Implementes: ranger-agent helm charts
This is an effort to implement helm charts for ranger-agent component Signed-off-by: Hari Om Singh<hosingh000@gmail.com> Change-Id: If3ef41cf3850edb52af1ec4861073657becec7ed
This commit is contained in:
parent
d2026c1326
commit
fb5df6ce88
|
@ -0,0 +1,22 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
description: OpenStack-Helm Ranger Agent
|
||||
name: ranger-agent
|
||||
version: 0.1.0
|
||||
sources:
|
||||
- https://git.openstack.org/cgit/openstack/ranger-agent
|
||||
- https://git.openstack.org/cgit/openstack/openstack-helm
|
||||
maintainers:
|
||||
- name: OpenStack-Helm Authors
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
dependencies:
|
||||
- name: helm-toolkit
|
||||
repository: http://localhost:8879/charts
|
||||
version: 0.1.0
|
|
@ -0,0 +1,22 @@
|
|||
#!/bin/bash
|
||||
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
set -ex
|
||||
|
||||
exec ranger-agent-dbsync \
|
||||
--config-file /etc/ranger-agent/ranger-agent.conf
|
|
@ -0,0 +1,42 @@
|
|||
#!/bin/bash
|
||||
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
set -ex
|
||||
function apireadiness () {
|
||||
IS_SERVICE_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-agent-api" {print $8}')
|
||||
|
||||
if [ ! -z "$IS_SERVICE_RUNNING" -a "$IS_SERVICE_RUNNING"!=" " ]; then
|
||||
exit 0
|
||||
else
|
||||
exit 1
|
||||
fi
|
||||
|
||||
}
|
||||
function enginereadiness () {
|
||||
IS_SERVICE_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-agent-engine" {print $8}')
|
||||
|
||||
if [ ! -z "$IS_SERVICE_RUNNING" -a "$IS_SERVICE_RUNNING"!=" " ]; then
|
||||
exit 0
|
||||
else
|
||||
exit 1
|
||||
fi
|
||||
|
||||
}
|
||||
function engineliveness () {
|
||||
enginereadiness
|
||||
}
|
|
@ -0,0 +1,31 @@
|
|||
#!/bin/bash
|
||||
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
set -ex
|
||||
COMMAND="${@:-start}"
|
||||
|
||||
function start () {
|
||||
exec ranger-agent-api \
|
||||
--config-file /etc/ranger-agent/ranger-agent.conf
|
||||
}
|
||||
|
||||
function stop () {
|
||||
kill -TERM 1
|
||||
}
|
||||
|
||||
$COMMAND
|
|
@ -0,0 +1,51 @@
|
|||
#!/bin/bash
|
||||
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
set -ex
|
||||
|
||||
COMMAND="${@:-start}"
|
||||
|
||||
function start () {
|
||||
|
||||
if [ -n "${SSH_KEY}" ] && [ -n "${SSH_KEY_CONFIGURATION}" ];then
|
||||
if [[ $(stat -c %F ${USER_HOME}/.ssh) = "directory" ]]; then
|
||||
rm -fr ${USER_HOME}/.ssh
|
||||
fi
|
||||
|
||||
mkdir -p ${USER_HOME}/.ssh
|
||||
echo -e "${SSH_KEY}" >>${USER_HOME}/.ssh/${SSH_KEY_FILE}
|
||||
echo -e "${SSH_KEY_CONFIGURATION}" >>${USER_HOME}/.ssh/config
|
||||
|
||||
chown ranger_agent: ${USER_HOME}/.ssh
|
||||
chmod 0700 -R ${USER_HOME}/.ssh
|
||||
chmod 0644 ${USER_HOME}/.ssh/config
|
||||
chmod 0600 ${USER_HOME}/.ssh/${SSH_KEY_FILE}
|
||||
fi
|
||||
|
||||
exec ranger-agent-engine \
|
||||
--config-file /etc/ranger-agent/ranger-agent.conf
|
||||
}
|
||||
|
||||
function stop() {
|
||||
|
||||
kill -TERM 1
|
||||
|
||||
}
|
||||
|
||||
$COMMAND
|
||||
|
|
@ -0,0 +1,80 @@
|
|||
#!/bin/bash
|
||||
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
set -ex
|
||||
|
||||
# Come up with a ranger agent payload
|
||||
url="${RANGER_SERVICE_URL}"
|
||||
UUID=$(python -c 'import uuid; print uuid.uuid1()')
|
||||
|
||||
PAYLOAD="{\"ord-notifier\":{
|
||||
\"request-id\":\"$UUID\",
|
||||
\"resource-id\":\"$UUID\",
|
||||
\"resource-type\":\"flavor\",
|
||||
\"resource-template-version\":\"1\",
|
||||
\"resource-template-name\":\"sanity-test.yaml\",
|
||||
\"resource-template-type\":\"hot\",
|
||||
\"operation\":\"create\",
|
||||
\"region\":\"RegionOne\"
|
||||
}
|
||||
}"
|
||||
|
||||
function assertContains()
|
||||
{
|
||||
expected=$1
|
||||
msg=$2
|
||||
|
||||
if echo "$msg" | grep -q "$expected"; then
|
||||
echo "***TEST IS PASSED: EXPECTED=$expected is in Responce"
|
||||
else
|
||||
echo "***FAILED: EXPECTED=$expected in Responce"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
request_submit_response="$(curl -i -X POST -d "${PAYLOAD}" $url --header "Content-type:application/json")"
|
||||
expected_on_request="Submitted"
|
||||
|
||||
assertContains "${expected_on_request}" "${request_submit_response}"
|
||||
|
||||
# Ranger agent support pull or push both model.
|
||||
# once request submitted openstack take some time to synchronize.
|
||||
# we are pulling status for testing purpose by sleeping thread for 15 sec
|
||||
sleep 15
|
||||
|
||||
expected_on_execution="Success"
|
||||
resource_status_from_engine="$(curl -s "$url?Id=$UUID")"
|
||||
assertContains "${expected_on_execution}" "$resource_status_from_engine"
|
||||
|
||||
# Delete Resource
|
||||
|
||||
DELETE_REQ_UUID=$(python -c 'import uuid; print uuid.uuid1()')
|
||||
|
||||
DELETE_PAYLOAD="{\"ord-notifier\":{
|
||||
\"request-id\":\"$DELETE_REQ_UUID\",
|
||||
\"resource-id\":\"$DELETE_REQ_UUID\",
|
||||
\"resource-type\":\"flavor\",
|
||||
\"resource-template-version\":\"1\",
|
||||
\"resource-template-name\":\"sanity-test.yaml\",
|
||||
\"resource-template-type\":\"hot\",
|
||||
\"operation\":\"delete\",
|
||||
\"region\":\"RegionOne\"
|
||||
}
|
||||
}"
|
||||
|
||||
curl -i -X POST -d "${DELETE_PAYLOAD}" $url --header "Content-type:application/json"
|
|
@ -0,0 +1,47 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.configmap_bin }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: ranger-agent-bin
|
||||
data:
|
||||
db-init.py: |+
|
||||
{{- include "helm-toolkit.scripts.db_init" . | indent 4 }}
|
||||
db-sync.sh: |+
|
||||
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
db-drop.py: |+
|
||||
{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }}
|
||||
ks-service.sh: |+
|
||||
{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }}
|
||||
ks-endpoints.sh: |+
|
||||
{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
|
||||
ks-user.sh: |+
|
||||
{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
|
||||
ranger-agent-api.sh: |
|
||||
{{ tuple "bin/_ranger-agent-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
ranger-agent-engine.sh: |
|
||||
{{ tuple "bin/_ranger-agent-engine.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
health-check.sh: |+
|
||||
{{ tuple "bin/_health-check.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
ranger-agent-test.sh: |+
|
||||
{{ tuple "bin/_ranger-agent-test.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
rabbit-init.sh: |
|
||||
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
|
||||
{{- end }}
|
|
@ -0,0 +1,67 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.configmap_etc }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- if empty .Values.conf.ranger_agent.database.connection -}}
|
||||
{{- tuple "oslo_db" "internal" "ranger_agent" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ranger_agent.database "connection" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger_agent.DEFAULT.transport_url -}}
|
||||
{{- tuple "oslo_messaging" "internal" "ranger-agent" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ranger_agent.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger_agent.orm.rds_listener_endpoint -}}
|
||||
{{- tuple "ranger_rds" "public" "rds" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ranger_agent.orm "rds_listener_endpoint" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger_agent.DEFAULT.ord_server_url -}}
|
||||
{{- tuple "ranger_agent" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix .Values.endpoints.ranger_agent.path.default | set .Values.conf.ranger_agent.DEFAULT "ord_server_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.username -}}
|
||||
{{- set .Values.conf.ranger_agent.keystone_authtoken "username" .Values.endpoints.identity.auth.ranger_agent.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.password -}}
|
||||
{{- set .Values.conf.ranger_agent.keystone_authtoken "password" .Values.endpoints.identity.auth.ranger_agent.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.project_name -}}
|
||||
{{- set .Values.conf.ranger_agent.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ranger_agent.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.auth_url -}}
|
||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ranger_agent.keystone_authtoken "auth_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger_agent.DEFAULT.region -}}
|
||||
{{- set .Values.conf.ranger_agent.DEFAULT "region" .Values.endpoints.identity.auth.ranger_agent.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger_agent.api.port -}}
|
||||
{{- tuple "ranger-agent" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger_agent.api "port" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.project_domain_name -}}
|
||||
{{- set .Values.conf.ranger_agent.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.ranger_agent.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger_agent.keystone_authtoken.user_domain_name -}}
|
||||
{{- set .Values.conf.ranger_agent.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.ranger_agent.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: ranger-agent-etc
|
||||
data:
|
||||
api-paste.ini: |
|
||||
{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }}
|
||||
ranger-agent.conf: |
|
||||
{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ranger_agent | indent 4 }}
|
||||
{{- end }}
|
|
@ -0,0 +1,109 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.deployment_ranger_agent_api }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.api }}
|
||||
{{- $mounts_ranger_agent_api := .Values.pod.mounts.ranger_agent_api.ranger_agent_api }}
|
||||
{{- $mounts_ranger_agent_api_init := .Values.pod.mounts.ranger_agent_api.init_container }}
|
||||
|
||||
|
||||
{{- $serviceAccountName := "ranger-agent-api" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: ranger-agent-api
|
||||
spec:
|
||||
replicas: {{ .Values.pod.replicas.api }}
|
||||
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ tuple $envAll "ranger-agent" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
annotations:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
hostNetwork: true
|
||||
affinity:
|
||||
{{ tuple $envAll "ranger-agent" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
{{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }}
|
||||
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.ranger_agent_api.timeout | default "30" }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies $mounts_ranger_agent_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: ranger-agent-api
|
||||
image: {{ .Values.images.tags.ranger_agent }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
runAsUser: {{ .Values.pod.user.ranger_agent.uid }}
|
||||
command:
|
||||
- /tmp/ranger-agent-api.sh
|
||||
- start
|
||||
lifecycle:
|
||||
preStop:
|
||||
exec:
|
||||
command:
|
||||
- /tmp/ranger-agent-api.sh
|
||||
- stop
|
||||
ports:
|
||||
- name: ranger-api
|
||||
containerPort: {{ tuple "ranger-agent" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: {{ tuple "ranger-agent" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /tmp/health-check.sh
|
||||
- apireadiness
|
||||
initialDelaySeconds: 30
|
||||
timeoutSeconds: 5
|
||||
volumeMounts:
|
||||
- name: ranger-agent-bin
|
||||
mountPath: /tmp/ranger-agent-api.sh
|
||||
subPath: ranger-agent-api.sh
|
||||
readOnly: true
|
||||
- name: ranger-agent-bin
|
||||
mountPath: /tmp/health-check.sh
|
||||
subPath: health-check.sh
|
||||
readOnly: true
|
||||
- name: ranger-agent-etc
|
||||
mountPath: /etc/ranger-agent/ranger-agent.conf
|
||||
subPath: ranger-agent.conf
|
||||
readOnly: true
|
||||
- name: ranger-agent-etc
|
||||
mountPath: /etc/ranger-agent/api-paste.ini
|
||||
subPath: api-paste.ini
|
||||
readOnly: true
|
||||
{{ if $mounts_ranger_agent_api.volumeMounts }}{{ toYaml $mounts_ranger_agent_api.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: ranger-agent-bin
|
||||
configMap:
|
||||
name: ranger-agent-bin
|
||||
defaultMode: 0555
|
||||
- name: ranger-agent-etc
|
||||
configMap:
|
||||
name: ranger-agent-etc
|
||||
defaultMode: 0444
|
||||
{{ if $mounts_ranger_agent_api.volumes}}{{ toYaml $mounts_ranger_agent_api.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,135 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
{{- if .Values.manifests.deployment_ranger_agent_engine }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.engine }}
|
||||
{{- $mounts_ranger_agent_engine := .Values.pod.mounts.ranger_agent_engine.ranger_agent_engine }}
|
||||
{{- $mounts_ranger_agent_engine_init := .Values.pod.mounts.ranger_agent_engine.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "ranger-agent-engine" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: ranger-agent-engine
|
||||
spec:
|
||||
replicas: {{ .Values.pod.replicas.engine }}
|
||||
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ tuple $envAll "ranger-agent" "engine" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
annotations:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
hostNetwork: true
|
||||
affinity:
|
||||
{{ tuple $envAll "ranger-agent" "engine" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
{{ .Values.labels.engine.node_selector_key }}: {{ .Values.labels.engine.node_selector_value }}
|
||||
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.ranger_agent_engine.timeout | default "30" }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies $mounts_ranger_agent_engine_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: ranger-agent-engine
|
||||
image: {{ .Values.images.tags.ranger_agent }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
runAsUser: {{ .Values.pod.user.ranger_agent.uid }}
|
||||
env:
|
||||
- name: USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ranger-agent-ssh-secret
|
||||
key: USER
|
||||
- name: USER_HOME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ranger-agent-ssh-secret
|
||||
key: USER_HOME
|
||||
- name: SSH_KEY_FILE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ranger-agent-ssh-secret
|
||||
key: SSH_KEY_FILE
|
||||
- name: SSH_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ranger-agent-ssh-secret
|
||||
key: RANGER_AGENT_PRIVATE_KEY
|
||||
- name: SSH_KEY_CONFIGURATION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ranger-agent-ssh-secret
|
||||
key: RANGER_AGENT_SSH_CONFIG
|
||||
command:
|
||||
- /tmp/ranger-agent-engine.sh
|
||||
- start
|
||||
lifecycle:
|
||||
preStop:
|
||||
exec:
|
||||
command:
|
||||
- /tmp/ranger-agent-engine.sh
|
||||
- stop
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /tmp/health-check.sh
|
||||
- engineliveness
|
||||
initialDelaySeconds: 30
|
||||
timeoutSeconds: 5
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /tmp/health-check.sh
|
||||
- enginereadiness
|
||||
initialDelaySeconds: 30
|
||||
timeoutSeconds: 5
|
||||
volumeMounts:
|
||||
- name: ranger-agent-bin
|
||||
mountPath: /tmp/ranger-agent-engine.sh
|
||||
subPath: ranger-agent-engine.sh
|
||||
readOnly: true
|
||||
- name: ranger-agent-bin
|
||||
mountPath: /tmp/health-check.sh
|
||||
subPath: health-check.sh
|
||||
readOnly: true
|
||||
- name: ranger-agent-etc
|
||||
mountPath: /etc/ranger-agent/ranger-agent.conf
|
||||
subPath: ranger-agent.conf
|
||||
readOnly: true
|
||||
- name: ranger-agent-etc
|
||||
mountPath: /etc/ranger-agent/api-paste.ini
|
||||
subPath: api-paste.ini
|
||||
readOnly: true
|
||||
{{ if $mounts_ranger_agent_engine.volumeMounts }}{{ toYaml $mounts_ranger_agent_engine.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: ranger-agent-bin
|
||||
configMap:
|
||||
name: ranger-agent-bin
|
||||
defaultMode: 0555
|
||||
- name: ranger-agent-etc
|
||||
configMap:
|
||||
name: ranger-agent-etc
|
||||
defaultMode: 0444
|
||||
{{ if $mounts_ranger_agent_engine.volumes}}{{ toYaml $mounts_ranger_agent_engine.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,20 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.manifests.ingress_ranger_agent_api .Values.network.api.ingress.public }}
|
||||
{{- $ingressOpts := dict "envAll" . "backendServiceType" "ranger-agent" "backendPort" "ranger-api" -}}
|
||||
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
|
||||
{{- end }}
|
|
@ -0,0 +1,20 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.job_db_drop }}
|
||||
{{- $dbInitJob := dict "envAll" . "serviceName" "ranger-agent" -}}
|
||||
{{ $dbInitJob | include "helm-toolkit.manifests.job_db_drop_mysql" }}
|
||||
{{- end }}
|
|
@ -0,0 +1,20 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.job_db_init }}
|
||||
{{- $dbInitJob := dict "envAll" . "serviceName" "ranger-agent" -}}
|
||||
{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }}
|
||||
{{- end }}
|
|
@ -0,0 +1,20 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.job_db_sync }}
|
||||
{{- $dbSyncJob := dict "envAll" . "serviceName" "ranger-agent" -}}
|
||||
{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }}
|
||||
{{- end }}
|
|
@ -0,0 +1,20 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.job_ks_endpoints }}
|
||||
{{- $ksServiceJob := dict "envAll" . "serviceName" "ranger-agent" "serviceTypes" ( tuple "ranger-agent" ) -}}
|
||||
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }}
|
||||
{{- end }}
|
|
@ -0,0 +1,21 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.job_ks_service }}
|
||||
{{- $ksServiceJob := dict "envAll" . "serviceName" "ranger-agent" "serviceTypes" ( tuple "ranger-agent" ) -}}
|
||||
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.job_ks_user }}
|
||||
{{- $ksUserJob := dict "envAll" . "serviceName" "ranger-agent" "serviceUser" "ranger_agent" -}}
|
||||
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
|
||||
{{- end }}
|
|
@ -0,0 +1,20 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
{{- if .Values.manifests.job_rabbit_init }}
|
||||
{{- $rmqUserJob := dict "envAll" . "serviceName" "ranger-agent" -}}
|
||||
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.pdb_api }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: ranger-agent-api
|
||||
spec:
|
||||
minAvailable: {{ .Values.pod.lifecycle.disruption_budget.ranger_agent_api.min_available }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{ tuple $envAll "ranger-agent" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
|
||||
{{- end }}
|
|
@ -0,0 +1,60 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.pod_test }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.static.tests }}
|
||||
|
||||
{{- $mounts_tests := .Values.pod.mounts.ranger_agent_tests.ranger_agent_tests }}
|
||||
{{- $mounts_tests_init := .Values.pod.mounts.ranger_agent_tests.init_container }}
|
||||
|
||||
{{- $serviceAccountName := print $envAll.Release.Name "-test" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: "{{$envAll.Release.Name}}-test"
|
||||
annotations:
|
||||
"helm.sh/hook": test-success
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
nodeSelector:
|
||||
{{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
|
||||
restartPolicy: Never
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
|
||||
containers:
|
||||
- name: {{.Release.Name}}-test
|
||||
image: {{ .Values.images.tags.scripted_test }}
|
||||
env:
|
||||
- name: RANGER_SERVICE_URL
|
||||
value: {{ tuple "ranger_agent" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
|
||||
command:
|
||||
- /tmp/ranger-agent-test.sh
|
||||
volumeMounts:
|
||||
- name: ranger-agent-bin
|
||||
mountPath: /tmp/ranger-agent-test.sh
|
||||
subPath: ranger-agent-test.sh
|
||||
readOnly: true
|
||||
{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }}
|
||||
volumes:
|
||||
- name: ranger-agent-bin
|
||||
configMap:
|
||||
name: ranger-agent-bin
|
||||
defaultMode: 0555
|
||||
{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,30 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.secret_db }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "ranger_agent" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,30 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.secret_keystone }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "ranger_agent" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,31 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.secret_rabbitmq }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "ranger-agent" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.secret_ssh_key }}
|
||||
{{- $envAll := . }}
|
||||
{{- $key_location := .Values.conf.ssh.key_location }}
|
||||
{{- $secretName := "ranger-agent-ssh-secret" }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
USER: {{ .Values.conf.ssh.user | b64enc }}
|
||||
USER_HOME: {{ .Values.conf.ssh.user_home | b64enc }}
|
||||
SSH_KEY_FILE: {{ .Values.conf.ssh.ssh_key_file | b64enc }}
|
||||
RANGER_AGENT_PRIVATE_KEY: {{ .Files.Get .Values.conf.ssh.ssh_key_file_location | b64enc }}
|
||||
RANGER_AGENT_SSH_CONFIG: {{ .Files.Get .Values.conf.ssh.ssh_config_file_location | b64enc }}
|
||||
{{- end }}
|
|
@ -0,0 +1,20 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.manifests.service_ingress_ranger_agent_api .Values.network.api.ingress.public }}
|
||||
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "ranger-agent" -}}
|
||||
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
|
||||
{{- end }}
|
|
@ -0,0 +1,39 @@
|
|||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.service_ranger_agent_api }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ tuple "ranger-agent" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||
spec:
|
||||
ports:
|
||||
- name: ranger-api
|
||||
port: {{ tuple "ranger-agent" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
{{- if .Values.network.api.node_port.enabled }}
|
||||
nodePort: {{ .Values.network.api.node_port.port }}
|
||||
{{ end }}
|
||||
selector:
|
||||
{{ tuple $envAll "ranger-agent" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||
{{ if .Values.network.api.node_port.enabled }}
|
||||
type: NodePort
|
||||
{{- if .Values.network.api.external_policy_local }}
|
||||
externalTrafficPolicy: Local
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,452 @@
|
|||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# Default values for ranger-agent.
|
||||
# This is a YAML-formatted file.
|
||||
# Declare name/value pairs to be passed into your templates.
|
||||
# name: value
|
||||
|
||||
release_group: null
|
||||
|
||||
labels:
|
||||
api:
|
||||
node_selector_key: openstack-control-plane
|
||||
node_selector_value: enabled
|
||||
engine:
|
||||
node_selector_key: openstack-control-plane
|
||||
node_selector_value: enabled
|
||||
job:
|
||||
node_selector_key: openstack-control-plane
|
||||
node_selector_value: enabled
|
||||
test:
|
||||
node_selector_key: openstack-control-plane
|
||||
node_selector_value: enabled
|
||||
|
||||
images:
|
||||
tags:
|
||||
ranger_agent: quay.io/attcomdev/ranger-agent:5d29fd462bb85cf6c1b0acb25bfb898944e62b1a
|
||||
ranger-agent_db_sync: quay.io/attcomdev/ranger-agent:5d29fd462bb85cf6c1b0acb25bfb898944e62b1a
|
||||
db_drop: docker.io/openstackhelm/heat:newton
|
||||
db_init: docker.io/openstackhelm/heat:newton
|
||||
ks_user: docker.io/openstackhelm/heat:newton
|
||||
ks_service: docker.io/openstackhelm/heat:newton
|
||||
rabbit_init: docker.io/rabbitmq:3.7-management
|
||||
ks_endpoints: docker.io/openstackhelm/heat:newton
|
||||
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
|
||||
scripted_test: docker.io/openstackhelm/heat:newton
|
||||
pull_policy: "IfNotPresent"
|
||||
|
||||
conf:
|
||||
paste:
|
||||
pipeline:main:
|
||||
pipeline: request_id api-server
|
||||
app:api-server:
|
||||
paste.app_factory: ord.api.app:app_factory
|
||||
filter:authtoken:
|
||||
paste.filter_factory: keystonemiddleware.auth_token:filter_factory
|
||||
filter:request_id:
|
||||
paste.filter_factory: oslo_middleware:RequestId.factory
|
||||
ranger_agent:
|
||||
DEFAULT:
|
||||
api_workers: 1
|
||||
debug: False
|
||||
verbose: True
|
||||
pecan_debug: True
|
||||
repo_connection_timeout: 120
|
||||
resource_creation_timeout_min: 1200
|
||||
resource_creation_timeout_max: 14400
|
||||
log_dir: /var/log/ranger-agent
|
||||
api_paste_config: /etc/ranger-agent/api-paste.ini
|
||||
local_repo: ranger_repo
|
||||
resource_status_check_wait: 15
|
||||
api:
|
||||
host: 0.0.0.0
|
||||
database:
|
||||
max_retries: -1
|
||||
oslo_messaging_notifications:
|
||||
driver: messagingv2
|
||||
orm:
|
||||
orm_template_repo_url: git@github.com:ranger-agent/templates.git
|
||||
repo_pull_check_wait: 2
|
||||
retry_limits: 5
|
||||
keystone_authtoken:
|
||||
auth_type: password
|
||||
auth_version: v3
|
||||
ssh:
|
||||
user: ranger_agent
|
||||
user_home: /home/ranger_agent
|
||||
ssh_key_file: ranger_agent
|
||||
ssh_key_file_location: cert/ranger_agent
|
||||
ssh_config_file_location: cert/config
|
||||
|
||||
network:
|
||||
api:
|
||||
ingress:
|
||||
public: true
|
||||
classes:
|
||||
namespace: "nginx"
|
||||
cluster: "nginx-cluster"
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||
external_policy_local: false
|
||||
node_port:
|
||||
enabled: false
|
||||
port: 30010
|
||||
|
||||
dependencies:
|
||||
static:
|
||||
api:
|
||||
jobs:
|
||||
- ranger-agent-db-sync
|
||||
- ranger-agent-ks-user
|
||||
- ranger-agent-ks-endpoints
|
||||
- ranger-agent-rabbit-init
|
||||
services:
|
||||
- service: oslo_db
|
||||
endpoint: internal
|
||||
engine:
|
||||
jobs:
|
||||
- ranger-agent-db-sync
|
||||
- ranger-agent-ks-user
|
||||
- ranger-agent-rabbit-init
|
||||
services:
|
||||
- service: oslo_db
|
||||
endpoint: internal
|
||||
- service: identity
|
||||
endpoint: internal
|
||||
- service: orchestration
|
||||
endpoint: internal
|
||||
- service: image
|
||||
endpoint: internal
|
||||
db_init:
|
||||
services:
|
||||
- service: oslo_db
|
||||
endpoint: internal
|
||||
db_sync:
|
||||
jobs:
|
||||
- ranger-agent-db-init
|
||||
services:
|
||||
- service: oslo_db
|
||||
endpoint: internal
|
||||
db_drop:
|
||||
services:
|
||||
- service: oslo_db
|
||||
endpoint: internal
|
||||
ks_user:
|
||||
services:
|
||||
- service: identity
|
||||
endpoint: internal
|
||||
ks_service:
|
||||
services:
|
||||
- service: identity
|
||||
endpoint: internal
|
||||
ks_endpoints:
|
||||
jobs:
|
||||
- ranger-agent-ks-service
|
||||
services:
|
||||
- service: identity
|
||||
endpoint: internal
|
||||
rabbit_init:
|
||||
services:
|
||||
- service: oslo_messaging
|
||||
endpoint: internal
|
||||
|
||||
# Names of secrets used and environmental checks
|
||||
secrets:
|
||||
identity:
|
||||
admin: admin
|
||||
ranger_agent: ranger-agent-admin
|
||||
oslo_db:
|
||||
admin: ranger-agent-db-admin
|
||||
ranger_agent: ranger-agent-db-user
|
||||
oslo_messaging:
|
||||
admin: ranger-agent-rabbitmq-admin
|
||||
ranger-agent: ranger-agent-rabbitmq-user
|
||||
|
||||
# typically overriden by environmental
|
||||
# values, but should include all endpoints
|
||||
# required by this chart
|
||||
endpoints:
|
||||
cluster_domain_suffix: cluster.local
|
||||
oslo_db:
|
||||
auth:
|
||||
admin:
|
||||
username: root
|
||||
password: password
|
||||
ranger_agent:
|
||||
username: ranger-agent
|
||||
password: password
|
||||
hosts:
|
||||
default: mariadb
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path: /ord
|
||||
scheme: mysql+pymysql
|
||||
port:
|
||||
mysql:
|
||||
default: 3306
|
||||
oslo_cache:
|
||||
hosts:
|
||||
default: memcached
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
port:
|
||||
memcache:
|
||||
default: 11211
|
||||
oslo_messaging:
|
||||
auth:
|
||||
admin:
|
||||
username: rabbitmq
|
||||
password: password
|
||||
ranger-agent:
|
||||
username: ranger-agent
|
||||
password: password
|
||||
hosts:
|
||||
default: rabbitmq
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path: /
|
||||
scheme: rabbit
|
||||
port:
|
||||
amqp:
|
||||
default: 5672
|
||||
http:
|
||||
default: 15672
|
||||
ranger_rds:
|
||||
name: rds-url
|
||||
hosts:
|
||||
default:
|
||||
host_fqdn_override:
|
||||
default: internal.ranger.com
|
||||
path:
|
||||
default: /v1/rds/status
|
||||
scheme:
|
||||
default: http
|
||||
port:
|
||||
rds:
|
||||
default: 8777
|
||||
identity:
|
||||
name: keystone
|
||||
auth:
|
||||
admin:
|
||||
region_name: RegionOne
|
||||
username: admin
|
||||
password: password
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
ranger_agent:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: ranger-agent-admin
|
||||
password: password
|
||||
project_name: service
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
hosts:
|
||||
default: keystone-api
|
||||
public: keystone
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path:
|
||||
default: /v3
|
||||
scheme:
|
||||
default: http
|
||||
port:
|
||||
admin:
|
||||
default: 35357
|
||||
api:
|
||||
default: 80
|
||||
image:
|
||||
name: glance
|
||||
hosts:
|
||||
default: glance-api
|
||||
public: glance
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path:
|
||||
default: null
|
||||
scheme:
|
||||
default: http
|
||||
port:
|
||||
api:
|
||||
default: 9292
|
||||
public: 80
|
||||
orchestration:
|
||||
name: heat
|
||||
hosts:
|
||||
default: heat-api
|
||||
public: heat
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path:
|
||||
default: '/v1/%(project_id)s'
|
||||
scheme:
|
||||
default: 'http'
|
||||
port:
|
||||
api:
|
||||
default: 8004
|
||||
public: 80
|
||||
ranger_agent:
|
||||
name: ranger-agent
|
||||
hosts:
|
||||
default: ranger-api
|
||||
public: ranger-agent
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path:
|
||||
default: "/v1/ord/ord_notifier/"
|
||||
scheme:
|
||||
default: 'http'
|
||||
port:
|
||||
api:
|
||||
default: 9010
|
||||
public: 80
|
||||
|
||||
pod:
|
||||
user:
|
||||
ranger_agent:
|
||||
uid: 1000
|
||||
affinity:
|
||||
anti:
|
||||
type:
|
||||
default: preferredDuringSchedulingIgnoredDuringExecution
|
||||
topologyKey:
|
||||
default: kubernetes.io/hostname
|
||||
mounts:
|
||||
ranger_agent_api:
|
||||
init_container: null
|
||||
ranger_agent_api:
|
||||
ranger_agent_engine:
|
||||
init_container: null
|
||||
ranger_agent_engine:
|
||||
ranger_agent_tests:
|
||||
init_container: null
|
||||
ranger_agent_tests:
|
||||
replicas:
|
||||
api: 1
|
||||
engine: 1
|
||||
lifecycle:
|
||||
upgrades:
|
||||
deployments:
|
||||
revision_history: 3
|
||||
pod_replacement_strategy: RollingUpdate
|
||||
rolling_update:
|
||||
max_unavailable: 1
|
||||
max_surge: 3
|
||||
disruption_budget:
|
||||
ranger_agent_api:
|
||||
min_available: 0
|
||||
ranger_agent_engine:
|
||||
min_available: 0
|
||||
termination_grace_period:
|
||||
ranger_agent_api:
|
||||
timeout: 30
|
||||
ranger_agent_engine:
|
||||
timeout: 30
|
||||
resources:
|
||||
enabled: false
|
||||
ranger_agent_api:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
ranger_agent_engine:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
jobs:
|
||||
db_init:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
db_sync:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
db_drop:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
ks_endpoints:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
ks_service:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
ks_user:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
rabbit_init:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
tests:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
|
||||
manifests:
|
||||
configmap_bin: true
|
||||
configmap_etc: true
|
||||
deployment_ranger_agent_api: true
|
||||
deployment_ranger_agent_engine: true
|
||||
ingress_ranger_agent_api: true
|
||||
secret_db: true
|
||||
secret_keystone: true
|
||||
secret_ssh_key: true
|
||||
secret_rabbitmq: true
|
||||
job_db_init: true
|
||||
job_db_sync: true
|
||||
job_db_drop: false
|
||||
job_ks_endpoints: true
|
||||
job_ks_service: true
|
||||
job_ks_user: true
|
||||
job_rabbit_init: true
|
||||
pdb_api: true
|
||||
pod_test: true
|
||||
service_ingress_ranger_agent_api: true
|
||||
service_ranger_agent_api: true
|
Loading…
Reference in New Issue