From bdac1be107c06e59babe1667076a1cb9a9854a73 Mon Sep 17 00:00:00 2001 From: hosingh000 Date: Mon, 21 May 2018 08:34:30 -0500 Subject: [PATCH] Implement: ranger helm charts and supporting change for agent This is an effort to implement helm charts for ranger component Included integration changes needed in ranger-agent Signed-off-by: Hari Om Singh Change-Id: I27911d134882365a29b7ffcf1f7ab2e38cf717be --- ranger-agent/templates/configmap-etc.yaml | 34 +- .../deployment-ranger-agent-api.yaml | 8 +- .../deployment-ranger-agent-engine.yaml | 8 +- .../templates/job-ks-user-ranger.yaml | 20 + .../templates/secret-ingress-tls.yaml | 19 + ranger-agent/templates/secret-keystone.yaml | 2 +- ranger-agent/values.yaml | 63 ++- ranger/Chart.yaml | 22 + ranger/requirements.yaml | 18 + ranger/templates/bin/_db-sync.sh.tpl | 21 + ranger/templates/bin/_health-check.sh.tpl | 44 ++ ranger/templates/bin/_ranger-services.sh.tpl | 65 +++ ranger/templates/bin/_ranger-test.sh.tpl | 19 + ranger/templates/configmap-bin.yaml | 39 ++ ranger/templates/configmap-etc.yaml | 70 +++ .../templates/deployment-ranger-services.yaml | 167 ++++++ ranger/templates/ingress-ranger.yaml | 51 ++ ranger/templates/job-db-drop.yaml | 20 + ranger/templates/job-db-init.yaml | 20 + ranger/templates/job-db-sync.yaml | 20 + ranger/templates/job-image-repo-sync.yaml | 20 + ranger/templates/pdb-api.yaml | 29 + ranger/templates/pod-test.yaml | 59 ++ ranger/templates/secret-db.yaml | 30 + ranger/templates/secret-ingress-tls.yaml | 23 + ranger/templates/secret-ssh-key.yaml | 34 ++ ranger/templates/service-ingress-cms.yaml | 20 + ranger/templates/service-ingress-fms.yaml | 20 + ranger/templates/service-ingress-ims.yaml | 20 + ranger/templates/service-ingress-rds.yaml | 21 + ranger/templates/service-ingress-rms.yaml | 20 + ranger/templates/service-ranger.yaml | 180 ++++++ ranger/values.yaml | 516 ++++++++++++++++++ 33 files changed, 1690 insertions(+), 32 deletions(-) create mode 100755 ranger-agent/templates/job-ks-user-ranger.yaml create mode 100755 ranger-agent/templates/secret-ingress-tls.yaml create mode 100755 ranger/Chart.yaml create mode 100755 ranger/requirements.yaml create mode 100755 ranger/templates/bin/_db-sync.sh.tpl create mode 100755 ranger/templates/bin/_health-check.sh.tpl create mode 100755 ranger/templates/bin/_ranger-services.sh.tpl create mode 100755 ranger/templates/bin/_ranger-test.sh.tpl create mode 100755 ranger/templates/configmap-bin.yaml create mode 100755 ranger/templates/configmap-etc.yaml create mode 100755 ranger/templates/deployment-ranger-services.yaml create mode 100755 ranger/templates/ingress-ranger.yaml create mode 100755 ranger/templates/job-db-drop.yaml create mode 100755 ranger/templates/job-db-init.yaml create mode 100755 ranger/templates/job-db-sync.yaml create mode 100755 ranger/templates/job-image-repo-sync.yaml create mode 100755 ranger/templates/pdb-api.yaml create mode 100755 ranger/templates/pod-test.yaml create mode 100755 ranger/templates/secret-db.yaml create mode 100755 ranger/templates/secret-ingress-tls.yaml create mode 100755 ranger/templates/secret-ssh-key.yaml create mode 100755 ranger/templates/service-ingress-cms.yaml create mode 100755 ranger/templates/service-ingress-fms.yaml create mode 100755 ranger/templates/service-ingress-ims.yaml create mode 100755 ranger/templates/service-ingress-rds.yaml create mode 100755 ranger/templates/service-ingress-rms.yaml create mode 100755 ranger/templates/service-ranger.yaml create mode 100755 ranger/values.yaml diff --git a/ranger-agent/templates/configmap-etc.yaml b/ranger-agent/templates/configmap-etc.yaml index b1697aac..af16f03f 100644 --- a/ranger-agent/templates/configmap-etc.yaml +++ b/ranger-agent/templates/configmap-etc.yaml @@ -18,50 +18,48 @@ limitations under the License. {{- $envAll := . }} {{- if empty .Values.conf.ranger_agent.database.connection -}} -{{- tuple "oslo_db" "internal" "ranger_agent" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ranger_agent.database "connection" | quote | trunc 0 -}} +{{- $_ := tuple "oslo_db" "internal" "ranger_agent" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ranger_agent.database "connection" -}} {{- end -}} {{- if empty .Values.conf.ranger_agent.DEFAULT.transport_url -}} -{{- tuple "oslo_messaging" "internal" "ranger-agent" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ranger_agent.DEFAULT "transport_url" | quote | trunc 0 -}} +{{- $_ := tuple "oslo_messaging" "internal" "ranger-agent" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ranger_agent.DEFAULT "transport_url" -}} {{- end -}} {{- if empty .Values.conf.ranger_agent.orm.rds_listener_endpoint -}} -{{- tuple "ranger_rds" "public" "rds" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ranger_agent.orm "rds_listener_endpoint" | quote | trunc 0 -}} +{{- $_ := tuple "ranger_rds" "public" "rds" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ranger_agent.orm "rds_listener_endpoint" -}} {{- end -}} {{- if empty .Values.conf.ranger_agent.DEFAULT.ord_server_url -}} -{{- tuple "ranger_agent" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix .Values.endpoints.ranger_agent.path.default | set .Values.conf.ranger_agent.DEFAULT "ord_server_url" | quote | trunc 0 -}} +{{- $_ := tuple "ranger_agent" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix .Values.endpoints.ranger_agent.path.default | set .Values.conf.ranger_agent.DEFAULT "ord_server_url" -}} {{- end -}} {{- if empty .Values.conf.ranger_agent.keystone_authtoken.username -}} -{{- set .Values.conf.ranger_agent.keystone_authtoken "username" .Values.endpoints.identity.auth.ranger_agent.username | quote | trunc 0 -}} +{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "username" .Values.endpoints.identity.auth.ranger_agent.username -}} {{- end -}} {{- if empty .Values.conf.ranger_agent.keystone_authtoken.password -}} -{{- set .Values.conf.ranger_agent.keystone_authtoken "password" .Values.endpoints.identity.auth.ranger_agent.password | quote | trunc 0 -}} +{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "password" .Values.endpoints.identity.auth.ranger_agent.password -}} {{- end -}} {{- if empty .Values.conf.ranger_agent.keystone_authtoken.project_name -}} -{{- set .Values.conf.ranger_agent.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ranger_agent.project_name | quote | trunc 0 -}} +{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ranger_agent.project_name -}} {{- end -}} {{- if empty .Values.conf.ranger_agent.keystone_authtoken.auth_url -}} -{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ranger_agent.keystone_authtoken "auth_url" | quote | trunc 0 -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ranger_agent.keystone_authtoken "auth_url" -}} {{- end -}} {{- if empty .Values.conf.ranger_agent.DEFAULT.region -}} -{{- set .Values.conf.ranger_agent.DEFAULT "region" .Values.endpoints.identity.auth.ranger_agent.region_name | quote | trunc 0 -}} +{{- $_ := set .Values.conf.ranger_agent.DEFAULT "region" .Values.endpoints.identity.auth.ranger_agent.region_name -}} {{- end -}} {{- if empty .Values.conf.ranger_agent.api.port -}} -{{- tuple "ranger-agent" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger_agent.api "port" | quote | trunc 0 -}} +{{- $_ := tuple "ranger-agent" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger_agent.api "port" -}} {{- end -}} {{- if empty .Values.conf.ranger_agent.keystone_authtoken.project_domain_name -}} -{{- set .Values.conf.ranger_agent.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.ranger_agent.project_domain_name | quote | trunc 0 -}} +{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.ranger_agent.project_domain_name -}} {{- end -}} {{- if empty .Values.conf.ranger_agent.keystone_authtoken.user_domain_name -}} -{{- set .Values.conf.ranger_agent.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.ranger_agent.user_domain_name | quote | trunc 0 -}} +{{- $_ := set .Values.conf.ranger_agent.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.ranger_agent.user_domain_name -}} {{- end -}} - --- apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: name: ranger-agent-etc +type: Opaque data: - api-paste.ini: | -{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }} - ranger-agent.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ranger_agent | indent 4 }} + api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} + ranger-agent.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ranger_agent | b64enc }} {{- end }} diff --git a/ranger-agent/templates/deployment-ranger-agent-api.yaml b/ranger-agent/templates/deployment-ranger-agent-api.yaml index 423b1373..1d2f7e36 100755 --- a/ranger-agent/templates/deployment-ranger-agent-api.yaml +++ b/ranger-agent/templates/deployment-ranger-agent-api.yaml @@ -79,6 +79,8 @@ spec: initialDelaySeconds: 30 timeoutSeconds: 5 volumeMounts: + - name: pod-etc-ranger-agent + mountPath: /etc/ranger-agent - name: ranger-agent-bin mountPath: /tmp/ranger-agent-api.sh subPath: ranger-agent-api.sh @@ -97,13 +99,15 @@ spec: readOnly: true {{ if $mounts_ranger_agent_api.volumeMounts }}{{ toYaml $mounts_ranger_agent_api.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-etc-ranger-agent + emptyDir: {} - name: ranger-agent-bin configMap: name: ranger-agent-bin defaultMode: 0555 - name: ranger-agent-etc - configMap: - name: ranger-agent-etc + secret: + secretName: ranger-agent-etc defaultMode: 0444 {{ if $mounts_ranger_agent_api.volumes}}{{ toYaml $mounts_ranger_agent_api.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/ranger-agent/templates/deployment-ranger-agent-engine.yaml b/ranger-agent/templates/deployment-ranger-agent-engine.yaml index c91ebae0..79bd5379 100755 --- a/ranger-agent/templates/deployment-ranger-agent-engine.yaml +++ b/ranger-agent/templates/deployment-ranger-agent-engine.yaml @@ -104,6 +104,8 @@ spec: initialDelaySeconds: 30 timeoutSeconds: 5 volumeMounts: + - name: pod-etc-ranger-agent + mountPath: /etc/ranger-agent - name: ranger-agent-bin mountPath: /tmp/ranger-agent-engine.sh subPath: ranger-agent-engine.sh @@ -122,13 +124,15 @@ spec: readOnly: true {{ if $mounts_ranger_agent_engine.volumeMounts }}{{ toYaml $mounts_ranger_agent_engine.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-etc-ranger-agent + emptyDir: {} - name: ranger-agent-bin configMap: name: ranger-agent-bin defaultMode: 0555 - name: ranger-agent-etc - configMap: - name: ranger-agent-etc + secret: + secretName: ranger-agent-etc defaultMode: 0444 {{ if $mounts_ranger_agent_engine.volumes}}{{ toYaml $mounts_ranger_agent_engine.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/ranger-agent/templates/job-ks-user-ranger.yaml b/ranger-agent/templates/job-ks-user-ranger.yaml new file mode 100755 index 00000000..081c1468 --- /dev/null +++ b/ranger-agent/templates/job-ks-user-ranger.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_user_ranger }} +{{- $ksUserJob := dict "envAll" . "serviceName" "ranger-agent" "serviceUser" "ranger" -}} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} +{{- end }} diff --git a/ranger-agent/templates/secret-ingress-tls.yaml b/ranger-agent/templates/secret-ingress-tls.yaml new file mode 100755 index 00000000..a2ab1822 --- /dev/null +++ b/ranger-agent/templates/secret-ingress-tls.yaml @@ -0,0 +1,19 @@ +{{/* +Copyright 2017-2018 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_ingress_tls }} +{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "ranger-agent" ) }} +{{- end }} diff --git a/ranger-agent/templates/secret-keystone.yaml b/ranger-agent/templates/secret-keystone.yaml index 06805ed9..4e4c2a57 100755 --- a/ranger-agent/templates/secret-keystone.yaml +++ b/ranger-agent/templates/secret-keystone.yaml @@ -16,7 +16,7 @@ limitations under the License. {{- if .Values.manifests.secret_keystone }} {{- $envAll := . }} -{{- range $key1, $userClass := tuple "admin" "ranger_agent" }} +{{- range $key1, $userClass := tuple "admin" "ranger" "ranger_agent" }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }} --- apiVersion: v1 diff --git a/ranger-agent/values.yaml b/ranger-agent/values.yaml index f412e1d7..93d24b16 100755 --- a/ranger-agent/values.yaml +++ b/ranger-agent/values.yaml @@ -66,13 +66,13 @@ conf: ranger_agent: DEFAULT: api_workers: 1 - debug: False - verbose: True - pecan_debug: True + debug: false + verbose: true + pecan_debug: true repo_connection_timeout: 120 resource_creation_timeout_min: 1200 resource_creation_timeout_max: 14400 - log_dir: /var/log/ranger-agent + use_stderr: true api_paste_config: /etc/ranger-agent/api-paste.ini local_repo: ranger_repo resource_status_check_wait: 15 @@ -174,11 +174,16 @@ dependencies: services: - service: oslo_messaging endpoint: internal + image_repo_sync: + services: + - endpoint: internal + service: local_image_registry # Names of secrets used and environmental checks secrets: identity: admin: admin + ranger: ranger-admin ranger_agent: ranger-agent-admin oslo_db: admin: ranger-agent-db-admin @@ -186,12 +191,28 @@ secrets: oslo_messaging: admin: ranger-agent-rabbitmq-admin ranger-agent: ranger-agent-rabbitmq-user + tls: + ranger-agent: + api: + public: ranger-agent # typically overridden by environmental # values, but should include all endpoints # required by this chart endpoints: cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 oslo_db: auth: admin: @@ -239,7 +260,8 @@ endpoints: ranger_rds: name: rds-url hosts: - default: rds-server + default: rds + public: rds-public host_fqdn_override: default: null path: @@ -249,6 +271,7 @@ endpoints: port: rds: default: 8777 + public: 80 identity: name: keystone auth: @@ -267,9 +290,23 @@ endpoints: project_name: service user_domain_name: default project_domain_name: default + ranger: + role: + - admin + - admin_support + - admin_viewer + - customer_creator + - flavor_creator + - admin_image + region_name: RegionOne + username: ranger-admin + password: password + project_name: service + user_domain_name: default + project_domain_name: default hosts: - default: keystone-api - public: keystone + default: keystone + internal: keystone-api host_fqdn_override: default: null path: @@ -277,10 +314,9 @@ endpoints: scheme: default: http port: - admin: - default: 35357 api: default: 80 + internal: 5000 image: name: glance hosts: @@ -316,6 +352,13 @@ endpoints: hosts: default: ranger-api public: ranger-agent + # NOTE: this chart supports TLS for fqdn over-ridden public + # endpoints using the following format: + # public: + # host: null + # tls: + # crt: null + # key: null host_fqdn_override: default: null path: @@ -459,6 +502,7 @@ manifests: secret_keystone: true secret_ssh_key: true secret_rabbitmq: true + secret_ingress_tls: true job_db_init: true job_db_sync: true job_db_drop: false @@ -466,6 +510,7 @@ manifests: job_ks_endpoints: true job_ks_service: true job_ks_user: true + job_ks_user_ranger: true job_rabbit_init: true pdb_api: true pod_test: true diff --git a/ranger/Chart.yaml b/ranger/Chart.yaml new file mode 100755 index 00000000..55a5c1dd --- /dev/null +++ b/ranger/Chart.yaml @@ -0,0 +1,22 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: OpenStack-Helm Ranger +name: ranger +version: 0.1.0 +icon: https://git.openstack.org/cgit/openstack/ranger/plain/public/images/logo.png +sources: + - https://git.openstack.org/cgit/openstack/ranger + - https://git.openstack.org/cgit/openstack/openstack-helm-addons +maintainers: + - name: OpenStack-Helm Authors diff --git a/ranger/requirements.yaml b/ranger/requirements.yaml new file mode 100755 index 00000000..53782e69 --- /dev/null +++ b/ranger/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/ranger/templates/bin/_db-sync.sh.tpl b/ranger/templates/bin/_db-sync.sh.tpl new file mode 100755 index 00000000..e9716536 --- /dev/null +++ b/ranger/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +exec ranger-dbsync diff --git a/ranger/templates/bin/_health-check.sh.tpl b/ranger/templates/bin/_health-check.sh.tpl new file mode 100755 index 00000000..0a878188 --- /dev/null +++ b/ranger/templates/bin/_health-check.sh.tpl @@ -0,0 +1,44 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +COMMAND="${@:-allservicesreadiness}" + +function allservicesreadiness () { + allservicesliveness +} + +function allservicesliveness () { + IS_CMS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-cms" {print $8}') + IS_RMS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-rms" {print $8}') + IS_IMS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-ims" {print $8}') + IS_FMS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-fms" {print $8}') + IS_RDS_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-rds" {print $8}') + IS_UUID_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-uuidgen" {print $8}') + IS_AUDIT_RUNNING=$(ps aux|awk '$12 == "/usr/local/bin/ranger-audit" {print $8}') + + for process in "$IS_UUID_RUNNING" "$IS_AUDIT_RUNNING" "$IS_IMS_RUNNING" "$IS_RMS_RUNNING" "$IS_CMS_RUNNING" "$IS_RDS_RUNNING" "$IS_FMS_RUNNING"; do + if [ -z "$process" ]; then + exit 1 + fi + done + + exit 0 +} +$COMMAND \ No newline at end of file diff --git a/ranger/templates/bin/_ranger-services.sh.tpl b/ranger/templates/bin/_ranger-services.sh.tpl new file mode 100755 index 00000000..cf28b8c9 --- /dev/null +++ b/ranger/templates/bin/_ranger-services.sh.tpl @@ -0,0 +1,65 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +COMMAND="${@:-start}" + +function start () { + +if [ -n "${SSH_KEY}" ] && [ -n "${SSH_KEY_CONFIGURATION}" ];then + if [[ $(stat -c %F ${USER_HOME}/.ssh) = "directory" ]]; then + rm -fr ${USER_HOME}/.ssh + fi + + mkdir -p ${USER_HOME}/.ssh + echo -e "${SSH_KEY}" >>${USER_HOME}/.ssh/${SSH_KEY_FILE} + echo -e "${SSH_KEY_CONFIGURATION}" >>${USER_HOME}/.ssh/config + + chown ranger: ${USER_HOME}/.ssh + chmod 0700 -R ${USER_HOME}/.ssh + chmod 0644 ${USER_HOME}/.ssh/config + chmod 0600 ${USER_HOME}/.ssh/${SSH_KEY_FILE} + + git config --global user.name ${REPO_USER} + git config --global user.email ${REPO_ACCOUNT} + git clone ${REMOTE_REPO} ${LOCAL_REPO} +fi + +if [ -n "${CERT_LOCATION}" ];then + echo -e "${CERT_FILE}" >>${CERT_LOCATION} + chmod 0644 ${CERT_LOCATION} +fi + + exec ranger-uuidgen & + exec ranger-audit & + exec ranger-rms & + exec ranger-rds & + exec ranger-cms & + exec ranger-fms & + exec ranger-ims + +} + +function stop() { + + kill -TERM 1 + +} + +$COMMAND \ No newline at end of file diff --git a/ranger/templates/bin/_ranger-test.sh.tpl b/ranger/templates/bin/_ranger-test.sh.tpl new file mode 100755 index 00000000..991e9d23 --- /dev/null +++ b/ranger/templates/bin/_ranger-test.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex \ No newline at end of file diff --git a/ranger/templates/configmap-bin.yaml b/ranger/templates/configmap-bin.yaml new file mode 100755 index 00000000..0f3639af --- /dev/null +++ b/ranger/templates/configmap-bin.yaml @@ -0,0 +1,39 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: ranger-bin +data: + db-init.py: |+ +{{- include "helm-toolkit.scripts.db_init" . | indent 4 }} + db-sync.sh: |+ +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + db-drop.py: |+ +{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }} + ranger-services.sh: | +{{ tuple "bin/_ranger-services.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + health-check.sh: |+ +{{ tuple "bin/_health-check.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + ranger-test.sh: |+ +{{ tuple "bin/_ranger-test.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + rabbit-init.sh: | +{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }} +{{- end }} diff --git a/ranger/templates/configmap-etc.yaml b/ranger/templates/configmap-etc.yaml new file mode 100755 index 00000000..77102925 --- /dev/null +++ b/ranger/templates/configmap-etc.yaml @@ -0,0 +1,70 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_etc }} +{{- $envAll := . }} + +{{- if empty .Values.conf.ranger.database.connection -}} +{{- $_ := tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ranger.database "connection" -}} +{{- end -}} +{{- if empty .Values.conf.ranger.keystone_authtoken.username -}} +{{- $_ := set .Values.conf.ranger.keystone_authtoken "username" .Values.endpoints.identity.auth.ranger.username -}} +{{- end -}} +{{- if empty .Values.conf.ranger.keystone_authtoken.password -}} +{{- $_ := set .Values.conf.ranger.keystone_authtoken "password" .Values.endpoints.identity.auth.ranger.password -}} +{{- end -}} +{{- if empty .Values.conf.ranger.keystone_authtoken.project_name -}} +{{- $_ := set .Values.conf.ranger.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ranger.project_name -}} +{{- end -}} +{{- if empty .Values.conf.ranger.cli.base_region -}} +{{- $_ := set .Values.conf.ranger.cli "base_region" .Values.endpoints.identity.auth.ranger.region_name -}} +{{- end -}} +{{- if empty .Values.conf.ranger.keystone_authtoken.project_domain_name -}} +{{- $_ := set .Values.conf.ranger.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.ranger.project_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.ranger.keystone_authtoken.user_domain_name -}} +{{- $_ := set .Values.conf.ranger.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.ranger.user_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.ranger.cms.port -}} +{{- $_ := tuple "cms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.cms "port" -}} +{{- end -}} +{{- if empty .Values.conf.ranger.fms.port -}} +{{- $_ := tuple "fms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.fms "port" -}} +{{- end -}} +{{- if empty .Values.conf.ranger.ims.port -}} +{{- $_ := tuple "ims" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.ims "port" -}} +{{- end -}} +{{- if empty .Values.conf.ranger.rms.port -}} +{{- $_ := tuple "rms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.rms "port" -}} +{{- end -}} +{{- if empty .Values.conf.ranger.rds.port -}} +{{- $_ := tuple "rds" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.rds "port" -}} +{{- end -}} +{{- if empty .Values.conf.ranger.uuid.port -}} +{{- $_ := tuple "uuid" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.uuid "port" -}} +{{- end -}} +{{- if empty .Values.conf.ranger.audit.port -}} +{{- $_ := tuple "audit" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.ranger.audit "port" -}} +{{- end -}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: ranger-etc +type: Opaque +data: + ranger.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ranger | b64enc }} +{{- end }} diff --git a/ranger/templates/deployment-ranger-services.yaml b/ranger/templates/deployment-ranger-services.yaml new file mode 100755 index 00000000..78551cac --- /dev/null +++ b/ranger/templates/deployment-ranger-services.yaml @@ -0,0 +1,167 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if .Values.manifests.deployment_ranger_services }} +{{- $envAll := . }} + +{{- $mounts_ranger := .Values.pod.mounts.ranger.ranger }} +{{- $mounts_ranger_init := .Values.pod.mounts.ranger.init_container }} + +{{- $serviceAccountName := "ranger-services" }} +{{ tuple $envAll "ranger" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: {{ $serviceAccountName }} +spec: + replicas: {{ .Values.pod.replicas.ranger }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccountName: {{ $serviceAccountName }} + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + affinity: +{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.ranger.node_selector_key }}: {{ .Values.labels.ranger.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.ranger.timeout | default "30" }} + initContainers: +{{ tuple $envAll "ranger" $mounts_ranger_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: ranger-services + image: {{ .Values.images.tags.ranger }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.ranger | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + runAsUser: {{ .Values.pod.user.ranger.uid }} + env: + - name: USER + valueFrom: + secretKeyRef: + name: ranger-ssh-secret + key: USER + - name: USER_HOME + valueFrom: + secretKeyRef: + name: ranger-ssh-secret + key: USER_HOME + - name: SSH_KEY_FILE + valueFrom: + secretKeyRef: + name: ranger-ssh-secret + key: SSH_KEY_FILE + - name: SSH_KEY + valueFrom: + secretKeyRef: + name: ranger-ssh-secret + key: RANGER_PRIVATE_KEY + - name: SSH_KEY_CONFIGURATION + valueFrom: + secretKeyRef: + name: ranger-ssh-secret + key: RANGER_SSH_CONFIG + - name: REPO_USER + value: {{ .Values.conf.ranger.rds.repo_user }} + - name: REPO_ACCOUNT + value: {{ .Values.conf.ranger.rds.repo_email }} + - name: LOCAL_REPO + value: {{ .Values.conf.ranger.rds.repo_local_location }} + - name: REMOTE_REPO + value: {{ .Values.conf.ranger.rds.repo_remote_location }} + {{- if .Values.conf.ranger.DEFAULT.ranger_agent_https_enable }} + - name: CERT_LOCATION + value: {{ .Values.conf.ranger.DEFAULT.ranger_agent_client_cert_path }} + - name: CERT_FILE + valueFrom: + secretKeyRef: + name: ranger-ssh-secret + key: CERT_FILE + {{- end }} + - name: CMS_SERVICE_URL + value: {{ tuple "cms" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} + command: + - /tmp/ranger-services.sh + - start + lifecycle: + preStop: + exec: + command: + - stop + ports: + - name: cms + containerPort: {{ tuple "cms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + - name: ims + containerPort: {{ tuple "ims" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + - name: fms + containerPort: {{ tuple "fms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + - name: rms + containerPort: {{ tuple "rms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + - name: rds + containerPort: {{ tuple "rds" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + - name: uuid + containerPort: {{ tuple "uuid" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + - name: audit + containerPort: {{ tuple "audit" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + livenessProbe: + initialDelaySeconds: 30 + timeoutSeconds: 10 + exec: + command: + - /tmp/health-check.sh + - allservicesliveness + readinessProbe: + initialDelaySeconds: 30 + timeoutSeconds: 10 + exec: + command: + - /tmp/health-check.sh + - allservicesreadiness + volumeMounts: + - name: pod-etc-ranger + mountPath: /etc/ranger + - name: ranger-bin + mountPath: /tmp/ranger-services.sh + subPath: ranger-services.sh + readOnly: true + - name: ranger-bin + mountPath: /tmp/health-check.sh + subPath: health-check.sh + readOnly: true + - name: ranger-etc + mountPath: /etc/ranger/ranger.conf + subPath: ranger.conf + readOnly: true +{{ if $mounts_ranger.volumeMounts }}{{ toYaml $mounts_ranger.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-etc-ranger + emptyDir: {} + - name: ranger-bin + configMap: + name: ranger-bin + defaultMode: 0555 + - name: ranger-etc + secret: + secretName: ranger-etc + defaultMode: 0444 +{{ if $mounts_ranger.volumes}}{{ toYaml $mounts_ranger.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/ranger/templates/ingress-ranger.yaml b/ranger/templates/ingress-ranger.yaml new file mode 100755 index 00000000..2f7625e1 --- /dev/null +++ b/ranger/templates/ingress-ranger.yaml @@ -0,0 +1,51 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.ingress_cms .Values.network.cms.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendService" "cms" "backendServiceType" "cms" "backendPort" "cms" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} + +{{- if and .Values.manifests.ingress_fms .Values.network.fms.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendService" "fms" "backendServiceType" "fms" "backendPort" "fms" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} + +{{- if and .Values.manifests.ingress_ims .Values.network.ims.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendService" "ims" "backendServiceType" "ims" "backendPort" "ims" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} + +{{- if and .Values.manifests.ingress_rms .Values.network.rms.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendService" "rms" "backendServiceType" "rms" "backendPort" "rms" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} + +{{- if and .Values.manifests.ingress_rds .Values.network.rds.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendService" "rds" "backendServiceType" "rds" "backendPort" "rds" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} + +{{- if .Values.manifests.ingress_uuid }} +{{- $ingressOpts := dict "envAll" . "backendService" "uuid" "backendServiceType" "uuid" "backendPort" "uuid" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} + +{{- if .Values.manifests.ingress_audit }} +{{- $ingressOpts := dict "envAll" . "backendService" "audit" "backendServiceType" "audit" "backendPort" "audit" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} + diff --git a/ranger/templates/job-db-drop.yaml b/ranger/templates/job-db-drop.yaml new file mode 100755 index 00000000..6d352a38 --- /dev/null +++ b/ranger/templates/job-db-drop.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_drop }} +{{- $dbInitJob := dict "envAll" . "serviceName" "ranger" -}} +{{ $dbInitJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} +{{- end }} diff --git a/ranger/templates/job-db-init.yaml b/ranger/templates/job-db-init.yaml new file mode 100755 index 00000000..1723a84b --- /dev/null +++ b/ranger/templates/job-db-init.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_init }} +{{- $dbInitJob := dict "envAll" . "serviceName" "ranger" -}} +{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} +{{- end }} diff --git a/ranger/templates/job-db-sync.yaml b/ranger/templates/job-db-sync.yaml new file mode 100755 index 00000000..7ee024d0 --- /dev/null +++ b/ranger/templates/job-db-sync.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_sync }} +{{- $dbSyncJob := dict "envAll" . "serviceName" "ranger" -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} +{{- end }} diff --git a/ranger/templates/job-image-repo-sync.yaml b/ranger/templates/job-image-repo-sync.yaml new file mode 100755 index 00000000..026c456a --- /dev/null +++ b/ranger/templates/job-image-repo-sync.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} +{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "ranger" -}} +{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} +{{- end }} diff --git a/ranger/templates/pdb-api.yaml b/ranger/templates/pdb-api.yaml new file mode 100755 index 00000000..9c37c303 --- /dev/null +++ b/ranger/templates/pdb-api.yaml @@ -0,0 +1,29 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.pdb_api }} +{{- $envAll := . }} +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: ranger +spec: + minAvailable: {{ .Values.pod.lifecycle.disruption_budget.ranger.min_available }} + selector: + matchLabels: +{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{- end }} diff --git a/ranger/templates/pod-test.yaml b/ranger/templates/pod-test.yaml new file mode 100755 index 00000000..b2ab9c17 --- /dev/null +++ b/ranger/templates/pod-test.yaml @@ -0,0 +1,59 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.pod_test }} +{{- $envAll := . }} + +{{- $mounts_tests := .Values.pod.mounts.ranger_tests.ranger_tests }} +{{- $mounts_tests_init := .Values.pod.mounts.ranger_tests.init_container }} + +{{- $serviceAccountName := print $envAll.Release.Name "-test" }} +{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: v1 +kind: Pod +metadata: + name: "{{$envAll.Release.Name}}-test" + annotations: + "helm.sh/hook": test-success +spec: + serviceAccountName: {{ $serviceAccountName }} + nodeSelector: + {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} + restartPolicy: Never + initContainers: +{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }} + containers: + - name: {{.Release.Name}}-test + image: {{ .Values.images.tags.scripted_test }} + env: + - name: RANGER_SERVICE_URL + value: {{ tuple "cms" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} + command: + - /tmp/ranger-test.sh + volumeMounts: + - name: ranger-bin + mountPath: /tmp/ranger-test.sh + subPath: ranger-test.sh + readOnly: true +{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} + volumes: + - name: ranger-bin + configMap: + name: ranger-bin + defaultMode: 0555 +{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }} +{{- end }} diff --git a/ranger/templates/secret-db.yaml b/ranger/templates/secret-db.yaml new file mode 100755 index 00000000..ac9006f7 --- /dev/null +++ b/ranger/templates/secret-db.yaml @@ -0,0 +1,30 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_db }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "ranger" }} +{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} +{{- end }} +{{- end }} diff --git a/ranger/templates/secret-ingress-tls.yaml b/ranger/templates/secret-ingress-tls.yaml new file mode 100755 index 00000000..02d2bcdc --- /dev/null +++ b/ranger/templates/secret-ingress-tls.yaml @@ -0,0 +1,23 @@ +{{/* +Copyright 2017-2018 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_ingress_tls }} +{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "cms" ) }} +{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "fms" ) }} +{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "ims" ) }} +{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "rms" ) }} +{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "rds" ) }} +{{- end }} diff --git a/ranger/templates/secret-ssh-key.yaml b/ranger/templates/secret-ssh-key.yaml new file mode 100755 index 00000000..4c62f644 --- /dev/null +++ b/ranger/templates/secret-ssh-key.yaml @@ -0,0 +1,34 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_ssh_key }} +{{- $envAll := . }} +{{- $key_location := .Values.conf.ssh.key_location }} +{{- $secretName := "ranger-ssh-secret" }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + USER: {{ .Values.conf.ssh.user | b64enc }} + USER_HOME: {{ .Values.conf.ssh.user_home | b64enc }} + SSH_KEY_FILE: {{ .Values.conf.ssh.ssh_key_file | b64enc }} + RANGER_PRIVATE_KEY: {{ .Values.conf.ssh.ssh_key | default "" | b64enc }} + RANGER_SSH_CONFIG: {{ .Values.conf.ssh.ssh_config | default "" | b64enc }} + CERT_FILE: {{ .Values.conf.cert.ranger_agent_client_cert | default "" | b64enc }} +{{- end }} diff --git a/ranger/templates/service-ingress-cms.yaml b/ranger/templates/service-ingress-cms.yaml new file mode 100755 index 00000000..f7ce52de --- /dev/null +++ b/ranger/templates/service-ingress-cms.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.service_ingress_cms .Values.network.cms.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "cms" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} +{{- end }} diff --git a/ranger/templates/service-ingress-fms.yaml b/ranger/templates/service-ingress-fms.yaml new file mode 100755 index 00000000..7aaca7ee --- /dev/null +++ b/ranger/templates/service-ingress-fms.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.service_ingress_fms .Values.network.fms.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "fms" "backendPort" "fms" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} +{{- end }} diff --git a/ranger/templates/service-ingress-ims.yaml b/ranger/templates/service-ingress-ims.yaml new file mode 100755 index 00000000..4671d0da --- /dev/null +++ b/ranger/templates/service-ingress-ims.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.service_ingress_ims .Values.network.ims.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "ims" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} +{{- end }} diff --git a/ranger/templates/service-ingress-rds.yaml b/ranger/templates/service-ingress-rds.yaml new file mode 100755 index 00000000..5b4b64cb --- /dev/null +++ b/ranger/templates/service-ingress-rds.yaml @@ -0,0 +1,21 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.service_ingress_rds .Values.network.rds.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "rds" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} +{{- end }} + diff --git a/ranger/templates/service-ingress-rms.yaml b/ranger/templates/service-ingress-rms.yaml new file mode 100755 index 00000000..417bb8d2 --- /dev/null +++ b/ranger/templates/service-ingress-rms.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.service_ingress_rms .Values.network.rms.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "rms" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} +{{- end }} \ No newline at end of file diff --git a/ranger/templates/service-ranger.yaml b/ranger/templates/service-ranger.yaml new file mode 100755 index 00000000..d9273e49 --- /dev/null +++ b/ranger/templates/service-ranger.yaml @@ -0,0 +1,180 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_cms }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "cms" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: cms + port: {{ tuple "cms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- if .Values.network.cms.node_port.enabled }} + nodePort: {{ .Values.network.cms.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.cms.node_port.enabled }} + type: NodePort + {{- if .Values.network.cms.external_policy_local }} + externalTrafficPolicy: Local + {{ end }} + {{ end }} +{{- end }} + +{{- if .Values.manifests.service_fms }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "fms" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: fms + port: {{ tuple "fms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- if .Values.network.fms.node_port.enabled }} + nodePort: {{ .Values.network.fms.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.fms.node_port.enabled }} + type: NodePort + {{- if .Values.network.fms.external_policy_local }} + externalTrafficPolicy: Local + {{ end }} + {{ end }} +{{- end }} + +{{- if .Values.manifests.service_ims }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "ims" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: ims + port: {{ tuple "ims" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- if .Values.network.ims.node_port.enabled }} + nodePort: {{ .Values.network.ims.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.ims.node_port.enabled }} + type: NodePort + {{- if .Values.network.ims.external_policy_local }} + externalTrafficPolicy: Local + {{ end }} + {{ end }} +{{- end }} +{{- if .Values.manifests.service_rms }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "rms" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: rms + port: {{ tuple "rms" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- if .Values.network.rms.node_port.enabled }} + nodePort: {{ .Values.network.rms.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.rms.node_port.enabled }} + type: NodePort + {{- if .Values.network.rms.external_policy_local }} + externalTrafficPolicy: Local + {{ end }} + {{ end }} +{{- end }} +{{- if .Values.manifests.service_rds }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "rds" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: rds + port: {{ tuple "rds" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- if .Values.network.rds.node_port.enabled }} + nodePort: {{ .Values.network.rds.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.rds.node_port.enabled }} + type: NodePort + {{- if .Values.network.rds.external_policy_local }} + externalTrafficPolicy: Local + {{ end }} + {{ end }} +{{- end }} +{{- if .Values.manifests.service_uuid }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "uuid" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: uuid + port: {{ tuple "uuid" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- if .Values.network.uuid.node_port.enabled }} + nodePort: {{ .Values.network.uuid.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.uuid.node_port.enabled }} + type: NodePort + {{- if .Values.network.uuid.external_policy_local }} + externalTrafficPolicy: Local + {{ end }} + {{ end }} +{{- end }} +{{- if .Values.manifests.service_audit }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "audit" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: audit + port: {{ tuple "audit" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- if .Values.network.audit.node_port.enabled }} + nodePort: {{ .Values.network.audit.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "ranger" "ranger" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.audit.node_port.enabled }} + type: NodePort + {{- if .Values.network.audit.external_policy_local }} + externalTrafficPolicy: Local + {{ end }} + {{ end }} +{{- end }} + diff --git a/ranger/values.yaml b/ranger/values.yaml new file mode 100755 index 00000000..1e434b19 --- /dev/null +++ b/ranger/values.yaml @@ -0,0 +1,516 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for ranger. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +release_group: null + +labels: + ranger: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + test: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +images: + tags: + ranger: docker.io/hosingh000/ranger:0.1.0 + ranger_db_sync: docker.io/hosingh000/ranger:0.1.0 + db_drop: docker.io/openstackhelm/heat:newton + db_init: docker.io/openstackhelm/heat:newton + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 + scripted_test: docker.io/openstackhelm/heat:newton + image_repo_sync: docker.io/docker:17.07.0 + pull_policy: "IfNotPresent" + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync +conf: + ranger: + DEFAULT: + protocol: http + log_level: INFO + orm_host: 0.0.0.0 + pecan_debug: True + ranger_base: '/home/ranger/ranger' + ssl_verify: False + log_location: '/var/log/ranger' + ranger_agent_https_enable: False + ranger_agent_client_cert_path: '' + cms: + log: cms.log + fms: + log: fms.log + ims: + log: ims.log + rms: + log: rms.log + rds: + log: rds.log + repo_local_location: /home/ranger/git_repo + repo_remote_location: git@127.0.0.1:/home/repo/ORM.git + repo_user: orm + repo_email: orm@test.com + uuid: + log: uuid.log + audit: + log: audit.log + cli: + base_region: RegionOne + database: + max_retries: -1 + keystone_authtoken: + auth_type: password + auth_version: v3 + ssh: + user: ranger + user_home: /home/ranger + ssh_key_file: ranger + ssh_key: null + ssh_config: null + cert: + ranger_agent_client_cert: null + +network: + cms: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + external_policy_local: false + node_port: + enabled: false + port: 37080 + fms: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + external_policy_local: false + node_port: + enabled: false + port: 38082 + ims: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + external_policy_local: false + node_port: + enabled: false + port: 38084 + rms: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + external_policy_local: false + node_port: + enabled: false + port: 38080 + audit: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + external_policy_local: false + node_port: + enabled: false + port: 38776 + rds: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + external_policy_local: false + node_port: + enabled: false + port: 38777 + uuid: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + external_policy_local: false + node_port: + enabled: false + port: 38090 + + +dependencies: + dynamic: + common: + local_image_registry: + jobs: + - keystone-image-repo-sync + services: + - endpoint: node + service: local_image_registry + static: + ranger: + jobs: + - ranger-db-sync + services: + - service: oslo_db + endpoint: internal + db_sync: + jobs: + - ranger-db-init + services: + - service: oslo_db + endpoint: internal + db_init: + services: + - service: oslo_db + endpoint: internal + db_drop: + services: + - service: oslo_db + endpoint: internal + image_repo_sync: + services: + - service: local_image_registry + endpoint: internal + +# Names of secrets used and environmental checks +secrets: + oslo_db: + admin: ranger-db-admin + ranger: ranger-db-user + tls: + cms: + api: + public: cms + fms: + api: + public: fms + ims: + api: + public: ims + rms: + api: + public: rms + rds: + api: + public: rds + +# typically overriden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + oslo_db: + auth: + admin: + username: root + password: password + ranger: + username: ranger + password: password + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /orm + scheme: mysql+pymysql + port: + mysql: + default: 3306 + oslo_cache: + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + cms: + name: cms + hosts: + default: cms-api + public: cms + # NOTE: this chart supports TLS for fqdn over-ridden public + # endpoints using the following format: + # public: + # host: null + # tls: + # crt: null + # key: null + host_fqdn_override: + default: null + path: + default: /v1/orm/customers + scheme: + default: http + port: + api: + default: 7080 + public: 80 + fms: + name: fms + hosts: + default: fms-api + public: fms + host_fqdn_override: + default: null + path: + default: /v1/orm/flavors + scheme: + default: http + port: + api: + default: 8082 + public: 80 + ims: + name: ims + hosts: + default: ims-api + public: ims + host_fqdn_override: + default: null + path: + default: /v1/orm/images + scheme: + default: http + port: + api: + default: 8084 + public: 80 + rms: + name: rms + hosts: + default: rms-api + public: rms + host_fqdn_override: + default: null + path: + default: /v2/orm/regions + scheme: + default: http + port: + api: + default: 7003 + public: 80 + rds: + name: rds + hosts: + default: rds-api + public: rds + host_fqdn_override: + default: null + path: + default: /v1/rds/status + scheme: + default: http + port: + api: + default: 8777 + public: 80 + uuid: + name: uuid + hosts: + default: uuid-api + host_fqdn_override: + default: null + path: + default: /v1/uuids + scheme: + default: http + port: + api: + default: 7001 + audit: + name: audit + hosts: + default: audit-api + host_fqdn_override: + default: null + path: + default: /v1/audit/transaction + scheme: + default: http + port: + api: + default: 7008 + identity: + name: keystone + auth: + ranger: + role: admin + region_name: RegionOne + username: ranger-admin + password: password + project_name: service + user_domain_name: default + project_domain_name: default + hosts: + default: keystone + internal: keystone-api + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: http + port: + api: + default: 80 + internal: 5000 + +pod: + user: + ranger: + uid: 1000 + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + mounts: + ranger: + init_container: null + ranger: + ranger_tests: + init_container: null + ranger_tests: + replicas: + ranger: 1 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + disruption_budget: + ranger: + min_available: 0 + termination_grace_period: + ranger: + timeout: 30 + resources: + enabled: false + ranger: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + jobs: + db_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_drop: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + tests: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +manifests: + configmap_bin: true + configmap_etc: true + deployment_ranger_services: true + ingress_cms: true + ingress_fms: true + ingress_rms: true + ingress_ims: true + ingress_uuid: true + ingress_audit: true + secret_db: true + secret_ssh_key: true + secret_ingress_tls: true + job_db_init: true + job_db_sync: true + job_db_drop: false + job_image_repo_sync: true + pdb_api: true + pod_test: true + service_ingress_cms: true + service_ingress_fms: true + service_ingress_ims: true + service_ingress_rms: true + service_ingress_rds: true + service_cms: true + service_fms: true + service_ims: true + service_rms: true + service_rds: true + service_uuid: true + service_audit: true +