mattmceuen
GitHub
commit
affa1774aa
33
.github/ISSUE_TEMPLATE.md
vendored
Normal file
33
.github/ISSUE_TEMPLATE.md
vendored
Normal file
@ -0,0 +1,33 @@
|
||||
<!-- Thanks for filing an issue! Before submitting your issue, please answer the following questions.-->
|
||||
|
||||
**Is this a bug report or feature request?** (choose one):
|
||||
|
||||
<!--
|
||||
If this is a BUG REPORT, please:
|
||||
- Fill in as much of the template as possible. If you leave out
|
||||
information, we may automatically close out your pull request.
|
||||
|
||||
If this is a FEATURE REQUEST, please:
|
||||
- Describe *in detail* the feature/behavior/change you'd like to see.
|
||||
|
||||
Detailed responses allow our community to address your concerns in a timely manner.
|
||||
If we can't determine what you're asking for, we may close your issue. If you feel
|
||||
we haven't adequately addressed your issue, please feel free to reopen your issue
|
||||
and explain your issue in more detail.
|
||||
-->
|
||||
|
||||
**Kubernetes Version** (output of `kubectl version`):
|
||||
|
||||
**Helm Client and Tiller Versions** (output of `helm version`):
|
||||
|
||||
**Development or Deployment Environment?**:
|
||||
|
||||
**Release Tag or Master**:
|
||||
|
||||
**Expected Behavior**:
|
||||
|
||||
**What Actually Happened**:
|
||||
|
||||
**How to Reproduce the Issue** (as minimally as possible):
|
||||
|
||||
**Any Additional Comments**:
|
||||
14
.github/PULL_REQUEST_TEMPLATE.md
vendored
Normal file
14
.github/PULL_REQUEST_TEMPLATE.md
vendored
Normal file
@ -0,0 +1,14 @@
|
||||
<!--
|
||||
Thanks for contributing to OpenStack-Helm! Please be thorough
|
||||
when filling out your pull request. If the purpose for your pull
|
||||
request is not clear, we may close your pull request and ask you
|
||||
to resubmit.
|
||||
-->
|
||||
|
||||
**What is the purpose of this pull request?**:
|
||||
|
||||
**What issue does this pull request address?**: Fixes #
|
||||
|
||||
**Notes for reviewers to consider**:
|
||||
|
||||
**Specific reviewers for pull request**:
|
||||
10
OWNERS
Normal file
10
OWNERS
Normal file
@ -0,0 +1,10 @@
|
||||
reviewers:
|
||||
- alanmeadows
|
||||
- v1k0d3n
|
||||
- intlabs
|
||||
- wilkers-steve
|
||||
- DTadrzak
|
||||
- larryrensing
|
||||
approvers:
|
||||
- alanmeadows
|
||||
- v1k0d3n
|
||||
@ -1,5 +1,10 @@
|
||||
# Openstack-Helm
|
||||
|
||||
**Join us on [Slack](http://slack.k8s.io/):** `#openstack-helm`<br>
|
||||
**Join us on [Freenode](https://freenode.net/):** `#openstack-helm`<br>
|
||||
**Community Meetings:** [Every other Tuesday @ 3PM UTC](https://calendar.google.com/calendar/embed?src=rnd4tpeoncig91pvs05il4p29o%40group.calendar.google.com&ctz=America/New_York) (Provided by [Zoom](https://zoom.us/j/562328746))<br>
|
||||
**Community Agenda Items:** [Google Docs](https://docs.google.com/document/d/1Vm2OnMzjSru3cuvxh4Oa7R_z7staU-7ivGy8foOzDCs/edit#heading=h.bfc0dkav9gk2)
|
||||
|
||||
Openstack-Helm is a fully self-contained Helm-based OpenStack deployment on Kubernetes. It will provide baremetal provisioning, persistent storage, full-stack resiliency, full-stack scalability, performance monitoring and tracing, and an optional development pipeline (using Jenkins). This project, along with the tools used within are community-based and open sourced.
|
||||
|
||||
# Mission
|
||||
|
||||
@ -32,7 +32,7 @@ spec:
|
||||
secret:
|
||||
secretName: ceph-bootstrap-rgw-keyring
|
||||
containers:
|
||||
- name: ceph-mon
|
||||
- name: ceph-mds
|
||||
image: {{ .Values.images.daemon }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
ports:
|
||||
|
||||
@ -42,8 +42,8 @@ spec:
|
||||
value: MON_HEALTH
|
||||
- name: KV_TYPE
|
||||
value: k8s
|
||||
- name: NETWORK_AUTO_DETECT
|
||||
value: "4"
|
||||
- name: MON_IP_AUTO_DETECT
|
||||
value: "1"
|
||||
- name: CLUSTER
|
||||
value: ceph
|
||||
volumeMounts:
|
||||
@ -61,4 +61,4 @@ spec:
|
||||
cpu: {{ .Values.resources.mon_check.requests.cpu | quote }}
|
||||
limits:
|
||||
memory: {{ .Values.resources.mon_check.limits.memory | quote }}
|
||||
cpu: {{ .Values.resources.mon_check.limits.cpu | quote }}
|
||||
cpu: {{ .Values.resources.mon_check.limits.cpu | quote }}
|
||||
|
||||
@ -16,7 +16,6 @@ spec:
|
||||
app: ceph
|
||||
daemon: rgw
|
||||
spec:
|
||||
hostNetwork: true
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
serviceAccount: default
|
||||
|
||||
@ -72,10 +72,16 @@ spec:
|
||||
value: MON
|
||||
- name: KV_TYPE
|
||||
value: k8s
|
||||
- name: NETWORK_AUTO_DETECT
|
||||
value: "4"
|
||||
- name: CLUSTER
|
||||
value: ceph
|
||||
- name: NETWORK_AUTO_DETECT
|
||||
value: "0"
|
||||
- name: CEPH_PUBLIC_NETWORK
|
||||
value: {{ .Values.network.public | quote }}
|
||||
- name: MON_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
volumeMounts:
|
||||
- name: ceph-conf
|
||||
mountPath: /etc/ceph
|
||||
|
||||
@ -17,7 +17,7 @@ service:
|
||||
name: ceph-mon
|
||||
|
||||
images:
|
||||
daemon: quay.io/attcomdev/ceph-daemon:latest
|
||||
daemon: docker.io/library/ceph/daemon:tag-build-master-jewel-ubuntu-16.04
|
||||
pull_policy: IfNotPresent
|
||||
|
||||
labels:
|
||||
@ -25,6 +25,7 @@ labels:
|
||||
node_selector_value: enabled
|
||||
|
||||
network:
|
||||
public: "10.25.0.0/16"
|
||||
port:
|
||||
mon: 6789
|
||||
rgw_ingress: 80
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.api }}
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
@ -20,29 +22,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": {{ .Values.images.dep_check | quote }},
|
||||
"imagePullPolicy": {{ .Values.images.pull_policy | quote }},
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_JOBS",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
nodeSelector:
|
||||
@ -51,6 +31,15 @@ spec:
|
||||
- name: cinder-api
|
||||
image: {{ .Values.images.api }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
requests:
|
||||
memory: {{ .Values.resources.cinder_api.requests.memory | quote }}
|
||||
cpu: {{ .Values.resources.cinder_api.requests.cpu | quote }}
|
||||
limits:
|
||||
memory: {{ .Values.resources.cinder_api.limits.memory | quote }}
|
||||
cpu: {{ .Values.resources.cinder_api.limits.cpu | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- cinder-api
|
||||
- --config-dir
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.scheduler }}
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
@ -20,29 +22,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": {{ .Values.images.dep_check | quote }},
|
||||
"imagePullPolicy": {{ .Values.images.pull_policy | quote }},
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.scheduler.service }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_JOBS",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.scheduler.jobs }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
nodeSelector:
|
||||
@ -51,6 +31,15 @@ spec:
|
||||
- name: cinder-scheduler
|
||||
image: {{ .Values.images.scheduler }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
requests:
|
||||
memory: {{ .Values.resources.cinder_scheduler.requests.memory | quote }}
|
||||
cpu: {{ .Values.resources.cinder_scheduler.requests.cpu | quote }}
|
||||
limits:
|
||||
memory: {{ .Values.resources.cinder_scheduler.limits.memory | quote }}
|
||||
cpu: {{ .Values.resources.cinder_scheduler.limits.cpu | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- cinder-scheduler
|
||||
- --config-dir
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.volume }}
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
@ -20,29 +22,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": {{ .Values.images.dep_check | quote }},
|
||||
"imagePullPolicy": {{ .Values.images.pull_policy | quote }},
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.volume.service }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_JOBS",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.volume.jobs }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
nodeSelector:
|
||||
@ -51,6 +31,15 @@ spec:
|
||||
- name: cinder-volume
|
||||
image: {{ .Values.images.volume }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
requests:
|
||||
memory: {{ .Values.resources.cinder_volume.requests.memory | quote }}
|
||||
cpu: {{ .Values.resources.cinder_volume.requests.cpu | quote }}
|
||||
limits:
|
||||
memory: {{ .Values.resources.cinder_volume.limits.memory | quote }}
|
||||
cpu: {{ .Values.resources.cinder_volume.limits.cpu | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- cinder-volume
|
||||
- --config-dir
|
||||
|
||||
@ -15,7 +15,7 @@ api_paste_config = /etc/cinder/api-paste.ini
|
||||
glance_api_servers = "{{ .Values.glance.proto }}://{{ .Values.glance.host }}:{{ .Values.glance.port }}"
|
||||
glance_api_version = {{ .Values.glance.version }}
|
||||
|
||||
enabled_backends = {{ include "joinListWithColon" .Values.backends.enabled }}
|
||||
enabled_backends = {{ include "joinListWithComma" .Values.backends.enabled }}
|
||||
|
||||
auth_strategy = keystone
|
||||
os_region_name = {{ .Values.keystone.cinder_region_name }}
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_init }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
@ -7,29 +9,7 @@ spec:
|
||||
metadata:
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": {{ .Values.images.dep_check | quote }},
|
||||
"imagePullPolicy": {{ .Values.images.pull_policy | quote }},
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.db_init.service }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_JOBS",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.db_init.jobs }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
@ -39,6 +19,15 @@ spec:
|
||||
- name: cinder-db-init
|
||||
image: {{ .Values.images.db_init | quote }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy | quote }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
requests:
|
||||
memory: {{ .Values.resources.cinder_db_init.requests.memory | quote }}
|
||||
cpu: {{ .Values.resources.cinder_db_init.requests.cpu | quote }}
|
||||
limits:
|
||||
memory: {{ .Values.resources.cinder_db_init.limits.memory | quote }}
|
||||
cpu: {{ .Values.resources.cinder_db_init.limits.cpu | quote }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: ANSIBLE_LIBRARY
|
||||
value: /usr/share/ansible/
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_sync }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
@ -7,29 +9,7 @@ spec:
|
||||
metadata:
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": {{ .Values.images.dep_check | quote }},
|
||||
"imagePullPolicy": {{ .Values.images.pull_policy | quote }},
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_JOBS",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
@ -39,6 +19,15 @@ spec:
|
||||
- name: cinder-db-sync
|
||||
image: {{ .Values.images.db_sync }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
requests:
|
||||
memory: {{ .Values.resources.cinder_db_sync.requests.memory | quote }}
|
||||
cpu: {{ .Values.resources.cinder_db_sync.requests.cpu | quote }}
|
||||
limits:
|
||||
memory: {{ .Values.resources.cinder_db_sync.limits.memory | quote }}
|
||||
cpu: {{ .Values.resources.cinder_db_sync.limits.cpu | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- cinder-manage
|
||||
args:
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "cinder-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
@ -9,25 +10,7 @@ spec:
|
||||
metadata:
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": {{ .Values.images.dep_check | quote }},
|
||||
"imagePullPolicy": {{ .Values.images.pull_policy | quote }},
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
@ -39,6 +22,15 @@ spec:
|
||||
- name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }}
|
||||
image: {{ $envAll.Values.images.ks_endpoints }}
|
||||
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
|
||||
{{- if $envAll.Values.resources.enabled }}
|
||||
resources:
|
||||
requests:
|
||||
memory: {{ $envAll.Values.resources.cinder_ks_endpoints.requests.memory | quote }}
|
||||
cpu: {{ $envAll.Values.resources.cinder_ks_endpoints.requests.cpu | quote }}
|
||||
limits:
|
||||
memory: {{ $envAll.Values.resources.cinder_ks_endpoints.limits.memory | quote }}
|
||||
cpu: {{ $envAll.Values.resources.cinder_ks_endpoints.limits.cpu | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- bash
|
||||
- /tmp/ks-endpoints.sh
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
@ -9,25 +10,7 @@ spec:
|
||||
metadata:
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": {{ .Values.images.dep_check | quote }},
|
||||
"imagePullPolicy": {{ .Values.images.pull_policy | quote }},
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
@ -38,6 +21,15 @@ spec:
|
||||
- name: {{ $osServiceType }}-ks-service-registration
|
||||
image: {{ $envAll.Values.images.ks_service }}
|
||||
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
|
||||
{{- if $envAll.Values.resources.enabled }}
|
||||
resources:
|
||||
requests:
|
||||
memory: {{ $envAll.Values.resources.cinder_ks_service.requests.memory | quote }}
|
||||
cpu: {{ $envAll.Values.resources.cinder_ks_service.requests.cpu | quote }}
|
||||
limits:
|
||||
memory: {{ $envAll.Values.resources.cinder_ks_service.limits.memory | quote }}
|
||||
cpu: {{ $envAll.Values.resources.cinder_ks_service.limits.cpu | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- bash
|
||||
- /tmp/ks-service.sh
|
||||
|
||||
@ -1,5 +1,7 @@
|
||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }}
|
||||
{{- $ksUserSecret := .Values.keystone.user_secret | default "cinder-env-keystone-user" }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
@ -9,25 +11,7 @@ spec:
|
||||
metadata:
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": {{ .Values.images.dep_check | quote }},
|
||||
"imagePullPolicy": {{ .Values.images.pull_policy | quote }},
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.ks_user.service }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
@ -37,6 +21,15 @@ spec:
|
||||
- name: cinder-ks-user
|
||||
image: {{ .Values.images.ks_user }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
requests:
|
||||
memory: {{ .Values.resources.cinder_ks_user.requests.memory | quote }}
|
||||
cpu: {{ .Values.resources.cinder_ks_user.requests.cpu | quote }}
|
||||
limits:
|
||||
memory: {{ .Values.resources.cinder_ks_user.limits.memory | quote }}
|
||||
cpu: {{ .Values.resources.cinder_ks_user.limits.cpu | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- bash
|
||||
- /tmp/ks-user.sh
|
||||
|
||||
@ -183,3 +183,63 @@ endpoints:
|
||||
scheme: 'http'
|
||||
port:
|
||||
api: 8776
|
||||
|
||||
resources:
|
||||
enabled: false
|
||||
cinder_api:
|
||||
requests:
|
||||
memory: "124Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
cinder_scheduler:
|
||||
requests:
|
||||
memory: "124Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
cinder_volume:
|
||||
requests:
|
||||
memory: "124Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
cinder_db_init:
|
||||
requests:
|
||||
memory: "124Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
cinder_db_sync:
|
||||
requests:
|
||||
memory: "124Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
cinder_ks_endpoints:
|
||||
requests:
|
||||
memory: "124Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
cinder_ks_service:
|
||||
requests:
|
||||
memory: "124Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
cinder_ks_user:
|
||||
requests:
|
||||
memory: "124Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
{{- define "joinListWithColon" -}}
|
||||
{{- define "joinListWithComma" -}}
|
||||
{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
49
common/templates/snippets/_k8s_init_dep_check.tpl
Normal file
49
common/templates/snippets/_k8s_init_dep_check.tpl
Normal file
@ -0,0 +1,49 @@
|
||||
{{- define "dep_check_init_cont" -}}
|
||||
{{- $envAll := index . 0 -}}
|
||||
{{- $deps := index . 1 -}}
|
||||
{
|
||||
"name": "init",
|
||||
"image": {{ $envAll.Values.images.dep_check | quote }},
|
||||
"imagePullPolicy": {{ $envAll.Values.images.pull_policy | quote }},
|
||||
"env": [
|
||||
{
|
||||
"name": "POD_NAME",
|
||||
"valueFrom": {
|
||||
"fieldRef": {
|
||||
"APIVersion": "v1",
|
||||
"fieldPath": "metadata.name"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"valueFrom": {
|
||||
"fieldRef": {
|
||||
"APIVersion": "v1",
|
||||
"fieldPath": "metadata.namespace"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "INTERFACE_NAME",
|
||||
"value": "eth0"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithComma" $deps.service }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_JOBS",
|
||||
"value": "{{ include "joinListWithComma" $deps.jobs }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_DAEMONSET",
|
||||
"value": "{{ include "joinListWithComma" $deps.daemonset }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
{{- end -}}
|
||||
51
docs/README.md
Normal file
51
docs/README.md
Normal file
@ -0,0 +1,51 @@
|
||||
# Openstack-Helm Documentation
|
||||
|
||||
|
||||
## Table of Contents
|
||||
|
||||
## 1. [Openstack-Helm Design Principles]()
|
||||
### 1.1 [Mission](mission.md)
|
||||
##### 1.1.1 [Resiliency](mission.md#resiliency)
|
||||
##### 1.1.2 [Scaling](mission.md#scaling)
|
||||
### 1.2 [Helm Overrides]()
|
||||
##### 1.2.1 [Resource Limits]()
|
||||
##### 1.2.2 [Conditionals]()
|
||||
### 1.3 [Init-Containers]()
|
||||
##### 1.3.1 [Dependency Checking]()
|
||||
### 1.4 [Kubernetes Jobs]()
|
||||
##### 1.4.1 [Service Registration]()
|
||||
##### 1.4.2 [User Registration]()
|
||||
##### 1.4.3 [Database Creation]()
|
||||
##### 1.4.4 [Database Migration]()
|
||||
### 1.5 [Complimentary Efforts]()
|
||||
#### 1.5.1 [Image-Based Project Considerations]()
|
||||
### 1.6 [Kubernetes State]()
|
||||
#### 1.6.1 [Third Party Resources]()
|
||||
#### 1.6.2 [Add-Ons]()
|
||||
## 2. [Repository Structure]()
|
||||
### 2.1 [Infrastructure Components]()
|
||||
### 2.2 [Openstack-Helm Core Services]()
|
||||
### 2.3 [Openstack-Helm Add-Ons]()
|
||||
## 3. [Operator Resources]()
|
||||
### 3.1 [Installation](https://github.com/att-comdev/openstack-helm/blob/master/docs/installation/getting-started.md)
|
||||
### 3.2 [Openstack-Helm Chart Definition Overrides]()
|
||||
### 3.2 [Openstacak-Helm Upgrades]()
|
||||
## 4. [Openstack-Helm Networking]()
|
||||
### 4.1 [Kubernetes Control Plane]()
|
||||
#### 4.1.1 [CNI SDN Considerations]()
|
||||
#### 4.1.2 [Calico Networking]()
|
||||
### 4.2 [Ingress Philosophy]()
|
||||
### 4.3 [Openstack Networking]()
|
||||
#### 4.3.1 [Flat Networking]()
|
||||
#### 4.3.1 [L2 Networking]()
|
||||
## 5. [Security Guidelines]()
|
||||
### 5.1 [Network Policies]()
|
||||
### 5.2 [Advanced Network Policies]()
|
||||
### 5.3 [Role-Based Access Controls]()
|
||||
### 5.4 [Security Contexts]()
|
||||
### 5.5 [Security Add-Ons]()
|
||||
## 6. [Developer Resources](https://github.com/att-comdev/openstack-helm/tree/master/docs/developer)
|
||||
### 6.1 [Contributions and Guidelines]()
|
||||
### 6.2 [Development Tools]()
|
||||
#### 6.2.1 [Minikube Development](https://github.com/att-comdev/openstack-helm/blob/master/docs/developer/minikube.md)
|
||||
### 6.3 [Tips and Considerations]()
|
||||
@ -3,7 +3,9 @@
|
||||
Community development is extremely important to us. As an open source development team, we want the development of Openstack-Helm to be an easy experience. Please evaluate, and make recommendations. We want developers to feel welcome to contribute to this project. Below are some instructions and suggestions to help you get started.
|
||||
|
||||
# Requirements
|
||||
We've tried to minimize the number of prerequisites required in order to get started. The main prerequisite is to install the most recent versions of Minikube and Helm.
|
||||
We've tried to minimize the number of prerequisites required in order to get started. For most users, the main prerequisites are to install the most recent versions of Minikube and Helm. For fresh installations, you may also need to install a Hypervisor that works for your system (that is supported by [Minikube](https://kubernetes.io/docs/getting-started-guides/minikube/#requirements)).
|
||||
|
||||
**Kubectl:** Download and install the version of [`kubectl`](https://kubernetes.io/docs/getting-started-guides/kubectl/) that matches your Kubernetes deployment.
|
||||
|
||||
**Kubernetes Minikube:**
|
||||
Ensure that you have installed a recent version of [Kubernetes/Minikube](http://kubernetes.io/docs/getting-started-guides/minikube/).
|
||||
@ -19,6 +21,57 @@ $ chmod 700 get_helm.sh
|
||||
$ ./get_helm.sh
|
||||
```
|
||||
|
||||
# TLDR;
|
||||
|
||||
If your environment meets all of the prerequisites above, you can simply use the following commands:
|
||||
|
||||
```
|
||||
# Clone the project:
|
||||
git clone https://github.com/att-comdev/openstack-helm.git && cd openstack-helm
|
||||
|
||||
# Get a list of the current tags:
|
||||
git tag -l
|
||||
|
||||
# Checkout the tag you want to work with (if desired, or use master for development):
|
||||
git checkout 0.1.0
|
||||
|
||||
# Start a local Helm Server:
|
||||
helm serve &
|
||||
|
||||
# You may need to change these params for your environment. Look up use of --iso-url if needed:
|
||||
minikube start \
|
||||
--network-plugin=cni \
|
||||
--kubernetes-version v1.5.1 \
|
||||
--disk-size 40g \
|
||||
--memory 16384 \
|
||||
--cpus 4 \
|
||||
--vm-driver kvm \
|
||||
--iso-url=https://storage.googleapis.com/minikube/iso/minikube-v1.0.4.iso
|
||||
|
||||
# Deploy a CNI/SDN:
|
||||
kubectl create -f http://docs.projectcalico.org/v2.0/getting-started/kubernetes/installation/hosted/calico.yaml
|
||||
|
||||
# Initialize Helm/Deploy Tiller:
|
||||
helm init
|
||||
|
||||
# Package the Openstack-Helm Charts, and push them to your local Helm repository:
|
||||
make
|
||||
|
||||
# Label the Minikube as an Openstack Control Plane node:
|
||||
kubectl label nodes openstack-control-plane=enabled --all --namespace=openstack
|
||||
|
||||
# Deploy each chart:
|
||||
helm install --name mariadb --set development.enabled=true local/mariadb --namespace=openstack
|
||||
helm install --name=memcached local/memcached --namespace=openstack
|
||||
helm install --name=rabbitmq local/rabbitmq --namespace=openstack
|
||||
helm install --name=keystone local/keystone --namespace=openstack
|
||||
helm install --name=cinder local/cinder --namespace=openstack
|
||||
helm install --name=glance local/glance --namespace=openstack
|
||||
helm install --name=heat local/heat --namespace=openstack
|
||||
helm install --name=nova local/nova --namespace=openstack
|
||||
helm install --name=neutron local/neutron --namespace=openstack
|
||||
helm install --name=horizon local/horizon --namespace=openstack
|
||||
```
|
||||
|
||||
# Getting Started
|
||||
|
||||
|
||||
@ -190,11 +190,17 @@ Please ensure that you have verified and completed the steps above to prevent is
|
||||
Although Ceph is mentioned throughout this guide, our deployment is flexible to allow you the option of bringing any type of persistent storage. Although most of these verification steps are the same, if not very similar, we will use Ceph as our example throughout this guide.
|
||||
|
||||
## Node Labels
|
||||
First, we must label our nodes according to their role. Although we are labeling `all` nodes, you are free to label only the nodes you wish. You must have at least one, although a minimum of three are recommended.
|
||||
First, we must label our nodes according to their role. Although we are labeling `all` nodes, you are free to label only the nodes you wish. You must have at least one, although a minimum of three are recommended. Nodes are labeled according to their Openstack roles:
|
||||
|
||||
**Storage Nodes:** `ceph-storage`
|
||||
**Control Plane:** `openstack-control-plane`
|
||||
**Compute Nodes:** `openvswitch`, `openstack-compute-node`
|
||||
|
||||
```
|
||||
admin@kubenode01:~$ kubectl label nodes openstack-control-plane=enabled --all
|
||||
admin@kubenode01:~$ kubectl label nodes ceph-storage=enabled --all
|
||||
admin@kubenode01:~$ kubectl label nodes openvswitch=enabled --all
|
||||
admin@kubenode01:~$ kubectl label nodes openstack-compute-node=enabled --all
|
||||
```
|
||||
|
||||
## Obtaining the Project
|
||||
@ -262,7 +268,7 @@ Please ensure that you use ``--purge`` whenever deleting a project.
|
||||
## Ceph Installation and Verification
|
||||
Install the first service, which is Ceph. If all instructions have been followed as mentioned above, this installation should go smoothly. Use the following command to install Ceph:
|
||||
```
|
||||
admin@kubenode01:~$ helm install --name=ceph local/ceph --namespace=ceph
|
||||
admin@kubenode01:~$ helm install --set network.public=$osd_public_network --name=ceph local/ceph --namespace=ceph
|
||||
```
|
||||
|
||||
## Bootstrap Installation
|
||||
|
||||
24
docs/mission.md
Normal file
24
docs/mission.md
Normal file
@ -0,0 +1,24 @@
|
||||
# Mission
|
||||
|
||||
The goal for openstack-helm is to provide an incredibly customizable *framework* for operators and developers alike. This framework will enable end-users to deploy, maintain, and upgrade a fully functioning OpenStack environment for both simple and complex environments. Administrators or developers can either deploy all or individual OpenStack components along with their required dependencies. It heavily borrows concepts from [Stackanetes](https://github.com/stackanetes/stackanetes) and [other complex Helm application deployments](https://github.com/sapcc/openstack-helm). This project is meant to be a collaborative project that brings Openstack applications into a [Cloud-Native](https://www.cncf.io/about/charter) model.
|
||||
|
||||
## Resiliency
|
||||
|
||||
One of the goals of this project is to produce a set of charts that can be used in a production setting to deploy and upgrade OpenStack. To achieve this goal, all components must be resilient, including both OpenStack and Infrastructure components leveraged by this project. In addition, this also includes Kubernetes itself. It is part of our mission to ensure that all infrastructure components are highly available and that a deployment can withstand a physical host failure out of the box. This means that:
|
||||
|
||||
- OpenStack components need to support and deploy with multiple replicas out of the box to ensure that each chart is deployed as a single-unit production ready first class citizen (unless development mode is enabled).
|
||||
- Infrastructure elements such as Ceph, RabbitMQ, Galera (MariaDB), Memcached, and all others need to support resiliency and leverage multiple replicas for resiliency where applicable. These components also need to validate that their application level configurations (for instance the underlying Galera cluster) can tolerate host crashes and withstand physical host failures.
|
||||
- Scheduling annotations need to be employed to ensure maximum resiliency for multi-host environments. They also need to be flexible to allow all-in-one deployments. To this end, we promote the usage of `podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution` for most infrastructure elements.
|
||||
- We make the assumption that we can depend on a reliable implementation of centralized storage to create PVCs within Kubernetes to support resiliency and complex application design. Today, this is provided by the included Ceph chart. There is much work to do when making even a single backend production ready. We have chosen to focus on bringing Ceph into a production ready state, which includes handling real world deployment scenarios, resiliency, and pool configurations. In the future we would like to support more options for hardened backend PVC's. In the future, we would like to offer flexibility in choosing a hardened backend.
|
||||
- We will document the best practices for running a resilient Kubernetes cluster in production. This includes documenting the steps necessary to make all components resilient, such as Etcd and SkyDNS where possible, and point out gaps due to missing features.
|
||||
|
||||
## Scaling
|
||||
|
||||
Scaling is another first class citizen in openstack-helm. We will be working to ensure that we support various deployment models that can support hyperscale, such as:
|
||||
|
||||
- Ensuring that by default, clusters include multiple replicas to verify that scaling issues are identified early and often (unless development mode is enabled).
|
||||
- Ensuring that every chart can support more then one replica and allowing operators to override those replica counts. For some applications, this means that they support clustering.
|
||||
- Ensuring clustering style applications are not limited to fixed replica counts. For instance, we want to ensure that we can support n=Galera members and have those scale linearly, within reason, as opposed to only supporting a fixed count.
|
||||
- Duplicate charts of the same type within the same namespace. For example, deploying rabbitmq twice, to the openstack namespace resulting in two fully functioning clusters.
|
||||
- Allowing charts to be deployed to a diverse set of namespaces. For example, allowing infrastructure to be deployed in one namespace and OpenStack in another, or deploying each chart in its own namespace.
|
||||
- Supporting hyperscale configurations that call for per-component infrastructure, such as a dedicated database and RabbitMQ solely for Ceilometer, or even dedicated infrastructure(s) for every component you deploy. It is unique, large scale deployment designs such as this that only become practical under a Kubernetes/Container framework and we want to ensure that we can support them.
|
||||
@ -1,90 +0,0 @@
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: glance-api
|
||||
spec:
|
||||
replicas: {{ .Values.replicas }}
|
||||
revisionHistoryLimit: {{ .Values.upgrades.revision_history }}
|
||||
strategy:
|
||||
type: {{ .Values.upgrades.pod_replacement_strategy }}
|
||||
{{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }}
|
||||
rollingUpdate:
|
||||
maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }}
|
||||
maxSurge: {{ .Values.upgrades.rolling_update.max_surge }}
|
||||
{{ end }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: glance-api
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0",
|
||||
"imagePullPolicy": "{{ .Values.images.pull_policy }}",
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_JOBS",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
]'
|
||||
spec:
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
|
||||
containers:
|
||||
- name: glance-api
|
||||
image: {{ .Values.images.api }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
command:
|
||||
- bash
|
||||
- /tmp/start.sh
|
||||
ports:
|
||||
- containerPort: {{ .Values.network.port.api }}
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: {{ .Values.network.port.api }}
|
||||
volumeMounts:
|
||||
- name: glanceapiconf
|
||||
mountPath: /etc/glance/glance-api.conf
|
||||
subPath: glance-api.conf
|
||||
- name: startsh
|
||||
mountPath: /tmp/start.sh
|
||||
subPath: start.sh
|
||||
- name: etcglance
|
||||
mountPath: /etc/glance
|
||||
- name: cephconf
|
||||
mountPath: /etc/ceph/ceph.conf
|
||||
subPath: ceph.conf
|
||||
- name: cephclientglancekeyring
|
||||
mountPath: /etc/ceph/ceph.client.{{ .Values.ceph.glance_user }}.keyring
|
||||
subPath: ceph.client.{{ .Values.ceph.glance_user }}.keyring
|
||||
volumes:
|
||||
- name: glanceapiconf
|
||||
configMap:
|
||||
name: glance-glanceapiconf
|
||||
- name: startsh
|
||||
configMap:
|
||||
name: glance-startsh
|
||||
- name: cephconf
|
||||
configMap:
|
||||
name: glance-cephconf
|
||||
- name: cephclientglancekeyring
|
||||
configMap:
|
||||
name: glance-cephclientglancekeyring
|
||||
- name: etcglance
|
||||
emptyDir: {}
|
||||
17
glance/templates/bin/_init.sh.tpl
Normal file
17
glance/templates/bin/_init.sh.tpl
Normal file
@ -0,0 +1,17 @@
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
export HOME=/tmp
|
||||
|
||||
ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' \
|
||||
login_port='{{ .Values.database.port }}' \
|
||||
login_user='{{ .Values.database.root_user }}' \
|
||||
login_password='{{ .Values.database.root_password }}' \
|
||||
name='{{ .Values.database.glance_database_name }}'"
|
||||
|
||||
ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' \
|
||||
login_port='{{ .Values.database.port }}' \
|
||||
login_user='{{ .Values.database.root_user }}' \
|
||||
login_password='{{ .Values.database.root_password }}' \
|
||||
name='{{ .Values.database.glance_user }}' \
|
||||
password='{{ .Values.database.glance_password }}' \
|
||||
host='%' priv='{{ .Values.database.glance_database_name }}.*:ALL' append_privs='yes'"
|
||||
42
glance/templates/bin/_post.sh.tpl
Normal file
42
glance/templates/bin/_post.sh.tpl
Normal file
@ -0,0 +1,42 @@
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
export HOME=/tmp
|
||||
|
||||
ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \
|
||||
service_type=image \
|
||||
description='Openstack Image' \
|
||||
endpoint_region='{{ .Values.keystone.glance_region_name }}' \
|
||||
url='{{ include "endpoint_glance_api_internal" . }}' \
|
||||
interface=admin \
|
||||
region_name='{{ .Values.keystone.admin_region_name }}' \
|
||||
auth='{{ include "keystone_auth" . }}'" \
|
||||
-e "{'openstack_glance_auth': {{ include "keystone_auth" . }}}"
|
||||
|
||||
ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \
|
||||
service_type=image \
|
||||
description='Openstack Image' \
|
||||
endpoint_region='{{ .Values.keystone.glance_region_name }}' \
|
||||
url='{{ include "endpoint_glance_api_internal" . }}' \
|
||||
interface=internal \
|
||||
region_name='{{ .Values.keystone.admin_region_name }}' \
|
||||
auth='{{ include "keystone_auth" . }}'" \
|
||||
-e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }"
|
||||
|
||||
ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \
|
||||
service_type=image \
|
||||
description='Openstack Image' \
|
||||
endpoint_region='{{ .Values.keystone.glance_region_name }}' \
|
||||
url='{{ include "endpoint_glance_api_internal" . }}' \
|
||||
interface=public \
|
||||
region_name='{{ .Values.keystone.admin_region_name }}' \
|
||||
auth='{{ include "keystone_auth" . }}'" \
|
||||
-e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }"
|
||||
|
||||
ansible localhost -vvv -m kolla_keystone_user -a "project=service \
|
||||
user={{ .Values.keystone.glance_user }} \
|
||||
password={{ .Values.keystone.glance_password }} \
|
||||
role=admin \
|
||||
region_name={{ .Values.keystone.admin_region_name }} \
|
||||
auth='{{ include "keystone_auth" . }}'" \
|
||||
-e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }"
|
||||
|
||||
@ -1,13 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: glance-cephclientglancekeyring
|
||||
data:
|
||||
ceph.client.{{ .Values.ceph.glance_user }}.keyring: |+
|
||||
[client.{{ .Values.ceph.glance_user }}]
|
||||
{{- if .Values.ceph.glance_keyring }}
|
||||
key = {{ .Values.ceph.glance_keyring }}
|
||||
{{- else }}
|
||||
key = {{- include "secrets/ceph-client-key" . -}}
|
||||
{{- end }}
|
||||
|
||||
@ -1,23 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: glance-cephconf
|
||||
data:
|
||||
ceph.conf: |+
|
||||
[global]
|
||||
rgw_thread_pool_size = 1024
|
||||
rgw_num_rados_handles = 100
|
||||
{{- if .Values.ceph.monitors }}
|
||||
[mon]
|
||||
{{ range .Values.ceph.monitors }}
|
||||
[mon.{{ . }}]
|
||||
host = {{ . }}
|
||||
mon_addr = {{ . }}
|
||||
{{ end }}
|
||||
{{- else }}
|
||||
mon_host = ceph-mon.ceph
|
||||
{{- end }}
|
||||
[client]
|
||||
rbd_cache_enabled = true
|
||||
rbd_cache_writethrough_until_flush = true
|
||||
|
||||
9
glance/templates/configmap-bin.yaml
Normal file
9
glance/templates/configmap-bin.yaml
Normal file
@ -0,0 +1,9 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: glance-bin
|
||||
data:
|
||||
init.sh: |+
|
||||
{{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }}
|
||||
post.sh: |+
|
||||
{{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }}
|
||||
19
glance/templates/configmap-etc.yaml
Normal file
19
glance/templates/configmap-etc.yaml
Normal file
@ -0,0 +1,19 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: glance-etc
|
||||
data:
|
||||
ceph.conf: |+
|
||||
{{ tuple "etc/_ceph.conf.tpl" . | include "template" | indent 4 }}
|
||||
ceph.client.{{ .Values.ceph.glance_user }}.keyring: |+
|
||||
{{ tuple "etc/_ceph.client.glance.keyring.tpl" . | include "template" | indent 4 }}
|
||||
glance-api.conf: |+
|
||||
{{ tuple "etc/_glance-api.conf.tpl" . | include "template" | indent 4 }}
|
||||
glance-api-paste.ini: |+
|
||||
{{ tuple "etc/_glance-api-paste.ini.tpl" . | include "template" | indent 4 }}
|
||||
glance-registry.conf: |+
|
||||
{{ tuple "etc/_glance-registry.conf.tpl" . | include "template" | indent 4 }}
|
||||
glance-registry-paste.ini: |+
|
||||
{{ tuple "etc/_glance-registry-paste.ini.tpl" . | include "template" | indent 4 }}
|
||||
policy.json: |+
|
||||
{{ tuple "etc/_policy.json.tpl" . | include "template" | indent 4 }}
|
||||
@ -1,10 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: glance-dbsyncsh
|
||||
data:
|
||||
db-sync.sh: |+
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
|
||||
glance-manage db_sync
|
||||
@ -1,58 +0,0 @@
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: glance-db-sync
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0",
|
||||
"imagePullPolicy": "{{ .Values.images.pull_policy }}",
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_JOBS",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
]'
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
containers:
|
||||
- name: glance-db-sync
|
||||
image: {{ .Values.images.db_sync }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
command:
|
||||
- bash
|
||||
- /tmp/db-sync.sh
|
||||
volumeMounts:
|
||||
- name: glanceapiconf
|
||||
mountPath: /etc/glance/glance-api.conf
|
||||
subPath: glance-api.conf
|
||||
- name: dbsyncsh
|
||||
mountPath: /tmp/db-sync.sh
|
||||
subPath: db-sync.sh
|
||||
volumes:
|
||||
- name: glanceapiconf
|
||||
configMap:
|
||||
name: glance-glanceapiconf
|
||||
- name: dbsyncsh
|
||||
configMap:
|
||||
name: glance-dbsyncsh
|
||||
107
glance/templates/deployment-api.yaml
Normal file
107
glance/templates/deployment-api.yaml
Normal file
@ -0,0 +1,107 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.api }}
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: glance-api
|
||||
spec:
|
||||
{{- if .Values.development.enabled }}
|
||||
replicas: 1
|
||||
{{- else }}
|
||||
replicas: {{ .Values.replicas.api }}
|
||||
{{- end }}
|
||||
revisionHistoryLimit: {{ .Values.upgrades.revision_history }}
|
||||
strategy:
|
||||
type: {{ .Values.upgrades.pod_replacement_strategy }}
|
||||
{{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }}
|
||||
rollingUpdate:
|
||||
maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }}
|
||||
maxSurge: {{ .Values.upgrades.rolling_update.max_surge }}
|
||||
{{ end }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: glance-api
|
||||
annotations:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
containers:
|
||||
- name: glance-api
|
||||
image: {{ .Values.images.api }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
limits:
|
||||
cpu: {{ .Values.resources.api.limits.cpu | quote }}
|
||||
memory: {{ .Values.resources.api.limits.memory | quote }}
|
||||
requests:
|
||||
cpu: {{ .Values.resources.api.requests.cpu | quote }}
|
||||
memory: {{ .Values.resources.api.requests.memory | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- glance-api
|
||||
- --config-file
|
||||
- /etc/glance/glance-api.conf
|
||||
ports:
|
||||
- containerPort: {{ .Values.network.port.api }}
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: {{ .Values.network.port.api }}
|
||||
volumeMounts:
|
||||
- name: etcglance
|
||||
mountPath: /etc/glance
|
||||
- name: glanceapiconf
|
||||
mountPath: /etc/glance/glance-api.conf
|
||||
subPath: glance-api.conf
|
||||
readOnly: true
|
||||
- name: glanceapipaste
|
||||
mountPath: /etc/glance/glance-api-paste.ini
|
||||
subPath: glance-api-paste.ini
|
||||
readOnly: true
|
||||
- name: glancepolicy
|
||||
mountPath: /etc/glance/policy.json
|
||||
subPath: policy.json
|
||||
readOnly: true
|
||||
{{- if .Values.development.enabled }}
|
||||
- name: glance-data
|
||||
mountPath: /var/lib/glance/images
|
||||
{{- else }}
|
||||
- name: cephconf
|
||||
mountPath: /etc/ceph/ceph.conf
|
||||
subPath: ceph.conf
|
||||
readOnly: true
|
||||
- name: cephclientglancekeyring
|
||||
mountPath: /etc/ceph/ceph.client.{{ .Values.ceph.glance_user }}.keyring
|
||||
subPath: ceph.client.{{ .Values.ceph.glance_user }}.keyring
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: glanceapiconf
|
||||
configMap:
|
||||
name: glance-etc
|
||||
- name: glanceapipaste
|
||||
configMap:
|
||||
name: glance-etc
|
||||
{{- if .Values.development.enabled }}
|
||||
- name: glance-data
|
||||
hostPath:
|
||||
path: {{ .Values.development.storage_path }}
|
||||
{{- else }}
|
||||
- name: cephconf
|
||||
configMap:
|
||||
name: glance-etc
|
||||
- name: cephclientglancekeyring
|
||||
configMap:
|
||||
name: glance-etc
|
||||
{{- end }}
|
||||
- name: etcglance
|
||||
emptyDir: {}
|
||||
- name: glancepolicy
|
||||
configMap:
|
||||
name: glance-etc
|
||||
74
glance/templates/deployment-registry.yaml
Normal file
74
glance/templates/deployment-registry.yaml
Normal file
@ -0,0 +1,74 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.registry }}
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: glance-registry
|
||||
spec:
|
||||
{{- if .Values.development.enabled }}
|
||||
replicas: 1
|
||||
{{- else }}
|
||||
replicas: {{ .Values.replicas.registry }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: glance-registry
|
||||
annotations:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
containers:
|
||||
- name: glance-registry
|
||||
image: {{ .Values.images.registry }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
limits:
|
||||
cpu: {{ .Values.resources.registry.limits.cpu | quote }}
|
||||
memory: {{ .Values.resources.registry.limits.memory | quote }}
|
||||
requests:
|
||||
cpu: {{ .Values.resources.registry.requests.cpu | quote }}
|
||||
memory: {{ .Values.resources.registry.requests.memory | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- glance-registry
|
||||
- --config-file
|
||||
- /etc/glance/glance-registry.conf
|
||||
ports:
|
||||
- containerPort: {{ .Values.network.port.registry }}
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: {{ .Values.network.port.registry }}
|
||||
volumeMounts:
|
||||
- name: etcglance
|
||||
mountPath: /etc/glance
|
||||
- name: glanceregistryconf
|
||||
mountPath: /etc/glance/glance-registry.conf
|
||||
subPath: glance-registry.conf
|
||||
readOnly: true
|
||||
- name: glanceregistrypaste
|
||||
mountPath: /etc/glance/glance-registry-paste.ini
|
||||
subPath: glance-registry-paste.ini
|
||||
readOnly: true
|
||||
- name: glancepolicy
|
||||
mountPath: /etc/glance/policy.json
|
||||
subPath: policy.json
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: etcglance
|
||||
emptyDir: {}
|
||||
- name: glanceregistryconf
|
||||
configMap:
|
||||
name: glance-etc
|
||||
- name: glanceregistrypaste
|
||||
configMap:
|
||||
name: glance-etc
|
||||
- name: glancepolicy
|
||||
configMap:
|
||||
name: glance-etc
|
||||
6
glance/templates/etc/_ceph.client.glance.keyring.tpl
Normal file
6
glance/templates/etc/_ceph.client.glance.keyring.tpl
Normal file
@ -0,0 +1,6 @@
|
||||
[client.{{ .Values.ceph.glance_user }}]
|
||||
{{- if .Values.ceph.glance_keyring }}
|
||||
key = {{ .Values.ceph.glance_keyring }}
|
||||
{{- else }}
|
||||
key = {{- include "secrets/ceph-client-key" . -}}
|
||||
{{- end }}
|
||||
16
glance/templates/etc/_ceph.conf.tpl
Normal file
16
glance/templates/etc/_ceph.conf.tpl
Normal file
@ -0,0 +1,16 @@
|
||||
[global]
|
||||
rgw_thread_pool_size = 1024
|
||||
rgw_num_rados_handles = 100
|
||||
{{- if .Values.ceph.monitors }}
|
||||
[mon]
|
||||
{{ range .Values.ceph.monitors }}
|
||||
[mon.{{ . }}]
|
||||
host = {{ . }}
|
||||
mon_addr = {{ . }}
|
||||
{{ end }}
|
||||
{{- else }}
|
||||
mon_host = ceph-mon.ceph
|
||||
{{- end }}
|
||||
[client]
|
||||
rbd_cache_enabled = true
|
||||
rbd_cache_writethrough_until_flush = true
|
||||
90
glance/templates/etc/_glance-api-paste.ini.tpl
Normal file
90
glance/templates/etc/_glance-api-paste.ini.tpl
Normal file
@ -0,0 +1,90 @@
|
||||
# Use this pipeline for no auth or image caching - DEFAULT
|
||||
[pipeline:glance-api]
|
||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context rootapp
|
||||
|
||||
# Use this pipeline for image caching and no auth
|
||||
[pipeline:glance-api-caching]
|
||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache rootapp
|
||||
|
||||
# Use this pipeline for caching w/ management interface but no auth
|
||||
[pipeline:glance-api-cachemanagement]
|
||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
|
||||
|
||||
# Use this pipeline for keystone auth
|
||||
[pipeline:glance-api-keystone]
|
||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context rootapp
|
||||
|
||||
# Use this pipeline for keystone auth with image caching
|
||||
[pipeline:glance-api-keystone+caching]
|
||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context cache rootapp
|
||||
|
||||
# Use this pipeline for keystone auth with caching and cache management
|
||||
[pipeline:glance-api-keystone+cachemanagement]
|
||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context cache cachemanage rootapp
|
||||
|
||||
# Use this pipeline for authZ only. This means that the registry will treat a
|
||||
# user as authenticated without making requests to keystone to reauthenticate
|
||||
# the user.
|
||||
[pipeline:glance-api-trusted-auth]
|
||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context rootapp
|
||||
|
||||
# Use this pipeline for authZ only. This means that the registry will treat a
|
||||
# user as authenticated without making requests to keystone to reauthenticate
|
||||
# the user and uses cache management
|
||||
[pipeline:glance-api-trusted-auth+cachemanagement]
|
||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context cache cachemanage rootapp
|
||||
|
||||
[composite:rootapp]
|
||||
paste.composite_factory = glance.api:root_app_factory
|
||||
/: apiversions
|
||||
/v1: apiv1app
|
||||
/v2: apiv2app
|
||||
|
||||
[app:apiversions]
|
||||
paste.app_factory = glance.api.versions:create_resource
|
||||
|
||||
[app:apiv1app]
|
||||
paste.app_factory = glance.api.v1.router:API.factory
|
||||
|
||||
[app:apiv2app]
|
||||
paste.app_factory = glance.api.v2.router:API.factory
|
||||
|
||||
[filter:healthcheck]
|
||||
paste.filter_factory = oslo_middleware:Healthcheck.factory
|
||||
backends = disable_by_file
|
||||
disable_by_file_path = /etc/glance/healthcheck_disable
|
||||
|
||||
[filter:versionnegotiation]
|
||||
paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
|
||||
|
||||
[filter:cache]
|
||||
paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory
|
||||
|
||||
[filter:cachemanage]
|
||||
paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory
|
||||
|
||||
[filter:context]
|
||||
paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
|
||||
|
||||
[filter:unauthenticated-context]
|
||||
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
|
||||
|
||||
[filter:authtoken]
|
||||
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
||||
delay_auth_decision = true
|
||||
|
||||
[filter:gzip]
|
||||
paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
|
||||
|
||||
[filter:osprofiler]
|
||||
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
|
||||
hmac_keys = SECRET_KEY #DEPRECATED
|
||||
enabled = yes #DEPRECATED
|
||||
|
||||
[filter:cors]
|
||||
paste.filter_factory = oslo_middleware.cors:filter_factory
|
||||
oslo_config_project = glance
|
||||
oslo_config_program = glance-api
|
||||
|
||||
[filter:http_proxy_to_wsgi]
|
||||
paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory
|
||||
44
glance/templates/etc/_glance-api.conf.tpl
Normal file
44
glance/templates/etc/_glance-api.conf.tpl
Normal file
@ -0,0 +1,44 @@
|
||||
[DEFAULT]
|
||||
debug = {{ .Values.misc.debug }}
|
||||
use_syslog = False
|
||||
use_stderr = True
|
||||
|
||||
bind_port = {{ .Values.network.port.api }}
|
||||
workers = {{ .Values.misc.workers }}
|
||||
registry_host = glance-registry
|
||||
# Enable Copy-on-Write
|
||||
show_image_direct_url = True
|
||||
|
||||
[database]
|
||||
connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }}
|
||||
max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_uri = {{ .Values.keystone.auth_uri }}
|
||||
auth_url = {{ .Values.keystone.auth_url }}
|
||||
auth_type = password
|
||||
project_domain_id = default
|
||||
user_domain_id = default
|
||||
project_name = service
|
||||
username = {{ .Values.keystone.glance_user }}
|
||||
password = {{ .Values.keystone.glance_password }}
|
||||
|
||||
[paste_deploy]
|
||||
flavor = keystone
|
||||
|
||||
[oslo_messaging_notifications]
|
||||
driver = noop
|
||||
|
||||
[glance_store]
|
||||
filesystem_store_datadir = /var/lib/glance/images/
|
||||
{{- if .Values.development.enabled }}
|
||||
stores = file, http
|
||||
default_store = file
|
||||
{{- else }}
|
||||
stores = file, http, rbd
|
||||
default_store = rbd
|
||||
rbd_store_pool = {{ .Values.ceph.glance_pool }}
|
||||
rbd_store_user = {{ .Values.ceph.glance_user }}
|
||||
rbd_store_ceph_conf = /etc/ceph/ceph.conf
|
||||
rbd_store_chunk_size = 8
|
||||
{{- end }}
|
||||
35
glance/templates/etc/_glance-registry-paste.ini.tpl
Normal file
35
glance/templates/etc/_glance-registry-paste.ini.tpl
Normal file
@ -0,0 +1,35 @@
|
||||
# Use this pipeline for no auth - DEFAULT
|
||||
[pipeline:glance-registry]
|
||||
pipeline = healthcheck osprofiler unauthenticated-context registryapp
|
||||
|
||||
# Use this pipeline for keystone auth
|
||||
[pipeline:glance-registry-keystone]
|
||||
pipeline = healthcheck osprofiler authtoken context registryapp
|
||||
|
||||
# Use this pipeline for authZ only. This means that the registry will treat a
|
||||
# user as authenticated without making requests to keystone to reauthenticate
|
||||
# the user.
|
||||
[pipeline:glance-registry-trusted-auth]
|
||||
pipeline = healthcheck osprofiler context registryapp
|
||||
|
||||
[app:registryapp]
|
||||
paste.app_factory = glance.registry.api:API.factory
|
||||
|
||||
[filter:healthcheck]
|
||||
paste.filter_factory = oslo_middleware:Healthcheck.factory
|
||||
backends = disable_by_file
|
||||
disable_by_file_path = /etc/glance/healthcheck_disable
|
||||
|
||||
[filter:context]
|
||||
paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
|
||||
|
||||
[filter:unauthenticated-context]
|
||||
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
|
||||
|
||||
[filter:authtoken]
|
||||
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
||||
|
||||
[filter:osprofiler]
|
||||
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
|
||||
hmac_keys = SECRET_KEY #DEPRECATED
|
||||
enabled = yes #DEPRECATED
|
||||
26
glance/templates/etc/_glance-registry.conf.tpl
Normal file
26
glance/templates/etc/_glance-registry.conf.tpl
Normal file
@ -0,0 +1,26 @@
|
||||
[DEFAULT]
|
||||
debug = {{ .Values.misc.debug }}
|
||||
use_syslog = False
|
||||
use_stderr = True
|
||||
bind_port = {{ .Values.network.port.registry }}
|
||||
workers = {{ .Values.misc.workers }}
|
||||
|
||||
[database]
|
||||
connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }}
|
||||
max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_uri = {{ .Values.keystone.auth_uri }}
|
||||
auth_url = {{ .Values.keystone.auth_url }}
|
||||
auth_type = password
|
||||
project_domain_id = default
|
||||
user_domain_id = default
|
||||
project_name = service
|
||||
username = {{ .Values.keystone.glance_user }}
|
||||
password = {{ .Values.keystone.glance_password }}
|
||||
|
||||
[paste_deploy]
|
||||
flavor = keystone
|
||||
|
||||
[oslo_messaging_notifications]
|
||||
driver = noop
|
||||
61
glance/templates/etc/_policy.json.tpl
Normal file
61
glance/templates/etc/_policy.json.tpl
Normal file
@ -0,0 +1,61 @@
|
||||
{
|
||||
"context_is_admin": "role:admin",
|
||||
"default": "role:admin",
|
||||
|
||||
"add_image": "",
|
||||
"delete_image": "",
|
||||
"get_image": "",
|
||||
"get_images": "",
|
||||
"modify_image": "",
|
||||
"publicize_image": "role:admin",
|
||||
"copy_from": "",
|
||||
|
||||
"download_image": "",
|
||||
"upload_image": "",
|
||||
|
||||
"delete_image_location": "",
|
||||
"get_image_location": "",
|
||||
"set_image_location": "",
|
||||
|
||||
"add_member": "",
|
||||
"delete_member": "",
|
||||
"get_member": "",
|
||||
"get_members": "",
|
||||
"modify_member": "",
|
||||
|
||||
"manage_image_cache": "role:admin",
|
||||
|
||||
"get_task": "role:admin",
|
||||
"get_tasks": "role:admin",
|
||||
"add_task": "role:admin",
|
||||
"modify_task": "role:admin",
|
||||
|
||||
"deactivate": "",
|
||||
"reactivate": "",
|
||||
|
||||
"get_metadef_namespace": "",
|
||||
"get_metadef_namespaces":"",
|
||||
"modify_metadef_namespace":"",
|
||||
"add_metadef_namespace":"",
|
||||
|
||||
"get_metadef_object":"",
|
||||
"get_metadef_objects":"",
|
||||
"modify_metadef_object":"",
|
||||
"add_metadef_object":"",
|
||||
|
||||
"list_metadef_resource_types":"",
|
||||
"get_metadef_resource_type":"",
|
||||
"add_metadef_resource_type_association":"",
|
||||
|
||||
"get_metadef_property":"",
|
||||
"get_metadef_properties":"",
|
||||
"modify_metadef_property":"",
|
||||
"add_metadef_property":"",
|
||||
|
||||
"get_metadef_tag":"",
|
||||
"get_metadef_tags":"",
|
||||
"modify_metadef_tag":"",
|
||||
"add_metadef_tag":"",
|
||||
"add_metadef_tags":""
|
||||
|
||||
}
|
||||
@ -1,48 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: glance-glanceapiconf
|
||||
data:
|
||||
glance-api.conf: |+
|
||||
[DEFAULT]
|
||||
debug = {{ .Values.misc.debug }}
|
||||
use_syslog = False
|
||||
use_stderr = True
|
||||
|
||||
bind_port = {{ .Values.network.port.api }}
|
||||
|
||||
workers = {{ .Values.misc.workers }}
|
||||
registry_host = {{ include "glance_registry_host" . }}
|
||||
|
||||
# Enable Copy-on-Write
|
||||
show_image_direct_url = True
|
||||
|
||||
[database]
|
||||
connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }}
|
||||
max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_uri = {{ .Values.keystone.auth_uri }}
|
||||
auth_url = {{ .Values.keystone.auth_url }}
|
||||
auth_type = password
|
||||
project_domain_id = default
|
||||
user_domain_id = default
|
||||
project_name = service
|
||||
username = {{ .Values.keystone.glance_user }}
|
||||
password = {{ .Values.keystone.glance_password }}
|
||||
|
||||
[paste_deploy]
|
||||
flavor = keystone
|
||||
|
||||
[oslo_messaging_notifications]
|
||||
driver = noop
|
||||
|
||||
[glance_store]
|
||||
filesystem_store_datadir = /var/lib/glance/images/
|
||||
stores = file, http, rbd
|
||||
default_store = rbd
|
||||
rbd_store_pool = {{ .Values.ceph.glance_pool }}
|
||||
rbd_store_user = {{ .Values.ceph.glance_user }}
|
||||
rbd_store_ceph_conf = /etc/ceph/ceph.conf
|
||||
rbd_store_chunk_size = 8
|
||||
|
||||
@ -1,34 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: glance-glanceregistryconf
|
||||
data:
|
||||
glance-registry.conf: |+
|
||||
[DEFAULT]
|
||||
debug = {{ .Values.misc.debug }}
|
||||
use_syslog = False
|
||||
use_stderr = True
|
||||
|
||||
bind_port = {{ .Values.network.port.registry }}
|
||||
|
||||
workers = {{ .Values.misc.workers }}
|
||||
|
||||
[database]
|
||||
connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }}
|
||||
max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_uri = {{ .Values.keystone.auth_uri }}
|
||||
auth_url = {{ .Values.keystone.auth_url }}
|
||||
auth_type = password
|
||||
project_domain_id = default
|
||||
user_domain_id = default
|
||||
project_name = service
|
||||
username = {{ .Values.keystone.glance_user }}
|
||||
password = {{ .Values.keystone.glance_password }}
|
||||
|
||||
[paste_deploy]
|
||||
flavor = keystone
|
||||
|
||||
[oslo_messaging_notifications]
|
||||
driver = noop
|
||||
@ -1,12 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: glance-initsh
|
||||
data:
|
||||
init.sh: |+
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
export HOME=/tmp
|
||||
|
||||
ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.glance_database_name }}'"
|
||||
ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.glance_user }}' password='{{ .Values.database.glance_password }}' host='%' priv='{{ .Values.database.glance_database_name }}.*:ALL' append_privs='yes'"
|
||||
@ -1,55 +0,0 @@
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: glance-init
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0",
|
||||
"imagePullPolicy": "{{ .Values.images.pull_policy }}",
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.init.service }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_JOBS",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.init.jobs }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
]'
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
containers:
|
||||
- name: glance-init
|
||||
image: {{ .Values.images.init }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
env:
|
||||
- name: ANSIBLE_LIBRARY
|
||||
value: /usr/share/ansible/
|
||||
command:
|
||||
- bash
|
||||
- /tmp/init.sh
|
||||
volumeMounts:
|
||||
- name: initsh
|
||||
mountPath: /tmp/init.sh
|
||||
subPath: init.sh
|
||||
volumes:
|
||||
- name: initsh
|
||||
configMap:
|
||||
name: glance-initsh
|
||||
44
glance/templates/job-db-init.yaml
Normal file
44
glance/templates/job-db-init.yaml
Normal file
@ -0,0 +1,44 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.init }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: glance-db-init
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
containers:
|
||||
- name: glance-db-init
|
||||
image: {{ .Values.images.db_init }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
limits:
|
||||
cpu: {{ .Values.resources.jobs.init.limits.cpu | quote }}
|
||||
memory: {{ .Values.resources.jobs.init.limits.memory | quote }}
|
||||
requests:
|
||||
cpu: {{ .Values.resources.jobs.init.requests.cpu | quote }}
|
||||
memory: {{ .Values.resources.jobs.init.requests.memory | quote }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: ANSIBLE_LIBRARY
|
||||
value: /usr/share/ansible/
|
||||
command:
|
||||
- bash
|
||||
- /tmp/init.sh
|
||||
volumeMounts:
|
||||
- name: initsh
|
||||
mountPath: /tmp/init.sh
|
||||
subPath: init.sh
|
||||
volumes:
|
||||
- name: initsh
|
||||
configMap:
|
||||
name: glance-bin
|
||||
41
glance/templates/job-db-sync.yaml
Normal file
41
glance/templates/job-db-sync.yaml
Normal file
@ -0,0 +1,41 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_sync }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: glance-db-sync
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
containers:
|
||||
- name: glance-db-sync
|
||||
image: {{ .Values.images.db_sync }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
limits:
|
||||
cpu: {{ .Values.resources.jobs.db.limits.cpu | quote }}
|
||||
memory: {{ .Values.resources.jobs.db.limits.memory | quote }}
|
||||
requests:
|
||||
cpu: {{ .Values.resources.jobs.db.requests.cpu | quote }}
|
||||
memory: {{ .Values.resources.jobs.db.requests.memory | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- glance-manage
|
||||
- db_sync
|
||||
volumeMounts:
|
||||
- name: glanceapiconf
|
||||
mountPath: /etc/glance/glance-api.conf
|
||||
subPath: glance-api.conf
|
||||
volumes:
|
||||
- name: glanceapiconf
|
||||
configMap:
|
||||
name: glance-etc
|
||||
44
glance/templates/job-post.yaml
Normal file
44
glance/templates/job-post.yaml
Normal file
@ -0,0 +1,44 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.post }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: glance-post
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
restartPolicy: OnFailure
|
||||
containers:
|
||||
- name: glance-post
|
||||
image: {{ .Values.images.post }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
limits:
|
||||
cpu: {{ .Values.resources.jobs.post.limits.cpu | quote }}
|
||||
memory: {{ .Values.resources.jobs.post.limits.memory | quote }}
|
||||
requests:
|
||||
cpu: {{ .Values.resources.jobs.post.requests.cpu | quote }}
|
||||
memory: {{ .Values.resources.jobs.post.requests.memory | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- bash
|
||||
- /tmp/post.sh
|
||||
volumeMounts:
|
||||
- name: postsh
|
||||
mountPath: /tmp/post.sh
|
||||
subPath: post.sh
|
||||
env:
|
||||
- name: ANSIBLE_LIBRARY
|
||||
value: /usr/share/ansible/
|
||||
volumes:
|
||||
- name: postsh
|
||||
configMap:
|
||||
name: glance-bin
|
||||
@ -1,48 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: glance-postsh
|
||||
data:
|
||||
post.sh: |+
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
export HOME=/tmp
|
||||
|
||||
ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \
|
||||
service_type=image \
|
||||
description='Openstack Image' \
|
||||
endpoint_region='{{ .Values.keystone.glance_region_name }}' \
|
||||
url='{{ include "endpoint_glance_api_internal" . }}' \
|
||||
interface=admin \
|
||||
region_name='{{ .Values.keystone.admin_region_name }}' \
|
||||
auth='{{ include "keystone_auth" . }}'" \
|
||||
-e "{'openstack_glance_auth': {{ include "keystone_auth" . }}}"
|
||||
|
||||
ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \
|
||||
service_type=image \
|
||||
description='Openstack Image' \
|
||||
endpoint_region='{{ .Values.keystone.glance_region_name }}' \
|
||||
url='{{ include "endpoint_glance_api_internal" . }}' \
|
||||
interface=internal \
|
||||
region_name='{{ .Values.keystone.admin_region_name }}' \
|
||||
auth='{{ include "keystone_auth" . }}'" \
|
||||
-e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }"
|
||||
|
||||
ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \
|
||||
service_type=image \
|
||||
description='Openstack Image' \
|
||||
endpoint_region='{{ .Values.keystone.glance_region_name }}' \
|
||||
url='{{ include "endpoint_glance_api_internal" . }}' \
|
||||
interface=public \
|
||||
region_name='{{ .Values.keystone.admin_region_name }}' \
|
||||
auth='{{ include "keystone_auth" . }}'" \
|
||||
-e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }"
|
||||
|
||||
ansible localhost -vvv -m kolla_keystone_user -a "project=service \
|
||||
user={{ .Values.keystone.glance_user }} \
|
||||
password={{ .Values.keystone.glance_password }} \
|
||||
role=admin \
|
||||
region_name={{ .Values.keystone.admin_region_name }} \
|
||||
auth='{{ include "keystone_auth" . }}'" \
|
||||
-e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }"
|
||||
|
||||
@ -1,56 +0,0 @@
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: glance-post
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0",
|
||||
"imagePullPolicy": "{{ .Values.images.pull_policy }}",
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.post.service }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_JOBS",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.post.jobs }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
]'
|
||||
spec:
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
restartPolicy: OnFailure
|
||||
containers:
|
||||
- name: glance-post
|
||||
image: {{ .Values.images.post }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
command:
|
||||
- bash
|
||||
- /tmp/post.sh
|
||||
volumeMounts:
|
||||
- name: postsh
|
||||
mountPath: /tmp/post.sh
|
||||
subPath: post.sh
|
||||
env:
|
||||
- name: ANSIBLE_LIBRARY
|
||||
value: /usr/share/ansible/
|
||||
volumes:
|
||||
- name: postsh
|
||||
configMap:
|
||||
name: glance-postsh
|
||||
|
||||
@ -1,58 +0,0 @@
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: glance-registry
|
||||
spec:
|
||||
replicas: {{ .Values.replicas }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: glance-registry
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0",
|
||||
"imagePullPolicy": "{{ .Values.images.pull_policy }}",
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.registry.service }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_JOBS",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.registry.jobs }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
]'
|
||||
spec:
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
containers:
|
||||
- name: glance-registry
|
||||
image: {{ .Values.images.registry }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
command:
|
||||
- glance-registry
|
||||
ports:
|
||||
- containerPort: {{ .Values.network.port.registry }}
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: {{ .Values.network.port.registry }}
|
||||
volumeMounts:
|
||||
- name: glanceregistryconf
|
||||
mountPath: /etc/glance/glance-registry.conf
|
||||
subPath: glance-registry.conf
|
||||
volumes:
|
||||
- name: glanceregistryconf
|
||||
configMap:
|
||||
name: glance-glanceregistryconf
|
||||
@ -1,12 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: glance-startsh
|
||||
data:
|
||||
start.sh: |+
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
|
||||
cp `find / -not -path "/etc/*" -name glance-api-paste.ini` /etc/glance/
|
||||
|
||||
glance-api
|
||||
@ -1,20 +1,27 @@
|
||||
# Default values for keystone.
|
||||
# Default values for glance.
|
||||
# This is a YAML-formatted file.
|
||||
# Declare name/value pairs to be passed into your templates.
|
||||
# name: value
|
||||
|
||||
replicas: 1
|
||||
replicas:
|
||||
api: 1
|
||||
registry: 1
|
||||
|
||||
development:
|
||||
enabled: false
|
||||
storage_path: /data/openstack-helm/glance/images
|
||||
|
||||
labels:
|
||||
node_selector_key: openstack-control-plane
|
||||
node_selector_value: enabled
|
||||
|
||||
images:
|
||||
db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
|
||||
db_sync: quay.io/stackanetes/stackanetes-glance-api:newton
|
||||
api: quay.io/stackanetes/stackanetes-glance-api:newton
|
||||
init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
|
||||
registry: quay.io/stackanetes/stackanetes-glance-registry:newton
|
||||
post: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
|
||||
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0
|
||||
pull_policy: "IfNotPresent"
|
||||
|
||||
upgrades:
|
||||
@ -65,10 +72,49 @@ misc:
|
||||
workers: 8
|
||||
debug: false
|
||||
|
||||
resources:
|
||||
enabled: false
|
||||
api:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
registry:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
jobs:
|
||||
db:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
init:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
post:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
|
||||
dependencies:
|
||||
api:
|
||||
jobs:
|
||||
- glance-init
|
||||
- glance-db-init
|
||||
- glance-db-sync
|
||||
- keystone-db-sync
|
||||
service:
|
||||
@ -76,7 +122,7 @@ dependencies:
|
||||
- mariadb
|
||||
registry:
|
||||
jobs:
|
||||
- glance-init
|
||||
- glance-db-init
|
||||
- glance-db-sync
|
||||
- keystone-db-sync
|
||||
service:
|
||||
@ -85,9 +131,9 @@ dependencies:
|
||||
- glance-api
|
||||
db_sync:
|
||||
jobs:
|
||||
- keystone-init
|
||||
- keystone-db-init
|
||||
- keystone-db-sync
|
||||
- glance-init
|
||||
- glance-db-init
|
||||
- mariadb-seed
|
||||
service:
|
||||
- mariadb
|
||||
@ -98,10 +144,10 @@ dependencies:
|
||||
- mariadb
|
||||
post:
|
||||
jobs:
|
||||
- glance-init
|
||||
- glance-db-init
|
||||
- glance-db-sync
|
||||
- keystone-db-sync
|
||||
- keystone-init
|
||||
- keystone-db-init
|
||||
- mariadb-seed
|
||||
service:
|
||||
- mariadb
|
||||
@ -109,7 +155,7 @@ dependencies:
|
||||
- glance-api
|
||||
- glance-registry
|
||||
|
||||
# typically overriden by environmental
|
||||
# typically overriden by environmental
|
||||
# values, but should include all endpoints
|
||||
# required by this chart
|
||||
endpoints:
|
||||
@ -131,4 +177,3 @@ endpoints:
|
||||
port:
|
||||
admin: 35357
|
||||
public: 5000
|
||||
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.api }}
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
@ -10,29 +12,7 @@ spec:
|
||||
app: heat-api
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": {{ .Values.images.dep_check | quote }},
|
||||
"imagePullPolicy": {{ .Values.images.pull_policy | quote }},
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_JOBS",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
nodeSelector:
|
||||
@ -41,6 +21,15 @@ spec:
|
||||
- name: heat-api
|
||||
image: {{ .Values.images.api }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
requests:
|
||||
memory: {{ .Values.resources.heat_api.requests.memory | quote }}
|
||||
cpu: {{ .Values.resources.heat_api.requests.cpu | quote }}
|
||||
limits:
|
||||
memory: {{ .Values.resources.heat_api.limits.memory | quote }}
|
||||
cpu: {{ .Values.resources.heat_api.limits.cpu | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- heat-api
|
||||
- --config-dir
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.cfn }}
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
@ -10,29 +12,7 @@ spec:
|
||||
app: heat-cfn
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": {{ .Values.images.dep_check | quote }},
|
||||
"imagePullPolicy": {{ .Values.images.pull_policy | quote }},
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.cfn.service }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_JOBS",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.cfn.jobs }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
nodeSelector:
|
||||
@ -41,6 +21,15 @@ spec:
|
||||
- name: heat-cfn
|
||||
image: {{ .Values.images.cfn }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
requests:
|
||||
memory: {{ .Values.resources.heat_cfn.requests.memory | quote }}
|
||||
cpu: {{ .Values.resources.heat_cfn.requests.cpu | quote }}
|
||||
limits:
|
||||
memory: {{ .Values.resources.heat_cfn.limits.memory | quote }}
|
||||
cpu: {{ .Values.resources.heat_cfn.limits.cpu | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- heat-api-cfn
|
||||
- --config-dir
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.cloudwatch }}
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
@ -10,29 +12,7 @@ spec:
|
||||
app: heat-cloudwatch
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": {{ .Values.images.dep_check | quote }},
|
||||
"imagePullPolicy": {{ .Values.images.pull_policy | quote }},
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.cloudwatch.service }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_JOBS",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.cloudwatch.jobs }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
nodeSelector:
|
||||
@ -41,6 +21,15 @@ spec:
|
||||
- name: heat-cloudwatch
|
||||
image: {{ .Values.images.cloudwatch }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
requests:
|
||||
memory: {{ .Values.resources.heat_cloudwatch.requests.memory | quote }}
|
||||
cpu: {{ .Values.resources.heat_cloudwatch.requests.cpu | quote }}
|
||||
limits:
|
||||
memory: {{ .Values.resources.heat_cloudwatch.limits.memory | quote }}
|
||||
cpu: {{ .Values.resources.heat_cloudwatch.limits.cpu | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- heat-api-cloudwatch
|
||||
- --config-dir
|
||||
|
||||
@ -80,3 +80,11 @@ region_name = {{ .Values.keystone.heat_trustee_region_name }}
|
||||
user_domain_name = {{ .Values.keystone.heat_trustee_user_domain }}
|
||||
username = {{ .Values.keystone.heat_trustee_user }}
|
||||
password = {{ .Values.keystone.heat_trustee_password }}
|
||||
|
||||
|
||||
[clients]
|
||||
endpoint_type = internalURL
|
||||
|
||||
[clients_keystone]
|
||||
endpoint_type = internalURL
|
||||
auth_uri = {{ include "endpoint_keystone_internal" . }}
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.init }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
@ -7,29 +9,7 @@ spec:
|
||||
metadata:
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": {{ .Values.images.dep_check | quote }},
|
||||
"imagePullPolicy": {{ .Values.images.pull_policy | quote }},
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.db_init.service }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_JOBS",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.db_init.jobs }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
@ -39,6 +19,15 @@ spec:
|
||||
- name: heat-db-init
|
||||
image: {{ .Values.images.db_init | quote }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy | quote }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
requests:
|
||||
memory: {{ .Values.resources.heat_db_init.requests.memory | quote }}
|
||||
cpu: {{ .Values.resources.heat_db_init.requests.cpu | quote }}
|
||||
limits:
|
||||
memory: {{ .Values.resources.heat_db_init.limits.memory | quote }}
|
||||
cpu: {{ .Values.resources.heat_db_init.limits.cpu | quote }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: ANSIBLE_LIBRARY
|
||||
value: /usr/share/ansible/
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_sync }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
@ -7,29 +9,7 @@ spec:
|
||||
metadata:
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": {{ .Values.images.dep_check | quote }},
|
||||
"imagePullPolicy": {{ .Values.images.pull_policy | quote }},
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_JOBS",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
@ -39,6 +19,15 @@ spec:
|
||||
- name: heat-db-sync
|
||||
image: {{ .Values.images.db_sync }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
requests:
|
||||
memory: {{ .Values.resources.heat_db_sync.requests.memory | quote }}
|
||||
cpu: {{ .Values.resources.heat_db_sync.requests.cpu | quote }}
|
||||
limits:
|
||||
memory: {{ .Values.resources.heat_db_sync.limits.memory | quote }}
|
||||
cpu: {{ .Values.resources.heat_db_sync.limits.cpu | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- heat-manage
|
||||
args:
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := .Values.keystone_secrets.admin }}
|
||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
@ -9,25 +10,7 @@ spec:
|
||||
metadata:
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": {{ .Values.images.dep_check | quote }},
|
||||
"imagePullPolicy": {{ .Values.images.pull_policy | quote }},
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
@ -39,6 +22,15 @@ spec:
|
||||
- name: {{ $osServiceName }}-ks-endpoints-{{ $osServiceEndPoint }}
|
||||
image: {{ $envAll.Values.images.ks_endpoints }}
|
||||
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
|
||||
{{- if $envAll.Values.resources.enabled }}
|
||||
resources:
|
||||
requests:
|
||||
memory: {{ $envAll.Values.resources.heat_ks_endpoints.requests.memory | quote }}
|
||||
cpu: {{ $envAll.Values.resources.heat_ks_endpoints.requests.cpu | quote }}
|
||||
limits:
|
||||
memory: {{ $envAll.Values.resources.heat_ks_endpoints.limits.memory | quote }}
|
||||
cpu: {{ $envAll.Values.resources.heat_ks_endpoints.limits.cpu | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- bash
|
||||
- /tmp/ks-endpoints.sh
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := .Values.keystone_secrets.admin }}
|
||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
@ -9,25 +10,7 @@ spec:
|
||||
metadata:
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": {{ .Values.images.dep_check | quote }},
|
||||
"imagePullPolicy": {{ .Values.images.pull_policy | quote }},
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
@ -38,6 +21,15 @@ spec:
|
||||
- name: {{ $osServiceName }}-ks-service-registration
|
||||
image: {{ $envAll.Values.images.ks_service }}
|
||||
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
|
||||
{{- if $envAll.Values.resources.enabled }}
|
||||
resources:
|
||||
requests:
|
||||
memory: {{ $envAll.Values.resources.heat_ks_service.requests.memory | quote }}
|
||||
cpu: {{ $envAll.Values.resources.heat_ks_service.requests.cpu | quote }}
|
||||
limits:
|
||||
memory: {{ $envAll.Values.resources.heat_ks_service.limits.memory | quote }}
|
||||
cpu: {{ $envAll.Values.resources.heat_ks_service.limits.cpu | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- bash
|
||||
- /tmp/ks-service.sh
|
||||
@ -55,6 +47,7 @@ spec:
|
||||
- name: OS_SERVICE_TYPE
|
||||
value: {{ tuple $osServiceName $envAll | include "endpoint_type_lookup" }}
|
||||
{{- end }}
|
||||
|
||||
volumes:
|
||||
- name: ks-service-sh
|
||||
configMap:
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||
{{- $ksAdminSecret := .Values.keystone_secrets.admin }}
|
||||
{{- $ksUserSecret := .Values.keystone_secrets.user }}
|
||||
# The heat user management job is a bit different from other services as it also needs to create a stack domain and trusts user
|
||||
@ -12,25 +14,7 @@ spec:
|
||||
metadata:
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": {{ .Values.images.dep_check | quote }},
|
||||
"imagePullPolicy": {{ .Values.images.pull_policy | quote }},
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.ks_user.service }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
@ -40,6 +24,15 @@ spec:
|
||||
- name: heat-ks-user
|
||||
image: {{ .Values.images.ks_user }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
requests:
|
||||
memory: {{ .Values.resources.heat_ks_user.requests.memory | quote }}
|
||||
cpu: {{ .Values.resources.heat_ks_user.requests.cpu | quote }}
|
||||
limits:
|
||||
memory: {{ .Values.resources.heat_ks_user.limits.memory | quote }}
|
||||
cpu: {{ .Values.resources.heat_ks_user.limits.cpu | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- bash
|
||||
- /tmp/ks-user.sh
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.engine }}
|
||||
apiVersion: apps/v1beta1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
@ -11,29 +13,7 @@ spec:
|
||||
app: heat-engine
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": {{ .Values.images.dep_check | quote }},
|
||||
"imagePullPolicy": {{ .Values.images.pull_policy | quote }},
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.engine.service }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_JOBS",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.engine.jobs }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
nodeSelector:
|
||||
@ -42,6 +22,15 @@ spec:
|
||||
- name: heat-engine
|
||||
image: {{ .Values.images.engine }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
requests:
|
||||
memory: {{ .Values.resources.heat_engine.requests.memory | quote }}
|
||||
cpu: {{ .Values.resources.heat_engine.requests.cpu | quote }}
|
||||
limits:
|
||||
memory: {{ .Values.resources.heat_engine.limits.memory | quote }}
|
||||
cpu: {{ .Values.resources.heat_engine.limits.cpu | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- heat-engine
|
||||
- --config-dir
|
||||
@ -55,6 +44,10 @@ spec:
|
||||
mountPath: /etc/heat/conf/heat.conf
|
||||
subPath: heat.conf
|
||||
readOnly: true
|
||||
- name: heatpolicy
|
||||
mountPath: /etc/heat/policy.json
|
||||
subPath: policy.json
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: pod-etc-heat
|
||||
emptyDir: {}
|
||||
@ -63,3 +56,6 @@ spec:
|
||||
- name: heatconf
|
||||
configMap:
|
||||
name: heat-etc
|
||||
- name: heatpolicy
|
||||
configMap:
|
||||
name: heat-etc
|
||||
|
||||
@ -97,18 +97,8 @@ memcached:
|
||||
host: memcached
|
||||
port: 11211
|
||||
|
||||
resources:
|
||||
api:
|
||||
workers: 8
|
||||
cfn:
|
||||
workers: 8
|
||||
cloudwatch:
|
||||
workers: 8
|
||||
engine:
|
||||
workers: 8
|
||||
|
||||
misc:
|
||||
debug: false
|
||||
debug: true
|
||||
|
||||
secrets:
|
||||
keystone_admin:
|
||||
@ -206,3 +196,77 @@ endpoints:
|
||||
scheme: 'http'
|
||||
port:
|
||||
api: 8003
|
||||
|
||||
resources:
|
||||
enabled: false
|
||||
heat_api:
|
||||
requests:
|
||||
memory: "124Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
heat_cfn:
|
||||
requests:
|
||||
memory: "124Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
heat_cloudwatch:
|
||||
requests:
|
||||
memory: "124Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
heat_db_init:
|
||||
requests:
|
||||
memory: "124Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
heat_db_sync:
|
||||
requests:
|
||||
memory: "124Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
heat_ks_endpoints:
|
||||
requests:
|
||||
memory: "124Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
heat_ks_service:
|
||||
requests:
|
||||
memory: "124Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
heat_ks_user:
|
||||
requests:
|
||||
memory: "124Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
heat_engine:
|
||||
requests:
|
||||
memory: "124Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
api:
|
||||
workers: 8
|
||||
cfn:
|
||||
workers: 8
|
||||
cloudwatch:
|
||||
workers: 8
|
||||
engine:
|
||||
workers: 8
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.dashboard }}
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
@ -20,26 +22,8 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": "{{ .Values.images.entrypoint }}",
|
||||
"imagePullPolicy": "{{ .Values.images.pull_policy }}",
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.dashboard.service }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
]'
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
@ -47,6 +31,15 @@ spec:
|
||||
- name: horizon
|
||||
image: {{ .Values.images.horizon }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
limits:
|
||||
cpu: {{ .Values.resources.dashboard.limits.cpu | quote }}
|
||||
memory: {{ .Values.resources.dashboard.limits.memory | quote }}
|
||||
requests:
|
||||
cpu: {{ .Values.resources.dashboard.requests.cpu | quote }}
|
||||
memory: {{ .Values.resources.dashboard.requests.memory | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- bash
|
||||
- /tmp/start.sh
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
# Default values for memcached.
|
||||
# Default values for horizon.
|
||||
# This is a YAML-formatted file.
|
||||
# Declare name/value pairs to be passed into your templates.
|
||||
# name: value
|
||||
@ -6,7 +6,7 @@
|
||||
replicas: 1
|
||||
|
||||
images:
|
||||
entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0
|
||||
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0
|
||||
horizon: quay.io/stackanetes/stackanetes-horizon:newton
|
||||
pull_policy: "IfNotPresent"
|
||||
|
||||
@ -36,7 +36,17 @@ dependencies:
|
||||
- memcached
|
||||
- keystone-api
|
||||
|
||||
# typically overriden by environmental
|
||||
resources:
|
||||
enabled: false
|
||||
dashboard:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
|
||||
# mits:typically overriden by environmental
|
||||
# values, but should include all endpoints
|
||||
# required by this chart
|
||||
endpoints:
|
||||
|
||||
@ -1,22 +1,13 @@
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
|
||||
# order of kolla_keystone_bootstrap urls
|
||||
# for those of looking for a little expanation
|
||||
# to a mysterious blackbox
|
||||
#
|
||||
# these will feed into the keystone endpoints
|
||||
# so it is important they are correct
|
||||
#
|
||||
# keystone_admin_url
|
||||
# keystone_internal_url
|
||||
# keystone_public_url
|
||||
|
||||
keystone-manage db_sync
|
||||
kolla_keystone_bootstrap {{ .Values.keystone.admin_user }} {{ .Values.keystone.admin_password }} \
|
||||
{{ .Values.keystone.admin_project_name }} admin \
|
||||
{{ include "endpoint_keystone_admin" . }} \
|
||||
{{ include "endpoint_keystone_internal" . }} \
|
||||
{{ include "endpoint_keystone_internal" . }} \
|
||||
{{ .Values.keystone.admin_region_name }}
|
||||
keystone-manage --config-file=/etc/keystone/keystone.conf db_sync
|
||||
|
||||
keystone-manage --config-file=/etc/keystone/keystone.conf bootstrap \
|
||||
--bootstrap-username {{ .Values.keystone.admin_user }} \
|
||||
--bootstrap-password {{ .Values.keystone.admin_password }} \
|
||||
--bootstrap-project-name {{ .Values.keystone.admin_project_name }} \
|
||||
--bootstrap-admin-url {{ include "endpoint_keystone_admin" . }} \
|
||||
--bootstrap-public-url {{ include "endpoint_keystone_internal" . }} \
|
||||
--bootstrap-internal-url {{ include "endpoint_keystone_internal" . }} \
|
||||
--bootstrap-region-id {{ .Values.keystone.admin_region_name }}
|
||||
|
||||
@ -2,5 +2,20 @@
|
||||
set -ex
|
||||
export HOME=/tmp
|
||||
|
||||
ansible localhost -vvv -m mysql_db -a "login_host='{{ include "keystone_db_host" . }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.keystone_database_name }}'"
|
||||
ansible localhost -vvv -m mysql_user -a "login_host='{{ include "keystone_db_host" . }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.keystone_user }}' password='{{ .Values.database.keystone_password }}' host='%' priv='{{ .Values.database.keystone_database_name }}.*:ALL' append_privs='yes'"
|
||||
ansible localhost -vvv \
|
||||
-m mysql_db -a "login_host='{{ include "keystone_db_host" . }}' \
|
||||
login_port='{{ .Values.database.port }}' \
|
||||
login_user='{{ .Values.database.root_user }}' \
|
||||
login_password='{{ .Values.database.root_password }}' \
|
||||
name='{{ .Values.database.keystone_database_name }}'"
|
||||
|
||||
ansible localhost -vvv \
|
||||
-m mysql_user -a "login_host='{{ include "keystone_db_host" . }}' \
|
||||
login_port='{{ .Values.database.port }}' \
|
||||
login_user='{{ .Values.database.root_user }}' \
|
||||
login_password='{{ .Values.database.root_password }}' \
|
||||
name='{{ .Values.database.keystone_user }}' \
|
||||
password='{{ .Values.database.keystone_password }}' \
|
||||
host='%' \
|
||||
priv='{{ .Values.database.keystone_database_name }}.*:ALL' \
|
||||
append_privs='yes'"
|
||||
|
||||
@ -1,8 +1,10 @@
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
|
||||
# Loading Apache2 ENV variables
|
||||
source /etc/apache2/envvars
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
|
||||
# start apache with any container arguments
|
||||
apache2 -DFOREGROUND $*
|
||||
if [ -f /etc/apache2/envvars ]; then
|
||||
# Loading Apache2 ENV variables
|
||||
source /etc/apache2/envvars
|
||||
fi
|
||||
|
||||
# Start Apache2
|
||||
exec apache2 -DFOREGROUND
|
||||
|
||||
@ -6,6 +6,12 @@ data:
|
||||
keystone.conf: |+
|
||||
{{ tuple "etc/_keystone.conf.tpl" . | include "template" | indent 4 }}
|
||||
mpm_event.conf: |+
|
||||
{{ tuple "etc/_mpm_event.conf.tpl" . | include "template" | indent 4 }}
|
||||
{{ tuple "etc/_mpm_event.conf.tpl" . | include "template" | indent 4 }}
|
||||
wsgi-keystone.conf: |+
|
||||
{{ tuple "etc/_wsgi-keystone.conf.tpl" . | include "template" | indent 4 }}
|
||||
policy.json: |+
|
||||
{{ tuple "etc/_policy.json.tpl" . | include "template" | indent 4 }}
|
||||
keystone-paste.ini: |+
|
||||
{{ tuple "etc/_keystone-paste.ini.tpl" . | include "template" | indent 4 }}
|
||||
sso_callback_template.html: |+
|
||||
{{ tuple "etc/_sso_callback_template.html.tpl" . | include "template" | indent 4 }}
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependecies := .Values.dependencies.api }}
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
@ -11,42 +13,16 @@ spec:
|
||||
rollingUpdate:
|
||||
maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }}
|
||||
maxSurge: {{ .Values.upgrades.rolling_update.max_surge }}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: keystone-api
|
||||
annotations:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": "{{ .Values.images.entrypoint }}",
|
||||
"imagePullPolicy": "{{ .Values.images.pull_policy }}",
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "INTERFACE_NAME",
|
||||
"value": "eth0"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_JOBS",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
{{ tuple $envAll $dependecies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
nodeSelector:
|
||||
@ -55,32 +31,77 @@ spec:
|
||||
- name: keystone-api
|
||||
image: {{ .Values.images.api }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
limits:
|
||||
cpu: {{ .Values.resources.api.limits.cpu | quote }}
|
||||
memory: {{ .Values.resources.api.limits.memory | quote }}
|
||||
requests:
|
||||
cpu: {{ .Values.resources.api.requests.cpu | quote }}
|
||||
memory: {{ .Values.resources.api.requests.memory | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- bash
|
||||
- /tmp/start.sh
|
||||
ports:
|
||||
- containerPort: {{ .Values.network.port.public }}
|
||||
- containerPort: {{ .Values.network.port.admin }}
|
||||
lifecycle:
|
||||
preStop:
|
||||
exec:
|
||||
command:
|
||||
- apachectl
|
||||
- -k
|
||||
- graceful-stop
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: {{ .Values.network.port.public }}
|
||||
volumeMounts:
|
||||
- name: pod-etc-keystone
|
||||
mountPath: /etc/keystone
|
||||
- name: keystoneconf
|
||||
mountPath: /etc/keystone/keystone.conf
|
||||
subPath: keystone.conf
|
||||
readOnly: true
|
||||
- name: keystonepaste
|
||||
mountPath: /etc/keystone/keystone-paste.ini
|
||||
subPath: keystone-paste.ini
|
||||
readOnly: true
|
||||
- name: keystonepolicy
|
||||
mountPath: /etc/keystone/policy.json
|
||||
subPath: policy.json
|
||||
readOnly: true
|
||||
- name: keystonessotemplate
|
||||
mountPath: /etc/keystone/sso_callback_template.html
|
||||
subPath: sso_callback_template.html
|
||||
readOnly: true
|
||||
- name: wsgikeystone
|
||||
mountPath: /etc/apache2/conf-enabled/wsgi-keystone.conf
|
||||
subPath: wsgi-keystone.conf
|
||||
readOnly: true
|
||||
- name: mpmeventconf
|
||||
mountPath: /etc/apache2/mods-available/mpm_event.conf
|
||||
subPath: mpm_event.conf
|
||||
readOnly: true
|
||||
- name: startsh
|
||||
mountPath: /tmp/start.sh
|
||||
subPath: start.sh
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: pod-etc-keystone
|
||||
emptyDir: {}
|
||||
- name: keystoneconf
|
||||
configMap:
|
||||
name: keystone-etc
|
||||
- name: keystonepaste
|
||||
configMap:
|
||||
name: keystone-etc
|
||||
- name: keystonepolicy
|
||||
configMap:
|
||||
name: keystone-etc
|
||||
- name: keystonessotemplate
|
||||
configMap:
|
||||
name: keystone-etc
|
||||
- name: wsgikeystone
|
||||
configMap:
|
||||
name: keystone-etc
|
||||
@ -90,4 +111,3 @@ spec:
|
||||
- name: startsh
|
||||
configMap:
|
||||
name: keystone-bin
|
||||
|
||||
|
||||
97
keystone/templates/etc/_keystone-paste.ini.tpl
Normal file
97
keystone/templates/etc/_keystone-paste.ini.tpl
Normal file
@ -0,0 +1,97 @@
|
||||
# Keystone PasteDeploy configuration file.
|
||||
|
||||
[filter:debug]
|
||||
use = egg:oslo.middleware#debug
|
||||
|
||||
[filter:request_id]
|
||||
use = egg:oslo.middleware#request_id
|
||||
|
||||
[filter:build_auth_context]
|
||||
use = egg:keystone#build_auth_context
|
||||
|
||||
[filter:token_auth]
|
||||
use = egg:keystone#token_auth
|
||||
|
||||
[filter:admin_token_auth]
|
||||
# This is deprecated in the M release and will be removed in the O release.
|
||||
# Use `keystone-manage bootstrap` and remove this from the pipelines below.
|
||||
use = egg:keystone#admin_token_auth
|
||||
|
||||
[filter:json_body]
|
||||
use = egg:keystone#json_body
|
||||
|
||||
[filter:cors]
|
||||
use = egg:oslo.middleware#cors
|
||||
oslo_config_project = keystone
|
||||
|
||||
[filter:http_proxy_to_wsgi]
|
||||
use = egg:oslo.middleware#http_proxy_to_wsgi
|
||||
|
||||
[filter:healthcheck]
|
||||
use = egg:oslo.middleware#healthcheck
|
||||
|
||||
[filter:ec2_extension]
|
||||
use = egg:keystone#ec2_extension
|
||||
|
||||
[filter:ec2_extension_v3]
|
||||
use = egg:keystone#ec2_extension_v3
|
||||
|
||||
[filter:s3_extension]
|
||||
use = egg:keystone#s3_extension
|
||||
|
||||
[filter:url_normalize]
|
||||
use = egg:keystone#url_normalize
|
||||
|
||||
[filter:sizelimit]
|
||||
use = egg:oslo.middleware#sizelimit
|
||||
|
||||
[filter:osprofiler]
|
||||
use = egg:osprofiler#osprofiler
|
||||
|
||||
[app:public_service]
|
||||
use = egg:keystone#public_service
|
||||
|
||||
[app:service_v3]
|
||||
use = egg:keystone#service_v3
|
||||
|
||||
[app:admin_service]
|
||||
use = egg:keystone#admin_service
|
||||
|
||||
[pipeline:public_api]
|
||||
# The last item in this pipeline must be public_service or an equivalent
|
||||
# application. It cannot be a filter.
|
||||
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension public_service
|
||||
|
||||
[pipeline:admin_api]
|
||||
# The last item in this pipeline must be admin_service or an equivalent
|
||||
# application. It cannot be a filter.
|
||||
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension admin_service
|
||||
|
||||
[pipeline:api_v3]
|
||||
# The last item in this pipeline must be service_v3 or an equivalent
|
||||
# application. It cannot be a filter.
|
||||
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3
|
||||
|
||||
[app:public_version_service]
|
||||
use = egg:keystone#public_version_service
|
||||
|
||||
[app:admin_version_service]
|
||||
use = egg:keystone#admin_version_service
|
||||
|
||||
[pipeline:public_version_api]
|
||||
pipeline = healthcheck cors sizelimit osprofiler url_normalize public_version_service
|
||||
|
||||
[pipeline:admin_version_api]
|
||||
pipeline = healthcheck cors sizelimit osprofiler url_normalize admin_version_service
|
||||
|
||||
[composite:main]
|
||||
use = egg:Paste#urlmap
|
||||
/v2.0 = public_api
|
||||
/v3 = api_v3
|
||||
/ = public_version_api
|
||||
|
||||
[composite:admin]
|
||||
use = egg:Paste#urlmap
|
||||
/v2.0 = admin_api
|
||||
/v3 = api_v3
|
||||
/ = admin_version_api
|
||||
@ -1,5 +1,5 @@
|
||||
[DEFAULT]
|
||||
debug = {{ .Values.misc.debug }}
|
||||
debug = {{ .Values.api.default.debug }}
|
||||
use_syslog = False
|
||||
use_stderr = True
|
||||
|
||||
@ -10,6 +10,9 @@ max_retries = -1
|
||||
[memcache]
|
||||
servers = {{ include "memcached_host" . }}:11211
|
||||
|
||||
[token]
|
||||
provider = {{ .Values.api.token.provider }}
|
||||
|
||||
[cache]
|
||||
backend = dogpile.cache.memcached
|
||||
memcache_servers = {{ include "memcached_host" . }}:11211
|
||||
|
||||
199
keystone/templates/etc/_policy.json.tpl
Normal file
199
keystone/templates/etc/_policy.json.tpl
Normal file
@ -0,0 +1,199 @@
|
||||
{
|
||||
"admin_required": "role:admin or is_admin:1",
|
||||
"service_role": "role:service",
|
||||
"service_or_admin": "rule:admin_required or rule:service_role",
|
||||
"owner" : "user_id:%(user_id)s",
|
||||
"admin_or_owner": "rule:admin_required or rule:owner",
|
||||
"token_subject": "user_id:%(target.token.user_id)s",
|
||||
"admin_or_token_subject": "rule:admin_required or rule:token_subject",
|
||||
"service_admin_or_token_subject": "rule:service_or_admin or rule:token_subject",
|
||||
|
||||
"default": "rule:admin_required",
|
||||
|
||||
"identity:get_region": "",
|
||||
"identity:list_regions": "",
|
||||
"identity:create_region": "rule:admin_required",
|
||||
"identity:update_region": "rule:admin_required",
|
||||
"identity:delete_region": "rule:admin_required",
|
||||
|
||||
"identity:get_service": "rule:admin_required",
|
||||
"identity:list_services": "rule:admin_required",
|
||||
"identity:create_service": "rule:admin_required",
|
||||
"identity:update_service": "rule:admin_required",
|
||||
"identity:delete_service": "rule:admin_required",
|
||||
|
||||
"identity:get_endpoint": "rule:admin_required",
|
||||
"identity:list_endpoints": "rule:admin_required",
|
||||
"identity:create_endpoint": "rule:admin_required",
|
||||
"identity:update_endpoint": "rule:admin_required",
|
||||
"identity:delete_endpoint": "rule:admin_required",
|
||||
|
||||
"identity:get_domain": "rule:admin_required or token.project.domain.id:%(target.domain.id)s",
|
||||
"identity:list_domains": "rule:admin_required",
|
||||
"identity:create_domain": "rule:admin_required",
|
||||
"identity:update_domain": "rule:admin_required",
|
||||
"identity:delete_domain": "rule:admin_required",
|
||||
|
||||
"identity:get_project": "rule:admin_required or project_id:%(target.project.id)s",
|
||||
"identity:list_projects": "rule:admin_required",
|
||||
"identity:list_user_projects": "rule:admin_or_owner",
|
||||
"identity:create_project": "rule:admin_required",
|
||||
"identity:update_project": "rule:admin_required",
|
||||
"identity:delete_project": "rule:admin_required",
|
||||
|
||||
"identity:get_user": "rule:admin_or_owner",
|
||||
"identity:list_users": "rule:admin_required",
|
||||
"identity:create_user": "rule:admin_required",
|
||||
"identity:update_user": "rule:admin_required",
|
||||
"identity:delete_user": "rule:admin_required",
|
||||
"identity:change_password": "rule:admin_or_owner",
|
||||
|
||||
"identity:get_group": "rule:admin_required",
|
||||
"identity:list_groups": "rule:admin_required",
|
||||
"identity:list_groups_for_user": "rule:admin_or_owner",
|
||||
"identity:create_group": "rule:admin_required",
|
||||
"identity:update_group": "rule:admin_required",
|
||||
"identity:delete_group": "rule:admin_required",
|
||||
"identity:list_users_in_group": "rule:admin_required",
|
||||
"identity:remove_user_from_group": "rule:admin_required",
|
||||
"identity:check_user_in_group": "rule:admin_required",
|
||||
"identity:add_user_to_group": "rule:admin_required",
|
||||
|
||||
"identity:get_credential": "rule:admin_required",
|
||||
"identity:list_credentials": "rule:admin_required",
|
||||
"identity:create_credential": "rule:admin_required",
|
||||
"identity:update_credential": "rule:admin_required",
|
||||
"identity:delete_credential": "rule:admin_required",
|
||||
|
||||
"identity:ec2_get_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)",
|
||||
"identity:ec2_list_credentials": "rule:admin_or_owner",
|
||||
"identity:ec2_create_credential": "rule:admin_or_owner",
|
||||
"identity:ec2_delete_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)",
|
||||
|
||||
"identity:get_role": "rule:admin_required",
|
||||
"identity:list_roles": "rule:admin_required",
|
||||
"identity:create_role": "rule:admin_required",
|
||||
"identity:update_role": "rule:admin_required",
|
||||
"identity:delete_role": "rule:admin_required",
|
||||
"identity:get_domain_role": "rule:admin_required",
|
||||
"identity:list_domain_roles": "rule:admin_required",
|
||||
"identity:create_domain_role": "rule:admin_required",
|
||||
"identity:update_domain_role": "rule:admin_required",
|
||||
"identity:delete_domain_role": "rule:admin_required",
|
||||
|
||||
"identity:get_implied_role": "rule:admin_required ",
|
||||
"identity:list_implied_roles": "rule:admin_required",
|
||||
"identity:create_implied_role": "rule:admin_required",
|
||||
"identity:delete_implied_role": "rule:admin_required",
|
||||
"identity:list_role_inference_rules": "rule:admin_required",
|
||||
"identity:check_implied_role": "rule:admin_required",
|
||||
|
||||
"identity:check_grant": "rule:admin_required",
|
||||
"identity:list_grants": "rule:admin_required",
|
||||
"identity:create_grant": "rule:admin_required",
|
||||
"identity:revoke_grant": "rule:admin_required",
|
||||
|
||||
"identity:list_role_assignments": "rule:admin_required",
|
||||
"identity:list_role_assignments_for_tree": "rule:admin_required",
|
||||
|
||||
"identity:get_policy": "rule:admin_required",
|
||||
"identity:list_policies": "rule:admin_required",
|
||||
"identity:create_policy": "rule:admin_required",
|
||||
"identity:update_policy": "rule:admin_required",
|
||||
"identity:delete_policy": "rule:admin_required",
|
||||
|
||||
"identity:check_token": "rule:admin_or_token_subject",
|
||||
"identity:validate_token": "rule:service_admin_or_token_subject",
|
||||
"identity:validate_token_head": "rule:service_or_admin",
|
||||
"identity:revocation_list": "rule:service_or_admin",
|
||||
"identity:revoke_token": "rule:admin_or_token_subject",
|
||||
|
||||
"identity:create_trust": "user_id:%(trust.trustor_user_id)s",
|
||||
"identity:list_trusts": "",
|
||||
"identity:list_roles_for_trust": "",
|
||||
"identity:get_role_for_trust": "",
|
||||
"identity:delete_trust": "",
|
||||
|
||||
"identity:create_consumer": "rule:admin_required",
|
||||
"identity:get_consumer": "rule:admin_required",
|
||||
"identity:list_consumers": "rule:admin_required",
|
||||
"identity:delete_consumer": "rule:admin_required",
|
||||
"identity:update_consumer": "rule:admin_required",
|
||||
|
||||
"identity:authorize_request_token": "rule:admin_required",
|
||||
"identity:list_access_token_roles": "rule:admin_required",
|
||||
"identity:get_access_token_role": "rule:admin_required",
|
||||
"identity:list_access_tokens": "rule:admin_required",
|
||||
"identity:get_access_token": "rule:admin_required",
|
||||
"identity:delete_access_token": "rule:admin_required",
|
||||
|
||||
"identity:list_projects_for_endpoint": "rule:admin_required",
|
||||
"identity:add_endpoint_to_project": "rule:admin_required",
|
||||
"identity:check_endpoint_in_project": "rule:admin_required",
|
||||
"identity:list_endpoints_for_project": "rule:admin_required",
|
||||
"identity:remove_endpoint_from_project": "rule:admin_required",
|
||||
|
||||
"identity:create_endpoint_group": "rule:admin_required",
|
||||
"identity:list_endpoint_groups": "rule:admin_required",
|
||||
"identity:get_endpoint_group": "rule:admin_required",
|
||||
"identity:update_endpoint_group": "rule:admin_required",
|
||||
"identity:delete_endpoint_group": "rule:admin_required",
|
||||
"identity:list_projects_associated_with_endpoint_group": "rule:admin_required",
|
||||
"identity:list_endpoints_associated_with_endpoint_group": "rule:admin_required",
|
||||
"identity:get_endpoint_group_in_project": "rule:admin_required",
|
||||
"identity:list_endpoint_groups_for_project": "rule:admin_required",
|
||||
"identity:add_endpoint_group_to_project": "rule:admin_required",
|
||||
"identity:remove_endpoint_group_from_project": "rule:admin_required",
|
||||
|
||||
"identity:create_identity_provider": "rule:admin_required",
|
||||
"identity:list_identity_providers": "rule:admin_required",
|
||||
"identity:get_identity_providers": "rule:admin_required",
|
||||
"identity:update_identity_provider": "rule:admin_required",
|
||||
"identity:delete_identity_provider": "rule:admin_required",
|
||||
|
||||
"identity:create_protocol": "rule:admin_required",
|
||||
"identity:update_protocol": "rule:admin_required",
|
||||
"identity:get_protocol": "rule:admin_required",
|
||||
"identity:list_protocols": "rule:admin_required",
|
||||
"identity:delete_protocol": "rule:admin_required",
|
||||
|
||||
"identity:create_mapping": "rule:admin_required",
|
||||
"identity:get_mapping": "rule:admin_required",
|
||||
"identity:list_mappings": "rule:admin_required",
|
||||
"identity:delete_mapping": "rule:admin_required",
|
||||
"identity:update_mapping": "rule:admin_required",
|
||||
|
||||
"identity:create_service_provider": "rule:admin_required",
|
||||
"identity:list_service_providers": "rule:admin_required",
|
||||
"identity:get_service_provider": "rule:admin_required",
|
||||
"identity:update_service_provider": "rule:admin_required",
|
||||
"identity:delete_service_provider": "rule:admin_required",
|
||||
|
||||
"identity:get_auth_catalog": "",
|
||||
"identity:get_auth_projects": "",
|
||||
"identity:get_auth_domains": "",
|
||||
|
||||
"identity:list_projects_for_user": "",
|
||||
"identity:list_domains_for_user": "",
|
||||
|
||||
"identity:list_revoke_events": "rule:service_or_admin",
|
||||
|
||||
"identity:create_policy_association_for_endpoint": "rule:admin_required",
|
||||
"identity:check_policy_association_for_endpoint": "rule:admin_required",
|
||||
"identity:delete_policy_association_for_endpoint": "rule:admin_required",
|
||||
"identity:create_policy_association_for_service": "rule:admin_required",
|
||||
"identity:check_policy_association_for_service": "rule:admin_required",
|
||||
"identity:delete_policy_association_for_service": "rule:admin_required",
|
||||
"identity:create_policy_association_for_region_and_service": "rule:admin_required",
|
||||
"identity:check_policy_association_for_region_and_service": "rule:admin_required",
|
||||
"identity:delete_policy_association_for_region_and_service": "rule:admin_required",
|
||||
"identity:get_policy_for_endpoint": "rule:admin_required",
|
||||
"identity:list_endpoints_for_policy": "rule:admin_required",
|
||||
|
||||
"identity:create_domain_config": "rule:admin_required",
|
||||
"identity:get_domain_config": "rule:admin_required",
|
||||
"identity:get_security_compliance_domain_config": "",
|
||||
"identity:update_domain_config": "rule:admin_required",
|
||||
"identity:delete_domain_config": "rule:admin_required",
|
||||
"identity:get_domain_config_default": "rule:admin_required"
|
||||
}
|
||||
22
keystone/templates/etc/_sso_callback_template.html.tpl
Normal file
22
keystone/templates/etc/_sso_callback_template.html.tpl
Normal file
@ -0,0 +1,22 @@
|
||||
<!DOCTYPE html>
|
||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||
<head>
|
||||
<title>Keystone WebSSO redirect</title>
|
||||
</head>
|
||||
<body>
|
||||
<form id="sso" name="sso" action="$host" method="post">
|
||||
Please wait...
|
||||
<br/>
|
||||
<input type="hidden" name="token" id="token" value="$token"/>
|
||||
<noscript>
|
||||
<input type="submit" name="submit_no_javascript" id="submit_no_javascript"
|
||||
value="If your JavaScript is disabled, please click to continue"/>
|
||||
</noscript>
|
||||
</form>
|
||||
<script type="text/javascript">
|
||||
window.onload = function() {
|
||||
document.forms['sso'].submit();
|
||||
}
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
@ -1,8 +1,11 @@
|
||||
Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.public }}
|
||||
Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.admin }}
|
||||
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
|
||||
|
||||
<VirtualHost *:{{ .Values.network.port.public }}>
|
||||
WSGIDaemonProcess keystone-public processes=16 threads=6 user=keystone group=keystone display-name=%{GROUP}
|
||||
WSGIDaemonProcess keystone-public processes=1 threads=4 user=keystone group=keystone display-name=%{GROUP}
|
||||
WSGIProcessGroup keystone-public
|
||||
WSGIScriptAlias / /var/www/cgi-bin/keystone/main
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
@ -10,12 +13,15 @@ Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.admin }}
|
||||
<IfVersion >= 2.4>
|
||||
ErrorLogFormat "%{cu}t %M"
|
||||
</IfVersion>
|
||||
ErrorLog "|$/bin/cat 1>&2"
|
||||
CustomLog "|/bin/cat" combined
|
||||
ErrorLog /dev/stderr
|
||||
|
||||
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
|
||||
CustomLog /dev/stdout combined env=!forwarded
|
||||
CustomLog /dev/stdout proxy env=forwarded
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost *:{{ .Values.network.port.admin }}>
|
||||
WSGIDaemonProcess keystone-admin processes=16 threads=5 user=keystone group=keystone display-name=%{GROUP}
|
||||
WSGIDaemonProcess keystone-admin processes=1 threads=4 user=keystone group=keystone display-name=%{GROUP}
|
||||
WSGIProcessGroup keystone-admin
|
||||
WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
@ -23,6 +29,9 @@ Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.admin }}
|
||||
<IfVersion >= 2.4>
|
||||
ErrorLogFormat "%{cu}t %M"
|
||||
</IfVersion>
|
||||
ErrorLog "|$/bin/cat 1>&2"
|
||||
CustomLog "|/bin/cat" combined
|
||||
ErrorLog /dev/stderr
|
||||
|
||||
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
|
||||
CustomLog /dev/stdout combined env=!forwarded
|
||||
CustomLog /dev/stdout proxy env=forwarded
|
||||
</VirtualHost>
|
||||
|
||||
41
keystone/templates/job-db-init.yaml
Normal file
41
keystone/templates/job-db-init.yaml
Normal file
@ -0,0 +1,41 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.init }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: keystone-db-init
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
containers:
|
||||
- name: keystone-db-init
|
||||
image: {{ .Values.images.db_init }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
limits:
|
||||
cpu: {{ .Values.resources.jobs.init.limits.cpu | quote }}
|
||||
memory: {{ .Values.resources.jobs.init.limits.memory | quote }}
|
||||
requests:
|
||||
cpu: {{ .Values.resources.jobs.init.requests.cpu | quote }}
|
||||
memory: {{ .Values.resources.jobs.init.requests.memory | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- bash
|
||||
- /tmp/init.sh
|
||||
volumeMounts:
|
||||
- name: keystone-bin
|
||||
mountPath: /tmp/init.sh
|
||||
subPath: init.sh
|
||||
volumes:
|
||||
- name: keystone-bin
|
||||
configMap:
|
||||
name: keystone-bin
|
||||
@ -1,3 +1,5 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependecies := .Values.dependencies.db_sync }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
@ -7,29 +9,7 @@ spec:
|
||||
metadata:
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": "{{ .Values.images.entrypoint }}",
|
||||
"imagePullPolicy": "{{ .Values.images.pull_policy }}",
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_JOBS",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
{{ tuple $envAll $dependecies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
@ -39,17 +19,32 @@ spec:
|
||||
- name: keystone-db-sync
|
||||
image: {{ .Values.images.db_sync }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
limits:
|
||||
cpu: {{ .Values.resources.jobs.db_sync.limits.cpu | quote }}
|
||||
memory: {{ .Values.resources.jobs.db_sync.limits.memory | quote }}
|
||||
requests:
|
||||
cpu: {{ .Values.resources.jobs.db_sync.requests.cpu | quote }}
|
||||
memory: {{ .Values.resources.jobs.db_sync.requests.memory | quote }}
|
||||
{{- end }}
|
||||
command:
|
||||
- bash
|
||||
- /tmp/db-sync.sh
|
||||
volumeMounts:
|
||||
- name: pod-etc-keystone
|
||||
mountPath: /etc/keystone
|
||||
- name: keystoneconf
|
||||
mountPath: /etc/keystone/keystone.conf
|
||||
subPath: keystone.conf
|
||||
readOnly: true
|
||||
- name: keystone-bin
|
||||
mountPath: /tmp/db-sync.sh
|
||||
subPath: db-sync.sh
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: pod-etc-keystone
|
||||
emptyDir: {}
|
||||
- name: keystoneconf
|
||||
configMap:
|
||||
name: keystone-etc
|
||||
|
||||
@ -1,52 +0,0 @@
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: keystone-init
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{
|
||||
"name": "init",
|
||||
"image": "{{ .Values.images.entrypoint }}",
|
||||
"imagePullPolicy": "{{ .Values.images.pull_policy }}",
|
||||
"env": [
|
||||
{
|
||||
"name": "NAMESPACE",
|
||||
"value": "{{ .Release.Namespace }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_SERVICE",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.init.service }}"
|
||||
},
|
||||
{
|
||||
"name": "DEPENDENCY_JOBS",
|
||||
"value": "{{ include "joinListWithColon" .Values.dependencies.init.jobs }}"
|
||||
},
|
||||
{
|
||||
"name": "COMMAND",
|
||||
"value": "echo done"
|
||||
}
|
||||
]
|
||||
}
|
||||
]'
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
containers:
|
||||
- name: keystone-init
|
||||
image: {{ .Values.images.init }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
command:
|
||||
- bash
|
||||
- /tmp/init.sh
|
||||
volumeMounts:
|
||||
- name: keystone-bin
|
||||
mountPath: /tmp/init.sh
|
||||
subPath: init.sh
|
||||
volumes:
|
||||
- name: keystone-bin
|
||||
configMap:
|
||||
name: keystone-bin
|
||||
@ -10,10 +10,10 @@ labels:
|
||||
node_selector_value: enabled
|
||||
|
||||
images:
|
||||
db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
|
||||
db_sync: quay.io/stackanetes/stackanetes-keystone-api:newton
|
||||
api: quay.io/stackanetes/stackanetes-keystone-api:newton
|
||||
init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
|
||||
entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0
|
||||
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0
|
||||
pull_policy: "IfNotPresent"
|
||||
|
||||
upgrades:
|
||||
@ -31,6 +31,12 @@ keystone:
|
||||
admin_password: password
|
||||
admin_project_name: admin
|
||||
|
||||
api:
|
||||
default:
|
||||
debug: false
|
||||
token:
|
||||
provider: uuid
|
||||
|
||||
network:
|
||||
port:
|
||||
admin: 35357
|
||||
@ -52,9 +58,6 @@ database:
|
||||
keystone_password: password
|
||||
keystone_user: keystone
|
||||
|
||||
misc:
|
||||
debug: false
|
||||
|
||||
dependencies:
|
||||
api:
|
||||
jobs:
|
||||
@ -64,7 +67,7 @@ dependencies:
|
||||
- mariadb
|
||||
db_sync:
|
||||
jobs:
|
||||
- keystone-init
|
||||
- keystone-db-init
|
||||
- mariadb-seed
|
||||
service:
|
||||
- mariadb
|
||||
@ -74,6 +77,31 @@ dependencies:
|
||||
service:
|
||||
- mariadb
|
||||
|
||||
resources:
|
||||
enabled: false
|
||||
api:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
jobs:
|
||||
db_sync:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
init:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
|
||||
# typically overriden by environmental
|
||||
# values, but should include all endpoints
|
||||
# required by this chart
|
||||
@ -87,4 +115,3 @@ endpoints:
|
||||
port:
|
||||
admin: 35357
|
||||
public: 5000
|
||||
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
{{- define "joinListWithColon" -}}
|
||||
{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }}
|
||||
{{- end -}}
|
||||
@ -35,30 +35,6 @@ configure_maas_default_url() {
|
||||
maas-region local_config_set --maas-url "http://${ipaddr}/MAAS"
|
||||
}
|
||||
|
||||
get_default_route_ip6() {
|
||||
while read Src SrcPref Dest DestPref Gateway Metric RefCnt Use Flags Iface
|
||||
do
|
||||
[ "$SrcPref" = 00 ] && [ "$Iface" != lo ] && break
|
||||
done < /proc/net/ipv6_route
|
||||
if [ -n "$Iface" ]; then
|
||||
LC_ALL=C /sbin/ip -6 addr list dev "$Iface" scope global permanent |
|
||||
sed -n '/ inet6 /s/.*inet6 \([0-9a-fA-F:]*\).*/[\1]/p' | head -1
|
||||
fi
|
||||
}
|
||||
|
||||
get_default_route_ip4() {
|
||||
while read Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
|
||||
do
|
||||
[ "$Mask" = "00000000" ] && break
|
||||
done < /proc/net/route
|
||||
if [ -n "$Iface" ]; then
|
||||
ipaddr=$(LC_ALL=C /sbin/ip -4 addr list dev "$Iface" scope global)
|
||||
ipaddr=${ipaddr#* inet }
|
||||
ipaddr=${ipaddr%%/*}
|
||||
echo $ipaddr
|
||||
fi
|
||||
}
|
||||
|
||||
extract_default_maas_url() {
|
||||
# Extract DEFAULT_MAAS_URL IP/host setting from config file $1.
|
||||
grep "^DEFAULT_MAAS_URL" "$1" | cut -d"/" -f3
|
||||
@ -86,17 +62,8 @@ if [ "$1" = "configure" ] && [ -z "$2" ]; then
|
||||
db_get maas/default-maas-url
|
||||
ipaddr="$RET"
|
||||
if [ -z "$ipaddr" ]; then
|
||||
#ipaddr=$(get_default_route_ip4)
|
||||
ipaddr="maas-region-ui.{{ .Release.Namespace }}"
|
||||
fi
|
||||
if [ -z "$ipaddr" ]; then
|
||||
#ipaddr=$(get_default_route_ip6)
|
||||
ipaddr="maas-region-ui.{{ .Release.Namespace }}"
|
||||
fi
|
||||
# Fallback default is "localhost"
|
||||
if [ -z "$ipaddr" ]; then
|
||||
ipaddr=localhost
|
||||
fi
|
||||
# Set the IP address of the interface with default route
|
||||
configure_maas_default_url "$ipaddr"
|
||||
db_subst maas/installation-note MAAS_URL "$ipaddr"
|
||||
@ -5,3 +5,5 @@ metadata:
|
||||
data:
|
||||
start.sh: |
|
||||
{{ tuple "bin/_start.sh.tpl" . | include "template" | indent 4 }}
|
||||
maas-region-controller.postinst: |
|
||||
{{ tuple "bin/_maas-region-controller.postinst.tpl" . | include "template" | indent 4 }}
|
||||
|
||||
@ -5,3 +5,5 @@ metadata:
|
||||
data:
|
||||
named.conf.options: |+
|
||||
{{ tuple "etc/_region-dns-config.tpl" . | include "template" | indent 4 }}
|
||||
secret: |
|
||||
{{ tuple "etc/_secret.tpl" . | include "template" | indent 4 }}
|
||||
|
||||
@ -1,10 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: maas-region-var
|
||||
data:
|
||||
maas-region-controller.postinst: |
|
||||
{{ tuple "var/_maas-region-controller.postinst.tpl" . | include "template" | indent 4 }}
|
||||
secret: |
|
||||
{{ tuple "var/_secret.tpl" . | include "template" | indent 4 }}
|
||||
|
||||
@ -14,6 +14,15 @@ spec:
|
||||
containers:
|
||||
- name: maas-rack
|
||||
image: {{ .Values.images.maas_rack }}
|
||||
imagePullPolicy: Always
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
limits:
|
||||
cpu: {{ .Values.resources.maas_rack_controller.limits.cpu | quote }}
|
||||
memory: {{ .Values.resources.maas_rack_controller.limits.memory | quote }}
|
||||
requests:
|
||||
cpu: {{ .Values.resources.maas_rack_controller.requests.cpu | quote }}
|
||||
memory: {{ .Values.resources.maas_rack_controller.requests.memory | quote }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
privileged: true
|
||||
|
||||
@ -14,12 +14,7 @@ spec:
|
||||
"name": "init",
|
||||
"image": "{{ .Values.images.maas_region }}",
|
||||
"imagePullPolicy": "Always",
|
||||
"command": [
|
||||
"/bin/bash", "-c"
|
||||
],
|
||||
"args": [
|
||||
"chmod +x /tmp/start.sh; /tmp/start.sh"
|
||||
],
|
||||
"command": ["bash", "/tmp/start.sh"],
|
||||
"volumeMounts": [
|
||||
{
|
||||
"name": "maas-config",
|
||||
@ -56,9 +51,21 @@ spec:
|
||||
containers:
|
||||
- name: maas-region
|
||||
image: {{ .Values.images.maas_region }}
|
||||
imagePullPolicy: Always
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
limits:
|
||||
cpu: {{ .Values.resources.maas_region.limits.cpu | quote }}
|
||||
memory: {{ .Values.resources.maas_region.limits.memory | quote }}
|
||||
requests:
|
||||
cpu: {{ .Values.resources.maas_region.requests.cpu | quote }}
|
||||
memory: {{ .Values.resources.maas_region.requests.memory | quote}}
|
||||
{{- end }}
|
||||
ports:
|
||||
- containerPort: {{ .Values.network.port.region_container }}
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: {{ .Values.network.port.region_container }}
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
@ -91,7 +98,7 @@ spec:
|
||||
emptyDir: {}
|
||||
- name: maas-region-secret
|
||||
configMap:
|
||||
name: maas-region-var
|
||||
name: maas-region-etc
|
||||
- name: maas-config
|
||||
emptyDir: {}
|
||||
- name: maas-dns-config
|
||||
@ -102,4 +109,4 @@ spec:
|
||||
name: maas-region-bin
|
||||
- name: maasregionpostinst
|
||||
configMap:
|
||||
name: maas-region-var
|
||||
name: maas-region-bin
|
||||
|
||||
@ -5,7 +5,6 @@ metadata:
|
||||
labels:
|
||||
app: maas-region-ui
|
||||
spec:
|
||||
type: NodePort
|
||||
ports:
|
||||
- port: {{ .Values.network.port.service_gui }}
|
||||
targetPort: {{ .Values.network.port.service_gui_target }}
|
||||
|
||||
@ -4,7 +4,8 @@
|
||||
|
||||
images:
|
||||
maas_region: quay.io/attcomdev/maas-region:2.1.2-1
|
||||
maas_rack: quay.io/attcomdev/maas-rack:2.1.2
|
||||
maas_rack: quay.io/attcomdev/maas-rack:2.1.2-1
|
||||
pull_policy: Always
|
||||
|
||||
labels:
|
||||
node_selector_key: openstack-control-plane
|
||||
@ -18,4 +19,21 @@ network:
|
||||
service_proxy: 8000
|
||||
service_proxy_target: 8000
|
||||
|
||||
service_name: maas-region-ui
|
||||
service_name: maas-region-ui
|
||||
|
||||
resources:
|
||||
enabled: false
|
||||
maas_rack_controller:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
maas_region:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
|
||||
@ -43,6 +43,15 @@ spec:
|
||||
- name: {{ .Values.service_name }}
|
||||
image: {{ .Values.images.mariadb }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
limits:
|
||||
cpu: {{ .Values.resources.api.limits.cpu | quote }}
|
||||
memory: {{ .Values.resources.api.limits.memory | quote }}
|
||||
requests:
|
||||
cpu: {{ .Values.resources.api.requests.cpu | quote }}
|
||||
memory: {{ .Values.resources.api.requests.memory | quote }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: INTERFACE_NAME
|
||||
value: "eth0"
|
||||
|
||||
@ -16,6 +16,15 @@ spec:
|
||||
- name: mariadb-init
|
||||
image: {{ .Values.images.mariadb }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
limits:
|
||||
cpu: {{ .Values.resources.job.seed.limits.cpu | quote }}
|
||||
memory: {{ .Values.resources.job.seed.limits.memory | quote }}
|
||||
requests:
|
||||
cpu: {{ .Values.resources.job.seed.requests.cpu | quote }}
|
||||
memory: {{ .Values.resources.job.seed.requests.memory | quote }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: INTERFACE_NAME
|
||||
value: "eth0"
|
||||
|
||||
@ -21,6 +21,24 @@ development:
|
||||
enabled: false
|
||||
storage_path: /data/openstack-helm/mariadb
|
||||
|
||||
resources:
|
||||
enabled: false
|
||||
api:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
job:
|
||||
seed:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
|
||||
# this drives the service name, and statefulset name
|
||||
service_name: mariadb
|
||||
|
||||
|
||||
@ -23,6 +23,15 @@ spec:
|
||||
- name: memcached
|
||||
image: {{ .Values.images.memcached }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
limits:
|
||||
cpu: {{ .Values.resources.api.limits.cpu | quote }}
|
||||
memory: {{ .Values.resources.api.limits.memory | quote }}
|
||||
requests:
|
||||
cpu: {{ .Values.resources.api.requests.cpu | quote }}
|
||||
memory: {{ .Values.resources.api.requests.memory | quote }}
|
||||
{{- end }}
|
||||
command: ["sh", "-xec"]
|
||||
args:
|
||||
- |
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
# name: value
|
||||
|
||||
images:
|
||||
memcached: quay.io/stackanetes/stackanetes-memcached:newton
|
||||
memcached: docker.io/memcached:1.4
|
||||
pull_policy: "IfNotPresent"
|
||||
|
||||
upgrades:
|
||||
@ -26,5 +26,13 @@ memcached:
|
||||
max_connections: 8192
|
||||
|
||||
resources:
|
||||
enabled: false
|
||||
memcached:
|
||||
replicas: 1
|
||||
api:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.dhcp }}
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
@ -9,7 +11,10 @@ spec:
|
||||
app: neutron-dhcp-agent
|
||||
annotations:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
nodeSelector:
|
||||
{{ .Values.labels.agent.dhcp.node_selector_key }}: {{ .Values.labels.agent.dhcp.node_selector_value }}
|
||||
@ -21,27 +26,23 @@ spec:
|
||||
- name: neutron-dhcp-agent
|
||||
image: {{ .Values.images.dhcp }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
limits:
|
||||
cpu: {{ .Values.resources.agent.dhcp.limits.cpu | quote }}
|
||||
memory: {{ .Values.resources.agent.dhcp.limits.memory | quote }}
|
||||
requests:
|
||||
cpu: {{ .Values.resources.agent.dhcp.requests.cpu | quote }}
|
||||
memory: {{ .Values.resources.agent.dhcp.requests.memory | quote }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
privileged: true
|
||||
env:
|
||||
- name: INTERFACE_NAME
|
||||
value: {{ .Values.network.interface.dhcp | default .Values.network.interface.default }}
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: COMMAND
|
||||
value: "neutron-dhcp-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp-agent.ini"
|
||||
- name: DEPENDENCY_JOBS
|
||||
value: "{{ include "joinListWithColon" .Values.dependencies.dhcp.jobs }}"
|
||||
- name: DEPENDENCY_SERVICE
|
||||
value: "{{ include "joinListWithColon" .Values.dependencies.dhcp.service }}"
|
||||
- name: DEPENDENCY_DAEMONSET
|
||||
value: "{{ include "joinListWithColon" .Values.dependencies.dhcp.daemonset }}"
|
||||
command:
|
||||
- neutron-dhcp-agent
|
||||
- --config-file
|
||||
- /etc/neutron/neutron.conf
|
||||
- --config-file
|
||||
- /etc/neutron/dhcp-agent.ini
|
||||
volumeMounts:
|
||||
- name: neutronconf
|
||||
mountPath: /etc/neutron/neutron.conf
|
||||
@ -61,7 +62,7 @@ spec:
|
||||
mountPath: /var/lib/neutron/openstack-helm
|
||||
- name: resolvconf
|
||||
mountPath: /etc/resolv.conf
|
||||
subPath: resolv.conf
|
||||
subPath: resolv.conf
|
||||
volumes:
|
||||
- name: neutronconf
|
||||
configMap:
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.l3 }}
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
@ -9,7 +11,10 @@ spec:
|
||||
app: neutron-l3-agent
|
||||
annotations:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
nodeSelector:
|
||||
{{ .Values.labels.agent.l3.node_selector_key }}: {{ .Values.labels.agent.l3.node_selector_value }}
|
||||
@ -21,27 +26,25 @@ spec:
|
||||
- name: neutron-l3-agent
|
||||
image: {{ .Values.images.l3 }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
limits:
|
||||
cpu: {{ .Values.resources.agent.l3.limits.cpu | quote }}
|
||||
memory: {{ .Values.resources.agent.l3.limits.memory | quote }}
|
||||
requests:
|
||||
cpu: {{ .Values.resources.agent.l3.requests.cpu | quote }}
|
||||
memory: {{ .Values.resources.agent.l3.requests.memory | quote }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
privileged: true
|
||||
env:
|
||||
- name: INTERFACE_NAME
|
||||
value: {{ .Values.network.interface.l3 | default .Values.network.interface.default }}
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: COMMAND
|
||||
value: "neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3-agent.ini --config-file /etc/neutron/plugins/ml2/ml2-conf.ini"
|
||||
- name: DEPENDENCY_JOBS
|
||||
value: "{{ include "joinListWithColon" .Values.dependencies.l3.jobs }}"
|
||||
- name: DEPENDENCY_SERVICE
|
||||
value: "{{ include "joinListWithColon" .Values.dependencies.l3.service }}"
|
||||
- name: DEPENDENCY_DAEMONSET
|
||||
value: "{{ include "joinListWithColon" .Values.dependencies.l3.daemonset }}"
|
||||
command:
|
||||
- neutron-l3-agent
|
||||
- --config-file
|
||||
- /etc/neutron/neutron.conf
|
||||
- --config-file
|
||||
- /etc/neutron/l3-agent.ini
|
||||
- --config-file
|
||||
- /etc/neutron/plugins/ml2/ml2-conf.ini
|
||||
volumeMounts:
|
||||
- name: neutronconf
|
||||
mountPath: /etc/neutron/neutron.conf
|
||||
@ -54,7 +57,7 @@ spec:
|
||||
subPath: l3-agent.ini
|
||||
- name: resolvconf
|
||||
mountPath: /etc/resolv.conf
|
||||
subPath: resolv.conf
|
||||
subPath: resolv.conf
|
||||
- name: runopenvswitch
|
||||
mountPath: /run/openvswitch
|
||||
- name: socket
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.metadata }}
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
@ -9,7 +11,10 @@ spec:
|
||||
app: neutron-metadata-agent
|
||||
annotations:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
|
||||
pod.beta.kubernetes.io/init-containers: '[
|
||||
{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
|
||||
]'
|
||||
spec:
|
||||
nodeSelector:
|
||||
{{ .Values.labels.agent.metadata.node_selector_key }}: {{ .Values.labels.agent.metadata.node_selector_value }}
|
||||
@ -21,29 +26,25 @@ spec:
|
||||
- name: neutron-metadata-agent
|
||||
image: {{ .Values.images.metadata }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{- if .Values.resources.enabled }}
|
||||
resources:
|
||||
limits:
|
||||
cpu: {{ .Values.resources.agent.metadata.limits.cpu | quote }}
|
||||
memory: {{ .Values.resources.agent.metadata.limits.memory | quote }}
|
||||
requests:
|
||||
cpu: {{ .Values.resources.agent.metadata.requests.cpu | quote }}
|
||||
memory: {{ .Values.resources.agent.metadata.requests.memory | quote }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
privileged: true
|
||||
env:
|
||||
- name: INTERFACE_NAME
|
||||
value: {{ .Values.network.interface.metadata | default .Values.network.interface.default }}
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: COMMAND
|
||||
value: "neutron-metadata-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata-agent.ini"
|
||||
- name: DEPENDENCY_JOBS
|
||||
value: "{{ include "joinListWithColon" .Values.dependencies.metadata.jobs }}"
|
||||
- name: DEPENDENCY_SERVICE
|
||||
value: "{{ include "joinListWithColon" .Values.dependencies.metadata.service }}"
|
||||
- name: DEPENDENCY_DAEMONSET
|
||||
value: "{{ include "joinListWithColon" .Values.dependencies.metadata.daemonset }}"
|
||||
command:
|
||||
- neutron-metadata-agent
|
||||
- --config-file
|
||||
- /etc/neutron/neutron.conf
|
||||
- --config-file
|
||||
- /etc/neutron/metadata-agent.ini
|
||||
ports:
|
||||
- containerPort: {{ .Values.network.port.metadata }}
|
||||
- containerPort: {{ .Values.network.port.metadata }}
|
||||
volumeMounts:
|
||||
- name: neutronconf
|
||||
mountPath: /etc/neutron/neutron.conf
|
||||
@ -56,7 +57,7 @@ spec:
|
||||
subPath: metadata-agent.ini
|
||||
- name: resolvconf
|
||||
mountPath: /etc/resolv.conf
|
||||
subPath: resolv.conf
|
||||
subPath: resolv.conf
|
||||
- name: runopenvswitch
|
||||
mountPath: /run/openvswitch
|
||||
- name: socket
|
||||
@ -73,10 +74,10 @@ spec:
|
||||
name: neutron-etc
|
||||
- name: resolvconf
|
||||
configMap:
|
||||
name: neutron-etc
|
||||
name: neutron-etc
|
||||
- name: runopenvswitch
|
||||
hostPath:
|
||||
path: /run/openvswitch
|
||||
- name: socket
|
||||
hostPath:
|
||||
path: /var/lib/neutron/openstack-helm
|
||||
path: /var/lib/neutron/openstack-helm
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user