From 842ef50b26510a6b8f4ac31cf850fc26698f89c2 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 5 Nov 2021 07:16:11 +0000 Subject: [PATCH] Add cyborg Init cyborg chart Implements: blueprint add-cyborg-chart Change-Id: I30e1d7d4887b1027c2f26a787ebe9705dadfc1e0 --- cyborg/Chart.yaml | 24 + cyborg/requirements.yaml | 16 + cyborg/templates/bin/_cyborg-agent.sh.tpl | 21 + cyborg/templates/bin/_cyborg-api.sh.tpl | 32 + cyborg/templates/bin/_cyborg-conductor.sh.tpl | 21 + cyborg/templates/bin/_db-sync.sh.tpl | 19 + cyborg/templates/configmap-bin.yaml | 43 ++ cyborg/templates/configmap-etc.yaml | 137 +++++ cyborg/templates/daemonset-agent.yaml | 111 ++++ cyborg/templates/deployment-api.yaml | 122 ++++ cyborg/templates/deployment-conductor.yaml | 97 +++ cyborg/templates/ingress-api.yaml | 18 + cyborg/templates/job-db-drop.yaml | 18 + cyborg/templates/job-db-init.yaml | 18 + cyborg/templates/job-db-sync.yaml | 18 + cyborg/templates/job-ks-endpoints.yaml | 18 + cyborg/templates/job-ks-service.yaml | 18 + cyborg/templates/job-ks-user.yaml | 18 + cyborg/templates/job-rabbit-init.yaml | 17 + cyborg/templates/network_policy.yaml | 18 + cyborg/templates/pdb-api.yaml | 27 + cyborg/templates/secret-db.yaml | 33 ++ cyborg/templates/secret-keystone.yaml | 28 + cyborg/templates/secret-rabbitmq.yaml | 28 + cyborg/templates/service-api.yaml | 36 ++ cyborg/templates/service-ingress-api.yaml | 18 + cyborg/values.yaml | 554 ++++++++++++++++++ releasenotes/notes/cyborg.yaml | 4 + 28 files changed, 1532 insertions(+) create mode 100644 cyborg/Chart.yaml create mode 100644 cyborg/requirements.yaml create mode 100644 cyborg/templates/bin/_cyborg-agent.sh.tpl create mode 100644 cyborg/templates/bin/_cyborg-api.sh.tpl create mode 100644 cyborg/templates/bin/_cyborg-conductor.sh.tpl create mode 100644 cyborg/templates/bin/_db-sync.sh.tpl create mode 100644 cyborg/templates/configmap-bin.yaml create mode 100644 cyborg/templates/configmap-etc.yaml create mode 100644 cyborg/templates/daemonset-agent.yaml create mode 100644 cyborg/templates/deployment-api.yaml create mode 100644 cyborg/templates/deployment-conductor.yaml create mode 100644 cyborg/templates/ingress-api.yaml create mode 100644 cyborg/templates/job-db-drop.yaml create mode 100644 cyborg/templates/job-db-init.yaml create mode 100644 cyborg/templates/job-db-sync.yaml create mode 100644 cyborg/templates/job-ks-endpoints.yaml create mode 100644 cyborg/templates/job-ks-service.yaml create mode 100644 cyborg/templates/job-ks-user.yaml create mode 100644 cyborg/templates/job-rabbit-init.yaml create mode 100644 cyborg/templates/network_policy.yaml create mode 100644 cyborg/templates/pdb-api.yaml create mode 100644 cyborg/templates/secret-db.yaml create mode 100644 cyborg/templates/secret-keystone.yaml create mode 100644 cyborg/templates/secret-rabbitmq.yaml create mode 100644 cyborg/templates/service-api.yaml create mode 100644 cyborg/templates/service-ingress-api.yaml create mode 100644 cyborg/values.yaml create mode 100644 releasenotes/notes/cyborg.yaml diff --git a/cyborg/Chart.yaml b/cyborg/Chart.yaml new file mode 100644 index 0000000000..e97eb0a180 --- /dev/null +++ b/cyborg/Chart.yaml @@ -0,0 +1,24 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +appVersion: v1.0.0 +description: OpenStack-Helm Cyborg +name: cyborg +version: 0.1.0 +home: https://docs.openstack.org/cyborg +icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cyborg/OpenStack_Project_Cyborg_vertical.png +sources: + - https://opendev.org/openstack/cyborg + - https://opendev.org/openstack/openstack-helm +maintainers: + - name: OpenStack-Helm Authors diff --git a/cyborg/requirements.yaml b/cyborg/requirements.yaml new file mode 100644 index 0000000000..4124d0145d --- /dev/null +++ b/cyborg/requirements.yaml @@ -0,0 +1,16 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: file://../../openstack-helm-infra/helm-toolkit + version: ">= 0.1.0" diff --git a/cyborg/templates/bin/_cyborg-agent.sh.tpl b/cyborg/templates/bin/_cyborg-agent.sh.tpl new file mode 100644 index 0000000000..98fa3e4078 --- /dev/null +++ b/cyborg/templates/bin/_cyborg-agent.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -x + +exec cyborg-agent \ + --config-file /etc/cyborg/cyborg.conf \ + --log-config-append /tmp/logging-cyborg.conf diff --git a/cyborg/templates/bin/_cyborg-api.sh.tpl b/cyborg/templates/bin/_cyborg-api.sh.tpl new file mode 100644 index 0000000000..69d8aa51a9 --- /dev/null +++ b/cyborg/templates/bin/_cyborg-api.sh.tpl @@ -0,0 +1,32 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +COMMAND="${@:-start}" + + +function start () { + exec cyborg-api \ + --config-file /etc/cyborg/cyborg.conf \ + --log-config-append /tmp/logging-cyborg.conf \ + ${OPTIONS} +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/cyborg/templates/bin/_cyborg-conductor.sh.tpl b/cyborg/templates/bin/_cyborg-conductor.sh.tpl new file mode 100644 index 0000000000..b6676efa51 --- /dev/null +++ b/cyborg/templates/bin/_cyborg-conductor.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -x + +exec cyborg-conductor \ + --config-file /etc/cyborg/cyborg.conf \ + --log-config-append /tmp/logging-cyborg.conf diff --git a/cyborg/templates/bin/_db-sync.sh.tpl b/cyborg/templates/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..4231aad567 --- /dev/null +++ b/cyborg/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade diff --git a/cyborg/templates/configmap-bin.yaml b/cyborg/templates/configmap-bin.yaml new file mode 100644 index 0000000000..747a43e48c --- /dev/null +++ b/cyborg/templates/configmap-bin.yaml @@ -0,0 +1,43 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: cyborg-bin +data: + db-drop.py: | +{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }} + db-init.py: | +{{- include "helm-toolkit.scripts.db_init" . | indent 4 }} + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + ks-service.sh: | +{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }} + ks-endpoints.sh: | +{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }} + ks-user.sh: | +{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} + cyborg-api.sh: | +{{ tuple "bin/_cyborg-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + cyborg-conductor.sh: | +{{ tuple "bin/_cyborg-conductor.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + cyborg-agent.sh: | +{{ tuple "bin/_cyborg-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + rabbit-init.sh: | +{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }} +{{- end }} diff --git a/cyborg/templates/configmap-etc.yaml b/cyborg/templates/configmap-etc.yaml new file mode 100644 index 0000000000..cd1f36faf5 --- /dev/null +++ b/cyborg/templates/configmap-etc.yaml @@ -0,0 +1,137 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "cyborg.etc" }} +{{- $configMapName := index . 0 }} +{{- $envAll := index . 1 }} +{{- with $envAll }} + +{{- if empty .Values.conf.cyborg.keystone_authtoken.auth_uri -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cyborg.keystone_authtoken "auth_uri" -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.keystone_authtoken.auth_url -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cyborg.keystone_authtoken "auth_url" -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.keystone_authtoken.region_name -}} +{{- $_ := set .Values.conf.cyborg.keystone_authtoken "region_name" .Values.endpoints.identity.auth.cyborg.region_name -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.keystone_authtoken.project_name -}} +{{- $_ := set .Values.conf.cyborg.keystone_authtoken "password" .Values.endpoints.identity.auth.cyborg.password -}} +{{- $_ := set .Values.conf.cyborg.keystone_authtoken "project_name" .Values.endpoints.identity.auth.cyborg.project_name -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.keystone_authtoken.project_domain_name -}} +{{- $_ := set .Values.conf.cyborg.keystone_authtoken "password" .Values.endpoints.identity.auth.cyborg.password -}} +{{- $_ := set .Values.conf.cyborg.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.cyborg.project_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.keystone_authtoken.user_domain_name -}} +{{- $_ := set .Values.conf.cyborg.keystone_authtoken "password" .Values.endpoints.identity.auth.cyborg.password -}} +{{- $_ := set .Values.conf.cyborg.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.cyborg.user_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.keystone_authtoken.username -}} +{{- $_ := set .Values.conf.cyborg.keystone_authtoken "password" .Values.endpoints.identity.auth.cyborg.password -}} +{{- $_ := set .Values.conf.cyborg.keystone_authtoken "username" .Values.endpoints.identity.auth.cyborg.username -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.keystone_authtoken.password -}} +{{- $_ := set .Values.conf.cyborg.keystone_authtoken "password" .Values.endpoints.identity.auth.cyborg.password -}} +{{- end -}} + +{{- if empty .Values.conf.cyborg.keystone_authtoken.memcached_servers -}} +{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.cyborg.keystone_authtoken "memcached_servers" -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.keystone_authtoken.memcache_secret_key -}} +{{- $_ := set .Values.conf.cyborg.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}} +{{- end -}} + +{{- if empty .Values.conf.cyborg.database.connection -}} +{{- $_ := tuple "oslo_db" "internal" "cyborg" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.cyborg.database "connection" -}} +{{- end -}} + +{{- if empty .Values.conf.cyborg.DEFAULT.transport_url -}} +{{- $_ := tuple "oslo_messaging" "internal" "cyborg" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.cyborg.DEFAULT "transport_url" -}} +{{- end -}} + +{{- if empty .Values.conf.cyborg.placement.auth_url -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cyborg.placement "auth_url" -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.placement.project_name -}} +{{- $_ := set .Values.conf.cyborg.placement "project_name" .Values.endpoints.identity.auth.placement.project_name -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.placement.project_domain_name -}} +{{- $_ := set .Values.conf.cyborg.placement "project_domain_name" .Values.endpoints.identity.auth.placement.project_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.placement.user_domain_name -}} +{{- $_ := set .Values.conf.cyborg.placement "user_domain_name" .Values.endpoints.identity.auth.placement.user_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.placement.username -}} +{{- $_ := set .Values.conf.cyborg.placement "username" .Values.endpoints.identity.auth.placement.username -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.placement.password -}} +{{- $_ := set .Values.conf.cyborg.placement "password" .Values.endpoints.identity.auth.placement.password -}} +{{- end -}} + +{{- if empty .Values.conf.cyborg.nova.auth_url -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cyborg.nova "auth_url" -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.nova.project_name -}} +{{- $_ := set .Values.conf.cyborg.nova "project_name" .Values.endpoints.identity.auth.nova.project_name -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.nova.project_domain_name -}} +{{- $_ := set .Values.conf.cyborg.nova "project_domain_name" .Values.endpoints.identity.auth.nova.project_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.nova.user_domain_name -}} +{{- $_ := set .Values.conf.cyborg.nova "user_domain_name" .Values.endpoints.identity.auth.nova.user_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.nova.username -}} +{{- $_ := set .Values.conf.cyborg.nova "username" .Values.endpoints.identity.auth.nova.username -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.nova.password -}} +{{- $_ := set .Values.conf.cyborg.nova "password" .Values.endpoints.identity.auth.nova.password -}} +{{- end -}} + +{{- if empty .Values.conf.cyborg.service_catalog.auth_url -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cyborg.service_catalog "auth_url" -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.service_catalog.project_name -}} +{{- $_ := set .Values.conf.cyborg.service_catalog "project_name" .Values.endpoints.identity.auth.cyborg.project_name -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.service_catalog.project_domain_name -}} +{{- $_ := set .Values.conf.cyborg.service_catalog "project_domain_name" .Values.endpoints.identity.auth.cyborg.project_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.service_catalog.user_domain_name -}} +{{- $_ := set .Values.conf.cyborg.service_catalog "user_domain_name" .Values.endpoints.identity.auth.cyborg.user_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.service_catalog.username -}} +{{- $_ := set .Values.conf.cyborg.service_catalog "username" .Values.endpoints.identity.auth.cyborg.username -}} +{{- end -}} +{{- if empty .Values.conf.cyborg.service_catalog.password -}} +{{- $_ := set .Values.conf.cyborg.service_catalog "password" .Values.endpoints.identity.auth.cyborg.password -}} +{{- end -}} + + +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $configMapName }} +type: Opaque +data: + cyborg.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.cyborg | b64enc }} + policy.yaml: {{ toYaml .Values.conf.policy | b64enc }} + api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} +{{- end }} +{{- end }} + +{{- if .Values.manifests.configmap_etc }} +{{- list "cyborg-etc" . | include "cyborg.etc" }} +{{- end }} diff --git a/cyborg/templates/daemonset-agent.yaml b/cyborg/templates/daemonset-agent.yaml new file mode 100644 index 0000000000..124fa04ede --- /dev/null +++ b/cyborg/templates/daemonset-agent.yaml @@ -0,0 +1,111 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "cyborg.agent.daemonset" }} +{{- $daemonset := index . 0 }} +{{- $configMapName := index . 1 }} +{{- $serviceAccountName := index . 2 }} +{{- $envAll := index . 3 }} +{{- with $envAll }} + +{{- $mounts_cyborg := .Values.pod.mounts.cyborg_agent.cyborg_agent }} +{{- $mounts_cyborg_agent_init := .Values.pod.mounts.cyborg_agent.init_container }} + +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: cyborg-agent + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + selector: + matchLabels: +{{ tuple $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll $daemonset | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccountName: {{ $serviceAccountName }} + nodeSelector: + {{ .Values.labels.agent.node_selector_key }}: {{ .Values.labels.agent.node_selector_value }} + hostNetwork: true + hostPID: true + hostIPC: true + dnsPolicy: ClusterFirstWithHostNet + initContainers: +{{ tuple $envAll "cyborg" $mounts_cyborg_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: cyborg-agent +{{ tuple $envAll "cyborg_agent" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.agent | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + runAsUser: 0 + privileged: true + env: + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + command: + - /tmp/cyborg-agent.sh + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: cyborg-bin + mountPath: /tmp/cyborg-agent.sh + subPath: cyborg-agent.sh + readOnly: true + - name: cyborg-etc + mountPath: /etc/cyborg/cyborg.conf + subPath: cyborg.conf + readOnly: true + volumes: + - name: pod-tmp + emptyDir: {} + - name: pod-shared + emptyDir: {} + - name: cyborg-bin + configMap: + name: cyborg-bin + defaultMode: 0555 + - name: cyborg-etc + secret: + secretName: cyborg-etc + defaultMode: 0444 +{{- end }} +{{- end }} + +{{- if .Values.manifests.daemonset_agent }} +{{- $envAll := . }} +{{- $daemonset := "agent" }} +{{- $configMapName := "cyborg-etc" }} +{{- $serviceAccountName := "cyborg-agent" }} + +{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "agent" -}} +{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }} + +{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "cyborg.agent.daemonset" | toString | fromYaml }} +{{- $configmap_yaml := "cyborg.etc" }} +{{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }} +{{- end }} diff --git a/cyborg/templates/deployment-api.yaml b/cyborg/templates/deployment-api.yaml new file mode 100644 index 0000000000..2b0845860a --- /dev/null +++ b/cyborg/templates/deployment-api.yaml @@ -0,0 +1,122 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_api }} +{{- $envAll := . }} + +{{- $mounts_cyborg_api := .Values.pod.mounts.cyborg_api.cyborg_api }} +{{- $mounts_cyborg_api_init := .Values.pod.mounts.cyborg_api.init_container }} + +{{- $serviceAccountName := "cyborg-api" }} +{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cyborg-api + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "cyborg" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.api }} + selector: + matchLabels: +{{ tuple $envAll "cyborg" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "cyborg" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} +{{ dict "envAll" $envAll "podName" "cyborg-api" "containerNames" (list "cyborg" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} +{{ dict "envAll" $envAll "application" "cyborg" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: +{{ tuple $envAll "cyborg" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }} + initContainers: +{{ tuple $envAll "api" $mounts_cyborg_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: cyborg +{{ tuple $envAll "cyborg_api" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "cyborg" "container" "cyborg" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + command: + - /tmp/cyborg-api.sh + - start + lifecycle: + preStop: + exec: + command: + - /tmp/cyborg-api.sh + - stop + ports: + - name: cyborg-api + containerPort: {{ tuple "accelerator" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + readinessProbe: + tcpSocket: + port: {{ tuple "accelerator" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + livenessProbe: + tcpSocket: + port: {{ tuple "accelerator" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: pod-var-cyborg + mountPath: /var/lib/cyborg + - name: cyborg-bin + mountPath: /tmp/cyborg-api.sh + subPath: cyborg-api.sh + readOnly: true + - name: cyborg-etc + mountPath: /etc/cyborg/cyborg.conf + subPath: cyborg.conf + readOnly: true + - name: cyborg-etc + mountPath: /etc/cyborg/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: cyborg-etc + mountPath: /etc/cyborg/policy.yaml + subPath: policy.yaml + readOnly: true +{{ if $mounts_cyborg_api.volumeMounts }}{{ toYaml $mounts_cyborg_api.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: pod-var-cyborg + emptyDir: {} + - name: cyborg-bin + configMap: + name: cyborg-bin + defaultMode: 0555 + - name: cyborg-etc + secret: + secretName: cyborg-etc + defaultMode: 0444 +{{ if $mounts_cyborg_api.volumes}}{{ toYaml $mounts_cyborg_api.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/cyborg/templates/deployment-conductor.yaml b/cyborg/templates/deployment-conductor.yaml new file mode 100644 index 0000000000..86f4c443c3 --- /dev/null +++ b/cyborg/templates/deployment-conductor.yaml @@ -0,0 +1,97 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_conductor }} +{{- $envAll := . }} + +{{- $mounts_cyborg_conductor := .Values.pod.mounts.cyborg_conductor.cyborg_conductor }} +{{- $mounts_cyborg_conductor_init := .Values.pod.mounts.cyborg_conductor.init_container }} + +{{- $serviceAccountName := "cyborg-conductor" }} +{{ tuple $envAll "conductor" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cyborg-conductor + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "cyborg" "conductor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.conductor }} + selector: + matchLabels: +{{ tuple $envAll "cyborg" "conductor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "cyborg" "conductor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} +{{ dict "envAll" $envAll "podName" "cyborg-conductor" "containerNames" (list "cyborg-conductor" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} +{{ dict "envAll" $envAll "application" "cyborg" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: +{{ tuple $envAll "cyborg" "conductor" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.conductor.node_selector_key }}: {{ .Values.labels.conductor.node_selector_value }} + initContainers: +{{ tuple $envAll "conductor" $mounts_cyborg_conductor_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: cyborg-conductor +{{ tuple $envAll "cyborg_conductor" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "cyborg" "container" "cyborg_conductor" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + command: + - /tmp/cyborg-conductor.sh + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: cyborg-bin + mountPath: /tmp/cyborg-conductor.sh + subPath: cyborg-conductor.sh + readOnly: true + - name: cyborg-etc + mountPath: /etc/cyborg/cyborg.conf + subPath: cyborg.conf + readOnly: true + - name: cyborg-etc + mountPath: /etc/cyborg/policy.yaml + subPath: policy.yaml + readOnly: true +{{ if $mounts_cyborg_conductor.volumeMounts }}{{ toYaml $mounts_cyborg_conductor.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: cyborg-bin + configMap: + name: cyborg-bin + defaultMode: 0555 + - name: cyborg-etc + secret: + secretName: cyborg-etc + defaultMode: 0444 +{{ if $mounts_cyborg_conductor.volumes }}{{ toYaml $mounts_cyborg_conductor.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/cyborg/templates/ingress-api.yaml b/cyborg/templates/ingress-api.yaml new file mode 100644 index 0000000000..fefdd6ffe3 --- /dev/null +++ b/cyborg/templates/ingress-api.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendServiceType" "accelerator" "backendPort" "cyborg-api" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} diff --git a/cyborg/templates/job-db-drop.yaml b/cyborg/templates/job-db-drop.yaml new file mode 100644 index 0000000000..75aa001594 --- /dev/null +++ b/cyborg/templates/job-db-drop.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_drop }} +{{- $dbDropJob := dict "envAll" . "serviceName" "cyborg" -}} +{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} +{{- end }} diff --git a/cyborg/templates/job-db-init.yaml b/cyborg/templates/job-db-init.yaml new file mode 100644 index 0000000000..d74b9659de --- /dev/null +++ b/cyborg/templates/job-db-init.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_init }} +{{- $dbInitJob := dict "envAll" . "serviceName" "cyborg" -}} +{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} +{{- end }} diff --git a/cyborg/templates/job-db-sync.yaml b/cyborg/templates/job-db-sync.yaml new file mode 100644 index 0000000000..6dccd48064 --- /dev/null +++ b/cyborg/templates/job-db-sync.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_sync }} +{{- $dbSyncJob := dict "envAll" . "serviceName" "cyborg" -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} +{{- end }} diff --git a/cyborg/templates/job-ks-endpoints.yaml b/cyborg/templates/job-ks-endpoints.yaml new file mode 100644 index 0000000000..82196c6ef8 --- /dev/null +++ b/cyborg/templates/job-ks-endpoints.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_endpoints }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "cyborg" "serviceTypes" ( tuple "accelerator" ) -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} +{{- end }} diff --git a/cyborg/templates/job-ks-service.yaml b/cyborg/templates/job-ks-service.yaml new file mode 100644 index 0000000000..c123a2f458 --- /dev/null +++ b/cyborg/templates/job-ks-service.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_service }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "cyborg" "serviceTypes" ( tuple "accelerator" ) "configMapBin" "cyborg-bin" -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} +{{- end }} diff --git a/cyborg/templates/job-ks-user.yaml b/cyborg/templates/job-ks-user.yaml new file mode 100644 index 0000000000..b90fa1625d --- /dev/null +++ b/cyborg/templates/job-ks-user.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_user }} +{{- $ksUserJob := dict "envAll" . "serviceName" "cyborg" -}} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} +{{- end }} diff --git a/cyborg/templates/job-rabbit-init.yaml b/cyborg/templates/job-rabbit-init.yaml new file mode 100644 index 0000000000..613d27bca9 --- /dev/null +++ b/cyborg/templates/job-rabbit-init.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if .Values.manifests.job_rabbit_init }} +{{- $rmqUserJob := dict "envAll" . "serviceName" "cyborg" -}} +{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }} +{{- end }} diff --git a/cyborg/templates/network_policy.yaml b/cyborg/templates/network_policy.yaml new file mode 100644 index 0000000000..3e93d4402a --- /dev/null +++ b/cyborg/templates/network_policy.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.network_policy -}} +{{- $netpol_opts := dict "envAll" . "name" "application" "label" "cyborg" -}} +{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }} +{{- end -}} diff --git a/cyborg/templates/pdb-api.yaml b/cyborg/templates/pdb-api.yaml new file mode 100644 index 0000000000..68092901ef --- /dev/null +++ b/cyborg/templates/pdb-api.yaml @@ -0,0 +1,27 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.pdb_api }} +{{- $envAll := . }} +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: cyborg-api +spec: + minAvailable: {{ .Values.pod.lifecycle.disruption_budget.api.min_available }} + selector: + matchLabels: +{{ tuple $envAll "cyborg" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{- end }} diff --git a/cyborg/templates/secret-db.yaml b/cyborg/templates/secret-db.yaml new file mode 100644 index 0000000000..408939e82f --- /dev/null +++ b/cyborg/templates/secret-db.yaml @@ -0,0 +1,33 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_db }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "cyborg" }} +{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} +{{- $connection := tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: +{{- if $envAll.Values.manifests.certificates }} + DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}} +{{- else }} + DB_CONNECTION: {{ $connection | b64enc -}} +{{- end }} +{{- end }} +{{- end }} diff --git a/cyborg/templates/secret-keystone.yaml b/cyborg/templates/secret-keystone.yaml new file mode 100644 index 0000000000..b2e121ebc1 --- /dev/null +++ b/cyborg/templates/secret-keystone.yaml @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_keystone }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "cyborg" }} +{{- $secretName := index $envAll.Values.secrets.identity $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: +{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}} +{{- end }} +{{- end }} diff --git a/cyborg/templates/secret-rabbitmq.yaml b/cyborg/templates/secret-rabbitmq.yaml new file mode 100644 index 0000000000..1ff1e389ac --- /dev/null +++ b/cyborg/templates/secret-rabbitmq.yaml @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_rabbitmq }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "cyborg" }} +{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }} +{{- end }} +{{- end }} diff --git a/cyborg/templates/service-api.yaml b/cyborg/templates/service-api.yaml new file mode 100644 index 0000000000..eac8543cd5 --- /dev/null +++ b/cyborg/templates/service-api.yaml @@ -0,0 +1,36 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_api }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "accelerator" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: cyborg-api + port: {{ tuple "accelerator" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{ if .Values.network.api.node_port.enabled }} + nodePort: {{ .Values.network.api.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "cyborg" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.api.node_port.enabled }} + type: NodePort + {{ end }} +{{- end }} + + diff --git a/cyborg/templates/service-ingress-api.yaml b/cyborg/templates/service-ingress-api.yaml new file mode 100644 index 0000000000..4b35ea0cd5 --- /dev/null +++ b/cyborg/templates/service-ingress-api.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "accelerator" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} +{{- end }} diff --git a/cyborg/values.yaml b/cyborg/values.yaml new file mode 100644 index 0000000000..0649b2125a --- /dev/null +++ b/cyborg/values.yaml @@ -0,0 +1,554 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +images: + tags: + db_init: docker.io/openstackhelm/heat:master-ubuntu_focal + cyborg_db_sync: docker.io/openstackhelm/cyborg:wallaby + db_drop: docker.io/openstackhelm/heat:master-ubuntu_focal + ks_endpoints: docker.io/openstackhelm/heat:master-ubuntu_focal + ks_service: docker.io/openstackhelm/heat:master-ubuntu_focal + ks_user: docker.io/openstackhelm/heat:master-ubuntu_focal + cyborg_api: docker.io/openstackhelm/cyborg:master-ubuntu_focal + cyborg_conductor: docker.io/openstackhelm/cyborg:master-ubuntu_focal + cyborg_agent: docker.io/openstackhelm/cyborg:focal + rabbit_init: docker.io/rabbitmq:3.7-management + dep_check: 'quay.io/airshipit/kubernetes-entrypoint:v1.0.0' + pull_policy: "IfNotPresent" + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +labels: + api: + node_selector_key: openstack-control-plane + node_selector_value: enabled + conductor: + node_selector_key: openstack-control-plane + node_selector_value: enabled + agent: + node_selector_key: openstack-compute-node + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + test: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + accelerator: + name: cyborg + hosts: + default: cyborg-api + admin: cyborg + public: cyborg + host_fqdn_override: + default: null + path: + default: /v2 + scheme: + default: http + port: + api: + default: 6666 + admin: 80 + public: 80 + oslo_db: + auth: + admin: + username: root + password: password + secret: + tls: + internal: mariadb-tls-direct + cyborg: + username: cyborg + password: password + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /cyborg + scheme: mysql+pymysql + port: + mysql: + default: 3306 + identity: + name: keystone + auth: + admin: + region_name: RegionOne + username: admin + password: password + project_name: admin + user_domain_name: default + project_domain_name: default + cyborg: + role: admin + region_name: RegionOne + username: cyborg + password: password + project_name: service + user_domain_name: service + project_domain_name: service + placement: + role: admin + region_name: RegionOne + username: placement + password: password + project_name: service + user_domain_name: service + project_domain_name: service + nova: + role: admin + region_name: RegionOne + username: nova + password: password + project_name: service + user_domain_name: service + project_domain_name: service + test: + role: admin + region_name: RegionOne + username: neutron-test + password: password + project_name: test + user_domain_name: service + project_domain_name: service + hosts: + default: keystone + internal: keystone-api + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: http + port: + api: + default: 80 + internal: 5000 + oslo_messaging: + auth: + admin: + username: rabbitmq + password: password + secret: + tls: + internal: rabbitmq-tls-direct + cyborg: + username: cyborg + password: password + statefulset: + replicas: 2 + name: rabbitmq-rabbitmq + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: /cyborg + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + fluentd: + namespace: null + name: fluentd + hosts: + default: fluentd-logging + host_fqdn_override: + default: null + path: + default: null + scheme: 'http' + port: + service: + default: 24224 + metrics: + default: 24220 + # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress + # They are using to enable the Egress K8s network policy. + kube_dns: + namespace: kube-system + name: kubernetes-dns + hosts: + default: kube-dns + host_fqdn_override: + default: null + path: + default: null + scheme: http + port: + dns: + default: 53 + protocol: UDP + ingress: + namespace: null + name: ingress + hosts: + default: ingress + port: + ingress: + default: 80 + +secrets: + identity: + admin: cyborg-keystone-admin + cyborg: cyborg-keystone-user + test: cyborg-keystone-test + oslo_db: + admin: cyborg-db-admin + cyborg: cyborg-db-user + oslo_messaging: + admin: cyborg-rabbitmq-admin + cyborg: cyborg-rabbitmq-user + +dependencies: + static: + api: + jobs: + - cyborg-db-sync + - cyborg-ks-user + - cyborg-ks-endpoints + - cyborg-ks-service + services: + - endpoint: internal + service: oslo_db + - endpoint: internal + service: identity + - endpoint: internal + service: oslo_messaging + conductor: + jobs: + - cyborg-db-sync + - cyborg-rabbit-init + services: + - endpoint: internal + service: oslo_messaging + - endpoint: internal + service: oslo_db + - endpoint: internal + service: identity + agent: + jobs: + - cyborg-db-sync + - cyborg-rabbit-init + services: + - endpoint: internal + service: oslo_messaging + - endpoint: internal + service: oslo_db + - endpoint: internal + service: identity + - endpoint: internal + service: placement + db_drop: + services: + - endpoint: internal + service: oslo_db + db_init: + services: + - endpoint: internal + service: oslo_db + db_sync: + jobs: + - cyborg-db-init + services: + - endpoint: internal + service: oslo_db + ks_endpoints: + jobs: + - cyborg-ks-service + services: + - endpoint: internal + service: identity + ks_service: + services: + - endpoint: internal + service: identity + ks_user: + services: + - endpoint: internal + service: identity + +pod: + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + conductor: requiredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + weight: + default: 10 + mounts: + cyborg_api: + init_container: null + cyborg_api: + volumeMounts: + volumes: + cyborg_conductor: + init_container: null + cyborg_conductor: + volumeMounts: + volumes: + cyborg_agent: + init_container: null + cyborg_agent: + volumeMounts: + volumes: + cyborg_db_sync: + cyborg_db_sync: + volumeMounts: + - name: db-sync-sh + mountPath: /tmp/env.py + subPath: env.py + readOnly: true + volumes: + replicas: + api: 3 + conductor: 3 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + daemonsets: + pod_replacement_strategy: RollingUpdate + cyborg: + enabled: true + min_ready_seconds: 0 + max_unavailable: 1 + disruption_budget: + api: + min_available: 0 + termination_grace_period: + api: + timeout: 30 + resources: + enabled: true + api: + requests: + memory: "128Mi" + limits: + memory: "1024Mi" + conductor: + requests: + memory: "128Mi" + limits: + memory: "1024Mi" + agent: + requests: + memory: "128Mi" + limits: + memory: "1024Mi" + jobs: + db_drop: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_endpoints: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_service: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_user: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + rabbit_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + tests: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +conf: + paste: + pipeline:main: + pipeline: cors request_id authtoken api_v2 + app:api_v2: + paste.app_factory: cyborg.api.app:app_factory + filter:authtoken: + acl_public_routes: /, /v2 + paste.filter_factory: cyborg.api.middleware.auth_token:AuthTokenMiddleware.factory + filter:osprofiler: + paste.filter_factory: cyborg.common.profiler:WsgiMiddleware.factory + filter:request_id: + paste.filter_factory: oslo_middleware:RequestId.factory + filter:cors: + paste.filter_factory: oslo_middleware.cors:filter_factory + oslo_config_project: cyborg + + policy: {} + cyborg: + DEFAULT: + use_syslog: false + state_path: /var/lib/cyborg + debug: true + api: + host_ip: 0.0.0.0 + api_workers: 3 + database: + connection: null + service_catalog: + auth_type: password + oslo_messaging_rabbit: + rabbit_ha_queues: true + amqp_durable_queues: true + placement: + auth_type: password + nova: + auth_type: password + keystone_authtoken: + auth_type: password + endpoint_type: internal + www_authenticate_uri: null + agent: + enabled_drivers: + - nvidia_gpu_driver + gpu_devices: + enabled_vgpu_types: [] + cyborg_sys_admin: + helper_command: /var/lib/openstack/bin/privsep-helper + rabbitmq: + policies: + - vhost: "cyborg" + name: "ha_ttl_cyborg" + definition: + ha-mode: "all" + ha-sync-mode: "automatic" + message-ttl: 70000 + priority: 0 + apply-to: all + pattern: '^(?!(amq\.|reply_)).*' + +network: + api: + port: 6666 + istio: + public: true + ingress: + public: false + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + node_port: + enabled: false + port: 30666 + +manifests: + certificates: false + configmap_bin: true + configmap_etc: true + daemonset_agent: true + deployment_api: true + deployment_conductor: true + ingress_api: true + job_db_drop: false + job_db_init: true + job_db_sync: true + job_image_repo_sync: true + job_ks_endpoints: true + job_ks_service: true + job_ks_user: true + job_rabbit_init: true + pdb_api: true + network_policy: false + secret_db: true + secret_keystone: true + secret_rabbitmq: true + service_ingress_api: false + service_api: true diff --git a/releasenotes/notes/cyborg.yaml b/releasenotes/notes/cyborg.yaml new file mode 100644 index 0000000000..73a5b6f49e --- /dev/null +++ b/releasenotes/notes/cyborg.yaml @@ -0,0 +1,4 @@ +--- +cyborg: + - 0.1.0 Initial Chart +...