diff --git a/designate/Chart.yaml b/designate/Chart.yaml new file mode 100644 index 0000000000..feb81dbc60 --- /dev/null +++ b/designate/Chart.yaml @@ -0,0 +1,25 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: OpenStack-Helm Designate +name: designate +version: 0.1.0 +home: https://docs.openstack.org/designate/latest/ +icon: https://www.openstack.org/themes/openstack/images/project-mascots/Designate/OpenStack_Project_Designate_vertical.jpg +sources: + - https://opendev.org/openstack/designate + - https://opendev.org/openstack/openstack-helm +maintainers: + - name: OpenStack-Helm Authors diff --git a/designate/requirements.yaml b/designate/requirements.yaml new file mode 100644 index 0000000000..e69c985d8c --- /dev/null +++ b/designate/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/designate/templates/bin/_bootstrap.sh.tpl b/designate/templates/bin/_bootstrap.sh.tpl new file mode 100644 index 0000000000..64008a0ee4 --- /dev/null +++ b/designate/templates/bin/_bootstrap.sh.tpl @@ -0,0 +1,18 @@ +#!/bin/bash + +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex +{{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} diff --git a/designate/templates/bin/_db-sync.sh.tpl b/designate/templates/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..596fa791a3 --- /dev/null +++ b/designate/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,20 @@ +#!/bin/bash + +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +designate-manage database sync + diff --git a/designate/templates/bin/_designate-api.sh.tpl b/designate/templates/bin/_designate-api.sh.tpl new file mode 100644 index 0000000000..34aafce384 --- /dev/null +++ b/designate/templates/bin/_designate-api.sh.tpl @@ -0,0 +1,29 @@ +#!/bin/bash + +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex +COMMAND="${@:-start}" + +function start () { + exec designate-api \ + --config-file /etc/designate/designate.conf +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/designate/templates/bin/_designate-central.sh.tpl b/designate/templates/bin/_designate-central.sh.tpl new file mode 100644 index 0000000000..1271fe330a --- /dev/null +++ b/designate/templates/bin/_designate-central.sh.tpl @@ -0,0 +1,29 @@ +#!/bin/bash + +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex +COMMAND="${@:-start}" + +function start () { + exec designate-central \ + --config-file /etc/designate/designate.conf +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/designate/templates/bin/_designate-mdns.sh.tpl b/designate/templates/bin/_designate-mdns.sh.tpl new file mode 100644 index 0000000000..d6e586ea62 --- /dev/null +++ b/designate/templates/bin/_designate-mdns.sh.tpl @@ -0,0 +1,28 @@ +#!/bin/bash + +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +set -ex +COMMAND="${@:-start}" + +function start () { + designate-mdns \ + --config-file /etc/designate/designate.conf +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/designate/templates/bin/_designate-producer.sh.tpl b/designate/templates/bin/_designate-producer.sh.tpl new file mode 100644 index 0000000000..654939827b --- /dev/null +++ b/designate/templates/bin/_designate-producer.sh.tpl @@ -0,0 +1,27 @@ +#!/bin/bash + +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +set -ex +COMMAND="${@:-start}" + +function start () { + designate-producer --config-file /etc/designate/designate.conf +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/designate/templates/bin/_designate-sink.sh.tpl b/designate/templates/bin/_designate-sink.sh.tpl new file mode 100644 index 0000000000..66968361a7 --- /dev/null +++ b/designate/templates/bin/_designate-sink.sh.tpl @@ -0,0 +1,27 @@ +#!/bin/bash + +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex +COMMAND="${@:-start}" + exec designate-sink \ + --config-file /etc/designate/designate.conf +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/designate/templates/bin/_designate-worker.sh.tpl b/designate/templates/bin/_designate-worker.sh.tpl new file mode 100644 index 0000000000..e4a61bd77f --- /dev/null +++ b/designate/templates/bin/_designate-worker.sh.tpl @@ -0,0 +1,28 @@ +#!/bin/bash + +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +set -ex +COMMAND="${@:-start}" + +function start () { + designate-worker \ + --config-file /etc/designate/designate.conf +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/designate/templates/configmap-bin.yaml b/designate/templates/configmap-bin.yaml new file mode 100644 index 0000000000..c1bb21dda3 --- /dev/null +++ b/designate/templates/configmap-bin.yaml @@ -0,0 +1,52 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.configmap_bin }} + +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: designate-bin +data: +{{- if .Values.bootstrap.enabled }} + bootstrap.sh: |+ +{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} + ks-service.sh: |+ +{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }} + ks-endpoints.sh: |+ +{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }} + ks-user.sh: |+ +{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} + db-init.py: | +{{- include "helm-toolkit.scripts.db_init" . | indent 4 }} + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + designate-api.sh: | +{{ tuple "bin/_designate-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + designate-central.sh: | +{{ tuple "bin/_designate-central.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + designate-mdns.sh: | +{{ tuple "bin/_designate-mdns.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + designate-worker.sh: | +{{ tuple "bin/_designate-worker.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + designate-producer.sh: | +{{ tuple "bin/_designate-producer.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + designate-sink.sh: | +{{ tuple "bin/_designate-sink.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + rabbit-init.sh: | +{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }} + +{{- end }} diff --git a/designate/templates/configmap-etc.yaml b/designate/templates/configmap-etc.yaml new file mode 100644 index 0000000000..8423f59011 --- /dev/null +++ b/designate/templates/configmap-etc.yaml @@ -0,0 +1,83 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.configmap_etc }} + +{{- $envAll := . }} + +{{- if empty .Values.conf.designate.keystone_authtoken.auth_uri -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.designate.keystone_authtoken "auth_uri" -}} +{{- end -}} + +{{- if empty .Values.conf.designate.keystone_authtoken.auth_url -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.designate.keystone_authtoken "auth_url" -}} +{{- end -}} + +{{- if empty .Values.conf.designate.keystone_authtoken.region_name -}} +{{- $_ := set .Values.conf.designate.keystone_authtoken "region_name" .Values.endpoints.identity.auth.designate.region_name -}} +{{- end -}} + +{{- if empty .Values.conf.designate.keystone_authtoken.project_name -}} +{{- $_ := set .Values.conf.designate.keystone_authtoken "project_name" .Values.endpoints.identity.auth.designate.project_name -}} +{{- end -}} + +{{- if empty .Values.conf.designate.keystone_authtoken.project_domain_name -}} +{{- $_ := set .Values.conf.designate.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.designate.project_domain_name -}} +{{- end -}} + +{{- if empty .Values.conf.designate.keystone_authtoken.user_domain_name -}} +{{- $_ := set .Values.conf.designate.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.designate.user_domain_name -}} +{{- end -}} + +{{- if empty .Values.conf.designate.keystone_authtoken.username -}} +{{- $_ := set .Values.conf.designate.keystone_authtoken "username" .Values.endpoints.identity.auth.designate.username -}} +{{- end -}} + +{{- if empty .Values.conf.designate.keystone_authtoken.password -}} +{{- $_ := set .Values.conf.designate.keystone_authtoken "password" .Values.endpoints.identity.auth.designate.password -}} +{{- end -}} + +{{- if empty .Values.conf.designate.keystone_authtoken.memcached_servers -}} +{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.designate.keystone_authtoken "memcached_servers" -}} +{{- end -}} + +{{- if empty .Values.conf.designate.keystone_authtoken.memcache_secret_key -}} +{{- $_ := set .Values.conf.designate.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}} +{{- end -}} + +{{- if empty (index .Values.conf.designate "storage:sqlalchemy").connection -}} +{{- $_ := tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set (index .Values.conf.designate "storage:sqlalchemy") "connection" -}} +{{- $_ := tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.designate.database "connection" -}} +{{- end -}} + +{{- if empty .Values.conf.designate.DEFAULT.transport_url -}} +{{- $_ := tuple "oslo_messaging" "internal" "designate" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.designate.DEFAULT "transport_url" -}} +{{- end -}} + +{{- if empty (index .Values.conf.designate "service:api").api_base_uri -}} +{{- $_ := tuple "dns" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set (index .Values.conf.designate "service:api") "api_base_uri" -}} +{{- end -}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: designate-etc +type: Opaque +data: + designate.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.designate | b64enc }} + api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} + policy.json: {{ toJson .Values.conf.policy | b64enc }} + logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} +{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.pools "key" "pools.yaml" "format" "Secret" ) | indent 2 }} + +{{- end }} diff --git a/designate/templates/deployment-api.yaml b/designate/templates/deployment-api.yaml new file mode 100644 index 0000000000..e679ab734e --- /dev/null +++ b/designate/templates/deployment-api.yaml @@ -0,0 +1,116 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.deployment_api }} + +{{- $envAll := . }} +{{- $mounts_designate_api := .Values.pod.mounts.designate_api.designate_api }} +{{- $mounts_designate_api_init := .Values.pod.mounts.designate_api.init_container }} + +{{- $serviceAccountName := "designate-api" }} +{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: designate-api + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "designate" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.api }} + selector: + matchLabels: +{{ tuple $envAll "designate" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "designate" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccountName: {{ $serviceAccountName }} +{{ dict "envAll" $envAll "application" "designate" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: +{{ tuple $envAll "designate" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }} + initContainers: +{{ tuple $envAll "api" $mounts_designate_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: designate-api +{{ tuple $envAll "designate_api" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "designate" "container" "designate_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/designate-api.sh + lifecycle: + preStop: + exec: + command: + - /tmp/designate-api.sh + - stop + ports: + - name: dns-api + containerPort: {{ tuple "dns" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + readinessProbe: + tcpSocket: + port: {{ tuple "dns" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + volumeMounts: + - name: designate-bin + mountPath: /tmp/designate-api.sh + subPath: designate-api.sh + readOnly: true + - name: pod-etc-designate + mountPath: /etc/designate + - name: pod-var-cache-designate + mountPath: /var/cache/designate + - name: designate-etc + mountPath: /etc/designate/designate.conf + subPath: designate.conf + readOnly: true + - name: designate-etc + mountPath: /etc/designate/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: designate-etc + mountPath: /etc/designate/policy.json + subPath: policy.json + readOnly: true + {{- if .Values.conf.designate.DEFAULT.log_config_append }} + - name: designate-etc + mountPath: {{ .Values.conf.designate.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.designate.DEFAULT.log_config_append }} + readOnly: true + {{- end }} +{{- if $mounts_designate_api.volumeMounts }}{{ toYaml $mounts_designate_api.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-etc-designate + emptyDir: {} + - name: pod-var-cache-designate + emptyDir: {} + - name: designate-bin + configMap: + name: designate-bin + defaultMode: 0555 + - name: designate-etc + secret: + secretName: designate-etc + defaultMode: 0444 +{{- if $mounts_designate_api.volumes }}{{ toYaml $mounts_designate_api.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/designate/templates/deployment-central.yaml b/designate/templates/deployment-central.yaml new file mode 100644 index 0000000000..02beb19dd6 --- /dev/null +++ b/designate/templates/deployment-central.yaml @@ -0,0 +1,103 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.deployment_central }} + +{{- $envAll := . }} +{{- $mounts_designate_central := .Values.pod.mounts.designate_central.designate_central }} +{{- $mounts_designate_central_init := .Values.pod.mounts.designate_central.init_container }} + +{{- $serviceAccountName := "designate-central" }} +{{ tuple $envAll "central" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: designate-central + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "designate" "central" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.central }} + selector: + matchLabels: +{{ tuple $envAll "designate" "central" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "designate" "central" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "designate" "central" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.central.node_selector_key }}: {{ .Values.labels.central.node_selector_value }} + initContainers: +{{ tuple $envAll "central" $mounts_designate_central_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: designate-central +{{ tuple $envAll "designate_central" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.central | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "designate" "container" "designate_central" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - bash + - /tmp/designate-central.sh + volumeMounts: + - name: designate-bin + mountPath: /tmp/designate-central.sh + subPath: designate-central.sh + readOnly: true + - name: pod-etc-designate + mountPath: /etc/designate + - name: pod-var-cache-designate + mountPath: /var/cache/designate + - name: designate-etc + mountPath: /etc/designate/designate.conf + subPath: designate.conf + readOnly: true + - name: designate-etc + mountPath: /etc/designate/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: designate-etc + mountPath: /etc/designate/policy.json + subPath: policy.json + readOnly: true + {{- if .Values.conf.designate.DEFAULT.log_config_append }} + - name: designate-etc + mountPath: {{ .Values.conf.designate.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.designate.DEFAULT.log_config_append }} + readOnly: true + {{- end }} +{{- if $mounts_designate_central.volumeMounts }}{{ toYaml $mounts_designate_central.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-etc-designate + emptyDir: {} + - name: pod-var-cache-designate + emptyDir: {} + - name: designate-bin + configMap: + name: designate-bin + defaultMode: 0555 + - name: designate-etc + secret: + secretName: designate-etc + defaultMode: 0444 +{{- if $mounts_designate_central.volumes }}{{ toYaml $mounts_designate_central.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/designate/templates/deployment-mdns.yaml b/designate/templates/deployment-mdns.yaml new file mode 100644 index 0000000000..8af5580b31 --- /dev/null +++ b/designate/templates/deployment-mdns.yaml @@ -0,0 +1,114 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.deployment_mdns }} + +{{- $envAll := . }} +{{- $mounts_designate_mdns := .Values.pod.mounts.designate_mdns.designate_mdns }} +{{- $mounts_designate_mdns_init := .Values.pod.mounts.designate_mdns.init_container }} + +{{- $serviceAccountName := "designate-mdns" }} +{{ tuple $envAll "mdns" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: designate-mdns + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "designate" "mdns" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.mdns }} + selector: + matchLabels: +{{ tuple $envAll "designate" "mdns" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "designate" "mdns" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccountName: {{ $serviceAccountName }} +{{ dict "envAll" $envAll "application" "designate" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: +{{ tuple $envAll "designate" "mdns" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.mdns.node_selector_key }}: {{ .Values.labels.mdns.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.mdns.timeout | default "30" }} + initContainers: +{{ tuple $envAll "mdns" $mounts_designate_mdns_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: designate-mdns +{{ tuple $envAll "designate_mdns" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.mdns | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "designate" "container" "designate_mdns" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + ports: + - name: d-mdns + containerPort: {{ tuple "mdns" "internal" "ipc" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + - name: d-mdns-udp + containerPort: {{ tuple "mdns" "internal" "ipc" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + protocol: UDP + readinessProbe: + tcpSocket: + port: {{ tuple "mdns" "internal" "ipc" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + command: + - bash + - /tmp/designate-mdns.sh + volumeMounts: + - name: designate-bin + mountPath: /tmp/designate-mdns.sh + subPath: designate-mdns.sh + readOnly: true + - name: pod-etc-designate + mountPath: /etc/designate + - name: pod-var-cache-designate + mountPath: /var/cache/designate + - name: designate-etc + mountPath: /etc/designate/designate.conf + subPath: designate.conf + readOnly: true + - name: designate-etc + mountPath: /etc/designate/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: designate-etc + mountPath: /etc/designate/policy.json + subPath: policy.json + readOnly: true + {{- if .Values.conf.designate.DEFAULT.log_config_append }} + - name: designate-etc + mountPath: {{ .Values.conf.designate.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.designate.DEFAULT.log_config_append }} + readOnly: true + {{- end }} +{{- if $mounts_designate_mdns.volumeMounts }}{{ toYaml $mounts_designate_mdns.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-etc-designate + emptyDir: {} + - name: pod-var-cache-designate + emptyDir: {} + - name: designate-bin + configMap: + name: designate-bin + defaultMode: 0555 + - name: designate-etc + secret: + secretName: designate-etc + defaultMode: 0444 +{{- if $mounts_designate_mdns.volumes }}{{ toYaml $mounts_designate_mdns.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/designate/templates/deployment-producer.yaml b/designate/templates/deployment-producer.yaml new file mode 100644 index 0000000000..58f486a2ec --- /dev/null +++ b/designate/templates/deployment-producer.yaml @@ -0,0 +1,103 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.deployment_producer }} + +{{- $envAll := . }} +{{- $mounts_designate_producer := .Values.pod.mounts.designate_producer.designate_producer }} +{{- $mounts_designate_producer_init := .Values.pod.mounts.designate_producer.init_container }} + +{{- $serviceAccountName := "designate-producer" }} +{{ tuple $envAll "producer" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: designate-producer + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "designate" "producer" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.producer }} + selector: + matchLabels: +{{ tuple $envAll "designate" "producer" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "designate" "producer" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "designate" "producer" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.producer.node_selector_key }}: {{ .Values.labels.producer.node_selector_value }} + initContainers: +{{ tuple $envAll "producer" $mounts_designate_producer_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: designate-producer +{{ tuple $envAll "designate_producer" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.producer | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "designate" "container" "designate_producer" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - bash + - /tmp/designate-producer.sh + volumeMounts: + - name: designate-bin + mountPath: /tmp/designate-producer.sh + subPath: designate-producer.sh + readOnly: true + - name: pod-etc-designate + mountPath: /etc/designate + - name: pod-var-cache-designate + mountPath: /var/cache/designate + - name: designate-etc + mountPath: /etc/designate/designate.conf + subPath: designate.conf + readOnly: true + - name: designate-etc + mountPath: /etc/designate/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: designate-etc + mountPath: /etc/designate/policy.json + subPath: policy.json + readOnly: true + {{- if .Values.conf.designate.DEFAULT.log_config_append }} + - name: designate-etc + mountPath: {{ .Values.conf.designate.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.designate.DEFAULT.log_config_append }} + readOnly: true + {{- end }} +{{- if $mounts_designate_producer.volumeMounts }}{{ toYaml $mounts_designate_producer.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-etc-designate + emptyDir: {} + - name: pod-var-cache-designate + emptyDir: {} + - name: designate-bin + configMap: + name: designate-bin + defaultMode: 0555 + - name: designate-etc + secret: + secretName: designate-etc + defaultMode: 0444 +{{- if $mounts_designate_producer.volumes }}{{ toYaml $mounts_designate_producer.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/designate/templates/deployment-sink.yaml b/designate/templates/deployment-sink.yaml new file mode 100644 index 0000000000..58daf59ece --- /dev/null +++ b/designate/templates/deployment-sink.yaml @@ -0,0 +1,99 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.deployment_sink }} + +{{- $envAll := . }} +{{- $mounts_designate_sink := .Values.pod.mounts.designate_sink.designate_sink }} +{{- $mounts_designate_sink_init := .Values.pod.mounts.designate_sink.init_container }} + +{{- $serviceAccountName := "designate-sink" }} +{{ tuple $envAll "sink" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: designate-sink + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "designate" "sink" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.sink }} + selector: + matchLabels: +{{ tuple $envAll "designate" "sink" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "designate" "sink" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "designate" "sink" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.sink.node_selector_key }}: {{ .Values.labels.sink.node_selector_value }} + initContainers: +{{ tuple $envAll "sink" $mounts_designate_sink_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: designate-sink +{{ tuple $envAll "designate_sink" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.sink | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "designate" "container" "designate_sink" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - bash + - /tmp/designate-sink.sh + volumeMounts: + - name: designate-bin + mountPath: /tmp/designate-sink.sh + subPath: designate-sink.sh + readOnly: true + - name: pod-etc-designate + mountPath: /etc/designate + - name: pod-var-cache-designate + mountPath: /var/cache/designate + - name: designate-etc + mountPath: /etc/designate/designate.conf + subPath: designate.conf + readOnly: true + - name: designate-etc + mountPath: /etc/designate/policy.json + subPath: policy.json + readOnly: true + {{- if .Values.conf.designate.DEFAULT.log_config_append }} + - name: designate-etc + mountPath: {{ .Values.conf.designate.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.designate.DEFAULT.log_config_append }} + readOnly: true + {{- end }} +{{- if $mounts_designate_sink.volumeMounts }}{{ toYaml $mounts_designate_sink.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-etc-designate + emptyDir: {} + - name: pod-var-cache-designate + emptyDir: {} + - name: designate-bin + configMap: + name: designate-bin + defaultMode: 0555 + - name: designate-etc + secret: + secretName: designate-etc + defaultMode: 0444 +{{- if $mounts_designate_sink.volumes }}{{ toYaml $mounts_designate_sink.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/designate/templates/deployment-worker.yaml b/designate/templates/deployment-worker.yaml new file mode 100644 index 0000000000..98b2971c98 --- /dev/null +++ b/designate/templates/deployment-worker.yaml @@ -0,0 +1,128 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.deployment_worker }} + +{{- $envAll := . }} +{{- $mounts_designate_worker := .Values.pod.mounts.designate_worker.designate_worker }} +{{- $mounts_designate_worker_init := .Values.pod.mounts.designate_worker.init_container }} + +{{- $serviceAccountName := "designate-worker" }} +{{ tuple $envAll "worker" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: designate-worker + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "designate" "worker" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.worker }} + selector: + matchLabels: +{{ tuple $envAll "designate" "worker" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "designate" "worker" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "designate" "worker" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.worker.node_selector_key }}: {{ .Values.labels.worker.node_selector_value }} + initContainers: +{{ tuple $envAll "worker" $mounts_designate_worker_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + - name: designate-worker-init +{{ tuple $envAll "designate_worker" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.worker | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - bash + - -c + - 'eval "echo \"$(cat /tmp/designate_pools.template)\"" > /etc/designate/pools.yaml && designate-manage pool update' + volumeMounts: + - name: designate-etc + mountPath: /tmp/designate_pools.template + subPath: pools.yaml + readOnly: true + - name: pod-etc-designate + mountPath: /etc/designate + - name: designate-etc + mountPath: /etc/designate/designate.conf + subPath: designate.conf + readOnly: true + {{- if .Values.conf.designate.DEFAULT.log_config_append }} + - name: designate-etc + mountPath: {{ .Values.conf.designate.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.designate.DEFAULT.log_config_append }} + readOnly: true + {{- end }} +{{- if $mounts_designate_worker.volumeMounts }}{{ toYaml $mounts_designate_worker.volumeMounts | indent 12 }}{{ end }} + containers: + - name: designate-worker +{{ tuple $envAll "designate_worker" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.worker | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "designate" "container" "designate_worker" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - bash + - /tmp/designate-worker.sh + volumeMounts: + - name: designate-bin + mountPath: /tmp/designate-worker.sh + subPath: designate-worker.sh + readOnly: true + - name: pod-etc-designate + mountPath: /etc/designate + - name: pod-var-cache-designate + mountPath: /var/cache/designate + - name: designate-etc + mountPath: /etc/designate/designate.conf + subPath: designate.conf + readOnly: true + - name: designate-etc + mountPath: /etc/designate/api-paste.ini + subPath: api-paste.ini + readOnly: true + - name: designate-etc + mountPath: /etc/designate/policy.json + subPath: policy.json + readOnly: true + {{- if .Values.conf.designate.DEFAULT.log_config_append }} + - name: designate-etc + mountPath: {{ .Values.conf.designate.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.designate.DEFAULT.log_config_append }} + readOnly: true + {{- end }} +{{- if $mounts_designate_worker.volumeMounts }}{{ toYaml $mounts_designate_worker.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-etc-designate + emptyDir: {} + - name: pod-var-cache-designate + emptyDir: {} + - name: designate-bin + configMap: + name: designate-bin + defaultMode: 0555 + - name: designate-etc + secret: + secretName: designate-etc + defaultMode: 0444 +{{- if $mounts_designate_worker.volumes }}{{ toYaml $mounts_designate_worker.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/designate/templates/ingress-api.yaml b/designate/templates/ingress-api.yaml new file mode 100644 index 0000000000..fd79d326b4 --- /dev/null +++ b/designate/templates/ingress-api.yaml @@ -0,0 +1,19 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.ingress_api }} + +{{- $ingressOpts := dict "envAll" . "backendServiceType" "dns" "backendPort" "dns-api" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} + +{{- end }} diff --git a/designate/templates/job-bootstrap.yaml b/designate/templates/job-bootstrap.yaml new file mode 100644 index 0000000000..d652813b1d --- /dev/null +++ b/designate/templates/job-bootstrap.yaml @@ -0,0 +1,60 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.job_bootstrap }} + +{{- $envAll := . }} +{{- if .Values.bootstrap.enabled }} +{{- $mounts_designate_bootstrap := .Values.pod.mounts.designate_bootstrap.designate_bootstrap }} +{{- $mounts_designate_bootstrap_init := .Values.pod.mounts.designate_bootstrap.init_container }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: designate-bootstrap +spec: + template: + metadata: + labels: +{{ tuple $envAll "designate" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + initContainers: +{{ tuple $envAll "bootstrap" $mounts_designate_bootstrap_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: designate-bootstrap + image: {{ .Values.images.tags.bootstrap }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + command: + - /tmp/bootstrap.sh + volumeMounts: + - name: designate-bin + mountPath: /tmp/bootstrap.sh + subPath: bootstrap.sh + readOnly: true +{{- if $mounts_designate_bootstrap.volumeMounts }}{{ toYaml $mounts_designate_bootstrap.volumeMounts | indent 10 }}{{ end }} + volumes: + - name: designate-bin + configMap: + name: designate-bin + defaultMode: 0555 +{{- if $mounts_designate_bootstrap.volumes }}{{ toYaml $mounts_designate_bootstrap.volumes | indent 6 }}{{ end }} +{{- end }} +{{- end }} diff --git a/designate/templates/job-db-init.yaml b/designate/templates/job-db-init.yaml new file mode 100644 index 0000000000..0a623007f1 --- /dev/null +++ b/designate/templates/job-db-init.yaml @@ -0,0 +1,19 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.job_db_init }} + +{{- $dbInitJob := dict "envAll" . "serviceName" "designate" -}} +{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} + +{{- end }} diff --git a/designate/templates/job-db-sync.yaml b/designate/templates/job-db-sync.yaml new file mode 100644 index 0000000000..20743dafeb --- /dev/null +++ b/designate/templates/job-db-sync.yaml @@ -0,0 +1,19 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.job_db_sync }} + +{{- $dbSyncJob := dict "envAll" . "serviceName" "designate" "podVolMounts" .Values.pod.mounts.designate_db_sync.designate_db_sync.volumeMounts "podVols" .Values.pod.mounts.designate_db_sync.designate_db_sync.volumes -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} + +{{- end }} diff --git a/designate/templates/job-ks-endpoints.yaml b/designate/templates/job-ks-endpoints.yaml new file mode 100644 index 0000000000..1bd7f6fc36 --- /dev/null +++ b/designate/templates/job-ks-endpoints.yaml @@ -0,0 +1,19 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.job_ks_endpoints }} + +{{- $ksServiceJob := dict "envAll" . "serviceName" "designate" "serviceTypes" ( tuple "dns" ) -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} + +{{- end }} diff --git a/designate/templates/job-ks-service.yaml b/designate/templates/job-ks-service.yaml new file mode 100644 index 0000000000..056f791302 --- /dev/null +++ b/designate/templates/job-ks-service.yaml @@ -0,0 +1,19 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.job_ks_service }} + +{{- $ksServiceJob := dict "envAll" . "serviceName" "designate" "serviceTypes" ( tuple "dns" ) -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} + + {{- end }} diff --git a/designate/templates/job-ks-user.yaml b/designate/templates/job-ks-user.yaml new file mode 100644 index 0000000000..2aadd0d8e2 --- /dev/null +++ b/designate/templates/job-ks-user.yaml @@ -0,0 +1,21 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# $% What does following represent? +{{- if .Values.manifests.job_ks_user }} + +{{- $ksUserJob := dict "envAll" . "serviceName" "designate" -}} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} + +{{- end }} diff --git a/designate/templates/job-rabbit-init.yaml b/designate/templates/job-rabbit-init.yaml new file mode 100644 index 0000000000..bab7dbd3fc --- /dev/null +++ b/designate/templates/job-rabbit-init.yaml @@ -0,0 +1,19 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if .Values.manifests.job_rabbit_init }} +{{- $rmqUserJob := dict "envAll" . "serviceName" "designate" -}} +{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }} +{{- end }} diff --git a/designate/templates/pdb-api.yaml b/designate/templates/pdb-api.yaml new file mode 100644 index 0000000000..945bdf502c --- /dev/null +++ b/designate/templates/pdb-api.yaml @@ -0,0 +1,28 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.pdb_api }} + +{{- $envAll := . }} +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: designate-api +spec: + minAvailable: {{ .Values.pod.lifecycle.disruption_budget.api.min_available }} + selector: + matchLabels: + app: +{{ tuple $envAll "designate" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{- end }} diff --git a/designate/templates/pdb-central.yaml b/designate/templates/pdb-central.yaml new file mode 100644 index 0000000000..a89ca5ea0c --- /dev/null +++ b/designate/templates/pdb-central.yaml @@ -0,0 +1,27 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.pdb_central }} + +{{- $envAll := . }} +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: designate-central +spec: + minAvailable: {{ .Values.pod.lifecycle.disruption_budget.central.min_available }} + selector: + matchLabels: + app: designate-central +{{- end }} diff --git a/designate/templates/pdb-mdns.yaml b/designate/templates/pdb-mdns.yaml new file mode 100644 index 0000000000..dd591b0cd4 --- /dev/null +++ b/designate/templates/pdb-mdns.yaml @@ -0,0 +1,27 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.pdb_mdns }} + +{{- $envAll := . }} +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: designate-mdns +spec: + minAvailable: {{ .Values.pod.lifecycle.disruption_budget.mdns.min_available }} + selector: + matchLabels: + app: designate-mdns +{{- end }} diff --git a/designate/templates/pdb-producer.yaml b/designate/templates/pdb-producer.yaml new file mode 100644 index 0000000000..e7af8ba8c5 --- /dev/null +++ b/designate/templates/pdb-producer.yaml @@ -0,0 +1,27 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.pdb_producer }} + +{{- $envAll := . }} +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: designate-producer +spec: + minAvailable: {{ .Values.pod.lifecycle.disruption_budget.producer.min_available }} + selector: + matchLabels: + app: designate-producer +{{- end }} diff --git a/designate/templates/pdb-sink.yaml b/designate/templates/pdb-sink.yaml new file mode 100644 index 0000000000..f0ffd205c0 --- /dev/null +++ b/designate/templates/pdb-sink.yaml @@ -0,0 +1,27 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.pdb_sink }} + +{{- $envAll := . }} +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: designate-sink +spec: + minAvailable: {{ .Values.pod.lifecycle.disruption_budget.sink.min_available }} + selector: + matchLabels: + app: designate-sink +{{- end }} diff --git a/designate/templates/pdb-worker.yaml b/designate/templates/pdb-worker.yaml new file mode 100644 index 0000000000..db57c215c2 --- /dev/null +++ b/designate/templates/pdb-worker.yaml @@ -0,0 +1,27 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.pdb_worker }} + +{{- $envAll := . }} +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: designate-worker +spec: + minAvailable: {{ .Values.pod.lifecycle.disruption_budget.worker.min_available }} + selector: + matchLabels: + app: designate-worker +{{- end }} diff --git a/designate/templates/secret-db.yaml b/designate/templates/secret-db.yaml new file mode 100644 index 0000000000..fb6ca1db9a --- /dev/null +++ b/designate/templates/secret-db.yaml @@ -0,0 +1,28 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.secret_db }} + +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "user" }} +{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} +{{- end }} +{{- end }} diff --git a/designate/templates/secret-ingress-tls.yaml b/designate/templates/secret-ingress-tls.yaml new file mode 100644 index 0000000000..6b2db640c6 --- /dev/null +++ b/designate/templates/secret-ingress-tls.yaml @@ -0,0 +1,19 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_ingress_tls }} +{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "dns" ) }} +{{- end }} diff --git a/designate/templates/secret-keystone.yaml b/designate/templates/secret-keystone.yaml new file mode 100644 index 0000000000..7627c05e52 --- /dev/null +++ b/designate/templates/secret-keystone.yaml @@ -0,0 +1,28 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.secret_keystone }} + +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "designate" "test" }} +{{- $secretName := index $envAll.Values.secrets.identity $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: +{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}} +{{- end }} +{{- end }} diff --git a/designate/templates/secret-rabbitmq.yaml b/designate/templates/secret-rabbitmq.yaml new file mode 100644 index 0000000000..f91dc2b47f --- /dev/null +++ b/designate/templates/secret-rabbitmq.yaml @@ -0,0 +1,30 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_rabbitmq }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "designate" }} +{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }} +{{- end }} +{{- end }} diff --git a/designate/templates/service-api.yaml b/designate/templates/service-api.yaml new file mode 100644 index 0000000000..4c18ba562b --- /dev/null +++ b/designate/templates/service-api.yaml @@ -0,0 +1,28 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.service_api }} + +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "dns" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: dns-api + port: {{ tuple "dns" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + selector: +{{ tuple $envAll "designate" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- end }} diff --git a/designate/templates/service-ingress-api.yaml b/designate/templates/service-ingress-api.yaml new file mode 100644 index 0000000000..5f4dc425fb --- /dev/null +++ b/designate/templates/service-ingress-api.yaml @@ -0,0 +1,19 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.service_ingress_api }} + +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "dns" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} + +{{- end }} diff --git a/designate/templates/service-mdns.yaml b/designate/templates/service-mdns.yaml new file mode 100644 index 0000000000..b3acba9cee --- /dev/null +++ b/designate/templates/service-mdns.yaml @@ -0,0 +1,37 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.service_mdns }} + +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "mdns" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: d-mdns + port: {{ tuple "mdns" "internal" "ipc" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + - name: d-mdns-udp + port: {{ tuple "mdns" "internal" "ipc" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + protocol: UDP + selector: +{{ tuple $envAll "designate" "mdns" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.mdns.node_port.enabled }} + type: NodePort + {{ if .Values.network.mdns.external_policy_local }} + externalTrafficPolicy: Local + {{ end }} + {{ end }} +{{- end }} diff --git a/designate/values.yaml b/designate/values.yaml new file mode 100644 index 0000000000..4c03a3e39e --- /dev/null +++ b/designate/values.yaml @@ -0,0 +1,831 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for designate. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +release_group: null + +labels: + api: + node_selector_key: openstack-control-plane + node_selector_value: enabled + central: + node_selector_key: openstack-control-plane + node_selector_value: enabled + producer: + node_selector_key: openstack-control-plane + node_selector_value: enabled + worker: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + mdns: + node_selector_key: openstack-control-plane + node_selector_value: enabled + sink: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +images: + tags: + bootstrap: docker.io/openstackhelm/heat:queens-ubuntu_xenial + db_init: docker.io/openstackhelm/heat:queens-ubuntu_xenial + db_drop: docker.io/openstackhelm/heat:queens-ubuntu_xenial + rabbit_init: docker.io/rabbitmq:3.7-management + ks_user: docker.io/openstackhelm/heat:queens-ubuntu_xenial + ks_service: docker.io/openstackhelm/heat:queens-ubuntu_xenial + ks_endpoints: docker.io/openstackhelm/heat:queens-ubuntu_xenial + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 + designate_db_sync: docker.io/openstackhelm/designate:queens-ubuntu_xenial + designate_api: docker.io/openstackhelm/designate:queens-ubuntu_xenial + designate_central: docker.io/openstackhelm/designate:queens-ubuntu_xenial + designate_mdns: docker.io/openstackhelm/designate:queens-ubuntu_xenial + designate_worker: docker.io/openstackhelm/designate:queens-ubuntu_xenial + designate_producer: docker.io/openstackhelm/designate:queens-ubuntu_xenial + designate_sink: docker.io/openstackhelm/designate:queens-ubuntu_xenial + pull_policy: "IfNotPresent" + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +pod: + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + mounts: + designate_api: + init_container: null + designate_api: + volumeMounts: + volumes: + designate_central: + init_container: null + designate_central: + volumeMounts: + volumes: + designate_mdns: + init_container: null + designate_mdns: + volumeMounts: + volumes: + designate_worker: + init_container: null + designate_worker: + volumeMounts: + volumes: + designate_producer: + init_container: null + designate_producer: + volumeMounts: + volumes: + designate_sink: + init_container: null + designate_sink: + volumeMounts: + volumes: + designate_db_sync: + designate_db_sync: + volumeMounts: + volumes: + replicas: + api: 1 + central: 1 + mdns: 1 + producer: 1 + sink: 1 + worker: 1 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + disruption_budget: + api: + min_available: 0 + central: + min_available: 0 + mdns: + min_available: 0 + worker: + min_available: 0 + producer: + min_available: 0 + sink: + min_available: 0 + termination_grace_period: + api: + timeout: 30 + mdns: + timeout: 30 + + resources: + enabled: false + api: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + jobs: + bootstrap: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_endpoints: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_service: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_user: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + rabbit_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + tests: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +network: + api: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + external_policy_local: false + node_port: + enabled: false + port: 9001 + mdns: + name: "designate-mdns" + proto: "http" + external_policy_local: false + node_port: + enabled: true + port: 5354 + +bootstrap: + enabled: false + script: | + openstack token issue + +dependencies: + dynamic: + common: + local_image_registry: + jobs: + - designate-image-repo-sync + services: + - endpoint: node + service: local_image_registry + job_rabbit_init: + api: + jobs: + - designate-rabbit-init + sink: + jobs: + - designate-rabbit-init + central: + jobs: + - designate-rabbit-init + worker: + jobs: + - designate-rabbit-init + static: + db_init: + services: + - service: oslo_db + endpoint: internal + db_sync: + jobs: + - designate-db-init + services: + - service: oslo_db + endpoint: internal + ks_user: + services: + - service: identity + endpoint: internal + ks_service: + services: + - service: identity + endpoint: internal + ks_endpoints: + jobs: + - designate-ks-service + services: + - service: identity + endpoint: internal + rabbit_init: + services: + - service: oslo_messaging + endpoint: internal + api: + jobs: + - designate-db-sync + - designate-ks-user + - designate-ks-endpoints + service: + - service: oslo_db + endpoint: internal + - service: identity + endpoint: internal + - service: oslo_messaging + endpoint: internal + central: + jobs: + - designate-db-sync + - designate-ks-user + - designate-ks-endpoints + service: + - service: oslo_db + endpoint: internal + - service: identity + endpoint: internal + - service: oslo_messaging + endpoint: internal + worker: + jobs: + - designate-db-sync + - designate-ks-user + - designate-ks-endpoints + services: + - service: oslo_db + endpoint: internal + - service: identity + endpoint: internal + - service: mdns + endpoint: internal + mdns: + jobs: + - designate-db-sync + - designate-ks-user + - designate-ks-endpoints + services: + - service: oslo_db + endpoint: internal + - service: identity + endpoint: internal + producer: + jobs: + - designate-db-sync + - designate-ks-user + - designate-ks-endpoints + services: + - service: oslo_db + endpoint: internal + - service: identity + endpoint: internal + sink: + jobs: + - designate-db-sync + - designate-ks-user + - designate-ks-endpoints + services: + - service: oslo_db + endpoint: internal + - service: identity + endpoint: internal + +conf: + pools: | + - name: default + # The name is immutable. There will be no option to change the name after + # creation and the only way will to change it will be to delete it + # (and all zones associated with it) and recreate it. + description: Default Pool + + attributes: {} + + # List out the NS records for zones hosted within this pool + # This should be a record that is created outside of designate, that + # points to the public IP of the controller node. + ns_records: + - hostname: {{ printf "ns.%s.svc.%s." .Release.Namespace .Values.endpoints.cluster_domain_suffix }} + priority: 1 + + # List out the nameservers for this pool. These are the actual DNS servers. + # We use these to verify changes have propagated to all nameservers. + nameservers: + - host: ${POWERDNS_SERVICE_HOST} + port: {{ tuple "powerdns" "internal" "powerdns" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + + # List out the targets for this pool. For BIND there will be one + # entry for each BIND server, as we have to run rndc command on each server + targets: + - type: pdns4 + description: PowerDNS Server + + # List out the designate-mdns servers from which PowerDNS servers should + # request zone transfers (AXFRs) from. + # This should be the IP of the controller node. + # If you have multiple controllers you can add multiple masters + # by running designate-mdns on them, and adding them here. + masters: + - host: ${MINIDNS_SERVICE_HOST} + port: {{ tuple "mdns" "internal" "ipc" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + + # PowerDNS Configuration options + options: + host: ${POWERDNS_SERVICE_HOST} + port: {{ tuple "powerdns" "internal" "powerdns" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + api_endpoint: http://${POWERDNS_SERVICE_HOST}:{{ tuple "powerdns" "internal" "powerdns_api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + api_token: {{ tuple "powerdns" "service" . | include "helm-toolkit.endpoints.endpoint_token_lookup" }} + paste: + composite:osapi_dns: + use: egg:Paste#urlmap + /: osapi_dns_versions + /v2: osapi_dns_v2 + /admin: osapi_dns_admin + composite:osapi_dns_versions: + use: call:designate.api.middleware:auth_pipeline_factory + noauth: http_proxy_to_wsgi cors maintenance faultwrapper osapi_dns_app_versions + keystone: http_proxy_to_wsgi cors maintenance faultwrapper osapi_dns_app_versions + app:osapi_dns_app_versions: + paste.app_factory: designate.api.versions:factory + composite:osapi_dns_v2: + use: call:designate.api.middleware:auth_pipeline_factory + noauth: http_proxy_to_wsgi cors request_id faultwrapper validation_API_v2 noauthcontext maintenance normalizeuri osapi_dns_app_v2 + keystone: http_proxy_to_wsgi cors request_id faultwrapper validation_API_v2 authtoken keystonecontext maintenance normalizeuri osapi_dns_app_v2 + app:osapi_dns_app_v2: + paste.app_factory: designate.api.v2:factory + composite:osapi_dns_admin: + use: call:designate.api.middleware:auth_pipeline_factory + noauth: http_proxy_to_wsgi cors request_id faultwrapper noauthcontext maintenance normalizeuri osapi_dns_app_admin + keystone: http_proxy_to_wsgi cors request_id faultwrapper authtoken keystonecontext maintenance normalizeuri osapi_dns_app_admin + app:osapi_dns_app_admin: + paste.app_factory: designate.api.admin:factory + filter:cors: + paste.filter_factory: oslo_middleware.cors:filter_factory + oslo_config_project: designate + filter:request_id: + paste.filter_factory: oslo_middleware:RequestId.factory + filter:http_proxy_to_wsgi: + paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory + filter:noauthcontext: + paste.filter_factory: designate.api.middleware:NoAuthContextMiddleware.factory + filter:authtoken: + paste.filter_factory: keystonemiddleware.auth_token:filter_factory + filter:keystonecontext: + paste.filter_factory: designate.api.middleware:KeystoneContextMiddleware.factory + filter:maintenance: + paste.filter_factory: designate.api.middleware:MaintenanceMiddleware.factory + filter:normalizeuri: + paste.filter_factory: designate.api.middleware:NormalizeURIMiddleware.factory + filter:faultwrapper: + paste.filter_factory: designate.api.middleware:FaultWrapperMiddleware.factory + filter:validation_API_v2: + paste.filter_factory: designate.api.middleware:APIv2ValidationErrorMiddleware.factory + policy: + admin: role:admin or is_admin:True + primary_zone: target.zone_type:SECONDARY + owner: tenant:%(tenant_id)s + admin_or_owner: rule:admin or rule:owner + target: tenant:%(target_tenant_id)s + owner_or_target: rule:target or rule:owner + admin_or_owner_or_target: rule:owner_or_target or rule:admin + admin_or_target: rule:admin or rule:target + zone_primary_or_admin: ('PRIMARY':%(zone_type)s and rule:admin_or_owner) OR ('SECONDARY':%(zone_type)s AND is_admin:True) + default: rule:admin_or_owner + all_tenants: rule:admin + edit_managed_records : rule:admin + use_low_ttl: rule:admin + get_quotas: rule:admin_or_owner + get_quota: rule:admin_or_owner + set_quota: rule:admin + reset_quotas: rule:admin + create_tld: rule:admin + find_tlds: rule:admin + get_tld: rule:admin + update_tld: rule:admin + delete_tld: rule:admin + create_tsigkey: rule:admin + find_tsigkeys: rule:admin + get_tsigkey: rule:admin + update_tsigkey: rule:admin + delete_tsigkey: rule:admin + find_tenants: rule:admin + get_tenant: rule:admin + count_tenants: rule:admin + create_zone: rule:admin_or_owner + get_zones: rule:admin_or_owner + get_zone: rule:admin_or_owner + get_zone_servers: rule:admin_or_owner + find_zones: rule:admin_or_owner + find_zone: rule:admin_or_owner + update_zone: rule:admin_or_owner + delete_zone: rule:admin_or_owner + xfr_zone: rule:admin_or_owner + abandon_zone: rule:admin + count_zones: rule:admin_or_owner + count_zones_pending_notify: rule:admin_or_owner + purge_zones: rule:admin + touch_zone: rule:admin_or_owner + create_recordset: rule:zone_primary_or_admin + get_recordsets: rule:admin_or_owner + get_recordset: rule:admin_or_owner + find_recordsets: rule:admin_or_owner + find_recordset: rule:admin_or_owner + update_recordset: rule:zone_primary_or_admin + delete_recordset: rule:zone_primary_or_admin + count_recordset: rule:admin_or_owner + create_record: rule:admin_or_owner + get_records: rule:admin_or_owner + get_record: rule:admin_or_owner + find_records: rule:admin_or_owner + find_record: rule:admin_or_owner + update_record: rule:admin_or_owner + delete_record: rule:admin_or_owner + count_records: rule:admin_or_owner + use_sudo: rule:admin + create_blacklist: rule:admin + find_blacklist: rule:admin + find_blacklists: rule:admin + get_blacklist: rule:admin + update_blacklist: rule:admin + delete_blacklist: rule:admin + use_blacklisted_zone: rule:admin + create_pool: rule:admin + find_pools: rule:admin + find_pool: rule:admin + get_pool: rule:admin + update_pool: rule:admin + delete_pool: rule:admin + zone_create_forced_pool: rule:admin + diagnostics_ping: rule:admin + diagnostics_sync_zones: rule:admin + diagnostics_sync_zone: rule:admin + diagnostics_sync_record: rule:admin + create_zone_transfer_request: rule:admin_or_owner + get_zone_transfer_request: rule:admin_or_owner or tenant:%(target_tenant_id)s or None:%(target_tenant_id)s + get_zone_transfer_request_detailed: rule:admin_or_owner + find_zone_transfer_requests: '@' + find_zone_transfer_request: '@' + update_zone_transfer_request: rule:admin_or_owner + delete_zone_transfer_request: rule:admin_or_owner + create_zone_transfer_accept: rule:admin_or_owner or tenant:%(target_tenant_id)s or None:%(target_tenant_id)s + get_zone_transfer_accept: rule:admin_or_owner + find_zone_transfer_accepts: rule:admin + find_zone_transfer_accept: rule:admin + update_zone_transfer_accept: rule:admin + delete_zone_transfer_accept: rule:admin + create_zone_import: rule:admin_or_owner + find_zone_imports: rule:admin_or_owner + get_zone_import: rule:admin_or_owner + update_zone_import: rule:admin_or_owner + delete_zone_import: rule:admin_or_owner + zone_export: rule:admin_or_owner + create_zone_export: rule:admin_or_owner + find_zone_exports: rule:admin_or_owner + get_zone_export: rule:admin_or_owner + update_zone_export: rule:admin_or_owner + find_service_status: rule:admin + find_service_statuses: rule:admin + update_service_service_status: rule:admin + designate: + DEFAULT: + debug: false + log_config_append: /etc/designate/logging.conf + service:api: + auth_strategy: keystone + enable_api_v2: true + enable_api_admin: true + enabled_extensions_v2: quotas,reports + workers: 2 + service:worker: + enabled: true + notify: false + oslo_middleware: + enable_proxy_headers_parsing: true + database: + max_retries: -1 + storage:sqlalchemy: + max_retries: -1 + keystone_authtoken: + auth_version: v3 + auth_type: password + memcache_security_strategy: ENCRYPT + logging: + loggers: + keys: + - root + - designate + handlers: + keys: + - stdout + - stderr + - "null" + formatters: + keys: + - context + - default + logger_root: + level: WARNING + handlers: stdout + logger_designate: + level: INFO + handlers: + - stdout + qualname: designate + logger_amqp: + level: WARNING + handlers: stderr + qualname: amqp + logger_amqplib: + level: WARNING + handlers: stderr + qualname: amqplib + logger_eventletwsgi: + level: WARNING + handlers: stderr + qualname: eventlet.wsgi.server + logger_sqlalchemy: + level: WARNING + handlers: stderr + qualname: sqlalchemy + logger_boto: + level: WARNING + handlers: stderr + qualname: boto + handler_null: + class: logging.NullHandler + formatter: default + args: () + handler_stdout: + class: StreamHandler + args: (sys.stdout,) + formatter: context + handler_stderr: + class: StreamHandler + args: (sys.stderr,) + formatter: context + formatter_context: + class: oslo_log.formatters.ContextFormatter + datefmt: "%Y-%m-%d %H:%M:%S" + formatter_default: + format: "%(message)s" + datefmt: "%Y-%m-%d %H:%M:%S" + +# Names of secrets used by bootstrap and environmental checks +secrets: + identity: + admin: designate-keystone-admin + designate: designate-keystone-user + test: designate-keystone-test + oslo_db: + admin: designate-db-admin + user: designate-db-user + oslo_messaging: + admin: designate-rabbitmq-admin + designate: designate-rabbitmq-user + tls: + dns: + api: + public: designate-tls-public + +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + identity: + name: keystone + auth: + admin: + region_name: RegionOne + username: admin + password: password + project_name: admin + user_domain_name: default + project_domain_name: default + designate: + role: admin + region_name: RegionOne + username: designate + password: password + project_name: service + user_domain_name: service + project_domain_name: service + test: + role: admin + region_name: RegionOne + username: designate-test + password: password + project_name: test + user_domain_name: service + project_domain_name: service + hosts: + default: keystone + internal: keystone-api + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: http + port: + api: + default: 80 + internal: 5000 + dns: + name: designate + hosts: + default: designate-api + public: designate + host_fqdn_override: + default: null + path: + default: / + scheme: + default: 'http' + port: + api: + default: 9001 + public: 80 + mdns: + name: minidns + hosts: + default: minidns + public: designate-mdns + host_fqdn_override: + default: null + path: + default: null + scheme: + default: 'tcp' + port: + ipc: + default: 5354 + oslo_db: + auth: + admin: + username: root + password: password + user: + username: designate + password: password + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /designate + scheme: mysql+pymysql + port: + mysql: + default: 3306 + oslo_cache: + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + auth: + # NOTE: this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null + oslo_messaging: + auth: + admin: + username: rabbitmq + password: password + designate: + username: designate + password: password + statefulset: + replicas: 2 + name: rabbitmq-rabbitmq + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: /designate + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + powerdns: + auth: + service: + token: chiave_segreta + hosts: + default: powerdns + host_fqdn_override: + default: null + port: + powerdns_api: + default: 8081 + powerdns: + default: 53 + +manifests: + configmap_bin: true + configmap_etc: true + deployment_api: true + deployment_central: true + deployment_worker: true + deployment_producer: true + deployment_mdns: true + deployment_sink: false + ingress_api: true + job_bootstrap: true + job_db_init: true + job_db_sync: true + job_ks_endpoints: true + job_ks_service: true + job_ks_user: true + job_rabbit_init: true + pdb_api: true + pdb_producer: true + pdb_central: true + pdb_worker: true + pdb_mdns: true + pdb_sink: false + secret_db: true + secret_ingress_tls: true + secret_keystone: true + secret_rabbitmq: true + service_api: true + service_mdns: true + service_ingress_api: true