openstack/openstack-helm
Code Issues Proposed changes

Add Tacker chart

Browse Source 
At this point it requires nfs provisioner that provides
ReadWriteMany volumes for vnfpackages, csar files and
also the same storage class is used for logs.

Also this patch adds a job that only deploys Tacker but
does not tests it in any way. This job is put to the experimental
pipeline.

Co-authored-by: Vladimir Kozhukalov <kozhukalov@gmail.com>

Story: 2010682
Task: 47771
Change-Id: I56d7ba489746ab4f818086440a7783f4b1ecb292
This commit is contained in:
Ayumu Ueha 2023-07-14 06:15:46 +00:00
parent 2b71ad5dae
commit 97c1c61ea2
32 changed files with 1660 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
releasenotes/notes/tacker.yaml Normal file
View File

@ -0,0 +1,4 @@
---
tacker:
- 0.1.0 Initial Chart
...

23
tacker/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

24
tacker/Chart.yaml Normal file
View File

@ -0,0 +1,24 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Tacker
name: tacker
version: 0.1.0
home: https://docs.openstack.org/tacker/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Tacker/OpenStack_Project_Tacker_vertical.png
sources:
- https://opendev.org/openstack/tacker
- https://opendev.org/openstack/openstack-helm
maintainers:
- name: OpenStack-Helm Authors

16
tacker/requirements.yaml Normal file
View File

@ -0,0 +1,16 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
version: ">= 0.1.0"

18
tacker/templates/bin/_db-sync.sh.tpl Normal file
View File

@ -0,0 +1,18 @@
#!/bin/bash
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
tacker-db-manage --config-file /etc/tacker/tacker.conf upgrade head

23
tacker/templates/bin/_tacker_conductor.sh.tpl Normal file
View File

@ -0,0 +1,23 @@
#!/bin/bash
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
pip install python-cinderclient
pip install retrying
pip install boto3
apt update
apt install curl -y -f --install-suggests
curl -o /tmp/helm.tar.gz https://get.helm.sh/helm-v3.11.2-linux-amd64.tar.gz
tar zxf /tmp/helm.tar.gz -C /tmp/;mv /tmp/linux-amd64/helm /usr/local/bin/helm
tacker-conductor --config-file /etc/tacker/tacker.conf

23
tacker/templates/bin/_tacker_server.sh.tpl Normal file
View File

@ -0,0 +1,23 @@
#!/bin/bash
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
pip install python-cinderclient
pip install retrying
pip install boto3
apt update
apt install curl -y -f --install-suggests
curl -o /tmp/helm.tar.gz https://get.helm.sh/helm-v3.11.2-linux-amd64.tar.gz
tar zxf /tmp/helm.tar.gz -C /tmp/;mv /tmp/linux-amd64/helm /usr/local/bin/helm
tacker-server --config-file /etc/tacker/tacker.conf

39
tacker/templates/configmap-bin.yaml Normal file
View File

@ -0,0 +1,39 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_bin }}
---
apiVersion: v1
data:
tacker-server.sh: |
{{ tuple "bin/_tacker_server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
tacker-conductor.sh: |
{{ tuple "bin/_tacker_conductor.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
db-drop.py: |
{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }}
db-init.py: |
{{- include "helm-toolkit.scripts.db_init" . | indent 4 }}
db-sync.sh: |
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ks-endpoints.sh: |
{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
ks-service.sh: |
{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }}
ks-user.sh: |
{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
rabbit-init.sh: |
{{- include "helm-toolkit.scripts.rabbit_init" .| indent 4 }}
kind: ConfigMap
metadata:
name: tacker-bin
{{- end }}

91
tacker/templates/configmap-etc.yaml Normal file
View File

@ -0,0 +1,91 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_etc }}
{{- $envAll := . }}
{{- if empty .Values.conf.tacker.database.connection -}}
{{- $connection := tuple "oslo_db" "internal" "tacker" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | set .Values.conf.tacker.database "connection" -}}
{{- else -}}
{{- $_ := set .Values.conf.tacker.database "connection" $connection -}}
{{- end -}}
{{- end -}}
{{- if empty .Values.conf.tacker.DEFAULT.transport_url -}}
{{- $_ := tuple "oslo_messaging" "internal" "tacker" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.tacker.DEFAULT "transport_url" -}}
{{- end -}}
{{- if empty .Values.conf.tacker.oslo_messaging_notifications.transport_url -}}
{{- $_ := tuple "oslo_messaging" "internal" "tacker" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.tacker.oslo_messaging_notifications "transport_url" -}}
{{- end -}}
{{- if empty .Values.conf.tacker.keystone_authtoken.www_authenticate_uri -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.tacker.keystone_authtoken "www_authenticate_uri" -}}
{{- end -}}
{{- if empty .Values.conf.tacker.keystone_authtoken.auth_url -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.tacker.keystone_authtoken "auth_url" -}}
{{- end -}}
{{- if empty .Values.conf.tacker.keystone_authtoken.region_name -}}
{{- $_ := set .Values.conf.tacker.keystone_authtoken "region_name" .Values.endpoints.identity.auth.tacker.region_name -}}
{{- end -}}
{{- if empty .Values.conf.tacker.keystone_authtoken.project_name -}}
{{- $_ := set .Values.conf.tacker.keystone_authtoken "project_name" .Values.endpoints.identity.auth.tacker.project_name -}}
{{- end -}}
{{- if empty .Values.conf.tacker.keystone_authtoken.project_domain_name -}}
{{- $_ := set .Values.conf.tacker.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.tacker.project_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.tacker.keystone_authtoken.user_domain_name -}}
{{- $_ := set .Values.conf.tacker.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.tacker.user_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.tacker.keystone_authtoken.username -}}
{{- $_ := set .Values.conf.tacker.keystone_authtoken "username" .Values.endpoints.identity.auth.tacker.username -}}
{{- end -}}
{{- if empty .Values.conf.tacker.keystone_authtoken.password -}}
{{- $_ := set .Values.conf.tacker.keystone_authtoken "password" .Values.endpoints.identity.auth.tacker.password -}}
{{- end -}}
{{- if empty .Values.conf.tacker.keystone_authtoken.memcached_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.tacker.keystone_authtoken "memcached_servers" -}}
{{- end -}}
{{- if empty .Values.conf.tacker.keystone_authtoken.memcache_secret_key -}}
{{- $_ := set .Values.conf.tacker.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if empty .Values.conf.tacker.alarm_auth.url -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.tacker.alarm_auth "url" -}}
{{- end -}}
{{- if empty .Values.conf.tacker.alarm_auth.project_name -}}
{{- $_ := set .Values.conf.tacker.alarm_auth "project_name" .Values.endpoints.identity.auth.tacker.project_name -}}
{{- end -}}
{{- if empty .Values.conf.tacker.alarm_auth.username -}}
{{- $_ := set .Values.conf.tacker.alarm_auth "username" .Values.endpoints.identity.auth.tacker.username -}}
{{- end -}}
{{- if empty .Values.conf.tacker.alarm_auth.password -}}
{{- $_ := set .Values.conf.tacker.alarm_auth "password" .Values.endpoints.identity.auth.tacker.password -}}
{{- end -}}
---
apiVersion: v1
kind: Secret
metadata:
name: tacker-etc
namespace: openstack
type: Opaque
data:
config.json: {{ toPrettyJson .Values.conf.server | b64enc }}
config-conductor.json: {{ toPrettyJson .Values.conf.conductor | b64enc }}
tacker.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.tacker | b64enc }}
api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
{{- end }}

114
tacker/templates/deployment-conductor.yaml Normal file
View File

@ -0,0 +1,114 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.deployment_conductor }}
{{- $envAll := . }}
{{- $serviceAccountName := "tacker-conductor" }}
{{ tuple $envAll "conductor" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tacker-conductor
labels:
{{ tuple $envAll "tacker" "conductor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
selector:
matchLabels:
{{ tuple $envAll "tacker" "conductor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
replicas: {{ .Values.pod.replicas.conductor }}
template:
metadata:
labels:
{{ tuple $envAll "tacker" "conductor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
nodeSelector:
{{ .Values.labels.conductor.node_selector_key }}: {{ .Values.labels.conductor.node_selector_value }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "conductor" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: application
operator: In
values:
- tacker
- key: component
operator: In
values:
- server
topologyKey: kubernetes.io/hostname
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.conductor.timeout | default "30" }}
containers:
- name: tacker-conductor
image: {{ .Values.images.tags.tacker_conductor }}
imagePullPolicy: {{ .Values.images.pull_policy }}
command:
- /bin/bash
- -c
- /tmp/tacker-conductor.sh
volumeMounts:
- name: localtime
mountPath: "/etc/localtime"
readOnly: yes
- name: tacker-etc
mountPath: "/etc/tacker/config.json"
readOnly: yes
subPath: config-conductor.json
- name: tacker-etc
mountPath: "/etc/tacker/api-paste.ini"
readOnly: yes
subPath: api-paste.ini
- name: tacker-etc
mountPath: "/etc/tacker/tacker.conf"
readOnly: yes
subPath: tacker.conf
- name: tacker-etc
mountPath: "/etc/tacker/logging.conf"
readOnly: yes
subPath: logging.conf
{{- range $key, $volume := $envAll.Values.storage.volumes }}
- name: {{ $key | replace "_" "-" }}
mountPath: {{ $volume.mount_path | quote }}
readOnly: false
{{- end }}
- name: tacker-conductor-sh
mountPath: /tmp/tacker-conductor.sh
subPath: tacker-conductor.sh
readOnly: true
ports:
- name: conductor
containerPort: 5672
initContainers:
{{ tuple $envAll "server" tuple | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
volumes:
- name: localtime
hostPath:
path: "/etc/localtime"
- name: tacker-etc
secret:
defaultMode: 292
secretName: tacker-etc
{{- range $key, $volume := $envAll.Values.storage.volumes }}
- name: {{ $key | replace "_" "-" }}
persistentVolumeClaim:
claimName: {{ $volume.name }}
{{- end }}
- name: tacker-conductor-sh
configMap:
name: tacker-bin
defaultMode: 0555
{{- end }}

100
tacker/templates/deployment-server.yaml Normal file
View File

@ -0,0 +1,100 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.deployment_server }}
{{- $envAll := . }}
{{- $serviceAccountName := "tacker-server" }}
{{ tuple $envAll "server" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tacker-server
labels:
{{ tuple $envAll "tacker" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
selector:
matchLabels:
{{ tuple $envAll "tacker" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
replicas: {{ .Values.pod.replicas.server }}
template:
metadata:
labels:
{{ tuple $envAll "tacker" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
nodeSelector:
{{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }}
serviceAccountName: tacker-server
{{ dict "envAll" $envAll "application" "server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.server.timeout | default "30" }}
containers:
- name: tacker-server
image: {{ .Values.images.tags.tacker_server }}
imagePullPolicy: {{ .Values.images.pull_policy }}
command:
- /bin/bash
- -c
- /tmp/tacker-server.sh
volumeMounts:
- name: localtime
mountPath: "/etc/localtime"
readOnly: yes
- name: tacker-etc
mountPath: "/etc/tacker/config.json"
readOnly: yes
subPath: config-server.json
- name: tacker-etc
mountPath: "/etc/tacker/api-paste.ini"
readOnly: yes
subPath: api-paste.ini
- name: tacker-etc
mountPath: "/etc/tacker/tacker.conf"
readOnly: yes
subPath: tacker.conf
- name: tacker-etc
mountPath: "/etc/tacker/logging.conf"
readOnly: yes
subPath: logging.conf
{{- range $key, $volume := $envAll.Values.storage.volumes }}
- name: {{ $key | replace "_" "-" }}
mountPath: {{ $volume.mount_path | quote }}
readOnly: false
{{- end }}
- name: tacker-server-sh
mountPath: /tmp/tacker-server.sh
subPath: tacker-server.sh
readOnly: true
ports:
- name: t-api
containerPort: 9890
initContainers:
{{ tuple $envAll "server" tuple | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
volumes:
- name: localtime
hostPath:
path: "/etc/localtime"
- name: tacker-etc
secret:
defaultMode: 292
secretName: tacker-etc
{{- range $key, $volume := $envAll.Values.storage.volumes }}
- name: {{ $key | replace "_" "-" }}
persistentVolumeClaim:
claimName: {{ $volume.name }}
{{- end }}
- name: tacker-server-sh
configMap:
name: tacker-bin
defaultMode: 0555
{{- end }}

23
tacker/templates/ingress-api.yaml Normal file
View File

@ -0,0 +1,23 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }}
{{- $envAll := . }}
{{- $ingressOpts := dict "envAll" $envAll "backendServiceType" "nfv_orchestration" "backendPort" "t-api" -}}
{{- $secretName := $envAll.Values.secrets.tls.nfv_orchestration.api.internal -}}
{{- if and .Values.manifests.certificates $secretName -}}
{{- $_ := set $ingressOpts "certIssuer" .Values.endpoints.nfv_orchestratio.host_fqdn_override.default.tls.issuerRef.name -}}
{{- end -}}
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
{{- end }}

25
tacker/templates/job-db-drop.yaml Normal file
View File

@ -0,0 +1,25 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_db_drop }}
{{- $serviceName := "tacker" -}}
{{- $dbToDrop := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName "tacker" ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "database" "configDbKey" "connection" -}}
{{- $dbDropJob := dict "envAll" . "serviceName" $serviceName "dbToDrop" $dbToDrop -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $dbToDrop "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
{{- end -}}
{{- if .Values.pod.tolerations.tacker.enabled -}}
{{- $_ := set $dbDropJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }}
{{- end }}

36
tacker/templates/job-db-init.yaml Normal file
View File

@ -0,0 +1,36 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "metadata.annotations.job.db_init" }}
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "-5"
{{- end }}
{{- if .Values.manifests.job_db_init }}
{{- $serviceName := "tacker" -}}
{{- $dbToInit := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "database" "configDbKey" "connection" -}}
{{- $dbInitJob := dict "envAll" . "serviceName" $serviceName "dbToInit" $dbToInit -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $dbInitJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }}
{{- end }}
{{- if .Values.pod.tolerations.tacker.enabled -}}
{{- $_ := set $dbInitJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }}
{{- end }}

33
tacker/templates/job-db-sync.yaml Normal file
View File

@ -0,0 +1,33 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "metadata.annotations.job.db_sync" }}
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "-4"
{{- end }}
{{- if .Values.manifests.job_db_sync }}
{{- $serviceName := "tacker" }}
{{- $dbSyncJob := dict "envAll" . "serviceName" $serviceName "podVolMounts" .Values.pod.mounts.tacker_db_sync.tacker_db_sync.volumeMounts "podVols" .Values.pod.mounts.tacker_db_sync.tacker_db_sync.volumes -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $dbSyncJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $dbSyncJob "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) }}
{{- end }}
{{- if .Values.pod.tolerations.tacker.enabled -}}
{{- $_ := set $dbSyncJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }}
{{- end }}

31
tacker/templates/job-ks-endpoints.yaml Normal file
View File

@ -0,0 +1,31 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "metadata.annotations.job.ks_endpoints" }}
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "-2"
{{- end }}
{{- if .Values.manifests.job_ks_endpoints }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "tacker" "serviceTypes" ( tuple "nfv-orchestration" ) -}}
{{- if or .Values.manifests.certificates .Values.tls.identity -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.nfv_orchestration.api.internal -}}
{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_endpoints" . | fromYaml) }}
{{- end }}
{{- if .Values.pod.tolerations.tacker.enabled -}}
{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }}
{{- end }}

31
tacker/templates/job-ks-service.yaml Normal file
View File

@ -0,0 +1,31 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "metadata.annotations.job.ks_service" }}
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "-3"
{{- end }}
{{- if .Values.manifests.job_ks_service }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "tacker" "serviceTypes" ( tuple "nfv-orchestration" ) -}}
{{- if or .Values.manifests.certificates .Values.tls.identity -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.nfv_orchestration.api.internal -}}
{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_service" . | fromYaml) }}
{{- end }}
{{- if .Values.pod.tolerations.tacker.enabled -}}
{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }}
{{- end }}

31
tacker/templates/job-ks-user.yaml Normal file
View File

@ -0,0 +1,31 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "metadata.annotations.job.ks_user" }}
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "-1"
{{- end }}
{{- if .Values.manifests.job_ks_user }}
{{- $ksUserJob := dict "envAll" . "serviceName" "tacker" -}}
{{- if or .Values.manifests.certificates .Values.tls.identity -}}
{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.nfv_orchestration.api.internal -}}
{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $ksUserJob "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) }}
{{- end }}
{{- if .Values.pod.tolerations.tacker.enabled -}}
{{- $_ := set $ksUserJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}

31
tacker/templates/job-rabbit-init.yaml Normal file
View File

@ -0,0 +1,31 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "metadata.annotations.job.rabbit_init" }}
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "-4"
{{- end }}
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "tacker" -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $rmqUserJob "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) }}
{{- end }}
{{- if .Values.pod.tolerations.tacker.enabled -}}
{{- $_ := set $rmqUserJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
{{- end }}

38
tacker/templates/pvc.yaml Normal file
View File

@ -0,0 +1,38 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{ define "tacker.pvc" }}
{{- $name := index . 0 }}
{{- $size := index . 1 }}
{{- $storageClass := index . 2 }}
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ $name }}
spec:
accessModes:
- "ReadWriteMany"
resources:
requests:
storage: {{ $size }}
storageClassName: {{ $storageClass }}
{{- end }}
{{- if .Values.manifests.pvc }}
{{- $storageClass := .Values.storage.storageClass }}
{{- range .Values.storage.volumes }}
{{ tuple .name .size $storageClass | include "tacker.pvc" }}
{{- end }}
{{- end }}

29
tacker/templates/secret-db.yaml Normal file
View File

@ -0,0 +1,29 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "tacker" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
{{- $connection := tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
DB_CONNECTION: {{ $connection | b64enc -}}
{{- end }}
{{- end }}

27
tacker/templates/secret-keystone.yaml Normal file
View File

@ -0,0 +1,27 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "tacker" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
{{- end }}
{{- end }}

31
tacker/templates/secret-rabbitmq.yaml Normal file
View File

@ -0,0 +1,31 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- $rabbitmqProtocol := "http" }}
{{- if $envAll.Values.manifests.certificates }}
{{- $rabbitmqProtocol = "https" }}
{{- end }}
{{- range $key1, $userClass := tuple "admin" "tacker" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }}
{{- end }}

36
tacker/templates/service-api.yaml Normal file
View File

@ -0,0 +1,36 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_api }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "nfv_orchestration" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: t-api
port: {{ tuple "nfv_orchestration" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ if .Values.network.api.node_port.enabled }}
nodePort: {{ .Values.network.api.node_port.port }}
{{ end }}
selector:
{{ tuple $envAll "tacker" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ if .Values.network.api.node_port.enabled }}
type: NodePort
{{ if .Values.network.api.external_policy_local }}
externalTrafficPolicy: Local
{{ end }}
{{ end }}
{{- end }}

36
tacker/templates/service-conductor.yaml Normal file
View File

@ -0,0 +1,36 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_conductor }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "nfv_orchestration" "conductor" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: conductor
port: {{ tuple "nfv_orchestration" "internal" "conductor" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ if .Values.network.conductor.node_port.enabled }}
nodePort: {{ .Values.network.conductor.node_port.port }}
{{ end }}
selector:
{{ tuple $envAll "tacker" "conductor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ if .Values.network.conductor.node_port.enabled }}
type: NodePort
{{ if .Values.network.conductor.external_policy_local }}
externalTrafficPolicy: Local
{{ end }}
{{ end }}
{{- end }}

18
tacker/templates/service-ingress-api.yaml Normal file
View File

@ -0,0 +1,18 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }}
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "nfv_orchestration" -}}
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
{{- end }}

612
tacker/values.yaml Normal file
View File

@ -0,0 +1,612 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for tacker.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
labels:
server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
conductor:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
images:
pull_policy: IfNotPresent
tags:
tacker_server: docker.io/openstackhelm/tacker:2023.1-ubuntu_focal
tacker_conductor: docker.io/openstackhelm/tacker:2023.1-ubuntu_focal
db_init: docker.io/openstackhelm/heat:2023.1-ubuntu_focal
db_drop: docker.io/openstackhelm/heat:2023.1-ubuntu_focal
tacker_db_sync: docker.io/openstackhelm/tacker:2023.1-ubuntu_focal
ks_endpoints: docker.io/openstackhelm/heat:2023.1-ubuntu_focal
ks_service: docker.io/openstackhelm/heat:2023.1-ubuntu_focal
ks_user: docker.io/openstackhelm/heat:2023.1-ubuntu_focal
rabbit_init: docker.io/rabbitmq:3.7-management
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
dependencies:
static:
server:
jobs:
- tacker-db-sync
- tacker-ks-user
- tacker-ks-endpoints
- tacker-rabbit-init
services:
- endpoint: internal
service: oslo_db
- endpoint: internal
service: identity
- endpoint: internal
service: key_manager
conductor:
jobs:
- tacker-db-sync
- tacker-ks-user
- tacker-ks-endpoints
- tacker-rabbit-init
services:
- endpoint: internal
service: oslo_db
- endpoint: internal
service: identity
- endpoint: internal
service: key_manager
db_drop:
services:
- endpoint: internal
service: oslo_db
db_init:
services:
- endpoint: internal
service: oslo_db
db_sync:
jobs:
- tacker-db-init
services:
- endpoint: internal
service: oslo_db
ks_endpoints:
jobs:
- tacker-ks-service
services:
- endpoint: internal
service: identity
ks_service:
services:
- endpoint: internal
service: identity
ks_user:
services:
- endpoint: internal
service: identity
pod:
security_context:
server:
pod:
runAsUser: 42424
runAsNonRoot: true
conductor:
pod:
runAsUser: 42424
runAsNonRoot: true
lifecycle:
termination_grace_period:
server:
timeout: 30
conductor:
timeout: 30
replicas:
conductor: 1
server: 1
tolerations:
tacker:
enabled: false
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
resources:
enabled: false
jobs:
db_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_drop:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_user:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_service:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_endpoints:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
mounts:
tacker_db_sync:
tacker_db_sync:
volumeMounts:
volumes:
storage:
storageClass: general
volumes:
csar_files:
name: tacker-csar-files
size: 2Gi
mount_path: "/var/lib/tacker/csar_files"
vnfpackages:
name: tacker-vnfpackages
size: 2Gi
mount_path: "/var/lib/tacker/vnfpackages"
logs:
name: tacker-logs
size: 2Gi
mount_path: "/var/log/openstackhelm/tacker"
network:
api:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 30900
conductor:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 30901
secrets:
identity:
admin: tacker-keystone-admin
tacker: tacker-keystone-user
oslo_db:
admin: tacker-db-admin
tacker: tacker-db-user
oslo_messaging:
admin: tacker-rabbitmq-admin
tacker: tacker-rabbitmq-user
oci_image_registry:
tacker: tacker-oci-image-registry
tls:
nfv_orchestration:
api:
public: tacker-tls-public
internal: tacker-tls-internal
endpoints:
cluster_domain_suffix: cluster.local
oslo_db:
auth:
admin:
username: root
password: password
secret:
tls:
internal: mariadb-tls-direct
tacker:
username: tacker
password: password
hosts:
default: mariadb
host_fqdn_override:
default: null
path: /tacker
scheme: mysql+pymysql
port:
mysql:
default: 3306
identity:
name: keystone
auth:
admin:
region_name: RegionOne
username: admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
tacker:
role: admin
region_name: RegionOne
username: tacker
password: password
project_name: service
user_domain_name: service
project_domain_name: service
hosts:
default: keystone
internal: keystone-api
host_fqdn_override:
default: null
path:
default: /v3
scheme:
default: http
port:
api:
default: 80
internal: 5000
oslo_messaging:
auth:
admin:
username: rabbitmq
password: password
secret:
tls:
internal: rabbitmq-tls-direct
tacker:
username: tacker
password: password
statefulset:
replicas: 2
name: rabbitmq-rabbitmq
hosts:
default: rabbitmq
host_fqdn_override:
default: null
path: /tacker
scheme: rabbit
port:
amqp:
default: 5672
http:
default: 15672
oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts:
default: memcached
host_fqdn_override:
default: null
port:
memcache:
default: 11211
nfv_orchestration:
name: tacker
hosts:
default: tacker-api
conductor: tacker-conductor
public: tacker
host_fqdn_override:
default: null
path:
default: null
scheme:
default: http
port:
api:
default: 9890
public: 80
conductor:
default: 5672
key_manager:
name: barbican
hosts:
default: barbican-api
public: barbican
host_fqdn_override:
default: null
path:
default: /v1
scheme:
default: http
port:
api:
default: 9311
public: 80
conf:
tacker:
DEFAULT:
log_config_append: /etc/tacker/logging.conf
debug: false
log_dir: /var/log/openstackhelm/tacker
api_workers: 5
service_plugins: "nfvo,vnfm"
nfvo:
vim_drivers: openstack
openstack_vim:
stack_retries: 60
stack_retry_wait: 10
vim_keys:
use_barbican: true
tacker:
monitor_driver: "ping,http_ping"
alarm_monitor_driver: ceilometer
cors:
enabled: true
allowed_origin: "*"
max_age: 3600
allow_methods: "GET,POST,PUT,DELETE,PATCH,OPTIONS"
allow_headers: "Content-Type,Version,Accept,X-Auth-Token"
expose_headers: "Content-Type,Accept,Cache-Control,Content-Language,X-Subject-Token"
database:
connection_recycle_time: 10
max_pool_size: 1
max_retries: "-1"
keystone_authtoken:
service_type: nfv-orchestration
auth_type: password
auth_version: v3
service_token_roles_required: true
cafile: ""
memcache_security_strategy: ENCRYPT
alarm_auth: {}
ceilometer:
host: tacker-api.openstack.svc.cluster.local
port: 9890
oslo_messaging_notifications:
driver: noop
glance_store:
filesystem_store_datadir: /var/lib/tacker/csar_files
server:
command: "tacker-server --config-file /etc/tacker/tacker.conf"
config_files:
- source: "/etc/tacker/tacker.conf"
dest: "/etc/tacker/tacker.conf"
owner: "tacker"
perm: "0600"
permissions:
- path: "/var/log/openstackhelm/tacker"
owner: "tacker:tacker"
recurse: true
- path: "/var/lib/tacker/csar_files"
owner: "tacker:tacker"
conductor:
command: "tacker-conductor --config-file /etc/tacker/tacker.conf"
config_files:
- source: "/etc/tacker/tacker.conf"
dest: "/etc/tacker/tacker.conf"
owner: "tacker"
perm: "0600"
permissions:
- path: "/var/log/openstackhelm/tacker"
owner: "tacker:tacker"
recurse: true
- path: "/var/lib/tacker/vnfpackages"
owner: "tacker:tacker"
- path: "/var/lib/tacker/csar_files"
owner: "tacker:tacker"
paste:
composite:tacker:
use: egg:Paste#urlmap
/: tackerversions
/v1.0: tackerapi_v1_0
/vnfpkgm/v1: vnfpkgmapi_v1
/vnflcm: vnflcm_versions
/vnflcm/v1: vnflcm_v1
/vnflcm/v2: vnflcm_v2
/vnffm/v1: vnffm_v1
/vnfpm/v2: vnfpm_v2
/alert/vnf_instances: prometheus_auto_scaling
/alert: prometheus_fm
/pm_event: prometheus_pm
/server_notification: server_notification
composite:tackerapi_v1_0:
use: call:tacker.auth:pipeline_factory
noauth: cors request_id catch_errors extensions tackerapiapp_v1_0
keystone: cors request_id catch_errors alarm_receiver authtoken keystonecontext extensions tackerapiapp_v1_0
composite:vnfpkgmapi_v1:
use: call:tacker.auth:pipeline_factory
noauth: cors request_id catch_errors vnfpkgmapp_v1
keystone: cors request_id catch_errors authtoken keystonecontext vnfpkgmapp_v1
composite:vnflcm_v1:
use: call:tacker.auth:pipeline_factory
noauth: cors request_id catch_errors vnflcmaapp_v1
keystone: cors request_id catch_errors authtoken keystonecontext vnflcmaapp_v1
composite:vnflcm_v2:
use: call:tacker.auth:pipeline_factory
noauth: cors request_id catch_errors vnflcmaapp_v2
keystone: cors request_id catch_errors authtoken keystonecontext vnflcmaapp_v2
composite:vnfpm_v2:
use: call:tacker.auth:pipeline_factory
noauth: cors request_id catch_errors vnfpmaapp_v2
keystone: cors request_id catch_errors authtoken keystonecontext vnfpmaapp_v2
composite:vnflcm_versions:
use: call:tacker.auth:pipeline_factory
noauth: cors request_id catch_errors vnflcm_api_versions
keystone: cors request_id catch_errors authtoken keystonecontext vnflcm_api_versions
composite:vnffm_v1:
use: call:tacker.auth:pipeline_factory
noauth: cors request_id catch_errors vnffmaapp_v1
keystone: cors request_id catch_errors authtoken keystonecontext vnffmaapp_v1
filter:cors:
paste.filter_factory: oslo_middleware.cors:filter_factory
oslo_config_project: tacker
filter:request_id:
paste.filter_factory: oslo_middleware:RequestId.factory
filter:catch_errors:
paste.filter_factory: oslo_middleware:CatchErrors.factory
filter:alarm_receiver:
paste.filter_factory: tacker.alarm_receiver:AlarmReceiver.factory
filter:keystonecontext:
paste.filter_factory: tacker.auth:TackerKeystoneContext.factory
filter:authtoken:
paste.filter_factory: keystonemiddleware.auth_token:filter_factory
filter:extensions:
paste.filter_factory: tacker.api.extensions:extension_middleware_factory
app:tackerversions:
paste.app_factory: tacker.api.versions:Versions.factory
app:tackerapiapp_v1_0:
paste.app_factory: tacker.api.v1.router:APIRouter.factory
app:vnfpkgmapp_v1:
paste.app_factory: tacker.api.vnfpkgm.v1.router:VnfpkgmAPIRouter.factory
app:vnflcmaapp_v1:
paste.app_factory: tacker.api.vnflcm.v1.router:VnflcmAPIRouter.factory
app:vnflcmaapp_v2:
paste.app_factory: tacker.sol_refactored.api.router:VnflcmAPIRouterV2.factory
app:vnfpmaapp_v2:
paste.app_factory: tacker.sol_refactored.api.router:VnfPmAPIRouterV2.factory
app:vnflcm_api_versions:
paste.app_factory: tacker.sol_refactored.api.router:VnflcmVersions.factory
app:vnffmaapp_v1:
paste.app_factory: tacker.sol_refactored.api.router:VnffmAPIRouterV1.factory
app:prometheus_auto_scaling:
paste.app_factory: tacker.sol_refactored.api.prometheus_plugin_router:AutoScalingRouter.factory
app:prometheus_fm:
paste.app_factory: tacker.sol_refactored.api.prometheus_plugin_router:FmAlertRouter.factory
app:prometheus_pm:
paste.app_factory: tacker.sol_refactored.api.prometheus_plugin_router:PmEventRouter.factory
app:server_notification:
paste.app_factory: tacker.sol_refactored.api.server_notification_router:ServerNotificationRouter.factory
logging:
loggers:
keys:
- root
- tacker
handlers:
keys:
- stdout
- stderr
- "null"
formatters:
keys:
- context
- default
logger_root:
level: WARNING
handlers: 'null'
logger_tacker:
level: INFO
handlers:
- stdout
qualname: tacker
logger_amqp:
level: WARNING
handlers: stderr
qualname: amqp
logger_amqplib:
level: WARNING
handlers: stderr
qualname: amqplib
logger_eventletwsgi:
level: WARNING
handlers: stderr
qualname: eventlet.wsgi.server
logger_sqlalchemy:
level: WARNING
handlers: stderr
qualname: sqlalchemy
logger_boto:
level: WARNING
handlers: stderr
qualname: boto
handler_null:
class: logging.NullHandler
formatter: default
args: ()
handler_stdout:
class: StreamHandler
args: (sys.stdout,)
formatter: context
handler_stderr:
class: StreamHandler
args: (sys.stderr,)
formatter: context
formatter_context:
class: oslo_log.formatters.ContextFormatter
datefmt: "%Y-%m-%d %H:%M:%S"
formatter_default:
format: "%(message)s"
datefmt: "%Y-%m-%d %H:%M:%S"
tls:
identity: false
oslo_messaging: false
oslo_db: false
manifests:
certificates: false
configmap_etc: true
configmap_bin: true
deployment_server: true
deployment_conductor: true
job_db_init: true
job_db_drop: false
job_db_sync: true
job_ks_endpoints: true
job_ks_service: true
job_ks_user: true
job_rabbit_init: true
pvc: true
secret_db: true
secret_keystone: true
secret_rabbitmq: true
service_api: true
service_conductor: true
ingress_api: true
service_ingress_api: true
...

16
tacker/values_overrides/2023.1-ubuntu_focal.yaml Normal file
View File

@ -0,0 +1,16 @@
# Default values for tacker.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
images:
tags:
tacker_server: docker.io/openstackhelm/tacker:2023.1-ubuntu_focal
tacker_conductor: docker.io/openstackhelm/tacker:2023.1-ubuntu_focal
db_init: docker.io/openstackhelm/heat:2023.1-ubuntu_focal
db_drop: docker.io/openstackhelm/heat:2023.1-ubuntu_focal
tacker_db_sync: docker.io/openstackhelm/tacker:2023.1-ubuntu_focal
ks_endpoints: docker.io/openstackhelm/heat:2023.1-ubuntu_focal
ks_service: docker.io/openstackhelm/heat:2023.1-ubuntu_focal
ks_user: docker.io/openstackhelm/heat:2023.1-ubuntu_focal
rabbit_init: docker.io/rabbitmq:3.7-management
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0

40
tacker/values_overrides/zed-ubuntu_focal.yaml Normal file
View File

@ -0,0 +1,40 @@
# Default values for tacker.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
images:
tags:
tacker_server: docker.io/openstackhelm/tacker:zed-ubuntu_focal
tacker_conductor: docker.io/openstackhelm/tacker:zed-ubuntu_focal
db_init: docker.io/openstackhelm/heat:zed-ubuntu_focal
db_drop: docker.io/openstackhelm/heat:zed-ubuntu_focal
tacker_db_sync: docker.io/openstackhelm/tacker:zed-ubuntu_focal
ks_endpoints: docker.io/openstackhelm/heat:zed-ubuntu_focal
ks_service: docker.io/openstackhelm/heat:zed-ubuntu_focal
ks_user: docker.io/openstackhelm/heat:zed-ubuntu_focal
rabbit_init: docker.io/rabbitmq:3.7-management
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
conf:
paste:
composite:tackerapi_v1_0:
noauth: request_id catch_errors extensions tackerapiapp_v1_0
keystone: request_id catch_errors alarm_receiver authtoken keystonecontext extensions tackerapiapp_v1_0
composite:vnfpkgmapi_v1:
noauth: request_id catch_errors vnfpkgmapp_v1
keystone: request_id catch_errors authtoken keystonecontext vnfpkgmapp_v1
composite:vnflcm_v1:
noauth: request_id catch_errors vnflcmaapp_v1
keystone: request_id catch_errors authtoken keystonecontext vnflcmaapp_v1
composite:vnflcm_v2:
noauth: request_id catch_errors vnflcmaapp_v2
keystone: request_id catch_errors authtoken keystonecontext vnflcmaapp_v2
composite:vnfpm_v2:
noauth: request_id catch_errors vnfpmaapp_v2
keystone: request_id catch_errors authtoken keystonecontext vnfpmaapp_v2
composite:vnflcm_versions:
noauth: request_id catch_errors vnflcm_api_versions
keystone: request_id catch_errors authtoken keystonecontext vnflcm_api_versions
composite:vnffm_v1:
noauth: request_id catch_errors vnffmaapp_v1
keystone: request_id catch_errors authtoken keystonecontext vnffmaapp_v1

30
tools/deployment/component/tacker/tacker.sh Executable file
View File

@ -0,0 +1,30 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Get the over-rides to use
: ${OSH_EXTRA_HELM_ARGS_TACKER:="$(./tools/deployment/common/get-values-overrides.sh tacker)"}
: ${RUN_HELM_TESTS:="no"}
#NOTE: Lint and package chart
make tacker
#NOTE: Deploy command
helm upgrade --install tacker ./tacker \
--namespace=openstack \
${OSH_EXTRA_HELM_ARGS:=} \
${OSH_EXTRA_HELM_ARGS_TACKER}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack

30
zuul.d/jobs-openstack-helm.yaml
View File

@ -624,3 +624,33 @@
- ./tools/deployment/component/horizon/horizon.sh - ./tools/deployment/component/horizon/horizon.sh
- ./tools/deployment/common/openstack-exporter.sh - ./tools/deployment/common/openstack-exporter.sh
- ./tools/deployment/common/test-networkpolicy.sh - ./tools/deployment/common/test-networkpolicy.sh
- job:
name: openstack-helm-tacker-2023-1-ubuntu_focal
parent: openstack-helm-chart-deploy
nodeset: openstack-helm-single-32GB-focal-tmp
timeout: 7200
vars:
osh_params:
openstack_release: "2023.1"
container_distro_name: ubuntu
container_distro_version: focal
run_helm_tests: "no"
gate_scripts_relative_path: ../openstack-helm
gate_scripts:
- ./tools/deployment/common/install-packages.sh
- ./tools/deployment/common/deploy-k8s.sh
- - ./tools/deployment/common/setup-client.sh
- ./tools/deployment/component/common/ingress.sh
- - ./tools/deployment/component/common/rabbitmq.sh
- ./tools/deployment/component/common/mariadb.sh
- ./tools/deployment/component/common/memcached.sh
- ./tools/deployment/component/keystone/keystone.sh
- - ./tools/deployment/component/heat/heat.sh
- ./tools/deployment/component/glance/glance.sh
- ./tools/deployment/component/compute-kit/openvswitch.sh
- ./tools/deployment/component/compute-kit/libvirt.sh
- ./tools/deployment/component/compute-kit/compute-kit.sh
- ./tools/deployment/component/barbican/barbican.sh
- ./tools/deployment/component/nfs-provisioner/nfs-provisioner.sh
- ./tools/deployment/component/tacker/tacker.sh

2
zuul.d/project.yaml
View File

@ -33,7 +33,6 @@
- openstack-helm-compute-kit-2023-1-ubuntu_focal - openstack-helm-compute-kit-2023-1-ubuntu_focal
- openstack-helm-keystone-ldap-2023-1-ubuntu_focal - openstack-helm-keystone-ldap-2023-1-ubuntu_focal
- openstack-helm-tls-2023-1-ubuntu_focal - openstack-helm-tls-2023-1-ubuntu_focal
gate: gate:
jobs: jobs:
- openstack-helm-lint - openstack-helm-lint
@ -51,6 +50,7 @@
- openstack-helm-netpol-cinder - openstack-helm-netpol-cinder
- openstack-helm-tls-2023-1-ubuntu_focal - openstack-helm-tls-2023-1-ubuntu_focal
- openstack-helm-tungsten-fabric - openstack-helm-tungsten-fabric
- openstack-helm-tacker-2023-1-ubuntu_focal
periodic-weekly: periodic-weekly:
jobs: jobs:
- openstack-helm-cinder-victoria-ubuntu_focal - openstack-helm-cinder-victoria-ubuntu_focal