diff --git a/neutron/templates/bin/_neutron-ironic-agent.sh.tpl b/neutron/templates/bin/_neutron-ironic-agent.sh.tpl new file mode 100644 index 0000000000..075b5d423c --- /dev/null +++ b/neutron/templates/bin/_neutron-ironic-agent.sh.tpl @@ -0,0 +1,31 @@ +#!/bin/bash + +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +COMMAND="${@:-start}" + +function start () { + exec ironic-neutron-agent \ + --config-file /etc/neutron/neutron.conf \ + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/neutron/templates/configmap-bin.yaml b/neutron/templates/configmap-bin.yaml index d36cb1b857..b502a408a6 100644 --- a/neutron/templates/configmap-bin.yaml +++ b/neutron/templates/configmap-bin.yaml @@ -79,6 +79,8 @@ data: {{ tuple "bin/_neutron-bagpipe-bgp-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} neutron-server.sh: | {{ tuple "bin/_neutron-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + neutron-ironic-agent.sh: | +{{ tuple "bin/_neutron-ironic-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} rabbit-init.sh: | {{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }} {{- end }} diff --git a/neutron/templates/configmap-etc.yaml b/neutron/templates/configmap-etc.yaml index 0e06750107..91d6a7aab2 100644 --- a/neutron/templates/configmap-etc.yaml +++ b/neutron/templates/configmap-etc.yaml @@ -198,6 +198,24 @@ just set it along with nova_metadata_host. {{- $_ := tuple "dns" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.neutron.designate "url" -}} {{- end -}} {{- end }} + +{{- if (has "baremetal" .Values.network.backend) -}} +{{- if empty .Values.conf.neutron.ironic.project_name -}} +{{- $_ := set .Values.conf.neutron.ironic "project_name" .Values.endpoints.identity.auth.ironic.project_name -}} +{{- end -}} +{{- if empty .Values.conf.neutron.ironic.project_domain_name -}} +{{- $_ := set .Values.conf.neutron.ironic "project_domain_name" .Values.endpoints.identity.auth.ironic.project_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.neutron.ironic.user_domain_name -}} +{{- $_ := set .Values.conf.neutron.ironic "user_domain_name" .Values.endpoints.identity.auth.ironic.user_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.neutron.ironic.username -}} +{{- $_ := set .Values.conf.neutron.ironic "username" .Values.endpoints.identity.auth.ironic.username -}} +{{- end -}} +{{- if empty .Values.conf.neutron.ironic.password -}} +{{- $_ := set .Values.conf.neutron.ironic "password" .Values.endpoints.identity.auth.ironic.password -}} +{{- end -}} +{{- end -}} --- apiVersion: v1 kind: Secret diff --git a/neutron/templates/deployment-ironic-agent.yaml b/neutron/templates/deployment-ironic-agent.yaml new file mode 100644 index 0000000000..4d3a40b572 --- /dev/null +++ b/neutron/templates/deployment-ironic-agent.yaml @@ -0,0 +1,113 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_ironic_agent }} +{{- $envAll := . }} + +{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "ironic_agent" -}} +{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }} + +{{- $mounts_neutron_ironic_agent := .Values.pod.mounts.neutron_ironic_agent.neutron_ironic_agent }} +{{- $mounts_neutron_ironic_agent_init := .Values.pod.mounts.neutron_ironic_agent.init_container }} + +{{- $serviceAccountName := "neutron-ironic-agent" }} +{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: neutron-ironic-agent + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "neutron" "ironic-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.ironic_agent }} + selector: + matchLabels: +{{ tuple $envAll "neutron" "ironic-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "neutron" "ironic-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: +{{ dict "envAll" $envAll "application" "neutron_ironic_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "neutron" "ironic_agent" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.ironic_agent.node_selector_key }}: {{ .Values.labels.ironic_agent.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.ironic_agent.timeout | default "30" }} + initContainers: +{{ tuple $envAll "pod_dependency" $mounts_neutron_ironic_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: neutron-ironic-agent +{{ tuple $envAll "neutron_ironic_agent" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.ironic_agent | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "neutron" "container" "neutron_ironic_agent" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/neutron-ironic-agent.sh + - start + lifecycle: + preStop: + exec: + command: + - /tmp/neutron-ironic-agent.sh + - stop + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: pod-var-neutron + mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }} + - name: neutron-bin + mountPath: /tmp/neutron-ironic-agent.sh + subPath: neutron-ironic-agent.sh + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + readOnly: true + {{- if .Values.conf.neutron.DEFAULT.log_config_append }} + - name: neutron-etc + mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.neutron.DEFAULT.log_config_append }} + readOnly: true + {{- end }} + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini + subPath: ml2_conf.ini + readOnly: true +{{ if $mounts_neutron_ironic_agent.volumeMounts }}{{ toYaml $mounts_neutron_ironic_agent.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: pod-var-neutron + emptyDir: {} + - name: neutron-bin + configMap: + name: neutron-bin + defaultMode: 0555 + - name: neutron-etc + secret: + secretName: neutron-etc + defaultMode: 0444 +{{ if $mounts_neutron_ironic_agent.volumes }}{{ toYaml $mounts_neutron_ironic_agent.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/neutron/values.yaml b/neutron/values.yaml index bdda754643..2e7d17dc5d 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -40,6 +40,7 @@ images: neutron_sriov_agent: docker.io/openstackhelm/neutron:ocata-18.04-sriov neutron_sriov_agent_init: docker.io/openstackhelm/neutron:ocata-18.04-sriov neutron_bagpipe_bgp: docker.io/openstackhelm/neutron:ocata-ubuntu_xenial + neutron_ironic_agent: docker.io/openstackhelm/neutron:ocata-ubuntu_xenial dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 image_repo_sync: docker.io/docker:17.07.0 pull_policy: "IfNotPresent" @@ -85,6 +86,9 @@ labels: server: node_selector_key: openstack-control-plane node_selector_value: enabled + ironic_agent: + node_selector_key: openstack-control-plane + node_selector_value: enabled test: node_selector_key: openstack-control-plane node_selector_value: enabled @@ -299,6 +303,21 @@ dependencies: service: oslo_cache - endpoint: internal service: identity + ironic_agent: + jobs: + - neutron-db-sync + - neutron-ks-user + - neutron-ks-endpoints + - neutron-rabbit-init + services: + - endpoint: internal + service: oslo_db + - endpoint: internal + service: oslo_messaging + - endpoint: internal + service: oslo_cache + - endpoint: internal + service: identity tests: services: - endpoint: internal @@ -452,6 +471,9 @@ pod: neutron_sriov_agent: readOnlyRootFilesystem: true privileged: true + neutron_ironic_agent: + pod: + runAsUser: 42424 affinity: anti: type: @@ -506,6 +528,11 @@ pod: bagpipe_bgp: volumeMounts: volumes: + neutron_ironic_agent: + init_container: null + neutron_ironic_agent: + volumeMounts: + volumes: neutron_tests: init_container: null neutron_tests: @@ -526,6 +553,7 @@ pod: volumes: replicas: server: 1 + ironic_agent: 1 lifecycle: upgrades: deployments: @@ -566,6 +594,8 @@ pod: termination_grace_period: server: timeout: 30 + ironic_agent: + timeout: 30 resources: enabled: false agent: @@ -632,6 +662,13 @@ pod: limits: memory: "1024Mi" cpu: "2000m" + ironic_agent: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" jobs: bootstrap: requests: @@ -1767,6 +1804,8 @@ conf: auth_version: v3 endpoint_type: internal allow_reverse_dns_lookup: true + ironic: + endpoint_type: internal keystone_authtoken: memcache_security_strategy: ENCRYPT auth_type: password @@ -2162,6 +2201,13 @@ endpoints: password: password user_domain_name: service project_domain_name: service + ironic: + region_name: RegionOne + project_name: service + username: ironic + password: password + user_domain_name: service + project_domain_name: service test: role: admin region_name: RegionOne @@ -2235,6 +2281,21 @@ endpoints: api: default: 9001 public: 80 + baremetal: + name: ironic + hosts: + default: ironic-api + public: ironic + host_fqdn_override: + default: null + path: + default: null + scheme: + default: 'http' + port: + api: + default: 6385 + public: 80 #NOTE(tp6510): these endpoints allow for things like DNS lookups and apiserver access. # They are using to enable the Egress K8s network policy. @@ -2269,6 +2330,7 @@ manifests: daemonset_sriov_agent: true daemonset_l2gw_agent: false daemonset_bagpipe_bgp: false + deployment_ironic_agent: false deployment_server: true ingress_server: true job_bootstrap: true