Critical fixes required for 0.1.0 tagging

* Add imagePullPolicy to ceph with default

* Add imagePullPolicy to mariadb with default

* Add missing imagePullPolicies to nova with defaults

* Remove malfunctioning daemonset dependency from nova

* Add missing neutron endpoint definition to nova values

* Force v4 networking in ceph.  Repeated bootstrapping
  is unreliable without this.

* Update cinder dependencies based on testing

* Optonal Horizon NodePort

* Revert iptables stub for nova-api-osapi because
  we lack permississions to overwrite /sbin/iptables. We
  will continue to run in a privileged security context
  until we have a working solution.
This commit is contained in:
Alan Meadows 2017-01-12 14:51:36 -08:00
parent 0bb12fb2ad
commit db0db427ee
23 changed files with 70 additions and 61 deletions

View File

@ -40,7 +40,7 @@ spec:
containers: containers:
- name: osd-pod - name: osd-pod
image: {{ .Values.images.daemon }} image: {{ .Values.images.daemon }}
imagePullPolicy: Always imagePullPolicy: {{ .Values.images.pull_policy }}
volumeMounts: volumeMounts:
- name: devices - name: devices
mountPath: /dev mountPath: /dev

View File

@ -34,6 +34,7 @@ spec:
containers: containers:
- name: ceph-mon - name: ceph-mon
image: {{ .Values.images.daemon }} image: {{ .Values.images.daemon }}
imagePullPolicy: {{ .Values.images.pull_policy }}
ports: ports:
- containerPort: 6800 - containerPort: 6800
env: env:

View File

@ -34,7 +34,7 @@ spec:
containers: containers:
- name: ceph-mon - name: ceph-mon
image: {{ .Values.images.daemon }} image: {{ .Values.images.daemon }}
imagePullPolicy: Always imagePullPolicy: {{ .Values.images.pull_policy }}
ports: ports:
- containerPort: 6789 - containerPort: 6789
env: env:
@ -42,8 +42,8 @@ spec:
value: MON_HEALTH value: MON_HEALTH
- name: KV_TYPE - name: KV_TYPE
value: k8s value: k8s
- name: MON_IP_AUTO_DETECT - name: NETWORK_AUTO_DETECT
value: "1" value: "4"
- name: CLUSTER - name: CLUSTER
value: ceph value: ceph
volumeMounts: volumeMounts:

View File

@ -36,6 +36,7 @@ spec:
containers: containers:
- name: ceph-rgw - name: ceph-rgw
image: {{ .Values.images.daemon }} image: {{ .Values.images.daemon }}
imagePullPolicy: {{ .Values.images.pull_policy }}
ports: ports:
- containerPort: {{ .Values.network.port.rgw_target }} - containerPort: {{ .Values.network.port.rgw_target }}
env: env:

View File

@ -58,7 +58,7 @@ spec:
containers: containers:
- name: ceph-mon - name: ceph-mon
image: {{ .Values.images.daemon }} image: {{ .Values.images.daemon }}
imagePullPolicy: Always imagePullPolicy: {{ .Values.images.pull_policy }}
lifecycle: lifecycle:
preStop: preStop:
exec: exec:
@ -73,7 +73,7 @@ spec:
- name: KV_TYPE - name: KV_TYPE
value: k8s value: k8s
- name: NETWORK_AUTO_DETECT - name: NETWORK_AUTO_DETECT
value: "1" value: "4"
- name: CLUSTER - name: CLUSTER
value: ceph value: ceph
volumeMounts: volumeMounts:

View File

@ -18,6 +18,7 @@ service:
images: images:
daemon: quay.io/attcomdev/ceph-daemon:latest daemon: quay.io/attcomdev/ceph-daemon:latest
pull_policy: IfNotPresent
labels: labels:
node_selector_key: ceph-storage node_selector_key: ceph-storage

View File

@ -33,6 +33,10 @@ spec:
"name": "DEPENDENCY_SERVICE", "name": "DEPENDENCY_SERVICE",
"value": "{{ include "joinListWithColon" .Values.dependencies.volume.service }}" "value": "{{ include "joinListWithColon" .Values.dependencies.volume.service }}"
}, },
{
"name": "DEPENDENCY_JOBS",
"value": "{{ include "joinListWithColon" .Values.dependencies.volume.jobs }}"
},
{ {
"name": "COMMAND", "name": "COMMAND",
"value": "echo done" "value": "echo done"

View File

@ -14,11 +14,11 @@ labels:
images: images:
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0
db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton
ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_user: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_service: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton ks_endpoints: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
db_sync: quay.io/stackanetes/stackanetes-cinder-api:newton
api: quay.io/stackanetes/stackanetes-cinder-api:newton api: quay.io/stackanetes/stackanetes-cinder-api:newton
scheduler: quay.io/stackanetes/stackanetes-cinder-scheduler:newton scheduler: quay.io/stackanetes/stackanetes-cinder-scheduler:newton
volume: quay.io/stackanetes/stackanetes-cinder-volume:newton volume: quay.io/stackanetes/stackanetes-cinder-volume:newton
@ -130,10 +130,18 @@ dependencies:
- mariadb - mariadb
- keystone-api - keystone-api
volume: volume:
jobs:
- cinder-db-sync
- cinder-ks-user
- cinder-ks-endpoints
service: service:
- keystone-api - keystone-api
- cinder-api - cinder-api
scheduler: scheduler:
jobs:
- cinder-db-sync
- cinder-ks-user
- cinder-ks-endpoints
service: service:
- keystone-api - keystone-api
- cinder-api - cinder-api

View File

@ -4,6 +4,18 @@ metadata:
name: horizon name: horizon
spec: spec:
ports: ports:
{{ if .Values.network.enable_node_port }}
- nodePort: {{ .Values.network.node_port }}
port: {{ .Values.network.port }}
protocol: TCP
targetPort: {{ .Values.network.port }}
{{ else }}
- port: {{ .Values.network.port }} - port: {{ .Values.network.port }}
protocol: TCP
targetPort: {{ .Values.network.port }}
{{ end }}
selector: selector:
app: horizon app: horizon
{{ if .Values.network.enable_node_port }}
type: NodePort
{{ end }}

View File

@ -23,6 +23,8 @@ labels:
network: network:
port: 80 port: 80
node_port: 30000
enable_node_port: false
local_settings: local_settings:
horizon_secret_key: 9aee62c0-5253-4a86-b189-e0fb71fa503c horizon_secret_key: 9aee62c0-5253-4a86-b189-e0fb71fa503c

View File

@ -42,7 +42,7 @@ spec:
containers: containers:
- name: {{ .Values.service_name }} - name: {{ .Values.service_name }}
image: {{ .Values.images.mariadb }} image: {{ .Values.images.mariadb }}
imagePullPolicy: Always imagePullPolicy: {{ .Values.images.pull_policy }}
env: env:
- name: INTERFACE_NAME - name: INTERFACE_NAME
value: "eth0" value: "eth0"

View File

@ -15,7 +15,7 @@ spec:
containers: containers:
- name: mariadb-init - name: mariadb-init
image: {{ .Values.images.mariadb }} image: {{ .Values.images.mariadb }}
imagePullPolicy: Always imagePullPolicy: {{ .Values.images.pull_policy }}
env: env:
- name: INTERFACE_NAME - name: INTERFACE_NAME
value: "eth0" value: "eth0"

View File

@ -26,6 +26,7 @@ service_name: mariadb
images: images:
mariadb: quay.io/stackanetes/stackanetes-mariadb:newton mariadb: quay.io/stackanetes/stackanetes-mariadb:newton
pull_policy: IfNotPresent
volume: volume:
class_path: volume.beta.kubernetes.io/storage-class class_path: volume.beta.kubernetes.io/storage-class

View File

@ -1,23 +0,0 @@
#!/bin/bash
set -ex
#
# start nova-api-osapi service
#
# this helper script ensures our osapi service does not try to call iptables which requires privileged or NET_ADMIN privileges
# by stubbing in a fake iptables scripts
echo <<EOF>/tmp/iptables
#!/bin/sh
# nova-api-metadata trys to run some iptables commands
# This enables the api-only container to run without NET_ADMIN privileges
true
EOF
# make it executable and copy it over whatever iptables may be underneath in this image
chmod +x /tmp/iptables
cp -p /tmp/iptables /sbin/iptables
cp -p /tmp/iptables /sbin/iptables-restore
cp -p /tmp/iptables /sbin/iptables-save
exec nova-api --config-file /etc/nova/nova.conf

View File

@ -7,8 +7,6 @@ data:
{{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }} {{ tuple "bin/_db-sync.sh.tpl" . | include "template" | indent 4 }}
init.sh: | init.sh: |
{{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }} {{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }}
start-osapi.sh: |
{{ tuple "bin/_start-osapi.sh.tpl" . | include "template" | indent 4 }}
post.sh: | post.sh: |
{{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }} {{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }}
libvirt.sh: | libvirt.sh: |

View File

@ -32,10 +32,6 @@ spec:
"name": "DEPENDENCY_JOBS", "name": "DEPENDENCY_JOBS",
"value": "{{ include "joinListWithColon" .Values.dependencies.compute.jobs }}" "value": "{{ include "joinListWithColon" .Values.dependencies.compute.jobs }}"
}, },
{
"name": "DEPENDENCY_DAEMONSET",
"value": "{{ include "joinListWithColon" .Values.dependencies.compute.daemonset }}"
},
{ {
"name": "COMMAND", "name": "COMMAND",
"value": "echo done" "value": "echo done"
@ -54,7 +50,7 @@ spec:
containers: containers:
- name: nova-compute - name: nova-compute
image: {{ .Values.image.compute }} image: {{ .Values.image.compute }}
imagePullPolicy: Always imagePullPolicy: {{ .Values.image.pull_policy }}
securityContext: securityContext:
privileged: true privileged: true
command: command:

View File

@ -49,7 +49,7 @@ spec:
containers: containers:
- name: nova-libvirt - name: nova-libvirt
image: {{ .Values.image.libvirt }} image: {{ .Values.image.libvirt }}
imagePullPolicy: Always imagePullPolicy: {{ .Values.image.pull_policy }}
securityContext: securityContext:
privileged: true privileged: true
command: command:

View File

@ -1,7 +1,7 @@
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Deployment kind: Deployment
metadata: metadata:
name: nova-api name: nova-api-metadata
spec: spec:
replicas: {{ .Values.control_replicas }} replicas: {{ .Values.control_replicas }}
revisionHistoryLimit: {{ .Values.upgrades.revision_history }} revisionHistoryLimit: {{ .Values.upgrades.revision_history }}
@ -15,7 +15,7 @@ spec:
template: template:
metadata: metadata:
labels: labels:
app: nova-api app: nova-api-metadata
annotations: annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }} configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
@ -52,20 +52,22 @@ spec:
nodeSelector: nodeSelector:
{{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }}
containers: containers:
- name: nova-api - name: nova-api-metadata
image: {{ .Values.image.api }} image: {{ .Values.image.api }}
imagePullPolicy: {{ .Values.image.pull_policy }}
# https://bugs.launchpad.net/kolla-mesos/+bug/1546007 # https://bugs.launchpad.net/kolla-mesos/+bug/1546007
securityContext: securityContext:
capabilities: capabilities:
add: add:
- NET_ADMIN - NET_ADMIN
command: command:
- nova-api-metadata --config-file=/etc/nova/nova.conf - nova-api-metadata
- --config-file=/etc/nova/nova.conf
ports: ports:
- containerPort: {{ .Values.network.port.metadata }} - containerPort: {{ .Values.network.port.metadata }}
readinessProbe: readinessProbe:
tcpSocket: tcpSocket:
port: {{ .Values.network.port.osapi }} port: {{ .Values.network.port.metadata }}
volumeMounts: volumeMounts:
- name: novaconf - name: novaconf
mountPath: /etc/nova/nova.conf mountPath: /etc/nova/nova.conf

View File

@ -1,7 +1,7 @@
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Deployment kind: Deployment
metadata: metadata:
name: nova-osapi name: nova-api-osapi
spec: spec:
replicas: {{ .Values.control_replicas }} replicas: {{ .Values.control_replicas }}
revisionHistoryLimit: {{ .Values.upgrades.revision_history }} revisionHistoryLimit: {{ .Values.upgrades.revision_history }}
@ -52,11 +52,16 @@ spec:
nodeSelector: nodeSelector:
{{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }} {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }}
containers: containers:
- name: nova-osapi - name: nova-api-osapi
image: {{ .Values.image.api }} image: {{ .Values.image.api }}
imagePullPolicy: {{ .Values.image.pull_policy }}
securityContext:
capabilities:
add:
- NET_ADMIN
command: command:
- bash - nova-api
- /tmp/start-osapi.sh - --config-file=/etc/nova/nova.conf
ports: ports:
- containerPort: {{ .Values.network.port.osapi }} - containerPort: {{ .Values.network.port.osapi }}
readinessProbe: readinessProbe:
@ -66,10 +71,6 @@ spec:
- name: novaconf - name: novaconf
mountPath: /etc/nova/nova.conf mountPath: /etc/nova/nova.conf
subPath: nova.conf subPath: nova.conf
volumeMounts:
- name: startsh
mountPath: /tmp/start-osapi.sh
subPath: start-osapi.sh
volumes: volumes:
- name: novaconf - name: novaconf
configMap: configMap:
@ -77,9 +78,3 @@ spec:
items: items:
- key: nova.conf - key: nova.conf
path: nova.conf path: nova.conf
- name: startsh
configMap:
name: nova-bin
items:
- key: start-osapi.sh
path: start-osapi.sh

View File

@ -54,6 +54,7 @@ spec:
containers: containers:
- name: nova-conductor - name: nova-conductor
image: {{ .Values.image.conductor }} image: {{ .Values.image.conductor }}
imagePullPolicy: {{ .Values.image.pull_policy }}
command: command:
- nova-conductor - nova-conductor
- --config-file - --config-file

View File

@ -54,6 +54,7 @@ spec:
containers: containers:
- name: nova-consoleauth - name: nova-consoleauth
image: {{ .Values.image.consoleauth }} image: {{ .Values.image.consoleauth }}
imagePullPolicy: {{ .Values.image.pull_policy }}
command: command:
- nova-consoleauth - nova-consoleauth
- --config-file - --config-file

View File

@ -54,6 +54,7 @@ spec:
containers: containers:
- name: nova-scheduler - name: nova-scheduler
image: {{ .Values.image.scheduler }} image: {{ .Values.image.scheduler }}
imagePullPolicy: {{ .Values.image.pull_policy }}
command: command:
- nova-scheduler - nova-scheduler
- --config-file - --config-file

View File

@ -209,3 +209,11 @@ endpoints:
port: port:
admin: 35357 admin: 35357
public: 5000 public: 5000
neutron:
hosts:
default: neutron-server
path: null
type: network
scheme: 'http'
port:
api: 9696