diff --git a/congress/.helmignore b/congress/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/congress/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/congress/Chart.yaml b/congress/Chart.yaml deleted file mode 100644 index 88c73f07e0..0000000000 --- a/congress/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: OpenStack-Helm Congress -name: congress -version: 0.1.0 -home: https://docs.openstack.org/congress/latest/ -icon: https://www.openstack.org/themes/openstack/images/project-mascots/Congress/OpenStack_Project_Congress_vertical.png -sources: - - https://opendev.org/openstack/congress - - https://opendev.org/openstack/openstack-helm -maintainers: - - name: OpenStack-Helm Authors diff --git a/congress/requirements.yaml b/congress/requirements.yaml deleted file mode 100644 index 5669e12cfd..0000000000 --- a/congress/requirements.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: helm-toolkit - repository: http://localhost:8879/charts - version: 0.1.0 diff --git a/congress/templates/bin/_bootstrap.sh.tpl b/congress/templates/bin/_bootstrap.sh.tpl deleted file mode 100644 index 6452d0a073..0000000000 --- a/congress/templates/bin/_bootstrap.sh.tpl +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -set -ex -{{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} diff --git a/congress/templates/bin/_congress-api.sh.tpl b/congress/templates/bin/_congress-api.sh.tpl deleted file mode 100644 index e70b1a73a3..0000000000 --- a/congress/templates/bin/_congress-api.sh.tpl +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -set -ex -COMMAND="${@:-start}" - -function start () { - exec congress-server \ - --api \ - --node-id=$HOSTNAME \ - --config-file /etc/congress/congress.conf -} - -function stop () { - kill -TERM 1 -} - -$COMMAND diff --git a/congress/templates/bin/_congress-datasource.sh.tpl b/congress/templates/bin/_congress-datasource.sh.tpl deleted file mode 100644 index f5d369c0e6..0000000000 --- a/congress/templates/bin/_congress-datasource.sh.tpl +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -set -ex -COMMAND="${@:-start}" - -function start () { - exec congress-server \ - --datasources \ - --node-id=$HOSTNAME \ - --config-file /etc/congress/congress.conf -} - -function stop () { - kill -TERM 1 -} - -$COMMAND diff --git a/congress/templates/bin/_congress-policy-engine.sh.tpl b/congress/templates/bin/_congress-policy-engine.sh.tpl deleted file mode 100644 index d7803f43a6..0000000000 --- a/congress/templates/bin/_congress-policy-engine.sh.tpl +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -set -ex -COMMAND="${@:-start}" - -function start () { - exec congress-server \ - --policy-engine \ - --node-id=$HOSTNAME \ - --config-file /etc/congress/congress.conf -} - -function stop () { - kill -TERM 1 -} - -$COMMAND diff --git a/congress/templates/bin/_db-sync.sh.tpl b/congress/templates/bin/_db-sync.sh.tpl deleted file mode 100644 index ebe69e8026..0000000000 --- a/congress/templates/bin/_db-sync.sh.tpl +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -set -ex - -congress-db-manage --config-file /etc/congress/congress.conf upgrade head diff --git a/congress/templates/bin/_ds_create.sh.tpl b/congress/templates/bin/_ds_create.sh.tpl deleted file mode 100644 index 28683c9b94..0000000000 --- a/congress/templates/bin/_ds_create.sh.tpl +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -set -ex - -# Create datasources for congress service -# neutronv2, glancev2, keystonev3 -datasource_list={{ include "helm-toolkit.utils.joinListWithSpace" .Values.policy.datasource_services | quote }} -configure_service() { - service=$1 - service_enabled=`openstack service list | grep $(echo $service | sed 's/v[0-9]$//g') || true` - datasource_exist=`openstack congress datasource list | awk '{print $4}' |grep $service || true` - if [ -z "$datasource_exist" ] && [ ! -z "$service_enabled" ] - then - openstack congress datasource create $service "$service" \ - --config poll_time={{.Values.policy.poll_time}} \ - --config username=$OS_USERNAME \ - --config tenant_name=$OS_PROJECT_NAME \ - --config password=$OS_PASSWORD \ - --config auth_url=$OS_AUTH_URL - fi -} - -for ds in $datasource_list -do - configure_service $ds -done diff --git a/congress/templates/bin/_helm-tests.sh.tpl b/congress/templates/bin/_helm-tests.sh.tpl deleted file mode 100644 index e3949b91da..0000000000 --- a/congress/templates/bin/_helm-tests.sh.tpl +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -set -ex - - -datasource_list={{ include "helm-toolkit.utils.joinListWithSpace" .Values.policy.datasource_services | quote }} -random_string=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 5 | head -n 1` - -if [ ! -z "$datasource_list" ] - then - # Try to create policy and rule with every enabled datasource "neutronv2, glancev2" - # Datasources should be created during installation step via _ds_create.sh.tpl script - for ds in $datasource_list - do - policy_name="${ds}_policy_${random_string}" - openstack congress policy create $policy_name - - openstack congress policy rule create $policy_name " - ${policy_name}_rule(id) :- - ${ds}(id)" - - openstack congress policy delete $policy_name - done - else - echo "No datasource enabled." - exit 1 - -fi diff --git a/congress/templates/configmap-bin.yaml b/congress/templates/configmap-bin.yaml deleted file mode 100644 index 407468539e..0000000000 --- a/congress/templates/configmap-bin.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.configmap_bin }} -{{- $envAll := . }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: congress-bin -data: -{{- if .Values.images.local_registry.active }} - image-repo-sync.sh: | -{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} -{{- end }} -{{- if .Values.bootstrap.enabled }} - bootstrap.sh: | -{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} -{{- end }} - congress-api.sh: | -{{ tuple "bin/_congress-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - congress-policy-engine.sh: | -{{ tuple "bin/_congress-policy-engine.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - congress-datasource.sh: | -{{ tuple "bin/_congress-datasource.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - db-init.py: | -{{- include "helm-toolkit.scripts.db_init" . | indent 4 }} - db-sync.sh: | -{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - ds-create.sh: | -{{ tuple "bin/_ds_create.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - congress-test.sh: | -{{ tuple "bin/_helm-tests.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - ks-service.sh: | -{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }} - ks-endpoints.sh: | -{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }} - ks-user.sh: | -{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} - rabbit-init.sh: | -{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }} -{{- end }} diff --git a/congress/templates/configmap-etc.yaml b/congress/templates/configmap-etc.yaml deleted file mode 100644 index f6d31f6f07..0000000000 --- a/congress/templates/configmap-etc.yaml +++ /dev/null @@ -1,87 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.configmap_etc }} -{{- $envAll := . }} - -{{- if empty .Values.conf.congress.DEFAULT.transport_url -}} -{{- $_ := tuple "oslo_messaging" "internal" "congress" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.congress.DEFAULT "transport_url" -}} -{{- end -}} - -{{- if empty .Values.conf.congress.database.connection -}} -{{- $_ := tuple "oslo_db" "internal" "congress" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.congress.database "connection" -}} -{{- end -}} - -{{- if empty .Values.conf.congress.keystone_authtoken.memcached_servers -}} -{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.congress.keystone_authtoken "memcached_servers" -}} -{{- end -}} -{{- if empty .Values.conf.congress.keystone_authtoken.memcache_secret_key -}} -{{- $_ := set .Values.conf.congress.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}} -{{- end -}} - -{{- if empty .Values.conf.congress.keystone_authtoken.auth_url -}} -{{- $_ := tuple "identity" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.congress.keystone_authtoken "auth_url" -}} -{{- end -}} - -{{- if empty .Values.conf.congress.keystone_authtoken.auth_uri -}} -{{- $_ := set .Values.conf.congress.keystone_authtoken "auth_uri" .Values.conf.congress.keystone_authtoken.auth_url -}} -{{- end -}} - -{{- if empty .Values.conf.congress.keystone_authtoken.region_name -}} -{{- $_ := set .Values.conf.congress.keystone_authtoken "region_name" .Values.endpoints.identity.auth.congress.region_name -}} -{{- end -}} -{{- if empty .Values.conf.congress.keystone_authtoken.project_name -}} -{{- $_ := set .Values.conf.congress.keystone_authtoken "project_name" .Values.endpoints.identity.auth.congress.project_name -}} -{{- end -}} -{{- if empty .Values.conf.congress.keystone_authtoken.project_domain_name -}} -{{- $_ := set .Values.conf.congress.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.congress.project_domain_name -}} -{{- end -}} -{{- if empty .Values.conf.congress.keystone_authtoken.user_domain_name -}} -{{- $_ := set .Values.conf.congress.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.congress.user_domain_name -}} -{{- end -}} -{{- if empty .Values.conf.congress.keystone_authtoken.username -}} -{{- $_ := set .Values.conf.congress.keystone_authtoken "username" .Values.endpoints.identity.auth.congress.username -}} -{{- end -}} -{{- if empty .Values.conf.congress.keystone_authtoken.password -}} -{{- $_ := set .Values.conf.congress.keystone_authtoken "password" .Values.endpoints.identity.auth.congress.password -}} -{{- end -}} - -{{- if empty .Values.conf.congress.DEFAULT.bind_port -}} -{{- $_ := tuple "policy" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.congress.DEFAULT "bind_port" -}} -{{- end -}} - -{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}} -{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} -{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} -{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .Release.Name $fluentd_host $fluentd_port }} -{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}} -{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}} -{{- end -}} - -{{- if and (empty .Values.conf.logging.formatter_fluent) (has "fluent" .Values.conf.logging.formatters.keys) -}} -{{- $formatter_fluent := dict "class" "oslo_log.formatters.FluentFormatter" -}} -{{- $_ := set .Values.conf.logging "formatter_fluent" $formatter_fluent -}} -{{- end -}} ---- -apiVersion: v1 -kind: Secret -metadata: - name: congress-etc -type: Opaque -data: - congress.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.congress | b64enc }} - logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} - api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} - policy.json: {{ toJson .Values.conf.policy | b64enc }} -{{- end }} diff --git a/congress/templates/deployment-api.yaml b/congress/templates/deployment-api.yaml deleted file mode 100644 index dd07f74ce5..0000000000 --- a/congress/templates/deployment-api.yaml +++ /dev/null @@ -1,105 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.deployment_api }} -{{- $envAll := . }} - -{{- $serviceAccountName := "congress-api" }} -{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: congress-api - annotations: - {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} - labels: -{{ tuple $envAll "congress" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -spec: - replicas: {{ .Values.pod.replicas.api }} - selector: - matchLabels: -{{ tuple $envAll "congress" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} -{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} - template: - metadata: - labels: -{{ tuple $envAll "congress" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - annotations: -{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} - configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} - configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} - spec: - serviceAccountName: {{ $serviceAccountName }} - affinity: -{{ tuple $envAll "congress" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} - initContainers: -{{ tuple $envAll "api" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - nodeSelector: - {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }} - containers: - - name: congress-api -{{ tuple $envAll "congress_api" | include "helm-toolkit.snippets.image" | indent 10 }} - securityContext: - runAsUser: {{ .Values.pod.user.congress.uid }} - command: - - /tmp/congress-api.sh - - start - ports: - - name: c-api - containerPort: {{ tuple "policy" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - readinessProbe: - tcpSocket: - port: {{ tuple "policy" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - volumeMounts: - - name: pod-tmp - mountPath: /tmp - - name: etccongress - mountPath: /etc/congress - - name: congress-bin - mountPath: /tmp/congress-api.sh - subPath: congress-api.sh - readOnly: true - - name: congress-etc - mountPath: /etc/congress/congress.conf - subPath: congress.conf - readOnly: true - {{- if .Values.conf.congress.DEFAULT.log_config_append }} - - name: congress-etc - mountPath: {{ .Values.conf.congress.DEFAULT.log_config_append }} - subPath: {{ base .Values.conf.congress.DEFAULT.log_config_append }} - readOnly: true - {{- end }} - - name: congress-etc - mountPath: /etc/congress/api-paste.ini - subPath: api-paste.ini - readOnly: true - - name: congress-etc - mountPath: /etc/congress/policy.json - subPath: policy.json - readOnly: true - volumes: - - name: pod-tmp - emptyDir: {} - - name: etccongress - emptyDir: {} - - name: congress-bin - configMap: - name: congress-bin - defaultMode: 0777 - - name: congress-etc - secret: - secretName: congress-etc - defaultMode: 0444 -{{ end }} diff --git a/congress/templates/deployment-datasource.yaml b/congress/templates/deployment-datasource.yaml deleted file mode 100644 index e473144018..0000000000 --- a/congress/templates/deployment-datasource.yaml +++ /dev/null @@ -1,100 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.deployment_datasource }} -{{- $envAll := . }} - -{{- $serviceAccountName := "congress-datasource-dep" }} -{{ tuple $envAll "datasource" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: congress-datasource-dep - annotations: - {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} - labels: -{{ tuple $envAll "congress" "datasource" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -spec: - replicas: {{ .Values.pod.replicas.datasource }} - selector: - matchLabels: -{{ tuple $envAll "congress" "datasource" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} -{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} - template: - metadata: - labels: -{{ tuple $envAll "congress" "datasource" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - annotations: -{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} - configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} - configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} - spec: - serviceAccountName: {{ $serviceAccountName }} - affinity: -{{ tuple $envAll "congress" "datasource" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} - initContainers: -{{ tuple $envAll "datasource" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - nodeSelector: - {{ .Values.labels.datasource.node_selector_key }}: {{ .Values.labels.datasource.node_selector_value }} - containers: - - name: congress-datasource -{{ tuple $envAll "congress_datasource" | include "helm-toolkit.snippets.image" | indent 10 }} - securityContext: - runAsUser: {{ .Values.pod.user.congress.uid }} - command: - - /tmp/congress-datasource.sh - - start - volumeMounts: - - name: pod-tmp - mountPath: /tmp - - name: etccongress - mountPath: /etc/congress - - name: congress-bin - mountPath: /tmp/congress-datasource.sh - subPath: congress-datasource.sh - readOnly: true - - name: congress-etc - mountPath: /etc/congress/congress.conf - subPath: congress.conf - readOnly: true - {{- if .Values.conf.congress.DEFAULT.log_config_append }} - - name: congress-etc - mountPath: {{ .Values.conf.congress.DEFAULT.log_config_append }} - subPath: {{ base .Values.conf.congress.DEFAULT.log_config_append }} - readOnly: true - {{- end }} - - name: congress-etc - mountPath: /etc/congress/api-paste.ini - subPath: api-paste.ini - readOnly: true - - name: congress-etc - mountPath: /etc/congress/policy.json - subPath: policy.json - readOnly: true - volumes: - - name: pod-tmp - emptyDir: {} - - name: etccongress - emptyDir: {} - - name: congress-bin - configMap: - name: congress-bin - defaultMode: 0555 - - name: congress-etc - secret: - secretName: congress-etc - defaultMode: 0444 - -{{ end }} diff --git a/congress/templates/deployment-policy-engine.yaml b/congress/templates/deployment-policy-engine.yaml deleted file mode 100644 index 090e172e20..0000000000 --- a/congress/templates/deployment-policy-engine.yaml +++ /dev/null @@ -1,100 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.deployment_policy_engine }} -{{- $envAll := . }} - -{{- $serviceAccountName := "congress-policy-engine-dep" }} -{{ tuple $envAll "policy_engine" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: congress-policy-engine-dep - annotations: - {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} - labels: -{{ tuple $envAll "congress" "policy_engine" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -spec: - replicas: {{ .Values.pod.replicas.policy_engine }} - selector: - matchLabels: -{{ tuple $envAll "congress" "policy_engine" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} -{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} - template: - metadata: - labels: -{{ tuple $envAll "congress" "policy_engine" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - annotations: -{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} - configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} - configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} - spec: - serviceAccountName: {{ $serviceAccountName }} - affinity: -{{ tuple $envAll "congress" "policy_engine" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} - initContainers: -{{ tuple $envAll "policy_engine" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - nodeSelector: - {{ .Values.labels.policy_engine.node_selector_key }}: {{ .Values.labels.policy_engine.node_selector_value }} - containers: - - name: congress-policy-engine -{{ tuple $envAll "congress_policy_engine" | include "helm-toolkit.snippets.image" | indent 10 }} - securityContext: - runAsUser: {{ .Values.pod.user.congress.uid }} - command: - - /tmp/congress-policy-engine.sh - - start - volumeMounts: - - name: pod-tmp - mountPath: /tmp - - name: etccongress - mountPath: /etc/congress - - name: congress-bin - mountPath: /tmp/congress-policy-engine.sh - subPath: congress-policy-engine.sh - readOnly: true - - name: congress-etc - mountPath: /etc/congress/congress.conf - subPath: congress.conf - readOnly: true - {{- if .Values.conf.congress.DEFAULT.log_config_append }} - - name: congress-etc - mountPath: {{ .Values.conf.congress.DEFAULT.log_config_append }} - subPath: {{ base .Values.conf.congress.DEFAULT.log_config_append }} - readOnly: true - {{- end }} - - name: congress-etc - mountPath: /etc/congress/api-paste.ini - subPath: api-paste.ini - readOnly: true - - name: congress-etc - mountPath: /etc/congress/policy.json - subPath: policy.json - readOnly: true - volumes: - - name: pod-tmp - emptyDir: {} - - name: etccongress - emptyDir: {} - - name: congress-bin - configMap: - name: congress-bin - defaultMode: 0555 - - name: congress-etc - secret: - secretName: congress-etc - defaultMode: 0444 - -{{ end }} diff --git a/congress/templates/ingress-api.yaml b/congress/templates/ingress-api.yaml deleted file mode 100644 index d4a9eb6e91..0000000000 --- a/congress/templates/ingress-api.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }} -{{- $ingressOpts := dict "envAll" . "backendServiceType" "policy" "backendPort" "c-api" -}} -{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} -{{- end }} diff --git a/congress/templates/job-bootstrap.yaml b/congress/templates/job-bootstrap.yaml deleted file mode 100644 index 8096c7dc62..0000000000 --- a/congress/templates/job-bootstrap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }} -{{- $bootstrapJob := dict "envAll" . "serviceName" "congress" "keystoneUser" .Values.bootstrap.ks_user "logConfigFile" .Values.conf.congress.DEFAULT.log_config_append -}} -{{ $bootstrapJob | include "helm-toolkit.manifests.job_bootstrap" }} -{{- end }} diff --git a/congress/templates/job-db-drop.yaml b/congress/templates/job-db-drop.yaml deleted file mode 100644 index 319124b9e0..0000000000 --- a/congress/templates/job-db-drop.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.job_db_drop }} -{{- $dbDropJob := dict "envAll" . "serviceName" "congress" -}} -{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} -{{- end }} diff --git a/congress/templates/job-db-init.yaml b/congress/templates/job-db-init.yaml deleted file mode 100644 index 31978e9af8..0000000000 --- a/congress/templates/job-db-init.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.job_db_init }} -{{- $dbInitJob := dict "envAll" . "serviceName" "congress" -}} -{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} -{{- end }} diff --git a/congress/templates/job-db-sync.yaml b/congress/templates/job-db-sync.yaml deleted file mode 100644 index aa1d9611ca..0000000000 --- a/congress/templates/job-db-sync.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.job_db_sync }} -{{- $dbSyncJob := dict "envAll" . "serviceName" "congress" -}} -{{- $dbSyncJob := dict "envAll" . "serviceName" "congress" "podVolMounts" .Values.pod.mounts.congress_db_sync.congress_db_sync.volumeMounts "podVols" .Values.pod.mounts.congress_db_sync.congress_db_sync.volumes -}} -{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} -{{- end }} diff --git a/congress/templates/job-ds-create.yaml b/congress/templates/job-ds-create.yaml deleted file mode 100644 index 03d70e7c49..0000000000 --- a/congress/templates/job-ds-create.yaml +++ /dev/null @@ -1,65 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.job_ds_create }} -{{- $envAll := . }} - -{{- $serviceAccountName := "congress-ds-create" }} -{{ tuple $envAll "ds_create" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: congress-ds-create - annotations: - {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} -spec: - template: - metadata: - labels: -{{ tuple $envAll "congress" "ds-create" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} - initContainers: -{{ tuple $envAll "ds_create" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: congress-ds-create -{{ tuple $envAll "congress_ds_create" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.ds_create | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ds-create.sh - volumeMounts: - - name: pod-tmp - mountPath: /tmp - - name: ds-create-sh - mountPath: /tmp/ds-create.sh - subPath: ds-create.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_SERVICE_NAME - value: "congress" - volumes: - - name: pod-tmp - emptyDir: {} - - name: ds-create-sh - configMap: - name: congress-bin - defaultMode: 0555 -{{- end }} diff --git a/congress/templates/job-image-repo-sync.yaml b/congress/templates/job-image-repo-sync.yaml deleted file mode 100644 index 91e2163b7d..0000000000 --- a/congress/templates/job-image-repo-sync.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} -{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "congress" -}} -{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} -{{- end }} diff --git a/congress/templates/job-ks-endpoints.yaml b/congress/templates/job-ks-endpoints.yaml deleted file mode 100644 index ff22b7248a..0000000000 --- a/congress/templates/job-ks-endpoints.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.job_ks_endpoints }} -{{- $ksServiceJob := dict "envAll" . "serviceName" "congress" "serviceTypes" ( tuple "policy" ) -}} -{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} -{{- end }} diff --git a/congress/templates/job-ks-service.yaml b/congress/templates/job-ks-service.yaml deleted file mode 100644 index 10ad4c52aa..0000000000 --- a/congress/templates/job-ks-service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.job_ks_service }} -{{- $ksServiceJob := dict "envAll" . "serviceName" "congress" "serviceTypes" ( tuple "policy" ) -}} -{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} -{{- end }} diff --git a/congress/templates/job-ks-user.yaml b/congress/templates/job-ks-user.yaml deleted file mode 100644 index 01c092beb3..0000000000 --- a/congress/templates/job-ks-user.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.job_ks_user }} -{{- $ksUserJob := dict "envAll" . "serviceName" "congress" -}} -{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} -{{- end }} diff --git a/congress/templates/job-rabbit-init.yaml b/congress/templates/job-rabbit-init.yaml deleted file mode 100644 index 7abec2b1bc..0000000000 --- a/congress/templates/job-rabbit-init.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} -{{- if .Values.manifests.job_rabbit_init }} -{{- $rmqUserJob := dict "envAll" . "serviceName" "congress" -}} -{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }} -{{- end }} diff --git a/congress/templates/network_policy.yaml b/congress/templates/network_policy.yaml deleted file mode 100644 index 8cefbbb71a..0000000000 --- a/congress/templates/network_policy.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- if .Values.manifests.network_policy -}} -{{- $netpol_opts := dict "envAll" . "name" "application" "label" "congress" -}} -{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }} -{{- end -}} diff --git a/congress/templates/pod-test.yaml b/congress/templates/pod-test.yaml deleted file mode 100644 index 34087be7cc..0000000000 --- a/congress/templates/pod-test.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- $envAll := . }} - -{{- $serviceAccountName := print .Release.Name "-test" }} -{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: v1 -kind: Pod -metadata: - name: "{{.Release.Name}}-test" - labels: -{{ tuple $envAll "congress" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} - annotations: - "helm.sh/hook": test-success - {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} -spec: - nodeSelector: - {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: Never - containers: - - name: {{.Release.Name}}-congress-test -{{ tuple $envAll "congress_scripted_test" | include "helm-toolkit.snippets.image" | indent 6 }} - env: -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }} -{{- end }} - command: - - /tmp/congress-test.sh - volumeMounts: - - name: pod-tmp - mountPath: /tmp - - name: congress-bin - mountPath: /tmp/congress-test.sh - subPath: congress-test.sh - readOnly: true - volumes: - - name: pod-tmp - emptyDir: {} - - name: congress-bin - configMap: - name: congress-bin - defaultMode: 0555 diff --git a/congress/templates/secret-db.yaml b/congress/templates/secret-db.yaml deleted file mode 100644 index 6e6bcf3733..0000000000 --- a/congress/templates/secret-db.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.secret_db }} -{{- $envAll := . }} -{{- range $key1, $userClass := tuple "admin" "congress" }} -{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} -type: Opaque -data: - DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} -{{- end }} -{{- end }} diff --git a/congress/templates/secret-keystone.yaml b/congress/templates/secret-keystone.yaml deleted file mode 100644 index c16a662f74..0000000000 --- a/congress/templates/secret-keystone.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.secret_keystone }} -{{- $envAll := . }} -{{- range $key1, $userClass := tuple "admin" "congress" }} -{{- $secretName := index $envAll.Values.secrets.identity $userClass }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} -type: Opaque -data: -{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}} -{{- end }} -{{- end }} diff --git a/congress/templates/secret-rabbitmq.yaml b/congress/templates/secret-rabbitmq.yaml deleted file mode 100644 index 1d786b6f53..0000000000 --- a/congress/templates/secret-rabbitmq.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.secret_rabbitmq }} -{{- $envAll := . }} -{{- range $key1, $userClass := tuple "admin" "congress" }} -{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} -type: Opaque -data: - RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }} -{{- end }} -{{- end }} diff --git a/congress/templates/service-api.yaml b/congress/templates/service-api.yaml deleted file mode 100644 index 9fadb17518..0000000000 --- a/congress/templates/service-api.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.service_api }} -{{- $envAll := . }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ tuple "policy" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -spec: - ports: - - name: c-api - port: {{ tuple "policy" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - {{ if .Values.network.api.node_port.enabled }} - nodePort: {{ .Values.network.api.node_port.port }} - {{ end }} - selector: -{{ tuple $envAll "congress" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} - {{ if .Values.network.api.node_port.enabled }} - type: NodePort - {{ end }} -{{- end }} diff --git a/congress/templates/service-ingress-api.yaml b/congress/templates/service-ingress-api.yaml deleted file mode 100644 index 1819bf36d4..0000000000 --- a/congress/templates/service-ingress-api.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }} -{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "policy" -}} -{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} -{{- end }} diff --git a/congress/values.yaml b/congress/values.yaml deleted file mode 100644 index 200ef86d82..0000000000 --- a/congress/values.yaml +++ /dev/null @@ -1,636 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Default values for congress. -# This is a YAML-formatted file. -# Declare name/value pairs to be passed into your templates. -# name: value - ---- -labels: - api: - node_selector_key: openstack-control-plane - node_selector_value: enabled - datasource: - node_selector_key: openstack-control-plane - node_selector_value: enabled - job: - node_selector_key: openstack-control-plane - node_selector_value: enabled - policy_engine: - node_selector_key: openstack-control-plane - node_selector_value: enabled - test: - node_selector_key: openstack-control-plane - node_selector_value: enabled - -release_group: null - -images: - tags: - congress_api: docker.io/openstackhelm/congress:ocata-ubuntu_xenial - congress_datasource: docker.io/openstackhelm/congress:ocata-ubuntu_xenial - congress_policy_engine: docker.io/openstackhelm/congress:ocata-ubuntu_xenial - db_init: docker.io/openstackhelm/heat:ocata-ubuntu_xenial - congress_db_sync: docker.io/openstackhelm/congress:ocata-ubuntu_xenial - db_drop: docker.io/openstackhelm/heat:ocata-ubuntu_xenial - rabbit_init: docker.io/rabbitmq:3.7-management - ks_user: docker.io/openstackhelm/heat:ocata-ubuntu_xenial - ks_service: docker.io/openstackhelm/heat:ocata-ubuntu_xenial - ks_endpoints: docker.io/openstackhelm/heat:ocata-ubuntu_xenial - congress_ds_create: docker.io/openstackhelm/congress:ocata-ubuntu_xenial - congress_scripted_test: docker.io/openstackhelm/congress:ocata-ubuntu_xenial - dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 - image_repo_sync: docker.io/docker:17.07.0 - pull_policy: "IfNotPresent" - local_registry: - active: false - exclude: - - dep_check - - image_repo_sync - -network: - api: - ingress: - public: true - classes: - namespace: "nginx" - cluster: "nginx-cluster" - annotations: - nginx.ingress.kubernetes.io/rewrite-target: / - node_port: - enabled: false - port: 1789 - -volume: - class_name: general - size: 2Gi - -dependencies: - dynamic: - common: - local_image_registry: - jobs: - - congress-image-repo-sync - services: - - endpoint: node - service: local_image_registry - static: - api: - jobs: - - congress-db-sync - - congress-ks-user - - congress-ks-endpoints - - congress-rabbit-init - services: - - endpoint: internal - service: oslo_db - - endpoint: internal - service: identity - - endpoint: internal - service: oslo_messaging - bootstrap: - jobs: - - congress-db-sync - - congress-ks-user - - congress-ks-endpoints - services: - - endpoint: internal - service: identity - - endpoint: internal - service: image - datasource: - jobs: - - congress-db-sync - - congress-ks-user - - congress-ks-endpoints - - congress-rabbit-init - services: - - endpoint: internal - service: oslo_db - - endpoint: internal - service: identity - - endpoint: internal - service: oslo_messaging - db_drop: - services: - - endpoint: internal - service: oslo_db - db_init: - services: - - endpoint: internal - service: oslo_db - db_sync: - jobs: - - congress-db-init - services: - - endpoint: internal - service: oslo_db - ds_create: - jobs: - - congress-ks-endpoints - services: - - endpoint: internal - service: policy - ks_endpoints: - jobs: - - congress-ks-service - services: - - endpoint: internal - service: identity - ks_service: - services: - - endpoint: internal - service: identity - ks_user: - services: - - endpoint: internal - service: identity - rabbit_init: - services: - - endpoint: internal - service: oslo_messaging - policy_engine: - jobs: - - congress-db-sync - - congress-ks-user - - congress-ks-endpoints - - congress-rabbit-init - services: - - endpoint: internal - service: oslo_db - - endpoint: internal - service: identity - - endpoint: internal - service: oslo_messaging - storage_init: - services: null - tests: - services: - - endpoint: internal - service: oslo_db - - endpoint: internal - service: identity - - endpoint: internal - service: policy - image_repo_sync: - services: - - endpoint: internal - service: local_image_registry - -secrets: - identity: - admin: congress-keystone-admin - congress: congress-keystone-user - oslo_db: - admin: congress-db-admin - congress: congress-db-user - rbd: images-rbd-keyring - oslo_messaging: - admin: congress-rabbitmq-admin - congress: congress-rabbitmq-user - -bootstrap: - enabled: false - ks_user: congress - script: | - openstack token issue - -endpoints: - cluster_domain_suffix: cluster.local - local_image_registry: - name: docker-registry - namespace: docker-registry - hosts: - default: localhost - internal: docker-registry - node: localhost - host_fqdn_override: - default: null - port: - registry: - node: 5000 - identity: - name: keystone - auth: - admin: - region_name: RegionOne - username: admin - password: password - project_name: admin - user_domain_name: default - project_domain_name: default - congress: - role: admin - region_name: RegionOne - username: congress - password: password - project_name: service - user_domain_name: service - project_domain_name: service - hosts: - default: keystone - internal: keystone-api - host_fqdn_override: - default: null - path: - default: /v3 - scheme: - default: http - port: - api: - default: 80 - internal: 5000 - policy: - name: congress - hosts: - default: congress-api - public: congress - host_fqdn_override: - default: null - path: - default: null - scheme: - default: http - port: - api: - default: 1789 - public: 80 - oslo_db: - auth: - admin: - username: root - password: password - congress: - username: congress - password: password - hosts: - default: mariadb - host_fqdn_override: - default: null - path: /congress - scheme: mysql+pymysql - port: - mysql: - default: 3306 - oslo_cache: - auth: - # NOTE(portdirect): this is used to define the value for keystone - # authtoken cache encryption key, if not set it will be populated - # automatically with a random value, but to take advantage of - # this feature all services should be set to use the same key, - # and memcache service. - memcache_secret_key: null - hosts: - default: memcached - host_fqdn_override: - default: null - port: - memcache: - default: 11211 - oslo_messaging: - auth: - admin: - username: rabbitmq - password: password - congress: - username: congress - password: password - statefulset: - replicas: 2 - name: rabbitmq-rabbitmq - hosts: - default: rabbitmq - host_fqdn_override: - default: null - path: /congress - scheme: rabbit - port: - amqp: - default: 5672 - http: - default: 15672 - fluentd: - namespace: null - name: fluentd - hosts: - default: fluentd-logging - host_fqdn_override: - default: null - path: - default: null - scheme: 'http' - port: - service: - default: 24224 - metrics: - default: 24220 - -policy: - datasource_services: - - neutronv2 - - glancev2 - - keystonev3 - - swift - - heat - - nova - poll_time: 120 - -network_policy: - congress: - ingress: - - {} - egress: - - {} - -conf: - congress: - DEFAULT: - log_config_append: /etc/congress/logging.conf - # NOTE(portdirect): the bind port should not be defined, and is manipulated - # via the endpoints section. - bind_port: null - drivers: congress.datasources.neutronv2_driver.NeutronV2Driver,congress.datasources.glancev2_driver.GlanceV2Driver,congress.datasources.nova_driver.NovaDriver,congress.datasources.keystonev3_driver.KeystoneV3Driver,congress.datasources.cinder_driver.CinderDriver,congress.datasources.swift_driver.SwiftDriver,congress.datasources.plexxi_driver.PlexxiDriver,congress.datasources.vCenter_driver.VCenterDriver,congress.datasources.murano_driver.MuranoDriver,congress.datasources.ironic_driver.IronicDriver,congress.datasources.heatv1_driver.HeatV1Driver,congress.datasources.doctor_driver.DoctorDriver,congress.datasources.ceilometer_driver.CeilometerDriver - replicated_policy_engine: False - datasource_sync_period: 30 - auth_strategy: keystone - debug: False - logging_exception_prefix: '%(color)s%(asctime)s.%(msecs)03d TRACE %(name)s %(instance)s' - logging_debug_format_suffix: 'from (pid=%(process)d) %(funcName)s %(pathname)s:%(lineno)d' - logging_default_format_string: '%(asctime)s.%(msecs)03d %(color)s%(levelname)s %(name)s [-%(color)s] %(instance)s%(color)s%(message)s' - logging_context_format_string: '%(asctime)s.%(msecs)03d %(color)s%(levelname)s %(name)s [%(request_id)s %(project_name)s %(user_name)s%(color)s] %(instance)s%(color)s%(message)s' - oslo_policy: - policy_file: /etc/congress/policy.json - database: - max_retries: -1 - keystone_authtoken: - auth_type: password - logging: - loggers: - keys: - - root - - congress - handlers: - keys: - - stdout - - stderr - - "null" - formatters: - keys: - - context - - default - logger_root: - level: WARNING - handlers: stdout - logger_congress: - level: INFO - handlers: - - stdout - qualname: congress - logger_amqp: - level: WARNING - handlers: stderr - qualname: amqp - logger_amqplib: - level: WARNING - handlers: stderr - qualname: amqplib - logger_eventletwsgi: - level: WARNING - handlers: stderr - qualname: eventlet.wsgi.server - logger_sqlalchemy: - level: WARNING - handlers: stderr - qualname: sqlalchemy - logger_boto: - level: WARNING - handlers: stderr - qualname: boto - handler_null: - class: logging.NullHandler - formatter: default - args: () - handler_stdout: - class: StreamHandler - args: (sys.stdout,) - formatter: context - handler_stderr: - class: StreamHandler - args: (sys.stderr,) - formatter: context - formatter_context: - class: oslo_log.formatters.ContextFormatter - datefmt: "%Y-%m-%d %H:%M:%S" - formatter_default: - format: "%(message)s" - datefmt: "%Y-%m-%d %H:%M:%S" - paste: - composite:congress: - use: egg:Paste#urlmap - /: congressversions - /v1: congress_api_v1 - pipeline:congressversions: - pipeline: cors http_proxy_to_wsgi catch_errors congressversionapp - app:congressversionapp: - paste.app_factory: congress.api.versions:Versions.factory - composite:congress_api_v1: - use: call:congress.auth:pipeline_factory - keystone: cors http_proxy_to_wsgi request_id catch_errors authtoken keystonecontext congress_api - noauth: cors http_proxy_to_wsgi request_id catch_errors congress_api - app:congress_api: - paste.app_factory: congress.service:congress_app_factory - filter:request_id: - paste.filter_factory: oslo_middleware:RequestId.factory - filter:catch_errors: - paste.filter_factory: oslo_middleware:CatchErrors.factory - filter:keystonecontext: - paste.filter_factory: congress.auth:CongressKeystoneContext.factory - filter:authtoken: - paste.filter_factory: keystonemiddleware.auth_token:filter_factory - filter:cors: - paste.filter_factory: oslo_middleware.cors:filter_factory - oslo_config_project: congress - filter:http_proxy_to_wsgi: - paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory - oslo_config_project: congress - policy: - context_is_admin: role:admin - admin_only: rule:context_is_admin - regular_user: "" - default: rule:admin_only - -pod: - user: - congress: - uid: 42424 - affinity: - anti: - type: - default: preferredDuringSchedulingIgnoredDuringExecution - topologyKey: - default: kubernetes.io/hostname - weight: - default: 10 - mounts: - congress_db_sync: - congress_db_sync: - volumeMounts: - volumes: - replicas: - api: 1 - policy_engine: 1 - # don't scale out ds node - # only one node per environment should be in active state - # https://docs.openstack.org/congress/latest/admin/ha-overview.html#ha-overview - datasource: 1 - lifecycle: - upgrades: - deployments: - revision_history: 3 - pod_replacement_strategy: RollingUpdate - rolling_update: - max_unavailable: 1 - max_surge: 3 - disruption_budget: - api: - min_available: 0 - datasource: - min_available: 0 - policy_engine: - min_available: 0 - termination_grace_period: - api: - timeout: 600 - datasource: - timeout: 600 - policy_engine: - timeout: 600 - resources: - enabled: false - api: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "1024Mi" - cpu: "2000m" - registry: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "1024Mi" - cpu: "2000m" - jobs: - storage_init: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "1024Mi" - cpu: "2000m" - db_sync: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "1024Mi" - cpu: "2000m" - db_init: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "1024Mi" - cpu: "2000m" - db_drop: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "1024Mi" - cpu: "2000m" - rabbit_init: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "1024Mi" - cpu: "2000m" - ks_user: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "1024Mi" - cpu: "2000m" - ks_service: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "1024Mi" - cpu: "2000m" - ks_endpoints: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "1024Mi" - cpu: "2000m" - bootstrap: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "1024Mi" - cpu: "2000m" - tests: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "1024Mi" - cpu: "2000m" - image_repo_sync: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "1024Mi" - cpu: "2000m" - -manifests: - configmap_bin: true - configmap_etc: true - deployment_api: true - deployment_datasource: true - deployment_policy_engine: true - ingress_api: true - job_bootstrap: true - job_db_drop: false - job_db_init: true - job_db_sync: true - job_ds_create: true - job_image_repo_sync: true - job_rabbit_init: true - job_ks_endpoints: true - job_ks_service: true - job_ks_user: true - network_policy: false - secret_db: true - secret_keystone: true - service_api: true - service_ingress_api: true - secret_rabbitmq: true -...