ac2488d242
Not every cluster has a default storage class and even if they do, we don't always want to use that default storage class for our persistent volumes. Instead, allow the user to specific this via the cluster configuration itself for the three cases we require (zookeeper, scheduler, and registry). Change-Id: I948d57ce59d9b16c1c70fc52af2e22bd6131e6e2
495 lines
14 KiB
YAML
495 lines
14 KiB
YAML
{%- if manage_zk %}
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: zookeeper-client
|
|
labels:
|
|
app.kubernetes.io/name: zookeeper-client-certificate
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zookeeper-client-certificate
|
|
spec:
|
|
keyEncoding: pkcs8
|
|
secretName: zookeeper-client-tls
|
|
commonName: client
|
|
usages:
|
|
- digital signature
|
|
- key encipherment
|
|
- server auth
|
|
- client auth
|
|
issuerRef:
|
|
name: ca-issuer
|
|
kind: Issuer
|
|
{%- endif %}
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: zuul-executor
|
|
labels:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-executor
|
|
spec:
|
|
type: ClusterIP
|
|
clusterIP: None
|
|
ports:
|
|
- name: logs
|
|
port: 7900
|
|
protocol: TCP
|
|
targetPort: logs
|
|
selector:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-executor
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: zuul-web
|
|
labels:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-web
|
|
spec:
|
|
type: NodePort
|
|
ports:
|
|
- name: zuul-web
|
|
port: 9000
|
|
protocol: TCP
|
|
targetPort: zuul-web
|
|
selector:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-web
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: zuul-fingergw
|
|
labels:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-fingergw
|
|
spec:
|
|
type: NodePort
|
|
ports:
|
|
- name: zuul-fingergw
|
|
port: 9079
|
|
protocol: TCP
|
|
targetPort: zuul-web
|
|
selector:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-fingergw
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: zuul-scheduler
|
|
labels:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-scheduler
|
|
spec:
|
|
replicas: 1
|
|
serviceName: zuul-scheduler
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-scheduler
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-scheduler
|
|
annotations:
|
|
zuulConfSha: "{{ zuul_conf_sha }}"
|
|
spec:
|
|
imagePullSecrets: {{ spec.imagePullSecrets }}
|
|
containers:
|
|
- name: scheduler
|
|
image: {{ spec.imagePrefix }}/zuul-scheduler:{{ spec.zuulImageVersion }}
|
|
args: ["/usr/local/bin/zuul-scheduler", "-f", "-d"]
|
|
volumeMounts:
|
|
- name: zuul-config
|
|
mountPath: /etc/zuul
|
|
readOnly: true
|
|
- name: zuul-tenant-config
|
|
mountPath: /etc/zuul/tenant
|
|
readOnly: true
|
|
- name: zuul-scheduler
|
|
mountPath: /var/lib/zuul
|
|
- name: zookeeper-client-tls
|
|
mountPath: /tls/client
|
|
readOnly: true
|
|
{%- for connection_name, connection in connections.items() %}
|
|
{%- if 'secretName' in connection %}
|
|
- name: connection-{{ connection_name }}
|
|
mountPath: /etc/zuul/connections/{{ connection_name }}
|
|
readOnly: true
|
|
{%- endif %}
|
|
{%- endfor %}
|
|
env: {{ spec.env | zuul_to_json }}
|
|
volumes:
|
|
- name: zuul-config
|
|
secret:
|
|
secretName: zuul-config
|
|
- name: zuul-tenant-config
|
|
secret:
|
|
secretName: {{ zuul_tenant_secret }}
|
|
- name: zookeeper-client-tls
|
|
secret:
|
|
secretName: zookeeper-client-tls
|
|
{%- for connection_name, connection in connections.items() %}
|
|
{%- if 'secretName' in connection %}
|
|
- name: connection-{{ connection_name }}
|
|
secret:
|
|
secretName: {{ connection['secretName'] }}
|
|
{%- endif %}
|
|
{%- endfor %}
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: zuul-scheduler
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 80Gi
|
|
{%- if spec.scheduler.storageClassName != "" %}
|
|
storageClassName: {{ spec.scheduler.storageClassName }}
|
|
{%- endif %}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: zuul-web
|
|
labels:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-web
|
|
spec:
|
|
replicas: {{ spec.web.count }}
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-web
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-web
|
|
annotations:
|
|
zuulConfSha: "{{ zuul_conf_sha }}"
|
|
spec:
|
|
imagePullSecrets: {{ spec.imagePullSecrets }}
|
|
containers:
|
|
- name: web
|
|
image: {{ spec.imagePrefix }}/zuul-web:{{ spec.zuulImageVersion }}
|
|
ports:
|
|
- name: zuul-web
|
|
containerPort: 9000
|
|
volumeMounts:
|
|
- name: zuul-config
|
|
mountPath: /etc/zuul
|
|
- name: zookeeper-client-tls
|
|
mountPath: /tls/client
|
|
readOnly: true
|
|
env: {{ spec.env | zuul_to_json }}
|
|
volumes:
|
|
- name: zuul-config
|
|
secret:
|
|
secretName: zuul-config
|
|
- name: zookeeper-client-tls
|
|
secret:
|
|
secretName: zookeeper-client-tls
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: zuul-fingergw
|
|
labels:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-fingergw
|
|
spec:
|
|
replicas: {{ spec.fingergw.count }}
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-fingergw
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-fingergw
|
|
annotations:
|
|
zuulConfSha: "{{ zuul_conf_sha }}"
|
|
spec:
|
|
imagePullSecrets: {{ spec.imagePullSecrets }}
|
|
containers:
|
|
- name: fingergw
|
|
image: {{ spec.imagePrefix }}/zuul-fingergw:{{ spec.zuulImageVersion }}
|
|
ports:
|
|
- name: zuul-fingergw
|
|
containerPort: 9079
|
|
volumeMounts:
|
|
- name: zuul-config
|
|
mountPath: /etc/zuul
|
|
- name: zookeeper-client-tls
|
|
mountPath: /tls/client
|
|
readOnly: true
|
|
volumes:
|
|
- name: zuul-config
|
|
secret:
|
|
secretName: zuul-config
|
|
- name: zookeeper-client-tls
|
|
secret:
|
|
secretName: zookeeper-client-tls
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: zuul-executor
|
|
labels:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-executor
|
|
spec:
|
|
serviceName: zuul-executor
|
|
replicas: {{ spec.executor.count }}
|
|
podManagementPolicy: Parallel
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-executor
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-executor
|
|
annotations:
|
|
zuulConfSha: "{{ zuul_conf_sha }}"
|
|
spec:
|
|
imagePullSecrets: {{ spec.imagePullSecrets }}
|
|
securityContext:
|
|
runAsUser: 10001
|
|
runAsGroup: 10001
|
|
containers:
|
|
- name: executor
|
|
image: {{ spec.imagePrefix }}/zuul-executor:{{ spec.zuulImageVersion }}
|
|
args: ["/usr/local/bin/zuul-executor", "-f", "-d"]
|
|
ports:
|
|
- name: logs
|
|
containerPort: 7900
|
|
env:
|
|
- name: ZUUL_EXECUTOR_SIGTERM_GRACEFUL
|
|
value: "1"
|
|
volumeMounts:
|
|
- name: zuul-config
|
|
mountPath: /etc/zuul
|
|
- name: zuul-var
|
|
mountPath: /var/lib/zuul
|
|
{%- if executor_ssh_secret %}
|
|
- name: nodepool-private-key
|
|
mountPath: /etc/zuul/sshkey
|
|
{%- endif %}
|
|
- name: zookeeper-client-tls
|
|
mountPath: /tls/client
|
|
readOnly: true
|
|
{%- for volume in spec.get('jobVolumes', []) %}
|
|
- name: {{ volume.volume.name }}
|
|
mountPath: {{ volume.path }}
|
|
{%- if volume.access == 'ro' %}readOnly: true{% endif %}
|
|
{%- endfor %}
|
|
{%- for connection_name, connection in connections.items() %}
|
|
{%- if 'secretName' in connection %}
|
|
- name: connection-{{ connection_name }}
|
|
mountPath: /etc/zuul/connections/{{ connection_name }}
|
|
readOnly: true
|
|
{%- endif %}
|
|
{%- endfor %}
|
|
securityContext:
|
|
privileged: true
|
|
terminationGracePeriodSeconds: {{ spec.executor.terminationGracePeriodSeconds }}
|
|
volumes:
|
|
- name: zuul-var
|
|
emptyDir: {}
|
|
- name: zuul-config
|
|
secret:
|
|
secretName: zuul-config
|
|
- name: zookeeper-client-tls
|
|
secret:
|
|
secretName: {{ spec.zookeeper.secretName }}
|
|
{%- if executor_ssh_secret %}
|
|
- name: nodepool-private-key
|
|
secret:
|
|
secretName: {{ executor_ssh_secret }}
|
|
{%- endif %}
|
|
{%- for volume in spec.get('jobVolumes', []) %}
|
|
- {{ volume.volume | zuul_to_json }}
|
|
{%- endfor %}
|
|
{%- for connection_name, connection in connections.items() %}
|
|
{%- if 'secretName' in connection %}
|
|
- name: connection-{{ connection_name }}
|
|
secret:
|
|
secretName: {{ connection['secretName'] }}
|
|
{%- endif %}
|
|
{%- endfor %}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: zuul-merger
|
|
labels:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-merger
|
|
spec:
|
|
serviceName: zuul-merger
|
|
replicas: {{ spec.merger.count }}
|
|
podManagementPolicy: Parallel
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-merger
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-merger
|
|
annotations:
|
|
zuulConfSha: "{{ zuul_conf_sha }}"
|
|
spec:
|
|
imagePullSecrets: {{ spec.imagePullSecrets }}
|
|
securityContext:
|
|
runAsUser: 10001
|
|
runAsGroup: 10001
|
|
containers:
|
|
- name: merger
|
|
image: {{ spec.imagePrefix }}/zuul-merger:{{ spec.zuulImageVersion }}
|
|
args: ["/usr/local/bin/zuul-merger", "-f", "-d"]
|
|
volumeMounts:
|
|
- name: zuul-config
|
|
mountPath: /etc/zuul
|
|
- name: zuul-var
|
|
mountPath: /var/lib/zuul
|
|
- name: zookeeper-client-tls
|
|
mountPath: /tls/client
|
|
readOnly: true
|
|
{%- for connection_name, connection in connections.items() %}
|
|
{%- if 'secretName' in connection %}
|
|
- name: connection-{{ connection_name }}
|
|
mountPath: /etc/zuul/connections/{{ connection_name }}
|
|
readOnly: true
|
|
{%- endif %}
|
|
{%- endfor %}
|
|
terminationGracePeriodSeconds: 3600
|
|
volumes:
|
|
- name: zuul-var
|
|
emptyDir: {}
|
|
- name: zuul-config
|
|
secret:
|
|
secretName: zuul-config
|
|
- name: zookeeper-client-tls
|
|
secret:
|
|
secretName: {{ spec.zookeeper.secretName }}
|
|
{%- for connection_name, connection in connections.items() %}
|
|
{%- if 'secretName' in connection %}
|
|
- name: connection-{{ connection_name }}
|
|
secret:
|
|
secretName: {{ connection['secretName'] }}
|
|
{%- endif %}
|
|
{%- endfor %}
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: zuul-preview
|
|
labels:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-preview
|
|
spec:
|
|
type: NodePort
|
|
ports:
|
|
- name: zuul-preview
|
|
port: 80
|
|
protocol: TCP
|
|
targetPort: zuul-preview
|
|
selector:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-preview
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: zuul-preview
|
|
labels:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-preview
|
|
spec:
|
|
replicas: {{ spec.preview.count }}
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-preview
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: zuul
|
|
app.kubernetes.io/instance: {{ instance_name }}
|
|
app.kubernetes.io/part-of: zuul
|
|
app.kubernetes.io/component: zuul-preview
|
|
spec:
|
|
imagePullSecrets: {{ spec.imagePullSecrets }}
|
|
containers:
|
|
- name: preview
|
|
image: {{ spec.imagePrefix }}/zuul-preview:{{ spec.zuulPreviewImageVersion }}
|
|
ports:
|
|
- name: zuul-preview
|
|
containerPort: 80
|
|
env:
|
|
- name: ZUUL_API_URL
|
|
value: http://zuul-web/
|