From a81317569fac95672ba2177fa2fae5b33a95ada8 Mon Sep 17 00:00:00 2001 From: okozachenko Date: Fri, 17 Mar 2023 00:06:20 +1100 Subject: [PATCH] Add Manila chart Change-Id: I5098b1b57c3afed01e90f489de34415d69056e25 --- manila/.helmignore | 1 + manila/Chart.yaml | 24 + manila/requirements.yaml | 16 + manila/templates/bin/_bootstrap.sh.tpl | 59 + manila/templates/bin/_db-sync.sh.tpl | 19 + manila/templates/bin/_manila-api.sh.tpl | 29 + manila/templates/bin/_manila-data.sh.tpl | 19 + manila/templates/bin/_manila-scheduler.sh.tpl | 19 + manila/templates/bin/_manila-share.sh.tpl | 19 + manila/templates/configmap-bin.yaml | 56 + manila/templates/configmap-etc.yaml | 240 ++++ manila/templates/deployment-api.yaml | 140 +++ manila/templates/deployment-data.yaml | 121 ++ manila/templates/deployment-scheduler.yaml | 121 ++ manila/templates/deployment-share.yaml | 151 +++ manila/templates/ingress-api.yaml | 18 + manila/templates/job-bootstrap.yaml | 31 + manila/templates/job-db-drop.yaml | 26 + manila/templates/job-db-init.yaml | 32 + manila/templates/job-db-sync.yaml | 32 + manila/templates/job-image-repo-sync.yaml | 27 + manila/templates/job-ks-endpoints.yaml | 31 + manila/templates/job-ks-service.yaml | 31 + manila/templates/job-ks-user.yaml | 31 + manila/templates/job-rabbit-init.yaml | 28 + manila/templates/network_policy.yaml | 16 + manila/templates/pdb-api.yaml | 27 + manila/templates/pod-rally-test.yaml | 129 ++ manila/templates/secret-db.yaml | 33 + manila/templates/secret-ingress-tls.yaml | 17 + manila/templates/secret-keystone.yaml | 28 + manila/templates/secret-rabbitmq.yaml | 28 + manila/templates/secret-registry.yaml | 17 + manila/templates/service-api.yaml | 37 + manila/templates/service-ingress-api.yaml | 18 + manila/values.yaml | 1092 +++++++++++++++++ manila/values_overrides/apparmor.yaml | 11 + manila/values_overrides/tls-offloading.yaml | 12 + manila/values_overrides/tls.yaml | 4 + .../values_overrides/xena-ubuntu_focal.yaml | 18 + .../values_overrides/yoga-ubuntu_focal.yaml | 18 + releasenotes/notes/manila.yaml | 4 + tools/deployment/component/manila/manila.sh | 31 + 43 files changed, 2861 insertions(+) create mode 100644 manila/.helmignore create mode 100644 manila/Chart.yaml create mode 100644 manila/requirements.yaml create mode 100644 manila/templates/bin/_bootstrap.sh.tpl create mode 100644 manila/templates/bin/_db-sync.sh.tpl create mode 100644 manila/templates/bin/_manila-api.sh.tpl create mode 100644 manila/templates/bin/_manila-data.sh.tpl create mode 100644 manila/templates/bin/_manila-scheduler.sh.tpl create mode 100644 manila/templates/bin/_manila-share.sh.tpl create mode 100644 manila/templates/configmap-bin.yaml create mode 100644 manila/templates/configmap-etc.yaml create mode 100644 manila/templates/deployment-api.yaml create mode 100644 manila/templates/deployment-data.yaml create mode 100644 manila/templates/deployment-scheduler.yaml create mode 100644 manila/templates/deployment-share.yaml create mode 100644 manila/templates/ingress-api.yaml create mode 100644 manila/templates/job-bootstrap.yaml create mode 100644 manila/templates/job-db-drop.yaml create mode 100644 manila/templates/job-db-init.yaml create mode 100644 manila/templates/job-db-sync.yaml create mode 100644 manila/templates/job-image-repo-sync.yaml create mode 100644 manila/templates/job-ks-endpoints.yaml create mode 100644 manila/templates/job-ks-service.yaml create mode 100644 manila/templates/job-ks-user.yaml create mode 100644 manila/templates/job-rabbit-init.yaml create mode 100644 manila/templates/network_policy.yaml create mode 100644 manila/templates/pdb-api.yaml create mode 100644 manila/templates/pod-rally-test.yaml create mode 100644 manila/templates/secret-db.yaml create mode 100644 manila/templates/secret-ingress-tls.yaml create mode 100644 manila/templates/secret-keystone.yaml create mode 100644 manila/templates/secret-rabbitmq.yaml create mode 100644 manila/templates/secret-registry.yaml create mode 100644 manila/templates/service-api.yaml create mode 100644 manila/templates/service-ingress-api.yaml create mode 100644 manila/values.yaml create mode 100644 manila/values_overrides/apparmor.yaml create mode 100644 manila/values_overrides/tls-offloading.yaml create mode 100644 manila/values_overrides/tls.yaml create mode 100644 manila/values_overrides/xena-ubuntu_focal.yaml create mode 100644 manila/values_overrides/yoga-ubuntu_focal.yaml create mode 100644 releasenotes/notes/manila.yaml create mode 100755 tools/deployment/component/manila/manila.sh diff --git a/manila/.helmignore b/manila/.helmignore new file mode 100644 index 0000000000..b54c347b85 --- /dev/null +++ b/manila/.helmignore @@ -0,0 +1 @@ +values_overrides diff --git a/manila/Chart.yaml b/manila/Chart.yaml new file mode 100644 index 0000000000..62d26ee66f --- /dev/null +++ b/manila/Chart.yaml @@ -0,0 +1,24 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +appVersion: v1.0.0 +description: OpenStack-Helm Manila +name: manila +version: 0.1.0 +home: https://docs.openstack.org/manila/latest/ +icon: https://www.openstack.org/themes/openstack/images/project-mascots/Manila/OpenStack_Project_Manila_vertical.png +sources: + - https://opendev.org/openstack/manila + - https://opendev.org/openstack/openstack-helm +maintainers: + - name: OpenStack-Helm Authors diff --git a/manila/requirements.yaml b/manila/requirements.yaml new file mode 100644 index 0000000000..4124d0145d --- /dev/null +++ b/manila/requirements.yaml @@ -0,0 +1,16 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: file://../../openstack-helm-infra/helm-toolkit + version: ">= 0.1.0" diff --git a/manila/templates/bin/_bootstrap.sh.tpl b/manila/templates/bin/_bootstrap.sh.tpl new file mode 100644 index 0000000000..eaa06962a3 --- /dev/null +++ b/manila/templates/bin/_bootstrap.sh.tpl @@ -0,0 +1,59 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +export HOME=/tmp + +cd $HOME + +{{ range .Values.bootstrap.structured.images }} +openstack image show {{ .name | quote }} || \ + (curl --fail -sSL -O {{ .source_url }}{{ .image_file }}; \ + openstack image create {{ .name | quote }} \ + {{ if .id -}} --id {{ .id }} {{ end -}} \ + --disk-format {{ .image_type }} \ + --file {{ .image_file }} \ + {{ if .properties -}} {{ range $key, $value := .properties }}--property {{$key}}={{$value}} {{ end }}{{ end -}} \ + --container-format {{ .container_format | quote }} \ + {{ if .private -}} + --private + {{- else -}} + --public + {{- end -}};) +{{ end }} + +{{ range .Values.bootstrap.structured.flavors }} +openstack flavor show {{ .name | quote }} || \ + openstack flavor create {{ .name | quote }} \ + {{ if .id -}} --id {{ .id }} {{ end -}} \ + --ram {{ .ram }} \ + --vcpus {{ .vcpus }} \ + --disk {{ .disk }} \ + --ephemeral {{ .ephemeral }} \ + {{ if .public -}} + --public + {{- else -}} + --private + {{- end -}}; +{{ end }} + +openstack share type show default || \ + openstack share type create default true \ + --public true --description "default generic share type" +openstack share group type show default || \ + openstack share group type create default default --public true + +{{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} diff --git a/manila/templates/bin/_db-sync.sh.tpl b/manila/templates/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..58b305e715 --- /dev/null +++ b/manila/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +exec manila-manage db sync diff --git a/manila/templates/bin/_manila-api.sh.tpl b/manila/templates/bin/_manila-api.sh.tpl new file mode 100644 index 0000000000..3521103a93 --- /dev/null +++ b/manila/templates/bin/_manila-api.sh.tpl @@ -0,0 +1,29 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +COMMAND="${@:-start}" + +function start () { + exec manila-api \ + --config-file /etc/manila/manila.conf +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/manila/templates/bin/_manila-data.sh.tpl b/manila/templates/bin/_manila-data.sh.tpl new file mode 100644 index 0000000000..f8a94d1189 --- /dev/null +++ b/manila/templates/bin/_manila-data.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +exec manila-data \ + --config-file /etc/manila/manila.conf diff --git a/manila/templates/bin/_manila-scheduler.sh.tpl b/manila/templates/bin/_manila-scheduler.sh.tpl new file mode 100644 index 0000000000..7a6835aeee --- /dev/null +++ b/manila/templates/bin/_manila-scheduler.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +exec manila-scheduler \ + --config-file /etc/manila/manila.conf diff --git a/manila/templates/bin/_manila-share.sh.tpl b/manila/templates/bin/_manila-share.sh.tpl new file mode 100644 index 0000000000..8177983429 --- /dev/null +++ b/manila/templates/bin/_manila-share.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +exec manila-share \ + --config-file /etc/manila/manila.conf diff --git a/manila/templates/configmap-bin.yaml b/manila/templates/configmap-bin.yaml new file mode 100644 index 0000000000..5a4222d9cd --- /dev/null +++ b/manila/templates/configmap-bin.yaml @@ -0,0 +1,56 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +{{- $rallyTests := .Values.conf.rally_tests }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: manila-bin +data: + rally-test.sh: | +{{ tuple $rallyTests | include "helm-toolkit.scripts.rally_test" | indent 4 }} +{{- if .Values.images.local_registry.active }} + image-repo-sync.sh: | +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} +{{- if .Values.bootstrap.enabled }} + bootstrap.sh: | +{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} + db-init.py: | +{{- include "helm-toolkit.scripts.db_init" . | indent 4 }} + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + db-drop.py: | +{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }} + ks-service.sh: | +{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }} + ks-endpoints.sh: | +{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }} + ks-user.sh: | +{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} + rabbit-init.sh: | +{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }} + manila-api.sh: | +{{ tuple "bin/_manila-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + manila-data.sh: | +{{ tuple "bin/_manila-data.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + manila-scheduler.sh: | +{{ tuple "bin/_manila-scheduler.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + manila-share.sh: | +{{ tuple "bin/_manila-share.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} diff --git a/manila/templates/configmap-etc.yaml b/manila/templates/configmap-etc.yaml new file mode 100644 index 0000000000..e230aa4330 --- /dev/null +++ b/manila/templates/configmap-etc.yaml @@ -0,0 +1,240 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_etc }} +{{- $envAll := . }} + +{{- $manila_auth_url := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} +{{- $manila_region_name := .Values.endpoints.identity.auth.manila.region_name }} +{{- $manila_project_name := .Values.endpoints.identity.auth.manila.project_name }} +{{- $manila_project_domain_name := .Values.endpoints.identity.auth.manila.project_domain_name }} +{{- $manila_user_domain_name := .Values.endpoints.identity.auth.manila.user_domain_name }} +{{- $manila_username := .Values.endpoints.identity.auth.manila.username }} +{{- $manila_password := .Values.endpoints.identity.auth.manila.password }} +{{- $memcached_servers := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} +{{- $memcache_secret_key := default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key }} + +{{- if empty .Values.conf.manila.keystone_authtoken.auth_uri -}} +{{- $_ := set .Values.conf.manila.keystone_authtoken "auth_uri" $manila_auth_url -}} +{{- end -}} + +{{- if empty .Values.conf.manila.keystone_authtoken.auth_url -}} +{{- $_ := set .Values.conf.manila.keystone_authtoken "auth_url" $manila_auth_url -}} +{{- end -}} + +{{- if empty .Values.conf.manila.keystone_authtoken.region_name -}} +{{- $_ := set .Values.conf.manila.keystone_authtoken "region_name" $manila_region_name -}} +{{- end -}} +{{- if empty .Values.conf.manila.keystone_authtoken.project_name -}} +{{- $_ := set .Values.conf.manila.keystone_authtoken "project_name" $manila_project_name -}} +{{- end -}} +{{- if empty .Values.conf.manila.keystone_authtoken.project_domain_name -}} +{{- $_ := set .Values.conf.manila.keystone_authtoken "project_domain_name" $manila_project_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.manila.keystone_authtoken.user_domain_name -}} +{{- $_ := set .Values.conf.manila.keystone_authtoken "user_domain_name" $manila_user_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.manila.keystone_authtoken.username -}} +{{- $_ := set .Values.conf.manila.keystone_authtoken "username" $manila_username -}} +{{- end -}} +{{- if empty .Values.conf.manila.keystone_authtoken.password -}} +{{- $_ := set .Values.conf.manila.keystone_authtoken "password" $manila_password -}} +{{- end -}} + +{{- if empty .Values.conf.manila.keystone_authtoken.memcached_servers -}} +{{- $_ := set .Values.conf.manila.keystone_authtoken "memcached_servers" $memcached_servers -}} +{{- end -}} +{{- if empty .Values.conf.manila.keystone_authtoken.memcache_secret_key -}} +{{- $_ := set .Values.conf.manila.keystone_authtoken "memcache_secret_key" $memcache_secret_key -}} +{{- end -}} + +{{- if empty .Values.conf.manila.database.connection -}} +{{- $_ := tuple "oslo_db" "internal" "manila" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.manila.database "connection" -}} +{{- end -}} + +{{- if empty .Values.conf.manila.DEFAULT.transport_url -}} +{{- $_ := tuple "oslo_messaging" "internal" "manila" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.manila.DEFAULT "transport_url" -}} +{{- end -}} + +# neutron +{{- if empty .Values.conf.manila.neutron.auth_uri -}} +{{- $_ := set .Values.conf.manila.neutron "auth_uri" $manila_auth_url -}} +{{- end -}} + +{{- if empty .Values.conf.manila.neutron.auth_url -}} +{{- $_ := set .Values.conf.manila.neutron "auth_url" $manila_auth_url -}} +{{- end -}} + +{{- if empty .Values.conf.manila.neutron.region_name -}} +{{- $_ := set .Values.conf.manila.neutron "region_name" .Values.endpoints.identity.auth.manila.region_name -}} +{{- end -}} +{{- if empty .Values.conf.manila.neutron.project_name -}} +{{- $_ := set .Values.conf.manila.neutron "project_name" $manila_project_name -}} +{{- end -}} +{{- if empty .Values.conf.manila.neutron.project_domain_name -}} +{{- $_ := set .Values.conf.manila.neutron "project_domain_name" $manila_project_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.manila.neutron.user_domain_name -}} +{{- $_ := set .Values.conf.manila.neutron "user_domain_name" $manila_user_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.manila.neutron.username -}} +{{- $_ := set .Values.conf.manila.neutron "username" $manila_username -}} +{{- end -}} +{{- if empty .Values.conf.manila.neutron.password -}} +{{- $_ := set .Values.conf.manila.neutron "password" $manila_password -}} +{{- end -}} + +{{- if empty .Values.conf.manila.neutron.memcached_servers -}} +{{- $_ := set .Values.conf.manila.neutron "memcached_servers" $memcached_servers -}} +{{- end -}} +{{- if empty .Values.conf.manila.neutron.memcache_secret_key -}} +{{- $_ := set .Values.conf.manila.neutron "memcache_secret_key" $memcache_secret_key -}} +{{- end -}} + +# nova +{{- if empty .Values.conf.manila.nova.auth_uri -}} +{{- $_ := set .Values.conf.manila.nova "auth_uri" $manila_auth_url -}} +{{- end -}} + +{{- if empty .Values.conf.manila.nova.auth_url -}} +{{- $_ := set .Values.conf.manila.nova "auth_url" $manila_auth_url -}} +{{- end -}} + +{{- if empty .Values.conf.manila.nova.region_name -}} +{{- $_ := set .Values.conf.manila.nova "region_name" .Values.endpoints.identity.auth.manila.region_name -}} +{{- end -}} +{{- if empty .Values.conf.manila.nova.project_name -}} +{{- $_ := set .Values.conf.manila.nova "project_name" $manila_project_name -}} +{{- end -}} +{{- if empty .Values.conf.manila.nova.project_domain_name -}} +{{- $_ := set .Values.conf.manila.nova "project_domain_name" $manila_project_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.manila.nova.user_domain_name -}} +{{- $_ := set .Values.conf.manila.nova "user_domain_name" $manila_user_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.manila.nova.username -}} +{{- $_ := set .Values.conf.manila.nova "username" $manila_username -}} +{{- end -}} +{{- if empty .Values.conf.manila.nova.password -}} +{{- $_ := set .Values.conf.manila.nova "password" $manila_password -}} +{{- end -}} + +{{- if empty .Values.conf.manila.nova.memcached_servers -}} +{{- $_ := set .Values.conf.manila.nova "memcached_servers" $memcached_servers -}} +{{- end -}} +{{- if empty .Values.conf.manila.nova.memcache_secret_key -}} +{{- $_ := set .Values.conf.manila.nova "memcache_secret_key" $memcache_secret_key -}} +{{- end -}} + +# cinder +{{- if empty .Values.conf.manila.cinder.auth_uri -}} +{{- $_ := set .Values.conf.manila.cinder "auth_uri" $manila_auth_url -}} +{{- end -}} + +{{- if empty .Values.conf.manila.cinder.auth_url -}} +{{- $_ := set .Values.conf.manila.cinder "auth_url" $manila_auth_url -}} +{{- end -}} + +{{- if empty .Values.conf.manila.cinder.region_name -}} +{{- $_ := set .Values.conf.manila.cinder "region_name" .Values.endpoints.identity.auth.manila.region_name -}} +{{- end -}} +{{- if empty .Values.conf.manila.cinder.project_name -}} +{{- $_ := set .Values.conf.manila.cinder "project_name" $manila_project_name -}} +{{- end -}} +{{- if empty .Values.conf.manila.cinder.project_domain_name -}} +{{- $_ := set .Values.conf.manila.cinder "project_domain_name" $manila_project_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.manila.cinder.user_domain_name -}} +{{- $_ := set .Values.conf.manila.cinder "user_domain_name" $manila_user_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.manila.cinder.username -}} +{{- $_ := set .Values.conf.manila.cinder "username" $manila_username -}} +{{- end -}} +{{- if empty .Values.conf.manila.cinder.password -}} +{{- $_ := set .Values.conf.manila.cinder "password" $manila_password -}} +{{- end -}} + +{{- if empty .Values.conf.manila.cinder.memcached_servers -}} +{{- $_ := set .Values.conf.manila.cinder "memcached_servers" $memcached_servers -}} +{{- end -}} +{{- if empty .Values.conf.manila.cinder.memcache_secret_key -}} +{{- $_ := set .Values.conf.manila.cinder "memcache_secret_key" $memcache_secret_key -}} +{{- end -}} + +# glance +{{- if empty .Values.conf.manila.glance.auth_uri -}} +{{- $_ := set .Values.conf.manila.glance "auth_uri" $manila_auth_url -}} +{{- end -}} + +{{- if empty .Values.conf.manila.glance.auth_url -}} +{{- $_ := set .Values.conf.manila.glance "auth_url" $manila_auth_url -}} +{{- end -}} + +{{- if empty .Values.conf.manila.glance.region_name -}} +{{- $_ := set .Values.conf.manila.glance "region_name" .Values.endpoints.identity.auth.manila.region_name -}} +{{- end -}} +{{- if empty .Values.conf.manila.glance.project_name -}} +{{- $_ := set .Values.conf.manila.glance "project_name" $manila_project_name -}} +{{- end -}} +{{- if empty .Values.conf.manila.glance.project_domain_name -}} +{{- $_ := set .Values.conf.manila.glance "project_domain_name" $manila_project_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.manila.glance.user_domain_name -}} +{{- $_ := set .Values.conf.manila.glance "user_domain_name" $manila_user_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.manila.glance.username -}} +{{- $_ := set .Values.conf.manila.glance "username" $manila_username -}} +{{- end -}} +{{- if empty .Values.conf.manila.glance.password -}} +{{- $_ := set .Values.conf.manila.glance "password" $manila_password -}} +{{- end -}} + +{{- if empty .Values.conf.manila.glance.memcached_servers -}} +{{- $_ := set .Values.conf.manila.glance "memcached_servers" $memcached_servers -}} +{{- end -}} +{{- if empty .Values.conf.manila.glance.memcache_secret_key -}} +{{- $_ := set .Values.conf.manila.glance "memcache_secret_key" $memcache_secret_key -}} +{{- end -}} + +{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}} +{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} +{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .Release.Name $fluentd_host $fluentd_port }} +{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}} +{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}} +{{- end -}} + +{{- if and (empty .Values.conf.logging.formatter_fluent) (has "fluent" .Values.conf.logging.formatters.keys) -}} +{{- $formatter_fluent := dict "class" "oslo_log.formatters.FluentFormatter" -}} +{{- $_ := set .Values.conf.logging "formatter_fluent" $formatter_fluent -}} +{{- end -}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: manila-etc +type: Opaque +data: + rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }} + manila.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.manila | b64enc }} +{{- range $key, $value := $envAll.Values.conf.rootwrap_filters }} +{{- $filePrefix := replace "_" "-" $key }} + {{ printf "%s.filters" $filePrefix }}: {{ $value.content | b64enc }} +{{- end }} + logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} + api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} + policy.yaml: {{ toYaml .Values.conf.policy | b64enc }} + manila_sudoers: {{ $envAll.Values.conf.manila_sudoers | b64enc }} + rootwrap.conf: {{ $envAll.Values.conf.rootwrap | b64enc }} +{{- end }} diff --git a/manila/templates/deployment-api.yaml b/manila/templates/deployment-api.yaml new file mode 100644 index 0000000000..0e4505a023 --- /dev/null +++ b/manila/templates/deployment-api.yaml @@ -0,0 +1,140 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_api }} +{{- $envAll := . }} + +{{- $mounts_manila_api := .Values.pod.mounts.manila_api.manila_api }} +{{- $mounts_manila_api_init := .Values.pod.mounts.manila_api.init_container }} + +{{- $serviceAccountName := "manila-api" }} +{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: manila-api + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "manila" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.api }} + selector: + matchLabels: +{{ tuple $envAll "manila" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "manila" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} +{{ dict "envAll" $envAll "podName" "manila-api" "containerNames" (list "init" "manila-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} + spec: +{{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "manila" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }} +{{ if $envAll.Values.pod.tolerations.manila.enabled }} +{{ tuple $envAll "manila" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} +{{ end }} + initContainers: +{{ tuple $envAll "api" $mounts_manila_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: manila-api +{{ tuple $envAll "manila_api" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "manila" "container" "manila_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/manila-api.sh + - start + env: +{{- if or .Values.manifests.certificates .Values.tls.identity }} + - name: REQUESTS_CA_BUNDLE + value: "/etc/manila/certs/ca.crt" +{{- end }} + lifecycle: + preStop: + exec: + command: + - /tmp/manila-api.sh + - stop + ports: + - name: m-api + containerPort: {{ tuple "share" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + readinessProbe: + httpGet: + scheme: HTTP + path: / + port: {{ tuple "share" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: state-tmp + mountPath: /var/lib/manila + - name: etcmanila + mountPath: /etc/manila + - name: manila-etc + mountPath: /etc/manila/manila.conf + subPath: manila.conf + readOnly: true + {{- if .Values.conf.manila.DEFAULT.log_config_append }} + - name: manila-etc + mountPath: {{ .Values.conf.manila.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.manila.DEFAULT.log_config_append }} + readOnly: true + {{- end }} + - name: manila-etc + mountPath: /etc/manila/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: manila-etc + mountPath: /etc/manila/policy.yaml + subPath: policy.yaml + readOnly: true + - name: manila-bin + mountPath: /tmp/manila-api.sh + subPath: manila-api.sh + readOnly: true +{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} +{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.share.api.internal "path" "/etc/manila/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} +{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} + +{{ if $mounts_manila_api.volumeMounts }}{{ toYaml $mounts_manila_api.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: state-tmp + emptyDir: {} + - name: etcmanila + emptyDir: {} + - name: manila-etc + secret: + secretName: manila-etc + defaultMode: 0444 + - name: manila-bin + configMap: + name: manila-bin + defaultMode: 0555 +{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} +{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.share.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} +{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} + +{{ if $mounts_manila_api.volumes }}{{ toYaml $mounts_manila_api.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/manila/templates/deployment-data.yaml b/manila/templates/deployment-data.yaml new file mode 100644 index 0000000000..21db299e31 --- /dev/null +++ b/manila/templates/deployment-data.yaml @@ -0,0 +1,121 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_data }} +{{- $envAll := . }} + +{{- $mounts_manila_data := .Values.pod.mounts.manila_data.manila_data }} +{{- $mounts_manila_data_init := .Values.pod.mounts.manila_data.init_container }} + +{{- $serviceAccountName := "manila-data" }} +{{ tuple $envAll "data" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: manila-data + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "manila" "data" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.data }} + selector: + matchLabels: +{{ tuple $envAll "manila" "data" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "manila" "data" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} +{{ dict "envAll" $envAll "podName" "manila-data" "containerNames" (list "init" "manila-data") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} + spec: +{{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "manila" "data" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.data.node_selector_key }}: {{ .Values.labels.data.node_selector_value }} +{{ if $envAll.Values.pod.tolerations.manila.enabled }} +{{ tuple $envAll "manila" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} +{{ end }} + initContainers: +{{ tuple $envAll "data" $mounts_manila_data_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: manila-data +{{ tuple $envAll "manila_data" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.data | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "manila" "container" "manila_data" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/manila-data.sh + env: +{{- if or .Values.manifests.certificates .Values.tls.identity }} + - name: REQUESTS_CA_BUNDLE + value: "/etc/manila/certs/ca.crt" +{{- end }} + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: etcmanila + mountPath: /etc/manila + - name: state-tmp + mountPath: /var/lib/manila + - name: manila-etc + mountPath: /etc/manila/manila.conf + subPath: manila.conf + readOnly: true + {{- if .Values.conf.manila.DEFAULT.log_config_append }} + - name: manila-etc + mountPath: {{ .Values.conf.manila.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.manila.DEFAULT.log_config_append }} + readOnly: true + {{- end }} + - name: manila-etc + mountPath: /etc/manila/policy.yaml + subPath: policy.yaml + readOnly: true + - name: manila-bin + mountPath: /tmp/manila-data.sh + subPath: manila-data.sh + readOnly: true +{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} +{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.share.api.internal "path" "/etc/manila/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} +{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} + +{{ if $mounts_manila_data.volumeMounts }}{{ toYaml $mounts_manila_data.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: state-tmp + emptyDir: {} + - name: etcmanila + emptyDir: {} + - name: manila-etc + secret: + secretName: manila-etc + defaultMode: 0444 + - name: manila-bin + configMap: + name: manila-bin + defaultMode: 0555 +{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} +{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.share.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} +{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} + +{{ if $mounts_manila_data.volumes }}{{ toYaml $mounts_manila_data.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/manila/templates/deployment-scheduler.yaml b/manila/templates/deployment-scheduler.yaml new file mode 100644 index 0000000000..4858dfce54 --- /dev/null +++ b/manila/templates/deployment-scheduler.yaml @@ -0,0 +1,121 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_scheduler }} +{{- $envAll := . }} + +{{- $mounts_manila_scheduler := .Values.pod.mounts.manila_scheduler.manila_scheduler }} +{{- $mounts_manila_scheduler_init := .Values.pod.mounts.manila_scheduler.init_container }} + +{{- $serviceAccountName := "manila-scheduler" }} +{{ tuple $envAll "scheduler" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: manila-scheduler + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "manila" "scheduler" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.scheduler }} + selector: + matchLabels: +{{ tuple $envAll "manila" "scheduler" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "manila" "scheduler" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} +{{ dict "envAll" $envAll "podName" "manila-scheduler" "containerNames" (list "init" "manila-scheduler") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} + spec: +{{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "manila" "scheduler" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.scheduler.node_selector_key }}: {{ .Values.labels.scheduler.node_selector_value }} +{{ if $envAll.Values.pod.tolerations.manila.enabled }} +{{ tuple $envAll "manila" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} +{{ end }} + initContainers: +{{ tuple $envAll "scheduler" $mounts_manila_scheduler_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: manila-scheduler +{{ tuple $envAll "manila_scheduler" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.scheduler | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "manila" "container" "manila_scheduler" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/manila-scheduler.sh + env: +{{- if or .Values.manifests.certificates .Values.tls.identity }} + - name: REQUESTS_CA_BUNDLE + value: "/etc/manila/certs/ca.crt" +{{- end }} + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: etcmanila + mountPath: /etc/manila + - name: state-tmp + mountPath: /var/lib/manila + - name: manila-etc + mountPath: /etc/manila/manila.conf + subPath: manila.conf + readOnly: true + {{- if .Values.conf.manila.DEFAULT.log_config_append }} + - name: manila-etc + mountPath: {{ .Values.conf.manila.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.manila.DEFAULT.log_config_append }} + readOnly: true + {{- end }} + - name: manila-etc + mountPath: /etc/manila/policy.yaml + subPath: policy.yaml + readOnly: true + - name: manila-bin + mountPath: /tmp/manila-scheduler.sh + subPath: manila-scheduler.sh + readOnly: true +{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} +{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.share.api.internal "path" "/etc/manila/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} +{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} + +{{ if $mounts_manila_scheduler.volumeMounts }}{{ toYaml $mounts_manila_scheduler.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: state-tmp + emptyDir: {} + - name: etcmanila + emptyDir: {} + - name: manila-etc + secret: + secretName: manila-etc + defaultMode: 0444 + - name: manila-bin + configMap: + name: manila-bin + defaultMode: 0555 +{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} +{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.share.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} +{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} + +{{ if $mounts_manila_scheduler.volumes }}{{ toYaml $mounts_manila_scheduler.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/manila/templates/deployment-share.yaml b/manila/templates/deployment-share.yaml new file mode 100644 index 0000000000..a1c3ac5596 --- /dev/null +++ b/manila/templates/deployment-share.yaml @@ -0,0 +1,151 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_share }} +{{- $envAll := . }} + +{{- $mounts_manila_share := .Values.pod.mounts.manila_share.manila_share }} +{{- $mounts_manila_share_init := .Values.pod.mounts.manila_share.init_container }} + +{{- $serviceAccountName := "manila-share" }} +{{ tuple $envAll "share" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: manila-share + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "manila" "share" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.share }} + selector: + matchLabels: +{{ tuple $envAll "manila" "share" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "manila" "share" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} +{{ dict "envAll" $envAll "podName" "manila-share" "containerNames" (list "init" "manila-share") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} + spec: +{{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "manila" "share" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.share.node_selector_key }}: {{ .Values.labels.share.node_selector_value }} +{{ if $envAll.Values.pod.tolerations.manila.enabled }} +{{ tuple $envAll "manila" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} +{{ end }} + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + initContainers: +{{ tuple $envAll "share" $mounts_manila_share_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: manila-share +{{ tuple $envAll "manila_share" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.share | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "manila" "container" "manila_share" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/manila-share.sh + env: +{{- if or .Values.manifests.certificates .Values.tls.identity }} + - name: REQUESTS_CA_BUNDLE + value: "/etc/manila/certs/ca.crt" +{{- end }} + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: etcmanila + mountPath: /etc/manila + - name: state-tmp + mountPath: /var/lib/manila + - name: manila-etc + mountPath: /etc/manila/manila.conf + subPath: manila.conf + readOnly: true + - name: manila-etc + mountPath: /etc/manila/rootwrap.conf + subPath: rootwrap.conf + - name: manila-etc + mountPath: /etc/sudoers.d/kolla_manila_sudoers + subPath: manila_sudoers + readOnly: true + - name: manila-etc + mountPath: /etc/sudoers.d/kolla_manila_volume_sudoers + subPath: manila_sudoers + readOnly: true + - mountPath: /run/openvswitch + name: run-openvswitch + readOnly: true + {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }} + {{- if ( has "share" $value.pods ) }} + {{- $filePrefix := replace "_" "-" $key }} + {{- $rootwrapFile := printf "/etc/manila/rootwrap.d/%s.filters" $filePrefix }} + - name: manila-etc + mountPath: {{ $rootwrapFile }} + subPath: {{ base $rootwrapFile }} + readOnly: true + {{- end }} + {{- end }} + {{- if .Values.conf.manila.DEFAULT.log_config_append }} + - name: manila-etc + mountPath: {{ .Values.conf.manila.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.manila.DEFAULT.log_config_append }} + readOnly: true + {{- end }} + - name: manila-etc + mountPath: /etc/manila/policy.yaml + subPath: policy.yaml + readOnly: true + - name: manila-bin + mountPath: /tmp/manila-share.sh + subPath: manila-share.sh + readOnly: true +{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} +{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.share.api.internal "path" "/etc/manila/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} +{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} + +{{ if $mounts_manila_share.volumeMounts }}{{ toYaml $mounts_manila_share.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: state-tmp + emptyDir: {} + - name: etcmanila + emptyDir: {} + - name: run-openvswitch + hostPath: + path: /run/openvswitch + type: Directory + - name: manila-etc + secret: + secretName: manila-etc + defaultMode: 0444 + - name: manila-bin + configMap: + name: manila-bin + defaultMode: 0555 +{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} +{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.share.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} +{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} + +{{ if $mounts_manila_share.volumes }}{{ toYaml $mounts_manila_share.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/manila/templates/ingress-api.yaml b/manila/templates/ingress-api.yaml new file mode 100644 index 0000000000..ef9426f844 --- /dev/null +++ b/manila/templates/ingress-api.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendServiceType" "share" "backendPort" "m-api" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} diff --git a/manila/templates/job-bootstrap.yaml b/manila/templates/job-bootstrap.yaml new file mode 100644 index 0000000000..8589f2ba4b --- /dev/null +++ b/manila/templates/job-bootstrap.yaml @@ -0,0 +1,31 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.bootstrap" }} +{{- if .Values.helm3_hook }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "5" +{{- end }} +{{- end }} + +{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }} +{{- $bootstrapJob := dict "envAll" . "serviceName" "manila" "keystoneUser" .Values.bootstrap.ks_user "logConfigFile" .Values.conf.manila.DEFAULT.log_config_append "jobAnnotations" (include "metadata.annotations.job.bootstrap" . | fromYaml) -}} +{{- if .Values.pod.tolerations.manila.enabled -}} +{{- $_ := set $bootstrapJob "tolerationsEnabled" true -}} +{{- end -}} +{{- if or .Values.manifests.certificates .Values.tls.identity -}} +{{- $_ := set $bootstrapJob "tlsSecret" .Values.secrets.tls.share.api.internal -}} +{{- end -}} +{{ $bootstrapJob | include "helm-toolkit.manifests.job_bootstrap" }} +{{- end }} diff --git a/manila/templates/job-db-drop.yaml b/manila/templates/job-db-drop.yaml new file mode 100644 index 0000000000..9d63fa95bd --- /dev/null +++ b/manila/templates/job-db-drop.yaml @@ -0,0 +1,26 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_drop }} +{{- $serviceName := "manila" -}} +{{- $dbToDrop := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "DEFAULT" "configDbKey" "sql_connection" -}} +{{- $dbDropJob := dict "envAll" . "serviceName" $serviceName "dbToDrop" $dbToDrop -}} +{{- if .Values.manifests.certificates -}} +{{- $_ := set $dbToDrop "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} +{{- end -}} +{{- if .Values.pod.tolerations.manila.enabled -}} +{{- $_ := set $dbDropJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} +{{- end }} diff --git a/manila/templates/job-db-init.yaml b/manila/templates/job-db-init.yaml new file mode 100644 index 0000000000..f2df99fcff --- /dev/null +++ b/manila/templates/job-db-init.yaml @@ -0,0 +1,32 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.db_init" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-5" +{{- end }} + +{{- if .Values.manifests.job_db_init }} +{{- $dbInitJob := dict "envAll" . "serviceName" "manila" -}} +{{- if .Values.manifests.certificates -}} +{{- $_ := set $dbInitJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} +{{- end -}} +{{- if .Values.helm3_hook }} +{{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }} +{{- end }} +{{- if .Values.pod.tolerations.manila.enabled -}} +{{- $_ := set $dbInitJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} +{{- end }} diff --git a/manila/templates/job-db-sync.yaml b/manila/templates/job-db-sync.yaml new file mode 100644 index 0000000000..014e4cd5a6 --- /dev/null +++ b/manila/templates/job-db-sync.yaml @@ -0,0 +1,32 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.db_sync" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-4" +{{- end }} + +{{- if .Values.manifests.job_db_sync }} +{{- $dbSyncJob := dict "envAll" . "serviceName" "manila" "podVolMounts" .Values.pod.mounts.manila_db_sync.manila_db_sync.volumeMounts "podVols" .Values.pod.mounts.manila_db_sync.manila_db_sync.volumes -}} +{{- if .Values.manifests.certificates -}} +{{- $_ := set $dbSyncJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} +{{- end -}} +{{- if .Values.helm3_hook }} +{{- $_ := set $dbSyncJob "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) }} +{{- end }} +{{- if .Values.pod.tolerations.manila.enabled -}} +{{- $_ := set $dbSyncJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} +{{- end }} diff --git a/manila/templates/job-image-repo-sync.yaml b/manila/templates/job-image-repo-sync.yaml new file mode 100644 index 0000000000..d7fc6438f2 --- /dev/null +++ b/manila/templates/job-image-repo-sync.yaml @@ -0,0 +1,27 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.repo_sync" }} +{{- if .Values.helm3_hook }} +helm.sh/hook: post-install,post-upgrade +{{- end }} +{{- end }} + +{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} +{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "manila" "jobAnnotations" (include "metadata.annotations.job.repo_sync" . | fromYaml) -}} +{{- if .Values.pod.tolerations.manila.enabled -}} +{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} +{{- end }} diff --git a/manila/templates/job-ks-endpoints.yaml b/manila/templates/job-ks-endpoints.yaml new file mode 100644 index 0000000000..56b529ed72 --- /dev/null +++ b/manila/templates/job-ks-endpoints.yaml @@ -0,0 +1,31 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.ks_endpoints" }} +{{- if .Values.helm3_hook }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-2" +{{- end }} +{{- end }} + +{{- if .Values.manifests.job_ks_endpoints }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "manila" "serviceTypes" ( tuple "share" "sharev2" ) "jobAnnotations" (include "metadata.annotations.job.ks_endpoints" . | fromYaml) -}} +{{- if .Values.pod.tolerations.manila.enabled -}} +{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}} +{{- end -}} +{{- if or .Values.manifests.certificates .Values.tls.identity -}} +{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.share.api.internal -}} +{{- end -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} +{{- end }} diff --git a/manila/templates/job-ks-service.yaml b/manila/templates/job-ks-service.yaml new file mode 100644 index 0000000000..895b31f566 --- /dev/null +++ b/manila/templates/job-ks-service.yaml @@ -0,0 +1,31 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.ks_service" }} +{{- if .Values.helm3_hook }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-3" +{{- end }} +{{- end }} + +{{- if .Values.manifests.job_ks_service }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "manila" "serviceTypes" ( tuple "share" "sharev2" ) "jobAnnotations" (include "metadata.annotations.job.ks_service" . | fromYaml) -}} +{{- if .Values.pod.tolerations.manila.enabled -}} +{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}} +{{- end -}} +{{- if or .Values.manifests.certificates .Values.tls.identity -}} +{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.share.api.internal -}} +{{- end -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} +{{- end }} diff --git a/manila/templates/job-ks-user.yaml b/manila/templates/job-ks-user.yaml new file mode 100644 index 0000000000..b7ef07e989 --- /dev/null +++ b/manila/templates/job-ks-user.yaml @@ -0,0 +1,31 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.ks_user" }} +{{- if .Values.helm3_hook }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-1" +{{- end }} +{{- end }} + +{{- if .Values.manifests.job_ks_user }} +{{- $ksUserJob := dict "envAll" . "serviceName" "manila" "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) -}} +{{- if .Values.pod.tolerations.manila.enabled -}} +{{- $_ := set $ksUserJob "tolerationsEnabled" true -}} +{{- end -}} +{{- if or .Values.manifests.certificates .Values.tls.identity -}} +{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.share.api.internal -}} +{{- end -}} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} +{{- end }} diff --git a/manila/templates/job-rabbit-init.yaml b/manila/templates/job-rabbit-init.yaml new file mode 100644 index 0000000000..9b2ab56410 --- /dev/null +++ b/manila/templates/job-rabbit-init.yaml @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.rabbit_init" }} +{{- if .Values.helm3_hook }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-4" +{{- end }} +{{- end }} + +{{- if .Values.manifests.job_rabbit_init }} +{{- $rmqUserJob := dict "envAll" . "serviceName" "manila" "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) -}} +{{- if .Values.pod.tolerations.manila.enabled -}} +{{- $_ := set $rmqUserJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }} +{{- end }} diff --git a/manila/templates/network_policy.yaml b/manila/templates/network_policy.yaml new file mode 100644 index 0000000000..b0fd6fd850 --- /dev/null +++ b/manila/templates/network_policy.yaml @@ -0,0 +1,16 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.manifests.network_policy -}} +{{- $netpol_opts := dict "envAll" . "name" "application" "label" "manila" -}} +{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }} +{{- end -}} diff --git a/manila/templates/pdb-api.yaml b/manila/templates/pdb-api.yaml new file mode 100644 index 0000000000..b2bf037ff3 --- /dev/null +++ b/manila/templates/pdb-api.yaml @@ -0,0 +1,27 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.pdb_api }} +{{- $envAll := . }} +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: manila-api +spec: + minAvailable: {{ .Values.pod.lifecycle.disruption_budget.api.min_available }} + selector: + matchLabels: +{{ tuple $envAll "manila" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{- end }} diff --git a/manila/templates/pod-rally-test.yaml b/manila/templates/pod-rally-test.yaml new file mode 100644 index 0000000000..928c1831fc --- /dev/null +++ b/manila/templates/pod-rally-test.yaml @@ -0,0 +1,129 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if (.Values.global).subchart_release_name }} +{{- $_ := set . "deployment_name" .Chart.Name }} +{{- else }} +{{- $_ := set . "deployment_name" .Release.Name }} +{{- end }} + +{{- if .Values.manifests.pod_rally_test }} +{{- $envAll := . }} + +{{- $mounts_tests := .Values.pod.mounts.manila_tests.manila_tests }} +{{- $mounts_tests_init := .Values.pod.mounts.manila_tests.init_container }} + +{{- $serviceAccountName := print $envAll.deployment_name "-test" }} +{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: v1 +kind: Pod +metadata: + name: {{ print $envAll.deployment_name "-test" }} + labels: +{{ tuple $envAll "manila" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + annotations: + "helm.sh/hook": test-success + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{ dict "envAll" $envAll "podName" "manila-test" "containerNames" (list "init" "manila-test" "manila-test-ks-user") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }} +spec: + restartPolicy: Never +{{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }} + nodeSelector: + {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} + serviceAccountName: {{ $serviceAccountName }} + initContainers: +{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }} + - name: manila-test-ks-user +{{ tuple $envAll "ks_user" | include "helm-toolkit.snippets.image" | indent 6 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} +{{ dict "envAll" $envAll "application" "test" "container" "manila_test_ks_user" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }} + command: + - /tmp/ks-user.sh + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: manila-bin + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + readOnly: true +{{- if and .Values.manifests.certificates .Values.secrets.tls.share.api.internal }} +{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.share.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 8 }} +{{- end }} + env: +{{- with $env := dict "ksUserSecret" .Values.secrets.share.admin "useCA" (and .Values.manifests.certificates .Values.secrets.tls.share.api.internal) }} +{{- include "helm-toolkit.snippets.manila_openrc_env_vars" $env | indent 8 }} +{{- end }} + - name: SERVICE_OS_SERVICE_NAME + value: "test" +{{- with $env := dict "ksUserSecret" .Values.secrets.share.test }} +{{- include "helm-toolkit.snippets.manila_user_create_env_vars" $env | indent 8 }} +{{- end }} + - name: SERVICE_OS_ROLE + value: {{ .Values.endpoints.share.auth.test.role | quote }} + containers: + - name: manila-test +{{ tuple $envAll "test" | include "helm-toolkit.snippets.image" | indent 6 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} +{{ dict "envAll" $envAll "application" "test" "container" "manila_test" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6}} + env: +{{- with $env := dict "ksUserSecret" .Values.secrets.share.admin "useCA" (and .Values.manifests.certificates .Values.secrets.tls.share.api.internal) }} +{{- include "helm-toolkit.snippets.manila_openrc_env_vars" $env | indent 8 }} +{{- end }} +{{- with $env := dict "ksUserSecret" .Values.secrets.share.test }} +{{- include "helm-toolkit.snippets.manila_user_create_env_vars" $env | indent 8 }} +{{- end }} + - name: RALLY_ENV_NAME + value: {{.deployment_name}} + command: + - /tmp/rally-test.sh + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: manila-etc + mountPath: /etc/rally/rally_tests.yaml + subPath: rally_tests.yaml + readOnly: true + - name: manila-bin + mountPath: /tmp/rally-test.sh + subPath: rally-test.sh + readOnly: true + - name: rally-db + mountPath: /var/lib/rally + - name: rally-work + mountPath: /home/rally/.rally +{{- if and .Values.manifests.certificates .Values.secrets.tls.share.api.internal }} +{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.share.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 8 }} +{{- end }} +{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: manila-etc + secret: + secretName: manila-etc + defaultMode: 0444 + - name: manila-bin + configMap: + name: manila-bin + defaultMode: 0555 + - name: rally-db + emptyDir: {} + - name: rally-work + emptyDir: {} +{{- if and .Values.manifests.certificates .Values.secrets.tls.share.api.internal }} +{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.share.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 4 }} +{{- end }} +{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }} +{{- end }} diff --git a/manila/templates/secret-db.yaml b/manila/templates/secret-db.yaml new file mode 100644 index 0000000000..0a9178f2a4 --- /dev/null +++ b/manila/templates/secret-db.yaml @@ -0,0 +1,33 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_db }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "manila" }} +{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} +{{- $connection := tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: +{{- if $envAll.Values.manifests.certificates }} + DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}} +{{- else }} + DB_CONNECTION: {{ $connection | b64enc -}} +{{- end }} +{{- end }} +{{- end }} diff --git a/manila/templates/secret-ingress-tls.yaml b/manila/templates/secret-ingress-tls.yaml new file mode 100644 index 0000000000..9db2b2550a --- /dev/null +++ b/manila/templates/secret-ingress-tls.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_ingress_tls }} +{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "share" ) }} +{{- end }} diff --git a/manila/templates/secret-keystone.yaml b/manila/templates/secret-keystone.yaml new file mode 100644 index 0000000000..173138785b --- /dev/null +++ b/manila/templates/secret-keystone.yaml @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_keystone }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "manila" }} +{{- $secretName := index $envAll.Values.secrets.identity $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: +{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}} +{{- end }} +{{- end }} diff --git a/manila/templates/secret-rabbitmq.yaml b/manila/templates/secret-rabbitmq.yaml new file mode 100644 index 0000000000..048cf8d8b3 --- /dev/null +++ b/manila/templates/secret-rabbitmq.yaml @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_rabbitmq }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "manila" }} +{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }} +{{- end }} +{{- end }} diff --git a/manila/templates/secret-registry.yaml b/manila/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/manila/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/manila/templates/service-api.yaml b/manila/templates/service-api.yaml new file mode 100644 index 0000000000..f80ef97342 --- /dev/null +++ b/manila/templates/service-api.yaml @@ -0,0 +1,37 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_api }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "share" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: b-api + port: {{ tuple "share" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{ if .Values.network.api.node_port.enabled }} + nodePort: {{ .Values.network.api.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "manila" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.api.node_port.enabled }} + type: NodePort + {{ if .Values.network.api.external_policy_local }} + externalTrafficPolicy: Local + {{ end }} + {{ end }} +{{- end }} diff --git a/manila/templates/service-ingress-api.yaml b/manila/templates/service-ingress-api.yaml new file mode 100644 index 0000000000..58492cd482 --- /dev/null +++ b/manila/templates/service-ingress-api.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "share" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} +{{- end }} diff --git a/manila/values.yaml b/manila/values.yaml new file mode 100644 index 0000000000..c5ade6f956 --- /dev/null +++ b/manila/values.yaml @@ -0,0 +1,1092 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for manila. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +--- +labels: + api: + node_selector_key: openstack-control-plane + node_selector_value: enabled + data: + node_selector_key: openstack-control-plane + node_selector_value: enabled + scheduler: + node_selector_key: openstack-control-plane + node_selector_value: enabled + share: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + test: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +release_group: null + +# NOTE(philsphicas): the pre-install hook breaks upgrade for helm2 +# Set to false to upgrade using helm2 +helm3_hook: true + +images: + tags: + bootstrap: docker.io/openstackhelm/heat:xena-ubuntu_focal + dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 + db_init: docker.io/openstackhelm/heat:xena-ubuntu_focal + manila_db_sync: docker.io/openstackhelm/manila:xena-ubuntu_focal + db_drop: docker.io/openstackhelm/heat:xena-ubuntu_focal + ks_user: docker.io/openstackhelm/heat:xena-ubuntu_focal + ks_service: docker.io/openstackhelm/heat:xena-ubuntu_focal + ks_endpoints: docker.io/openstackhelm/heat:xena-ubuntu_focal + manila_api: docker.io/openstackhelm/manila:xena-ubuntu_focal + manila_data: docker.io/openstackhelm/manila:xena-ubuntu_focal + manila_scheduler: docker.io/openstackhelm/manila:xena-ubuntu_focal + manila_share: docker.io/openstackhelm/manila:xena-ubuntu_focal + rabbit_init: docker.io/rabbitmq:3.7-management + image_repo_sync: docker.io/docker:17.07.0 + pull_policy: "IfNotPresent" + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +pod: + security_context: + manila: + pod: + runAsUser: 42424 + container: + manila_api: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + manila_data: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + manila_scheduler: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + manila_share: + readOnlyRootFilesystem: true + privileged: true + test: + pod: + runAsUser: 42424 + container: + manila_test: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + weight: + default: 10 + tolerations: + manila: + enabled: false + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + mounts: + manila_api: + init_container: null + manila_api: + volumeMounts: + volumes: + manila_scheduler: + init_container: null + manila_scheduler: + volumeMounts: + volumes: + manila_data: + init_container: null + manila_data: + volumeMounts: + volumes: + manila_share: + init_container: null + manila_share: + volumeMounts: + volumes: + manila_bootstrap: + init_container: null + manila_bootstrap: + volumeMounts: + volumes: + manila_tests: + init_container: null + manila_tests: + volumeMounts: + volumes: + manila_db_sync: + manila_db_sync: + volumeMounts: + volumes: + replicas: + api: 1 + data: 1 + scheduler: 1 + share: 1 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + disruption_budget: + api: + min_available: 0 + sheduler: + min_available: 0 + share: + min_available: 0 + resources: + enabled: false + api: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + data: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + scheduler: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + share: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + jobs: + bootstrap: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_drop: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + rabbit_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_endpoints: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_service: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_user: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + tests: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +network: + api: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + external_policy_local: false + node_port: + enabled: false + port: 30486 + +network_policy: + manila: + ingress: + - {} + egress: + - {} + +bootstrap: + enabled: true + ks_user: admin + script: null + structured: + flavors: + manila-service-flavor: + id: 100 + name: "manila-service-flavor" + ram: 512 + vcpus: 1 + disk: 5 + ephemeral: 0 + public: true + images: + manila-service-image: + id: null + name: "manila-service-image" + source_url: "https://tarballs.opendev.org/openstack/manila-image-elements/images/" + image_file: "manila-service-image-master.qcow2" + image_type: qcow2 + container_format: bare + private: false + +dependencies: + dynamic: + common: + local_image_registry: + jobs: + - manila-image-repo-sync + services: + - endpoint: node + service: local_image_registry + static: + api: + jobs: + - manila-db-sync + - manila-ks-user + - manila-ks-endpoints + - manila-rabbit-init + services: + - endpoint: internal + service: oslo_db + - endpoint: internal + service: identity + - endpoint: internal + service: oslo_messaging + data: + jobs: + - manila-db-sync + - manila-ks-user + - manila-ks-endpoints + - manila-rabbit-init + scheduler: + jobs: + - manila-db-sync + - manila-ks-user + - manila-ks-endpoints + - manila-rabbit-init + services: + - endpoint: internal + service: oslo_db + - endpoint: internal + service: identity + - endpoint: internal + service: oslo_messaging + share: + # pod: + # - requireSameNode: true + # labels: + # application: openvswitch + # component: server + jobs: + - manila-db-sync + - manila-ks-user + - manila-ks-endpoints + - manila-rabbit-init + services: + - endpoint: internal + service: oslo_db + - endpoint: internal + service: identity + - endpoint: internal + service: oslo_messaging + db_drop: + services: + - endpoint: internal + service: oslo_db + db_init: + services: + - endpoint: internal + service: oslo_db + db_sync: + jobs: + - manila-db-init + services: + - endpoint: internal + service: oslo_db + image_repo_sync: + services: + - endpoint: internal + service: local_image_registry + ks_endpoints: + jobs: + - manila-ks-service + services: + - endpoint: internal + service: identity + ks_service: + services: + - endpoint: internal + service: identity + ks_user: + services: + - endpoint: internal + service: identity + rabbit_init: + services: + - endpoint: internal + service: oslo_messaging + +conf: + paste: + composite:osapi_share: + use: call:manila.api:root_app_factory + /: apiversions + /healthcheck: healthcheck + /v1: openstack_share_api + /v2: openstack_share_api_v2 + composite:openstack_share_api: + use: call:manila.api.middleware.auth:pipeline_factory + noauth: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler noauth api + keystone: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext api + keystone_nolimit: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext api + composite:openstack_share_api_v2: + use: call:manila.api.middleware.auth:pipeline_factory + noauth: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler noauth apiv2 + noauthv2: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler noauthv2 apiv2 + keystone: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext apiv2 + keystone_nolimit: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext apiv2 + filter:faultwrap: + paste.filter_factory: manila.api.middleware.fault:FaultWrapper.factory + filter:noauth: + paste.filter_factory: manila.api.middleware.auth:NoAuthMiddleware.factory + filter:noauthv2: + paste.filter_factory: manila.api.middleware.auth:NoAuthMiddlewarev2_60.factory + filter:sizelimit: + paste.filter_factory: oslo_middleware.sizelimit:RequestBodySizeLimiter.factory + filter:osprofiler: + paste.filter_factory: osprofiler.web:WsgiMiddleware.factory + filter:http_proxy_to_wsgi: + paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory + app:api: + paste.app_factory: manila.api.v1.router:APIRouter.factory + app:apiv2: + paste.app_factory: manila.api.v2.router:APIRouter.factory + pipeline:apiversions: + pipeline: cors faultwrap http_proxy_to_wsgi osshareversionapp + app:osshareversionapp: + paste.app_factory: manila.api.versions:VersionsRouter.factory + filter:keystonecontext: + paste.filter_factory: manila.api.middleware.auth:ManilaKeystoneContext.factory + filter:authtoken: + paste.filter_factory: keystonemiddleware.auth_token:filter_factory + filter:cors: + paste.filter_factory: oslo_middleware.cors:filter_factory + oslo_config_project: manila + app:healthcheck: + paste.app_factory: oslo_middleware:Healthcheck.app_factory + backends: disable_by_file + disable_by_file_path: /etc/manila/healthcheck_disable + policy: {} + manila_sudoers: | + # This sudoers file supports rootwrap for both Kolla and LOCI Images. + Defaults !requiretty + Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin" + manila ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/manila-rootwrap /etc/manila/rootwrap.conf *, /var/lib/openstack/bin/manila-rootwrap /etc/manila/rootwrap.conf * + rootwrap_filters: + share: + pods: + - share + content: | + # manila-rootwrap command filters for share nodes + # This file should be owned by (and only-writeable by) the root user + + [Filters] + # manila/utils.py : 'chown', '%s', '%s' + chown: CommandFilter, chown, root + # manila/utils.py : 'cat', '%s' + cat: CommandFilter, cat, root + + # manila/share/drivers/lvm.py: 'mkfs.ext4', '/dev/mapper/%s' + mkfs.ext4: CommandFilter, mkfs.ext4, root + + # manila/share/drivers/lvm.py: 'mkfs.ext3', '/dev/mapper/%s' + mkfs.ext3: CommandFilter, mkfs.ext3, root + + # manila/share/drivers/lvm.py: 'smbd', '-s', '%s', '-D' + smbd: CommandFilter, smbd, root + smb: CommandFilter, smb, root + + # manila/share/drivers/lvm.py: 'rmdir', '%s' + rmdir: CommandFilter, rmdir, root + + # manila/share/drivers/lvm.py: 'dd' 'count=0', 'if=%s' % srcstr, 'of=%s' + dd: CommandFilter, dd, root + + # manila/share/drivers/lvm.py: 'fsck', '-pf', %s + fsck: CommandFilter, fsck, root + + # manila/share/drivers/lvm.py: 'resize2fs', %s + resize2fs: CommandFilter, resize2fs, root + + # manila/share/drivers/helpers.py: 'smbcontrol', 'all', 'close-share', '%s' + smbcontrol: CommandFilter, smbcontrol, root + + # manila/share/drivers/helpers.py: 'net', 'conf', 'addshare', '%s', '%s', 'writeable=y', 'guest_ok=y + # manila/share/drivers/helpers.py: 'net', 'conf', 'delshare', '%s' + # manila/share/drivers/helpers.py: 'net', 'conf', 'setparm', '%s', '%s', '%s' + # manila/share/drivers/helpers.py: 'net', 'conf', 'getparm', '%s', 'hosts allow' + net: CommandFilter, net, root + + # manila/share/drivers/helpers.py: 'cp', '%s', '%s' + cp: CommandFilter, cp, root + + # manila/share/drivers/helpers.py: 'service', '%s', '%s' + service: CommandFilter, service, root + + # manila/share/drivers/lvm.py: 'lvremove', '-f', "%s/%s + lvremove: CommandFilter, lvremove, root + + # manila/share/drivers/lvm.py: 'lvextend', '-L', '%sG''-n', %s + lvextend: CommandFilter, lvextend, root + + # manila/share/drivers/lvm.py: 'lvcreate', '-L', %s, '-n', %s + lvcreate: CommandFilter, lvcreate, root + + # manila/share/drivers/lvm.py: 'vgs', '--noheadings', '-o', 'name' + # manila/share/drivers/lvm.py: 'vgs', %s, '--rows', '--units', 'g' + vgs: CommandFilter, vgs, root + + # manila/share/drivers/lvm.py: 'tune2fs', '-U', 'random', '%volume-snapshot%' + tune2fs: CommandFilter, tune2fs, root + + # manila/share/drivers/generic.py: 'sed', '-i', '\'/%s/d\'', '%s' + sed: CommandFilter, sed, root + + # manila/share/drivers/glusterfs.py: 'mkdir', '%s' + # manila/share/drivers/ganesha/manager.py: 'mkdir', '-p', '%s' + mkdir: CommandFilter, mkdir, root + + # manila/share/drivers/glusterfs.py: 'rm', '-rf', '%s' + rm: CommandFilter, rm, root + + # manila/share/drivers/glusterfs.py: 'mount', '-t', 'glusterfs', '%s', '%s' + # manila/share/drivers/glusterfs/glusterfs_native.py: 'mount', '-t', 'glusterfs', '%s', '%s' + mount: CommandFilter, mount, root + + # manila/share/drivers/glusterfs.py: 'gluster', '--xml', 'volume', 'info', '%s' + # manila/share/drivers/glusterfs.py: 'gluster', 'volume', 'set', '%s', 'nfs.export-dir', '%s' + gluster: CommandFilter, gluster, root + + # manila/network/linux/ip_lib.py: 'ip', 'netns', 'exec', '%s', '%s' + ip: CommandFilter, ip, root + + # manila/network/linux/interface.py: 'ovs-vsctl', 'add-port', '%s', '%s' + ovs-vsctl: CommandFilter, ovs-vsctl, root + + # manila/share/drivers/glusterfs/glusterfs_native.py: 'find', '%s', '-mindepth', '1', '!', '-path', '%s', '!', '-path', '%s', '-delete' + # manila/share/drivers/glusterfs/glusterfs_native.py: 'find', '%s', '-mindepth', '1', '-delete' + find: CommandFilter, find, root + + # manila/share/drivers/glusterfs/glusterfs_native.py: 'umount', '%s' + umount: CommandFilter, umount, root + + # GPFS commands + # manila/share/drivers/ibm/gpfs.py: 'mmgetstate', '-Y' + mmgetstate: CommandFilter, mmgetstate, root + # manila/share/drivers/ibm/gpfs.py: 'mmlsattr', '%s' + mmlsattr: CommandFilter, mmlsattr, root + # manila/share/drivers/ibm/gpfs.py: 'mmcrfileset', '%s', '%s', '--inode-space', 'new' + mmcrfileset: CommandFilter, mmcrfileset, root + # manila/share/drivers/ibm/gpfs.py: 'mmlinkfileset', '%s', '%s', '-J', '%s' + mmlinkfileset: CommandFilter, mmlinkfileset, root + # manila/share/drivers/ibm/gpfs.py: 'mmsetquota', '-j', '%s', '-h', '%s', '%s' + mmsetquota: CommandFilter, mmsetquota, root + # manila/share/drivers/ibm/gpfs.py: 'mmunlinkfileset', '%s', '%s', '-f' + mmunlinkfileset: CommandFilter, mmunlinkfileset, root + # manila/share/drivers/ibm/gpfs.py: 'mmdelfileset', '%s', '%s', '-f' + mmdelfileset: CommandFilter, mmdelfileset, root + # manila/share/drivers/ibm/gpfs.py: 'mmcrsnapshot', '%s', '%s', '-j', '%s' + mmcrsnapshot: CommandFilter, mmcrsnapshot, root + # manila/share/drivers/ibm/gpfs.py: 'mmdelsnapshot', '%s', '%s', '-j', '%s' + mmdelsnapshot: CommandFilter, mmdelsnapshot, root + # manila/share/drivers/ibm/gpfs.py: 'rsync', '-rp', '%s', '%s' + rsync: CommandFilter, rsync, root + # manila/share/drivers/ibm/gpfs.py: 'exportfs' + exportfs: CommandFilter, exportfs, root + # manila/share/drivers/ibm/gpfs.py: 'stat', '--format=%F', '%s' + stat: CommandFilter, stat, root + # manila/share/drivers/ibm/gpfs.py: 'df', '-P', '-B', '1', '%s' + df: CommandFilter, df, root + # manila/share/drivers/ibm/gpfs.py: 'chmod', '777', '%s' + chmod: CommandFilter, chmod, root + # manila/share/drivers/ibm/gpfs.py: 'mmnfs', 'export', '%s', '%s' + mmnfs: CommandFilter, mmnfs, root + # manila/share/drivers/ibm/gpfs.py: 'mmlsfileset', '%s', '-J', '%s', '-L' + mmlsfileset: CommandFilter, mmlsfileset, root + # manila/share/drivers/ibm/gpfs.py: 'mmchfileset', '%s', '-J', '%s', '-j', '%s' + mmchfileset: CommandFilter, mmchfileset, root + # manila/share/drivers/ibm/gpfs.py: 'mmlsquota', '-j', '-J', '%s', '%s' + mmlsquota: CommandFilter, mmlsquota, root + + # manila/share/drivers/ganesha/manager.py: 'mv', '%s', '%s' + mv: CommandFilter, mv, root + + # manila/share/drivers/ganesha/manager.py: 'mktemp', '-p', '%s', '-t', '%s' + mktemp: CommandFilter, mktemp, root + + # manila/share/drivers/ganesha/manager.py: + shcat: RegExpFilter, sh, root, sh, -c, echo '((.|\n)*)' > /.* + + # manila/share/drivers/ganesha/manager.py: + dbus-addexport: RegExpFilter, dbus-send, root, dbus-send, --print-reply, --system, --dest=org\.ganesha\.nfsd, /org/ganesha/nfsd/ExportMgr, org\.ganesha\.nfsd\.exportmgr\.(Add|Remove)Export, .*, .* + + # manila/share/drivers/ganesha/manager.py: + dbus-removeexport: RegExpFilter, dbus-send, root, dbus-send, --print-reply, --system, --dest=org\.ganesha\.nfsd, /org/ganesha/nfsd/ExportMgr, org\.ganesha\.nfsd\.exportmgr\.(Add|Remove)Export, .* + + # manila/share/drivers/ganesha/manager.py: + dbus-updateexport: RegExpFilter, dbus-send, root, dbus-send, --print-reply, --system, --dest=org\.ganesha\.nfsd, /org/ganesha/nfsd/ExportMgr, org\.ganesha\.nfsd\.exportmgr\.UpdateExport, .*, .* + + # manila/share/drivers/ganesha/manager.py: + rmconf: RegExpFilter, sh, root, sh, -c, rm -f /.*/\*\.conf$ + + # ZFS commands + # manila/share/drivers/zfsonlinux/driver.py + # manila/share/drivers/zfsonlinux/utils.py + zpool: CommandFilter, zpool, root + + # manila/share/drivers/zfsonlinux/driver.py + # manila/share/drivers/zfsonlinux/utils.py + zfs: CommandFilter, zfs, root + + # manila/share/drivers/zfsonlinux/driver.py + kill: CommandFilter, kill, root + + # manila/data/utils.py: 'ls', '-pA1', '--group-directories-first', '%s' + ls: CommandFilter, ls, root + + # manila/data/utils.py: 'touch', '--reference=%s', '%s' + touch: CommandFilter, touch, root + + # manila/share/drivers/container/container.py: docker + docker: CommandFilter, docker, root + + # manila/share/drivers/container/container.py: brctl + brctl: CommandFilter, brctl, root + + # manila/share/drivers/container/storage_helper.py: e2fsck + # manila/share/drivers/generic.py: e2fsck + # manila/share/drivers/lvm.py: e2fsck + e2fsck: CommandFilter, e2fsck, root + + # manila/share/drivers/lvm.py: lvconvert --merge %s + lvconvert: CommandFilter, lvconvert, root + + # manila/data/utils.py: 'sha256sum', '%s' + sha256sum: CommandFilter, sha256sum, root + + # manila/utils.py: 'tee', '%s' + tee: CommandFilter, tee, root + + # manila/share/drivers/container/storage_helper.py: lvs -o lv_size --noheadings --nosuffix --units g + lvs: CommandFilter, lvs, root + + # manila/share/drivers/container/storage_helper.py: lvrename --autobackup n + lvrename: CommandFilter, lvrename, root + rootwrap: | + # Configuration for manila-rootwrap + # This file should be owned by (and only-writeable by) the root user + + [DEFAULT] + # List of directories to load filter definitions from (separated by ','). + # These directories MUST all be only writeable by root ! + filters_path=/etc/manila/rootwrap.d,/usr/share/manila/rootwrap + + # List of directories to search executables in, in case filters do not + # explicitly specify a full path (separated by ',') + # If not specified, defaults to system PATH environment variable. + # These directories MUST all be only writeable by root ! + exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/sbin,/usr/local/bin,/usr/lpp/mmfs/bin + + # Enable logging to syslog + # Default value is False + use_syslog=False + + # Which syslog facility to use. + # Valid values include auth, authpriv, syslog, user0, user1... + # Default value is 'syslog' + syslog_log_facility=syslog + + # Which messages to log. + # INFO means log all usage + # ERROR means only log unsuccessful attempts + syslog_log_level=ERROR + manila: + DEFAULT: + default_share_type: default + default_share_group_type: default + share_name_template: share-%s + rootwrap_config: /etc/manila/rootwrap.conf + api_paste_config: /etc/manila/api-paste.ini + enabled_share_backends: generic + enabled_share_protocols: NFS + keystone_authtoken: + auth_type: password + auth_version: v3 + memcache_security_strategy: ENCRYPT + endpoint_type: internalURL + neutron: + auth_type: password + auth_version: v3 + memcache_security_strategy: ENCRYPT + endpoint_type: internalURL + nova: + auth_type: password + auth_version: v3 + memcache_security_strategy: ENCRYPT + endpoint_type: internalURL + cinder: + auth_type: password + auth_version: v3 + memcache_security_strategy: ENCRYPT + endpoint_type: internalURL + glance: + auth_type: password + auth_version: v3 + memcache_security_strategy: ENCRYPT + endpoint_type: internalURL + database: + max_retries: -1 + generic: + share_backend_name: GENERIC + share_driver: manila.share.drivers.generic.GenericShareDriver + driver_handles_share_servers: true + # manila-service-flavor + service_instance_flavor_id: 100 + service_image_name: manila-service-image + service_instance_user: manila + service_instance_password: manila + # # Module path to the Virtual Interface (VIF) driver class. This option + # # is used only by drivers operating in + # # `driver_handles_share_servers=True` mode that provision OpenStack + # # compute instances as share servers. This option is only supported + # # with Neutron networking. Drivers provided in tree work with Linux + # # Bridge (manila.network.linux.interface.BridgeInterfaceDriver) and + # # OVS (manila.network.linux.interface.OVSInterfaceDriver). If the + # # manila-share service is running on a host that is connected to the + # # administrator network, a no-op driver + # # (manila.network.linux.interface.NoopInterfaceDriver) may be used. + # # (string value) + # interface_driver: manila.network.linux.interface.OVSInterfaceDriver + oslo_policy: + policy_file: /etc/manila/policy.yaml + oslo_concurrency: + lock_path: /var/lib/manila/tmp + oslo_messaging_notifications: + driver: messagingv2 + oslo_middleware: + enable_proxy_headers_parsing: true + oslo_messaging_rabbit: + rabbit_ha_queues: true + logging: + loggers: + keys: + - root + - manila + handlers: + keys: + - stdout + - stderr + - "null" + formatters: + keys: + - context + - default + logger_root: + level: WARNING + handlers: 'null' + logger_manila: + level: INFO + handlers: + - stdout + qualname: manila + logger_amqp: + level: WARNING + handlers: stderr + qualname: amqp + logger_amqplib: + level: WARNING + handlers: stderr + qualname: amqplib + logger_eventletwsgi: + level: WARNING + handlers: stderr + qualname: eventlet.wsgi.server + logger_sqlalchemy: + level: WARNING + handlers: stderr + qualname: sqlalchemy + logger_boto: + level: WARNING + handlers: stderr + qualname: boto + handler_null: + class: logging.NullHandler + formatter: default + args: () + handler_stdout: + class: StreamHandler + args: (sys.stdout,) + formatter: context + handler_stderr: + class: StreamHandler + args: (sys.stderr,) + formatter: context + formatter_context: + class: oslo_log.formatters.ContextFormatter + datefmt: "%Y-%m-%d %H:%M:%S" + formatter_default: + format: "%(message)s" + datefmt: "%Y-%m-%d %H:%M:%S" + rally_tests: + tests: + ManilaShares.create_and_delete_share: + - args: + share_proto: "nfs" + size: 1 + share_type: "dhss_false" + min_sleep: 1 + max_sleep: 2 + context: + quotas: + manila: + shares: 0 + gigabytes: 0 + share_networks: 0 + users: + tenants: 2 + users_per_tenant: 1 + user_choice_method: "round_robin" + manila_share_networks: + use_share_networks: true + runner: + concurrency: 4 + times: 4 + type: constant + sla: + failure_rate: + max: 0 +# Names of secrets used by bootstrap and environmental checks +secrets: + identity: + admin: manila-keystone-admin + manila: manila-keystone-user + oslo_db: + admin: manila-db-admin + manila: manila-db-user + oslo_messaging: + admin: manila-rabbitmq-admin + manila: manila-rabbitmq-user + tls: + share: + api: + public: manila-tls-public + internal: manila-tls-internal + oci_image_registry: + manila: manila-oci-image-registry + +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + manila: + username: manila + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null + identity: + name: keystone + auth: + admin: + region_name: RegionOne + username: admin + password: password + project_name: admin + user_domain_name: default + project_domain_name: default + manila: + role: admin + region_name: RegionOne + username: manila + password: password + project_name: service + user_domain_name: service + project_domain_name: service + hosts: + default: keystone + internal: keystone-api + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: http + port: + api: + default: 80 + internal: 5000 + share: + name: manila + hosts: + default: manila-api + public: manila + host_fqdn_override: + default: null + path: + default: '/v1' + scheme: + default: http + service: http + port: + api: + default: 8786 + public: 80 + service: 8786 + sharev2: + name: manilav2 + hosts: + default: manila-api + public: manila + host_fqdn_override: + default: null + path: + default: '/v2' + scheme: + default: http + service: http + port: + api: + default: 8786 + public: 80 + service: 8786 + oslo_db: + auth: + admin: + username: root + password: password + secret: + tls: + internal: mariadb-tls-direct + manila: + username: manila + password: password + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /manila + scheme: mysql+pymysql + port: + mysql: + default: 3306 + oslo_messaging: + auth: + admin: + username: rabbitmq + password: password + secret: + tls: + internal: rabbitmq-tls-direct + manila: + username: manila + password: password + statefulset: + replicas: 2 + name: rabbitmq-rabbitmq + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: /manila + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + fluentd: + namespace: null + name: fluentd + hosts: + default: fluentd-logging + host_fqdn_override: + default: null + path: + default: null + scheme: 'http' + port: + service: + default: 24224 + metrics: + default: 24220 + # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress + # They are using to enable the Egress K8s network policy. + kube_dns: + namespace: kube-system + name: kubernetes-dns + hosts: + default: kube-dns + host_fqdn_override: + default: null + path: + default: null + scheme: http + port: + dns: + default: 53 + protocol: UDP + ingress: + namespace: null + name: ingress + hosts: + default: ingress + port: + ingress: + default: 80 + +tls: + identity: false + oslo_messaging: false + oslo_db: false + +manifests: + certificates: false + configmap_bin: true + configmap_etc: true + deployment_api: true + deployment_scheduler: true + deployment_data: true + deployment_share: true + ingress_api: true + job_bootstrap: true + job_db_init: true + job_db_sync: true + job_db_drop: false + job_image_repo_sync: true + job_rabbit_init: true + job_ks_endpoints: true + job_ks_service: true + job_ks_user: true + pdb_api: true + pod_test: true + secret_db: true + network_policy: false + secret_ingress_tls: true + secret_keystone: true + secret_rabbitmq: true + secret_registry: true + service_ingress_api: true + service_api: true +... diff --git a/manila/values_overrides/apparmor.yaml b/manila/values_overrides/apparmor.yaml new file mode 100644 index 0000000000..c8288fe34b --- /dev/null +++ b/manila/values_overrides/apparmor.yaml @@ -0,0 +1,11 @@ +--- +pod: + mandatory_access_control: + type: apparmor + manila-api: + manila-api: runtime/default + init: runtime/default + manila-test: + init: runtime/default + manila-test: runtime/default +... diff --git a/manila/values_overrides/tls-offloading.yaml b/manila/values_overrides/tls-offloading.yaml new file mode 100644 index 0000000000..8ea0f6a7ce --- /dev/null +++ b/manila/values_overrides/tls-offloading.yaml @@ -0,0 +1,12 @@ +--- +endpoints: + identity: + auth: + admin: + cacert: /etc/ssl/certs/openstack-helm.crt + manila: + cacert: /etc/ssl/certs/openstack-helm.crt + +tls: + identity: true +... diff --git a/manila/values_overrides/tls.yaml b/manila/values_overrides/tls.yaml new file mode 100644 index 0000000000..99667ca857 --- /dev/null +++ b/manila/values_overrides/tls.yaml @@ -0,0 +1,4 @@ +--- +manifests: + certificates: true +... diff --git a/manila/values_overrides/xena-ubuntu_focal.yaml b/manila/values_overrides/xena-ubuntu_focal.yaml new file mode 100644 index 0000000000..38c8ff040c --- /dev/null +++ b/manila/values_overrides/xena-ubuntu_focal.yaml @@ -0,0 +1,18 @@ +--- +images: + tags: + bootstrap: docker.io/openstackhelm/heat:xena-ubuntu_focal + dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 + db_init: docker.io/openstackhelm/heat:xena-ubuntu_focal + manila_db_sync: docker.io/openstackhelm/manila:xena-ubuntu_focal + db_drop: docker.io/openstackhelm/heat:xena-ubuntu_focal + ks_user: docker.io/openstackhelm/heat:xena-ubuntu_focal + ks_service: docker.io/openstackhelm/heat:xena-ubuntu_focal + ks_endpoints: docker.io/openstackhelm/heat:xena-ubuntu_focal + manila_api: docker.io/openstackhelm/manila:xena-ubuntu_focal + manila_data: docker.io/openstackhelm/manila:xena-ubuntu_focal + manila_scheduler: docker.io/openstackhelm/manila:xena-ubuntu_focal + manila_share: docker.io/openstackhelm/manila:xena-ubuntu_focal + rabbit_init: docker.io/rabbitmq:3.7-management + image_repo_sync: docker.io/docker:17.07.0 +... diff --git a/manila/values_overrides/yoga-ubuntu_focal.yaml b/manila/values_overrides/yoga-ubuntu_focal.yaml new file mode 100644 index 0000000000..a867a10279 --- /dev/null +++ b/manila/values_overrides/yoga-ubuntu_focal.yaml @@ -0,0 +1,18 @@ +--- +images: + tags: + bootstrap: docker.io/openstackhelm/heat:yoga-ubuntu_focal + dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 + db_init: docker.io/openstackhelm/heat:yoga-ubuntu_focal + manila_db_sync: docker.io/openstackhelm/manila:yoga-ubuntu_focal + db_drop: docker.io/openstackhelm/heat:yoga-ubuntu_focal + ks_user: docker.io/openstackhelm/heat:yoga-ubuntu_focal + ks_service: docker.io/openstackhelm/heat:yoga-ubuntu_focal + ks_endpoints: docker.io/openstackhelm/heat:yoga-ubuntu_focal + manila_api: docker.io/openstackhelm/manila:yoga-ubuntu_focal + manila_data: docker.io/openstackhelm/manila:yoga-ubuntu_focal + manila_scheduler: docker.io/openstackhelm/manila:yoga-ubuntu_focal + manila_share: docker.io/openstackhelm/manila:yoga-ubuntu_focal + rabbit_init: docker.io/rabbitmq:3.7-management + image_repo_sync: docker.io/docker:17.07.0 +... diff --git a/releasenotes/notes/manila.yaml b/releasenotes/notes/manila.yaml new file mode 100644 index 0000000000..6cbc95e105 --- /dev/null +++ b/releasenotes/notes/manila.yaml @@ -0,0 +1,4 @@ +--- +manila: + - 0.1.0 Initial Chart +... diff --git a/tools/deployment/component/manila/manila.sh b/tools/deployment/component/manila/manila.sh new file mode 100755 index 0000000000..6ea8b8c967 --- /dev/null +++ b/tools/deployment/component/manila/manila.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +#NOTE: Get the over-rides to use +: ${OSH_EXTRA_HELM_ARGS_MANILA:="$(./tools/deployment/common/get-values-overrides.sh manila)"} +: ${RUN_HELM_TESTS:="no"} + +#NOTE: Lint and package chart +make manila + +#NOTE: Deploy command +helm upgrade --install --debug manila ./manila \ + --namespace=openstack \ + ${OSH_EXTRA_HELM_ARGS:=} \ + ${OSH_EXTRA_HELM_ARGS_MANILA:=} + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh openstack 1800