diff --git a/releasenotes/notes/tacker.yaml b/releasenotes/notes/tacker.yaml new file mode 100644 index 0000000000..ee5f96f3d9 --- /dev/null +++ b/releasenotes/notes/tacker.yaml @@ -0,0 +1,4 @@ +--- +tacker: + - 0.1.0 Initial Chart +... diff --git a/tacker/.helmignore b/tacker/.helmignore new file mode 100644 index 0000000000..0e8a0eb36f --- /dev/null +++ b/tacker/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/tacker/Chart.yaml b/tacker/Chart.yaml new file mode 100644 index 0000000000..86841e94c1 --- /dev/null +++ b/tacker/Chart.yaml @@ -0,0 +1,24 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +appVersion: v1.0.0 +description: OpenStack-Helm Tacker +name: tacker +version: 0.1.0 +home: https://docs.openstack.org/tacker/latest/ +icon: https://www.openstack.org/themes/openstack/images/project-mascots/Tacker/OpenStack_Project_Tacker_vertical.png +sources: + - https://opendev.org/openstack/tacker + - https://opendev.org/openstack/openstack-helm +maintainers: + - name: OpenStack-Helm Authors diff --git a/tacker/requirements.yaml b/tacker/requirements.yaml new file mode 100644 index 0000000000..4124d0145d --- /dev/null +++ b/tacker/requirements.yaml @@ -0,0 +1,16 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: file://../../openstack-helm-infra/helm-toolkit + version: ">= 0.1.0" diff --git a/tacker/templates/bin/_db-sync.sh.tpl b/tacker/templates/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..24fc9690ee --- /dev/null +++ b/tacker/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,18 @@ +#!/bin/bash +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +tacker-db-manage --config-file /etc/tacker/tacker.conf upgrade head diff --git a/tacker/templates/bin/_tacker_conductor.sh.tpl b/tacker/templates/bin/_tacker_conductor.sh.tpl new file mode 100644 index 0000000000..b3014903bf --- /dev/null +++ b/tacker/templates/bin/_tacker_conductor.sh.tpl @@ -0,0 +1,23 @@ +#!/bin/bash +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +pip install python-cinderclient +pip install retrying +pip install boto3 +apt update +apt install curl -y -f --install-suggests +curl -o /tmp/helm.tar.gz https://get.helm.sh/helm-v3.11.2-linux-amd64.tar.gz +tar zxf /tmp/helm.tar.gz -C /tmp/;mv /tmp/linux-amd64/helm /usr/local/bin/helm +tacker-conductor --config-file /etc/tacker/tacker.conf diff --git a/tacker/templates/bin/_tacker_server.sh.tpl b/tacker/templates/bin/_tacker_server.sh.tpl new file mode 100644 index 0000000000..9397f1c284 --- /dev/null +++ b/tacker/templates/bin/_tacker_server.sh.tpl @@ -0,0 +1,23 @@ +#!/bin/bash +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +pip install python-cinderclient +pip install retrying +pip install boto3 +apt update +apt install curl -y -f --install-suggests +curl -o /tmp/helm.tar.gz https://get.helm.sh/helm-v3.11.2-linux-amd64.tar.gz +tar zxf /tmp/helm.tar.gz -C /tmp/;mv /tmp/linux-amd64/helm /usr/local/bin/helm +tacker-server --config-file /etc/tacker/tacker.conf diff --git a/tacker/templates/configmap-bin.yaml b/tacker/templates/configmap-bin.yaml new file mode 100644 index 0000000000..c436f27201 --- /dev/null +++ b/tacker/templates/configmap-bin.yaml @@ -0,0 +1,39 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if .Values.manifests.configmap_bin }} +--- +apiVersion: v1 +data: + tacker-server.sh: | +{{ tuple "bin/_tacker_server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + tacker-conductor.sh: | +{{ tuple "bin/_tacker_conductor.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + db-drop.py: | +{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }} + db-init.py: | +{{- include "helm-toolkit.scripts.db_init" . | indent 4 }} + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + ks-endpoints.sh: | +{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }} + ks-service.sh: | +{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }} + ks-user.sh: | +{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} + rabbit-init.sh: | +{{- include "helm-toolkit.scripts.rabbit_init" .| indent 4 }} +kind: ConfigMap +metadata: + name: tacker-bin +{{- end }} \ No newline at end of file diff --git a/tacker/templates/configmap-etc.yaml b/tacker/templates/configmap-etc.yaml new file mode 100644 index 0000000000..7e81aeccbe --- /dev/null +++ b/tacker/templates/configmap-etc.yaml @@ -0,0 +1,91 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_etc }} +{{- $envAll := . }} + +{{- if empty .Values.conf.tacker.database.connection -}} +{{- $connection := tuple "oslo_db" "internal" "tacker" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}} +{{- if .Values.manifests.certificates -}} +{{- $_ := (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | set .Values.conf.tacker.database "connection" -}} +{{- else -}} +{{- $_ := set .Values.conf.tacker.database "connection" $connection -}} +{{- end -}} +{{- end -}} + +{{- if empty .Values.conf.tacker.DEFAULT.transport_url -}} +{{- $_ := tuple "oslo_messaging" "internal" "tacker" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.tacker.DEFAULT "transport_url" -}} +{{- end -}} +{{- if empty .Values.conf.tacker.oslo_messaging_notifications.transport_url -}} +{{- $_ := tuple "oslo_messaging" "internal" "tacker" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.tacker.oslo_messaging_notifications "transport_url" -}} +{{- end -}} + +{{- if empty .Values.conf.tacker.keystone_authtoken.www_authenticate_uri -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.tacker.keystone_authtoken "www_authenticate_uri" -}} +{{- end -}} +{{- if empty .Values.conf.tacker.keystone_authtoken.auth_url -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.tacker.keystone_authtoken "auth_url" -}} +{{- end -}} +{{- if empty .Values.conf.tacker.keystone_authtoken.region_name -}} +{{- $_ := set .Values.conf.tacker.keystone_authtoken "region_name" .Values.endpoints.identity.auth.tacker.region_name -}} +{{- end -}} +{{- if empty .Values.conf.tacker.keystone_authtoken.project_name -}} +{{- $_ := set .Values.conf.tacker.keystone_authtoken "project_name" .Values.endpoints.identity.auth.tacker.project_name -}} +{{- end -}} +{{- if empty .Values.conf.tacker.keystone_authtoken.project_domain_name -}} +{{- $_ := set .Values.conf.tacker.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.tacker.project_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.tacker.keystone_authtoken.user_domain_name -}} +{{- $_ := set .Values.conf.tacker.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.tacker.user_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.tacker.keystone_authtoken.username -}} +{{- $_ := set .Values.conf.tacker.keystone_authtoken "username" .Values.endpoints.identity.auth.tacker.username -}} +{{- end -}} +{{- if empty .Values.conf.tacker.keystone_authtoken.password -}} +{{- $_ := set .Values.conf.tacker.keystone_authtoken "password" .Values.endpoints.identity.auth.tacker.password -}} +{{- end -}} + +{{- if empty .Values.conf.tacker.keystone_authtoken.memcached_servers -}} +{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.tacker.keystone_authtoken "memcached_servers" -}} +{{- end -}} +{{- if empty .Values.conf.tacker.keystone_authtoken.memcache_secret_key -}} +{{- $_ := set .Values.conf.tacker.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}} +{{- end -}} + +{{- if empty .Values.conf.tacker.alarm_auth.url -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.tacker.alarm_auth "url" -}} +{{- end -}} +{{- if empty .Values.conf.tacker.alarm_auth.project_name -}} +{{- $_ := set .Values.conf.tacker.alarm_auth "project_name" .Values.endpoints.identity.auth.tacker.project_name -}} +{{- end -}} +{{- if empty .Values.conf.tacker.alarm_auth.username -}} +{{- $_ := set .Values.conf.tacker.alarm_auth "username" .Values.endpoints.identity.auth.tacker.username -}} +{{- end -}} +{{- if empty .Values.conf.tacker.alarm_auth.password -}} +{{- $_ := set .Values.conf.tacker.alarm_auth "password" .Values.endpoints.identity.auth.tacker.password -}} +{{- end -}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: tacker-etc + namespace: openstack +type: Opaque +data: + config.json: {{ toPrettyJson .Values.conf.server | b64enc }} + config-conductor.json: {{ toPrettyJson .Values.conf.conductor | b64enc }} + tacker.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.tacker | b64enc }} + api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} + logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} +{{- end }} diff --git a/tacker/templates/deployment-conductor.yaml b/tacker/templates/deployment-conductor.yaml new file mode 100644 index 0000000000..ebf278189c --- /dev/null +++ b/tacker/templates/deployment-conductor.yaml @@ -0,0 +1,114 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_conductor }} +{{- $envAll := . }} +{{- $serviceAccountName := "tacker-conductor" }} +{{ tuple $envAll "conductor" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tacker-conductor + labels: +{{ tuple $envAll "tacker" "conductor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + selector: + matchLabels: +{{ tuple $envAll "tacker" "conductor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} + replicas: {{ .Values.pod.replicas.conductor }} + template: + metadata: + labels: +{{ tuple $envAll "tacker" "conductor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + nodeSelector: + {{ .Values.labels.conductor.node_selector_key }}: {{ .Values.labels.conductor.node_selector_value }} + serviceAccountName: {{ $serviceAccountName }} +{{ dict "envAll" $envAll "application" "conductor" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: application + operator: In + values: + - tacker + - key: component + operator: In + values: + - server + topologyKey: kubernetes.io/hostname + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.conductor.timeout | default "30" }} + containers: + - name: tacker-conductor + image: {{ .Values.images.tags.tacker_conductor }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - /bin/bash + - -c + - /tmp/tacker-conductor.sh + volumeMounts: + - name: localtime + mountPath: "/etc/localtime" + readOnly: yes + - name: tacker-etc + mountPath: "/etc/tacker/config.json" + readOnly: yes + subPath: config-conductor.json + - name: tacker-etc + mountPath: "/etc/tacker/api-paste.ini" + readOnly: yes + subPath: api-paste.ini + - name: tacker-etc + mountPath: "/etc/tacker/tacker.conf" + readOnly: yes + subPath: tacker.conf + - name: tacker-etc + mountPath: "/etc/tacker/logging.conf" + readOnly: yes + subPath: logging.conf +{{- range $key, $volume := $envAll.Values.storage.volumes }} + - name: {{ $key | replace "_" "-" }} + mountPath: {{ $volume.mount_path | quote }} + readOnly: false +{{- end }} + - name: tacker-conductor-sh + mountPath: /tmp/tacker-conductor.sh + subPath: tacker-conductor.sh + readOnly: true + ports: + - name: conductor + containerPort: 5672 + initContainers: +{{ tuple $envAll "server" tuple | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + volumes: + - name: localtime + hostPath: + path: "/etc/localtime" + - name: tacker-etc + secret: + defaultMode: 292 + secretName: tacker-etc +{{- range $key, $volume := $envAll.Values.storage.volumes }} + - name: {{ $key | replace "_" "-" }} + persistentVolumeClaim: + claimName: {{ $volume.name }} +{{- end }} + - name: tacker-conductor-sh + configMap: + name: tacker-bin + defaultMode: 0555 +{{- end }} diff --git a/tacker/templates/deployment-server.yaml b/tacker/templates/deployment-server.yaml new file mode 100644 index 0000000000..72eaa68b73 --- /dev/null +++ b/tacker/templates/deployment-server.yaml @@ -0,0 +1,100 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_server }} +{{- $envAll := . }} +{{- $serviceAccountName := "tacker-server" }} +{{ tuple $envAll "server" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tacker-server + labels: +{{ tuple $envAll "tacker" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + selector: + matchLabels: +{{ tuple $envAll "tacker" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} + replicas: {{ .Values.pod.replicas.server }} + template: + metadata: + labels: +{{ tuple $envAll "tacker" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + nodeSelector: + {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }} + serviceAccountName: tacker-server +{{ dict "envAll" $envAll "application" "server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.server.timeout | default "30" }} + containers: + - name: tacker-server + image: {{ .Values.images.tags.tacker_server }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - /bin/bash + - -c + - /tmp/tacker-server.sh + volumeMounts: + - name: localtime + mountPath: "/etc/localtime" + readOnly: yes + - name: tacker-etc + mountPath: "/etc/tacker/config.json" + readOnly: yes + subPath: config-server.json + - name: tacker-etc + mountPath: "/etc/tacker/api-paste.ini" + readOnly: yes + subPath: api-paste.ini + - name: tacker-etc + mountPath: "/etc/tacker/tacker.conf" + readOnly: yes + subPath: tacker.conf + - name: tacker-etc + mountPath: "/etc/tacker/logging.conf" + readOnly: yes + subPath: logging.conf +{{- range $key, $volume := $envAll.Values.storage.volumes }} + - name: {{ $key | replace "_" "-" }} + mountPath: {{ $volume.mount_path | quote }} + readOnly: false +{{- end }} + - name: tacker-server-sh + mountPath: /tmp/tacker-server.sh + subPath: tacker-server.sh + readOnly: true + ports: + - name: t-api + containerPort: 9890 + initContainers: +{{ tuple $envAll "server" tuple | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + volumes: + - name: localtime + hostPath: + path: "/etc/localtime" + - name: tacker-etc + secret: + defaultMode: 292 + secretName: tacker-etc +{{- range $key, $volume := $envAll.Values.storage.volumes }} + - name: {{ $key | replace "_" "-" }} + persistentVolumeClaim: + claimName: {{ $volume.name }} +{{- end }} + - name: tacker-server-sh + configMap: + name: tacker-bin + defaultMode: 0555 +{{- end }} diff --git a/tacker/templates/ingress-api.yaml b/tacker/templates/ingress-api.yaml new file mode 100644 index 0000000000..e3ecb2c776 --- /dev/null +++ b/tacker/templates/ingress-api.yaml @@ -0,0 +1,23 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }} +{{- $envAll := . }} +{{- $ingressOpts := dict "envAll" $envAll "backendServiceType" "nfv_orchestration" "backendPort" "t-api" -}} +{{- $secretName := $envAll.Values.secrets.tls.nfv_orchestration.api.internal -}} +{{- if and .Values.manifests.certificates $secretName -}} +{{- $_ := set $ingressOpts "certIssuer" .Values.endpoints.nfv_orchestratio.host_fqdn_override.default.tls.issuerRef.name -}} +{{- end -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} diff --git a/tacker/templates/job-db-drop.yaml b/tacker/templates/job-db-drop.yaml new file mode 100644 index 0000000000..33fa7f0845 --- /dev/null +++ b/tacker/templates/job-db-drop.yaml @@ -0,0 +1,25 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if .Values.manifests.job_db_drop }} +{{- $serviceName := "tacker" -}} +{{- $dbToDrop := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName "tacker" ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "database" "configDbKey" "connection" -}} +{{- $dbDropJob := dict "envAll" . "serviceName" $serviceName "dbToDrop" $dbToDrop -}} +{{- if .Values.manifests.certificates -}} +{{- $_ := set $dbToDrop "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} +{{- end -}} +{{- if .Values.pod.tolerations.tacker.enabled -}} +{{- $_ := set $dbDropJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} +{{- end }} diff --git a/tacker/templates/job-db-init.yaml b/tacker/templates/job-db-init.yaml new file mode 100644 index 0000000000..bbf4d7d622 --- /dev/null +++ b/tacker/templates/job-db-init.yaml @@ -0,0 +1,36 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.db_init" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-5" +{{- end }} + +{{- if .Values.manifests.job_db_init }} + +{{- $serviceName := "tacker" -}} +{{- $dbToInit := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "database" "configDbKey" "connection" -}} +{{- $dbInitJob := dict "envAll" . "serviceName" $serviceName "dbToInit" $dbToInit -}} + +{{- if .Values.manifests.certificates -}} +{{- $_ := set $dbInitJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} +{{- end -}} +{{- if .Values.helm3_hook }} +{{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }} +{{- end }} +{{- if .Values.pod.tolerations.tacker.enabled -}} +{{- $_ := set $dbInitJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} +{{- end }} \ No newline at end of file diff --git a/tacker/templates/job-db-sync.yaml b/tacker/templates/job-db-sync.yaml new file mode 100644 index 0000000000..95f1377a86 --- /dev/null +++ b/tacker/templates/job-db-sync.yaml @@ -0,0 +1,33 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.db_sync" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-4" +{{- end }} + +{{- if .Values.manifests.job_db_sync }} +{{- $serviceName := "tacker" }} +{{- $dbSyncJob := dict "envAll" . "serviceName" $serviceName "podVolMounts" .Values.pod.mounts.tacker_db_sync.tacker_db_sync.volumeMounts "podVols" .Values.pod.mounts.tacker_db_sync.tacker_db_sync.volumes -}} +{{- if .Values.manifests.certificates -}} +{{- $_ := set $dbSyncJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} +{{- end -}} +{{- if .Values.helm3_hook }} +{{- $_ := set $dbSyncJob "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) }} +{{- end }} +{{- if .Values.pod.tolerations.tacker.enabled -}} +{{- $_ := set $dbSyncJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} +{{- end }} diff --git a/tacker/templates/job-ks-endpoints.yaml b/tacker/templates/job-ks-endpoints.yaml new file mode 100644 index 0000000000..282068c490 --- /dev/null +++ b/tacker/templates/job-ks-endpoints.yaml @@ -0,0 +1,31 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- define "metadata.annotations.job.ks_endpoints" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-2" +{{- end }} + +{{- if .Values.manifests.job_ks_endpoints }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "tacker" "serviceTypes" ( tuple "nfv-orchestration" ) -}} +{{- if or .Values.manifests.certificates .Values.tls.identity -}} +{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.nfv_orchestration.api.internal -}} +{{- end -}} +{{- if .Values.helm3_hook }} +{{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_endpoints" . | fromYaml) }} +{{- end }} +{{- if .Values.pod.tolerations.tacker.enabled -}} +{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} +{{- end }} diff --git a/tacker/templates/job-ks-service.yaml b/tacker/templates/job-ks-service.yaml new file mode 100644 index 0000000000..1fdf0da0a7 --- /dev/null +++ b/tacker/templates/job-ks-service.yaml @@ -0,0 +1,31 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- define "metadata.annotations.job.ks_service" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-3" +{{- end }} + +{{- if .Values.manifests.job_ks_service }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "tacker" "serviceTypes" ( tuple "nfv-orchestration" ) -}} +{{- if or .Values.manifests.certificates .Values.tls.identity -}} +{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.nfv_orchestration.api.internal -}} +{{- end -}} +{{- if .Values.helm3_hook }} +{{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_service" . | fromYaml) }} +{{- end }} +{{- if .Values.pod.tolerations.tacker.enabled -}} +{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} +{{- end }} diff --git a/tacker/templates/job-ks-user.yaml b/tacker/templates/job-ks-user.yaml new file mode 100644 index 0000000000..1cf42fd915 --- /dev/null +++ b/tacker/templates/job-ks-user.yaml @@ -0,0 +1,31 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- define "metadata.annotations.job.ks_user" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-1" +{{- end }} + +{{- if .Values.manifests.job_ks_user }} +{{- $ksUserJob := dict "envAll" . "serviceName" "tacker" -}} +{{- if or .Values.manifests.certificates .Values.tls.identity -}} +{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.nfv_orchestration.api.internal -}} +{{- end -}} +{{- if .Values.helm3_hook }} +{{- $_ := set $ksUserJob "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) }} +{{- end }} +{{- if .Values.pod.tolerations.tacker.enabled -}} +{{- $_ := set $ksUserJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} +{{- end }} diff --git a/tacker/templates/job-rabbit-init.yaml b/tacker/templates/job-rabbit-init.yaml new file mode 100644 index 0000000000..8c1a64b94e --- /dev/null +++ b/tacker/templates/job-rabbit-init.yaml @@ -0,0 +1,31 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- define "metadata.annotations.job.rabbit_init" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-4" +{{- end }} + +{{- if .Values.manifests.job_rabbit_init }} +{{- $rmqUserJob := dict "envAll" . "serviceName" "tacker" -}} +{{- if .Values.manifests.certificates -}} +{{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}} +{{- end -}} +{{- if .Values.helm3_hook }} +{{- $_ := set $rmqUserJob "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) }} +{{- end }} +{{- if .Values.pod.tolerations.tacker.enabled -}} +{{- $_ := set $rmqUserJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }} +{{- end }} diff --git a/tacker/templates/pvc.yaml b/tacker/templates/pvc.yaml new file mode 100644 index 0000000000..8b1678b3a8 --- /dev/null +++ b/tacker/templates/pvc.yaml @@ -0,0 +1,38 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{ define "tacker.pvc" }} +{{- $name := index . 0 }} +{{- $size := index . 1 }} +{{- $storageClass := index . 2 }} +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ $name }} +spec: + accessModes: + - "ReadWriteMany" + resources: + requests: + storage: {{ $size }} + storageClassName: {{ $storageClass }} +{{- end }} + +{{- if .Values.manifests.pvc }} +{{- $storageClass := .Values.storage.storageClass }} +{{- range .Values.storage.volumes }} +{{ tuple .name .size $storageClass | include "tacker.pvc" }} +{{- end }} +{{- end }} diff --git a/tacker/templates/secret-db.yaml b/tacker/templates/secret-db.yaml new file mode 100644 index 0000000000..1fcb7b88ea --- /dev/null +++ b/tacker/templates/secret-db.yaml @@ -0,0 +1,29 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_db }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "tacker" }} +{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} +{{- $connection := tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + DB_CONNECTION: {{ $connection | b64enc -}} +{{- end }} +{{- end }} diff --git a/tacker/templates/secret-keystone.yaml b/tacker/templates/secret-keystone.yaml new file mode 100644 index 0000000000..642ccdcdc1 --- /dev/null +++ b/tacker/templates/secret-keystone.yaml @@ -0,0 +1,27 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if .Values.manifests.secret_keystone }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "tacker" }} +{{- $secretName := index $envAll.Values.secrets.identity $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: +{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}} +{{- end }} +{{- end }} diff --git a/tacker/templates/secret-rabbitmq.yaml b/tacker/templates/secret-rabbitmq.yaml new file mode 100644 index 0000000000..1d4c304192 --- /dev/null +++ b/tacker/templates/secret-rabbitmq.yaml @@ -0,0 +1,31 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if .Values.manifests.secret_rabbitmq }} +{{- $envAll := . }} +{{- $rabbitmqProtocol := "http" }} +{{- if $envAll.Values.manifests.certificates }} +{{- $rabbitmqProtocol = "https" }} +{{- end }} +{{- range $key1, $userClass := tuple "admin" "tacker" }} +{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }} +{{- end }} +{{- end }} diff --git a/tacker/templates/service-api.yaml b/tacker/templates/service-api.yaml new file mode 100644 index 0000000000..c644d70e86 --- /dev/null +++ b/tacker/templates/service-api.yaml @@ -0,0 +1,36 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if .Values.manifests.service_api }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "nfv_orchestration" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: t-api + port: {{ tuple "nfv_orchestration" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{ if .Values.network.api.node_port.enabled }} + nodePort: {{ .Values.network.api.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "tacker" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.api.node_port.enabled }} + type: NodePort + {{ if .Values.network.api.external_policy_local }} + externalTrafficPolicy: Local + {{ end }} + {{ end }} +{{- end }} diff --git a/tacker/templates/service-conductor.yaml b/tacker/templates/service-conductor.yaml new file mode 100644 index 0000000000..1b2b780d96 --- /dev/null +++ b/tacker/templates/service-conductor.yaml @@ -0,0 +1,36 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if .Values.manifests.service_conductor }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "nfv_orchestration" "conductor" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: conductor + port: {{ tuple "nfv_orchestration" "internal" "conductor" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{ if .Values.network.conductor.node_port.enabled }} + nodePort: {{ .Values.network.conductor.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "tacker" "conductor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.conductor.node_port.enabled }} + type: NodePort + {{ if .Values.network.conductor.external_policy_local }} + externalTrafficPolicy: Local + {{ end }} + {{ end }} +{{- end }} diff --git a/tacker/templates/service-ingress-api.yaml b/tacker/templates/service-ingress-api.yaml new file mode 100644 index 0000000000..0af65d634c --- /dev/null +++ b/tacker/templates/service-ingress-api.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "nfv_orchestration" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} +{{- end }} diff --git a/tacker/values.yaml b/tacker/values.yaml new file mode 100644 index 0000000000..90702f95b4 --- /dev/null +++ b/tacker/values.yaml @@ -0,0 +1,612 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for tacker. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +labels: + server: + node_selector_key: openstack-control-plane + node_selector_value: enabled + conductor: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +images: + pull_policy: IfNotPresent + tags: + tacker_server: docker.io/openstackhelm/tacker:2023.1-ubuntu_focal + tacker_conductor: docker.io/openstackhelm/tacker:2023.1-ubuntu_focal + db_init: docker.io/openstackhelm/heat:2023.1-ubuntu_focal + db_drop: docker.io/openstackhelm/heat:2023.1-ubuntu_focal + tacker_db_sync: docker.io/openstackhelm/tacker:2023.1-ubuntu_focal + ks_endpoints: docker.io/openstackhelm/heat:2023.1-ubuntu_focal + ks_service: docker.io/openstackhelm/heat:2023.1-ubuntu_focal + ks_user: docker.io/openstackhelm/heat:2023.1-ubuntu_focal + rabbit_init: docker.io/rabbitmq:3.7-management + dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +dependencies: + static: + server: + jobs: + - tacker-db-sync + - tacker-ks-user + - tacker-ks-endpoints + - tacker-rabbit-init + services: + - endpoint: internal + service: oslo_db + - endpoint: internal + service: identity + - endpoint: internal + service: key_manager + conductor: + jobs: + - tacker-db-sync + - tacker-ks-user + - tacker-ks-endpoints + - tacker-rabbit-init + services: + - endpoint: internal + service: oslo_db + - endpoint: internal + service: identity + - endpoint: internal + service: key_manager + db_drop: + services: + - endpoint: internal + service: oslo_db + db_init: + services: + - endpoint: internal + service: oslo_db + db_sync: + jobs: + - tacker-db-init + services: + - endpoint: internal + service: oslo_db + ks_endpoints: + jobs: + - tacker-ks-service + services: + - endpoint: internal + service: identity + ks_service: + services: + - endpoint: internal + service: identity + ks_user: + services: + - endpoint: internal + service: identity + +pod: + security_context: + server: + pod: + runAsUser: 42424 + runAsNonRoot: true + conductor: + pod: + runAsUser: 42424 + runAsNonRoot: true + lifecycle: + termination_grace_period: + server: + timeout: 30 + conductor: + timeout: 30 + replicas: + conductor: 1 + server: 1 + tolerations: + tacker: + enabled: false + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule + resources: + enabled: false + jobs: + db_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_drop: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_user: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_service: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_endpoints: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + mounts: + tacker_db_sync: + tacker_db_sync: + volumeMounts: + volumes: + +storage: + storageClass: general + volumes: + csar_files: + name: tacker-csar-files + size: 2Gi + mount_path: "/var/lib/tacker/csar_files" + vnfpackages: + name: tacker-vnfpackages + size: 2Gi + mount_path: "/var/lib/tacker/vnfpackages" + logs: + name: tacker-logs + size: 2Gi + mount_path: "/var/log/openstackhelm/tacker" + +network: + api: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + external_policy_local: false + node_port: + enabled: false + port: 30900 + conductor: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + external_policy_local: false + node_port: + enabled: false + port: 30901 + +secrets: + identity: + admin: tacker-keystone-admin + tacker: tacker-keystone-user + oslo_db: + admin: tacker-db-admin + tacker: tacker-db-user + oslo_messaging: + admin: tacker-rabbitmq-admin + tacker: tacker-rabbitmq-user + oci_image_registry: + tacker: tacker-oci-image-registry + tls: + nfv_orchestration: + api: + public: tacker-tls-public + internal: tacker-tls-internal + +endpoints: + cluster_domain_suffix: cluster.local + oslo_db: + auth: + admin: + username: root + password: password + secret: + tls: + internal: mariadb-tls-direct + tacker: + username: tacker + password: password + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /tacker + scheme: mysql+pymysql + port: + mysql: + default: 3306 + identity: + name: keystone + auth: + admin: + region_name: RegionOne + username: admin + password: password + project_name: admin + user_domain_name: default + project_domain_name: default + tacker: + role: admin + region_name: RegionOne + username: tacker + password: password + project_name: service + user_domain_name: service + project_domain_name: service + hosts: + default: keystone + internal: keystone-api + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: http + port: + api: + default: 80 + internal: 5000 + oslo_messaging: + auth: + admin: + username: rabbitmq + password: password + secret: + tls: + internal: rabbitmq-tls-direct + tacker: + username: tacker + password: password + statefulset: + replicas: 2 + name: rabbitmq-rabbitmq + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: /tacker + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + nfv_orchestration: + name: tacker + hosts: + default: tacker-api + conductor: tacker-conductor + public: tacker + host_fqdn_override: + default: null + path: + default: null + scheme: + default: http + port: + api: + default: 9890 + public: 80 + conductor: + default: 5672 + key_manager: + name: barbican + hosts: + default: barbican-api + public: barbican + host_fqdn_override: + default: null + path: + default: /v1 + scheme: + default: http + port: + api: + default: 9311 + public: 80 + +conf: + tacker: + DEFAULT: + log_config_append: /etc/tacker/logging.conf + debug: false + log_dir: /var/log/openstackhelm/tacker + api_workers: 5 + service_plugins: "nfvo,vnfm" + nfvo: + vim_drivers: openstack + openstack_vim: + stack_retries: 60 + stack_retry_wait: 10 + vim_keys: + use_barbican: true + tacker: + monitor_driver: "ping,http_ping" + alarm_monitor_driver: ceilometer + cors: + enabled: true + allowed_origin: "*" + max_age: 3600 + allow_methods: "GET,POST,PUT,DELETE,PATCH,OPTIONS" + allow_headers: "Content-Type,Version,Accept,X-Auth-Token" + expose_headers: "Content-Type,Accept,Cache-Control,Content-Language,X-Subject-Token" + database: + connection_recycle_time: 10 + max_pool_size: 1 + max_retries: "-1" + keystone_authtoken: + service_type: nfv-orchestration + auth_type: password + auth_version: v3 + service_token_roles_required: true + cafile: "" + memcache_security_strategy: ENCRYPT + alarm_auth: {} + ceilometer: + host: tacker-api.openstack.svc.cluster.local + port: 9890 + oslo_messaging_notifications: + driver: noop + glance_store: + filesystem_store_datadir: /var/lib/tacker/csar_files + server: + command: "tacker-server --config-file /etc/tacker/tacker.conf" + config_files: + - source: "/etc/tacker/tacker.conf" + dest: "/etc/tacker/tacker.conf" + owner: "tacker" + perm: "0600" + permissions: + - path: "/var/log/openstackhelm/tacker" + owner: "tacker:tacker" + recurse: true + - path: "/var/lib/tacker/csar_files" + owner: "tacker:tacker" + conductor: + command: "tacker-conductor --config-file /etc/tacker/tacker.conf" + config_files: + - source: "/etc/tacker/tacker.conf" + dest: "/etc/tacker/tacker.conf" + owner: "tacker" + perm: "0600" + permissions: + - path: "/var/log/openstackhelm/tacker" + owner: "tacker:tacker" + recurse: true + - path: "/var/lib/tacker/vnfpackages" + owner: "tacker:tacker" + - path: "/var/lib/tacker/csar_files" + owner: "tacker:tacker" + paste: + composite:tacker: + use: egg:Paste#urlmap + /: tackerversions + /v1.0: tackerapi_v1_0 + /vnfpkgm/v1: vnfpkgmapi_v1 + /vnflcm: vnflcm_versions + /vnflcm/v1: vnflcm_v1 + /vnflcm/v2: vnflcm_v2 + /vnffm/v1: vnffm_v1 + /vnfpm/v2: vnfpm_v2 + /alert/vnf_instances: prometheus_auto_scaling + /alert: prometheus_fm + /pm_event: prometheus_pm + /server_notification: server_notification + composite:tackerapi_v1_0: + use: call:tacker.auth:pipeline_factory + noauth: cors request_id catch_errors extensions tackerapiapp_v1_0 + keystone: cors request_id catch_errors alarm_receiver authtoken keystonecontext extensions tackerapiapp_v1_0 + composite:vnfpkgmapi_v1: + use: call:tacker.auth:pipeline_factory + noauth: cors request_id catch_errors vnfpkgmapp_v1 + keystone: cors request_id catch_errors authtoken keystonecontext vnfpkgmapp_v1 + composite:vnflcm_v1: + use: call:tacker.auth:pipeline_factory + noauth: cors request_id catch_errors vnflcmaapp_v1 + keystone: cors request_id catch_errors authtoken keystonecontext vnflcmaapp_v1 + composite:vnflcm_v2: + use: call:tacker.auth:pipeline_factory + noauth: cors request_id catch_errors vnflcmaapp_v2 + keystone: cors request_id catch_errors authtoken keystonecontext vnflcmaapp_v2 + composite:vnfpm_v2: + use: call:tacker.auth:pipeline_factory + noauth: cors request_id catch_errors vnfpmaapp_v2 + keystone: cors request_id catch_errors authtoken keystonecontext vnfpmaapp_v2 + composite:vnflcm_versions: + use: call:tacker.auth:pipeline_factory + noauth: cors request_id catch_errors vnflcm_api_versions + keystone: cors request_id catch_errors authtoken keystonecontext vnflcm_api_versions + composite:vnffm_v1: + use: call:tacker.auth:pipeline_factory + noauth: cors request_id catch_errors vnffmaapp_v1 + keystone: cors request_id catch_errors authtoken keystonecontext vnffmaapp_v1 + filter:cors: + paste.filter_factory: oslo_middleware.cors:filter_factory + oslo_config_project: tacker + filter:request_id: + paste.filter_factory: oslo_middleware:RequestId.factory + filter:catch_errors: + paste.filter_factory: oslo_middleware:CatchErrors.factory + filter:alarm_receiver: + paste.filter_factory: tacker.alarm_receiver:AlarmReceiver.factory + filter:keystonecontext: + paste.filter_factory: tacker.auth:TackerKeystoneContext.factory + filter:authtoken: + paste.filter_factory: keystonemiddleware.auth_token:filter_factory + filter:extensions: + paste.filter_factory: tacker.api.extensions:extension_middleware_factory + app:tackerversions: + paste.app_factory: tacker.api.versions:Versions.factory + app:tackerapiapp_v1_0: + paste.app_factory: tacker.api.v1.router:APIRouter.factory + app:vnfpkgmapp_v1: + paste.app_factory: tacker.api.vnfpkgm.v1.router:VnfpkgmAPIRouter.factory + app:vnflcmaapp_v1: + paste.app_factory: tacker.api.vnflcm.v1.router:VnflcmAPIRouter.factory + app:vnflcmaapp_v2: + paste.app_factory: tacker.sol_refactored.api.router:VnflcmAPIRouterV2.factory + app:vnfpmaapp_v2: + paste.app_factory: tacker.sol_refactored.api.router:VnfPmAPIRouterV2.factory + app:vnflcm_api_versions: + paste.app_factory: tacker.sol_refactored.api.router:VnflcmVersions.factory + app:vnffmaapp_v1: + paste.app_factory: tacker.sol_refactored.api.router:VnffmAPIRouterV1.factory + app:prometheus_auto_scaling: + paste.app_factory: tacker.sol_refactored.api.prometheus_plugin_router:AutoScalingRouter.factory + app:prometheus_fm: + paste.app_factory: tacker.sol_refactored.api.prometheus_plugin_router:FmAlertRouter.factory + app:prometheus_pm: + paste.app_factory: tacker.sol_refactored.api.prometheus_plugin_router:PmEventRouter.factory + app:server_notification: + paste.app_factory: tacker.sol_refactored.api.server_notification_router:ServerNotificationRouter.factory + logging: + loggers: + keys: + - root + - tacker + handlers: + keys: + - stdout + - stderr + - "null" + formatters: + keys: + - context + - default + logger_root: + level: WARNING + handlers: 'null' + logger_tacker: + level: INFO + handlers: + - stdout + qualname: tacker + logger_amqp: + level: WARNING + handlers: stderr + qualname: amqp + logger_amqplib: + level: WARNING + handlers: stderr + qualname: amqplib + logger_eventletwsgi: + level: WARNING + handlers: stderr + qualname: eventlet.wsgi.server + logger_sqlalchemy: + level: WARNING + handlers: stderr + qualname: sqlalchemy + logger_boto: + level: WARNING + handlers: stderr + qualname: boto + handler_null: + class: logging.NullHandler + formatter: default + args: () + handler_stdout: + class: StreamHandler + args: (sys.stdout,) + formatter: context + handler_stderr: + class: StreamHandler + args: (sys.stderr,) + formatter: context + formatter_context: + class: oslo_log.formatters.ContextFormatter + datefmt: "%Y-%m-%d %H:%M:%S" + formatter_default: + format: "%(message)s" + datefmt: "%Y-%m-%d %H:%M:%S" + +tls: + identity: false + oslo_messaging: false + oslo_db: false + +manifests: + certificates: false + configmap_etc: true + configmap_bin: true + deployment_server: true + deployment_conductor: true + job_db_init: true + job_db_drop: false + job_db_sync: true + job_ks_endpoints: true + job_ks_service: true + job_ks_user: true + job_rabbit_init: true + pvc: true + secret_db: true + secret_keystone: true + secret_rabbitmq: true + service_api: true + service_conductor: true + ingress_api: true + service_ingress_api: true +... diff --git a/tacker/values_overrides/2023.1-ubuntu_focal.yaml b/tacker/values_overrides/2023.1-ubuntu_focal.yaml new file mode 100644 index 0000000000..0d5d6d15ea --- /dev/null +++ b/tacker/values_overrides/2023.1-ubuntu_focal.yaml @@ -0,0 +1,16 @@ +# Default values for tacker. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +images: + tags: + tacker_server: docker.io/openstackhelm/tacker:2023.1-ubuntu_focal + tacker_conductor: docker.io/openstackhelm/tacker:2023.1-ubuntu_focal + db_init: docker.io/openstackhelm/heat:2023.1-ubuntu_focal + db_drop: docker.io/openstackhelm/heat:2023.1-ubuntu_focal + tacker_db_sync: docker.io/openstackhelm/tacker:2023.1-ubuntu_focal + ks_endpoints: docker.io/openstackhelm/heat:2023.1-ubuntu_focal + ks_service: docker.io/openstackhelm/heat:2023.1-ubuntu_focal + ks_user: docker.io/openstackhelm/heat:2023.1-ubuntu_focal + rabbit_init: docker.io/rabbitmq:3.7-management + dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 diff --git a/tacker/values_overrides/zed-ubuntu_focal.yaml b/tacker/values_overrides/zed-ubuntu_focal.yaml new file mode 100644 index 0000000000..cab8d2c40f --- /dev/null +++ b/tacker/values_overrides/zed-ubuntu_focal.yaml @@ -0,0 +1,40 @@ +# Default values for tacker. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +images: + tags: + tacker_server: docker.io/openstackhelm/tacker:zed-ubuntu_focal + tacker_conductor: docker.io/openstackhelm/tacker:zed-ubuntu_focal + db_init: docker.io/openstackhelm/heat:zed-ubuntu_focal + db_drop: docker.io/openstackhelm/heat:zed-ubuntu_focal + tacker_db_sync: docker.io/openstackhelm/tacker:zed-ubuntu_focal + ks_endpoints: docker.io/openstackhelm/heat:zed-ubuntu_focal + ks_service: docker.io/openstackhelm/heat:zed-ubuntu_focal + ks_user: docker.io/openstackhelm/heat:zed-ubuntu_focal + rabbit_init: docker.io/rabbitmq:3.7-management + dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 + +conf: + paste: + composite:tackerapi_v1_0: + noauth: request_id catch_errors extensions tackerapiapp_v1_0 + keystone: request_id catch_errors alarm_receiver authtoken keystonecontext extensions tackerapiapp_v1_0 + composite:vnfpkgmapi_v1: + noauth: request_id catch_errors vnfpkgmapp_v1 + keystone: request_id catch_errors authtoken keystonecontext vnfpkgmapp_v1 + composite:vnflcm_v1: + noauth: request_id catch_errors vnflcmaapp_v1 + keystone: request_id catch_errors authtoken keystonecontext vnflcmaapp_v1 + composite:vnflcm_v2: + noauth: request_id catch_errors vnflcmaapp_v2 + keystone: request_id catch_errors authtoken keystonecontext vnflcmaapp_v2 + composite:vnfpm_v2: + noauth: request_id catch_errors vnfpmaapp_v2 + keystone: request_id catch_errors authtoken keystonecontext vnfpmaapp_v2 + composite:vnflcm_versions: + noauth: request_id catch_errors vnflcm_api_versions + keystone: request_id catch_errors authtoken keystonecontext vnflcm_api_versions + composite:vnffm_v1: + noauth: request_id catch_errors vnffmaapp_v1 + keystone: request_id catch_errors authtoken keystonecontext vnffmaapp_v1 diff --git a/tools/deployment/component/tacker/tacker.sh b/tools/deployment/component/tacker/tacker.sh new file mode 100755 index 0000000000..1f08377547 --- /dev/null +++ b/tools/deployment/component/tacker/tacker.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +set -xe + +#NOTE: Get the over-rides to use +: ${OSH_EXTRA_HELM_ARGS_TACKER:="$(./tools/deployment/common/get-values-overrides.sh tacker)"} +: ${RUN_HELM_TESTS:="no"} + +#NOTE: Lint and package chart +make tacker + +#NOTE: Deploy command +helm upgrade --install tacker ./tacker \ + --namespace=openstack \ + ${OSH_EXTRA_HELM_ARGS:=} \ + ${OSH_EXTRA_HELM_ARGS_TACKER} + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh openstack diff --git a/zuul.d/jobs-openstack-helm.yaml b/zuul.d/jobs-openstack-helm.yaml index fa44bbfda3..4bddbbdad8 100644 --- a/zuul.d/jobs-openstack-helm.yaml +++ b/zuul.d/jobs-openstack-helm.yaml @@ -624,3 +624,33 @@ - ./tools/deployment/component/horizon/horizon.sh - ./tools/deployment/common/openstack-exporter.sh - ./tools/deployment/common/test-networkpolicy.sh + +- job: + name: openstack-helm-tacker-2023-1-ubuntu_focal + parent: openstack-helm-chart-deploy + nodeset: openstack-helm-single-32GB-focal-tmp + timeout: 7200 + vars: + osh_params: + openstack_release: "2023.1" + container_distro_name: ubuntu + container_distro_version: focal + run_helm_tests: "no" + gate_scripts_relative_path: ../openstack-helm + gate_scripts: + - ./tools/deployment/common/install-packages.sh + - ./tools/deployment/common/deploy-k8s.sh + - - ./tools/deployment/common/setup-client.sh + - ./tools/deployment/component/common/ingress.sh + - - ./tools/deployment/component/common/rabbitmq.sh + - ./tools/deployment/component/common/mariadb.sh + - ./tools/deployment/component/common/memcached.sh + - ./tools/deployment/component/keystone/keystone.sh + - - ./tools/deployment/component/heat/heat.sh + - ./tools/deployment/component/glance/glance.sh + - ./tools/deployment/component/compute-kit/openvswitch.sh + - ./tools/deployment/component/compute-kit/libvirt.sh + - ./tools/deployment/component/compute-kit/compute-kit.sh + - ./tools/deployment/component/barbican/barbican.sh + - ./tools/deployment/component/nfs-provisioner/nfs-provisioner.sh + - ./tools/deployment/component/tacker/tacker.sh diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index e0ef3d19aa..fabb997d94 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -33,7 +33,6 @@ - openstack-helm-compute-kit-2023-1-ubuntu_focal - openstack-helm-keystone-ldap-2023-1-ubuntu_focal - openstack-helm-tls-2023-1-ubuntu_focal - gate: jobs: - openstack-helm-lint @@ -51,6 +50,7 @@ - openstack-helm-netpol-cinder - openstack-helm-tls-2023-1-ubuntu_focal - openstack-helm-tungsten-fabric + - openstack-helm-tacker-2023-1-ubuntu_focal periodic-weekly: jobs: - openstack-helm-cinder-victoria-ubuntu_focal