Image local repo jobs and multiple namespace support
This PS introduces support for using a local docker repo to store images if desired, and adds multiple namespace support to the entrypoint lookup functions. Change-Id: Ib51aa30d3cc033795fe13f6c40a57d46171ad586
This commit is contained in:
parent
d4163dff03
commit
436845541b
|
@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.clusterrole_calico_cni_plugin }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
---
|
---
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
|
@ -27,3 +28,4 @@ rules:
|
||||||
- nodes
|
- nodes
|
||||||
verbs:
|
verbs:
|
||||||
- get
|
- get
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.clusterrole_calico_policy_controller }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
---
|
---
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
|
@ -31,3 +32,4 @@ rules:
|
||||||
verbs:
|
verbs:
|
||||||
- watch
|
- watch
|
||||||
- list
|
- list
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.clusterrolebinding_calico_cni_plugin }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
@ -28,3 +29,4 @@ subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: calico-cni-plugin
|
name: calico-cni-plugin
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.clusterrolebinding_calico_policy_controller }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
@ -28,3 +29,4 @@ subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: calico-policy-controller
|
name: calico-policy-controller
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.configmap_bin }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: calico-bin
|
||||||
|
data:
|
||||||
|
image-repo-sync.sh: |+
|
||||||
|
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
|
||||||
|
{{- end }}
|
|
@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.configmap_calico_config }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
---
|
---
|
||||||
# This ConfigMap is used to configure a self-hosted Calico installation.
|
# This ConfigMap is used to configure a self-hosted Calico installation.
|
||||||
|
@ -50,3 +51,4 @@ data:
|
||||||
"kubeconfig": "/etc/cni/net.d/__KUBECONFIG_FILENAME__"
|
"kubeconfig": "/etc/cni/net.d/__KUBECONFIG_FILENAME__"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -14,7 +14,13 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.daemonset_calico_etcd }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
|
{{- if .Values.images.local_registry.active -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.etcd .Values.conditional_dependencies.local_image_registry) -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" .Values.dependencies.etcd -}}
|
||||||
|
{{- end -}}
|
||||||
---
|
---
|
||||||
# This manifest installs the Calico etcd on the kubeadm master. This uses a DaemonSet
|
# This manifest installs the Calico etcd on the kubeadm master. This uses a DaemonSet
|
||||||
# to force it to run on the master even when the master isn't schedulable, and uses
|
# to force it to run on the master even when the master isn't schedulable, and uses
|
||||||
|
@ -49,6 +55,8 @@ spec:
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
node-role.kubernetes.io/master: ""
|
node-role.kubernetes.io/master: ""
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
initContainers:
|
||||||
|
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||||
containers:
|
containers:
|
||||||
- name: calico-etcd
|
- name: calico-etcd
|
||||||
{{ tuple $envAll "calico_etcd" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "calico_etcd" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
|
@ -68,6 +76,8 @@ spec:
|
||||||
- name: var-etcd
|
- name: var-etcd
|
||||||
mountPath: /var/etcd
|
mountPath: /var/etcd
|
||||||
volumes:
|
volumes:
|
||||||
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
|
||||||
- name: var-etcd
|
- name: var-etcd
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /var/etcd
|
path: /var/etcd
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -14,8 +14,13 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.daemonset_calico_node }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $dependencies := .Values.dependencies.calico_node }}
|
{{- if .Values.images.local_registry.active -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.calico_node .Values.conditional_dependencies.local_image_registry) -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" .Values.dependencies.calico_node -}}
|
||||||
|
{{- end -}}
|
||||||
---
|
---
|
||||||
# This manifest installs the calico/node container, as well
|
# This manifest installs the calico/node container, as well
|
||||||
# as the Calico CNI plugins and network config on
|
# as the Calico CNI plugins and network config on
|
||||||
|
@ -54,7 +59,7 @@ spec:
|
||||||
operator: Exists
|
operator: Exists
|
||||||
serviceAccountName: calico-cni-plugin
|
serviceAccountName: calico-cni-plugin
|
||||||
initContainers:
|
initContainers:
|
||||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||||
containers:
|
containers:
|
||||||
# Runs calico/node container on each Kubernetes node. This
|
# Runs calico/node container on each Kubernetes node. This
|
||||||
# container programs network policy and routes on each
|
# container programs network policy and routes on each
|
||||||
|
@ -155,6 +160,7 @@ spec:
|
||||||
- mountPath: /host/etc/cni/net.d
|
- mountPath: /host/etc/cni/net.d
|
||||||
name: cni-net-dir
|
name: cni-net-dir
|
||||||
volumes:
|
volumes:
|
||||||
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
|
||||||
# Used by calico/node.
|
# Used by calico/node.
|
||||||
- name: lib-modules
|
- name: lib-modules
|
||||||
hostPath:
|
hostPath:
|
||||||
|
@ -169,4 +175,4 @@ spec:
|
||||||
- name: cni-net-dir
|
- name: cni-net-dir
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /etc/cni/net.d
|
path: /etc/cni/net.d
|
||||||
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
|
{{- end }}
|
||||||
|
|
|
@ -14,8 +14,13 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.deployment_calico_policy_controller }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $dependencies := .Values.dependencies.calico_policy_controller }}
|
{{- if .Values.images.local_registry.active -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.calico_policy_controller .Values.conditional_dependencies.local_image_registry) -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" .Values.dependencies.calico_policy_controller -}}
|
||||||
|
{{- end -}}
|
||||||
---
|
---
|
||||||
# This manifest deploys the Calico policy controller on Kubernetes.
|
# This manifest deploys the Calico policy controller on Kubernetes.
|
||||||
# See https://github.com/projectcalico/k8s-policy
|
# See https://github.com/projectcalico/k8s-policy
|
||||||
|
@ -55,7 +60,7 @@ spec:
|
||||||
operator: Exists
|
operator: Exists
|
||||||
serviceAccountName: calico-policy-controller
|
serviceAccountName: calico-policy-controller
|
||||||
initContainers:
|
initContainers:
|
||||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||||
containers:
|
containers:
|
||||||
- name: calico-policy-controller
|
- name: calico-policy-controller
|
||||||
{{ tuple $envAll "calico_kube_policy_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "calico_kube_policy_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
|
@ -77,3 +82,4 @@ spec:
|
||||||
value: "true"
|
value: "true"
|
||||||
volumes:
|
volumes:
|
||||||
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -0,0 +1,65 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.job_image_repo_sync }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- if .Values.images.local_registry.active -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" .Values.dependencies.image_repo_sync -}}
|
||||||
|
---
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: calico-image-repo-sync
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{ tuple $envAll "calico" "image-repo-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
|
spec:
|
||||||
|
restartPolicy: OnFailure
|
||||||
|
nodeSelector:
|
||||||
|
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||||
|
initContainers:
|
||||||
|
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||||
|
containers:
|
||||||
|
- name: image-repo-sync
|
||||||
|
{{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
|
{{ tuple $envAll $envAll.Values.pod.resources.jobs.image_repo_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
env:
|
||||||
|
- name: LOCAL_REPO
|
||||||
|
value: "{{ tuple "local_image_registry" "node" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}:{{ tuple "local_image_registry" "node" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
|
||||||
|
- name: IMAGE_SYNC_LIST
|
||||||
|
value: "{{ include "helm-toolkit.utils.image_sync_list" . }}"
|
||||||
|
command:
|
||||||
|
- /tmp/image-repo-sync.sh
|
||||||
|
volumeMounts:
|
||||||
|
- name: calico-bin
|
||||||
|
mountPath: /tmp/image-repo-sync.sh
|
||||||
|
subPath: image-repo-sync.sh
|
||||||
|
readOnly: true
|
||||||
|
- name: docker-socket
|
||||||
|
mountPath: /var/run/docker.sock
|
||||||
|
volumes:
|
||||||
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
|
||||||
|
- name: calico-bin
|
||||||
|
configMap:
|
||||||
|
name: calico-bin
|
||||||
|
defaultMode: 0555
|
||||||
|
- name: docker-socket
|
||||||
|
hostPath:
|
||||||
|
path: /var/run/docker.sock
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -14,4 +14,6 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.rbac_entrypoint }}
|
||||||
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_rbac"}}
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_rbac"}}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.service_calico_etcd }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
---
|
---
|
||||||
# This manifest installs the Service which gets traffic to the Calico
|
# This manifest installs the Service which gets traffic to the Calico
|
||||||
|
@ -35,3 +36,4 @@ spec:
|
||||||
clusterIP: 10.96.232.136
|
clusterIP: 10.96.232.136
|
||||||
ports:
|
ports:
|
||||||
- port: {{ tuple "etcd" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
- port: {{ tuple "etcd" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -14,9 +14,11 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.serviceaccount_calico_cni_plugin }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
name: calico-cni-plugin
|
name: calico-cni-plugin
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -14,9 +14,11 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.serviceaccount_calico_policy_controller }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
name: calico-policy-controller
|
name: calico-policy-controller
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -20,6 +20,10 @@
|
||||||
# calico/cni:v1.10.0
|
# calico/cni:v1.10.0
|
||||||
# calico/kube-policy-controller:v0.7.0
|
# calico/kube-policy-controller:v0.7.0
|
||||||
|
|
||||||
|
labels:
|
||||||
|
node_selector_key: openstack-control-plane
|
||||||
|
node_selector_value: enabled
|
||||||
|
|
||||||
images:
|
images:
|
||||||
tags:
|
tags:
|
||||||
calico_etcd: quay.io/coreos/etcd:v3.1.10
|
calico_etcd: quay.io/coreos/etcd:v3.1.10
|
||||||
|
@ -27,11 +31,33 @@ images:
|
||||||
calico_cni: quay.io/calico/cni:v1.10.0
|
calico_cni: quay.io/calico/cni:v1.10.0
|
||||||
calico_kube_policy_controller: quay.io/calico/kube-policy-controller:v0.7.0
|
calico_kube_policy_controller: quay.io/calico/kube-policy-controller:v0.7.0
|
||||||
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
|
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
|
||||||
|
image_repo_sync: docker.io/docker:17.07.0
|
||||||
pull_policy: IfNotPresent
|
pull_policy: IfNotPresent
|
||||||
registry:
|
local_registry:
|
||||||
prefix: null
|
active: false
|
||||||
|
exclude:
|
||||||
|
- dep_check
|
||||||
|
- image_repo_sync
|
||||||
|
- calico_etcd
|
||||||
|
- calico_node
|
||||||
|
- calico_cni
|
||||||
|
- calico_kube_policy_controller
|
||||||
|
|
||||||
|
pod:
|
||||||
|
resources:
|
||||||
|
enabled: false
|
||||||
|
jobs:
|
||||||
|
image_repo_sync:
|
||||||
|
requests:
|
||||||
|
memory: "128Mi"
|
||||||
|
cpu: "100m"
|
||||||
|
limits:
|
||||||
|
memory: "1024Mi"
|
||||||
|
cpu: "2000m"
|
||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
|
etcd:
|
||||||
|
services: null
|
||||||
calico_node:
|
calico_node:
|
||||||
services:
|
services:
|
||||||
- service: etcd
|
- service: etcd
|
||||||
|
@ -41,8 +67,28 @@ dependencies:
|
||||||
- service: etcd
|
- service: etcd
|
||||||
endpoint: internal
|
endpoint: internal
|
||||||
|
|
||||||
|
conditional_dependencies:
|
||||||
|
local_image_registry:
|
||||||
|
jobs:
|
||||||
|
- calico-image-repo-sync
|
||||||
|
services:
|
||||||
|
- service: local_image_registry
|
||||||
|
endpoint: node
|
||||||
|
|
||||||
endpoints:
|
endpoints:
|
||||||
cluster_domain_suffix: cluster.local
|
cluster_domain_suffix: cluster.local
|
||||||
|
local_image_registry:
|
||||||
|
name: docker-registry
|
||||||
|
namespace: docker-registry
|
||||||
|
hosts:
|
||||||
|
default: localhost
|
||||||
|
internal: docker-registry
|
||||||
|
node: localhost
|
||||||
|
host_fqdn_override:
|
||||||
|
default: null
|
||||||
|
port:
|
||||||
|
registry:
|
||||||
|
node: 5000
|
||||||
etcd:
|
etcd:
|
||||||
hosts:
|
hosts:
|
||||||
default: calico-etcd
|
default: calico-etcd
|
||||||
|
@ -56,3 +102,19 @@ endpoints:
|
||||||
|
|
||||||
networking:
|
networking:
|
||||||
podSubnet: 192.168.0.0/16
|
podSubnet: 192.168.0.0/16
|
||||||
|
|
||||||
|
manifests:
|
||||||
|
clusterrole_calico_cni_plugin: true
|
||||||
|
clusterrole_calico_policy_controller: true
|
||||||
|
clusterrolebinding_calico_cni_plugin: true
|
||||||
|
clusterrolebinding_calico_policy_controller: true
|
||||||
|
configmap_bin: true
|
||||||
|
configmap_calico_config: true
|
||||||
|
daemonset_calico_etcd: true
|
||||||
|
daemonset_calico_node: true
|
||||||
|
deployment_calico_policy_controller: true
|
||||||
|
job_image_repo_sync: true
|
||||||
|
rbac_entrypoint: true
|
||||||
|
service_calico_etcd: true
|
||||||
|
serviceaccount_calico_cni_plugin: true
|
||||||
|
serviceaccount_calico_policy_controller: true
|
||||||
|
|
|
@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.clusterrole_flannel }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
---
|
---
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
|
@ -40,3 +41,4 @@ rules:
|
||||||
- nodes/status
|
- nodes/status
|
||||||
verbs:
|
verbs:
|
||||||
- patch
|
- patch
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.clusterrolebinding_flannel }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
---
|
---
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
|
@ -28,3 +29,4 @@ subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: flannel
|
name: flannel
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.configmap_bin }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: flannel-bin
|
||||||
|
data:
|
||||||
|
image-repo-sync.sh: |+
|
||||||
|
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
|
||||||
|
{{- end }}
|
|
@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.configmap_kube_flannel_cfg }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
---
|
---
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
|
@ -39,3 +40,4 @@ data:
|
||||||
"Type": "vxlan"
|
"Type": "vxlan"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -14,7 +14,13 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.daemonset_kube_flannel_ds }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
|
{{- if .Values.images.local_registry.active -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.flannel .Values.conditional_dependencies.local_image_registry) -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" .Values.dependencies.flannel -}}
|
||||||
|
{{- end -}}
|
||||||
---
|
---
|
||||||
apiVersion: extensions/v1beta1
|
apiVersion: extensions/v1beta1
|
||||||
kind: DaemonSet
|
kind: DaemonSet
|
||||||
|
@ -40,6 +46,8 @@ spec:
|
||||||
operator: Exists
|
operator: Exists
|
||||||
effect: NoSchedule
|
effect: NoSchedule
|
||||||
serviceAccountName: flannel
|
serviceAccountName: flannel
|
||||||
|
initContainers:
|
||||||
|
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||||
containers:
|
containers:
|
||||||
- name: kube-flannel
|
- name: kube-flannel
|
||||||
{{ tuple $envAll "flannel" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "flannel" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
|
@ -69,6 +77,7 @@ spec:
|
||||||
- name: flannel-cfg
|
- name: flannel-cfg
|
||||||
mountPath: /etc/kube-flannel/
|
mountPath: /etc/kube-flannel/
|
||||||
volumes:
|
volumes:
|
||||||
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
|
||||||
- name: run
|
- name: run
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /run
|
path: /run
|
||||||
|
@ -78,3 +87,4 @@ spec:
|
||||||
- name: flannel-cfg
|
- name: flannel-cfg
|
||||||
configMap:
|
configMap:
|
||||||
name: kube-flannel-cfg
|
name: kube-flannel-cfg
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -0,0 +1,65 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.job_image_repo_sync }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- if .Values.images.local_registry.active -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" .Values.dependencies.image_repo_sync -}}
|
||||||
|
---
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: flannel-image-repo-sync
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{ tuple $envAll "flannel" "image-repo-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
|
spec:
|
||||||
|
restartPolicy: OnFailure
|
||||||
|
nodeSelector:
|
||||||
|
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||||
|
initContainers:
|
||||||
|
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||||
|
containers:
|
||||||
|
- name: image-repo-sync
|
||||||
|
{{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
|
{{ tuple $envAll $envAll.Values.pod.resources.jobs.image_repo_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
env:
|
||||||
|
- name: LOCAL_REPO
|
||||||
|
value: "{{ tuple "local_image_registry" "node" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}:{{ tuple "local_image_registry" "node" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
|
||||||
|
- name: IMAGE_SYNC_LIST
|
||||||
|
value: "{{ include "helm-toolkit.utils.image_sync_list" . }}"
|
||||||
|
command:
|
||||||
|
- /tmp/image-repo-sync.sh
|
||||||
|
volumeMounts:
|
||||||
|
- name: flannel-bin
|
||||||
|
mountPath: /tmp/image-repo-sync.sh
|
||||||
|
subPath: image-repo-sync.sh
|
||||||
|
readOnly: true
|
||||||
|
- name: docker-socket
|
||||||
|
mountPath: /var/run/docker.sock
|
||||||
|
volumes:
|
||||||
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
|
||||||
|
- name: flannel-bin
|
||||||
|
configMap:
|
||||||
|
name: flannel-bin
|
||||||
|
defaultMode: 0555
|
||||||
|
- name: docker-socket
|
||||||
|
hostPath:
|
||||||
|
path: /var/run/docker.sock
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,19 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.rbac_entrypoint }}
|
||||||
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_rbac"}}
|
||||||
|
{{- end }}
|
|
@ -14,9 +14,11 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.serviceaccount_flannel }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
name: flannel
|
name: flannel
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -14,12 +14,74 @@
|
||||||
|
|
||||||
# https://raw.githubusercontent.com/coreos/flannel/v0.8.0/Documentation/kube-flannel.yml
|
# https://raw.githubusercontent.com/coreos/flannel/v0.8.0/Documentation/kube-flannel.yml
|
||||||
|
|
||||||
|
labels:
|
||||||
|
node_selector_key: openstack-control-plane
|
||||||
|
node_selector_value: enabled
|
||||||
|
|
||||||
images:
|
images:
|
||||||
tags:
|
tags:
|
||||||
flannel: quay.io/coreos/flannel:v0.8.0-amd64
|
flannel: quay.io/coreos/flannel:v0.8.0-amd64
|
||||||
|
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
|
||||||
|
image_repo_sync: docker.io/docker:17.07.0
|
||||||
pull_policy: IfNotPresent
|
pull_policy: IfNotPresent
|
||||||
registry:
|
local_registry:
|
||||||
prefix: null
|
active: false
|
||||||
|
exclude:
|
||||||
|
- dep_check
|
||||||
|
- image_repo_sync
|
||||||
|
- flannel
|
||||||
|
|
||||||
|
pod:
|
||||||
|
resources:
|
||||||
|
enabled: false
|
||||||
|
jobs:
|
||||||
|
image_repo_sync:
|
||||||
|
requests:
|
||||||
|
memory: "128Mi"
|
||||||
|
cpu: "100m"
|
||||||
|
limits:
|
||||||
|
memory: "1024Mi"
|
||||||
|
cpu: "2000m"
|
||||||
|
|
||||||
networking:
|
networking:
|
||||||
podSubnet: 192.168.0.0/16
|
podSubnet: 192.168.0.0/16
|
||||||
|
|
||||||
|
dependencies:
|
||||||
|
flannel:
|
||||||
|
services: null
|
||||||
|
image_repo_sync:
|
||||||
|
services:
|
||||||
|
- service: local_image_registry
|
||||||
|
endpoint: internal
|
||||||
|
|
||||||
|
conditional_dependencies:
|
||||||
|
local_image_registry:
|
||||||
|
jobs:
|
||||||
|
- flannel-image-repo-sync
|
||||||
|
services:
|
||||||
|
- service: local_image_registry
|
||||||
|
endpoint: node
|
||||||
|
|
||||||
|
endpoints:
|
||||||
|
cluster_domain_suffix: cluster.local
|
||||||
|
local_image_registry:
|
||||||
|
name: docker-registry
|
||||||
|
namespace: docker-registry
|
||||||
|
hosts:
|
||||||
|
default: localhost
|
||||||
|
internal: docker-registry
|
||||||
|
node: localhost
|
||||||
|
host_fqdn_override:
|
||||||
|
default: null
|
||||||
|
port:
|
||||||
|
registry:
|
||||||
|
node: 5000
|
||||||
|
|
||||||
|
manifests:
|
||||||
|
clusterrole_flannel: true
|
||||||
|
clusterrolebinding_flannel: true
|
||||||
|
configmap_bin: true
|
||||||
|
configmap_kube_flannel_cfg: true
|
||||||
|
daemonset_kube_flannel_ds: true
|
||||||
|
job_image_repo_sync: true
|
||||||
|
rbac_entrypoint: true
|
||||||
|
|
|
@ -0,0 +1,34 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
# This function returns endpoint "<namespace>:<name>" pair from an endpoint
|
||||||
|
# definition. This is used in kubernetes-entrypoint to support dependencies
|
||||||
|
# between different services in different namespaces.
|
||||||
|
# returns: the endpoint namespace and the service name, delimited by a colon
|
||||||
|
|
||||||
|
{{- define "helm-toolkit.endpoints.service_name_endpoint_with_namespace_lookup" -}}
|
||||||
|
{{- $type := index . 0 -}}
|
||||||
|
{{- $endpoint := index . 1 -}}
|
||||||
|
{{- $context := index . 2 -}}
|
||||||
|
{{- $typeYamlSafe := $type | replace "-" "_" }}
|
||||||
|
{{- $endpointMap := index $context.Values.endpoints $typeYamlSafe }}
|
||||||
|
{{- with $endpointMap -}}
|
||||||
|
{{- $endpointScheme := .scheme }}
|
||||||
|
{{- $endpointName := index .hosts $endpoint | default .hosts.default}}
|
||||||
|
{{- $endpointNamespace := .namespace | default $context.Release.Namespace }}
|
||||||
|
{{- printf "%s:%s" $endpointNamespace $endpointName -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,26 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- define "helm-toolkit.scripts.image_repo_sync" }}
|
||||||
|
#!/bin/sh
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
IFS=','; for IMAGE in ${IMAGE_SYNC_LIST}; do
|
||||||
|
docker pull ${IMAGE}
|
||||||
|
docker tag ${IMAGE} ${LOCAL_REPO}/${IMAGE}
|
||||||
|
docker push ${LOCAL_REPO}/${IMAGE}
|
||||||
|
done
|
||||||
|
{{- end }}
|
|
@ -18,8 +18,9 @@ limitations under the License.
|
||||||
{{- $envAll := index . 0 -}}
|
{{- $envAll := index . 0 -}}
|
||||||
{{- $image := index . 1 -}}
|
{{- $image := index . 1 -}}
|
||||||
{{- $imageTag := index $envAll.Values.images.tags $image -}}
|
{{- $imageTag := index $envAll.Values.images.tags $image -}}
|
||||||
{{- if $envAll.Values.images.registry.prefix -}}
|
{{- if and ($envAll.Values.images.local_registry.active) (not (has $image $envAll.Values.images.local_registry.exclude )) -}}
|
||||||
image: {{ printf "%s/%s" $envAll.Values.images.registry.prefix $imageTag | quote }}
|
{{- $registryPrefix := printf "%s:%s" (tuple "local_image_registry" "node" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup") (tuple "local_image_registry" "node" "registry" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup") -}}
|
||||||
|
image: {{ printf "%s/%s" $registryPrefix $imageTag | quote }}
|
||||||
{{- else -}}
|
{{- else -}}
|
||||||
image: {{ $imageTag | quote }}
|
image: {{ $imageTag | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -21,8 +21,7 @@ limitations under the License.
|
||||||
{{- $mountServiceAccount := dict "mountPath" "/var/run/secrets/kubernetes.io/serviceaccount" "name" "entrypoint-serviceaccount-secret" "readOnly" true -}}
|
{{- $mountServiceAccount := dict "mountPath" "/var/run/secrets/kubernetes.io/serviceaccount" "name" "entrypoint-serviceaccount-secret" "readOnly" true -}}
|
||||||
{{- $mountsEntrypoint := append $mounts $mountServiceAccount -}}
|
{{- $mountsEntrypoint := append $mounts $mountServiceAccount -}}
|
||||||
- name: init
|
- name: init
|
||||||
image: {{ $envAll.Values.images.tags.dep_check }}
|
{{ tuple $envAll "dep_check" | include "helm-toolkit.snippets.image" | indent 2 }}
|
||||||
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
|
|
||||||
env:
|
env:
|
||||||
- name: POD_NAME
|
- name: POD_NAME
|
||||||
valueFrom:
|
valueFrom:
|
||||||
|
@ -37,7 +36,7 @@ limitations under the License.
|
||||||
- name: INTERFACE_NAME
|
- name: INTERFACE_NAME
|
||||||
value: eth0
|
value: eth0
|
||||||
- name: DEPENDENCY_SERVICE
|
- name: DEPENDENCY_SERVICE
|
||||||
value: "{{ tuple $deps.services $envAll | include "helm-toolkit.utils.comma_joined_hostname_list" }}"
|
value: "{{ tuple $deps.services $envAll | include "helm-toolkit.utils.comma_joined_service_list" }}"
|
||||||
- name: DEPENDENCY_JOBS
|
- name: DEPENDENCY_JOBS
|
||||||
value: "{{ include "helm-toolkit.utils.joinListWithComma" $deps.jobs }}"
|
value: "{{ include "helm-toolkit.utils.joinListWithComma" $deps.jobs }}"
|
||||||
- name: DEPENDENCY_DAEMONSET
|
- name: DEPENDENCY_DAEMONSET
|
||||||
|
|
|
@ -14,8 +14,8 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
{{- define "helm-toolkit.utils.comma_joined_hostname_list" -}}
|
{{- define "helm-toolkit.utils.comma_joined_service_list" -}}
|
||||||
{{- $deps := index . 0 -}}
|
{{- $deps := index . 0 -}}
|
||||||
{{- $envAll := index . 1 -}}
|
{{- $envAll := index . 1 -}}
|
||||||
{{- range $k, $v := $deps -}}{{- if $k -}},{{- end -}}{{ tuple $v.service $v.endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}{{- end -}}
|
{{- range $k, $v := $deps -}}{{- if $k -}},{{- end -}}{{ tuple $v.service $v.endpoint $envAll | include "helm-toolkit.endpoints.service_name_endpoint_with_namespace_lookup" }}{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
|
@ -0,0 +1,27 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- define "helm-toolkit.utils.image_sync_list" -}}
|
||||||
|
{{- $imageExcludeList := .Values.images.local_registry.exclude -}}
|
||||||
|
{{- $imageDict := .Values.images.tags -}}
|
||||||
|
{{- $local := dict "first" true -}}
|
||||||
|
{{- range $k, $v := $imageDict -}}
|
||||||
|
{{- if not $local.first -}},{{- end -}}
|
||||||
|
{{- if (not (has $k $imageExcludeList )) -}}
|
||||||
|
{{- index $imageDict $k -}}
|
||||||
|
{{- $_ := set $local "first" false -}}
|
||||||
|
{{- end -}}{{- end -}}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,27 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.configmap_bin }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: kube-dns-bin
|
||||||
|
data:
|
||||||
|
image-repo-sync.sh: |+
|
||||||
|
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
|
||||||
|
{{- end }}
|
|
@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.configmap_kube_dns }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
|
@ -22,3 +23,4 @@ metadata:
|
||||||
name: kube-dns
|
name: kube-dns
|
||||||
labels:
|
labels:
|
||||||
addonmanager.kubernetes.io/mode: EnsureExists
|
addonmanager.kubernetes.io/mode: EnsureExists
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -14,7 +14,13 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.deployment_kube_dns }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
|
{{- if .Values.images.local_registry.active -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.kube_dns .Values.conditional_dependencies.local_image_registry) -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" .Values.dependencies.kube_dns -}}
|
||||||
|
{{- end -}}
|
||||||
---
|
---
|
||||||
apiVersion: extensions/v1beta1
|
apiVersion: extensions/v1beta1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
|
@ -181,8 +187,10 @@ spec:
|
||||||
- effect: NoSchedule
|
- effect: NoSchedule
|
||||||
key: node-role.kubernetes.io/master
|
key: node-role.kubernetes.io/master
|
||||||
volumes:
|
volumes:
|
||||||
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 6 }}
|
||||||
- configMap:
|
- configMap:
|
||||||
defaultMode: 420
|
defaultMode: 420
|
||||||
name: kube-dns
|
name: kube-dns
|
||||||
optional: true
|
optional: true
|
||||||
name: kube-dns-config
|
name: kube-dns-config
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -0,0 +1,65 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.job_image_repo_sync }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- if .Values.images.local_registry.active -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" .Values.dependencies.image_repo_sync -}}
|
||||||
|
---
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: kube-dns-image-repo-sync
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{ tuple $envAll "kube-dns" "image-repo-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
|
spec:
|
||||||
|
restartPolicy: OnFailure
|
||||||
|
nodeSelector:
|
||||||
|
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||||
|
initContainers:
|
||||||
|
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||||
|
containers:
|
||||||
|
- name: image-repo-sync
|
||||||
|
{{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
|
{{ tuple $envAll $envAll.Values.pod.resources.jobs.image_repo_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
env:
|
||||||
|
- name: LOCAL_REPO
|
||||||
|
value: "{{ tuple "local_image_registry" "node" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}:{{ tuple "local_image_registry" "node" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
|
||||||
|
- name: IMAGE_SYNC_LIST
|
||||||
|
value: "{{ include "helm-toolkit.utils.image_sync_list" . }}"
|
||||||
|
command:
|
||||||
|
- /tmp/image-repo-sync.sh
|
||||||
|
volumeMounts:
|
||||||
|
- name: kube-dns-bin
|
||||||
|
mountPath: /tmp/image-repo-sync.sh
|
||||||
|
subPath: image-repo-sync.sh
|
||||||
|
readOnly: true
|
||||||
|
- name: docker-socket
|
||||||
|
mountPath: /var/run/docker.sock
|
||||||
|
volumes:
|
||||||
|
- name: kube-dns-bin
|
||||||
|
configMap:
|
||||||
|
name: kube-dns-bin
|
||||||
|
defaultMode: 0555
|
||||||
|
- name: docker-socket
|
||||||
|
hostPath:
|
||||||
|
path: /var/run/docker.sock
|
||||||
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,19 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.rbac_entrypoint }}
|
||||||
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_rbac"}}
|
||||||
|
{{- end }}
|
|
@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.service_kube_dns }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
|
@ -41,3 +42,4 @@ spec:
|
||||||
selector:
|
selector:
|
||||||
k8s-app: kube-dns
|
k8s-app: kube-dns
|
||||||
{{ tuple $envAll "kubernetes" "dns" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
{{ tuple $envAll "kubernetes" "dns" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.serviceaccount_kube_dns }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
|
@ -23,3 +24,4 @@ metadata:
|
||||||
labels:
|
labels:
|
||||||
kubernetes.io/cluster-service: "true"
|
kubernetes.io/cluster-service: "true"
|
||||||
addonmanager.kubernetes.io/mode: Reconcile
|
addonmanager.kubernetes.io/mode: Reconcile
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -14,15 +14,76 @@
|
||||||
|
|
||||||
# https://raw.githubusercontent.com/coreos/flannel/v0.8.0/Documentation/kube-flannel.yml
|
# https://raw.githubusercontent.com/coreos/flannel/v0.8.0/Documentation/kube-flannel.yml
|
||||||
|
|
||||||
|
labels:
|
||||||
|
node_selector_key: openstack-control-plane
|
||||||
|
node_selector_value: enabled
|
||||||
|
|
||||||
images:
|
images:
|
||||||
tags:
|
tags:
|
||||||
kube_dns: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5
|
kube_dns: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5
|
||||||
kube_dns_nanny: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5
|
kube_dns_nanny: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5
|
||||||
kube_dns_sidecar: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5
|
kube_dns_sidecar: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5
|
||||||
|
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
|
||||||
|
image_repo_sync: docker.io/docker:17.07.0
|
||||||
pull_policy: IfNotPresent
|
pull_policy: IfNotPresent
|
||||||
registry:
|
local_registry:
|
||||||
prefix: null
|
active: false
|
||||||
|
exclude:
|
||||||
|
- dep_check
|
||||||
|
- image_repo_sync
|
||||||
|
|
||||||
|
pod:
|
||||||
|
resources:
|
||||||
|
enabled: false
|
||||||
|
jobs:
|
||||||
|
image_repo_sync:
|
||||||
|
requests:
|
||||||
|
memory: "128Mi"
|
||||||
|
cpu: "100m"
|
||||||
|
limits:
|
||||||
|
memory: "1024Mi"
|
||||||
|
cpu: "2000m"
|
||||||
|
|
||||||
networking:
|
networking:
|
||||||
dnsDomain: cluster.local
|
dnsDomain: cluster.local
|
||||||
dnsIP: 10.96.0.10
|
dnsIP: 10.96.0.10
|
||||||
|
|
||||||
|
dependencies:
|
||||||
|
kube_dns:
|
||||||
|
services: null
|
||||||
|
image_repo_sync:
|
||||||
|
services:
|
||||||
|
- service: local_image_registry
|
||||||
|
endpoint: internal
|
||||||
|
|
||||||
|
conditional_dependencies:
|
||||||
|
local_image_registry:
|
||||||
|
jobs:
|
||||||
|
- kube-dns-image-repo-sync
|
||||||
|
services:
|
||||||
|
- service: local_image_registry
|
||||||
|
endpoint: node
|
||||||
|
|
||||||
|
endpoints:
|
||||||
|
cluster_domain_suffix: cluster.local
|
||||||
|
local_image_registry:
|
||||||
|
name: docker-registry
|
||||||
|
namespace: docker-registry
|
||||||
|
hosts:
|
||||||
|
default: localhost
|
||||||
|
internal: docker-registry
|
||||||
|
node: localhost
|
||||||
|
host_fqdn_override:
|
||||||
|
default: null
|
||||||
|
port:
|
||||||
|
registry:
|
||||||
|
node: 5000
|
||||||
|
|
||||||
|
manifests:
|
||||||
|
configmap_bin: true
|
||||||
|
configmap_kube_dns: true
|
||||||
|
deployment_kube_dns: true
|
||||||
|
job_image_repo_sync: true
|
||||||
|
rbac_entrypoint: true
|
||||||
|
service_kube_dns: true
|
||||||
|
serviceaccount_kube_dns: true
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.configmap_bin }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: nfs-bin
|
||||||
|
data:
|
||||||
|
image-repo-sync.sh: |+
|
||||||
|
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
|
||||||
|
{{- end }}
|
|
@ -16,6 +16,11 @@ limitations under the License.
|
||||||
|
|
||||||
{{- if .Values.manifests.deployment }}
|
{{- if .Values.manifests.deployment }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
|
{{- if .Values.images.local_registry.active -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.nfs .Values.conditional_dependencies.local_image_registry) -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" .Values.dependencies.nfs -}}
|
||||||
|
{{- end -}}
|
||||||
---
|
---
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
apiVersion: apps/v1beta1
|
apiVersion: apps/v1beta1
|
||||||
|
@ -34,6 +39,8 @@ spec:
|
||||||
{{ tuple $envAll "nfs" "provisioner" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
{{ tuple $envAll "nfs" "provisioner" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||||
|
initContainers:
|
||||||
|
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||||
containers:
|
containers:
|
||||||
- name: nfs-provisioner
|
- name: nfs-provisioner
|
||||||
{{ tuple $envAll "nfs_provisioner" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nfs_provisioner" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
|
@ -71,6 +78,7 @@ spec:
|
||||||
- name: export-volume
|
- name: export-volume
|
||||||
mountPath: /export
|
mountPath: /export
|
||||||
volumes:
|
volumes:
|
||||||
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
|
||||||
- name: export-volume
|
- name: export-volume
|
||||||
hostPath:
|
hostPath:
|
||||||
path: {{ .Values.storage.host.host_path }}
|
path: {{ .Values.storage.host.host_path }}
|
||||||
|
|
|
@ -0,0 +1,65 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.job_image_repo_sync }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- if .Values.images.local_registry.active -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" .Values.dependencies.image_repo_sync -}}
|
||||||
|
---
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: nfs-image-repo-sync
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{ tuple $envAll "nfs" "image-repo-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
|
spec:
|
||||||
|
restartPolicy: OnFailure
|
||||||
|
nodeSelector:
|
||||||
|
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||||
|
initContainers:
|
||||||
|
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||||
|
containers:
|
||||||
|
- name: image-repo-sync
|
||||||
|
{{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
|
{{ tuple $envAll $envAll.Values.pod.resources.jobs.image_repo_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
env:
|
||||||
|
- name: LOCAL_REPO
|
||||||
|
value: "{{ tuple "local_image_registry" "node" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}:{{ tuple "local_image_registry" "node" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
|
||||||
|
- name: IMAGE_SYNC_LIST
|
||||||
|
value: "{{ include "helm-toolkit.utils.image_sync_list" . }}"
|
||||||
|
command:
|
||||||
|
- /tmp/image-repo-sync.sh
|
||||||
|
volumeMounts:
|
||||||
|
- name: nfs-bin
|
||||||
|
mountPath: /tmp/image-repo-sync.sh
|
||||||
|
subPath: image-repo-sync.sh
|
||||||
|
readOnly: true
|
||||||
|
- name: docker-socket
|
||||||
|
mountPath: /var/run/docker.sock
|
||||||
|
volumes:
|
||||||
|
- name: nfs-bin
|
||||||
|
configMap:
|
||||||
|
name: nfs-bin
|
||||||
|
defaultMode: 0555
|
||||||
|
- name: docker-socket
|
||||||
|
hostPath:
|
||||||
|
path: /var/run/docker.sock
|
||||||
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,19 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.rbac_entrypoint }}
|
||||||
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_rbac"}}
|
||||||
|
{{- end }}
|
|
@ -35,13 +35,26 @@ pod:
|
||||||
limits:
|
limits:
|
||||||
memory: "1024Mi"
|
memory: "1024Mi"
|
||||||
cpu: "2000m"
|
cpu: "2000m"
|
||||||
|
jobs:
|
||||||
|
image_repo_sync:
|
||||||
|
requests:
|
||||||
|
memory: "128Mi"
|
||||||
|
cpu: "100m"
|
||||||
|
limits:
|
||||||
|
memory: "1024Mi"
|
||||||
|
cpu: "2000m"
|
||||||
|
|
||||||
images:
|
images:
|
||||||
tags:
|
tags:
|
||||||
nfs_provisioner: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.8
|
nfs_provisioner: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.8
|
||||||
|
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
|
||||||
|
image_repo_sync: docker.io/docker:17.07.0
|
||||||
pull_policy: IfNotPresent
|
pull_policy: IfNotPresent
|
||||||
registry:
|
local_registry:
|
||||||
prefix: null
|
active: false
|
||||||
|
exclude:
|
||||||
|
- dep_check
|
||||||
|
- image_repo_sync
|
||||||
|
|
||||||
storage:
|
storage:
|
||||||
host:
|
host:
|
||||||
|
@ -55,8 +68,36 @@ storageclass:
|
||||||
provisioner: example.com/nfs
|
provisioner: example.com/nfs
|
||||||
name: general
|
name: general
|
||||||
|
|
||||||
|
dependencies:
|
||||||
|
nfs:
|
||||||
|
services: null
|
||||||
|
image_repo_sync:
|
||||||
|
services:
|
||||||
|
- service: local_image_registry
|
||||||
|
endpoint: internal
|
||||||
|
|
||||||
|
conditional_dependencies:
|
||||||
|
local_image_registry:
|
||||||
|
jobs:
|
||||||
|
- nfs-image-repo-sync
|
||||||
|
services:
|
||||||
|
- service: local_image_registry
|
||||||
|
endpoint: node
|
||||||
|
|
||||||
endpoints:
|
endpoints:
|
||||||
cluster_domain_suffix: cluster.local
|
cluster_domain_suffix: cluster.local
|
||||||
|
local_image_registry:
|
||||||
|
name: docker-registry
|
||||||
|
namespace: docker-registry
|
||||||
|
hosts:
|
||||||
|
default: localhost
|
||||||
|
internal: docker-registry
|
||||||
|
node: localhost
|
||||||
|
host_fqdn_override:
|
||||||
|
default: null
|
||||||
|
port:
|
||||||
|
registry:
|
||||||
|
node: 5000
|
||||||
nfs:
|
nfs:
|
||||||
hosts:
|
hosts:
|
||||||
default: nfs-provisioner
|
default: nfs-provisioner
|
||||||
|
@ -69,6 +110,9 @@ endpoints:
|
||||||
default: null
|
default: null
|
||||||
|
|
||||||
manifests:
|
manifests:
|
||||||
|
configmap_bin: true
|
||||||
deployment: true
|
deployment: true
|
||||||
|
job_image_repo_sync: true
|
||||||
|
rbac_entrypoint: true
|
||||||
service: true
|
service: true
|
||||||
storage_class: true
|
storage_class: true
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.configmap_bin }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: redis-bin
|
||||||
|
data:
|
||||||
|
image-repo-sync.sh: |+
|
||||||
|
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
|
||||||
|
{{- end }}
|
|
@ -14,7 +14,13 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.deployment }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
|
{{- if .Values.images.local_registry.active -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.redis .Values.conditional_dependencies.local_image_registry) -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" .Values.dependencies.redis -}}
|
||||||
|
{{- end -}}
|
||||||
---
|
---
|
||||||
apiVersion: apps/v1beta1
|
apiVersion: apps/v1beta1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
|
@ -32,16 +38,21 @@ spec:
|
||||||
{{ tuple $envAll "redis" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
{{ tuple $envAll "redis" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||||
|
initContainers:
|
||||||
|
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||||
containers:
|
containers:
|
||||||
- name: redis
|
- name: redis
|
||||||
{{ tuple $envAll "redis" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "redis" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
command: ["sh", "-xec"]
|
command:
|
||||||
args:
|
- redis-server
|
||||||
- |
|
- --port
|
||||||
exec redis-server --port {{ .Values.network.port }}
|
- {{ .Values.network.port | quote }}
|
||||||
ports:
|
ports:
|
||||||
- containerPort: {{ .Values.network.port }}
|
- containerPort: {{ .Values.network.port }}
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
tcpSocket:
|
tcpSocket:
|
||||||
port: {{ .Values.network.port }}
|
port: {{ .Values.network.port }}
|
||||||
|
volumes:
|
||||||
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -0,0 +1,65 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.job_image_repo_sync }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- if .Values.images.local_registry.active -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" .Values.dependencies.image_repo_sync -}}
|
||||||
|
---
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: redis-image-repo-sync
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{ tuple $envAll "redis" "image-repo-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
|
spec:
|
||||||
|
restartPolicy: OnFailure
|
||||||
|
nodeSelector:
|
||||||
|
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||||
|
initContainers:
|
||||||
|
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||||
|
containers:
|
||||||
|
- name: image-repo-sync
|
||||||
|
{{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
|
{{ tuple $envAll $envAll.Values.pod.resources.jobs.image_repo_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
env:
|
||||||
|
- name: LOCAL_REPO
|
||||||
|
value: "{{ tuple "local_image_registry" "node" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}:{{ tuple "local_image_registry" "node" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
|
||||||
|
- name: IMAGE_SYNC_LIST
|
||||||
|
value: "{{ include "helm-toolkit.utils.image_sync_list" . }}"
|
||||||
|
command:
|
||||||
|
- /tmp/image-repo-sync.sh
|
||||||
|
volumeMounts:
|
||||||
|
- name: redis-bin
|
||||||
|
mountPath: /tmp/image-repo-sync.sh
|
||||||
|
subPath: image-repo-sync.sh
|
||||||
|
readOnly: true
|
||||||
|
- name: docker-socket
|
||||||
|
mountPath: /var/run/docker.sock
|
||||||
|
volumes:
|
||||||
|
- name: redis-bin
|
||||||
|
configMap:
|
||||||
|
name: redis-bin
|
||||||
|
defaultMode: 0555
|
||||||
|
- name: docker-socket
|
||||||
|
hostPath:
|
||||||
|
path: /var/run/docker.sock
|
||||||
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,19 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.rbac_entrypoint }}
|
||||||
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_rbac"}}
|
||||||
|
{{- end }}
|
|
@ -13,6 +13,8 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
See the License for the specific language governing permissions and
|
See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.service }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
|
@ -25,3 +27,4 @@ spec:
|
||||||
- port: {{ .Values.network.port }}
|
- port: {{ .Values.network.port }}
|
||||||
selector:
|
selector:
|
||||||
{{ tuple $envAll "redis" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
{{ tuple $envAll "redis" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -20,17 +20,22 @@
|
||||||
images:
|
images:
|
||||||
tags:
|
tags:
|
||||||
redis: docker.io/redis:4.0.1
|
redis: docker.io/redis:4.0.1
|
||||||
pull_policy: "IfNotPresent"
|
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
|
||||||
registry:
|
image_repo_sync: docker.io/docker:17.07.0
|
||||||
prefix: null
|
pull_policy: IfNotPresent
|
||||||
|
local_registry:
|
||||||
|
active: false
|
||||||
|
exclude:
|
||||||
|
- dep_check
|
||||||
|
- image_repo_sync
|
||||||
|
|
||||||
pod:
|
pod:
|
||||||
affinity:
|
affinity:
|
||||||
anti:
|
anti:
|
||||||
type:
|
type:
|
||||||
default: preferredDuringSchedulingIgnoredDuringExecution
|
default: preferredDuringSchedulingIgnoredDuringExecution
|
||||||
topologyKey:
|
topologyKey:
|
||||||
default: kubernetes.io/hostname
|
default: kubernetes.io/hostname
|
||||||
replicas:
|
replicas:
|
||||||
server: 1
|
server: 1
|
||||||
lifecycle:
|
lifecycle:
|
||||||
|
@ -50,6 +55,14 @@ pod:
|
||||||
requests:
|
requests:
|
||||||
memory: "128Mi"
|
memory: "128Mi"
|
||||||
cpu: "500m"
|
cpu: "500m"
|
||||||
|
jobs:
|
||||||
|
image_repo_sync:
|
||||||
|
requests:
|
||||||
|
memory: "128Mi"
|
||||||
|
cpu: "100m"
|
||||||
|
limits:
|
||||||
|
memory: "1024Mi"
|
||||||
|
cpu: "2000m"
|
||||||
|
|
||||||
labels:
|
labels:
|
||||||
node_selector_key: openstack-control-plane
|
node_selector_key: openstack-control-plane
|
||||||
|
@ -57,3 +70,41 @@ labels:
|
||||||
|
|
||||||
network:
|
network:
|
||||||
port: 6379
|
port: 6379
|
||||||
|
|
||||||
|
dependencies:
|
||||||
|
redis:
|
||||||
|
services: null
|
||||||
|
image_repo_sync:
|
||||||
|
services:
|
||||||
|
- service: local_image_registry
|
||||||
|
endpoint: internal
|
||||||
|
|
||||||
|
conditional_dependencies:
|
||||||
|
local_image_registry:
|
||||||
|
jobs:
|
||||||
|
- redis-image-repo-sync
|
||||||
|
services:
|
||||||
|
- service: local_image_registry
|
||||||
|
endpoint: node
|
||||||
|
|
||||||
|
endpoints:
|
||||||
|
cluster_domain_suffix: cluster.local
|
||||||
|
local_image_registry:
|
||||||
|
name: docker-registry
|
||||||
|
namespace: docker-registry
|
||||||
|
hosts:
|
||||||
|
default: localhost
|
||||||
|
internal: docker-registry
|
||||||
|
node: localhost
|
||||||
|
host_fqdn_override:
|
||||||
|
default: null
|
||||||
|
port:
|
||||||
|
registry:
|
||||||
|
node: 5000
|
||||||
|
|
||||||
|
manifests:
|
||||||
|
configmap_bin: true
|
||||||
|
deployment: true
|
||||||
|
job_image_repo_sync: true
|
||||||
|
rbac_entrypoint: true
|
||||||
|
service: true
|
||||||
|
|
|
@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
{{- if .Values.manifests.configmap_bin }}
|
{{- if .Values.manifests.configmap_etc }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
|
|
||||||
{{- if empty .Values.conf.registry.http.addr -}}
|
{{- if empty .Values.conf.registry.http.addr -}}
|
||||||
|
|
|
@ -16,7 +16,11 @@ limitations under the License.
|
||||||
|
|
||||||
{{- if .Values.manifests.daemonset_registry_proxy }}
|
{{- if .Values.manifests.daemonset_registry_proxy }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $dependencies := .Values.dependencies.registry_proxy }}
|
{{- if .Values.images.local_registry.active -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.registry_proxy .Values.conditional_dependencies.local_image_registry) -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" .Values.dependencies.registry_proxy -}}
|
||||||
|
{{- end -}}
|
||||||
---
|
---
|
||||||
apiVersion: extensions/v1beta1
|
apiVersion: extensions/v1beta1
|
||||||
kind: DaemonSet
|
kind: DaemonSet
|
||||||
|
@ -36,7 +40,7 @@ spec:
|
||||||
dnsPolicy: ClusterFirstWithHostNet
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
initContainers:
|
initContainers:
|
||||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||||
containers:
|
containers:
|
||||||
- name: registry-proxy
|
- name: registry-proxy
|
||||||
{{ tuple $envAll "registry_proxy" | include "helm-toolkit.snippets.image" | indent 8 }}
|
{{ tuple $envAll "registry_proxy" | include "helm-toolkit.snippets.image" | indent 8 }}
|
||||||
|
@ -53,6 +57,7 @@ spec:
|
||||||
subPath: default.conf
|
subPath: default.conf
|
||||||
readOnly: true
|
readOnly: true
|
||||||
volumes:
|
volumes:
|
||||||
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
|
||||||
- name: registry-bin
|
- name: registry-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: registry-bin
|
name: registry-bin
|
||||||
|
@ -61,5 +66,4 @@ spec:
|
||||||
configMap:
|
configMap:
|
||||||
name: registry-etc
|
name: registry-etc
|
||||||
defaultMode: 0444
|
defaultMode: 0444
|
||||||
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -16,7 +16,11 @@ limitations under the License.
|
||||||
|
|
||||||
{{- if .Values.manifests.deployment_registry }}
|
{{- if .Values.manifests.deployment_registry }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $dependencies := .Values.dependencies.registry }}
|
{{- if .Values.images.local_registry.active -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.registry .Values.conditional_dependencies.local_image_registry) -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" .Values.dependencies.registry -}}
|
||||||
|
{{- end -}}
|
||||||
---
|
---
|
||||||
apiVersion: apps/v1beta1
|
apiVersion: apps/v1beta1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
|
@ -38,7 +42,7 @@ spec:
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||||
initContainers:
|
initContainers:
|
||||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||||
containers:
|
containers:
|
||||||
- name: registry
|
- name: registry
|
||||||
{{ tuple $envAll "registry" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "registry" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
|
@ -60,6 +64,7 @@ spec:
|
||||||
- name: docker-images
|
- name: docker-images
|
||||||
mountPath: {{ .Values.conf.registry.storage.filesystem.rootdirectory }}
|
mountPath: {{ .Values.conf.registry.storage.filesystem.rootdirectory }}
|
||||||
volumes:
|
volumes:
|
||||||
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
|
||||||
- name: registry-bin
|
- name: registry-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: registry-bin
|
name: registry-bin
|
||||||
|
@ -71,5 +76,4 @@ spec:
|
||||||
- name: docker-images
|
- name: docker-images
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: docker-images
|
claimName: docker-images
|
||||||
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -17,7 +17,11 @@ limitations under the License.
|
||||||
{{- if .Values.manifests.job_bootstrap }}
|
{{- if .Values.manifests.job_bootstrap }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- if .Values.bootstrap.enabled }}
|
{{- if .Values.bootstrap.enabled }}
|
||||||
{{- $dependencies := .Values.dependencies.bootstrap }}
|
{{- if .Values.images.local_registry.active -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.bootstrap .Values.conditional_dependencies.local_image_registry) -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" .Values.dependencies.bootstrap -}}
|
||||||
|
{{- end -}}
|
||||||
---
|
---
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
|
@ -33,7 +37,7 @@ spec:
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||||
initContainers:
|
initContainers:
|
||||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||||
containers:
|
containers:
|
||||||
- name: docker-bootstrap
|
- name: docker-bootstrap
|
||||||
{{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
|
@ -53,6 +57,7 @@ spec:
|
||||||
- name: docker-socket
|
- name: docker-socket
|
||||||
mountPath: /var/run/docker.sock
|
mountPath: /var/run/docker.sock
|
||||||
volumes:
|
volumes:
|
||||||
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
|
||||||
- name: registry-bin
|
- name: registry-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: registry-bin
|
name: registry-bin
|
||||||
|
@ -60,6 +65,5 @@ spec:
|
||||||
- name: docker-socket
|
- name: docker-socket
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /var/run/docker.sock
|
path: /var/run/docker.sock
|
||||||
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -14,4 +14,6 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.rbac_entrypoint }}
|
||||||
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_rbac"}}
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_rbac"}}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -30,8 +30,10 @@ images:
|
||||||
bootstrap: docker.io/docker:17.07.0
|
bootstrap: docker.io/docker:17.07.0
|
||||||
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
|
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
|
||||||
pull_policy: "IfNotPresent"
|
pull_policy: "IfNotPresent"
|
||||||
registry:
|
local_registry:
|
||||||
prefix: null
|
active: false
|
||||||
|
exclude:
|
||||||
|
- dep_check
|
||||||
|
|
||||||
volume:
|
volume:
|
||||||
class_name: general
|
class_name: general
|
||||||
|
@ -115,7 +117,7 @@ bootstrap:
|
||||||
script:
|
script:
|
||||||
docker info
|
docker info
|
||||||
preload_images:
|
preload_images:
|
||||||
- gcr.io/google_containers/ubuntu-slim:0.14
|
- quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
|
||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
registry:
|
registry:
|
||||||
|
@ -135,16 +137,27 @@ dependencies:
|
||||||
|
|
||||||
endpoints:
|
endpoints:
|
||||||
cluster_domain_suffix: cluster.local
|
cluster_domain_suffix: cluster.local
|
||||||
docker_registry:
|
local_image_registry:
|
||||||
name: docker-registry
|
name: docker-registry
|
||||||
|
namespace: docker-registry
|
||||||
hosts:
|
hosts:
|
||||||
default: docker-registry
|
default: localhost
|
||||||
|
internal: docker-registry
|
||||||
|
node: localhost
|
||||||
host_fqdn_override:
|
host_fqdn_override:
|
||||||
default: null
|
default: null
|
||||||
path:
|
port:
|
||||||
|
registry:
|
||||||
|
default: 5000
|
||||||
|
docker_registry:
|
||||||
|
name: docker-registry
|
||||||
|
namespace: docker-registry
|
||||||
|
hosts:
|
||||||
|
default: localhost
|
||||||
|
internal: docker-registry
|
||||||
|
node: localhost
|
||||||
|
host_fqdn_override:
|
||||||
default: null
|
default: null
|
||||||
scheme:
|
|
||||||
default: http
|
|
||||||
port:
|
port:
|
||||||
registry:
|
registry:
|
||||||
default: 5000
|
default: 5000
|
||||||
|
@ -160,8 +173,11 @@ endpoints:
|
||||||
|
|
||||||
manifests:
|
manifests:
|
||||||
configmap_bin: true
|
configmap_bin: true
|
||||||
|
configmap_etc: true
|
||||||
daemonset_registry_proxy: true
|
daemonset_registry_proxy: true
|
||||||
deployment_registry: true
|
deployment_registry: true
|
||||||
job_bootstrap: true
|
job_bootstrap: true
|
||||||
|
job_image_repo_sync: true
|
||||||
pvc_images: true
|
pvc_images: true
|
||||||
|
rbac_entrypoint: true
|
||||||
service_registry: true
|
service_registry: true
|
||||||
|
|
|
@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.clusterrolebinding_tiller }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
@ -28,3 +29,4 @@ subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: tiller
|
name: tiller
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.configmap_bin }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: tiller-bin
|
||||||
|
data:
|
||||||
|
image-repo-sync.sh: |+
|
||||||
|
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
|
||||||
|
{{- end }}
|
|
@ -14,7 +14,13 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.deployment_tiller }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
|
{{- if .Values.images.local_registry.active -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.tiller .Values.conditional_dependencies.local_image_registry) -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" .Values.dependencies.tiller -}}
|
||||||
|
{{- end -}}
|
||||||
---
|
---
|
||||||
apiVersion: extensions/v1beta1
|
apiVersion: extensions/v1beta1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
|
@ -40,6 +46,8 @@ spec:
|
||||||
app: helm
|
app: helm
|
||||||
name: tiller
|
name: tiller
|
||||||
spec:
|
spec:
|
||||||
|
initContainers:
|
||||||
|
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||||
containers:
|
containers:
|
||||||
- env:
|
- env:
|
||||||
- name: TILLER_NAMESPACE
|
- name: TILLER_NAMESPACE
|
||||||
|
@ -82,3 +90,6 @@ spec:
|
||||||
serviceAccount: tiller
|
serviceAccount: tiller
|
||||||
serviceAccountName: tiller
|
serviceAccountName: tiller
|
||||||
terminationGracePeriodSeconds: 30
|
terminationGracePeriodSeconds: 30
|
||||||
|
volumes:
|
||||||
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -0,0 +1,65 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.job_image_repo_sync }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- if .Values.images.local_registry.active -}}
|
||||||
|
{{- $_ := set .Values "pod_dependency" .Values.dependencies.image_repo_sync -}}
|
||||||
|
---
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: tiller-image-repo-sync
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{ tuple $envAll "tiller" "image-repo-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
|
spec:
|
||||||
|
restartPolicy: OnFailure
|
||||||
|
nodeSelector:
|
||||||
|
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||||
|
initContainers:
|
||||||
|
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||||
|
containers:
|
||||||
|
- name: image-repo-sync
|
||||||
|
{{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
|
{{ tuple $envAll $envAll.Values.pod.resources.jobs.image_repo_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
env:
|
||||||
|
- name: LOCAL_REPO
|
||||||
|
value: "{{ tuple "local_image_registry" "node" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}:{{ tuple "local_image_registry" "node" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
|
||||||
|
- name: IMAGE_SYNC_LIST
|
||||||
|
value: "{{ include "helm-toolkit.utils.image_sync_list" . }}"
|
||||||
|
command:
|
||||||
|
- /tmp/image-repo-sync.sh
|
||||||
|
volumeMounts:
|
||||||
|
- name: tiller-bin
|
||||||
|
mountPath: /tmp/image-repo-sync.sh
|
||||||
|
subPath: image-repo-sync.sh
|
||||||
|
readOnly: true
|
||||||
|
- name: docker-socket
|
||||||
|
mountPath: /var/run/docker.sock
|
||||||
|
volumes:
|
||||||
|
- name: tiller-bin
|
||||||
|
configMap:
|
||||||
|
name: tiller-bin
|
||||||
|
defaultMode: 0555
|
||||||
|
- name: docker-socket
|
||||||
|
hostPath:
|
||||||
|
path: /var/run/docker.sock
|
||||||
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,19 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.rbac_entrypoint }}
|
||||||
|
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_rbac"}}
|
||||||
|
{{- end }}
|
|
@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.service_tiller_deploy }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
|
@ -34,3 +35,4 @@ spec:
|
||||||
name: tiller
|
name: tiller
|
||||||
sessionAffinity: None
|
sessionAffinity: None
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -14,9 +14,11 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.serviceaccount_tiller }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
name: tiller
|
name: tiller
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -26,6 +26,63 @@ release_group: null
|
||||||
images:
|
images:
|
||||||
tags:
|
tags:
|
||||||
tiller: gcr.io/kubernetes-helm/tiller:v2.7.0-rc1
|
tiller: gcr.io/kubernetes-helm/tiller:v2.7.0-rc1
|
||||||
pull_policy: "IfNotPresent"
|
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
|
||||||
registry:
|
image_repo_sync: docker.io/docker:17.07.0
|
||||||
prefix: null
|
pull_policy: IfNotPresent
|
||||||
|
local_registry:
|
||||||
|
active: false
|
||||||
|
exclude:
|
||||||
|
- dep_check
|
||||||
|
- image_repo_sync
|
||||||
|
|
||||||
|
pod:
|
||||||
|
resources:
|
||||||
|
enabled: false
|
||||||
|
jobs:
|
||||||
|
image_repo_sync:
|
||||||
|
requests:
|
||||||
|
memory: "128Mi"
|
||||||
|
cpu: "100m"
|
||||||
|
limits:
|
||||||
|
memory: "1024Mi"
|
||||||
|
cpu: "2000m"
|
||||||
|
|
||||||
|
dependencies:
|
||||||
|
tiller:
|
||||||
|
services: null
|
||||||
|
image_repo_sync:
|
||||||
|
services:
|
||||||
|
- service: local_image_registry
|
||||||
|
endpoint: internal
|
||||||
|
|
||||||
|
conditional_dependencies:
|
||||||
|
local_image_registry:
|
||||||
|
jobs:
|
||||||
|
- tiller-image-repo-sync
|
||||||
|
services:
|
||||||
|
- service: local_image_registry
|
||||||
|
endpoint: node
|
||||||
|
|
||||||
|
endpoints:
|
||||||
|
cluster_domain_suffix: cluster.local
|
||||||
|
local_image_registry:
|
||||||
|
name: docker-registry
|
||||||
|
namespace: docker-registry
|
||||||
|
hosts:
|
||||||
|
default: localhost
|
||||||
|
internal: docker-registry
|
||||||
|
node: localhost
|
||||||
|
host_fqdn_override:
|
||||||
|
default: null
|
||||||
|
port:
|
||||||
|
registry:
|
||||||
|
node: 5000
|
||||||
|
|
||||||
|
manifests:
|
||||||
|
clusterrolebinding_tiller: true
|
||||||
|
configmap_bin: true
|
||||||
|
deployment_tiller: true
|
||||||
|
job_image_repo_sync: true
|
||||||
|
rbac_entrypoint: true
|
||||||
|
service_tiller_deploy: true
|
||||||
|
serviceaccount_tiller: true
|
||||||
|
|
|
@ -13,20 +13,7 @@
|
||||||
# This set of tasks creates over-rides that need to be generated dyamicly and
|
# This set of tasks creates over-rides that need to be generated dyamicly and
|
||||||
# injected at runtime.
|
# injected at runtime.
|
||||||
|
|
||||||
- name: Ensure docker python packages deployed
|
|
||||||
include_role:
|
|
||||||
name: deploy-package
|
|
||||||
tasks_from: pip
|
|
||||||
vars:
|
|
||||||
packages:
|
|
||||||
- yq
|
|
||||||
|
|
||||||
- name: setup directorys on host
|
- name: setup directorys on host
|
||||||
file:
|
file:
|
||||||
path: "{{ work_dir }}/tools/gate/local-overrides/"
|
path: "{{ work_dir }}/tools/gate/local-overrides/"
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
- name: generate overides for bootstrap-registry-registry release
|
|
||||||
shell: "./tools/image-repo-overides.sh > ./tools/gate/local-overrides/bootstrap-registry-registry.yaml"
|
|
||||||
args:
|
|
||||||
chdir: "{{ work_dir }}"
|
|
||||||
|
|
|
@ -50,18 +50,18 @@ nodes:
|
||||||
value: enabled
|
value: enabled
|
||||||
|
|
||||||
chart_groups:
|
chart_groups:
|
||||||
- name: bootstrap_registry
|
- name: docker_registry
|
||||||
timeout: 600
|
timeout: 600
|
||||||
charts:
|
charts:
|
||||||
- bootstrap_registry_nfs_provisioner
|
- docker_registry_nfs_provisioner
|
||||||
- bootstrap_registry_redis
|
- docker_registry_redis
|
||||||
- bootstrap_registry_registry
|
- docker_registry
|
||||||
|
|
||||||
charts:
|
charts:
|
||||||
bootstrap_registry_nfs_provisioner:
|
docker_registry_nfs_provisioner:
|
||||||
chart_name: nfs-provisioner
|
chart_name: nfs-provisioner
|
||||||
release: bootstrap-registry-nfs-provisioner
|
release: docker-registry-nfs-provisioner
|
||||||
namespace: bootstrap-registry
|
namespace: docker-registry
|
||||||
upgrade:
|
upgrade:
|
||||||
pre:
|
pre:
|
||||||
delete:
|
delete:
|
||||||
|
@ -77,19 +77,19 @@ charts:
|
||||||
storageclass:
|
storageclass:
|
||||||
name: openstack-helm-bootstrap
|
name: openstack-helm-bootstrap
|
||||||
|
|
||||||
bootstrap_registry_redis:
|
docker_registry_redis:
|
||||||
chart_name: redis
|
chart_name: redis
|
||||||
release: bootstrap-registry-redis
|
release: docker-registry-redis
|
||||||
namespace: bootstrap-registry
|
namespace: docker-registry
|
||||||
values:
|
values:
|
||||||
labels:
|
labels:
|
||||||
node_selector_key: openstack-helm-node-class
|
node_selector_key: openstack-helm-node-class
|
||||||
node_selector_value: primary
|
node_selector_value: primary
|
||||||
|
|
||||||
bootstrap_registry_registry:
|
docker_registry:
|
||||||
chart_name: registry
|
chart_name: registry
|
||||||
release: bootstrap-registry-registry
|
release: docker-registry
|
||||||
namespace: bootstrap-registry
|
namespace: docker-registry
|
||||||
values:
|
values:
|
||||||
labels:
|
labels:
|
||||||
node_selector_key: openstack-helm-node-class
|
node_selector_key: openstack-helm-node-class
|
||||||
|
|
|
@ -59,8 +59,17 @@
|
||||||
gather_facts: False
|
gather_facts: False
|
||||||
become: yes
|
become: yes
|
||||||
roles:
|
roles:
|
||||||
- pull-images
|
|
||||||
- build-images
|
- build-images
|
||||||
tags:
|
tags:
|
||||||
- pull-images
|
|
||||||
- build-images
|
- build-images
|
||||||
|
|
||||||
|
- hosts: primary
|
||||||
|
vars_files:
|
||||||
|
- vars.yaml
|
||||||
|
vars:
|
||||||
|
work_dir: "{{ zuul.project.src_dir }}"
|
||||||
|
gather_facts: True
|
||||||
|
roles:
|
||||||
|
- pull-images
|
||||||
|
tags:
|
||||||
|
- pull-images
|
||||||
|
|
Loading…
Reference in New Issue