: + pipeline: cors http_proxy_to_wsgi request_id authtoken api-server + app:api-server: + paste.app_factory: panko.api.app:app_factory + filter:authtoken: + paste.filter_factory: keystonemiddleware.auth_token:filter_factory + oslo_config_project: panko + filter:request_id: + paste.filter_factory: oslo_middleware:RequestId.factory + filter:cors: + paste.filter_factory: oslo_middleware.cors:filter_factory + oslo_config_project: panko + filter:http_proxy_to_wsgi: + paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory + oslo_config_project: panko + policy: + context_is_admin: role:admin + segregation: rule:context_is_admin + telemetry:events:index: '' + telemetry:events:show: '' + panko: + DEFAULT: + debug: false + log_config_append: /etc/panko/logging.conf + oslo_middleware: + enable_proxy_headers_parsing: true + database: + event_time_to_live: 86400 + max_retries: -1 + keystone_authtoken: + auth_version: v3 + auth_type: password + memcache_security_strategy: ENCRYPT + logging: + loggers: + keys: + - root + - panko + handlers: + keys: + - stdout + - stderr + - "null" + formatters: + keys: + - context + - default + logger_root: + level: WARNING + handlers: 'null' + logger_panko: + level: INFO + handlers: + - stdout + qualname: panko + logger_amqp: + level: WARNING + handlers: stderr + qualname: amqp + logger_amqplib: + level: WARNING + handlers: stderr + qualname: amqplib + logger_eventletwsgi: + level: WARNING + handlers: stderr + qualname: eventlet.wsgi.server + logger_sqlalchemy: + level: WARNING + handlers: stderr + qualname: sqlalchemy + logger_boto: + level: WARNING + handlers: stderr + qualname: boto + handler_null: + class: logging.NullHandler + formatter: default + args: () + handler_stdout: + class: StreamHandler + args: (sys.stdout,) + formatter: context + handler_stderr: + class: StreamHandler + args: (sys.stderr,) + formatter: context + formatter_context: + class: oslo_log.formatters.ContextFormatter + formatter_default: + format: "%(message)s" + +# typically overriden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + identity: + name: keystone + auth: + admin: + region_name: RegionOne + username: admin + password: password + project_name: admin + user_domain_name: default + project_domain_name: default + panko: + role: admin + region_name: RegionOne + username: panko + password: password + project_name: service + user_domain_name: service + project_domain_name: service + test: + role: admin + region_name: RegionOne + username: test + password: password + project_name: test + user_domain_name: service + project_domain_name: service + hosts: + default: keystone + internal: keystone-api + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: 'http' + port: + api: + default: 80 + internal: 5000 + event: + name: panko + hosts: + default: panko-api + public: panko + host_fqdn_override: + default: null + path: + default: null + scheme: + default: 'http' + port: + api: + default: 8977 + public: 80 + oslo_db: + auth: + admin: + username: root + password: password + panko: + username: panko + password: password + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /panko + scheme: mysql+pymysql + port: + mysql: + default: 3306 + oslo_cache: + auth: + # NOTE: this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + fluentd: + namespace: null + name: fluentd + hosts: + default: fluentd-logging + host_fqdn_override: + default: null + path: + default: null + scheme: 'http' + port: + service: + default: 24224 + metrics: + default: 24220 + +pod: + security_context: + panko: + pod: + runAsUser: 42438 + container: + panko_api: + runAsUser: 0 + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + mounts: + panko_api: + init_container: null + panko_api: + volumeMounts: + volumes: + panko_events_cleaner: + init_container: null + panko_events_cleaner: + volumeMounts: + volumes: + panko_bootstrap: + init_container: null + panko_bootstrap: + volumeMounts: + volumes: + panko_tests: + init_container: null + panko_tests: + volumeMounts: + volumes: + replicas: + api: 1 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + disruption_budget: + api: + min_available: 0 + termination_grace_period: + api: + timeout: 600 + resources: + enabled: false + api: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + jobs: + bootstrap: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_user: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_service: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_endpoints: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + events_cleaner: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_drop: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + tests: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +manifests: + configmap_bin: true + configmap_etc: true + cron_job_events_cleaner: true + deployment_api: true + ingress_api: true + job_bootstrap: true + job_db_drop: false + job_db_init: true + job_image_repo_sync: true + job_db_sync: true + job_ks_endpoints: true + job_ks_service: true + job_ks_user: true + pdb_api: true + pod_rally_test: true + secret_db: true + secret_keystone: true + service_api: true + service_ingress_api: true + diff --git a/tools/deployment/multinode/240-panko.sh b/tools/deployment/multinode/240-panko.sh new file mode 100755 index 0000000000..8227325bb9 --- /dev/null +++ b/tools/deployment/multinode/240-panko.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +set -xe + +#NOTE: Wait for deploy +helm upgrade --install panko ./panko \ + --namespace=openstack \ + --set pod.replicas.api=2 \ + ${OSH_EXTRA_HELM_ARGS} \ + ${OSH_EXTRA_HELM_ARGS_PANKO} + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh openstack + +#NOTE: Validate Deployment info +helm status panko +export OS_CLOUD=openstack_helm +openstack service list diff --git a/tools/deployment/multinode/240-ceilometer.sh b/tools/deployment/multinode/250-ceilometer.sh similarity index 100% rename from tools/deployment/multinode/240-ceilometer.sh rename to tools/deployment/multinode/250-ceilometer.sh