Implement: ranger helm charts and supporting change for agent
This is an effort to implement helm charts for ranger component Included integration changes needed in ranger-agent Signed-off-by: Hari Om Singh<hosingh000@gmail.com> Change-Id: I27911d134882365a29b7ffcf1f7ab2e38cf717be
This commit is contained in:
parent
900343f852
commit
bdac1be107
|
@ -18,50 +18,48 @@ limitations under the License.
|
|||
{{- $envAll := . }}
|
||||
|
||||
{{- if empty .Values.conf.ranger_agent.database.connection -}}
|
||||
{{- tuple "oslo_db" "internal" "ranger_agent" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ranger_agent.database "connection" | quote | trunc 0 -}}
|
||||
{{- $_ := tuple "oslo_db" "internal" "ranger_agent" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ranger_agent.database "connection" -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger_agent.DEFAULT.transport_url -}}
|
||||
{{- tuple "oslo_messaging" "internal" "ranger-agent" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ranger_agent.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- $_ := tuple "oslo_messaging" "internal" "ranger-agent" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ranger_agent.DEFAULT "transport_url" -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger_agent.orm.rds_listener_endpoint -}}
|
||||
{{- tuple "ranger_rds" "public" "rds" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ranger_agent.orm "rds_listener_endpoint" | quote | trunc 0 -}}
|
||||
{{- $_ := tuple "ranger_rds" "public" "rds" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ranger_agent.orm "rds_listener_endpoint" -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger_agent.DEFAULT.ord_server_url -}}
|
||||
{{- tuple "ranger_agent" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix .Values.endpoints.ranger_agent.path.default | set .Values.conf.ranger_agent.DEFAULT "ord_server_url" | quote | trunc 0 -}}
|
||||
{{- $_ := tuple "ranger_agent" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix .Values.endpoints.ranger_agent.path.default | set .Values.conf.ranger_agent.DEFAULT "ord_server_url" -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.username -}}
|
||||
{{- set .Values.conf.ranger_agent.keystone_authtoken "username" .Values.endpoints.identity.auth.ranger_agent.username | quote | trunc 0 -}}
|
||||
{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "username" .Values.endpoints.identity.auth.ranger_agent.username -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.password -}}
|
||||
{{- set .Values.conf.ranger_agent.keystone_authtoken "password" .Values.endpoints.identity.auth.ranger_agent.password | quote | trunc 0 -}}
|
||||
{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "password" .Values.endpoints.identity.auth.ranger_agent.password -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.project_name -}}
|
||||
{{- set .Values.conf.ranger_agent.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ranger_agent.project_name | quote | trunc 0 -}}
|
||||
{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ranger_agent.project_name -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.auth_url -}}
|
||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ranger_agent.keystone_authtoken "auth_url" | quote | trunc 0 -}}
|
||||
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ranger_agent.keystone_authtoken "auth_url" -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger_agent.DEFAULT.region -}}
|
||||
{{- set .Values.conf.ranger_agent.DEFAULT "region" .Values.endpoints.identity.auth.ranger_agent.region_name | quote | trunc 0 -}}
|
||||
{{- $_ := set .Values.conf.ranger_agent.DEFAULT "region" .Values.endpoints.identity.auth.ranger_agent.region_name -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger_agent.api.port -}}
|
||||
{{- tuple "ranger-agent" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger_agent.api "port" | quote | trunc 0 -}}
|
||||
{{- $_ := tuple "ranger-agent" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger_agent.api "port" -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.project_domain_name -}}
|
||||
{{- set .Values.conf.ranger_agent.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.ranger_agent.project_domain_name | quote | trunc 0 -}}
|
||||
{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.ranger_agent.project_domain_name -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.user_domain_name -}}
|
||||
{{- set .Values.conf.ranger_agent.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.ranger_agent.user_domain_name | quote | trunc 0 -}}
|
||||
{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.ranger_agent.user_domain_name -}}
|
||||
{{- end -}}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: ranger-agent-etc
|
||||
type: Opaque
|
||||
data:
|
||||
api-paste.ini: |
|
||||
{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }}
|
||||
ranger-agent.conf: |
|
||||
{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ranger_agent | indent 4 }}
|
||||
api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
|
||||
ranger-agent.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ranger_agent | b64enc }}
|
||||
{{- end }}
|
||||
|
|
|
@ -79,6 +79,8 @@ spec:
|
|||
initialDelaySeconds: 30
|
||||
timeoutSeconds: 5
|
||||
volumeMounts:
|
||||
- name: pod-etc-ranger-agent
|
||||
mountPath: /etc/ranger-agent
|
||||
- name: ranger-agent-bin
|
||||
mountPath: /tmp/ranger-agent-api.sh
|
||||
subPath: ranger-agent-api.sh
|
||||
|
@ -97,13 +99,15 @@ spec:
|
|||
readOnly: true
|
||||
{{ if $mounts_ranger_agent_api.volumeMounts }}{{ toYaml $mounts_ranger_agent_api.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-etc-ranger-agent
|
||||
emptyDir: {}
|
||||
- name: ranger-agent-bin
|
||||
configMap:
|
||||
name: ranger-agent-bin
|
||||
defaultMode: 0555
|
||||
- name: ranger-agent-etc
|
||||
configMap:
|
||||
name: ranger-agent-etc
|
||||
secret:
|
||||
secretName: ranger-agent-etc
|
||||
defaultMode: 0444
|
||||
{{ if $mounts_ranger_agent_api.volumes}}{{ toYaml $mounts_ranger_agent_api.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -104,6 +104,8 @@ spec:
|
|||
initialDelaySeconds: 30
|
||||
timeoutSeconds: 5
|
||||
volumeMounts:
|
||||
- name: pod-etc-ranger-agent
|
||||
mountPath: /etc/ranger-agent
|
||||
- name: ranger-agent-bin
|
||||
mountPath: /tmp/ranger-agent-engine.sh
|
||||
subPath: ranger-agent-engine.sh
|
||||
|
@ -122,13 +124,15 @@ spec:
|
|||
readOnly: true
|
||||
{{ if $mounts_ranger_agent_engine.volumeMounts }}{{ toYaml $mounts_ranger_agent_engine.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-etc-ranger-agent
|
||||
emptyDir: {}
|
||||
- name: ranger-agent-bin
|
||||
configMap:
|
||||
name: ranger-agent-bin
|
||||
defaultMode: 0555
|
||||
- name: ranger-agent-etc
|
||||
configMap:
|
||||
name: ranger-agent-etc
|
||||
secret:
|
||||
secretName: ranger-agent-etc
|
||||
defaultMode: 0444
|
||||
{{ if $mounts_ranger_agent_engine.volumes}}{{ toYaml $mounts_ranger_agent_engine.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.job_ks_user_ranger }}
|
||||
{{- $ksUserJob := dict "envAll" . "serviceName" "ranger-agent" "serviceUser" "ranger" -}}
|
||||
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
|
||||
{{- end }}
|
|
@ -0,0 +1,19 @@
|
|||
{{/*
|
||||
Copyright 2017-2018 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.secret_ingress_tls }}
|
||||
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "ranger-agent" ) }}
|
||||
{{- end }}
|
|
@ -16,7 +16,7 @@ limitations under the License.
|
|||
|
||||
{{- if .Values.manifests.secret_keystone }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "ranger_agent" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "ranger" "ranger_agent" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
|
|
@ -66,13 +66,13 @@ conf:
|
|||
ranger_agent:
|
||||
DEFAULT:
|
||||
api_workers: 1
|
||||
debug: False
|
||||
verbose: True
|
||||
pecan_debug: True
|
||||
debug: false
|
||||
verbose: true
|
||||
pecan_debug: true
|
||||
repo_connection_timeout: 120
|
||||
resource_creation_timeout_min: 1200
|
||||
resource_creation_timeout_max: 14400
|
||||
log_dir: /var/log/ranger-agent
|
||||
use_stderr: true
|
||||
api_paste_config: /etc/ranger-agent/api-paste.ini
|
||||
local_repo: ranger_repo
|
||||
resource_status_check_wait: 15
|
||||
|
@ -174,11 +174,16 @@ dependencies:
|
|||
services:
|
||||
- service: oslo_messaging
|
||||
endpoint: internal
|
||||
image_repo_sync:
|
||||
services:
|
||||
- endpoint: internal
|
||||
service: local_image_registry
|
||||
|
||||
# Names of secrets used and environmental checks
|
||||
secrets:
|
||||
identity:
|
||||
admin: admin
|
||||
ranger: ranger-admin
|
||||
ranger_agent: ranger-agent-admin
|
||||
oslo_db:
|
||||
admin: ranger-agent-db-admin
|
||||
|
@ -186,12 +191,28 @@ secrets:
|
|||
oslo_messaging:
|
||||
admin: ranger-agent-rabbitmq-admin
|
||||
ranger-agent: ranger-agent-rabbitmq-user
|
||||
tls:
|
||||
ranger-agent:
|
||||
api:
|
||||
public: ranger-agent
|
||||
|
||||
# typically overridden by environmental
|
||||
# values, but should include all endpoints
|
||||
# required by this chart
|
||||
endpoints:
|
||||
cluster_domain_suffix: cluster.local
|
||||
local_image_registry:
|
||||
name: docker-registry
|
||||
namespace: docker-registry
|
||||
hosts:
|
||||
default: localhost
|
||||
internal: docker-registry
|
||||
node: localhost
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
port:
|
||||
registry:
|
||||
node: 5000
|
||||
oslo_db:
|
||||
auth:
|
||||
admin:
|
||||
|
@ -239,7 +260,8 @@ endpoints:
|
|||
ranger_rds:
|
||||
name: rds-url
|
||||
hosts:
|
||||
default: rds-server
|
||||
default: rds
|
||||
public: rds-public
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path:
|
||||
|
@ -249,6 +271,7 @@ endpoints:
|
|||
port:
|
||||
rds:
|
||||
default: 8777
|
||||
public: 80
|
||||
identity:
|
||||
name: keystone
|
||||
auth:
|
||||
|
@ -267,9 +290,23 @@ endpoints:
|
|||
project_name: service
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
ranger:
|
||||
role:
|
||||
- admin
|
||||
- admin_support
|
||||
- admin_viewer
|
||||
- customer_creator
|
||||
- flavor_creator
|
||||
- admin_image
|
||||
region_name: RegionOne
|
||||
username: ranger-admin
|
||||
password: password
|
||||
project_name: service
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
hosts:
|
||||
default: keystone-api
|
||||
public: keystone
|
||||
default: keystone
|
||||
internal: keystone-api
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path:
|
||||
|
@ -277,10 +314,9 @@ endpoints:
|
|||
scheme:
|
||||
default: http
|
||||
port:
|
||||
admin:
|
||||
default: 35357
|
||||
api:
|
||||
default: 80
|
||||
internal: 5000
|
||||
image:
|
||||
name: glance
|
||||
hosts:
|
||||
|
@ -316,6 +352,13 @@ endpoints:
|
|||
hosts:
|
||||
default: ranger-api
|
||||
public: ranger-agent
|
||||
# NOTE: this chart supports TLS for fqdn over-ridden public
|
||||
# endpoints using the following format:
|
||||
# public:
|
||||
# host: null
|
||||
# tls:
|
||||
# crt: null
|
||||
# key: null
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path:
|
||||
|
@ -459,6 +502,7 @@ manifests:
|
|||
secret_keystone: true
|
||||
secret_ssh_key: true
|
||||
secret_rabbitmq: true
|
||||
secret_ingress_tls: true
|
||||
job_db_init: true
|
||||
job_db_sync: true
|
||||
job_db_drop: false
|
||||
|
@ -466,6 +510,7 @@ manifests:
|
|||
job_ks_endpoints: true
|
||||
job_ks_service: true
|
||||
job_ks_user: true
|
||||
job_ks_user_ranger: true
|
||||
job_rabbit_init: true
|
||||
pdb_api: true
|
||||
pod_test: true
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
description: OpenStack-Helm Ranger
|
||||
name: ranger
|
||||
version: 0.1.0
|
||||
icon: https://git.openstack.org/cgit/openstack/ranger/plain/public/images/logo.png
|
||||
sources:
|
||||
- https://git.openstack.org/cgit/openstack/ranger
|
||||
- https://git.openstack.org/cgit/openstack/openstack-helm-addons
|
||||
maintainers:
|
||||
- name: OpenStack-Helm Authors
|
|
@ -0,0 +1,18 @@
|
|||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
dependencies:
|
||||
- name: helm-toolkit
|
||||
repository: http://localhost:8879/charts
|
||||
version: 0.1.0
|
|
@ -0,0 +1,21 @@
|
|||
#!/bin/bash
|
||||
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
set -ex
|
||||
|
||||
exec ranger-dbsync
|
|
@ -0,0 +1,44 @@
|
|||
#!/bin/bash
|
||||
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
set -ex
|
||||
|
||||
COMMAND="${@:-allservicesreadiness}"
|
||||
|
||||
function allservicesreadiness () {
|
||||
allservicesliveness
|
||||
}
|
||||
|
||||
function allservicesliveness () {
|
||||
IS_CMS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-cms" {print $8}')
|
||||
IS_RMS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-rms" {print $8}')
|
||||
IS_IMS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-ims" {print $8}')
|
||||
IS_FMS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-fms" {print $8}')
|
||||
IS_RDS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-rds" {print $8}')
|
||||
IS_UUID_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-uuidgen" {print $8}')
|
||||
IS_AUDIT_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-audit" {print $8}')
|
||||
|
||||
for process in "$IS_UUID_RUNNING" "$IS_AUDIT_RUNNING" "$IS_IMS_RUNNING" "$IS_RMS_RUNNING" "$IS_CMS_RUNNING" "$IS_RDS_RUNNING" "$IS_FMS_RUNNING"; do
|
||||
if [ -z "$process" ]; then
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
exit 0
|
||||
}
|
||||
$COMMAND
|
|
@ -0,0 +1,65 @@
|
|||
#!/bin/bash
|
||||
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
set -ex
|
||||
|
||||
COMMAND="${@:-start}"
|
||||
|
||||
function start () {
|
||||
|
||||
if [ -n "${SSH_KEY}" ] && [ -n "${SSH_KEY_CONFIGURATION}" ];then
|
||||
if [[ $(stat -c %F ${USER_HOME}/.ssh) = "directory" ]]; then
|
||||
rm -fr ${USER_HOME}/.ssh
|
||||
fi
|
||||
|
||||
mkdir -p ${USER_HOME}/.ssh
|
||||
echo -e "${SSH_KEY}" >>${USER_HOME}/.ssh/${SSH_KEY_FILE}
|
||||
echo -e "${SSH_KEY_CONFIGURATION}" >>${USER_HOME}/.ssh/config
|
||||
|
||||
chown ranger: ${USER_HOME}/.ssh
|
||||
chmod 0700 -R ${USER_HOME}/.ssh
|
||||
chmod 0644 ${USER_HOME}/.ssh/config
|
||||
chmod 0600 ${USER_HOME}/.ssh/${SSH_KEY_FILE}
|
||||
|
||||
git config --global user.name ${REPO_USER}
|
||||
git config --global user.email ${REPO_ACCOUNT}
|
||||
git clone ${REMOTE_REPO} ${LOCAL_REPO}
|
||||
fi
|
||||
|
||||
if [ -n "${CERT_LOCATION}" ];then
|
||||
echo -e "${CERT_FILE}" >>${CERT_LOCATION}
|
||||
chmod 0644 ${CERT_LOCATION}
|
||||
fi
|
||||
|
||||
exec ranger-uuidgen &
|
||||
exec ranger-audit &
|
||||
exec ranger-rms &
|
||||
exec ranger-rds &
|
||||
exec ranger-cms &
|
||||
exec ranger-fms &
|
||||
exec ranger-ims
|
||||
|
||||
}
|
||||
|
||||
function stop() {
|
||||
|
||||
kill -TERM 1
|
||||
|
||||
}
|
||||
|
||||
$COMMAND
|
|
@ -0,0 +1,19 @@
|
|||
#!/bin/bash
|
||||
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
set -ex
|
|
@ -0,0 +1,39 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.configmap_bin }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: ranger-bin
|
||||
data:
|
||||
db-init.py: |+
|
||||
{{- include "helm-toolkit.scripts.db_init" . | indent 4 }}
|
||||
db-sync.sh: |+
|
||||
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
db-drop.py: |+
|
||||
{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }}
|
||||
ranger-services.sh: |
|
||||
{{ tuple "bin/_ranger-services.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
health-check.sh: |+
|
||||
{{ tuple "bin/_health-check.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
ranger-test.sh: |+
|
||||
{{ tuple "bin/_ranger-test.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
rabbit-init.sh: |
|
||||
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
|
||||
{{- end }}
|
|
@ -0,0 +1,70 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.configmap_etc }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- if empty .Values.conf.ranger.database.connection -}}
|
||||
{{- $_ := tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ranger.database "connection" -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger.keystone_authtoken.username -}}
|
||||
{{- $_ := set .Values.conf.ranger.keystone_authtoken "username" .Values.endpoints.identity.auth.ranger.username -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger.keystone_authtoken.password -}}
|
||||
{{- $_ := set .Values.conf.ranger.keystone_authtoken "password" .Values.endpoints.identity.auth.ranger.password -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger.keystone_authtoken.project_name -}}
|
||||
{{- $_ := set .Values.conf.ranger.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ranger.project_name -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger.cli.base_region -}}
|
||||
{{- $_ := set .Values.conf.ranger.cli "base_region" .Values.endpoints.identity.auth.ranger.region_name -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger.keystone_authtoken.project_domain_name -}}
|
||||
{{- $_ := set .Values.conf.ranger.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.ranger.project_domain_name -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger.keystone_authtoken.user_domain_name -}}
|
||||
{{- $_ := set .Values.conf.ranger.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.ranger.user_domain_name -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger.cms.port -}}
|
||||
{{- $_ := tuple "cms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.cms "port" -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger.fms.port -}}
|
||||
{{- $_ := tuple "fms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.fms "port" -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger.ims.port -}}
|
||||
{{- $_ := tuple "ims" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.ims "port" -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger.rms.port -}}
|
||||
{{- $_ := tuple "rms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.rms "port" -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger.rds.port -}}
|
||||
{{- $_ := tuple "rds" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.rds "port" -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger.uuid.port -}}
|
||||
{{- $_ := tuple "uuid" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.uuid "port" -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger.audit.port -}}
|
||||
{{- $_ := tuple "audit" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.audit "port" -}}
|
||||
{{- end -}}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: ranger-etc
|
||||
type: Opaque
|
||||
data:
|
||||
ranger.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ranger | b64enc }}
|
||||
{{- end }}
|
|
@ -0,0 +1,167 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
{{- if .Values.manifests.deployment_ranger_services }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $mounts_ranger := .Values.pod.mounts.ranger.ranger }}
|
||||
{{- $mounts_ranger_init := .Values.pod.mounts.ranger.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "ranger-services" }}
|
||||
{{ tuple $envAll "ranger" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
spec:
|
||||
replicas: {{ .Values.pod.replicas.ranger }}
|
||||
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
annotations:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
hostNetwork: true
|
||||
affinity:
|
||||
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
{{ .Values.labels.ranger.node_selector_key }}: {{ .Values.labels.ranger.node_selector_value }}
|
||||
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.ranger.timeout | default "30" }}
|
||||
initContainers:
|
||||
{{ tuple $envAll "ranger" $mounts_ranger_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: ranger-services
|
||||
image: {{ .Values.images.tags.ranger }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.ranger | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
runAsUser: {{ .Values.pod.user.ranger.uid }}
|
||||
env:
|
||||
- name: USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ranger-ssh-secret
|
||||
key: USER
|
||||
- name: USER_HOME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ranger-ssh-secret
|
||||
key: USER_HOME
|
||||
- name: SSH_KEY_FILE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ranger-ssh-secret
|
||||
key: SSH_KEY_FILE
|
||||
- name: SSH_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ranger-ssh-secret
|
||||
key: RANGER_PRIVATE_KEY
|
||||
- name: SSH_KEY_CONFIGURATION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ranger-ssh-secret
|
||||
key: RANGER_SSH_CONFIG
|
||||
- name: REPO_USER
|
||||
value: {{ .Values.conf.ranger.rds.repo_user }}
|
||||
- name: REPO_ACCOUNT
|
||||
value: {{ .Values.conf.ranger.rds.repo_email }}
|
||||
- name: LOCAL_REPO
|
||||
value: {{ .Values.conf.ranger.rds.repo_local_location }}
|
||||
- name: REMOTE_REPO
|
||||
value: {{ .Values.conf.ranger.rds.repo_remote_location }}
|
||||
{{- if .Values.conf.ranger.DEFAULT.ranger_agent_https_enable }}
|
||||
- name: CERT_LOCATION
|
||||
value: {{ .Values.conf.ranger.DEFAULT.ranger_agent_client_cert_path }}
|
||||
- name: CERT_FILE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ranger-ssh-secret
|
||||
key: CERT_FILE
|
||||
{{- end }}
|
||||
- name: CMS_SERVICE_URL
|
||||
value: {{ tuple "cms" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
|
||||
command:
|
||||
- /tmp/ranger-services.sh
|
||||
- start
|
||||
lifecycle:
|
||||
preStop:
|
||||
exec:
|
||||
command:
|
||||
- stop
|
||||
ports:
|
||||
- name: cms
|
||||
containerPort: {{ tuple "cms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
- name: ims
|
||||
containerPort: {{ tuple "ims" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
- name: fms
|
||||
containerPort: {{ tuple "fms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
- name: rms
|
||||
containerPort: {{ tuple "rms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
- name: rds
|
||||
containerPort: {{ tuple "rds" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
- name: uuid
|
||||
containerPort: {{ tuple "uuid" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
- name: audit
|
||||
containerPort: {{ tuple "audit" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
livenessProbe:
|
||||
initialDelaySeconds: 30
|
||||
timeoutSeconds: 10
|
||||
exec:
|
||||
command:
|
||||
- /tmp/health-check.sh
|
||||
- allservicesliveness
|
||||
readinessProbe:
|
||||
initialDelaySeconds: 30
|
||||
timeoutSeconds: 10
|
||||
exec:
|
||||
command:
|
||||
- /tmp/health-check.sh
|
||||
- allservicesreadiness
|
||||
volumeMounts:
|
||||
- name: pod-etc-ranger
|
||||
mountPath: /etc/ranger
|
||||
- name: ranger-bin
|
||||
mountPath: /tmp/ranger-services.sh
|
||||
subPath: ranger-services.sh
|
||||
readOnly: true
|
||||
- name: ranger-bin
|
||||
mountPath: /tmp/health-check.sh
|
||||
subPath: health-check.sh
|
||||
readOnly: true
|
||||
- name: ranger-etc
|
||||
mountPath: /etc/ranger/ranger.conf
|
||||
subPath: ranger.conf
|
||||
readOnly: true
|
||||
{{ if $mounts_ranger.volumeMounts }}{{ toYaml $mounts_ranger.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-etc-ranger
|
||||
emptyDir: {}
|
||||
- name: ranger-bin
|
||||
configMap:
|
||||
name: ranger-bin
|
||||
defaultMode: 0555
|
||||
- name: ranger-etc
|
||||
secret:
|
||||
secretName: ranger-etc
|
||||
defaultMode: 0444
|
||||
{{ if $mounts_ranger.volumes}}{{ toYaml $mounts_ranger.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,51 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.manifests.ingress_cms .Values.network.cms.ingress.public }}
|
||||
{{- $ingressOpts := dict "envAll" . "backendService" "cms" "backendServiceType" "cms" "backendPort" "cms" -}}
|
||||
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
|
||||
{{- end }}
|
||||
|
||||
{{- if and .Values.manifests.ingress_fms .Values.network.fms.ingress.public }}
|
||||
{{- $ingressOpts := dict "envAll" . "backendService" "fms" "backendServiceType" "fms" "backendPort" "fms" -}}
|
||||
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
|
||||
{{- end }}
|
||||
|
||||
{{- if and .Values.manifests.ingress_ims .Values.network.ims.ingress.public }}
|
||||
{{- $ingressOpts := dict "envAll" . "backendService" "ims" "backendServiceType" "ims" "backendPort" "ims" -}}
|
||||
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
|
||||
{{- end }}
|
||||
|
||||
{{- if and .Values.manifests.ingress_rms .Values.network.rms.ingress.public }}
|
||||
{{- $ingressOpts := dict "envAll" . "backendService" "rms" "backendServiceType" "rms" "backendPort" "rms" -}}
|
||||
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
|
||||
{{- end }}
|
||||
|
||||
{{- if and .Values.manifests.ingress_rds .Values.network.rds.ingress.public }}
|
||||
{{- $ingressOpts := dict "envAll" . "backendService" "rds" "backendServiceType" "rds" "backendPort" "rds" -}}
|
||||
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.manifests.ingress_uuid }}
|
||||
{{- $ingressOpts := dict "envAll" . "backendService" "uuid" "backendServiceType" "uuid" "backendPort" "uuid" -}}
|
||||
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.manifests.ingress_audit }}
|
||||
{{- $ingressOpts := dict "envAll" . "backendService" "audit" "backendServiceType" "audit" "backendPort" "audit" -}}
|
||||
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.job_db_drop }}
|
||||
{{- $dbInitJob := dict "envAll" . "serviceName" "ranger" -}}
|
||||
{{ $dbInitJob | include "helm-toolkit.manifests.job_db_drop_mysql" }}
|
||||
{{- end }}
|
|
@ -0,0 +1,20 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.job_db_init }}
|
||||
{{- $dbInitJob := dict "envAll" . "serviceName" "ranger" -}}
|
||||
{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }}
|
||||
{{- end }}
|
|
@ -0,0 +1,20 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.job_db_sync }}
|
||||
{{- $dbSyncJob := dict "envAll" . "serviceName" "ranger" -}}
|
||||
{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }}
|
||||
{{- end }}
|
|
@ -0,0 +1,20 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
|
||||
{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "ranger" -}}
|
||||
{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
|
||||
{{- end }}
|
|
@ -0,0 +1,29 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.pdb_api }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: ranger
|
||||
spec:
|
||||
minAvailable: {{ .Values.pod.lifecycle.disruption_budget.ranger.min_available }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
|
||||
{{- end }}
|
|
@ -0,0 +1,59 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.pod_test }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $mounts_tests := .Values.pod.mounts.ranger_tests.ranger_tests }}
|
||||
{{- $mounts_tests_init := .Values.pod.mounts.ranger_tests.init_container }}
|
||||
|
||||
{{- $serviceAccountName := print $envAll.Release.Name "-test" }}
|
||||
{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: "{{$envAll.Release.Name}}-test"
|
||||
annotations:
|
||||
"helm.sh/hook": test-success
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
nodeSelector:
|
||||
{{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
|
||||
restartPolicy: Never
|
||||
initContainers:
|
||||
{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
|
||||
containers:
|
||||
- name: {{.Release.Name}}-test
|
||||
image: {{ .Values.images.tags.scripted_test }}
|
||||
env:
|
||||
- name: RANGER_SERVICE_URL
|
||||
value: {{ tuple "cms" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
|
||||
command:
|
||||
- /tmp/ranger-test.sh
|
||||
volumeMounts:
|
||||
- name: ranger-bin
|
||||
mountPath: /tmp/ranger-test.sh
|
||||
subPath: ranger-test.sh
|
||||
readOnly: true
|
||||
{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }}
|
||||
volumes:
|
||||
- name: ranger-bin
|
||||
configMap:
|
||||
name: ranger-bin
|
||||
defaultMode: 0555
|
||||
{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,30 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.secret_db }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "ranger" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,23 @@
|
|||
{{/*
|
||||
Copyright 2017-2018 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.secret_ingress_tls }}
|
||||
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "cms" ) }}
|
||||
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "fms" ) }}
|
||||
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "ims" ) }}
|
||||
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "rms" ) }}
|
||||
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "rds" ) }}
|
||||
{{- end }}
|
|
@ -0,0 +1,34 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.secret_ssh_key }}
|
||||
{{- $envAll := . }}
|
||||
{{- $key_location := .Values.conf.ssh.key_location }}
|
||||
{{- $secretName := "ranger-ssh-secret" }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
USER: {{ .Values.conf.ssh.user | b64enc }}
|
||||
USER_HOME: {{ .Values.conf.ssh.user_home | b64enc }}
|
||||
SSH_KEY_FILE: {{ .Values.conf.ssh.ssh_key_file | b64enc }}
|
||||
RANGER_PRIVATE_KEY: {{ .Values.conf.ssh.ssh_key | default "" | b64enc }}
|
||||
RANGER_SSH_CONFIG: {{ .Values.conf.ssh.ssh_config | default "" | b64enc }}
|
||||
CERT_FILE: {{ .Values.conf.cert.ranger_agent_client_cert | default "" | b64enc }}
|
||||
{{- end }}
|
|
@ -0,0 +1,20 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.manifests.service_ingress_cms .Values.network.cms.ingress.public }}
|
||||
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "cms" -}}
|
||||
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
|
||||
{{- end }}
|
|
@ -0,0 +1,20 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.manifests.service_ingress_fms .Values.network.fms.ingress.public }}
|
||||
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "fms" "backendPort" "fms" -}}
|
||||
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
|
||||
{{- end }}
|
|
@ -0,0 +1,20 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.manifests.service_ingress_ims .Values.network.ims.ingress.public }}
|
||||
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "ims" -}}
|
||||
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
|
||||
{{- end }}
|
|
@ -0,0 +1,21 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.manifests.service_ingress_rds .Values.network.rds.ingress.public }}
|
||||
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "rds" -}}
|
||||
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.manifests.service_ingress_rms .Values.network.rms.ingress.public }}
|
||||
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "rms" -}}
|
||||
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
|
||||
{{- end }}
|
|
@ -0,0 +1,180 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.service_cms }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ tuple "cms" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||
spec:
|
||||
ports:
|
||||
- name: cms
|
||||
port: {{ tuple "cms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
{{- if .Values.network.cms.node_port.enabled }}
|
||||
nodePort: {{ .Values.network.cms.node_port.port }}
|
||||
{{ end }}
|
||||
selector:
|
||||
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||
{{ if .Values.network.cms.node_port.enabled }}
|
||||
type: NodePort
|
||||
{{- if .Values.network.cms.external_policy_local }}
|
||||
externalTrafficPolicy: Local
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.manifests.service_fms }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ tuple "fms" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||
spec:
|
||||
ports:
|
||||
- name: fms
|
||||
port: {{ tuple "fms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
{{- if .Values.network.fms.node_port.enabled }}
|
||||
nodePort: {{ .Values.network.fms.node_port.port }}
|
||||
{{ end }}
|
||||
selector:
|
||||
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||
{{ if .Values.network.fms.node_port.enabled }}
|
||||
type: NodePort
|
||||
{{- if .Values.network.fms.external_policy_local }}
|
||||
externalTrafficPolicy: Local
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.manifests.service_ims }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ tuple "ims" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||
spec:
|
||||
ports:
|
||||
- name: ims
|
||||
port: {{ tuple "ims" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
{{- if .Values.network.ims.node_port.enabled }}
|
||||
nodePort: {{ .Values.network.ims.node_port.port }}
|
||||
{{ end }}
|
||||
selector:
|
||||
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||
{{ if .Values.network.ims.node_port.enabled }}
|
||||
type: NodePort
|
||||
{{- if .Values.network.ims.external_policy_local }}
|
||||
externalTrafficPolicy: Local
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
{{- if .Values.manifests.service_rms }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ tuple "rms" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||
spec:
|
||||
ports:
|
||||
- name: rms
|
||||
port: {{ tuple "rms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
{{- if .Values.network.rms.node_port.enabled }}
|
||||
nodePort: {{ .Values.network.rms.node_port.port }}
|
||||
{{ end }}
|
||||
selector:
|
||||
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||
{{ if .Values.network.rms.node_port.enabled }}
|
||||
type: NodePort
|
||||
{{- if .Values.network.rms.external_policy_local }}
|
||||
externalTrafficPolicy: Local
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
{{- if .Values.manifests.service_rds }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ tuple "rds" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||
spec:
|
||||
ports:
|
||||
- name: rds
|
||||
port: {{ tuple "rds" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
{{- if .Values.network.rds.node_port.enabled }}
|
||||
nodePort: {{ .Values.network.rds.node_port.port }}
|
||||
{{ end }}
|
||||
selector:
|
||||
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||
{{ if .Values.network.rds.node_port.enabled }}
|
||||
type: NodePort
|
||||
{{- if .Values.network.rds.external_policy_local }}
|
||||
externalTrafficPolicy: Local
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
{{- if .Values.manifests.service_uuid }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ tuple "uuid" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||
spec:
|
||||
ports:
|
||||
- name: uuid
|
||||
port: {{ tuple "uuid" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
{{- if .Values.network.uuid.node_port.enabled }}
|
||||
nodePort: {{ .Values.network.uuid.node_port.port }}
|
||||
{{ end }}
|
||||
selector:
|
||||
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||
{{ if .Values.network.uuid.node_port.enabled }}
|
||||
type: NodePort
|
||||
{{- if .Values.network.uuid.external_policy_local }}
|
||||
externalTrafficPolicy: Local
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
{{- if .Values.manifests.service_audit }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ tuple "audit" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||
spec:
|
||||
ports:
|
||||
- name: audit
|
||||
port: {{ tuple "audit" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
{{- if .Values.network.audit.node_port.enabled }}
|
||||
nodePort: {{ .Values.network.audit.node_port.port }}
|
||||
{{ end }}
|
||||
selector:
|
||||
{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||
{{ if .Values.network.audit.node_port.enabled }}
|
||||
type: NodePort
|
||||
{{- if .Values.network.audit.external_policy_local }}
|
||||
externalTrafficPolicy: Local
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,516 @@
|
|||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# Default values for ranger.
|
||||
# This is a YAML-formatted file.
|
||||
# Declare name/value pairs to be passed into your templates.
|
||||
# name: value
|
||||
|
||||
release_group: null
|
||||
|
||||
labels:
|
||||
ranger:
|
||||
node_selector_key: openstack-control-plane
|
||||
node_selector_value: enabled
|
||||
job:
|
||||
node_selector_key: openstack-control-plane
|
||||
node_selector_value: enabled
|
||||
test:
|
||||
node_selector_key: openstack-control-plane
|
||||
node_selector_value: enabled
|
||||
|
||||
images:
|
||||
tags:
|
||||
ranger: docker.io/hosingh000/ranger:0.1.0
|
||||
ranger_db_sync: docker.io/hosingh000/ranger:0.1.0
|
||||
db_drop: docker.io/openstackhelm/heat:newton
|
||||
db_init: docker.io/openstackhelm/heat:newton
|
||||
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
|
||||
scripted_test: docker.io/openstackhelm/heat:newton
|
||||
image_repo_sync: docker.io/docker:17.07.0
|
||||
pull_policy: "IfNotPresent"
|
||||
local_registry:
|
||||
active: false
|
||||
exclude:
|
||||
- dep_check
|
||||
- image_repo_sync
|
||||
conf:
|
||||
ranger:
|
||||
DEFAULT:
|
||||
protocol: http
|
||||
log_level: INFO
|
||||
orm_host: 0.0.0.0
|
||||
pecan_debug: True
|
||||
ranger_base: '/home/ranger/ranger'
|
||||
ssl_verify: False
|
||||
log_location: '/var/log/ranger'
|
||||
ranger_agent_https_enable: False
|
||||
ranger_agent_client_cert_path: ''
|
||||
cms:
|
||||
log: cms.log
|
||||
fms:
|
||||
log: fms.log
|
||||
ims:
|
||||
log: ims.log
|
||||
rms:
|
||||
log: rms.log
|
||||
rds:
|
||||
log: rds.log
|
||||
repo_local_location: /home/ranger/git_repo
|
||||
repo_remote_location: git@127.0.0.1:/home/repo/ORM.git
|
||||
repo_user: orm
|
||||
repo_email: orm@test.com
|
||||
uuid:
|
||||
log: uuid.log
|
||||
audit:
|
||||
log: audit.log
|
||||
cli:
|
||||
base_region: RegionOne
|
||||
database:
|
||||
max_retries: -1
|
||||
keystone_authtoken:
|
||||
auth_type: password
|
||||
auth_version: v3
|
||||
ssh:
|
||||
user: ranger
|
||||
user_home: /home/ranger
|
||||
ssh_key_file: ranger
|
||||
ssh_key: null
|
||||
ssh_config: null
|
||||
cert:
|
||||
ranger_agent_client_cert: null
|
||||
|
||||
network:
|
||||
cms:
|
||||
ingress:
|
||||
public: true
|
||||
classes:
|
||||
namespace: "nginx"
|
||||
cluster: "nginx-cluster"
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||
external_policy_local: false
|
||||
node_port:
|
||||
enabled: false
|
||||
port: 37080
|
||||
fms:
|
||||
ingress:
|
||||
public: true
|
||||
classes:
|
||||
namespace: "nginx"
|
||||
cluster: "nginx-cluster"
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||
external_policy_local: false
|
||||
node_port:
|
||||
enabled: false
|
||||
port: 38082
|
||||
ims:
|
||||
ingress:
|
||||
public: true
|
||||
classes:
|
||||
namespace: "nginx"
|
||||
cluster: "nginx-cluster"
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||
external_policy_local: false
|
||||
node_port:
|
||||
enabled: false
|
||||
port: 38084
|
||||
rms:
|
||||
ingress:
|
||||
public: true
|
||||
classes:
|
||||
namespace: "nginx"
|
||||
cluster: "nginx-cluster"
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||
external_policy_local: false
|
||||
node_port:
|
||||
enabled: false
|
||||
port: 38080
|
||||
audit:
|
||||
ingress:
|
||||
public: true
|
||||
classes:
|
||||
namespace: "nginx"
|
||||
cluster: "nginx-cluster"
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||
external_policy_local: false
|
||||
node_port:
|
||||
enabled: false
|
||||
port: 38776
|
||||
rds:
|
||||
ingress:
|
||||
public: true
|
||||
classes:
|
||||
namespace: "nginx"
|
||||
cluster: "nginx-cluster"
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||
external_policy_local: false
|
||||
node_port:
|
||||
enabled: false
|
||||
port: 38777
|
||||
uuid:
|
||||
ingress:
|
||||
public: true
|
||||
classes:
|
||||
namespace: "nginx"
|
||||
cluster: "nginx-cluster"
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||
external_policy_local: false
|
||||
node_port:
|
||||
enabled: false
|
||||
port: 38090
|
||||
|
||||
|
||||
dependencies:
|
||||
dynamic:
|
||||
common:
|
||||
local_image_registry:
|
||||
jobs:
|
||||
- keystone-image-repo-sync
|
||||
services:
|
||||
- endpoint: node
|
||||
service: local_image_registry
|
||||
static:
|
||||
ranger:
|
||||
jobs:
|
||||
- ranger-db-sync
|
||||
services:
|
||||
- service: oslo_db
|
||||
endpoint: internal
|
||||
db_sync:
|
||||
jobs:
|
||||
- ranger-db-init
|
||||
services:
|
||||
- service: oslo_db
|
||||
endpoint: internal
|
||||
db_init:
|
||||
services:
|
||||
- service: oslo_db
|
||||
endpoint: internal
|
||||
db_drop:
|
||||
services:
|
||||
- service: oslo_db
|
||||
endpoint: internal
|
||||
image_repo_sync:
|
||||
services:
|
||||
- service: local_image_registry
|
||||
endpoint: internal
|
||||
|
||||
# Names of secrets used and environmental checks
|
||||
secrets:
|
||||
oslo_db:
|
||||
admin: ranger-db-admin
|
||||
ranger: ranger-db-user
|
||||
tls:
|
||||
cms:
|
||||
api:
|
||||
public: cms
|
||||
fms:
|
||||
api:
|
||||
public: fms
|
||||
ims:
|
||||
api:
|
||||
public: ims
|
||||
rms:
|
||||
api:
|
||||
public: rms
|
||||
rds:
|
||||
api:
|
||||
public: rds
|
||||
|
||||
# typically overriden by environmental
|
||||
# values, but should include all endpoints
|
||||
# required by this chart
|
||||
endpoints:
|
||||
cluster_domain_suffix: cluster.local
|
||||
local_image_registry:
|
||||
name: docker-registry
|
||||
namespace: docker-registry
|
||||
hosts:
|
||||
default: localhost
|
||||
internal: docker-registry
|
||||
node: localhost
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
port:
|
||||
registry:
|
||||
node: 5000
|
||||
oslo_db:
|
||||
auth:
|
||||
admin:
|
||||
username: root
|
||||
password: password
|
||||
ranger:
|
||||
username: ranger
|
||||
password: password
|
||||
hosts:
|
||||
default: mariadb
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path: /orm
|
||||
scheme: mysql+pymysql
|
||||
port:
|
||||
mysql:
|
||||
default: 3306
|
||||
oslo_cache:
|
||||
hosts:
|
||||
default: memcached
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
port:
|
||||
memcache:
|
||||
default: 11211
|
||||
cms:
|
||||
name: cms
|
||||
hosts:
|
||||
default: cms-api
|
||||
public: cms
|
||||
# NOTE: this chart supports TLS for fqdn over-ridden public
|
||||
# endpoints using the following format:
|
||||
# public:
|
||||
# host: null
|
||||
# tls:
|
||||
# crt: null
|
||||
# key: null
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path:
|
||||
default: /v1/orm/customers
|
||||
scheme:
|
||||
default: http
|
||||
port:
|
||||
api:
|
||||
default: 7080
|
||||
public: 80
|
||||
fms:
|
||||
name: fms
|
||||
hosts:
|
||||
default: fms-api
|
||||
public: fms
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path:
|
||||
default: /v1/orm/flavors
|
||||
scheme:
|
||||
default: http
|
||||
port:
|
||||
api:
|
||||
default: 8082
|
||||
public: 80
|
||||
ims:
|
||||
name: ims
|
||||
hosts:
|
||||
default: ims-api
|
||||
public: ims
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path:
|
||||
default: /v1/orm/images
|
||||
scheme:
|
||||
default: http
|
||||
port:
|
||||
api:
|
||||
default: 8084
|
||||
public: 80
|
||||
rms:
|
||||
name: rms
|
||||
hosts:
|
||||
default: rms-api
|
||||
public: rms
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path:
|
||||
default: /v2/orm/regions
|
||||
scheme:
|
||||
default: http
|
||||
port:
|
||||
api:
|
||||
default: 7003
|
||||
public: 80
|
||||
rds:
|
||||
name: rds
|
||||
hosts:
|
||||
default: rds-api
|
||||
public: rds
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path:
|
||||
default: /v1/rds/status
|
||||
scheme:
|
||||
default: http
|
||||
port:
|
||||
api:
|
||||
default: 8777
|
||||
public: 80
|
||||
uuid:
|
||||
name: uuid
|
||||
hosts:
|
||||
default: uuid-api
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path:
|
||||
default: /v1/uuids
|
||||
scheme:
|
||||
default: http
|
||||
port:
|
||||
api:
|
||||
default: 7001
|
||||
audit:
|
||||
name: audit
|
||||
hosts:
|
||||
default: audit-api
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path:
|
||||
default: /v1/audit/transaction
|
||||
scheme:
|
||||
default: http
|
||||
port:
|
||||
api:
|
||||
default: 7008
|
||||
identity:
|
||||
name: keystone
|
||||
auth:
|
||||
ranger:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: ranger-admin
|
||||
password: password
|
||||
project_name: service
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
hosts:
|
||||
default: keystone
|
||||
internal: keystone-api
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path:
|
||||
default: /v3
|
||||
scheme:
|
||||
default: http
|
||||
port:
|
||||
api:
|
||||
default: 80
|
||||
internal: 5000
|
||||
|
||||
pod:
|
||||
user:
|
||||
ranger:
|
||||
uid: 1000
|
||||
affinity:
|
||||
anti:
|
||||
type:
|
||||
default: preferredDuringSchedulingIgnoredDuringExecution
|
||||
topologyKey:
|
||||
default: kubernetes.io/hostname
|
||||
mounts:
|
||||
ranger:
|
||||
init_container: null
|
||||
ranger:
|
||||
ranger_tests:
|
||||
init_container: null
|
||||
ranger_tests:
|
||||
replicas:
|
||||
ranger: 1
|
||||
lifecycle:
|
||||
upgrades:
|
||||
deployments:
|
||||
revision_history: 3
|
||||
pod_replacement_strategy: RollingUpdate
|
||||
rolling_update:
|
||||
max_unavailable: 1
|
||||
max_surge: 3
|
||||
disruption_budget:
|
||||
ranger:
|
||||
min_available: 0
|
||||
termination_grace_period:
|
||||
ranger:
|
||||
timeout: 30
|
||||
resources:
|
||||
enabled: false
|
||||
ranger:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
jobs:
|
||||
db_init:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
db_sync:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
db_drop:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
tests:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
|
||||
manifests:
|
||||
configmap_bin: true
|
||||
configmap_etc: true
|
||||
deployment_ranger_services: true
|
||||
ingress_cms: true
|
||||
ingress_fms: true
|
||||
ingress_rms: true
|
||||
ingress_ims: true
|
||||
ingress_uuid: true
|
||||
ingress_audit: true
|
||||
secret_db: true
|
||||
secret_ssh_key: true
|
||||
secret_ingress_tls: true
|
||||
job_db_init: true
|
||||
job_db_sync: true
|
||||
job_db_drop: false
|
||||
job_image_repo_sync: true
|
||||
pdb_api: true
|
||||
pod_test: true
|
||||
service_ingress_cms: true
|
||||
service_ingress_fms: true
|
||||
service_ingress_ims: true
|
||||
service_ingress_rms: true
|
||||
service_ingress_rds: true
|
||||
service_cms: true
|
||||
service_fms: true
|
||||
service_ims: true
|
||||
service_rms: true
|
||||
service_rds: true
|
||||
service_uuid: true
|
||||
service_audit: true
|
||||
|
Loading…
Reference in New Issue