diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
new file mode 100644
index 0000000000..86ccad97dc
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,33 @@
+
+
+**Is this a bug report or feature request?** (choose one):
+
+
+
+**Kubernetes Version** (output of `kubectl version`):
+
+**Helm Client and Tiller Versions** (output of `helm version`):
+
+**Development or Deployment Environment?**:
+
+**Release Tag or Master**:
+
+**Expected Behavior**:
+
+**What Actually Happened**:
+
+**How to Reproduce the Issue** (as minimally as possible):
+
+**Any Additional Comments**:
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 0000000000..b1395ce0c5
--- /dev/null
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,14 @@
+
+
+**What is the purpose of this pull request?**:
+
+**What issue does this pull request address?**: Fixes #
+
+**Notes for reviewers to consider**:
+
+**Specific reviewers for pull request**:
diff --git a/OWNERS b/OWNERS
new file mode 100644
index 0000000000..5881adfb1d
--- /dev/null
+++ b/OWNERS
@@ -0,0 +1,10 @@
+reviewers:
+ - alanmeadows
+ - v1k0d3n
+ - intlabs
+ - wilkers-steve
+ - DTadrzak
+ - larryrensing
+approvers:
+ - alanmeadows
+ - v1k0d3n
diff --git a/README.md b/README.md
index a84bc05f45..6014cf596d 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,10 @@
# Openstack-Helm
+**Join us on [Slack](http://slack.k8s.io/):** `#openstack-helm`
+**Join us on [Freenode](https://freenode.net/):** `#openstack-helm`
+**Community Meetings:** [Every other Tuesday @ 3PM UTC](https://calendar.google.com/calendar/embed?src=rnd4tpeoncig91pvs05il4p29o%40group.calendar.google.com&ctz=America/New_York) (Provided by [Zoom](https://zoom.us/j/562328746))
+**Community Agenda Items:** [Google Docs](https://docs.google.com/document/d/1Vm2OnMzjSru3cuvxh4Oa7R_z7staU-7ivGy8foOzDCs/edit#heading=h.bfc0dkav9gk2)
+
Openstack-Helm is a fully self-contained Helm-based OpenStack deployment on Kubernetes. It will provide baremetal provisioning, persistent storage, full-stack resiliency, full-stack scalability, performance monitoring and tracing, and an optional development pipeline (using Jenkins). This project, along with the tools used within are community-based and open sourced.
# Mission
diff --git a/ceph/templates/deployment-mds.yaml b/ceph/templates/deployment-mds.yaml
index 0485c5e719..e2f7181193 100644
--- a/ceph/templates/deployment-mds.yaml
+++ b/ceph/templates/deployment-mds.yaml
@@ -32,7 +32,7 @@ spec:
secret:
secretName: ceph-bootstrap-rgw-keyring
containers:
- - name: ceph-mon
+ - name: ceph-mds
image: {{ .Values.images.daemon }}
imagePullPolicy: {{ .Values.images.pull_policy }}
ports:
diff --git a/ceph/templates/deployment-moncheck.yaml b/ceph/templates/deployment-moncheck.yaml
index 459074f067..d2d93333b5 100644
--- a/ceph/templates/deployment-moncheck.yaml
+++ b/ceph/templates/deployment-moncheck.yaml
@@ -42,8 +42,8 @@ spec:
value: MON_HEALTH
- name: KV_TYPE
value: k8s
- - name: NETWORK_AUTO_DETECT
- value: "4"
+ - name: MON_IP_AUTO_DETECT
+ value: "1"
- name: CLUSTER
value: ceph
volumeMounts:
@@ -61,4 +61,4 @@ spec:
cpu: {{ .Values.resources.mon_check.requests.cpu | quote }}
limits:
memory: {{ .Values.resources.mon_check.limits.memory | quote }}
- cpu: {{ .Values.resources.mon_check.limits.cpu | quote }}
\ No newline at end of file
+ cpu: {{ .Values.resources.mon_check.limits.cpu | quote }}
diff --git a/ceph/templates/deployment-rgw.yaml b/ceph/templates/deployment-rgw.yaml
index 57ba1c9538..72069d43d5 100644
--- a/ceph/templates/deployment-rgw.yaml
+++ b/ceph/templates/deployment-rgw.yaml
@@ -16,7 +16,6 @@ spec:
app: ceph
daemon: rgw
spec:
- hostNetwork: true
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
serviceAccount: default
diff --git a/ceph/templates/statefulset-mon.yaml b/ceph/templates/statefulset-mon.yaml
index d7971a72a2..265dafbaaa 100644
--- a/ceph/templates/statefulset-mon.yaml
+++ b/ceph/templates/statefulset-mon.yaml
@@ -72,10 +72,16 @@ spec:
value: MON
- name: KV_TYPE
value: k8s
- - name: NETWORK_AUTO_DETECT
- value: "4"
- name: CLUSTER
value: ceph
+ - name: NETWORK_AUTO_DETECT
+ value: "0"
+ - name: CEPH_PUBLIC_NETWORK
+ value: {{ .Values.network.public | quote }}
+ - name: MON_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
volumeMounts:
- name: ceph-conf
mountPath: /etc/ceph
diff --git a/ceph/values.yaml b/ceph/values.yaml
index b88644a641..aa55e6444a 100644
--- a/ceph/values.yaml
+++ b/ceph/values.yaml
@@ -17,7 +17,7 @@ service:
name: ceph-mon
images:
- daemon: quay.io/attcomdev/ceph-daemon:latest
+ daemon: docker.io/library/ceph/daemon:tag-build-master-jewel-ubuntu-16.04
pull_policy: IfNotPresent
labels:
@@ -25,6 +25,7 @@ labels:
node_selector_value: enabled
network:
+ public: "10.25.0.0/16"
port:
mon: 6789
rgw_ingress: 80
diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml
index 6abc136d1a..74b0c59b7a 100644
--- a/cinder/templates/deployment-api.yaml
+++ b/cinder/templates/deployment-api.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.api }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
@@ -20,29 +22,7 @@ spec:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": {{ .Values.images.dep_check | quote }},
- "imagePullPolicy": {{ .Values.images.pull_policy | quote }},
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
nodeSelector:
@@ -51,6 +31,15 @@ spec:
- name: cinder-api
image: {{ .Values.images.api }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.cinder_api.requests.memory | quote }}
+ cpu: {{ .Values.resources.cinder_api.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.cinder_api.limits.memory | quote }}
+ cpu: {{ .Values.resources.cinder_api.limits.cpu | quote }}
+ {{- end }}
command:
- cinder-api
- --config-dir
diff --git a/cinder/templates/deployment-scheduler.yaml b/cinder/templates/deployment-scheduler.yaml
index fabcf3361a..443cd7f9b2 100644
--- a/cinder/templates/deployment-scheduler.yaml
+++ b/cinder/templates/deployment-scheduler.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.scheduler }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
@@ -20,29 +22,7 @@ spec:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": {{ .Values.images.dep_check | quote }},
- "imagePullPolicy": {{ .Values.images.pull_policy | quote }},
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.scheduler.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.scheduler.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
nodeSelector:
@@ -51,6 +31,15 @@ spec:
- name: cinder-scheduler
image: {{ .Values.images.scheduler }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.cinder_scheduler.requests.memory | quote }}
+ cpu: {{ .Values.resources.cinder_scheduler.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.cinder_scheduler.limits.memory | quote }}
+ cpu: {{ .Values.resources.cinder_scheduler.limits.cpu | quote }}
+ {{- end }}
command:
- cinder-scheduler
- --config-dir
diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
index 7f6cc18bd6..4c064029ab 100644
--- a/cinder/templates/deployment-volume.yaml
+++ b/cinder/templates/deployment-volume.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.volume }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
@@ -20,29 +22,7 @@ spec:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": {{ .Values.images.dep_check | quote }},
- "imagePullPolicy": {{ .Values.images.pull_policy | quote }},
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.volume.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.volume.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
nodeSelector:
@@ -51,6 +31,15 @@ spec:
- name: cinder-volume
image: {{ .Values.images.volume }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.cinder_volume.requests.memory | quote }}
+ cpu: {{ .Values.resources.cinder_volume.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.cinder_volume.limits.memory | quote }}
+ cpu: {{ .Values.resources.cinder_volume.limits.cpu | quote }}
+ {{- end }}
command:
- cinder-volume
- --config-dir
diff --git a/cinder/templates/etc/_cinder.conf.tpl b/cinder/templates/etc/_cinder.conf.tpl
index a576fe1fa0..1c8c1052da 100644
--- a/cinder/templates/etc/_cinder.conf.tpl
+++ b/cinder/templates/etc/_cinder.conf.tpl
@@ -15,7 +15,7 @@ api_paste_config = /etc/cinder/api-paste.ini
glance_api_servers = "{{ .Values.glance.proto }}://{{ .Values.glance.host }}:{{ .Values.glance.port }}"
glance_api_version = {{ .Values.glance.version }}
-enabled_backends = {{ include "joinListWithColon" .Values.backends.enabled }}
+enabled_backends = {{ include "joinListWithComma" .Values.backends.enabled }}
auth_strategy = keystone
os_region_name = {{ .Values.keystone.cinder_region_name }}
diff --git a/cinder/templates/job-db-init.yaml b/cinder/templates/job-db-init.yaml
index 951c6d1718..eb057e9af4 100644
--- a/cinder/templates/job-db-init.yaml
+++ b/cinder/templates/job-db-init.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.db_init }}
apiVersion: batch/v1
kind: Job
metadata:
@@ -7,29 +9,7 @@ spec:
metadata:
annotations:
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": {{ .Values.images.dep_check | quote }},
- "imagePullPolicy": {{ .Values.images.pull_policy | quote }},
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.db_init.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.db_init.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
restartPolicy: OnFailure
@@ -39,6 +19,15 @@ spec:
- name: cinder-db-init
image: {{ .Values.images.db_init | quote }}
imagePullPolicy: {{ .Values.images.pull_policy | quote }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.cinder_db_init.requests.memory | quote }}
+ cpu: {{ .Values.resources.cinder_db_init.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.cinder_db_init.limits.memory | quote }}
+ cpu: {{ .Values.resources.cinder_db_init.limits.cpu | quote }}
+ {{- end }}
env:
- name: ANSIBLE_LIBRARY
value: /usr/share/ansible/
diff --git a/cinder/templates/job-db-sync.yaml b/cinder/templates/job-db-sync.yaml
index b44d4799cf..97da3bc262 100644
--- a/cinder/templates/job-db-sync.yaml
+++ b/cinder/templates/job-db-sync.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.db_sync }}
apiVersion: batch/v1
kind: Job
metadata:
@@ -7,29 +9,7 @@ spec:
metadata:
annotations:
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": {{ .Values.images.dep_check | quote }},
- "imagePullPolicy": {{ .Values.images.pull_policy | quote }},
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
restartPolicy: OnFailure
@@ -39,6 +19,15 @@ spec:
- name: cinder-db-sync
image: {{ .Values.images.db_sync }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.cinder_db_sync.requests.memory | quote }}
+ cpu: {{ .Values.resources.cinder_db_sync.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.cinder_db_sync.limits.memory | quote }}
+ cpu: {{ .Values.resources.cinder_db_sync.limits.cpu | quote }}
+ {{- end }}
command:
- cinder-manage
args:
diff --git a/cinder/templates/job-ks-endpoints.yaml.yaml b/cinder/templates/job-ks-endpoints.yaml.yaml
index 936a866b1b..242ba42b4b 100644
--- a/cinder/templates/job-ks-endpoints.yaml.yaml
+++ b/cinder/templates/job-ks-endpoints.yaml.yaml
@@ -1,5 +1,6 @@
{{- $envAll := . }}
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "cinder-env-keystone-admin" }}
+{{- $dependencies := .Values.dependencies.ks_endpoints }}
apiVersion: batch/v1
kind: Job
metadata:
@@ -9,25 +10,7 @@ spec:
metadata:
annotations:
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": {{ .Values.images.dep_check | quote }},
- "imagePullPolicy": {{ .Values.images.pull_policy | quote }},
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
restartPolicy: OnFailure
@@ -39,6 +22,15 @@ spec:
- name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }}
image: {{ $envAll.Values.images.ks_endpoints }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
+ {{- if $envAll.Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ $envAll.Values.resources.cinder_ks_endpoints.requests.memory | quote }}
+ cpu: {{ $envAll.Values.resources.cinder_ks_endpoints.requests.cpu | quote }}
+ limits:
+ memory: {{ $envAll.Values.resources.cinder_ks_endpoints.limits.memory | quote }}
+ cpu: {{ $envAll.Values.resources.cinder_ks_endpoints.limits.cpu | quote }}
+ {{- end }}
command:
- bash
- /tmp/ks-endpoints.sh
diff --git a/cinder/templates/job-ks-service.yaml b/cinder/templates/job-ks-service.yaml
index 6a6f32a42a..c63c6103b9 100644
--- a/cinder/templates/job-ks-service.yaml
+++ b/cinder/templates/job-ks-service.yaml
@@ -1,5 +1,6 @@
{{- $envAll := . }}
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }}
+{{- $dependencies := .Values.dependencies.ks_service }}
apiVersion: batch/v1
kind: Job
metadata:
@@ -9,25 +10,7 @@ spec:
metadata:
annotations:
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": {{ .Values.images.dep_check | quote }},
- "imagePullPolicy": {{ .Values.images.pull_policy | quote }},
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
restartPolicy: OnFailure
@@ -38,6 +21,15 @@ spec:
- name: {{ $osServiceType }}-ks-service-registration
image: {{ $envAll.Values.images.ks_service }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
+ {{- if $envAll.Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ $envAll.Values.resources.cinder_ks_service.requests.memory | quote }}
+ cpu: {{ $envAll.Values.resources.cinder_ks_service.requests.cpu | quote }}
+ limits:
+ memory: {{ $envAll.Values.resources.cinder_ks_service.limits.memory | quote }}
+ cpu: {{ $envAll.Values.resources.cinder_ks_service.limits.cpu | quote }}
+ {{- end }}
command:
- bash
- /tmp/ks-service.sh
diff --git a/cinder/templates/job-ks-user.yaml b/cinder/templates/job-ks-user.yaml
index 6690863997..cc383e6f0c 100644
--- a/cinder/templates/job-ks-user.yaml
+++ b/cinder/templates/job-ks-user.yaml
@@ -1,5 +1,7 @@
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }}
{{- $ksUserSecret := .Values.keystone.user_secret | default "cinder-env-keystone-user" }}
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.ks_user }}
apiVersion: batch/v1
kind: Job
metadata:
@@ -9,25 +11,7 @@ spec:
metadata:
annotations:
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": {{ .Values.images.dep_check | quote }},
- "imagePullPolicy": {{ .Values.images.pull_policy | quote }},
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.ks_user.service }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
restartPolicy: OnFailure
@@ -37,6 +21,15 @@ spec:
- name: cinder-ks-user
image: {{ .Values.images.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.cinder_ks_user.requests.memory | quote }}
+ cpu: {{ .Values.resources.cinder_ks_user.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.cinder_ks_user.limits.memory | quote }}
+ cpu: {{ .Values.resources.cinder_ks_user.limits.cpu | quote }}
+ {{- end }}
command:
- bash
- /tmp/ks-user.sh
diff --git a/cinder/values.yaml b/cinder/values.yaml
index 120d4d484f..4f6ebeb5b2 100644
--- a/cinder/values.yaml
+++ b/cinder/values.yaml
@@ -183,3 +183,63 @@ endpoints:
scheme: 'http'
port:
api: 8776
+
+resources:
+ enabled: false
+ cinder_api:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ cinder_scheduler:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ cinder_volume:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ cinder_db_init:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ cinder_db_sync:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ cinder_ks_endpoints:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ cinder_ks_service:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ cinder_ks_user:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+
diff --git a/common/templates/_funcs.tpl b/common/templates/_funcs.tpl
index fe6c9a675e..d3a25177ce 100644
--- a/common/templates/_funcs.tpl
+++ b/common/templates/_funcs.tpl
@@ -1,4 +1,4 @@
-{{- define "joinListWithColon" -}}
+{{- define "joinListWithComma" -}}
{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }}
{{- end -}}
diff --git a/common/templates/snippets/_k8s_init_dep_check.tpl b/common/templates/snippets/_k8s_init_dep_check.tpl
new file mode 100644
index 0000000000..4deb1b762c
--- /dev/null
+++ b/common/templates/snippets/_k8s_init_dep_check.tpl
@@ -0,0 +1,49 @@
+{{- define "dep_check_init_cont" -}}
+{{- $envAll := index . 0 -}}
+{{- $deps := index . 1 -}}
+{
+ "name": "init",
+ "image": {{ $envAll.Values.images.dep_check | quote }},
+ "imagePullPolicy": {{ $envAll.Values.images.pull_policy | quote }},
+ "env": [
+ {
+ "name": "POD_NAME",
+ "valueFrom": {
+ "fieldRef": {
+ "APIVersion": "v1",
+ "fieldPath": "metadata.name"
+ }
+ }
+ },
+ {
+ "name": "NAMESPACE",
+ "valueFrom": {
+ "fieldRef": {
+ "APIVersion": "v1",
+ "fieldPath": "metadata.namespace"
+ }
+ }
+ },
+ {
+ "name": "INTERFACE_NAME",
+ "value": "eth0"
+ },
+ {
+ "name": "DEPENDENCY_SERVICE",
+ "value": "{{ include "joinListWithComma" $deps.service }}"
+ },
+ {
+ "name": "DEPENDENCY_JOBS",
+ "value": "{{ include "joinListWithComma" $deps.jobs }}"
+ },
+ {
+ "name": "DEPENDENCY_DAEMONSET",
+ "value": "{{ include "joinListWithComma" $deps.daemonset }}"
+ },
+ {
+ "name": "COMMAND",
+ "value": "echo done"
+ }
+ ]
+}
+{{- end -}}
diff --git a/docs/README.md b/docs/README.md
new file mode 100644
index 0000000000..fe214b6d85
--- /dev/null
+++ b/docs/README.md
@@ -0,0 +1,51 @@
+# Openstack-Helm Documentation
+
+
+## Table of Contents
+
+## 1. [Openstack-Helm Design Principles]()
+### 1.1 [Mission](mission.md)
+##### 1.1.1 [Resiliency](mission.md#resiliency)
+##### 1.1.2 [Scaling](mission.md#scaling)
+### 1.2 [Helm Overrides]()
+##### 1.2.1 [Resource Limits]()
+##### 1.2.2 [Conditionals]()
+### 1.3 [Init-Containers]()
+##### 1.3.1 [Dependency Checking]()
+### 1.4 [Kubernetes Jobs]()
+##### 1.4.1 [Service Registration]()
+##### 1.4.2 [User Registration]()
+##### 1.4.3 [Database Creation]()
+##### 1.4.4 [Database Migration]()
+### 1.5 [Complimentary Efforts]()
+#### 1.5.1 [Image-Based Project Considerations]()
+### 1.6 [Kubernetes State]()
+#### 1.6.1 [Third Party Resources]()
+#### 1.6.2 [Add-Ons]()
+## 2. [Repository Structure]()
+### 2.1 [Infrastructure Components]()
+### 2.2 [Openstack-Helm Core Services]()
+### 2.3 [Openstack-Helm Add-Ons]()
+## 3. [Operator Resources]()
+### 3.1 [Installation](https://github.com/att-comdev/openstack-helm/blob/master/docs/installation/getting-started.md)
+### 3.2 [Openstack-Helm Chart Definition Overrides]()
+### 3.2 [Openstacak-Helm Upgrades]()
+## 4. [Openstack-Helm Networking]()
+### 4.1 [Kubernetes Control Plane]()
+#### 4.1.1 [CNI SDN Considerations]()
+#### 4.1.2 [Calico Networking]()
+### 4.2 [Ingress Philosophy]()
+### 4.3 [Openstack Networking]()
+#### 4.3.1 [Flat Networking]()
+#### 4.3.1 [L2 Networking]()
+## 5. [Security Guidelines]()
+### 5.1 [Network Policies]()
+### 5.2 [Advanced Network Policies]()
+### 5.3 [Role-Based Access Controls]()
+### 5.4 [Security Contexts]()
+### 5.5 [Security Add-Ons]()
+## 6. [Developer Resources](https://github.com/att-comdev/openstack-helm/tree/master/docs/developer)
+### 6.1 [Contributions and Guidelines]()
+### 6.2 [Development Tools]()
+#### 6.2.1 [Minikube Development](https://github.com/att-comdev/openstack-helm/blob/master/docs/developer/minikube.md)
+### 6.3 [Tips and Considerations]()
diff --git a/docs/developer/minikube.md b/docs/developer/minikube.md
index 1058a984ed..7833ceb7a0 100644
--- a/docs/developer/minikube.md
+++ b/docs/developer/minikube.md
@@ -3,7 +3,9 @@
Community development is extremely important to us. As an open source development team, we want the development of Openstack-Helm to be an easy experience. Please evaluate, and make recommendations. We want developers to feel welcome to contribute to this project. Below are some instructions and suggestions to help you get started.
# Requirements
-We've tried to minimize the number of prerequisites required in order to get started. The main prerequisite is to install the most recent versions of Minikube and Helm.
+We've tried to minimize the number of prerequisites required in order to get started. For most users, the main prerequisites are to install the most recent versions of Minikube and Helm. For fresh installations, you may also need to install a Hypervisor that works for your system (that is supported by [Minikube](https://kubernetes.io/docs/getting-started-guides/minikube/#requirements)).
+
+**Kubectl:** Download and install the version of [`kubectl`](https://kubernetes.io/docs/getting-started-guides/kubectl/) that matches your Kubernetes deployment.
**Kubernetes Minikube:**
Ensure that you have installed a recent version of [Kubernetes/Minikube](http://kubernetes.io/docs/getting-started-guides/minikube/).
@@ -19,6 +21,57 @@ $ chmod 700 get_helm.sh
$ ./get_helm.sh
```
+# TLDR;
+
+If your environment meets all of the prerequisites above, you can simply use the following commands:
+
+```
+# Clone the project:
+git clone https://github.com/att-comdev/openstack-helm.git && cd openstack-helm
+
+# Get a list of the current tags:
+git tag -l
+
+# Checkout the tag you want to work with (if desired, or use master for development):
+git checkout 0.1.0
+
+# Start a local Helm Server:
+helm serve &
+
+# You may need to change these params for your environment. Look up use of --iso-url if needed:
+minikube start \
+ --network-plugin=cni \
+ --kubernetes-version v1.5.1 \
+ --disk-size 40g \
+ --memory 16384 \
+ --cpus 4 \
+ --vm-driver kvm \
+ --iso-url=https://storage.googleapis.com/minikube/iso/minikube-v1.0.4.iso
+
+# Deploy a CNI/SDN:
+kubectl create -f http://docs.projectcalico.org/v2.0/getting-started/kubernetes/installation/hosted/calico.yaml
+
+# Initialize Helm/Deploy Tiller:
+helm init
+
+# Package the Openstack-Helm Charts, and push them to your local Helm repository:
+make
+
+# Label the Minikube as an Openstack Control Plane node:
+kubectl label nodes openstack-control-plane=enabled --all --namespace=openstack
+
+# Deploy each chart:
+helm install --name mariadb --set development.enabled=true local/mariadb --namespace=openstack
+helm install --name=memcached local/memcached --namespace=openstack
+helm install --name=rabbitmq local/rabbitmq --namespace=openstack
+helm install --name=keystone local/keystone --namespace=openstack
+helm install --name=cinder local/cinder --namespace=openstack
+helm install --name=glance local/glance --namespace=openstack
+helm install --name=heat local/heat --namespace=openstack
+helm install --name=nova local/nova --namespace=openstack
+helm install --name=neutron local/neutron --namespace=openstack
+helm install --name=horizon local/horizon --namespace=openstack
+```
# Getting Started
diff --git a/docs/installation/getting-started.md b/docs/installation/getting-started.md
index 230fad3e3c..a0d261720e 100644
--- a/docs/installation/getting-started.md
+++ b/docs/installation/getting-started.md
@@ -190,11 +190,17 @@ Please ensure that you have verified and completed the steps above to prevent is
Although Ceph is mentioned throughout this guide, our deployment is flexible to allow you the option of bringing any type of persistent storage. Although most of these verification steps are the same, if not very similar, we will use Ceph as our example throughout this guide.
## Node Labels
-First, we must label our nodes according to their role. Although we are labeling `all` nodes, you are free to label only the nodes you wish. You must have at least one, although a minimum of three are recommended.
+First, we must label our nodes according to their role. Although we are labeling `all` nodes, you are free to label only the nodes you wish. You must have at least one, although a minimum of three are recommended. Nodes are labeled according to their Openstack roles:
+
+**Storage Nodes:** `ceph-storage`
+**Control Plane:** `openstack-control-plane`
+**Compute Nodes:** `openvswitch`, `openstack-compute-node`
```
admin@kubenode01:~$ kubectl label nodes openstack-control-plane=enabled --all
admin@kubenode01:~$ kubectl label nodes ceph-storage=enabled --all
+admin@kubenode01:~$ kubectl label nodes openvswitch=enabled --all
+admin@kubenode01:~$ kubectl label nodes openstack-compute-node=enabled --all
```
## Obtaining the Project
@@ -262,7 +268,7 @@ Please ensure that you use ``--purge`` whenever deleting a project.
## Ceph Installation and Verification
Install the first service, which is Ceph. If all instructions have been followed as mentioned above, this installation should go smoothly. Use the following command to install Ceph:
```
-admin@kubenode01:~$ helm install --name=ceph local/ceph --namespace=ceph
+admin@kubenode01:~$ helm install --set network.public=$osd_public_network --name=ceph local/ceph --namespace=ceph
```
## Bootstrap Installation
diff --git a/docs/mission.md b/docs/mission.md
new file mode 100644
index 0000000000..b39a809f90
--- /dev/null
+++ b/docs/mission.md
@@ -0,0 +1,24 @@
+# Mission
+
+The goal for openstack-helm is to provide an incredibly customizable *framework* for operators and developers alike. This framework will enable end-users to deploy, maintain, and upgrade a fully functioning OpenStack environment for both simple and complex environments. Administrators or developers can either deploy all or individual OpenStack components along with their required dependencies. It heavily borrows concepts from [Stackanetes](https://github.com/stackanetes/stackanetes) and [other complex Helm application deployments](https://github.com/sapcc/openstack-helm). This project is meant to be a collaborative project that brings Openstack applications into a [Cloud-Native](https://www.cncf.io/about/charter) model.
+
+## Resiliency
+
+One of the goals of this project is to produce a set of charts that can be used in a production setting to deploy and upgrade OpenStack. To achieve this goal, all components must be resilient, including both OpenStack and Infrastructure components leveraged by this project. In addition, this also includes Kubernetes itself. It is part of our mission to ensure that all infrastructure components are highly available and that a deployment can withstand a physical host failure out of the box. This means that:
+
+- OpenStack components need to support and deploy with multiple replicas out of the box to ensure that each chart is deployed as a single-unit production ready first class citizen (unless development mode is enabled).
+- Infrastructure elements such as Ceph, RabbitMQ, Galera (MariaDB), Memcached, and all others need to support resiliency and leverage multiple replicas for resiliency where applicable. These components also need to validate that their application level configurations (for instance the underlying Galera cluster) can tolerate host crashes and withstand physical host failures.
+- Scheduling annotations need to be employed to ensure maximum resiliency for multi-host environments. They also need to be flexible to allow all-in-one deployments. To this end, we promote the usage of `podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution` for most infrastructure elements.
+- We make the assumption that we can depend on a reliable implementation of centralized storage to create PVCs within Kubernetes to support resiliency and complex application design. Today, this is provided by the included Ceph chart. There is much work to do when making even a single backend production ready. We have chosen to focus on bringing Ceph into a production ready state, which includes handling real world deployment scenarios, resiliency, and pool configurations. In the future we would like to support more options for hardened backend PVC's. In the future, we would like to offer flexibility in choosing a hardened backend.
+- We will document the best practices for running a resilient Kubernetes cluster in production. This includes documenting the steps necessary to make all components resilient, such as Etcd and SkyDNS where possible, and point out gaps due to missing features.
+
+## Scaling
+
+Scaling is another first class citizen in openstack-helm. We will be working to ensure that we support various deployment models that can support hyperscale, such as:
+
+- Ensuring that by default, clusters include multiple replicas to verify that scaling issues are identified early and often (unless development mode is enabled).
+- Ensuring that every chart can support more then one replica and allowing operators to override those replica counts. For some applications, this means that they support clustering.
+- Ensuring clustering style applications are not limited to fixed replica counts. For instance, we want to ensure that we can support n=Galera members and have those scale linearly, within reason, as opposed to only supporting a fixed count.
+- Duplicate charts of the same type within the same namespace. For example, deploying rabbitmq twice, to the openstack namespace resulting in two fully functioning clusters.
+- Allowing charts to be deployed to a diverse set of namespaces. For example, allowing infrastructure to be deployed in one namespace and OpenStack in another, or deploying each chart in its own namespace.
+- Supporting hyperscale configurations that call for per-component infrastructure, such as a dedicated database and RabbitMQ solely for Ceilometer, or even dedicated infrastructure(s) for every component you deploy. It is unique, large scale deployment designs such as this that only become practical under a Kubernetes/Container framework and we want to ensure that we can support them.
diff --git a/glance/templates/api.yaml b/glance/templates/api.yaml
deleted file mode 100644
index 53e9cc77b0..0000000000
--- a/glance/templates/api.yaml
+++ /dev/null
@@ -1,90 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: glance-api
-spec:
- replicas: {{ .Values.replicas }}
- revisionHistoryLimit: {{ .Values.upgrades.revision_history }}
- strategy:
- type: {{ .Values.upgrades.pod_replacement_strategy }}
- {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }}
- rollingUpdate:
- maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }}
- maxSurge: {{ .Values.upgrades.rolling_update.max_surge }}
- {{ end }}
- template:
- metadata:
- labels:
- app: glance-api
- annotations:
- pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0",
- "imagePullPolicy": "{{ .Values.images.pull_policy }}",
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
- ]'
- spec:
- nodeSelector:
- {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
-
- containers:
- - name: glance-api
- image: {{ .Values.images.api }}
- imagePullPolicy: {{ .Values.images.pull_policy }}
- command:
- - bash
- - /tmp/start.sh
- ports:
- - containerPort: {{ .Values.network.port.api }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.network.port.api }}
- volumeMounts:
- - name: glanceapiconf
- mountPath: /etc/glance/glance-api.conf
- subPath: glance-api.conf
- - name: startsh
- mountPath: /tmp/start.sh
- subPath: start.sh
- - name: etcglance
- mountPath: /etc/glance
- - name: cephconf
- mountPath: /etc/ceph/ceph.conf
- subPath: ceph.conf
- - name: cephclientglancekeyring
- mountPath: /etc/ceph/ceph.client.{{ .Values.ceph.glance_user }}.keyring
- subPath: ceph.client.{{ .Values.ceph.glance_user }}.keyring
- volumes:
- - name: glanceapiconf
- configMap:
- name: glance-glanceapiconf
- - name: startsh
- configMap:
- name: glance-startsh
- - name: cephconf
- configMap:
- name: glance-cephconf
- - name: cephclientglancekeyring
- configMap:
- name: glance-cephclientglancekeyring
- - name: etcglance
- emptyDir: {}
diff --git a/glance/templates/bin/_init.sh.tpl b/glance/templates/bin/_init.sh.tpl
new file mode 100644
index 0000000000..9c0daef9b4
--- /dev/null
+++ b/glance/templates/bin/_init.sh.tpl
@@ -0,0 +1,17 @@
+#!/bin/bash
+set -ex
+export HOME=/tmp
+
+ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' \
+login_port='{{ .Values.database.port }}' \
+login_user='{{ .Values.database.root_user }}' \
+login_password='{{ .Values.database.root_password }}' \
+name='{{ .Values.database.glance_database_name }}'"
+
+ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' \
+login_port='{{ .Values.database.port }}' \
+login_user='{{ .Values.database.root_user }}' \
+login_password='{{ .Values.database.root_password }}' \
+name='{{ .Values.database.glance_user }}' \
+password='{{ .Values.database.glance_password }}' \
+host='%' priv='{{ .Values.database.glance_database_name }}.*:ALL' append_privs='yes'"
diff --git a/glance/templates/bin/_post.sh.tpl b/glance/templates/bin/_post.sh.tpl
new file mode 100644
index 0000000000..d46e924974
--- /dev/null
+++ b/glance/templates/bin/_post.sh.tpl
@@ -0,0 +1,42 @@
+#!/bin/bash
+set -ex
+export HOME=/tmp
+
+ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \
+service_type=image \
+description='Openstack Image' \
+endpoint_region='{{ .Values.keystone.glance_region_name }}' \
+url='{{ include "endpoint_glance_api_internal" . }}' \
+interface=admin \
+region_name='{{ .Values.keystone.admin_region_name }}' \
+auth='{{ include "keystone_auth" . }}'" \
+-e "{'openstack_glance_auth': {{ include "keystone_auth" . }}}"
+
+ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \
+service_type=image \
+description='Openstack Image' \
+endpoint_region='{{ .Values.keystone.glance_region_name }}' \
+url='{{ include "endpoint_glance_api_internal" . }}' \
+interface=internal \
+region_name='{{ .Values.keystone.admin_region_name }}' \
+auth='{{ include "keystone_auth" . }}'" \
+-e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }"
+
+ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \
+service_type=image \
+description='Openstack Image' \
+endpoint_region='{{ .Values.keystone.glance_region_name }}' \
+url='{{ include "endpoint_glance_api_internal" . }}' \
+interface=public \
+region_name='{{ .Values.keystone.admin_region_name }}' \
+auth='{{ include "keystone_auth" . }}'" \
+-e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }"
+
+ansible localhost -vvv -m kolla_keystone_user -a "project=service \
+user={{ .Values.keystone.glance_user }} \
+password={{ .Values.keystone.glance_password }} \
+role=admin \
+region_name={{ .Values.keystone.admin_region_name }} \
+auth='{{ include "keystone_auth" . }}'" \
+-e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }"
+
diff --git a/glance/templates/ceph.client.glance.keyring.yaml b/glance/templates/ceph.client.glance.keyring.yaml
deleted file mode 100644
index 915324809b..0000000000
--- a/glance/templates/ceph.client.glance.keyring.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: glance-cephclientglancekeyring
-data:
- ceph.client.{{ .Values.ceph.glance_user }}.keyring: |+
- [client.{{ .Values.ceph.glance_user }}]
- {{- if .Values.ceph.glance_keyring }}
- key = {{ .Values.ceph.glance_keyring }}
- {{- else }}
- key = {{- include "secrets/ceph-client-key" . -}}
- {{- end }}
-
diff --git a/glance/templates/ceph.conf.yaml b/glance/templates/ceph.conf.yaml
deleted file mode 100644
index 3c3aed3074..0000000000
--- a/glance/templates/ceph.conf.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: glance-cephconf
-data:
- ceph.conf: |+
- [global]
- rgw_thread_pool_size = 1024
- rgw_num_rados_handles = 100
- {{- if .Values.ceph.monitors }}
- [mon]
- {{ range .Values.ceph.monitors }}
- [mon.{{ . }}]
- host = {{ . }}
- mon_addr = {{ . }}
- {{ end }}
- {{- else }}
- mon_host = ceph-mon.ceph
- {{- end }}
- [client]
- rbd_cache_enabled = true
- rbd_cache_writethrough_until_flush = true
-
diff --git a/glance/templates/configmap-bin.yaml b/glance/templates/configmap-bin.yaml
new file mode 100644
index 0000000000..fe1e9d9858
--- /dev/null
+++ b/glance/templates/configmap-bin.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: glance-bin
+data:
+ init.sh: |+
+{{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }}
+ post.sh: |+
+{{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }}
diff --git a/glance/templates/configmap-etc.yaml b/glance/templates/configmap-etc.yaml
new file mode 100644
index 0000000000..ae34308b9a
--- /dev/null
+++ b/glance/templates/configmap-etc.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: glance-etc
+data:
+ ceph.conf: |+
+{{ tuple "etc/_ceph.conf.tpl" . | include "template" | indent 4 }}
+ ceph.client.{{ .Values.ceph.glance_user }}.keyring: |+
+{{ tuple "etc/_ceph.client.glance.keyring.tpl" . | include "template" | indent 4 }}
+ glance-api.conf: |+
+{{ tuple "etc/_glance-api.conf.tpl" . | include "template" | indent 4 }}
+ glance-api-paste.ini: |+
+{{ tuple "etc/_glance-api-paste.ini.tpl" . | include "template" | indent 4 }}
+ glance-registry.conf: |+
+{{ tuple "etc/_glance-registry.conf.tpl" . | include "template" | indent 4 }}
+ glance-registry-paste.ini: |+
+{{ tuple "etc/_glance-registry-paste.ini.tpl" . | include "template" | indent 4 }}
+ policy.json: |+
+{{ tuple "etc/_policy.json.tpl" . | include "template" | indent 4 }}
diff --git a/glance/templates/db-sync.sh.yaml b/glance/templates/db-sync.sh.yaml
deleted file mode 100644
index 78a95b4cd4..0000000000
--- a/glance/templates/db-sync.sh.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: glance-dbsyncsh
-data:
- db-sync.sh: |+
- #!/bin/bash
- set -ex
-
- glance-manage db_sync
diff --git a/glance/templates/db-sync.yaml b/glance/templates/db-sync.yaml
deleted file mode 100644
index fe0c1f56a3..0000000000
--- a/glance/templates/db-sync.yaml
+++ /dev/null
@@ -1,58 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: glance-db-sync
-spec:
- template:
- metadata:
- annotations:
- pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0",
- "imagePullPolicy": "{{ .Values.images.pull_policy }}",
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
- ]'
- spec:
- restartPolicy: OnFailure
- nodeSelector:
- {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
- containers:
- - name: glance-db-sync
- image: {{ .Values.images.db_sync }}
- imagePullPolicy: {{ .Values.images.pull_policy }}
- command:
- - bash
- - /tmp/db-sync.sh
- volumeMounts:
- - name: glanceapiconf
- mountPath: /etc/glance/glance-api.conf
- subPath: glance-api.conf
- - name: dbsyncsh
- mountPath: /tmp/db-sync.sh
- subPath: db-sync.sh
- volumes:
- - name: glanceapiconf
- configMap:
- name: glance-glanceapiconf
- - name: dbsyncsh
- configMap:
- name: glance-dbsyncsh
diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml
new file mode 100644
index 0000000000..aea5b40841
--- /dev/null
+++ b/glance/templates/deployment-api.yaml
@@ -0,0 +1,107 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.api }}
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: glance-api
+spec:
+{{- if .Values.development.enabled }}
+ replicas: 1
+{{- else }}
+ replicas: {{ .Values.replicas.api }}
+{{- end }}
+ revisionHistoryLimit: {{ .Values.upgrades.revision_history }}
+ strategy:
+ type: {{ .Values.upgrades.pod_replacement_strategy }}
+ {{ if eq .Values.upgrades.pod_replacement_strategy "RollingUpdate" }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }}
+ maxSurge: {{ .Values.upgrades.rolling_update.max_surge }}
+ {{ end }}
+ template:
+ metadata:
+ labels:
+ app: glance-api
+ annotations:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
+ pod.beta.kubernetes.io/init-containers: '[
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
+ ]'
+ spec:
+ nodeSelector:
+ {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
+ containers:
+ - name: glance-api
+ image: {{ .Values.images.api }}
+ imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.api.limits.cpu | quote }}
+ memory: {{ .Values.resources.api.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.api.requests.cpu | quote }}
+ memory: {{ .Values.resources.api.requests.memory | quote }}
+ {{- end }}
+ command:
+ - glance-api
+ - --config-file
+ - /etc/glance/glance-api.conf
+ ports:
+ - containerPort: {{ .Values.network.port.api }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.network.port.api }}
+ volumeMounts:
+ - name: etcglance
+ mountPath: /etc/glance
+ - name: glanceapiconf
+ mountPath: /etc/glance/glance-api.conf
+ subPath: glance-api.conf
+ readOnly: true
+ - name: glanceapipaste
+ mountPath: /etc/glance/glance-api-paste.ini
+ subPath: glance-api-paste.ini
+ readOnly: true
+ - name: glancepolicy
+ mountPath: /etc/glance/policy.json
+ subPath: policy.json
+ readOnly: true
+{{- if .Values.development.enabled }}
+ - name: glance-data
+ mountPath: /var/lib/glance/images
+{{- else }}
+ - name: cephconf
+ mountPath: /etc/ceph/ceph.conf
+ subPath: ceph.conf
+ readOnly: true
+ - name: cephclientglancekeyring
+ mountPath: /etc/ceph/ceph.client.{{ .Values.ceph.glance_user }}.keyring
+ subPath: ceph.client.{{ .Values.ceph.glance_user }}.keyring
+ readOnly: true
+{{- end }}
+ volumes:
+ - name: glanceapiconf
+ configMap:
+ name: glance-etc
+ - name: glanceapipaste
+ configMap:
+ name: glance-etc
+{{- if .Values.development.enabled }}
+ - name: glance-data
+ hostPath:
+ path: {{ .Values.development.storage_path }}
+{{- else }}
+ - name: cephconf
+ configMap:
+ name: glance-etc
+ - name: cephclientglancekeyring
+ configMap:
+ name: glance-etc
+{{- end }}
+ - name: etcglance
+ emptyDir: {}
+ - name: glancepolicy
+ configMap:
+ name: glance-etc
diff --git a/glance/templates/deployment-registry.yaml b/glance/templates/deployment-registry.yaml
new file mode 100644
index 0000000000..f83530a1bf
--- /dev/null
+++ b/glance/templates/deployment-registry.yaml
@@ -0,0 +1,74 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.registry }}
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: glance-registry
+spec:
+{{- if .Values.development.enabled }}
+ replicas: 1
+{{- else }}
+ replicas: {{ .Values.replicas.registry }}
+{{- end }}
+ template:
+ metadata:
+ labels:
+ app: glance-registry
+ annotations:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
+ pod.beta.kubernetes.io/init-containers: '[
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
+ ]'
+ spec:
+ nodeSelector:
+ {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
+ containers:
+ - name: glance-registry
+ image: {{ .Values.images.registry }}
+ imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.registry.limits.cpu | quote }}
+ memory: {{ .Values.resources.registry.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.registry.requests.cpu | quote }}
+ memory: {{ .Values.resources.registry.requests.memory | quote }}
+ {{- end }}
+ command:
+ - glance-registry
+ - --config-file
+ - /etc/glance/glance-registry.conf
+ ports:
+ - containerPort: {{ .Values.network.port.registry }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.network.port.registry }}
+ volumeMounts:
+ - name: etcglance
+ mountPath: /etc/glance
+ - name: glanceregistryconf
+ mountPath: /etc/glance/glance-registry.conf
+ subPath: glance-registry.conf
+ readOnly: true
+ - name: glanceregistrypaste
+ mountPath: /etc/glance/glance-registry-paste.ini
+ subPath: glance-registry-paste.ini
+ readOnly: true
+ - name: glancepolicy
+ mountPath: /etc/glance/policy.json
+ subPath: policy.json
+ readOnly: true
+ volumes:
+ - name: etcglance
+ emptyDir: {}
+ - name: glanceregistryconf
+ configMap:
+ name: glance-etc
+ - name: glanceregistrypaste
+ configMap:
+ name: glance-etc
+ - name: glancepolicy
+ configMap:
+ name: glance-etc
diff --git a/glance/templates/etc/_ceph.client.glance.keyring.tpl b/glance/templates/etc/_ceph.client.glance.keyring.tpl
new file mode 100644
index 0000000000..4f625b2ba6
--- /dev/null
+++ b/glance/templates/etc/_ceph.client.glance.keyring.tpl
@@ -0,0 +1,6 @@
+[client.{{ .Values.ceph.glance_user }}]
+{{- if .Values.ceph.glance_keyring }}
+ key = {{ .Values.ceph.glance_keyring }}
+{{- else }}
+ key = {{- include "secrets/ceph-client-key" . -}}
+{{- end }}
diff --git a/glance/templates/etc/_ceph.conf.tpl b/glance/templates/etc/_ceph.conf.tpl
new file mode 100644
index 0000000000..7d2576bf65
--- /dev/null
+++ b/glance/templates/etc/_ceph.conf.tpl
@@ -0,0 +1,16 @@
+[global]
+rgw_thread_pool_size = 1024
+rgw_num_rados_handles = 100
+{{- if .Values.ceph.monitors }}
+[mon]
+{{ range .Values.ceph.monitors }}
+ [mon.{{ . }}]
+ host = {{ . }}
+ mon_addr = {{ . }}
+{{ end }}
+{{- else }}
+mon_host = ceph-mon.ceph
+{{- end }}
+[client]
+ rbd_cache_enabled = true
+ rbd_cache_writethrough_until_flush = true
diff --git a/glance/templates/etc/_glance-api-paste.ini.tpl b/glance/templates/etc/_glance-api-paste.ini.tpl
new file mode 100644
index 0000000000..687902743a
--- /dev/null
+++ b/glance/templates/etc/_glance-api-paste.ini.tpl
@@ -0,0 +1,90 @@
+# Use this pipeline for no auth or image caching - DEFAULT
+[pipeline:glance-api]
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context rootapp
+
+# Use this pipeline for image caching and no auth
+[pipeline:glance-api-caching]
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache rootapp
+
+# Use this pipeline for caching w/ management interface but no auth
+[pipeline:glance-api-cachemanagement]
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
+
+# Use this pipeline for keystone auth
+[pipeline:glance-api-keystone]
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context rootapp
+
+# Use this pipeline for keystone auth with image caching
+[pipeline:glance-api-keystone+caching]
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context cache rootapp
+
+# Use this pipeline for keystone auth with caching and cache management
+[pipeline:glance-api-keystone+cachemanagement]
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context cache cachemanage rootapp
+
+# Use this pipeline for authZ only. This means that the registry will treat a
+# user as authenticated without making requests to keystone to reauthenticate
+# the user.
+[pipeline:glance-api-trusted-auth]
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context rootapp
+
+# Use this pipeline for authZ only. This means that the registry will treat a
+# user as authenticated without making requests to keystone to reauthenticate
+# the user and uses cache management
+[pipeline:glance-api-trusted-auth+cachemanagement]
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context cache cachemanage rootapp
+
+[composite:rootapp]
+paste.composite_factory = glance.api:root_app_factory
+/: apiversions
+/v1: apiv1app
+/v2: apiv2app
+
+[app:apiversions]
+paste.app_factory = glance.api.versions:create_resource
+
+[app:apiv1app]
+paste.app_factory = glance.api.v1.router:API.factory
+
+[app:apiv2app]
+paste.app_factory = glance.api.v2.router:API.factory
+
+[filter:healthcheck]
+paste.filter_factory = oslo_middleware:Healthcheck.factory
+backends = disable_by_file
+disable_by_file_path = /etc/glance/healthcheck_disable
+
+[filter:versionnegotiation]
+paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
+
+[filter:cache]
+paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory
+
+[filter:cachemanage]
+paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory
+
+[filter:context]
+paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
+
+[filter:unauthenticated-context]
+paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+delay_auth_decision = true
+
+[filter:gzip]
+paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
+
+[filter:osprofiler]
+paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
+hmac_keys = SECRET_KEY #DEPRECATED
+enabled = yes #DEPRECATED
+
+[filter:cors]
+paste.filter_factory = oslo_middleware.cors:filter_factory
+oslo_config_project = glance
+oslo_config_program = glance-api
+
+[filter:http_proxy_to_wsgi]
+paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory
diff --git a/glance/templates/etc/_glance-api.conf.tpl b/glance/templates/etc/_glance-api.conf.tpl
new file mode 100644
index 0000000000..84134e653a
--- /dev/null
+++ b/glance/templates/etc/_glance-api.conf.tpl
@@ -0,0 +1,44 @@
+[DEFAULT]
+debug = {{ .Values.misc.debug }}
+use_syslog = False
+use_stderr = True
+
+bind_port = {{ .Values.network.port.api }}
+workers = {{ .Values.misc.workers }}
+registry_host = glance-registry
+# Enable Copy-on-Write
+show_image_direct_url = True
+
+[database]
+connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }}
+max_retries = -1
+
+[keystone_authtoken]
+auth_uri = {{ .Values.keystone.auth_uri }}
+auth_url = {{ .Values.keystone.auth_url }}
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ .Values.keystone.glance_user }}
+password = {{ .Values.keystone.glance_password }}
+
+[paste_deploy]
+flavor = keystone
+
+[oslo_messaging_notifications]
+driver = noop
+
+[glance_store]
+filesystem_store_datadir = /var/lib/glance/images/
+{{- if .Values.development.enabled }}
+stores = file, http
+default_store = file
+{{- else }}
+stores = file, http, rbd
+default_store = rbd
+rbd_store_pool = {{ .Values.ceph.glance_pool }}
+rbd_store_user = {{ .Values.ceph.glance_user }}
+rbd_store_ceph_conf = /etc/ceph/ceph.conf
+rbd_store_chunk_size = 8
+{{- end }}
diff --git a/glance/templates/etc/_glance-registry-paste.ini.tpl b/glance/templates/etc/_glance-registry-paste.ini.tpl
new file mode 100644
index 0000000000..492dbc6f53
--- /dev/null
+++ b/glance/templates/etc/_glance-registry-paste.ini.tpl
@@ -0,0 +1,35 @@
+# Use this pipeline for no auth - DEFAULT
+[pipeline:glance-registry]
+pipeline = healthcheck osprofiler unauthenticated-context registryapp
+
+# Use this pipeline for keystone auth
+[pipeline:glance-registry-keystone]
+pipeline = healthcheck osprofiler authtoken context registryapp
+
+# Use this pipeline for authZ only. This means that the registry will treat a
+# user as authenticated without making requests to keystone to reauthenticate
+# the user.
+[pipeline:glance-registry-trusted-auth]
+pipeline = healthcheck osprofiler context registryapp
+
+[app:registryapp]
+paste.app_factory = glance.registry.api:API.factory
+
+[filter:healthcheck]
+paste.filter_factory = oslo_middleware:Healthcheck.factory
+backends = disable_by_file
+disable_by_file_path = /etc/glance/healthcheck_disable
+
+[filter:context]
+paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
+
+[filter:unauthenticated-context]
+paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+
+[filter:osprofiler]
+paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
+hmac_keys = SECRET_KEY #DEPRECATED
+enabled = yes #DEPRECATED
diff --git a/glance/templates/etc/_glance-registry.conf.tpl b/glance/templates/etc/_glance-registry.conf.tpl
new file mode 100644
index 0000000000..9e4df8d9c1
--- /dev/null
+++ b/glance/templates/etc/_glance-registry.conf.tpl
@@ -0,0 +1,26 @@
+[DEFAULT]
+debug = {{ .Values.misc.debug }}
+use_syslog = False
+use_stderr = True
+bind_port = {{ .Values.network.port.registry }}
+workers = {{ .Values.misc.workers }}
+
+[database]
+connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }}
+max_retries = -1
+
+[keystone_authtoken]
+auth_uri = {{ .Values.keystone.auth_uri }}
+auth_url = {{ .Values.keystone.auth_url }}
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ .Values.keystone.glance_user }}
+password = {{ .Values.keystone.glance_password }}
+
+[paste_deploy]
+flavor = keystone
+
+[oslo_messaging_notifications]
+driver = noop
diff --git a/glance/templates/etc/_policy.json.tpl b/glance/templates/etc/_policy.json.tpl
new file mode 100644
index 0000000000..0a058c1c5d
--- /dev/null
+++ b/glance/templates/etc/_policy.json.tpl
@@ -0,0 +1,61 @@
+{
+ "context_is_admin": "role:admin",
+ "default": "role:admin",
+
+ "add_image": "",
+ "delete_image": "",
+ "get_image": "",
+ "get_images": "",
+ "modify_image": "",
+ "publicize_image": "role:admin",
+ "copy_from": "",
+
+ "download_image": "",
+ "upload_image": "",
+
+ "delete_image_location": "",
+ "get_image_location": "",
+ "set_image_location": "",
+
+ "add_member": "",
+ "delete_member": "",
+ "get_member": "",
+ "get_members": "",
+ "modify_member": "",
+
+ "manage_image_cache": "role:admin",
+
+ "get_task": "role:admin",
+ "get_tasks": "role:admin",
+ "add_task": "role:admin",
+ "modify_task": "role:admin",
+
+ "deactivate": "",
+ "reactivate": "",
+
+ "get_metadef_namespace": "",
+ "get_metadef_namespaces":"",
+ "modify_metadef_namespace":"",
+ "add_metadef_namespace":"",
+
+ "get_metadef_object":"",
+ "get_metadef_objects":"",
+ "modify_metadef_object":"",
+ "add_metadef_object":"",
+
+ "list_metadef_resource_types":"",
+ "get_metadef_resource_type":"",
+ "add_metadef_resource_type_association":"",
+
+ "get_metadef_property":"",
+ "get_metadef_properties":"",
+ "modify_metadef_property":"",
+ "add_metadef_property":"",
+
+ "get_metadef_tag":"",
+ "get_metadef_tags":"",
+ "modify_metadef_tag":"",
+ "add_metadef_tag":"",
+ "add_metadef_tags":""
+
+}
diff --git a/glance/templates/glance-api.conf.yaml b/glance/templates/glance-api.conf.yaml
deleted file mode 100644
index ee61d333ec..0000000000
--- a/glance/templates/glance-api.conf.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: glance-glanceapiconf
-data:
- glance-api.conf: |+
- [DEFAULT]
- debug = {{ .Values.misc.debug }}
- use_syslog = False
- use_stderr = True
-
- bind_port = {{ .Values.network.port.api }}
-
- workers = {{ .Values.misc.workers }}
- registry_host = {{ include "glance_registry_host" . }}
-
- # Enable Copy-on-Write
- show_image_direct_url = True
-
- [database]
- connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }}
- max_retries = -1
-
- [keystone_authtoken]
- auth_uri = {{ .Values.keystone.auth_uri }}
- auth_url = {{ .Values.keystone.auth_url }}
- auth_type = password
- project_domain_id = default
- user_domain_id = default
- project_name = service
- username = {{ .Values.keystone.glance_user }}
- password = {{ .Values.keystone.glance_password }}
-
- [paste_deploy]
- flavor = keystone
-
- [oslo_messaging_notifications]
- driver = noop
-
- [glance_store]
- filesystem_store_datadir = /var/lib/glance/images/
- stores = file, http, rbd
- default_store = rbd
- rbd_store_pool = {{ .Values.ceph.glance_pool }}
- rbd_store_user = {{ .Values.ceph.glance_user }}
- rbd_store_ceph_conf = /etc/ceph/ceph.conf
- rbd_store_chunk_size = 8
-
diff --git a/glance/templates/glance-registry.conf.yaml b/glance/templates/glance-registry.conf.yaml
deleted file mode 100644
index 81629caa46..0000000000
--- a/glance/templates/glance-registry.conf.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: glance-glanceregistryconf
-data:
- glance-registry.conf: |+
- [DEFAULT]
- debug = {{ .Values.misc.debug }}
- use_syslog = False
- use_stderr = True
-
- bind_port = {{ .Values.network.port.registry }}
-
- workers = {{ .Values.misc.workers }}
-
- [database]
- connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }}
- max_retries = -1
-
- [keystone_authtoken]
- auth_uri = {{ .Values.keystone.auth_uri }}
- auth_url = {{ .Values.keystone.auth_url }}
- auth_type = password
- project_domain_id = default
- user_domain_id = default
- project_name = service
- username = {{ .Values.keystone.glance_user }}
- password = {{ .Values.keystone.glance_password }}
-
- [paste_deploy]
- flavor = keystone
-
- [oslo_messaging_notifications]
- driver = noop
diff --git a/glance/templates/init.sh.yaml b/glance/templates/init.sh.yaml
deleted file mode 100644
index 8605f7c544..0000000000
--- a/glance/templates/init.sh.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: glance-initsh
-data:
- init.sh: |+
- #!/bin/bash
- set -ex
- export HOME=/tmp
-
- ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.glance_database_name }}'"
- ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.glance_user }}' password='{{ .Values.database.glance_password }}' host='%' priv='{{ .Values.database.glance_database_name }}.*:ALL' append_privs='yes'"
diff --git a/glance/templates/init.yaml b/glance/templates/init.yaml
deleted file mode 100644
index 48b97a7cbd..0000000000
--- a/glance/templates/init.yaml
+++ /dev/null
@@ -1,55 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: glance-init
-spec:
- template:
- metadata:
- annotations:
- pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0",
- "imagePullPolicy": "{{ .Values.images.pull_policy }}",
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.init.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.init.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
- ]'
- spec:
- restartPolicy: OnFailure
- nodeSelector:
- {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
- containers:
- - name: glance-init
- image: {{ .Values.images.init }}
- imagePullPolicy: {{ .Values.images.pull_policy }}
- env:
- - name: ANSIBLE_LIBRARY
- value: /usr/share/ansible/
- command:
- - bash
- - /tmp/init.sh
- volumeMounts:
- - name: initsh
- mountPath: /tmp/init.sh
- subPath: init.sh
- volumes:
- - name: initsh
- configMap:
- name: glance-initsh
diff --git a/glance/templates/job-db-init.yaml b/glance/templates/job-db-init.yaml
new file mode 100644
index 0000000000..20bff8ce26
--- /dev/null
+++ b/glance/templates/job-db-init.yaml
@@ -0,0 +1,44 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.init }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: glance-db-init
+spec:
+ template:
+ metadata:
+ annotations:
+ pod.beta.kubernetes.io/init-containers: '[
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
+ ]'
+ spec:
+ restartPolicy: OnFailure
+ nodeSelector:
+ {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
+ containers:
+ - name: glance-db-init
+ image: {{ .Values.images.db_init }}
+ imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.jobs.init.limits.cpu | quote }}
+ memory: {{ .Values.resources.jobs.init.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.jobs.init.requests.cpu | quote }}
+ memory: {{ .Values.resources.jobs.init.requests.memory | quote }}
+ {{- end }}
+ env:
+ - name: ANSIBLE_LIBRARY
+ value: /usr/share/ansible/
+ command:
+ - bash
+ - /tmp/init.sh
+ volumeMounts:
+ - name: initsh
+ mountPath: /tmp/init.sh
+ subPath: init.sh
+ volumes:
+ - name: initsh
+ configMap:
+ name: glance-bin
diff --git a/glance/templates/job-db-sync.yaml b/glance/templates/job-db-sync.yaml
new file mode 100644
index 0000000000..23914b2dbe
--- /dev/null
+++ b/glance/templates/job-db-sync.yaml
@@ -0,0 +1,41 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.db_sync }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: glance-db-sync
+spec:
+ template:
+ metadata:
+ annotations:
+ pod.beta.kubernetes.io/init-containers: '[
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
+ ]'
+ spec:
+ restartPolicy: OnFailure
+ nodeSelector:
+ {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
+ containers:
+ - name: glance-db-sync
+ image: {{ .Values.images.db_sync }}
+ imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.jobs.db.limits.cpu | quote }}
+ memory: {{ .Values.resources.jobs.db.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.jobs.db.requests.cpu | quote }}
+ memory: {{ .Values.resources.jobs.db.requests.memory | quote }}
+ {{- end }}
+ command:
+ - glance-manage
+ - db_sync
+ volumeMounts:
+ - name: glanceapiconf
+ mountPath: /etc/glance/glance-api.conf
+ subPath: glance-api.conf
+ volumes:
+ - name: glanceapiconf
+ configMap:
+ name: glance-etc
diff --git a/glance/templates/job-post.yaml b/glance/templates/job-post.yaml
new file mode 100644
index 0000000000..fbb011ae55
--- /dev/null
+++ b/glance/templates/job-post.yaml
@@ -0,0 +1,44 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.post }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: glance-post
+spec:
+ template:
+ metadata:
+ annotations:
+ pod.beta.kubernetes.io/init-containers: '[
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
+ ]'
+ spec:
+ nodeSelector:
+ {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
+ restartPolicy: OnFailure
+ containers:
+ - name: glance-post
+ image: {{ .Values.images.post }}
+ imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.jobs.post.limits.cpu | quote }}
+ memory: {{ .Values.resources.jobs.post.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.jobs.post.requests.cpu | quote }}
+ memory: {{ .Values.resources.jobs.post.requests.memory | quote }}
+ {{- end }}
+ command:
+ - bash
+ - /tmp/post.sh
+ volumeMounts:
+ - name: postsh
+ mountPath: /tmp/post.sh
+ subPath: post.sh
+ env:
+ - name: ANSIBLE_LIBRARY
+ value: /usr/share/ansible/
+ volumes:
+ - name: postsh
+ configMap:
+ name: glance-bin
diff --git a/glance/templates/post.sh.yaml b/glance/templates/post.sh.yaml
deleted file mode 100644
index 156b60d605..0000000000
--- a/glance/templates/post.sh.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: glance-postsh
-data:
- post.sh: |+
- #!/bin/bash
- set -ex
- export HOME=/tmp
-
- ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \
- service_type=image \
- description='Openstack Image' \
- endpoint_region='{{ .Values.keystone.glance_region_name }}' \
- url='{{ include "endpoint_glance_api_internal" . }}' \
- interface=admin \
- region_name='{{ .Values.keystone.admin_region_name }}' \
- auth='{{ include "keystone_auth" . }}'" \
- -e "{'openstack_glance_auth': {{ include "keystone_auth" . }}}"
-
- ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \
- service_type=image \
- description='Openstack Image' \
- endpoint_region='{{ .Values.keystone.glance_region_name }}' \
- url='{{ include "endpoint_glance_api_internal" . }}' \
- interface=internal \
- region_name='{{ .Values.keystone.admin_region_name }}' \
- auth='{{ include "keystone_auth" . }}'" \
- -e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }"
-
- ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \
- service_type=image \
- description='Openstack Image' \
- endpoint_region='{{ .Values.keystone.glance_region_name }}' \
- url='{{ include "endpoint_glance_api_internal" . }}' \
- interface=public \
- region_name='{{ .Values.keystone.admin_region_name }}' \
- auth='{{ include "keystone_auth" . }}'" \
- -e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }"
-
- ansible localhost -vvv -m kolla_keystone_user -a "project=service \
- user={{ .Values.keystone.glance_user }} \
- password={{ .Values.keystone.glance_password }} \
- role=admin \
- region_name={{ .Values.keystone.admin_region_name }} \
- auth='{{ include "keystone_auth" . }}'" \
- -e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }"
-
diff --git a/glance/templates/post.yaml b/glance/templates/post.yaml
deleted file mode 100644
index 4fe1c195bf..0000000000
--- a/glance/templates/post.yaml
+++ /dev/null
@@ -1,56 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: glance-post
-spec:
- template:
- metadata:
- annotations:
- pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0",
- "imagePullPolicy": "{{ .Values.images.pull_policy }}",
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.post.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.post.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
- ]'
- spec:
- nodeSelector:
- {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
- restartPolicy: OnFailure
- containers:
- - name: glance-post
- image: {{ .Values.images.post }}
- imagePullPolicy: {{ .Values.images.pull_policy }}
- command:
- - bash
- - /tmp/post.sh
- volumeMounts:
- - name: postsh
- mountPath: /tmp/post.sh
- subPath: post.sh
- env:
- - name: ANSIBLE_LIBRARY
- value: /usr/share/ansible/
- volumes:
- - name: postsh
- configMap:
- name: glance-postsh
-
diff --git a/glance/templates/registry.yaml b/glance/templates/registry.yaml
deleted file mode 100644
index 998d64ad32..0000000000
--- a/glance/templates/registry.yaml
+++ /dev/null
@@ -1,58 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: glance-registry
-spec:
- replicas: {{ .Values.replicas }}
- template:
- metadata:
- labels:
- app: glance-registry
- annotations:
- pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": "quay.io/stackanetes/kubernetes-entrypoint:v0.1.0",
- "imagePullPolicy": "{{ .Values.images.pull_policy }}",
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.registry.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.registry.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
- ]'
- spec:
- nodeSelector:
- {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
- containers:
- - name: glance-registry
- image: {{ .Values.images.registry }}
- imagePullPolicy: {{ .Values.images.pull_policy }}
- command:
- - glance-registry
- ports:
- - containerPort: {{ .Values.network.port.registry }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.network.port.registry }}
- volumeMounts:
- - name: glanceregistryconf
- mountPath: /etc/glance/glance-registry.conf
- subPath: glance-registry.conf
- volumes:
- - name: glanceregistryconf
- configMap:
- name: glance-glanceregistryconf
diff --git a/glance/templates/start.sh.yaml b/glance/templates/start.sh.yaml
deleted file mode 100644
index e9b3d40ec9..0000000000
--- a/glance/templates/start.sh.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: glance-startsh
-data:
- start.sh: |+
- #!/bin/bash
- set -ex
-
- cp `find / -not -path "/etc/*" -name glance-api-paste.ini` /etc/glance/
-
- glance-api
diff --git a/glance/values.yaml b/glance/values.yaml
index a3c6886a54..75678b5439 100644
--- a/glance/values.yaml
+++ b/glance/values.yaml
@@ -1,20 +1,27 @@
-# Default values for keystone.
+# Default values for glance.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
-replicas: 1
+replicas:
+ api: 1
+ registry: 1
+
+development:
+ enabled: false
+ storage_path: /data/openstack-helm/glance/images
labels:
node_selector_key: openstack-control-plane
node_selector_value: enabled
images:
+ db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
db_sync: quay.io/stackanetes/stackanetes-glance-api:newton
api: quay.io/stackanetes/stackanetes-glance-api:newton
- init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
registry: quay.io/stackanetes/stackanetes-glance-registry:newton
post: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0
pull_policy: "IfNotPresent"
upgrades:
@@ -65,10 +72,49 @@ misc:
workers: 8
debug: false
+resources:
+ enabled: false
+ api:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+ registry:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+ jobs:
+ db:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+ init:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+ post:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+
dependencies:
api:
jobs:
- - glance-init
+ - glance-db-init
- glance-db-sync
- keystone-db-sync
service:
@@ -76,7 +122,7 @@ dependencies:
- mariadb
registry:
jobs:
- - glance-init
+ - glance-db-init
- glance-db-sync
- keystone-db-sync
service:
@@ -85,9 +131,9 @@ dependencies:
- glance-api
db_sync:
jobs:
- - keystone-init
+ - keystone-db-init
- keystone-db-sync
- - glance-init
+ - glance-db-init
- mariadb-seed
service:
- mariadb
@@ -98,10 +144,10 @@ dependencies:
- mariadb
post:
jobs:
- - glance-init
+ - glance-db-init
- glance-db-sync
- keystone-db-sync
- - keystone-init
+ - keystone-db-init
- mariadb-seed
service:
- mariadb
@@ -109,7 +155,7 @@ dependencies:
- glance-api
- glance-registry
-# typically overriden by environmental
+# typically overriden by environmental
# values, but should include all endpoints
# required by this chart
endpoints:
@@ -131,4 +177,3 @@ endpoints:
port:
admin: 35357
public: 5000
-
diff --git a/heat/templates/deployment-api.yaml b/heat/templates/deployment-api.yaml
index 759571c4e3..dafbba9cda 100755
--- a/heat/templates/deployment-api.yaml
+++ b/heat/templates/deployment-api.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.api }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
@@ -10,29 +12,7 @@ spec:
app: heat-api
annotations:
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": {{ .Values.images.dep_check | quote }},
- "imagePullPolicy": {{ .Values.images.pull_policy | quote }},
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
nodeSelector:
@@ -41,6 +21,15 @@ spec:
- name: heat-api
image: {{ .Values.images.api }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.heat_api.requests.memory | quote }}
+ cpu: {{ .Values.resources.heat_api.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.heat_api.limits.memory | quote }}
+ cpu: {{ .Values.resources.heat_api.limits.cpu | quote }}
+ {{- end }}
command:
- heat-api
- --config-dir
diff --git a/heat/templates/deployment-cfn.yaml b/heat/templates/deployment-cfn.yaml
index 94d6d55e35..11d25b745a 100644
--- a/heat/templates/deployment-cfn.yaml
+++ b/heat/templates/deployment-cfn.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.cfn }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
@@ -10,29 +12,7 @@ spec:
app: heat-cfn
annotations:
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": {{ .Values.images.dep_check | quote }},
- "imagePullPolicy": {{ .Values.images.pull_policy | quote }},
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.cfn.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.cfn.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
nodeSelector:
@@ -41,6 +21,15 @@ spec:
- name: heat-cfn
image: {{ .Values.images.cfn }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.heat_cfn.requests.memory | quote }}
+ cpu: {{ .Values.resources.heat_cfn.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.heat_cfn.limits.memory | quote }}
+ cpu: {{ .Values.resources.heat_cfn.limits.cpu | quote }}
+ {{- end }}
command:
- heat-api-cfn
- --config-dir
diff --git a/heat/templates/deployment-cloudwatch.yaml b/heat/templates/deployment-cloudwatch.yaml
index d4753011c6..17b17fecd0 100644
--- a/heat/templates/deployment-cloudwatch.yaml
+++ b/heat/templates/deployment-cloudwatch.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.cloudwatch }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
@@ -10,29 +12,7 @@ spec:
app: heat-cloudwatch
annotations:
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": {{ .Values.images.dep_check | quote }},
- "imagePullPolicy": {{ .Values.images.pull_policy | quote }},
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.cloudwatch.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.cloudwatch.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
nodeSelector:
@@ -41,6 +21,15 @@ spec:
- name: heat-cloudwatch
image: {{ .Values.images.cloudwatch }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.heat_cloudwatch.requests.memory | quote }}
+ cpu: {{ .Values.resources.heat_cloudwatch.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.heat_cloudwatch.limits.memory | quote }}
+ cpu: {{ .Values.resources.heat_cloudwatch.limits.cpu | quote }}
+ {{- end }}
command:
- heat-api-cloudwatch
- --config-dir
diff --git a/heat/templates/etc/_heat.conf.tpl b/heat/templates/etc/_heat.conf.tpl
index e902fe7114..b268a6ecfd 100644
--- a/heat/templates/etc/_heat.conf.tpl
+++ b/heat/templates/etc/_heat.conf.tpl
@@ -80,3 +80,11 @@ region_name = {{ .Values.keystone.heat_trustee_region_name }}
user_domain_name = {{ .Values.keystone.heat_trustee_user_domain }}
username = {{ .Values.keystone.heat_trustee_user }}
password = {{ .Values.keystone.heat_trustee_password }}
+
+
+[clients]
+endpoint_type = internalURL
+
+[clients_keystone]
+endpoint_type = internalURL
+auth_uri = {{ include "endpoint_keystone_internal" . }}
diff --git a/heat/templates/job-db-init.yaml b/heat/templates/job-db-init.yaml
index de256fbdf0..4633c7af9c 100644
--- a/heat/templates/job-db-init.yaml
+++ b/heat/templates/job-db-init.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.init }}
apiVersion: batch/v1
kind: Job
metadata:
@@ -7,29 +9,7 @@ spec:
metadata:
annotations:
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": {{ .Values.images.dep_check | quote }},
- "imagePullPolicy": {{ .Values.images.pull_policy | quote }},
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.db_init.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.db_init.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
restartPolicy: OnFailure
@@ -39,6 +19,15 @@ spec:
- name: heat-db-init
image: {{ .Values.images.db_init | quote }}
imagePullPolicy: {{ .Values.images.pull_policy | quote }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.heat_db_init.requests.memory | quote }}
+ cpu: {{ .Values.resources.heat_db_init.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.heat_db_init.limits.memory | quote }}
+ cpu: {{ .Values.resources.heat_db_init.limits.cpu | quote }}
+ {{- end }}
env:
- name: ANSIBLE_LIBRARY
value: /usr/share/ansible/
diff --git a/heat/templates/job-db-sync.yaml b/heat/templates/job-db-sync.yaml
index 8a7f90f3ed..0ee761c201 100644
--- a/heat/templates/job-db-sync.yaml
+++ b/heat/templates/job-db-sync.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.db_sync }}
apiVersion: batch/v1
kind: Job
metadata:
@@ -7,29 +9,7 @@ spec:
metadata:
annotations:
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": {{ .Values.images.dep_check | quote }},
- "imagePullPolicy": {{ .Values.images.pull_policy | quote }},
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
restartPolicy: OnFailure
@@ -39,6 +19,15 @@ spec:
- name: heat-db-sync
image: {{ .Values.images.db_sync }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.heat_db_sync.requests.memory | quote }}
+ cpu: {{ .Values.resources.heat_db_sync.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.heat_db_sync.limits.memory | quote }}
+ cpu: {{ .Values.resources.heat_db_sync.limits.cpu | quote }}
+ {{- end }}
command:
- heat-manage
args:
diff --git a/heat/templates/job-ks-endpoints.yaml.yaml b/heat/templates/job-ks-endpoints.yaml.yaml
index d82c4fd525..c5dfd3aaa1 100644
--- a/heat/templates/job-ks-endpoints.yaml.yaml
+++ b/heat/templates/job-ks-endpoints.yaml.yaml
@@ -1,5 +1,6 @@
{{- $envAll := . }}
{{- $ksAdminSecret := .Values.keystone_secrets.admin }}
+{{- $dependencies := .Values.dependencies.ks_endpoints }}
apiVersion: batch/v1
kind: Job
metadata:
@@ -9,25 +10,7 @@ spec:
metadata:
annotations:
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": {{ .Values.images.dep_check | quote }},
- "imagePullPolicy": {{ .Values.images.pull_policy | quote }},
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
restartPolicy: OnFailure
@@ -39,6 +22,15 @@ spec:
- name: {{ $osServiceName }}-ks-endpoints-{{ $osServiceEndPoint }}
image: {{ $envAll.Values.images.ks_endpoints }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
+ {{- if $envAll.Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ $envAll.Values.resources.heat_ks_endpoints.requests.memory | quote }}
+ cpu: {{ $envAll.Values.resources.heat_ks_endpoints.requests.cpu | quote }}
+ limits:
+ memory: {{ $envAll.Values.resources.heat_ks_endpoints.limits.memory | quote }}
+ cpu: {{ $envAll.Values.resources.heat_ks_endpoints.limits.cpu | quote }}
+ {{- end }}
command:
- bash
- /tmp/ks-endpoints.sh
diff --git a/heat/templates/job-ks-service.yaml b/heat/templates/job-ks-service.yaml
index 651422c355..dd3295a5ec 100644
--- a/heat/templates/job-ks-service.yaml
+++ b/heat/templates/job-ks-service.yaml
@@ -1,5 +1,6 @@
{{- $envAll := . }}
{{- $ksAdminSecret := .Values.keystone_secrets.admin }}
+{{- $dependencies := .Values.dependencies.ks_service }}
apiVersion: batch/v1
kind: Job
metadata:
@@ -9,25 +10,7 @@ spec:
metadata:
annotations:
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": {{ .Values.images.dep_check | quote }},
- "imagePullPolicy": {{ .Values.images.pull_policy | quote }},
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.ks_service.service }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
restartPolicy: OnFailure
@@ -38,6 +21,15 @@ spec:
- name: {{ $osServiceName }}-ks-service-registration
image: {{ $envAll.Values.images.ks_service }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
+ {{- if $envAll.Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ $envAll.Values.resources.heat_ks_service.requests.memory | quote }}
+ cpu: {{ $envAll.Values.resources.heat_ks_service.requests.cpu | quote }}
+ limits:
+ memory: {{ $envAll.Values.resources.heat_ks_service.limits.memory | quote }}
+ cpu: {{ $envAll.Values.resources.heat_ks_service.limits.cpu | quote }}
+ {{- end }}
command:
- bash
- /tmp/ks-service.sh
@@ -55,6 +47,7 @@ spec:
- name: OS_SERVICE_TYPE
value: {{ tuple $osServiceName $envAll | include "endpoint_type_lookup" }}
{{- end }}
+
volumes:
- name: ks-service-sh
configMap:
diff --git a/heat/templates/job-ks-user.yaml b/heat/templates/job-ks-user.yaml
index 89c2d21f76..a55743ef02 100644
--- a/heat/templates/job-ks-user.yaml
+++ b/heat/templates/job-ks-user.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.ks_user }}
{{- $ksAdminSecret := .Values.keystone_secrets.admin }}
{{- $ksUserSecret := .Values.keystone_secrets.user }}
# The heat user management job is a bit different from other services as it also needs to create a stack domain and trusts user
@@ -12,25 +14,7 @@ spec:
metadata:
annotations:
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": {{ .Values.images.dep_check | quote }},
- "imagePullPolicy": {{ .Values.images.pull_policy | quote }},
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.ks_user.service }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
restartPolicy: OnFailure
@@ -40,6 +24,15 @@ spec:
- name: heat-ks-user
image: {{ .Values.images.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.heat_ks_user.requests.memory | quote }}
+ cpu: {{ .Values.resources.heat_ks_user.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.heat_ks_user.limits.memory | quote }}
+ cpu: {{ .Values.resources.heat_ks_user.limits.cpu | quote }}
+ {{- end }}
command:
- bash
- /tmp/ks-user.sh
diff --git a/heat/templates/statefulset-engine.yaml b/heat/templates/statefulset-engine.yaml
index 0478e39173..d27bf99665 100644
--- a/heat/templates/statefulset-engine.yaml
+++ b/heat/templates/statefulset-engine.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.engine }}
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
@@ -11,29 +13,7 @@ spec:
app: heat-engine
annotations:
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": {{ .Values.images.dep_check | quote }},
- "imagePullPolicy": {{ .Values.images.pull_policy | quote }},
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.engine.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.engine.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
nodeSelector:
@@ -42,6 +22,15 @@ spec:
- name: heat-engine
image: {{ .Values.images.engine }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.heat_engine.requests.memory | quote }}
+ cpu: {{ .Values.resources.heat_engine.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.heat_engine.limits.memory | quote }}
+ cpu: {{ .Values.resources.heat_engine.limits.cpu | quote }}
+ {{- end }}
command:
- heat-engine
- --config-dir
@@ -55,6 +44,10 @@ spec:
mountPath: /etc/heat/conf/heat.conf
subPath: heat.conf
readOnly: true
+ - name: heatpolicy
+ mountPath: /etc/heat/policy.json
+ subPath: policy.json
+ readOnly: true
volumes:
- name: pod-etc-heat
emptyDir: {}
@@ -63,3 +56,6 @@ spec:
- name: heatconf
configMap:
name: heat-etc
+ - name: heatpolicy
+ configMap:
+ name: heat-etc
diff --git a/heat/values.yaml b/heat/values.yaml
index 6373aa22de..9da0dc95f6 100644
--- a/heat/values.yaml
+++ b/heat/values.yaml
@@ -97,18 +97,8 @@ memcached:
host: memcached
port: 11211
-resources:
- api:
- workers: 8
- cfn:
- workers: 8
- cloudwatch:
- workers: 8
- engine:
- workers: 8
-
misc:
- debug: false
+ debug: true
secrets:
keystone_admin:
@@ -206,3 +196,77 @@ endpoints:
scheme: 'http'
port:
api: 8003
+
+resources:
+ enabled: false
+ heat_api:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ heat_cfn:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ heat_cloudwatch:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ heat_db_init:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ heat_db_sync:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ heat_ks_endpoints:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ heat_ks_service:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ heat_ks_user:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ heat_engine:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ api:
+ workers: 8
+ cfn:
+ workers: 8
+ cloudwatch:
+ workers: 8
+ engine:
+ workers: 8
diff --git a/horizon/templates/deployment.yaml b/horizon/templates/deployment.yaml
index f3a65f02e7..25b90efb0c 100644
--- a/horizon/templates/deployment.yaml
+++ b/horizon/templates/deployment.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.dashboard }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
@@ -20,26 +22,8 @@ spec:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": "{{ .Values.images.entrypoint }}",
- "imagePullPolicy": "{{ .Values.images.pull_policy }}",
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.dashboard.service }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
- ]'
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
+ ]'
spec:
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
@@ -47,6 +31,15 @@ spec:
- name: horizon
image: {{ .Values.images.horizon }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.dashboard.limits.cpu | quote }}
+ memory: {{ .Values.resources.dashboard.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.dashboard.requests.cpu | quote }}
+ memory: {{ .Values.resources.dashboard.requests.memory | quote }}
+ {{- end }}
command:
- bash
- /tmp/start.sh
diff --git a/horizon/values.yaml b/horizon/values.yaml
index f9a19fd4ee..500c727d72 100644
--- a/horizon/values.yaml
+++ b/horizon/values.yaml
@@ -1,4 +1,4 @@
-# Default values for memcached.
+# Default values for horizon.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
@@ -6,7 +6,7 @@
replicas: 1
images:
- entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0
horizon: quay.io/stackanetes/stackanetes-horizon:newton
pull_policy: "IfNotPresent"
@@ -36,7 +36,17 @@ dependencies:
- memcached
- keystone-api
-# typically overriden by environmental
+resources:
+ enabled: false
+ dashboard:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+
+# mits:typically overriden by environmental
# values, but should include all endpoints
# required by this chart
endpoints:
diff --git a/keystone/templates/bin/_db-sync.sh.tpl b/keystone/templates/bin/_db-sync.sh.tpl
index 89c4c5de84..e4f69c7214 100644
--- a/keystone/templates/bin/_db-sync.sh.tpl
+++ b/keystone/templates/bin/_db-sync.sh.tpl
@@ -1,22 +1,13 @@
#!/bin/bash
set -ex
-# order of kolla_keystone_bootstrap urls
-# for those of looking for a little expanation
-# to a mysterious blackbox
-#
-# these will feed into the keystone endpoints
-# so it is important they are correct
-#
-# keystone_admin_url
-# keystone_internal_url
-# keystone_public_url
-
-keystone-manage db_sync
-kolla_keystone_bootstrap {{ .Values.keystone.admin_user }} {{ .Values.keystone.admin_password }} \
- {{ .Values.keystone.admin_project_name }} admin \
- {{ include "endpoint_keystone_admin" . }} \
- {{ include "endpoint_keystone_internal" . }} \
- {{ include "endpoint_keystone_internal" . }} \
- {{ .Values.keystone.admin_region_name }}
+keystone-manage --config-file=/etc/keystone/keystone.conf db_sync
+keystone-manage --config-file=/etc/keystone/keystone.conf bootstrap \
+ --bootstrap-username {{ .Values.keystone.admin_user }} \
+ --bootstrap-password {{ .Values.keystone.admin_password }} \
+ --bootstrap-project-name {{ .Values.keystone.admin_project_name }} \
+ --bootstrap-admin-url {{ include "endpoint_keystone_admin" . }} \
+ --bootstrap-public-url {{ include "endpoint_keystone_internal" . }} \
+ --bootstrap-internal-url {{ include "endpoint_keystone_internal" . }} \
+ --bootstrap-region-id {{ .Values.keystone.admin_region_name }}
diff --git a/keystone/templates/bin/_init.sh.tpl b/keystone/templates/bin/_init.sh.tpl
index 0d47c4ba71..f48157a2ce 100644
--- a/keystone/templates/bin/_init.sh.tpl
+++ b/keystone/templates/bin/_init.sh.tpl
@@ -2,5 +2,20 @@
set -ex
export HOME=/tmp
-ansible localhost -vvv -m mysql_db -a "login_host='{{ include "keystone_db_host" . }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.keystone_database_name }}'"
-ansible localhost -vvv -m mysql_user -a "login_host='{{ include "keystone_db_host" . }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.keystone_user }}' password='{{ .Values.database.keystone_password }}' host='%' priv='{{ .Values.database.keystone_database_name }}.*:ALL' append_privs='yes'"
+ansible localhost -vvv \
+ -m mysql_db -a "login_host='{{ include "keystone_db_host" . }}' \
+ login_port='{{ .Values.database.port }}' \
+ login_user='{{ .Values.database.root_user }}' \
+ login_password='{{ .Values.database.root_password }}' \
+ name='{{ .Values.database.keystone_database_name }}'"
+
+ansible localhost -vvv \
+ -m mysql_user -a "login_host='{{ include "keystone_db_host" . }}' \
+ login_port='{{ .Values.database.port }}' \
+ login_user='{{ .Values.database.root_user }}' \
+ login_password='{{ .Values.database.root_password }}' \
+ name='{{ .Values.database.keystone_user }}' \
+ password='{{ .Values.database.keystone_password }}' \
+ host='%' \
+ priv='{{ .Values.database.keystone_database_name }}.*:ALL' \
+ append_privs='yes'"
diff --git a/keystone/templates/bin/_start.sh.tpl b/keystone/templates/bin/_start.sh.tpl
index 4bafe63ee4..72529c2f32 100644
--- a/keystone/templates/bin/_start.sh.tpl
+++ b/keystone/templates/bin/_start.sh.tpl
@@ -1,8 +1,10 @@
-#!/bin/bash
-set -ex
-
-# Loading Apache2 ENV variables
-source /etc/apache2/envvars
+#!/bin/bash
+set -ex
-# start apache with any container arguments
-apache2 -DFOREGROUND $*
+if [ -f /etc/apache2/envvars ]; then
+ # Loading Apache2 ENV variables
+ source /etc/apache2/envvars
+fi
+
+# Start Apache2
+exec apache2 -DFOREGROUND
diff --git a/keystone/templates/configmap-etc.yaml b/keystone/templates/configmap-etc.yaml
index b59534ee98..3ad7dc8293 100644
--- a/keystone/templates/configmap-etc.yaml
+++ b/keystone/templates/configmap-etc.yaml
@@ -6,6 +6,12 @@ data:
keystone.conf: |+
{{ tuple "etc/_keystone.conf.tpl" . | include "template" | indent 4 }}
mpm_event.conf: |+
-{{ tuple "etc/_mpm_event.conf.tpl" . | include "template" | indent 4 }}
+{{ tuple "etc/_mpm_event.conf.tpl" . | include "template" | indent 4 }}
wsgi-keystone.conf: |+
{{ tuple "etc/_wsgi-keystone.conf.tpl" . | include "template" | indent 4 }}
+ policy.json: |+
+{{ tuple "etc/_policy.json.tpl" . | include "template" | indent 4 }}
+ keystone-paste.ini: |+
+{{ tuple "etc/_keystone-paste.ini.tpl" . | include "template" | indent 4 }}
+ sso_callback_template.html: |+
+{{ tuple "etc/_sso_callback_template.html.tpl" . | include "template" | indent 4 }}
diff --git a/keystone/templates/deployment.yaml b/keystone/templates/deployment.yaml
index 49917adaed..9b1c58b2f5 100644
--- a/keystone/templates/deployment.yaml
+++ b/keystone/templates/deployment.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependecies := .Values.dependencies.api }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
@@ -11,42 +13,16 @@ spec:
rollingUpdate:
maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }}
maxSurge: {{ .Values.upgrades.rolling_update.max_surge }}
- {{ end }}
+ {{ end }}
template:
metadata:
labels:
app: keystone-api
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
- configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": "{{ .Values.images.entrypoint }}",
- "imagePullPolicy": "{{ .Values.images.pull_policy }}",
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "INTERFACE_NAME",
- "value": "eth0"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependecies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
nodeSelector:
@@ -55,32 +31,77 @@ spec:
- name: keystone-api
image: {{ .Values.images.api }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.api.limits.cpu | quote }}
+ memory: {{ .Values.resources.api.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.api.requests.cpu | quote }}
+ memory: {{ .Values.resources.api.requests.memory | quote }}
+ {{- end }}
command:
- bash
- /tmp/start.sh
ports:
- containerPort: {{ .Values.network.port.public }}
- containerPort: {{ .Values.network.port.admin }}
+ lifecycle:
+ preStop:
+ exec:
+ command:
+ - apachectl
+ - -k
+ - graceful-stop
readinessProbe:
tcpSocket:
port: {{ .Values.network.port.public }}
volumeMounts:
+ - name: pod-etc-keystone
+ mountPath: /etc/keystone
- name: keystoneconf
mountPath: /etc/keystone/keystone.conf
subPath: keystone.conf
+ readOnly: true
+ - name: keystonepaste
+ mountPath: /etc/keystone/keystone-paste.ini
+ subPath: keystone-paste.ini
+ readOnly: true
+ - name: keystonepolicy
+ mountPath: /etc/keystone/policy.json
+ subPath: policy.json
+ readOnly: true
+ - name: keystonessotemplate
+ mountPath: /etc/keystone/sso_callback_template.html
+ subPath: sso_callback_template.html
+ readOnly: true
- name: wsgikeystone
mountPath: /etc/apache2/conf-enabled/wsgi-keystone.conf
subPath: wsgi-keystone.conf
+ readOnly: true
- name: mpmeventconf
mountPath: /etc/apache2/mods-available/mpm_event.conf
subPath: mpm_event.conf
+ readOnly: true
- name: startsh
mountPath: /tmp/start.sh
subPath: start.sh
+ readOnly: true
volumes:
+ - name: pod-etc-keystone
+ emptyDir: {}
- name: keystoneconf
configMap:
name: keystone-etc
+ - name: keystonepaste
+ configMap:
+ name: keystone-etc
+ - name: keystonepolicy
+ configMap:
+ name: keystone-etc
+ - name: keystonessotemplate
+ configMap:
+ name: keystone-etc
- name: wsgikeystone
configMap:
name: keystone-etc
@@ -90,4 +111,3 @@ spec:
- name: startsh
configMap:
name: keystone-bin
-
diff --git a/keystone/templates/etc/_keystone-paste.ini.tpl b/keystone/templates/etc/_keystone-paste.ini.tpl
new file mode 100644
index 0000000000..0d058ac009
--- /dev/null
+++ b/keystone/templates/etc/_keystone-paste.ini.tpl
@@ -0,0 +1,97 @@
+# Keystone PasteDeploy configuration file.
+
+[filter:debug]
+use = egg:oslo.middleware#debug
+
+[filter:request_id]
+use = egg:oslo.middleware#request_id
+
+[filter:build_auth_context]
+use = egg:keystone#build_auth_context
+
+[filter:token_auth]
+use = egg:keystone#token_auth
+
+[filter:admin_token_auth]
+# This is deprecated in the M release and will be removed in the O release.
+# Use `keystone-manage bootstrap` and remove this from the pipelines below.
+use = egg:keystone#admin_token_auth
+
+[filter:json_body]
+use = egg:keystone#json_body
+
+[filter:cors]
+use = egg:oslo.middleware#cors
+oslo_config_project = keystone
+
+[filter:http_proxy_to_wsgi]
+use = egg:oslo.middleware#http_proxy_to_wsgi
+
+[filter:healthcheck]
+use = egg:oslo.middleware#healthcheck
+
+[filter:ec2_extension]
+use = egg:keystone#ec2_extension
+
+[filter:ec2_extension_v3]
+use = egg:keystone#ec2_extension_v3
+
+[filter:s3_extension]
+use = egg:keystone#s3_extension
+
+[filter:url_normalize]
+use = egg:keystone#url_normalize
+
+[filter:sizelimit]
+use = egg:oslo.middleware#sizelimit
+
+[filter:osprofiler]
+use = egg:osprofiler#osprofiler
+
+[app:public_service]
+use = egg:keystone#public_service
+
+[app:service_v3]
+use = egg:keystone#service_v3
+
+[app:admin_service]
+use = egg:keystone#admin_service
+
+[pipeline:public_api]
+# The last item in this pipeline must be public_service or an equivalent
+# application. It cannot be a filter.
+pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension public_service
+
+[pipeline:admin_api]
+# The last item in this pipeline must be admin_service or an equivalent
+# application. It cannot be a filter.
+pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension admin_service
+
+[pipeline:api_v3]
+# The last item in this pipeline must be service_v3 or an equivalent
+# application. It cannot be a filter.
+pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3
+
+[app:public_version_service]
+use = egg:keystone#public_version_service
+
+[app:admin_version_service]
+use = egg:keystone#admin_version_service
+
+[pipeline:public_version_api]
+pipeline = healthcheck cors sizelimit osprofiler url_normalize public_version_service
+
+[pipeline:admin_version_api]
+pipeline = healthcheck cors sizelimit osprofiler url_normalize admin_version_service
+
+[composite:main]
+use = egg:Paste#urlmap
+/v2.0 = public_api
+/v3 = api_v3
+/ = public_version_api
+
+[composite:admin]
+use = egg:Paste#urlmap
+/v2.0 = admin_api
+/v3 = api_v3
+/ = admin_version_api
diff --git a/keystone/templates/etc/_keystone.conf.tpl b/keystone/templates/etc/_keystone.conf.tpl
index a503b4a0e5..573eba9e0e 100644
--- a/keystone/templates/etc/_keystone.conf.tpl
+++ b/keystone/templates/etc/_keystone.conf.tpl
@@ -1,5 +1,5 @@
[DEFAULT]
-debug = {{ .Values.misc.debug }}
+debug = {{ .Values.api.default.debug }}
use_syslog = False
use_stderr = True
@@ -10,6 +10,9 @@ max_retries = -1
[memcache]
servers = {{ include "memcached_host" . }}:11211
+[token]
+provider = {{ .Values.api.token.provider }}
+
[cache]
backend = dogpile.cache.memcached
memcache_servers = {{ include "memcached_host" . }}:11211
diff --git a/keystone/templates/etc/_policy.json.tpl b/keystone/templates/etc/_policy.json.tpl
new file mode 100644
index 0000000000..ddf2396272
--- /dev/null
+++ b/keystone/templates/etc/_policy.json.tpl
@@ -0,0 +1,199 @@
+{
+ "admin_required": "role:admin or is_admin:1",
+ "service_role": "role:service",
+ "service_or_admin": "rule:admin_required or rule:service_role",
+ "owner" : "user_id:%(user_id)s",
+ "admin_or_owner": "rule:admin_required or rule:owner",
+ "token_subject": "user_id:%(target.token.user_id)s",
+ "admin_or_token_subject": "rule:admin_required or rule:token_subject",
+ "service_admin_or_token_subject": "rule:service_or_admin or rule:token_subject",
+
+ "default": "rule:admin_required",
+
+ "identity:get_region": "",
+ "identity:list_regions": "",
+ "identity:create_region": "rule:admin_required",
+ "identity:update_region": "rule:admin_required",
+ "identity:delete_region": "rule:admin_required",
+
+ "identity:get_service": "rule:admin_required",
+ "identity:list_services": "rule:admin_required",
+ "identity:create_service": "rule:admin_required",
+ "identity:update_service": "rule:admin_required",
+ "identity:delete_service": "rule:admin_required",
+
+ "identity:get_endpoint": "rule:admin_required",
+ "identity:list_endpoints": "rule:admin_required",
+ "identity:create_endpoint": "rule:admin_required",
+ "identity:update_endpoint": "rule:admin_required",
+ "identity:delete_endpoint": "rule:admin_required",
+
+ "identity:get_domain": "rule:admin_required or token.project.domain.id:%(target.domain.id)s",
+ "identity:list_domains": "rule:admin_required",
+ "identity:create_domain": "rule:admin_required",
+ "identity:update_domain": "rule:admin_required",
+ "identity:delete_domain": "rule:admin_required",
+
+ "identity:get_project": "rule:admin_required or project_id:%(target.project.id)s",
+ "identity:list_projects": "rule:admin_required",
+ "identity:list_user_projects": "rule:admin_or_owner",
+ "identity:create_project": "rule:admin_required",
+ "identity:update_project": "rule:admin_required",
+ "identity:delete_project": "rule:admin_required",
+
+ "identity:get_user": "rule:admin_or_owner",
+ "identity:list_users": "rule:admin_required",
+ "identity:create_user": "rule:admin_required",
+ "identity:update_user": "rule:admin_required",
+ "identity:delete_user": "rule:admin_required",
+ "identity:change_password": "rule:admin_or_owner",
+
+ "identity:get_group": "rule:admin_required",
+ "identity:list_groups": "rule:admin_required",
+ "identity:list_groups_for_user": "rule:admin_or_owner",
+ "identity:create_group": "rule:admin_required",
+ "identity:update_group": "rule:admin_required",
+ "identity:delete_group": "rule:admin_required",
+ "identity:list_users_in_group": "rule:admin_required",
+ "identity:remove_user_from_group": "rule:admin_required",
+ "identity:check_user_in_group": "rule:admin_required",
+ "identity:add_user_to_group": "rule:admin_required",
+
+ "identity:get_credential": "rule:admin_required",
+ "identity:list_credentials": "rule:admin_required",
+ "identity:create_credential": "rule:admin_required",
+ "identity:update_credential": "rule:admin_required",
+ "identity:delete_credential": "rule:admin_required",
+
+ "identity:ec2_get_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)",
+ "identity:ec2_list_credentials": "rule:admin_or_owner",
+ "identity:ec2_create_credential": "rule:admin_or_owner",
+ "identity:ec2_delete_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)",
+
+ "identity:get_role": "rule:admin_required",
+ "identity:list_roles": "rule:admin_required",
+ "identity:create_role": "rule:admin_required",
+ "identity:update_role": "rule:admin_required",
+ "identity:delete_role": "rule:admin_required",
+ "identity:get_domain_role": "rule:admin_required",
+ "identity:list_domain_roles": "rule:admin_required",
+ "identity:create_domain_role": "rule:admin_required",
+ "identity:update_domain_role": "rule:admin_required",
+ "identity:delete_domain_role": "rule:admin_required",
+
+ "identity:get_implied_role": "rule:admin_required ",
+ "identity:list_implied_roles": "rule:admin_required",
+ "identity:create_implied_role": "rule:admin_required",
+ "identity:delete_implied_role": "rule:admin_required",
+ "identity:list_role_inference_rules": "rule:admin_required",
+ "identity:check_implied_role": "rule:admin_required",
+
+ "identity:check_grant": "rule:admin_required",
+ "identity:list_grants": "rule:admin_required",
+ "identity:create_grant": "rule:admin_required",
+ "identity:revoke_grant": "rule:admin_required",
+
+ "identity:list_role_assignments": "rule:admin_required",
+ "identity:list_role_assignments_for_tree": "rule:admin_required",
+
+ "identity:get_policy": "rule:admin_required",
+ "identity:list_policies": "rule:admin_required",
+ "identity:create_policy": "rule:admin_required",
+ "identity:update_policy": "rule:admin_required",
+ "identity:delete_policy": "rule:admin_required",
+
+ "identity:check_token": "rule:admin_or_token_subject",
+ "identity:validate_token": "rule:service_admin_or_token_subject",
+ "identity:validate_token_head": "rule:service_or_admin",
+ "identity:revocation_list": "rule:service_or_admin",
+ "identity:revoke_token": "rule:admin_or_token_subject",
+
+ "identity:create_trust": "user_id:%(trust.trustor_user_id)s",
+ "identity:list_trusts": "",
+ "identity:list_roles_for_trust": "",
+ "identity:get_role_for_trust": "",
+ "identity:delete_trust": "",
+
+ "identity:create_consumer": "rule:admin_required",
+ "identity:get_consumer": "rule:admin_required",
+ "identity:list_consumers": "rule:admin_required",
+ "identity:delete_consumer": "rule:admin_required",
+ "identity:update_consumer": "rule:admin_required",
+
+ "identity:authorize_request_token": "rule:admin_required",
+ "identity:list_access_token_roles": "rule:admin_required",
+ "identity:get_access_token_role": "rule:admin_required",
+ "identity:list_access_tokens": "rule:admin_required",
+ "identity:get_access_token": "rule:admin_required",
+ "identity:delete_access_token": "rule:admin_required",
+
+ "identity:list_projects_for_endpoint": "rule:admin_required",
+ "identity:add_endpoint_to_project": "rule:admin_required",
+ "identity:check_endpoint_in_project": "rule:admin_required",
+ "identity:list_endpoints_for_project": "rule:admin_required",
+ "identity:remove_endpoint_from_project": "rule:admin_required",
+
+ "identity:create_endpoint_group": "rule:admin_required",
+ "identity:list_endpoint_groups": "rule:admin_required",
+ "identity:get_endpoint_group": "rule:admin_required",
+ "identity:update_endpoint_group": "rule:admin_required",
+ "identity:delete_endpoint_group": "rule:admin_required",
+ "identity:list_projects_associated_with_endpoint_group": "rule:admin_required",
+ "identity:list_endpoints_associated_with_endpoint_group": "rule:admin_required",
+ "identity:get_endpoint_group_in_project": "rule:admin_required",
+ "identity:list_endpoint_groups_for_project": "rule:admin_required",
+ "identity:add_endpoint_group_to_project": "rule:admin_required",
+ "identity:remove_endpoint_group_from_project": "rule:admin_required",
+
+ "identity:create_identity_provider": "rule:admin_required",
+ "identity:list_identity_providers": "rule:admin_required",
+ "identity:get_identity_providers": "rule:admin_required",
+ "identity:update_identity_provider": "rule:admin_required",
+ "identity:delete_identity_provider": "rule:admin_required",
+
+ "identity:create_protocol": "rule:admin_required",
+ "identity:update_protocol": "rule:admin_required",
+ "identity:get_protocol": "rule:admin_required",
+ "identity:list_protocols": "rule:admin_required",
+ "identity:delete_protocol": "rule:admin_required",
+
+ "identity:create_mapping": "rule:admin_required",
+ "identity:get_mapping": "rule:admin_required",
+ "identity:list_mappings": "rule:admin_required",
+ "identity:delete_mapping": "rule:admin_required",
+ "identity:update_mapping": "rule:admin_required",
+
+ "identity:create_service_provider": "rule:admin_required",
+ "identity:list_service_providers": "rule:admin_required",
+ "identity:get_service_provider": "rule:admin_required",
+ "identity:update_service_provider": "rule:admin_required",
+ "identity:delete_service_provider": "rule:admin_required",
+
+ "identity:get_auth_catalog": "",
+ "identity:get_auth_projects": "",
+ "identity:get_auth_domains": "",
+
+ "identity:list_projects_for_user": "",
+ "identity:list_domains_for_user": "",
+
+ "identity:list_revoke_events": "rule:service_or_admin",
+
+ "identity:create_policy_association_for_endpoint": "rule:admin_required",
+ "identity:check_policy_association_for_endpoint": "rule:admin_required",
+ "identity:delete_policy_association_for_endpoint": "rule:admin_required",
+ "identity:create_policy_association_for_service": "rule:admin_required",
+ "identity:check_policy_association_for_service": "rule:admin_required",
+ "identity:delete_policy_association_for_service": "rule:admin_required",
+ "identity:create_policy_association_for_region_and_service": "rule:admin_required",
+ "identity:check_policy_association_for_region_and_service": "rule:admin_required",
+ "identity:delete_policy_association_for_region_and_service": "rule:admin_required",
+ "identity:get_policy_for_endpoint": "rule:admin_required",
+ "identity:list_endpoints_for_policy": "rule:admin_required",
+
+ "identity:create_domain_config": "rule:admin_required",
+ "identity:get_domain_config": "rule:admin_required",
+ "identity:get_security_compliance_domain_config": "",
+ "identity:update_domain_config": "rule:admin_required",
+ "identity:delete_domain_config": "rule:admin_required",
+ "identity:get_domain_config_default": "rule:admin_required"
+}
diff --git a/keystone/templates/etc/_sso_callback_template.html.tpl b/keystone/templates/etc/_sso_callback_template.html.tpl
new file mode 100644
index 0000000000..3364d69e55
--- /dev/null
+++ b/keystone/templates/etc/_sso_callback_template.html.tpl
@@ -0,0 +1,22 @@
+
+
+
+ Keystone WebSSO redirect
+
+
+
+
+
+
diff --git a/keystone/templates/etc/_wsgi-keystone.conf.tpl b/keystone/templates/etc/_wsgi-keystone.conf.tpl
index e6535eae85..54e393a223 100644
--- a/keystone/templates/etc/_wsgi-keystone.conf.tpl
+++ b/keystone/templates/etc/_wsgi-keystone.conf.tpl
@@ -1,8 +1,11 @@
Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.public }}
Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.admin }}
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+
- WSGIDaemonProcess keystone-public processes=16 threads=6 user=keystone group=keystone display-name=%{GROUP}
+ WSGIDaemonProcess keystone-public processes=1 threads=4 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /var/www/cgi-bin/keystone/main
WSGIApplicationGroup %{GLOBAL}
@@ -10,12 +13,15 @@ Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.admin }}
= 2.4>
ErrorLogFormat "%{cu}t %M"
- ErrorLog "|$/bin/cat 1>&2"
- CustomLog "|/bin/cat" combined
+ ErrorLog /dev/stderr
+
+ SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+ CustomLog /dev/stdout combined env=!forwarded
+ CustomLog /dev/stdout proxy env=forwarded
- WSGIDaemonProcess keystone-admin processes=16 threads=5 user=keystone group=keystone display-name=%{GROUP}
+ WSGIDaemonProcess keystone-admin processes=1 threads=4 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
WSGIApplicationGroup %{GLOBAL}
@@ -23,6 +29,9 @@ Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.admin }}
= 2.4>
ErrorLogFormat "%{cu}t %M"
- ErrorLog "|$/bin/cat 1>&2"
- CustomLog "|/bin/cat" combined
+ ErrorLog /dev/stderr
+
+ SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+ CustomLog /dev/stdout combined env=!forwarded
+ CustomLog /dev/stdout proxy env=forwarded
diff --git a/keystone/templates/job-db-init.yaml b/keystone/templates/job-db-init.yaml
new file mode 100644
index 0000000000..332ed2e1b6
--- /dev/null
+++ b/keystone/templates/job-db-init.yaml
@@ -0,0 +1,41 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.init }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: keystone-db-init
+spec:
+ template:
+ metadata:
+ annotations:
+ pod.beta.kubernetes.io/init-containers: '[
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
+ ]'
+ spec:
+ restartPolicy: OnFailure
+ nodeSelector:
+ {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
+ containers:
+ - name: keystone-db-init
+ image: {{ .Values.images.db_init }}
+ imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.jobs.init.limits.cpu | quote }}
+ memory: {{ .Values.resources.jobs.init.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.jobs.init.requests.cpu | quote }}
+ memory: {{ .Values.resources.jobs.init.requests.memory | quote }}
+ {{- end }}
+ command:
+ - bash
+ - /tmp/init.sh
+ volumeMounts:
+ - name: keystone-bin
+ mountPath: /tmp/init.sh
+ subPath: init.sh
+ volumes:
+ - name: keystone-bin
+ configMap:
+ name: keystone-bin
diff --git a/keystone/templates/job-db-sync.yaml b/keystone/templates/job-db-sync.yaml
index c1f4954279..0b98976172 100644
--- a/keystone/templates/job-db-sync.yaml
+++ b/keystone/templates/job-db-sync.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependecies := .Values.dependencies.db_sync }}
apiVersion: batch/v1
kind: Job
metadata:
@@ -7,29 +9,7 @@ spec:
metadata:
annotations:
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": "{{ .Values.images.entrypoint }}",
- "imagePullPolicy": "{{ .Values.images.pull_policy }}",
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependecies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
restartPolicy: OnFailure
@@ -39,17 +19,32 @@ spec:
- name: keystone-db-sync
image: {{ .Values.images.db_sync }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.jobs.db_sync.limits.cpu | quote }}
+ memory: {{ .Values.resources.jobs.db_sync.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.jobs.db_sync.requests.cpu | quote }}
+ memory: {{ .Values.resources.jobs.db_sync.requests.memory | quote }}
+ {{- end }}
command:
- bash
- /tmp/db-sync.sh
volumeMounts:
+ - name: pod-etc-keystone
+ mountPath: /etc/keystone
- name: keystoneconf
mountPath: /etc/keystone/keystone.conf
subPath: keystone.conf
+ readOnly: true
- name: keystone-bin
mountPath: /tmp/db-sync.sh
subPath: db-sync.sh
+ readOnly: true
volumes:
+ - name: pod-etc-keystone
+ emptyDir: {}
- name: keystoneconf
configMap:
name: keystone-etc
diff --git a/keystone/templates/job-init.yaml b/keystone/templates/job-init.yaml
deleted file mode 100644
index 1f395255dc..0000000000
--- a/keystone/templates/job-init.yaml
+++ /dev/null
@@ -1,52 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: keystone-init
-spec:
- template:
- metadata:
- annotations:
- pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": "{{ .Values.images.entrypoint }}",
- "imagePullPolicy": "{{ .Values.images.pull_policy }}",
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.init.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.init.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
- ]'
- spec:
- restartPolicy: OnFailure
- nodeSelector:
- {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
- containers:
- - name: keystone-init
- image: {{ .Values.images.init }}
- imagePullPolicy: {{ .Values.images.pull_policy }}
- command:
- - bash
- - /tmp/init.sh
- volumeMounts:
- - name: keystone-bin
- mountPath: /tmp/init.sh
- subPath: init.sh
- volumes:
- - name: keystone-bin
- configMap:
- name: keystone-bin
diff --git a/keystone/values.yaml b/keystone/values.yaml
index e6ead52acc..48683a96f5 100644
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@@ -10,10 +10,10 @@ labels:
node_selector_value: enabled
images:
+ db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
db_sync: quay.io/stackanetes/stackanetes-keystone-api:newton
api: quay.io/stackanetes/stackanetes-keystone-api:newton
- init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
- entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0
pull_policy: "IfNotPresent"
upgrades:
@@ -31,6 +31,12 @@ keystone:
admin_password: password
admin_project_name: admin
+api:
+ default:
+ debug: false
+ token:
+ provider: uuid
+
network:
port:
admin: 35357
@@ -52,9 +58,6 @@ database:
keystone_password: password
keystone_user: keystone
-misc:
- debug: false
-
dependencies:
api:
jobs:
@@ -64,7 +67,7 @@ dependencies:
- mariadb
db_sync:
jobs:
- - keystone-init
+ - keystone-db-init
- mariadb-seed
service:
- mariadb
@@ -74,6 +77,31 @@ dependencies:
service:
- mariadb
+resources:
+ enabled: false
+ api:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+ jobs:
+ db_sync:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+ init:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+
# typically overriden by environmental
# values, but should include all endpoints
# required by this chart
@@ -87,4 +115,3 @@ endpoints:
port:
admin: 35357
public: 5000
-
diff --git a/maas/templates/_helpers.tpl b/maas/templates/_helpers.tpl
deleted file mode 100644
index d2f33bc897..0000000000
--- a/maas/templates/_helpers.tpl
+++ /dev/null
@@ -1,3 +0,0 @@
-{{- define "joinListWithColon" -}}
-{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }}
-{{- end -}}
diff --git a/maas/templates/var/_maas-region-controller.postinst.tpl b/maas/templates/bin/_maas-region-controller.postinst.tpl
similarity index 77%
rename from maas/templates/var/_maas-region-controller.postinst.tpl
rename to maas/templates/bin/_maas-region-controller.postinst.tpl
index 6c6ac31f12..ae7e846397 100644
--- a/maas/templates/var/_maas-region-controller.postinst.tpl
+++ b/maas/templates/bin/_maas-region-controller.postinst.tpl
@@ -35,30 +35,6 @@ configure_maas_default_url() {
maas-region local_config_set --maas-url "http://${ipaddr}/MAAS"
}
-get_default_route_ip6() {
- while read Src SrcPref Dest DestPref Gateway Metric RefCnt Use Flags Iface
- do
- [ "$SrcPref" = 00 ] && [ "$Iface" != lo ] && break
- done < /proc/net/ipv6_route
- if [ -n "$Iface" ]; then
- LC_ALL=C /sbin/ip -6 addr list dev "$Iface" scope global permanent |
- sed -n '/ inet6 /s/.*inet6 \([0-9a-fA-F:]*\).*/[\1]/p' | head -1
- fi
-}
-
-get_default_route_ip4() {
- while read Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
- do
- [ "$Mask" = "00000000" ] && break
- done < /proc/net/route
- if [ -n "$Iface" ]; then
- ipaddr=$(LC_ALL=C /sbin/ip -4 addr list dev "$Iface" scope global)
- ipaddr=${ipaddr#* inet }
- ipaddr=${ipaddr%%/*}
- echo $ipaddr
- fi
-}
-
extract_default_maas_url() {
# Extract DEFAULT_MAAS_URL IP/host setting from config file $1.
grep "^DEFAULT_MAAS_URL" "$1" | cut -d"/" -f3
@@ -86,17 +62,8 @@ if [ "$1" = "configure" ] && [ -z "$2" ]; then
db_get maas/default-maas-url
ipaddr="$RET"
if [ -z "$ipaddr" ]; then
- #ipaddr=$(get_default_route_ip4)
ipaddr="maas-region-ui.{{ .Release.Namespace }}"
fi
- if [ -z "$ipaddr" ]; then
- #ipaddr=$(get_default_route_ip6)
- ipaddr="maas-region-ui.{{ .Release.Namespace }}"
- fi
- # Fallback default is "localhost"
- if [ -z "$ipaddr" ]; then
- ipaddr=localhost
- fi
# Set the IP address of the interface with default route
configure_maas_default_url "$ipaddr"
db_subst maas/installation-note MAAS_URL "$ipaddr"
diff --git a/maas/templates/configmap-bin.yaml b/maas/templates/configmap-bin.yaml
index 53b2d94dbc..c7c2108d76 100644
--- a/maas/templates/configmap-bin.yaml
+++ b/maas/templates/configmap-bin.yaml
@@ -5,3 +5,5 @@ metadata:
data:
start.sh: |
{{ tuple "bin/_start.sh.tpl" . | include "template" | indent 4 }}
+ maas-region-controller.postinst: |
+{{ tuple "bin/_maas-region-controller.postinst.tpl" . | include "template" | indent 4 }}
diff --git a/maas/templates/configmap-etc.yaml b/maas/templates/configmap-etc.yaml
index 2597a28cac..ececffc02c 100644
--- a/maas/templates/configmap-etc.yaml
+++ b/maas/templates/configmap-etc.yaml
@@ -5,3 +5,5 @@ metadata:
data:
named.conf.options: |+
{{ tuple "etc/_region-dns-config.tpl" . | include "template" | indent 4 }}
+ secret: |
+{{ tuple "etc/_secret.tpl" . | include "template" | indent 4 }}
diff --git a/maas/templates/configmap-var.yaml b/maas/templates/configmap-var.yaml
deleted file mode 100644
index 422c0ed503..0000000000
--- a/maas/templates/configmap-var.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: maas-region-var
-data:
- maas-region-controller.postinst: |
-{{ tuple "var/_maas-region-controller.postinst.tpl" . | include "template" | indent 4 }}
- secret: |
-{{ tuple "var/_secret.tpl" . | include "template" | indent 4 }}
-
diff --git a/maas/templates/deploy-rack.yaml b/maas/templates/deploy-rack.yaml
index bd89d6b935..e2c6af2478 100644
--- a/maas/templates/deploy-rack.yaml
+++ b/maas/templates/deploy-rack.yaml
@@ -14,6 +14,15 @@ spec:
containers:
- name: maas-rack
image: {{ .Values.images.maas_rack }}
- imagePullPolicy: Always
+ imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.maas_rack_controller.limits.cpu | quote }}
+ memory: {{ .Values.resources.maas_rack_controller.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.maas_rack_controller.requests.cpu | quote }}
+ memory: {{ .Values.resources.maas_rack_controller.requests.memory | quote }}
+ {{- end }}
securityContext:
privileged: true
diff --git a/maas/templates/deploy-region.yaml b/maas/templates/deploy-region.yaml
index f044a09c5d..18cf77578a 100644
--- a/maas/templates/deploy-region.yaml
+++ b/maas/templates/deploy-region.yaml
@@ -14,12 +14,7 @@ spec:
"name": "init",
"image": "{{ .Values.images.maas_region }}",
"imagePullPolicy": "Always",
- "command": [
- "/bin/bash", "-c"
- ],
- "args": [
- "chmod +x /tmp/start.sh; /tmp/start.sh"
- ],
+ "command": ["bash", "/tmp/start.sh"],
"volumeMounts": [
{
"name": "maas-config",
@@ -56,9 +51,21 @@ spec:
containers:
- name: maas-region
image: {{ .Values.images.maas_region }}
- imagePullPolicy: Always
+ imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.maas_region.limits.cpu | quote }}
+ memory: {{ .Values.resources.maas_region.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.maas_region.requests.cpu | quote }}
+ memory: {{ .Values.resources.maas_region.requests.memory | quote}}
+ {{- end }}
ports:
- containerPort: {{ .Values.network.port.region_container }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.network.port.region_container }}
securityContext:
privileged: true
volumeMounts:
@@ -91,7 +98,7 @@ spec:
emptyDir: {}
- name: maas-region-secret
configMap:
- name: maas-region-var
+ name: maas-region-etc
- name: maas-config
emptyDir: {}
- name: maas-dns-config
@@ -102,4 +109,4 @@ spec:
name: maas-region-bin
- name: maasregionpostinst
configMap:
- name: maas-region-var
+ name: maas-region-bin
diff --git a/maas/templates/var/_secret.tpl b/maas/templates/etc/_secret.tpl
similarity index 100%
rename from maas/templates/var/_secret.tpl
rename to maas/templates/etc/_secret.tpl
diff --git a/maas/templates/service.yaml b/maas/templates/service.yaml
index fce28c7ac8..0a78d6c56d 100644
--- a/maas/templates/service.yaml
+++ b/maas/templates/service.yaml
@@ -5,7 +5,6 @@ metadata:
labels:
app: maas-region-ui
spec:
- type: NodePort
ports:
- port: {{ .Values.network.port.service_gui }}
targetPort: {{ .Values.network.port.service_gui_target }}
diff --git a/maas/values.yaml b/maas/values.yaml
index 0f46f04f67..421e66ca6d 100644
--- a/maas/values.yaml
+++ b/maas/values.yaml
@@ -4,7 +4,8 @@
images:
maas_region: quay.io/attcomdev/maas-region:2.1.2-1
- maas_rack: quay.io/attcomdev/maas-rack:2.1.2
+ maas_rack: quay.io/attcomdev/maas-rack:2.1.2-1
+ pull_policy: Always
labels:
node_selector_key: openstack-control-plane
@@ -18,4 +19,21 @@ network:
service_proxy: 8000
service_proxy_target: 8000
-service_name: maas-region-ui
+service_name: maas-region-ui
+
+resources:
+ enabled: false
+ maas_rack_controller:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+ maas_region:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
diff --git a/mariadb/templates/deployment.yaml b/mariadb/templates/deployment.yaml
index 8a456ee3ba..341e3f238e 100644
--- a/mariadb/templates/deployment.yaml
+++ b/mariadb/templates/deployment.yaml
@@ -43,6 +43,15 @@ spec:
- name: {{ .Values.service_name }}
image: {{ .Values.images.mariadb }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.api.limits.cpu | quote }}
+ memory: {{ .Values.resources.api.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.api.requests.cpu | quote }}
+ memory: {{ .Values.resources.api.requests.memory | quote }}
+ {{- end }}
env:
- name: INTERFACE_NAME
value: "eth0"
diff --git a/mariadb/templates/job-seed.yaml b/mariadb/templates/job-seed.yaml
index c8930621a0..762801e19d 100644
--- a/mariadb/templates/job-seed.yaml
+++ b/mariadb/templates/job-seed.yaml
@@ -16,6 +16,15 @@ spec:
- name: mariadb-init
image: {{ .Values.images.mariadb }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.job.seed.limits.cpu | quote }}
+ memory: {{ .Values.resources.job.seed.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.job.seed.requests.cpu | quote }}
+ memory: {{ .Values.resources.job.seed.requests.memory | quote }}
+ {{- end }}
env:
- name: INTERFACE_NAME
value: "eth0"
diff --git a/mariadb/values.yaml b/mariadb/values.yaml
index 0a13e96581..df015f6569 100644
--- a/mariadb/values.yaml
+++ b/mariadb/values.yaml
@@ -21,6 +21,24 @@ development:
enabled: false
storage_path: /data/openstack-helm/mariadb
+resources:
+ enabled: false
+ api:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+ job:
+ seed:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+
# this drives the service name, and statefulset name
service_name: mariadb
diff --git a/memcached/templates/deployment.yaml b/memcached/templates/deployment.yaml
index 020265758e..4bbe9cb4a0 100644
--- a/memcached/templates/deployment.yaml
+++ b/memcached/templates/deployment.yaml
@@ -23,6 +23,15 @@ spec:
- name: memcached
image: {{ .Values.images.memcached }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.api.limits.cpu | quote }}
+ memory: {{ .Values.resources.api.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.api.requests.cpu | quote }}
+ memory: {{ .Values.resources.api.requests.memory | quote }}
+ {{- end }}
command: ["sh", "-xec"]
args:
- |
diff --git a/memcached/values.yaml b/memcached/values.yaml
index c00dcdcc03..ea03a7cae4 100644
--- a/memcached/values.yaml
+++ b/memcached/values.yaml
@@ -4,7 +4,7 @@
# name: value
images:
- memcached: quay.io/stackanetes/stackanetes-memcached:newton
+ memcached: docker.io/memcached:1.4
pull_policy: "IfNotPresent"
upgrades:
@@ -26,5 +26,13 @@ memcached:
max_connections: 8192
resources:
+ enabled: false
memcached:
replicas: 1
+ api:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml
index 11ef4e05c9..452d7ab76d 100644
--- a/neutron/templates/daemonset-dhcp-agent.yaml
+++ b/neutron/templates/daemonset-dhcp-agent.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.dhcp }}
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
@@ -9,7 +11,10 @@ spec:
app: neutron-dhcp-agent
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
- configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
+ pod.beta.kubernetes.io/init-containers: '[
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
+ ]'
spec:
nodeSelector:
{{ .Values.labels.agent.dhcp.node_selector_key }}: {{ .Values.labels.agent.dhcp.node_selector_value }}
@@ -21,27 +26,23 @@ spec:
- name: neutron-dhcp-agent
image: {{ .Values.images.dhcp }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.agent.dhcp.limits.cpu | quote }}
+ memory: {{ .Values.resources.agent.dhcp.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.agent.dhcp.requests.cpu | quote }}
+ memory: {{ .Values.resources.agent.dhcp.requests.memory | quote }}
+ {{- end }}
securityContext:
privileged: true
- env:
- - name: INTERFACE_NAME
- value: {{ .Values.network.interface.dhcp | default .Values.network.interface.default }}
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: COMMAND
- value: "neutron-dhcp-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp-agent.ini"
- - name: DEPENDENCY_JOBS
- value: "{{ include "joinListWithColon" .Values.dependencies.dhcp.jobs }}"
- - name: DEPENDENCY_SERVICE
- value: "{{ include "joinListWithColon" .Values.dependencies.dhcp.service }}"
- - name: DEPENDENCY_DAEMONSET
- value: "{{ include "joinListWithColon" .Values.dependencies.dhcp.daemonset }}"
+ command:
+ - neutron-dhcp-agent
+ - --config-file
+ - /etc/neutron/neutron.conf
+ - --config-file
+ - /etc/neutron/dhcp-agent.ini
volumeMounts:
- name: neutronconf
mountPath: /etc/neutron/neutron.conf
@@ -61,7 +62,7 @@ spec:
mountPath: /var/lib/neutron/openstack-helm
- name: resolvconf
mountPath: /etc/resolv.conf
- subPath: resolv.conf
+ subPath: resolv.conf
volumes:
- name: neutronconf
configMap:
diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml
index 7428f94419..32779333b0 100644
--- a/neutron/templates/daemonset-l3-agent.yaml
+++ b/neutron/templates/daemonset-l3-agent.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.l3 }}
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
@@ -9,7 +11,10 @@ spec:
app: neutron-l3-agent
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
- configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
+ pod.beta.kubernetes.io/init-containers: '[
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
+ ]'
spec:
nodeSelector:
{{ .Values.labels.agent.l3.node_selector_key }}: {{ .Values.labels.agent.l3.node_selector_value }}
@@ -21,27 +26,25 @@ spec:
- name: neutron-l3-agent
image: {{ .Values.images.l3 }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.agent.l3.limits.cpu | quote }}
+ memory: {{ .Values.resources.agent.l3.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.agent.l3.requests.cpu | quote }}
+ memory: {{ .Values.resources.agent.l3.requests.memory | quote }}
+ {{- end }}
securityContext:
privileged: true
- env:
- - name: INTERFACE_NAME
- value: {{ .Values.network.interface.l3 | default .Values.network.interface.default }}
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: COMMAND
- value: "neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3-agent.ini --config-file /etc/neutron/plugins/ml2/ml2-conf.ini"
- - name: DEPENDENCY_JOBS
- value: "{{ include "joinListWithColon" .Values.dependencies.l3.jobs }}"
- - name: DEPENDENCY_SERVICE
- value: "{{ include "joinListWithColon" .Values.dependencies.l3.service }}"
- - name: DEPENDENCY_DAEMONSET
- value: "{{ include "joinListWithColon" .Values.dependencies.l3.daemonset }}"
+ command:
+ - neutron-l3-agent
+ - --config-file
+ - /etc/neutron/neutron.conf
+ - --config-file
+ - /etc/neutron/l3-agent.ini
+ - --config-file
+ - /etc/neutron/plugins/ml2/ml2-conf.ini
volumeMounts:
- name: neutronconf
mountPath: /etc/neutron/neutron.conf
@@ -54,7 +57,7 @@ spec:
subPath: l3-agent.ini
- name: resolvconf
mountPath: /etc/resolv.conf
- subPath: resolv.conf
+ subPath: resolv.conf
- name: runopenvswitch
mountPath: /run/openvswitch
- name: socket
diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml
index 2ffc16df5c..3a0474a9ee 100644
--- a/neutron/templates/daemonset-metadata-agent.yaml
+++ b/neutron/templates/daemonset-metadata-agent.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.metadata }}
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
@@ -9,7 +11,10 @@ spec:
app: neutron-metadata-agent
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
- configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
+ pod.beta.kubernetes.io/init-containers: '[
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
+ ]'
spec:
nodeSelector:
{{ .Values.labels.agent.metadata.node_selector_key }}: {{ .Values.labels.agent.metadata.node_selector_value }}
@@ -21,29 +26,25 @@ spec:
- name: neutron-metadata-agent
image: {{ .Values.images.metadata }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.agent.metadata.limits.cpu | quote }}
+ memory: {{ .Values.resources.agent.metadata.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.agent.metadata.requests.cpu | quote }}
+ memory: {{ .Values.resources.agent.metadata.requests.memory | quote }}
+ {{- end }}
securityContext:
privileged: true
- env:
- - name: INTERFACE_NAME
- value: {{ .Values.network.interface.metadata | default .Values.network.interface.default }}
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: COMMAND
- value: "neutron-metadata-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata-agent.ini"
- - name: DEPENDENCY_JOBS
- value: "{{ include "joinListWithColon" .Values.dependencies.metadata.jobs }}"
- - name: DEPENDENCY_SERVICE
- value: "{{ include "joinListWithColon" .Values.dependencies.metadata.service }}"
- - name: DEPENDENCY_DAEMONSET
- value: "{{ include "joinListWithColon" .Values.dependencies.metadata.daemonset }}"
+ command:
+ - neutron-metadata-agent
+ - --config-file
+ - /etc/neutron/neutron.conf
+ - --config-file
+ - /etc/neutron/metadata-agent.ini
ports:
- - containerPort: {{ .Values.network.port.metadata }}
+ - containerPort: {{ .Values.network.port.metadata }}
volumeMounts:
- name: neutronconf
mountPath: /etc/neutron/neutron.conf
@@ -56,7 +57,7 @@ spec:
subPath: metadata-agent.ini
- name: resolvconf
mountPath: /etc/resolv.conf
- subPath: resolv.conf
+ subPath: resolv.conf
- name: runopenvswitch
mountPath: /run/openvswitch
- name: socket
@@ -73,10 +74,10 @@ spec:
name: neutron-etc
- name: resolvconf
configMap:
- name: neutron-etc
+ name: neutron-etc
- name: runopenvswitch
hostPath:
path: /run/openvswitch
- name: socket
hostPath:
- path: /var/lib/neutron/openstack-helm
\ No newline at end of file
+ path: /var/lib/neutron/openstack-helm
diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml
index f1518ab3aa..0d21319504 100644
--- a/neutron/templates/daemonset-ovs-agent.yaml
+++ b/neutron/templates/daemonset-ovs-agent.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.ovs_agent }}
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
@@ -9,10 +11,13 @@ spec:
app: ovs-agent
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
- configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
+ pod.beta.kubernetes.io/init-containers: '[
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
+ ]'
spec:
nodeSelector:
- {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
+ {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
securityContext:
runAsUser: 0
dnsPolicy: ClusterFirst
@@ -21,8 +26,20 @@ spec:
- name: ovs-agent
image: {{ .Values.images.neutron_openvswitch_agent }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.ovs.agent.limits.cpu | quote }}
+ memory: {{ .Values.resources.ovs.agent.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.ovs.agent.requests.cpu | quote }}
+ memory: {{ .Values.resources.ovs.agent.requests.memory | quote }}
+ {{- end }}
securityContext:
privileged: true
+ command:
+ - bash
+ - /tmp/neutron-openvswitch-agent.sh
# ensures this container can can see a br-int
# bridge before its marked as ready
readinessProbe:
@@ -31,23 +48,6 @@ spec:
- bash
- -c
- 'ovs-vsctl list-br | grep -q br-int'
- env:
- - name: INTERFACE_NAME
- value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }}
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: COMMAND
- value: "bash /tmp/neutron-openvswitch-agent.sh"
- - name: DEPENDENCY_JOBS
- value: "{{ include "joinListWithColon" .Values.dependencies.ovs_agent.jobs }}"
- - name: DEPENDENCY_SERVICE
- value: "{{ include "joinListWithColon" .Values.dependencies.ovs_agent.service }}"
volumeMounts:
- name: neutronopenvswitchagentsh
mountPath: /tmp/neutron-openvswitch-agent.sh
@@ -86,4 +86,4 @@ spec:
path: /lib/modules
- name: run
hostPath:
- path: /run
+ path: /run
diff --git a/neutron/templates/daemonset-ovs-db.yaml b/neutron/templates/daemonset-ovs-db.yaml
index 6b877abff9..a65af8813b 100644
--- a/neutron/templates/daemonset-ovs-db.yaml
+++ b/neutron/templates/daemonset-ovs-db.yaml
@@ -9,10 +9,10 @@ spec:
app: ovs-db
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
- configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
spec:
nodeSelector:
- {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
+ {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
securityContext:
runAsUser: 0
dnsPolicy: ClusterFirst
@@ -21,21 +21,20 @@ spec:
- name: ovs-db
image: {{ .Values.images.openvswitch_db_server }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.ovs.db.limits.cpu | quote }}
+ memory: {{ .Values.resources.ovs.db.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.ovs.db.requests.cpu | quote }}
+ memory: {{ .Values.resources.ovs.db.requests.memory | quote }}
+ {{- end }}
securityContext:
privileged: true
- env:
- - name: INTERFACE_NAME
- value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }}
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: COMMAND
- value: "bash /tmp/openvswitch-db-server.sh"
+ command:
+ - bash
+ - /tmp/openvswitch-db-server.sh
volumeMounts:
- name: openvswitchdbserversh
mountPath: /tmp/openvswitch-db-server.sh
@@ -62,4 +61,3 @@ spec:
- name: run
hostPath:
path: /run
-
diff --git a/neutron/templates/daemonset-ovs-vswitchd.yaml b/neutron/templates/daemonset-ovs-vswitchd.yaml
index b07047e376..3ab6f550f1 100644
--- a/neutron/templates/daemonset-ovs-vswitchd.yaml
+++ b/neutron/templates/daemonset-ovs-vswitchd.yaml
@@ -9,10 +9,10 @@ spec:
app: ovs-vswitchd
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
- configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
spec:
nodeSelector:
- {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
+ {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
securityContext:
runAsUser: 0
dnsPolicy: ClusterFirst
@@ -21,6 +21,15 @@ spec:
- name: ovs-vswitchd
image: {{ .Values.images.openvswitch_vswitchd }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.ovs.vswitchd.limits.cpu | quote }}
+ memory: {{ .Values.resources.ovs.vswitchd.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.ovs.vswitchd.requests.cpu | quote }}
+ memory: {{ .Values.resources.ovs.vswitchd.requests.memory | quote }}
+ {{- end }}
securityContext:
privileged: true
# ensures this container can speak to the ovs database
@@ -30,19 +39,9 @@ spec:
command:
- /usr/bin/ovs-vsctl
- show
- env:
- - name: INTERFACE_NAME
- value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }}
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: COMMAND
- value: "bash /tmp/openvswitch-vswitchd.sh"
+ command:
+ - bash
+ - /tmp/openvswitch-vswitchd.sh
volumeMounts:
- name: openvswitchvswitchdsh
mountPath: /tmp/openvswitch-vswitchd.sh
diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml
index 66aa7412d7..81ae81313c 100644
--- a/neutron/templates/deployment-server.yaml
+++ b/neutron/templates/deployment-server.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.server }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
@@ -11,14 +13,17 @@ spec:
rollingUpdate:
maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }}
maxSurge: {{ .Values.upgrades.rolling_update.max_surge }}
- {{ end }}
+ {{ end }}
template:
metadata:
labels:
app: neutron-server
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
- configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
+ pod.beta.kubernetes.io/init-containers: '[
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
+ ]'
spec:
nodeSelector:
{{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }}
@@ -26,23 +31,21 @@ spec:
- name: neutron-server
image: {{ .Values.images.server }}
imagePullPolicy: {{ .Values.images.pull_policy }}
- env:
- - name: INTERFACE_NAME
- value: "eth0"
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: COMMAND
- value: "neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2-conf.ini"
- - name: DEPENDENCY_JOBS
- value: "{{ include "joinListWithColon" .Values.dependencies.server.jobs }}"
- - name: DEPENDENCY_SERVICE
- value: "{{ include "joinListWithColon" .Values.dependencies.server.service }}"
+ command:
+ - neutron-server
+ - --config-file
+ - /etc/neutron/neutron.conf
+ - --config-file
+ - /etc/neutron/plugins/ml2/ml2-conf.ini
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.server.limits.cpu | quote }}
+ memory: {{ .Values.resources.server.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.server.requests.cpu | quote }}
+ memory: {{ .Values.resources.server.requests.memory | quote }}
+ {{- end }}
ports:
- containerPort: {{ .Values.network.port.server }}
readinessProbe:
diff --git a/neutron/templates/etc/_ml2-conf.ini.tpl b/neutron/templates/etc/_ml2-conf.ini.tpl
index 8a903a1715..7219aa7f29 100644
--- a/neutron/templates/etc/_ml2-conf.ini.tpl
+++ b/neutron/templates/etc/_ml2-conf.ini.tpl
@@ -1,11 +1,11 @@
[ml2]
# Changing type_drivers after bootstrap can lead to database inconsistencies
-type_drivers = {{ include "joinListWithColon" .Values.ml2.type_drivers }}
+type_drivers = {{ include "joinListWithComma" .Values.ml2.type_drivers }}
tenant_network_types = {{ .Values.ml2.tenant_network_types }}
-mechanism_drivers = {{ include "joinListWithColon" .Values.ml2.mechanism_drivers }}
+mechanism_drivers = {{ include "joinListWithComma" .Values.ml2.mechanism_drivers }}
[ml2_type_flat]
-flat_networks = {{ include "joinListWithColon" .Values.ml2.ml2_type_flat.flat_networks }}
+flat_networks = {{ include "joinListWithComma" .Values.ml2.ml2_type_flat.flat_networks }}
[ml2_type_gre]
# (ListOpt) Comma-separated list of : tuples enumerating ranges
@@ -35,7 +35,7 @@ arp_responder = false
{{- end }}
[ovs]
-bridge_mappings = {{ include "joinListWithColon" .Values.ml2.ovs.bridge_mappings }}
+bridge_mappings = {{ include "joinListWithComma" .Values.ml2.ovs.bridge_mappings }}
tenant_network_type = {{ .Values.ml2.agent.tunnel_types }}
[vxlan]
diff --git a/neutron/templates/job-db-init.yaml b/neutron/templates/job-db-init.yaml
new file mode 100644
index 0000000000..b04d7c6338
--- /dev/null
+++ b/neutron/templates/job-db-init.yaml
@@ -0,0 +1,32 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.db_init }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: neutron-db-init
+spec:
+ template:
+ metadata:
+ annotations:
+ pod.beta.kubernetes.io/init-containers: '[
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
+ ]'
+ spec:
+ restartPolicy: OnFailure
+ nodeSelector:
+ {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }}
+ containers:
+ - name: neutron-db-init
+ image: {{ .Values.images.db_init }}
+ imagePullPolicy: {{ .Values.images.pull_policy }}
+ command:
+ - bash
+ - /tmp/init.sh
+ volumeMounts:
+ - name: initsh
+ mountPath: /tmp/init.sh
+ subPath: init.sh
+ volumes:
+ - name: initsh
+ configMap:
+ name: neutron-bin
diff --git a/neutron/templates/job-db-sync.yaml b/neutron/templates/job-db-sync.yaml
index ff546f790b..ea9d30bc99 100644
--- a/neutron/templates/job-db-sync.yaml
+++ b/neutron/templates/job-db-sync.yaml
@@ -1,35 +1,44 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.db_sync }}
apiVersion: batch/v1
kind: Job
metadata:
name: neutron-db-sync
spec:
template:
+ metadata:
+ annotations:
+ pod.beta.kubernetes.io/init-containers: '[
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
+ ]'
spec:
restartPolicy: OnFailure
nodeSelector:
- {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
+ {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }}
containers:
- name: neutron-db-sync
image: {{ .Values.images.db_sync }}
imagePullPolicy: {{ .Values.images.pull_policy }}
- env:
- - name: INTERFACE_NAME
- value: "eth0"
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: COMMAND
- value: "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2-conf.ini upgrade head"
- - name: DEPENDENCY_JOBS
- value: "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}"
- - name: DEPENDENCY_SERVICE
- value: "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}"
+ command:
+ - neutron-db-manage
+ - --config-file
+ - /etc/neutron/neutron.conf
+ - --config-file
+ - /etc/neutron/plugins/ml2/ml2-conf.ini
+ - upgrade
+ - head
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.jobs.db_sync.limits.cpu | quote }}
+ memory: {{ .Values.resources.jobs.db_sync.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.jobs.db_sync.requests.cpu | quote }}
+ memory: {{ .Values.resources.jobs.db_sync.requests.memory | quote }}
+ {{- end }}
volumeMounts:
+ - name: pod-etc-neutron
+ mountPath: /etc/neutron
- name: neutronconf
mountPath: /etc/neutron/neutron.conf
subPath: neutron.conf
@@ -37,9 +46,11 @@ spec:
mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini
subPath: ml2-conf.ini
volumes:
+ - name: pod-etc-neutron
+ emptyDir: {}
- name: neutronconf
configMap:
name: neutron-etc
- name: ml2confini
configMap:
- name: neutron-etc
\ No newline at end of file
+ name: neutron-etc
diff --git a/neutron/templates/job-init.yaml b/neutron/templates/job-init.yaml
deleted file mode 100644
index ef29d574a6..0000000000
--- a/neutron/templates/job-init.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: neutron-init
-spec:
- template:
- spec:
- restartPolicy: OnFailure
- nodeSelector:
- {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
- containers:
- - name: neutron-init
- image: {{ .Values.images.init }}
- imagePullPolicy: {{ .Values.images.pull_policy }}
- env:
- - name: INTERFACE_NAME
- value: "eth0"
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: COMMAND
- value: "bash /tmp/init.sh"
- - name: DEPENDENCY_JOBS
- value: "{{ include "joinListWithColon" .Values.dependencies.init.jobs }}"
- - name: DEPENDENCY_SERVICE
- value: "{{ include "joinListWithColon" .Values.dependencies.init.service }}"
- volumeMounts:
- - name: initsh
- mountPath: /tmp/init.sh
- subPath: init.sh
- volumes:
- - name: initsh
- configMap:
- name: neutron-bin
\ No newline at end of file
diff --git a/neutron/templates/job-post.yaml b/neutron/templates/job-post.yaml
index 847a19274e..9901e57e42 100644
--- a/neutron/templates/job-post.yaml
+++ b/neutron/templates/job-post.yaml
@@ -1,34 +1,37 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.db_sync }}
apiVersion: batch/v1
kind: Job
metadata:
name: neutron-post
spec:
template:
+ metadata:
+ annotations:
+ pod.beta.kubernetes.io/init-containers: '[
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
+ ]'
spec:
restartPolicy: OnFailure
nodeSelector:
- {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
+ {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }}
containers:
- name: neutron-post
image: {{ .Values.images.post }}
imagePullPolicy: {{ .Values.images.pull_policy }}
+ command:
+ - bash
+ - /tmp/post.sh
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.jobs.post.limits.cpu | quote }}
+ memory: {{ .Values.resources.jobs.post.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.jobs.post.requests.cpu | quote }}
+ memory: {{ .Values.resources.jobs.post.requests.memory | quote }}
+ {{- end }}
env:
- - name: INTERFACE_NAME
- value: "eth0"
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: COMMAND
- value: "bash /tmp/post.sh"
- - name: DEPENDENCY_JOBS
- value: "{{ include "joinListWithColon" .Values.dependencies.post.jobs }}"
- - name: DEPENDENCY_SERVICE
- value: "{{ include "joinListWithColon" .Values.dependencies.post.service }}"
- name: ANSIBLE_LIBRARY
value: /usr/share/ansible/
volumeMounts:
@@ -38,4 +41,4 @@ spec:
volumes:
- name: postsh
configMap:
- name: neutron-bin
\ No newline at end of file
+ name: neutron-bin
diff --git a/neutron/values.yaml b/neutron/values.yaml
index 434ea41fd7..4b55dcbfb1 100644
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@@ -1,4 +1,4 @@
-# Default values for memcached.
+# Default values for neutron.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
@@ -7,7 +7,7 @@ replicas:
server: 1
images:
- init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
+ db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
db_sync: quay.io/stackanetes/stackanetes-neutron-server:newton
server: quay.io/stackanetes/stackanetes-neutron-server:newton
dhcp: quay.io/stackanetes/stackanetes-neutron-dhcp-agent:newton
@@ -17,7 +17,7 @@ images:
openvswitch_db_server: quay.io/attcomdev/openvswitch-vswitchd:latest
openvswitch_vswitchd: quay.io/attcomdev/openvswitch-vswitchd:latest
post: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
- entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0
pull_policy: "IfNotPresent"
upgrades:
@@ -39,7 +39,7 @@ labels:
dhcp:
node_selector_key: openstack-control-plane
node_selector_value: enabled
- l3:
+ l3:
node_selector_key: openstack-control-plane
node_selector_value: enabled
metadata:
@@ -54,7 +54,7 @@ network:
kubernetes_domain: cluster.local
# this must list the skydns server first, and in calico
# this is consistently 10.96.0.10
- servers:
+ servers:
- 10.96.0.10
- 8.8.8.8
external_bridge: br-ex
@@ -62,14 +62,14 @@ network:
interface:
external: enp12s0f0
default: enp11s0f0
- port:
+ port:
server: 9696
metadata: 8775
-memcached:
+memcached:
address: "memcached:11211"
-rabbitmq:
+rabbitmq:
address: rabbitmq
admin_user: rabbitmq
admin_password: password
@@ -136,7 +136,7 @@ ml2:
bridge_mappings:
- "physnet1:br-physnet1"
-dependencies:
+dependencies:
server:
jobs:
- neutron-db-sync
@@ -151,7 +151,7 @@ dependencies:
- rabbitmq
- nova-api
jobs:
- - neutron-init
+ - neutron-db-init
- nova-post
daemonset:
- ovs-agent
@@ -160,7 +160,7 @@ dependencies:
- rabbitmq
- nova-api
jobs:
- - neutron-init
+ - neutron-db-init
- nova-post
daemonset:
- ovs-agent
@@ -178,17 +178,17 @@ dependencies:
- rabbitmq
- nova-api
jobs:
- - nova-init
- - neutron-init
+ - nova-db-init
+ - neutron-db-init
- nova-post
daemonset:
- ovs-agent
db_sync:
jobs:
- - neutron-init
+ - neutron-db-init
service:
- mariadb
- init:
+ db_init:
jobs:
- mariadb-seed
service:
@@ -199,7 +199,83 @@ dependencies:
jobs:
- neutron-db-sync
-# typically overriden by environmental
+resources:
+ enabled: false
+ agent:
+ dhcp:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+ l3:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+ metadata:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+ ovs:
+ agent:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+ db:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+ vswitchd:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+ server:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+ jobs:
+ db_sync:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+ init:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+ post:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+
+# typically overriden by environmental
# values, but should include all endpoints
# required by this chart
endpoints:
diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
index f9fcafd931..2553c79406 100644
--- a/nova/templates/daemonset-compute.yaml
+++ b/nova/templates/daemonset-compute.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.compute }}
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
@@ -9,35 +11,9 @@ spec:
app: nova-compute
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
- configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": "{{ .Values.image.entrypoint }}",
- "imagePullPolicy": "{{ .Values.image.pull_policy }}",
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "INTERFACE_NAME",
- "value": "eth0"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.compute.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.compute.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
nodeSelector:
@@ -49,8 +25,17 @@ spec:
dnsPolicy: ClusterFirst
containers:
- name: nova-compute
- image: {{ .Values.image.compute }}
- imagePullPolicy: {{ .Values.image.pull_policy }}
+ image: {{ .Values.images.compute }}
+ imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.nova_compute.requests.memory | quote }}
+ cpu: {{ .Values.resources.nova_compute.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.nova_compute.limits.memory | quote }}
+ cpu: {{ .Values.resources.nova_compute.limits.cpu | quote }}
+ {{- end }}
securityContext:
privileged: true
command:
@@ -111,7 +96,7 @@ spec:
- name: cgroup
hostPath:
path: /sys/fs/cgroup
- {{- if .Values.ceph.enabled }}
+ {{- if .Values.ceph.enabled }}
- name: cephconf
configMap:
name: nova-etc
@@ -123,5 +108,5 @@ spec:
name: nova-etc
items:
- key: ceph.client.cinder.keyring.yaml
- path: ceph.client.cinder.keyring.yaml
- {{- end }}
+ path: ceph.client.cinder.keyring.yaml
+ {{- end }}
diff --git a/nova/templates/daemonset-libvirt.yaml b/nova/templates/daemonset-libvirt.yaml
index 3511c0a2e7..bc104e7144 100644
--- a/nova/templates/daemonset-libvirt.yaml
+++ b/nova/templates/daemonset-libvirt.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.libvirt }}
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
@@ -9,35 +11,9 @@ spec:
app: nova-libvirt
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
- configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": "{{ .Values.image.entrypoint }}",
- "imagePullPolicy": "{{ .Values.image.pull_policy }}",
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "INTERFACE_NAME",
- "value": "eth0"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.libvirt.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.libvirt.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
nodeSelector:
@@ -48,8 +24,17 @@ spec:
dnsPolicy: ClusterFirst
containers:
- name: nova-libvirt
- image: {{ .Values.image.libvirt }}
- imagePullPolicy: {{ .Values.image.pull_policy }}
+ image: {{ .Values.images.libvirt }}
+ imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.nova_libvirt.requests.memory | quote }}
+ cpu: {{ .Values.resources.nova_libvirt.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.nova_libvirt.limits.memory | quote }}
+ cpu: {{ .Values.resources.nova_libvirt.limits.cpu | quote }}
+ {{- end }}
securityContext:
privileged: true
command:
@@ -82,7 +67,7 @@ spec:
subPath: ceph.conf
- name: cephclientcinderkeyring
mountPath: /etc/ceph/ceph.client.{{ .Values.ceph.cinder_user }}.keyring
- subPath: ceph.client.{{ .Values.ceph.cinder_user }}.keyring
+ subPath: ceph.client.{{ .Values.ceph.cinder_user }}.keyring
{{- end }}
volumes:
- name: libvirtdconf
@@ -131,4 +116,4 @@ spec:
items:
- key: ceph.client.cinder.keyring.yaml
path: ceph.client.cinder.keyring.yaml
- {{- end }}
+ {{- end }}
diff --git a/nova/templates/deployment-api-metadata.yaml b/nova/templates/deployment-api-metadata.yaml
index 2e1a6929f6..1b93605837 100644
--- a/nova/templates/deployment-api-metadata.yaml
+++ b/nova/templates/deployment-api-metadata.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.api }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
@@ -20,42 +22,25 @@ spec:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": "{{ .Values.image.entrypoint }}",
- "imagePullPolicy": "{{ .Values.image.pull_policy }}",
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "INTERFACE_NAME",
- "value": "eth0"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
nodeSelector:
{{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }}
containers:
- - name: nova-api-metadata
- image: {{ .Values.image.api }}
- imagePullPolicy: {{ .Values.image.pull_policy }}
+ - name: nova-api
+ image: {{ .Values.images.api }}
+ imagePullPolicy: {{ .Values.images.pull_policy }}
# https://bugs.launchpad.net/kolla-mesos/+bug/1546007
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.nova_api_metadata.requests.memory | quote }}
+ cpu: {{ .Values.resources.nova_api_metadata.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.nova_api_metadata.limits.memory | quote }}
+ cpu: {{ .Values.resources.nova_api_metadata.limits.cpu | quote }}
+ {{- end }}
securityContext:
capabilities:
add:
diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml
index b37fe438fa..52b6a13ec2 100644
--- a/nova/templates/deployment-api-osapi.yaml
+++ b/nova/templates/deployment-api-osapi.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.api }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
@@ -11,54 +13,37 @@ spec:
rollingUpdate:
maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }}
maxSurge: {{ .Values.upgrades.rolling_update.max_surge }}
- {{ end }}
+ {{ end }}
template:
metadata:
labels:
app: nova-osapi
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
- configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": "{{ .Values.image.entrypoint }}",
- "imagePullPolicy": "{{ .Values.image.pull_policy }}",
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "INTERFACE_NAME",
- "value": "eth0"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.api.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.api.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
nodeSelector:
{{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }}
containers:
- - name: nova-api-osapi
- image: {{ .Values.image.api }}
- imagePullPolicy: {{ .Values.image.pull_policy }}
+ - name: nova-osapi
+ image: {{ .Values.images.api }}
+ imagePullPolicy: {{ .Values.images.pull_policy }}
securityContext:
capabilities:
add:
- NET_ADMIN
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.nova_osapi.requests.memory | quote }}
+ cpu: {{ .Values.resources.nova_osapi.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.nova_osapi.limits.memory | quote }}
+ cpu: {{ .Values.resources.nova_osapi.limits.cpu | quote }}
+ {{- end }}
command:
- nova-api
- --config-file=/etc/nova/nova.conf
diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml
index 1d300e109a..7e9fe02b6e 100644
--- a/nova/templates/deployment-conductor.yaml
+++ b/nova/templates/deployment-conductor.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.conductor }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
@@ -11,50 +13,33 @@ spec:
rollingUpdate:
maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }}
maxSurge: {{ .Values.upgrades.rolling_update.max_surge }}
- {{ end }}
+ {{ end }}
template:
metadata:
labels:
app: nova-conductor
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
- configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": "{{ .Values.image.entrypoint }}",
- "imagePullPolicy": "{{ .Values.image.pull_policy }}",
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "INTERFACE_NAME",
- "value": "eth0"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.conductor.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.conductor.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
nodeSelector:
{{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }}
containers:
- name: nova-conductor
- image: {{ .Values.image.conductor }}
- imagePullPolicy: {{ .Values.image.pull_policy }}
+ image: {{ .Values.images.conductor }}
+ imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.nova_conductor.requests.memory | quote }}
+ cpu: {{ .Values.resources.nova_conductor.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.nova_conductor.limits.memory | quote }}
+ cpu: {{ .Values.resources.nova_conductor.limits.cpu | quote }}
+ {{- end }}
command:
- nova-conductor
- --config-file
diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml
index 453647b41e..fa96113129 100644
--- a/nova/templates/deployment-consoleauth.yaml
+++ b/nova/templates/deployment-consoleauth.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.consoleauth }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
@@ -11,50 +13,33 @@ spec:
rollingUpdate:
maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }}
maxSurge: {{ .Values.upgrades.rolling_update.max_surge }}
- {{ end }}
+ {{ end }}
template:
metadata:
labels:
app: nova-consoleauth
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
- configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": "{{ .Values.image.entrypoint }}",
- "imagePullPolicy": "{{ .Values.image.pull_policy }}",
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "INTERFACE_NAME",
- "value": "eth0"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.consoleauth.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.consoleauth.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
nodeSelector:
{{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }}
containers:
- name: nova-consoleauth
- image: {{ .Values.image.consoleauth }}
- imagePullPolicy: {{ .Values.image.pull_policy }}
+ image: {{ .Values.images.consoleauth }}
+ imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.nova_consoleauth.requests.memory | quote }}
+ cpu: {{ .Values.resources.nova_consoleauth.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.nova_consoleauth.limits.memory | quote }}
+ cpu: {{ .Values.resources.nova_consoleauth.limits.cpu | quote }}
+ {{- end }}
command:
- nova-consoleauth
- --config-file
diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml
index ebef279bc8..9ace4262bf 100644
--- a/nova/templates/deployment-scheduler.yaml
+++ b/nova/templates/deployment-scheduler.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.scheduler }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
@@ -11,50 +13,33 @@ spec:
rollingUpdate:
maxUnavailable: {{ .Values.upgrades.rolling_update.max_unavailable }}
maxSurge: {{ .Values.upgrades.rolling_update.max_surge }}
- {{ end }}
+ {{ end }}
template:
metadata:
labels:
app: nova-scheduler
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "hash" }}
- configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "hash" }}
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": "{{ .Values.image.entrypoint }}",
- "imagePullPolicy": "{{ .Values.image.pull_policy }}",
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "INTERFACE_NAME",
- "value": "eth0"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.scheduler.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.scheduler.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
nodeSelector:
{{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }}
containers:
- name: nova-scheduler
- image: {{ .Values.image.scheduler }}
- imagePullPolicy: {{ .Values.image.pull_policy }}
+ image: {{ .Values.images.scheduler }}
+ imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.nova_scheduler.requests.memory | quote }}
+ cpu: {{ .Values.resources.nova_scheduler.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.nova_scheduler.limits.memory | quote }}
+ cpu: {{ .Values.resources.nova_scheduler.limits.cpu | quote }}
+ {{- end }}
command:
- nova-scheduler
- --config-file
diff --git a/nova/templates/job-db-init.yaml b/nova/templates/job-db-init.yaml
new file mode 100644
index 0000000000..e43982359a
--- /dev/null
+++ b/nova/templates/job-db-init.yaml
@@ -0,0 +1,41 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.init }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: nova-db-init
+spec:
+ template:
+ metadata:
+ annotations:
+ pod.beta.kubernetes.io/init-containers: '[
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
+ ]'
+ spec:
+ restartPolicy: OnFailure
+ nodeSelector:
+ {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }}
+ containers:
+ - name: nova-db-init
+ image: {{ .Values.images.db_init }}
+ imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.nova_init.requests.memory | quote }}
+ cpu: {{ .Values.resources.nova_init.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.nova_init.limits.memory | quote }}
+ cpu: {{ .Values.resources.nova_init.limits.cpu | quote }}
+ {{- end }}
+ command:
+ - bash
+ - /tmp/init.sh
+ volumeMounts:
+ - name: nova-bin
+ mountPath: /tmp/init.sh
+ subPath: init.sh
+ volumes:
+ - name: nova-bin
+ configMap:
+ name: nova-bin
diff --git a/nova/templates/job-db-sync.yaml b/nova/templates/job-db-sync.yaml
index da81fe0e13..81bff35b94 100644
--- a/nova/templates/job-db-sync.yaml
+++ b/nova/templates/job-db-sync.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.db_sync }}
apiVersion: batch/v1
kind: Job
metadata:
@@ -7,38 +9,25 @@ spec:
metadata:
annotations:
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": "{{ .Values.image.entrypoint }}",
- "imagePullPolicy": "{{ .Values.image.pull_policy }}",
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
restartPolicy: OnFailure
nodeSelector:
- {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
+ {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }}
containers:
- name: nova-db-sync
- image: {{ .Values.image.db_sync }}
- imagePullPolicy: {{ .Values.image.pull_policy }}
+ image: {{ .Values.images.db_sync }}
+ imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.nova_db_sync.requests.memory | quote }}
+ cpu: {{ .Values.resources.nova_db_sync.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.nova_db_sync.limits.memory | quote }}
+ cpu: {{ .Values.resources.nova_db_sync.limits.cpu | quote }}
+ {{- end }}
command:
- bash
- /tmp/db-sync.sh
diff --git a/nova/templates/job-init.yaml b/nova/templates/job-init.yaml
deleted file mode 100644
index 2ca373358a..0000000000
--- a/nova/templates/job-init.yaml
+++ /dev/null
@@ -1,52 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: nova-init
-spec:
- template:
- metadata:
- annotations:
- pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": "{{ .Values.image.entrypoint }}",
- "imagePullPolicy": "{{ .Values.image.pull_policy }}",
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.init.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.init.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
- ]'
- spec:
- restartPolicy: OnFailure
- nodeSelector:
- {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
- containers:
- - name: nova-init
- image: {{ .Values.image.init }}
- imagePullPolicy: {{ .Values.image.pull_policy }}
- command:
- - bash
- - /tmp/init.sh
- volumeMounts:
- - name: nova-bin
- mountPath: /tmp/init.sh
- subPath: init.sh
- volumes:
- - name: nova-bin
- configMap:
- name: nova-bin
diff --git a/nova/templates/job-post.yaml b/nova/templates/job-post.yaml
index e22373e02f..7fddbaf6a7 100644
--- a/nova/templates/job-post.yaml
+++ b/nova/templates/job-post.yaml
@@ -1,3 +1,5 @@
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.post }}
apiVersion: batch/v1
kind: Job
metadata:
@@ -7,38 +9,25 @@ spec:
metadata:
annotations:
pod.beta.kubernetes.io/init-containers: '[
- {
- "name": "init",
- "image": "{{ .Values.image.entrypoint }}",
- "imagePullPolicy": "{{ .Values.image.pull_policy }}",
- "env": [
- {
- "name": "NAMESPACE",
- "value": "{{ .Release.Namespace }}"
- },
- {
- "name": "DEPENDENCY_SERVICE",
- "value": "{{ include "joinListWithColon" .Values.dependencies.post.service }}"
- },
- {
- "name": "DEPENDENCY_JOBS",
- "value": "{{ include "joinListWithColon" .Values.dependencies.post.jobs }}"
- },
- {
- "name": "COMMAND",
- "value": "echo done"
- }
- ]
- }
+{{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }}
]'
spec:
restartPolicy: OnFailure
nodeSelector:
- {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
+ {{ .Values.labels.control_node_selector_key }}: {{ .Values.labels.control_node_selector_value }}
containers:
- name: nova-post
- image: {{ .Values.image.post }}
- imagePullPolicy: {{ .Values.image.pull_policy }}
+ image: {{ .Values.images.post }}
+ imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ requests:
+ memory: {{ .Values.resources.nova_post.requests.memory | quote }}
+ cpu: {{ .Values.resources.nova_post.requests.cpu | quote }}
+ limits:
+ memory: {{ .Values.resources.nova_post.limits.memory | quote }}
+ cpu: {{ .Values.resources.nova_post.limits.cpu | quote }}
+ {{- end }}
command:
- bash
- /tmp/post.sh
diff --git a/nova/values.yaml b/nova/values.yaml
index 199e2e2142..7edba952ba 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -12,8 +12,8 @@ labels:
control_replicas: 1
compute_replicas: 1
-image:
- init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
+images:
+ db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
db_sync: quay.io/stackanetes/stackanetes-nova-api:newton
api: quay.io/stackanetes/stackanetes-nova-api:newton
conductor: quay.io/stackanetes/stackanetes-nova-conductor:newton
@@ -23,7 +23,7 @@ image:
compute: quay.io/stackanetes/stackanetes-nova-compute:newton
libvirt: quay.io/stackanetes/stackanetes-nova-libvirt:newton
post: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
- entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0
+ dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0
pull_policy: "IfNotPresent"
upgrades:
@@ -108,31 +108,31 @@ memcached:
dependencies:
api:
- jobs:
+ jobs:
- keystone-db-sync
- - nova-init
+ - nova-db-init
- nova-db-sync
service:
- mariadb
db_sync:
jobs:
- - nova-init
- - keystone-init
+ - nova-db-init
+ - keystone-db-init
- mariadb-seed
service:
- mariadb
db_sync:
jobs:
- - nova-init
- - keystone-init
+ - nova-db-init
+ - keystone-db-init
- mariadb-seed
- keystone-db-sync
service:
- mariadb
post:
jobs:
- - nova-init
- - keystone-init
+ - nova-db-init
+ - keystone-db-init
- mariadb-seed
service:
- mariadb
@@ -152,7 +152,7 @@ dependencies:
- ovs-agent
libvirt:
jobs:
- - nova-init
+ - nova-db-init
- nova-post
- nova-db-sync
service:
@@ -162,7 +162,7 @@ dependencies:
jobs:
- mariadb-seed
- keystone-db-sync
- - nova-init
+ - nova-db-init
- nova-db-sync
service:
- mariadb
@@ -177,7 +177,7 @@ dependencies:
service:
- mariadb
-# typically overriden by environmental
+# typically overriden by environmental
# values, but should include all endpoints
# required by this chart
endpoints:
@@ -217,3 +217,76 @@ endpoints:
scheme: 'http'
port:
api: 9696
+
+resources:
+ enabled: false
+ nova_compute:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ nova_libvirt:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ nova_api_metadata:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ nova_osapi:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ nova_conductor:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ nova_consoleauth:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ nova_scheduler:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ nova_db_sync:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ nova_init:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ nova_post:
+ requests:
+ memory: "124Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
diff --git a/rabbitmq/templates/deployment.yaml b/rabbitmq/templates/deployment.yaml
index d622f8c56e..bd8815fda3 100644
--- a/rabbitmq/templates/deployment.yaml
+++ b/rabbitmq/templates/deployment.yaml
@@ -30,6 +30,15 @@ spec:
containers:
- name: rabbitmq
image: {{ .Values.images.rabbitmq }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.api.limits.cpu | quote }}
+ memory: {{ .Values.resources.api.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.api.requests.cpu | quote }}
+ memory: {{ .Values.resources.api.requests.memory | quote }}
+ {{- end }}
command:
- bash
- /tmp/start_rabbitmq.sh
diff --git a/rabbitmq/values.yaml b/rabbitmq/values.yaml
index 8d44741b0b..6cf4699908 100644
--- a/rabbitmq/values.yaml
+++ b/rabbitmq/values.yaml
@@ -5,6 +5,16 @@
replicas: "1" # this must be quoted to deal with atoi
+resources:
+ enabled: false
+ api:
+ limits:
+ memory: "128Mi"
+ cpu: "500m"
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+
labels:
node_selector_key: openstack-control-plane
node_selector_value: enabled