Implement: ranger helm charts and supporting change for agent

This is an effort to implement helm charts for ranger component
Included integration changes needed in ranger-agent

 Signed-off-by: Hari Om Singh<hosingh000@gmail.com>

Change-Id: I27911d134882365a29b7ffcf1f7ab2e38cf717be
This commit is contained in:
hosingh000 2018-05-21 08:34:30 -05:00 committed by Hari
parent 900343f852
commit bdac1be107
33 changed files with 1690 additions and 32 deletions

View File

@ -18,50 +18,48 @@ limitations under the License.
{{- $envAll := . }}
{{- if empty .Values.conf.ranger_agent.database.connection -}}
{{- tuple "oslo_db" "internal" "ranger_agent" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ranger_agent.database "connection" | quote | trunc 0 -}}
{{- $_ := tuple "oslo_db" "internal" "ranger_agent" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ranger_agent.database "connection" -}}
{{- end -}}
{{- if empty .Values.conf.ranger_agent.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "ranger-agent" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ranger_agent.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- $_ := tuple "oslo_messaging" "internal" "ranger-agent" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ranger_agent.DEFAULT "transport_url" -}}
{{- end -}}
{{- if empty .Values.conf.ranger_agent.orm.rds_listener_endpoint -}}
{{- tuple "ranger_rds" "public" "rds" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ranger_agent.orm "rds_listener_endpoint" | quote | trunc 0 -}}
{{- $_ := tuple "ranger_rds" "public" "rds" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ranger_agent.orm "rds_listener_endpoint" -}}
{{- end -}}
{{- if empty .Values.conf.ranger_agent.DEFAULT.ord_server_url -}}
{{- tuple "ranger_agent" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix .Values.endpoints.ranger_agent.path.default | set .Values.conf.ranger_agent.DEFAULT "ord_server_url" | quote | trunc 0 -}}
{{- $_ := tuple "ranger_agent" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix .Values.endpoints.ranger_agent.path.default | set .Values.conf.ranger_agent.DEFAULT "ord_server_url" -}}
{{- end -}}
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.username -}}
{{- set .Values.conf.ranger_agent.keystone_authtoken "username" .Values.endpoints.identity.auth.ranger_agent.username | quote | trunc 0 -}}
{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "username" .Values.endpoints.identity.auth.ranger_agent.username -}}
{{- end -}}
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.password -}}
{{- set .Values.conf.ranger_agent.keystone_authtoken "password" .Values.endpoints.identity.auth.ranger_agent.password | quote | trunc 0 -}}
{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "password" .Values.endpoints.identity.auth.ranger_agent.password -}}
{{- end -}}
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.project_name -}}
{{- set .Values.conf.ranger_agent.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ranger_agent.project_name | quote | trunc 0 -}}
{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ranger_agent.project_name -}}
{{- end -}}
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.auth_url -}}
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ranger_agent.keystone_authtoken "auth_url" | quote | trunc 0 -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ranger_agent.keystone_authtoken "auth_url" -}}
{{- end -}}
{{- if empty .Values.conf.ranger_agent.DEFAULT.region -}}
{{- set .Values.conf.ranger_agent.DEFAULT "region" .Values.endpoints.identity.auth.ranger_agent.region_name | quote | trunc 0 -}}
{{- $_ := set .Values.conf.ranger_agent.DEFAULT "region" .Values.endpoints.identity.auth.ranger_agent.region_name -}}
{{- end -}}
{{- if empty .Values.conf.ranger_agent.api.port -}}
{{- tuple "ranger-agent" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger_agent.api "port" | quote | trunc 0 -}}
{{- $_ := tuple "ranger-agent" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger_agent.api "port" -}}
{{- end -}}
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.ranger_agent.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.ranger_agent.project_domain_name | quote | trunc 0 -}}
{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.ranger_agent.project_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.ranger_agent.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.ranger_agent.user_domain_name | quote | trunc 0 -}}
{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.ranger_agent.user_domain_name -}}
{{- end -}}
---
apiVersion: v1
kind: ConfigMap
kind: Secret
metadata:
name: ranger-agent-etc
type: Opaque
data:
api-paste.ini: |
{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }}
ranger-agent.conf: |
{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ranger_agent | indent 4 }}
api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
ranger-agent.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ranger_agent | b64enc }}
{{- end }}

View File

@ -79,6 +79,8 @@ spec:
initialDelaySeconds: 30
timeoutSeconds: 5
volumeMounts:
- name: pod-etc-ranger-agent
mountPath: /etc/ranger-agent
- name: ranger-agent-bin
mountPath: /tmp/ranger-agent-api.sh
subPath: ranger-agent-api.sh
@ -97,13 +99,15 @@ spec:
readOnly: true
{{ if $mounts_ranger_agent_api.volumeMounts }}{{ toYaml $mounts_ranger_agent_api.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-etc-ranger-agent
emptyDir: {}
- name: ranger-agent-bin
configMap:
name: ranger-agent-bin
defaultMode: 0555
- name: ranger-agent-etc
configMap:
name: ranger-agent-etc
secret:
secretName: ranger-agent-etc
defaultMode: 0444
{{ if $mounts_ranger_agent_api.volumes}}{{ toYaml $mounts_ranger_agent_api.volumes | indent 8 }}{{ end }}
{{- end }}

View File

@ -104,6 +104,8 @@ spec:
initialDelaySeconds: 30
timeoutSeconds: 5
volumeMounts:
- name: pod-etc-ranger-agent
mountPath: /etc/ranger-agent
- name: ranger-agent-bin
mountPath: /tmp/ranger-agent-engine.sh
subPath: ranger-agent-engine.sh
@ -122,13 +124,15 @@ spec:
readOnly: true
{{ if $mounts_ranger_agent_engine.volumeMounts }}{{ toYaml $mounts_ranger_agent_engine.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-etc-ranger-agent
emptyDir: {}
- name: ranger-agent-bin
configMap:
name: ranger-agent-bin
defaultMode: 0555
- name: ranger-agent-etc
configMap:
name: ranger-agent-etc
secret:
secretName: ranger-agent-etc
defaultMode: 0444
{{ if $mounts_ranger_agent_engine.volumes}}{{ toYaml $mounts_ranger_agent_engine.volumes | indent 8 }}{{ end }}
{{- end }}

View File

@ -0,0 +1,20 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_ks_user_ranger }}
{{- $ksUserJob := dict "envAll" . "serviceName" "ranger-agent" "serviceUser" "ranger" -}}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}

View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017-2018 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_ingress_tls }}
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "ranger-agent" ) }}
{{- end }}

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "ranger_agent" }}
{{- range $key1, $userClass := tuple "admin" "ranger" "ranger_agent" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

View File

@ -66,13 +66,13 @@ conf:
ranger_agent:
DEFAULT:
api_workers: 1
debug: False
verbose: True
pecan_debug: True
debug: false
verbose: true
pecan_debug: true
repo_connection_timeout: 120
resource_creation_timeout_min: 1200
resource_creation_timeout_max: 14400
log_dir: /var/log/ranger-agent
use_stderr: true
api_paste_config: /etc/ranger-agent/api-paste.ini
local_repo: ranger_repo
resource_status_check_wait: 15
@ -174,11 +174,16 @@ dependencies:
services:
- service: oslo_messaging
endpoint: internal
image_repo_sync:
services:
- endpoint: internal
service: local_image_registry
# Names of secrets used and environmental checks
secrets:
identity:
admin: admin
ranger: ranger-admin
ranger_agent: ranger-agent-admin
oslo_db:
admin: ranger-agent-db-admin
@ -186,12 +191,28 @@ secrets:
oslo_messaging:
admin: ranger-agent-rabbitmq-admin
ranger-agent: ranger-agent-rabbitmq-user
tls:
ranger-agent:
api:
public: ranger-agent
# typically overridden by environmental
# values, but should include all endpoints
# required by this chart
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
oslo_db:
auth:
admin:
@ -239,7 +260,8 @@ endpoints:
ranger_rds:
name: rds-url
hosts:
default: rds-server
default: rds
public: rds-public
host_fqdn_override:
default: null
path:
@ -249,6 +271,7 @@ endpoints:
port:
rds:
default: 8777
public: 80
identity:
name: keystone
auth:
@ -267,9 +290,23 @@ endpoints:
project_name: service
user_domain_name: default
project_domain_name: default
ranger:
role:
- admin
- admin_support
- admin_viewer
- customer_creator
- flavor_creator
- admin_image
region_name: RegionOne
username: ranger-admin
password: password
project_name: service
user_domain_name: default
project_domain_name: default
hosts:
default: keystone-api
public: keystone
default: keystone
internal: keystone-api
host_fqdn_override:
default: null
path:
@ -277,10 +314,9 @@ endpoints:
scheme:
default: http
port:
admin:
default: 35357
api:
default: 80
internal: 5000
image:
name: glance
hosts:
@ -316,6 +352,13 @@ endpoints:
hosts:
default: ranger-api
public: ranger-agent
# NOTE: this chart supports TLS for fqdn over-ridden public
# endpoints using the following format:
# public:
# host: null
# tls:
# crt: null
# key: null
host_fqdn_override:
default: null
path:
@ -459,6 +502,7 @@ manifests:
secret_keystone: true
secret_ssh_key: true
secret_rabbitmq: true
secret_ingress_tls: true
job_db_init: true
job_db_sync: true
job_db_drop: false
@ -466,6 +510,7 @@ manifests:
job_ks_endpoints: true
job_ks_service: true
job_ks_user: true
job_ks_user_ranger: true
job_rabbit_init: true
pdb_api: true
pod_test: true

22
ranger/Chart.yaml Executable file
View File

@ -0,0 +1,22 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
description: OpenStack-Helm Ranger
name: ranger
version: 0.1.0
icon: https://git.openstack.org/cgit/openstack/ranger/plain/public/images/logo.png
sources:
- https://git.openstack.org/cgit/openstack/ranger
- https://git.openstack.org/cgit/openstack/openstack-helm-addons
maintainers:
- name: OpenStack-Helm Authors

18
ranger/requirements.yaml Executable file
View File

@ -0,0 +1,18 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: 0.1.0

View File

@ -0,0 +1,21 @@
#!/bin/bash
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
exec ranger-dbsync

View File

@ -0,0 +1,44 @@
#!/bin/bash
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
COMMAND="${@:-allservicesreadiness}"
function allservicesreadiness () {
allservicesliveness
}
function allservicesliveness () {
IS_CMS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-cms" {print $8}')
IS_RMS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-rms" {print $8}')
IS_IMS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-ims" {print $8}')
IS_FMS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-fms" {print $8}')
IS_RDS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-rds" {print $8}')
IS_UUID_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-uuidgen" {print $8}')
IS_AUDIT_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-audit" {print $8}')
for process in "$IS_UUID_RUNNING" "$IS_AUDIT_RUNNING" "$IS_IMS_RUNNING" "$IS_RMS_RUNNING" "$IS_CMS_RUNNING" "$IS_RDS_RUNNING" "$IS_FMS_RUNNING"; do
if [ -z "$process" ]; then
exit 1
fi
done
exit 0
}
$COMMAND

View File

@ -0,0 +1,65 @@
#!/bin/bash
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
COMMAND="${@:-start}"
function start () {
if [ -n "${SSH_KEY}" ] && [ -n "${SSH_KEY_CONFIGURATION}" ];then
if [[ $(stat -c %F ${USER_HOME}/.ssh) = "directory" ]]; then
rm -fr ${USER_HOME}/.ssh
fi
mkdir -p ${USER_HOME}/.ssh
echo -e "${SSH_KEY}" >>${USER_HOME}/.ssh/${SSH_KEY_FILE}
echo -e "${SSH_KEY_CONFIGURATION}" >>${USER_HOME}/.ssh/config
chown ranger: ${USER_HOME}/.ssh
chmod 0700 -R ${USER_HOME}/.ssh
chmod 0644 ${USER_HOME}/.ssh/config
chmod 0600 ${USER_HOME}/.ssh/${SSH_KEY_FILE}
git config --global user.name ${REPO_USER}
git config --global user.email ${REPO_ACCOUNT}
git clone ${REMOTE_REPO} ${LOCAL_REPO}
fi
if [ -n "${CERT_LOCATION}" ];then
echo -e "${CERT_FILE}" >>${CERT_LOCATION}
chmod 0644 ${CERT_LOCATION}
fi
exec ranger-uuidgen &
exec ranger-audit &
exec ranger-rms &
exec ranger-rds &
exec ranger-cms &
exec ranger-fms &
exec ranger-ims
}
function stop() {
kill -TERM 1
}
$COMMAND

View File

@ -0,0 +1,19 @@
#!/bin/bash
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex

View File

@ -0,0 +1,39 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_bin }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ranger-bin
data:
db-init.py: |+
{{- include "helm-toolkit.scripts.db_init" . | indent 4 }}
db-sync.sh: |+
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
db-drop.py: |+
{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }}
ranger-services.sh: |
{{ tuple "bin/_ranger-services.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
health-check.sh: |+
{{ tuple "bin/_health-check.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ranger-test.sh: |+
{{ tuple "bin/_ranger-test.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
rabbit-init.sh: |
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
{{- end }}

View File

@ -0,0 +1,70 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_etc }}
{{- $envAll := . }}
{{- if empty .Values.conf.ranger.database.connection -}}
{{- $_ := tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ranger.database "connection" -}}
{{- end -}}
{{- if empty .Values.conf.ranger.keystone_authtoken.username -}}
{{- $_ := set .Values.conf.ranger.keystone_authtoken "username" .Values.endpoints.identity.auth.ranger.username -}}
{{- end -}}
{{- if empty .Values.conf.ranger.keystone_authtoken.password -}}
{{- $_ := set .Values.conf.ranger.keystone_authtoken "password" .Values.endpoints.identity.auth.ranger.password -}}
{{- end -}}
{{- if empty .Values.conf.ranger.keystone_authtoken.project_name -}}
{{- $_ := set .Values.conf.ranger.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ranger.project_name -}}
{{- end -}}
{{- if empty .Values.conf.ranger.cli.base_region -}}
{{- $_ := set .Values.conf.ranger.cli "base_region" .Values.endpoints.identity.auth.ranger.region_name -}}
{{- end -}}
{{- if empty .Values.conf.ranger.keystone_authtoken.project_domain_name -}}
{{- $_ := set .Values.conf.ranger.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.ranger.project_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.ranger.keystone_authtoken.user_domain_name -}}
{{- $_ := set .Values.conf.ranger.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.ranger.user_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.ranger.cms.port -}}
{{- $_ := tuple "cms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.cms "port" -}}
{{- end -}}
{{- if empty .Values.conf.ranger.fms.port -}}
{{- $_ := tuple "fms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.fms "port" -}}
{{- end -}}
{{- if empty .Values.conf.ranger.ims.port -}}
{{- $_ := tuple "ims" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.ims "port" -}}
{{- end -}}
{{- if empty .Values.conf.ranger.rms.port -}}
{{- $_ := tuple "rms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.rms "port" -}}
{{- end -}}
{{- if empty .Values.conf.ranger.rds.port -}}
{{- $_ := tuple "rds" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.rds "port" -}}
{{- end -}}
{{- if empty .Values.conf.ranger.uuid.port -}}
{{- $_ := tuple "uuid" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.uuid "port" -}}
{{- end -}}
{{- if empty .Values.conf.ranger.audit.port -}}
{{- $_ := tuple "audit" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.audit "port" -}}
{{- end -}}
---
apiVersion: v1
kind: Secret
metadata:
name: ranger-etc
type: Opaque
data:
ranger.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ranger | b64enc }}
{{- end }}

View File

@ -0,0 +1,167 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.deployment_ranger_services }}
{{- $envAll := . }}
{{- $mounts_ranger := .Values.pod.mounts.ranger.ranger }}
{{- $mounts_ranger_init := .Values.pod.mounts.ranger.init_container }}
{{- $serviceAccountName := "ranger-services" }}
{{ tuple $envAll "ranger" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: {{ $serviceAccountName }}
spec:
replicas: {{ .Values.pod.replicas.ranger }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
serviceAccountName: {{ $serviceAccountName }}
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
affinity:
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.ranger.node_selector_key }}: {{ .Values.labels.ranger.node_selector_value }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.ranger.timeout | default "30" }}
initContainers:
{{ tuple $envAll "ranger" $mounts_ranger_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: ranger-services
image: {{ .Values.images.tags.ranger }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.ranger | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.ranger.uid }}
env:
- name: USER
valueFrom:
secretKeyRef:
name: ranger-ssh-secret
key: USER
- name: USER_HOME
valueFrom:
secretKeyRef:
name: ranger-ssh-secret
key: USER_HOME
- name: SSH_KEY_FILE
valueFrom:
secretKeyRef:
name: ranger-ssh-secret
key: SSH_KEY_FILE
- name: SSH_KEY
valueFrom:
secretKeyRef:
name: ranger-ssh-secret
key: RANGER_PRIVATE_KEY
- name: SSH_KEY_CONFIGURATION
valueFrom:
secretKeyRef:
name: ranger-ssh-secret
key: RANGER_SSH_CONFIG
- name: REPO_USER
value: {{ .Values.conf.ranger.rds.repo_user }}
- name: REPO_ACCOUNT
value: {{ .Values.conf.ranger.rds.repo_email }}
- name: LOCAL_REPO
value: {{ .Values.conf.ranger.rds.repo_local_location }}
- name: REMOTE_REPO
value: {{ .Values.conf.ranger.rds.repo_remote_location }}
{{- if .Values.conf.ranger.DEFAULT.ranger_agent_https_enable }}
- name: CERT_LOCATION
value: {{ .Values.conf.ranger.DEFAULT.ranger_agent_client_cert_path }}
- name: CERT_FILE
valueFrom:
secretKeyRef:
name: ranger-ssh-secret
key: CERT_FILE
{{- end }}
- name: CMS_SERVICE_URL
value: {{ tuple "cms" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
command:
- /tmp/ranger-services.sh
- start
lifecycle:
preStop:
exec:
command:
- stop
ports:
- name: cms
containerPort: {{ tuple "cms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: ims
containerPort: {{ tuple "ims" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: fms
containerPort: {{ tuple "fms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: rms
containerPort: {{ tuple "rms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: rds
containerPort: {{ tuple "rds" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: uuid
containerPort: {{ tuple "uuid" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: audit
containerPort: {{ tuple "audit" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
livenessProbe:
initialDelaySeconds: 30
timeoutSeconds: 10
exec:
command:
- /tmp/health-check.sh
- allservicesliveness
readinessProbe:
initialDelaySeconds: 30
timeoutSeconds: 10
exec:
command:
- /tmp/health-check.sh
- allservicesreadiness
volumeMounts:
- name: pod-etc-ranger
mountPath: /etc/ranger
- name: ranger-bin
mountPath: /tmp/ranger-services.sh
subPath: ranger-services.sh
readOnly: true
- name: ranger-bin
mountPath: /tmp/health-check.sh
subPath: health-check.sh
readOnly: true
- name: ranger-etc
mountPath: /etc/ranger/ranger.conf
subPath: ranger.conf
readOnly: true
{{ if $mounts_ranger.volumeMounts }}{{ toYaml $mounts_ranger.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-etc-ranger
emptyDir: {}
- name: ranger-bin
configMap:
name: ranger-bin
defaultMode: 0555
- name: ranger-etc
secret:
secretName: ranger-etc
defaultMode: 0444
{{ if $mounts_ranger.volumes}}{{ toYaml $mounts_ranger.volumes | indent 8 }}{{ end }}
{{- end }}

View File

@ -0,0 +1,51 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.ingress_cms .Values.network.cms.ingress.public }}
{{- $ingressOpts := dict "envAll" . "backendService" "cms" "backendServiceType" "cms" "backendPort" "cms" -}}
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
{{- end }}
{{- if and .Values.manifests.ingress_fms .Values.network.fms.ingress.public }}
{{- $ingressOpts := dict "envAll" . "backendService" "fms" "backendServiceType" "fms" "backendPort" "fms" -}}
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
{{- end }}
{{- if and .Values.manifests.ingress_ims .Values.network.ims.ingress.public }}
{{- $ingressOpts := dict "envAll" . "backendService" "ims" "backendServiceType" "ims" "backendPort" "ims" -}}
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
{{- end }}
{{- if and .Values.manifests.ingress_rms .Values.network.rms.ingress.public }}
{{- $ingressOpts := dict "envAll" . "backendService" "rms" "backendServiceType" "rms" "backendPort" "rms" -}}
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
{{- end }}
{{- if and .Values.manifests.ingress_rds .Values.network.rds.ingress.public }}
{{- $ingressOpts := dict "envAll" . "backendService" "rds" "backendServiceType" "rds" "backendPort" "rds" -}}
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
{{- end }}
{{- if .Values.manifests.ingress_uuid }}
{{- $ingressOpts := dict "envAll" . "backendService" "uuid" "backendServiceType" "uuid" "backendPort" "uuid" -}}
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
{{- end }}
{{- if .Values.manifests.ingress_audit }}
{{- $ingressOpts := dict "envAll" . "backendService" "audit" "backendServiceType" "audit" "backendPort" "audit" -}}
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
{{- end }}

View File

@ -0,0 +1,20 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_db_drop }}
{{- $dbInitJob := dict "envAll" . "serviceName" "ranger" -}}
{{ $dbInitJob | include "helm-toolkit.manifests.job_db_drop_mysql" }}
{{- end }}

View File

@ -0,0 +1,20 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_db_init }}
{{- $dbInitJob := dict "envAll" . "serviceName" "ranger" -}}
{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }}
{{- end }}

View File

@ -0,0 +1,20 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_db_sync }}
{{- $dbSyncJob := dict "envAll" . "serviceName" "ranger" -}}
{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }}
{{- end }}

View File

@ -0,0 +1,20 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "ranger" -}}
{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
{{- end }}

29
ranger/templates/pdb-api.yaml Executable file
View File

@ -0,0 +1,29 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.pdb_api }}
{{- $envAll := . }}
---
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: ranger
spec:
minAvailable: {{ .Values.pod.lifecycle.disruption_budget.ranger.min_available }}
selector:
matchLabels:
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{- end }}

59
ranger/templates/pod-test.yaml Executable file
View File

@ -0,0 +1,59 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.pod_test }}
{{- $envAll := . }}
{{- $mounts_tests := .Values.pod.mounts.ranger_tests.ranger_tests }}
{{- $mounts_tests_init := .Values.pod.mounts.ranger_tests.init_container }}
{{- $serviceAccountName := print $envAll.Release.Name "-test" }}
{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: v1
kind: Pod
metadata:
name: "{{$envAll.Release.Name}}-test"
annotations:
"helm.sh/hook": test-success
spec:
serviceAccountName: {{ $serviceAccountName }}
nodeSelector:
{{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
restartPolicy: Never
initContainers:
{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
containers:
- name: {{.Release.Name}}-test
image: {{ .Values.images.tags.scripted_test }}
env:
- name: RANGER_SERVICE_URL
value: {{ tuple "cms" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
command:
- /tmp/ranger-test.sh
volumeMounts:
- name: ranger-bin
mountPath: /tmp/ranger-test.sh
subPath: ranger-test.sh
readOnly: true
{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }}
volumes:
- name: ranger-bin
configMap:
name: ranger-bin
defaultMode: 0555
{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }}
{{- end }}

30
ranger/templates/secret-db.yaml Executable file
View File

@ -0,0 +1,30 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "ranger" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
{{- end }}
{{- end }}

View File

@ -0,0 +1,23 @@
{{/*
Copyright 2017-2018 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_ingress_tls }}
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "cms" ) }}
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "fms" ) }}
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "ims" ) }}
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "rms" ) }}
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "rds" ) }}
{{- end }}

View File

@ -0,0 +1,34 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_ssh_key }}
{{- $envAll := . }}
{{- $key_location := .Values.conf.ssh.key_location }}
{{- $secretName := "ranger-ssh-secret" }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
USER: {{ .Values.conf.ssh.user | b64enc }}
USER_HOME: {{ .Values.conf.ssh.user_home | b64enc }}
SSH_KEY_FILE: {{ .Values.conf.ssh.ssh_key_file | b64enc }}
RANGER_PRIVATE_KEY: {{ .Values.conf.ssh.ssh_key | default "" | b64enc }}
RANGER_SSH_CONFIG: {{ .Values.conf.ssh.ssh_config | default "" | b64enc }}
CERT_FILE: {{ .Values.conf.cert.ranger_agent_client_cert | default "" | b64enc }}
{{- end }}

View File

@ -0,0 +1,20 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.service_ingress_cms .Values.network.cms.ingress.public }}
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "cms" -}}
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
{{- end }}

View File

@ -0,0 +1,20 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.service_ingress_fms .Values.network.fms.ingress.public }}
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "fms" "backendPort" "fms" -}}
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
{{- end }}

View File

@ -0,0 +1,20 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.service_ingress_ims .Values.network.ims.ingress.public }}
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "ims" -}}
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
{{- end }}

View File

@ -0,0 +1,21 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.service_ingress_rds .Values.network.rds.ingress.public }}
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "rds" -}}
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
{{- end }}

View File

@ -0,0 +1,20 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.service_ingress_rms .Values.network.rms.ingress.public }}
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "rms" -}}
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
{{- end }}

View File

@ -0,0 +1,180 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_cms }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "cms" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: cms
port: {{ tuple "cms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.network.cms.node_port.enabled }}
nodePort: {{ .Values.network.cms.node_port.port }}
{{ end }}
selector:
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ if .Values.network.cms.node_port.enabled }}
type: NodePort
{{- if .Values.network.cms.external_policy_local }}
externalTrafficPolicy: Local
{{ end }}
{{ end }}
{{- end }}
{{- if .Values.manifests.service_fms }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "fms" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: fms
port: {{ tuple "fms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.network.fms.node_port.enabled }}
nodePort: {{ .Values.network.fms.node_port.port }}
{{ end }}
selector:
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ if .Values.network.fms.node_port.enabled }}
type: NodePort
{{- if .Values.network.fms.external_policy_local }}
externalTrafficPolicy: Local
{{ end }}
{{ end }}
{{- end }}
{{- if .Values.manifests.service_ims }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "ims" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: ims
port: {{ tuple "ims" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.network.ims.node_port.enabled }}
nodePort: {{ .Values.network.ims.node_port.port }}
{{ end }}
selector:
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ if .Values.network.ims.node_port.enabled }}
type: NodePort
{{- if .Values.network.ims.external_policy_local }}
externalTrafficPolicy: Local
{{ end }}
{{ end }}
{{- end }}
{{- if .Values.manifests.service_rms }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "rms" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: rms
port: {{ tuple "rms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.network.rms.node_port.enabled }}
nodePort: {{ .Values.network.rms.node_port.port }}
{{ end }}
selector:
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ if .Values.network.rms.node_port.enabled }}
type: NodePort
{{- if .Values.network.rms.external_policy_local }}
externalTrafficPolicy: Local
{{ end }}
{{ end }}
{{- end }}
{{- if .Values.manifests.service_rds }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "rds" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: rds
port: {{ tuple "rds" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.network.rds.node_port.enabled }}
nodePort: {{ .Values.network.rds.node_port.port }}
{{ end }}
selector:
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ if .Values.network.rds.node_port.enabled }}
type: NodePort
{{- if .Values.network.rds.external_policy_local }}
externalTrafficPolicy: Local
{{ end }}
{{ end }}
{{- end }}
{{- if .Values.manifests.service_uuid }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "uuid" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: uuid
port: {{ tuple "uuid" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.network.uuid.node_port.enabled }}
nodePort: {{ .Values.network.uuid.node_port.port }}
{{ end }}
selector:
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ if .Values.network.uuid.node_port.enabled }}
type: NodePort
{{- if .Values.network.uuid.external_policy_local }}
externalTrafficPolicy: Local
{{ end }}
{{ end }}
{{- end }}
{{- if .Values.manifests.service_audit }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "audit" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: audit
port: {{ tuple "audit" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.network.audit.node_port.enabled }}
nodePort: {{ .Values.network.audit.node_port.port }}
{{ end }}
selector:
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ if .Values.network.audit.node_port.enabled }}
type: NodePort
{{- if .Values.network.audit.external_policy_local }}
externalTrafficPolicy: Local
{{ end }}
{{ end }}
{{- end }}

516
ranger/values.yaml Executable file
View File

@ -0,0 +1,516 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for ranger.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
release_group: null
labels:
ranger:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
test:
node_selector_key: openstack-control-plane
node_selector_value: enabled
images:
tags:
ranger: docker.io/hosingh000/ranger:0.1.0
ranger_db_sync: docker.io/hosingh000/ranger:0.1.0
db_drop: docker.io/openstackhelm/heat:newton
db_init: docker.io/openstackhelm/heat:newton
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
scripted_test: docker.io/openstackhelm/heat:newton
image_repo_sync: docker.io/docker:17.07.0
pull_policy: "IfNotPresent"
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
conf:
ranger:
DEFAULT:
protocol: http
log_level: INFO
orm_host: 0.0.0.0
pecan_debug: True
ranger_base: '/home/ranger/ranger'
ssl_verify: False
log_location: '/var/log/ranger'
ranger_agent_https_enable: False
ranger_agent_client_cert_path: ''
cms:
log: cms.log
fms:
log: fms.log
ims:
log: ims.log
rms:
log: rms.log
rds:
log: rds.log
repo_local_location: /home/ranger/git_repo
repo_remote_location: git@127.0.0.1:/home/repo/ORM.git
repo_user: orm
repo_email: orm@test.com
uuid:
log: uuid.log
audit:
log: audit.log
cli:
base_region: RegionOne
database:
max_retries: -1
keystone_authtoken:
auth_type: password
auth_version: v3
ssh:
user: ranger
user_home: /home/ranger
ssh_key_file: ranger
ssh_key: null
ssh_config: null
cert:
ranger_agent_client_cert: null
network:
cms:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 37080
fms:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 38082
ims:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 38084
rms:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 38080
audit:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 38776
rds:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 38777
uuid:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 38090
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- keystone-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
ranger:
jobs:
- ranger-db-sync
services:
- service: oslo_db
endpoint: internal
db_sync:
jobs:
- ranger-db-init
services:
- service: oslo_db
endpoint: internal
db_init:
services:
- service: oslo_db
endpoint: internal
db_drop:
services:
- service: oslo_db
endpoint: internal
image_repo_sync:
services:
- service: local_image_registry
endpoint: internal
# Names of secrets used and environmental checks
secrets:
oslo_db:
admin: ranger-db-admin
ranger: ranger-db-user
tls:
cms:
api:
public: cms
fms:
api:
public: fms
ims:
api:
public: ims
rms:
api:
public: rms
rds:
api:
public: rds
# typically overriden by environmental
# values, but should include all endpoints
# required by this chart
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
oslo_db:
auth:
admin:
username: root
password: password
ranger:
username: ranger
password: password
hosts:
default: mariadb
host_fqdn_override:
default: null
path: /orm
scheme: mysql+pymysql
port:
mysql:
default: 3306
oslo_cache:
hosts:
default: memcached
host_fqdn_override:
default: null
port:
memcache:
default: 11211
cms:
name: cms
hosts:
default: cms-api
public: cms
# NOTE: this chart supports TLS for fqdn over-ridden public
# endpoints using the following format:
# public:
# host: null
# tls:
# crt: null
# key: null
host_fqdn_override:
default: null
path:
default: /v1/orm/customers
scheme:
default: http
port:
api:
default: 7080
public: 80
fms:
name: fms
hosts:
default: fms-api
public: fms
host_fqdn_override:
default: null
path:
default: /v1/orm/flavors
scheme:
default: http
port:
api:
default: 8082
public: 80
ims:
name: ims
hosts:
default: ims-api
public: ims
host_fqdn_override:
default: null
path:
default: /v1/orm/images
scheme:
default: http
port:
api:
default: 8084
public: 80
rms:
name: rms
hosts:
default: rms-api
public: rms
host_fqdn_override:
default: null
path:
default: /v2/orm/regions
scheme:
default: http
port:
api:
default: 7003
public: 80
rds:
name: rds
hosts:
default: rds-api
public: rds
host_fqdn_override:
default: null
path:
default: /v1/rds/status
scheme:
default: http
port:
api:
default: 8777
public: 80
uuid:
name: uuid
hosts:
default: uuid-api
host_fqdn_override:
default: null
path:
default: /v1/uuids
scheme:
default: http
port:
api:
default: 7001
audit:
name: audit
hosts:
default: audit-api
host_fqdn_override:
default: null
path:
default: /v1/audit/transaction
scheme:
default: http
port:
api:
default: 7008
identity:
name: keystone
auth:
ranger:
role: admin
region_name: RegionOne
username: ranger-admin
password: password
project_name: service
user_domain_name: default
project_domain_name: default
hosts:
default: keystone
internal: keystone-api
host_fqdn_override:
default: null
path:
default: /v3
scheme:
default: http
port:
api:
default: 80
internal: 5000
pod:
user:
ranger:
uid: 1000
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
mounts:
ranger:
init_container: null
ranger:
ranger_tests:
init_container: null
ranger_tests:
replicas:
ranger: 1
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
disruption_budget:
ranger:
min_available: 0
termination_grace_period:
ranger:
timeout: 30
resources:
enabled: false
ranger:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
db_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_drop:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
tests:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
manifests:
configmap_bin: true
configmap_etc: true
deployment_ranger_services: true
ingress_cms: true
ingress_fms: true
ingress_rms: true
ingress_ims: true
ingress_uuid: true
ingress_audit: true
secret_db: true
secret_ssh_key: true
secret_ingress_tls: true
job_db_init: true
job_db_sync: true
job_db_drop: false
job_image_repo_sync: true
pdb_api: true
pod_test: true
service_ingress_cms: true
service_ingress_fms: true
service_ingress_ims: true
service_ingress_rms: true
service_ingress_rds: true
service_cms: true
service_fms: true
service_ims: true
service_rms: true
service_rds: true
service_uuid: true
service_audit: true