Chart Runner: Add NFS provisoner and Docker Registry

This PS adds the NFS provisioner and Docker Registry to the OSH-Infra Repo,
these are being used as initial candidates for moving as they are simple
charts and allow the chart runner logic to be developed in the gate
playbooks.

Change-Id: Ie80b8578aafd3fe7252d3dcb603ea6af7586776e
This commit is contained in:
intlabs 2017-10-24 21:57:44 -05:00
parent d4c0e5f8be
commit fd683f4241
57 changed files with 1668 additions and 42 deletions

2
.gitignore vendored
View File

@ -71,3 +71,5 @@ releasenotes/build
# Gate and Check Logs # Gate and Check Logs
logs/ logs/
tools/gate/local-overrides/
tools/gate/playbooks/*.retry

View File

@ -51,7 +51,7 @@ spec:
hostNetwork: true hostNetwork: true
containers: containers:
- name: calico-etcd - name: calico-etcd
image: {{ .Values.images.tags.calico_etcd }} {{ tuple $envAll "calico_etcd" | include "helm-toolkit.snippets.image" | indent 10 }}
env: env:
- name: CALICO_ETCD_IP - name: CALICO_ETCD_IP
valueFrom: valueFrom:

View File

@ -57,7 +57,7 @@ spec:
# container programs network policy and routes on each # container programs network policy and routes on each
# host. # host.
- name: calico-node - name: calico-node
image: {{ .Values.images.tags.calico_node }} {{ tuple $envAll "calico_node" | include "helm-toolkit.snippets.image" | indent 10 }}
env: env:
# The location of the Calico etcd cluster. # The location of the Calico etcd cluster.
- name: ETCD_ENDPOINTS - name: ETCD_ENDPOINTS

View File

@ -55,7 +55,7 @@ spec:
serviceAccountName: calico-policy-controller serviceAccountName: calico-policy-controller
containers: containers:
- name: calico-policy-controller - name: calico-policy-controller
image: {{ .Values.images.tags.calico_kube_policy_controller }} {{ tuple $envAll "calico_kube_policy_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
env: env:
# The location of the Calico etcd cluster. # The location of the Calico etcd cluster.
- name: ETCD_ENDPOINTS - name: ETCD_ENDPOINTS

View File

@ -26,6 +26,9 @@ images:
calico_node: quay.io/calico/node:v2.4.1 calico_node: quay.io/calico/node:v2.4.1
calico_cni: quay.io/calico/cni:v1.10.0 calico_cni: quay.io/calico/cni:v1.10.0
calico_kube_policy_controller: quay.io/calico/kube-policy-controller:v0.7.0 calico_kube_policy_controller: quay.io/calico/kube-policy-controller:v0.7.0
pull_policy: IfNotPresent
registry:
prefix: null
networking: networking:
podSubnet: 192.168.0.0/16 podSubnet: 192.168.0.0/16

View File

@ -42,7 +42,7 @@ spec:
serviceAccountName: flannel serviceAccountName: flannel
containers: containers:
- name: kube-flannel - name: kube-flannel
image: {{ .Values.images.tags.flannel }} {{ tuple $envAll "flannel" | include "helm-toolkit.snippets.image" | indent 10 }}
command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr" ] command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr" ]
securityContext: securityContext:
privileged: true privileged: true

View File

@ -17,6 +17,9 @@
images: images:
tags: tags:
flannel: quay.io/coreos/flannel:v0.8.0-amd64 flannel: quay.io/coreos/flannel:v0.8.0-amd64
pull_policy: IfNotPresent
registry:
prefix: null
networking: networking:
podSubnet: 192.168.0.0/16 podSubnet: 192.168.0.0/16

View File

@ -0,0 +1,27 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "helm-toolkit.snippets.image" -}}
{{- $envAll := index . 0 -}}
{{- $image := index . 1 -}}
{{- $imageTag := index $envAll.Values.images.tags $image -}}
{{- if $envAll.Values.images.registry.prefix -}}
image: {{ printf "%s/%s" $envAll.Values.images.registry.prefix $imageTag | quote }}
{{- else -}}
image: {{ $imageTag | quote }}
{{- end }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
{{- end -}}

View File

@ -51,8 +51,7 @@ spec:
- amd64 - amd64
containers: containers:
- name: kubedns - name: kubedns
image: {{ .Values.images.tags.kube_dns }} {{ tuple $envAll "kube_dns" | include "helm-toolkit.snippets.image" | indent 10 }}
imagePullPolicy: IfNotPresent
args: args:
- --domain={{ .Values.networking.dnsDomain }}. - --domain={{ .Values.networking.dnsDomain }}.
- --dns-port=10053 - --dns-port=10053
@ -103,8 +102,7 @@ spec:
- mountPath: /kube-dns-config - mountPath: /kube-dns-config
name: kube-dns-config name: kube-dns-config
- name: dnsmasq - name: dnsmasq
image: {{ .Values.images.tags.kube_dns_nanny }} {{ tuple $envAll "kube_dns_nanny" | include "helm-toolkit.snippets.image" | indent 10 }}
imagePullPolicy: IfNotPresent
args: args:
- -v=2 - -v=2
- -logtostderr - -logtostderr
@ -144,8 +142,7 @@ spec:
- mountPath: /etc/k8s/dns/dnsmasq-nanny - mountPath: /etc/k8s/dns/dnsmasq-nanny
name: kube-dns-config name: kube-dns-config
- name: sidecar - name: sidecar
image: {{ .Values.images.tags.kube_dns_sidecar }} {{ tuple $envAll "kube_dns_sidecar" | include "helm-toolkit.snippets.image" | indent 10 }}
imagePullPolicy: IfNotPresent
args: args:
- --v=2 - --v=2
- --logtostderr - --logtostderr

View File

@ -19,6 +19,9 @@ images:
kube_dns: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5 kube_dns: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5
kube_dns_nanny: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5 kube_dns_nanny: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5
kube_dns_sidecar: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5 kube_dns_sidecar: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5
pull_policy: IfNotPresent
registry:
prefix: null
networking: networking:
dnsDomain: cluster.local dnsDomain: cluster.local

View File

@ -0,0 +1,24 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
description: OpenStack-Helm NFS
name: nfs-provisioner
version: 0.1.0
home: https://github.com/kubernetes-incubator/external-storage
sources:
- https://github.com/kubernetes-incubator/external-storage
- https://git.openstack.org/cgit/openstack/openstack-helm
maintainers:
- name: OpenStack-Helm Authors

View File

@ -0,0 +1,19 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: 0.1.0

View File

@ -0,0 +1,77 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.deployment }}
{{- $envAll := . }}
---
kind: Deployment
apiVersion: apps/v1beta1
metadata:
name: nfs-provisioner
spec:
replicas: {{ .Values.pod.replicas.server }}
strategy:
type: Recreate
template:
metadata:
labels:
{{ tuple $envAll "nfs" "provisioner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
affinity:
{{ tuple $envAll "nfs" "provisioner" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
containers:
- name: nfs-provisioner
{{ tuple $envAll "nfs_provisioner" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
capabilities:
add:
- DAC_READ_SEARCH
- SYS_RESOURCE
ports:
- name: nfs
containerPort: 2049
- name: mountd
containerPort: 20048
- name: rpcbind
containerPort: 111
- name: rpcbind-udp
containerPort: 111
protocol: UDP
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: SERVICE_NAME
value: {{ tuple "nfs" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
args:
- "-provisioner={{ .Values.storageclass.provisioner }}"
- "-grace-period=10"
volumeMounts:
- name: export-volume
mountPath: /export
volumes:
- name: export-volume
hostPath:
path: {{ .Values.storage.host.host_path }}
{{- end }}

View File

@ -0,0 +1,39 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service }}
{{- $envAll := . }}
---
kind: Service
apiVersion: v1
metadata:
name: {{ tuple "nfs" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
labels:
{{ tuple $envAll "nfs" "provisioner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
ports:
- name: nfs
port: 2049
- name: mountd
port: 20048
- name: rpcbind
port: 111
- name: rpcbind-udp
port: 111
protocol: UDP
selector:
{{ tuple $envAll "nfs" "provisioner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- end }}

View File

@ -0,0 +1,27 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.storage_class }}
{{- $envAll := . }}
---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: {{ .Values.storageclass.name }}
provisioner: {{ .Values.storageclass.provisioner }}
parameters:
mountOptions: vers=4.1
{{- end }}

View File

@ -0,0 +1,74 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for NFS.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
pod:
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
replicas:
#only 1 replica currently supported
server: 1
resources:
enabled: false
server:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
images:
tags:
nfs_provisioner: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.8
pull_policy: IfNotPresent
registry:
prefix: null
storage:
host:
host_path: /var/lib/openstack-helm/nfs
labels:
node_selector_key: openstack-control-plane
node_selector_value: enabled
storageclass:
provisioner: example.com/nfs
name: general
endpoints:
cluster_domain_suffix: cluster.local
nfs:
hosts:
default: nfs-provisioner
host_fqdn_override:
default: null
path: null
scheme: null
port:
nfs:
default: null
manifests:
deployment: true
service: true
storage_class: true

18
redis/Chart.yaml Normal file
View File

@ -0,0 +1,18 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
description: OpenStack-Helm Redis
name: redis
version: 0.1.0

18
redis/requirements.yaml Normal file
View File

@ -0,0 +1,18 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: 0.1.0

View File

@ -0,0 +1,47 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $envAll := . }}
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: redis
spec:
replicas: {{ .Values.pod.replicas.server }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "redis" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
affinity:
{{ tuple $envAll "redis" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
containers:
- name: redis
{{ tuple $envAll "redis" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command: ["sh", "-xec"]
args:
- |
exec redis-server --port {{ .Values.network.port }}
ports:
- containerPort: {{ .Values.network.port }}
readinessProbe:
tcpSocket:
port: {{ .Values.network.port }}

View File

@ -0,0 +1,27 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: redis
spec:
clusterIP: None
ports:
- port: {{ .Values.network.port }}
selector:
{{ tuple $envAll "redis" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}

59
redis/values.yaml Normal file
View File

@ -0,0 +1,59 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for redis.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
images:
tags:
redis: docker.io/redis:4.0.1
pull_policy: "IfNotPresent"
registry:
prefix: null
pod:
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
replicas:
server: 1
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
resources:
enabled: false
server:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "128Mi"
cpu: "500m"
labels:
node_selector_key: openstack-control-plane
node_selector_value: enabled
network:
port: 6379

22
registry/Chart.yaml Normal file
View File

@ -0,0 +1,22 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
description: OpenStack-Helm Docker Registry
name: registry
version: 0.1.0
home: https://github.com/kubernetes/ingress
sources:
- https://git.openstack.org/cgit/openstack/openstack-helm
maintainers:
- name: OpenStack-Helm Authors

View File

@ -0,0 +1,18 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: 0.1.0

View File

@ -0,0 +1,27 @@
#!/bin/sh
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
{{ .Values.bootstrap.script | default "echo 'Not Enabled'" }}
IFS=',' ; for IMAGE in ${PRELOAD_IMAGES}; do
docker pull ${IMAGE}
docker tag ${IMAGE} ${LOCAL_REPO}/${IMAGE}
docker push ${LOCAL_REPO}/${IMAGE}
done

View File

@ -0,0 +1,21 @@
#!/bin/sh
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
exec nginx -g "daemon off;"

View File

@ -0,0 +1,21 @@
#!/bin/sh
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
exec registry serve /etc/docker/registry/config.yml

View File

@ -0,0 +1,31 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_bin }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: registry-bin
data:
bootstrap.sh: |+
{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
registry.sh: |+
{{ tuple "bin/_registry.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
registry-proxy.sh: |+
{{ tuple "bin/_registry-proxy.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}

View File

@ -0,0 +1,38 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_bin }}
{{- $envAll := . }}
{{- if empty .Values.conf.registry.http.addr -}}
{{ cat "0.0.0.0" (tuple "docker_registry" "internal" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup") | replace " " ":" | set .Values.conf.registry.http "addr" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.registry.redis.addr -}}
{{ tuple "redis" "internal" "redis" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.registry.redis "addr" | quote | trunc 0 -}}
{{- end -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: registry-etc
data:
config.yml: |+
{{ toYaml .Values.conf.registry | indent 4 }}
default.conf: |+
{{ tuple "etc/_default.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}

View File

@ -0,0 +1,64 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.daemonset_registry_proxy }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.registry_proxy }}
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: docker-registry-proxy
spec:
template:
metadata:
labels:
{{ tuple $envAll "docker" "registry-proxy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: registry-proxy
{{ tuple $envAll "registry_proxy" | include "helm-toolkit.snippets.image" | indent 8 }}
{{ tuple $envAll $envAll.Values.pod.resources.registry_proxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/registry-proxy.sh
volumeMounts:
- name: registry-bin
mountPath: /tmp/registry-proxy.sh
subPath: registry-proxy.sh
readOnly: true
- name: registry-etc
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
readOnly: true
volumes:
- name: registry-bin
configMap:
name: registry-bin
defaultMode: 0555
- name: registry-etc
configMap:
name: registry-etc
defaultMode: 0444
{{- end }}

View File

@ -0,0 +1,74 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.deployment_registry }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.registry }}
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: docker-registry
spec:
replicas: {{ .Values.pod.replicas.registry }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "docker" "registry" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
affinity:
{{ tuple $envAll "docker" "registry" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: registry
{{ tuple $envAll "registry" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.registry | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
ports:
- name: d-reg
containerPort: {{ tuple "docker_registry" "internal" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
command:
- /tmp/registry.sh
volumeMounts:
- name: registry-bin
mountPath: /tmp/registry.sh
subPath: registry.sh
readOnly: true
- name: registry-etc
mountPath: /etc/docker/registry/config.yml
subPath: config.yml
readOnly: true
- name: docker-images
mountPath: {{ .Values.conf.registry.storage.filesystem.rootdirectory }}
volumes:
- name: registry-bin
configMap:
name: registry-bin
defaultMode: 0555
- name: registry-etc
configMap:
name: registry-etc
defaultMode: 0444
- name: docker-images
persistentVolumeClaim:
claimName: docker-images
{{- end }}

View File

@ -0,0 +1,28 @@
# Docker registry proxy for api version 2
upstream docker-registry {
server {{ tuple "docker_registry" "internal" "registry" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }};
}
# No client auth or TLS
# TODO(bacongobbler): experiment with authenticating the registry if it's using TLS
server {
listen {{ tuple "docker_registry" "public" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }};
server_name localhost;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
chunked_transfer_encoding on;
location / {
# Do not allow connections from docker 1.5 and earlier
# docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
return 404;
}
include docker-registry.conf;
}
}

View File

@ -0,0 +1,64 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_bootstrap }}
{{- $envAll := . }}
{{- if .Values.bootstrap.enabled }}
{{- $dependencies := .Values.dependencies.bootstrap }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: docker-bootstrap
spec:
template:
metadata:
labels:
{{ tuple $envAll "docker" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: docker-bootstrap
{{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: LOCAL_REPO
value: "localhost:{{ tuple "docker_registry" "public" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
- name: PRELOAD_IMAGES
value: "{{ include "helm-toolkit.utils.joinListWithComma" .Values.bootstrap.preload_images }}"
command:
- /tmp/bootstrap.sh
volumeMounts:
- name: registry-bin
mountPath: /tmp/bootstrap.sh
subPath: bootstrap.sh
readOnly: true
- name: docker-socket
mountPath: /var/run/docker.sock
volumes:
- name: registry-bin
configMap:
name: registry-bin
defaultMode: 0555
- name: docker-socket
hostPath:
path: /var/run/docker.sock
{{- end }}
{{- end }}

View File

@ -0,0 +1,30 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.pvc_images }}
{{- $envAll := . }}
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: docker-images
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: {{ .Values.volume.size }}
storageClassName: {{ .Values.volume.class_name }}
{{- end }}

View File

@ -0,0 +1,36 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_registry }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "docker_registry" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: d-reg
port: {{ tuple "docker_registry" "internal" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ if .Values.network.registry.node_port.enabled }}
nodePort: {{ .Values.network.registry.node_port.port }}
{{ end }}
selector:
{{ tuple $envAll "docker" "registry" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ if .Values.network.registry.node_port.enabled }}
type: NodePort
{{ end }}
{{- end }}

167
registry/values.yaml Normal file
View File

@ -0,0 +1,167 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for docker registry.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
labels:
node_selector_key: openstack-control-plane
node_selector_value: enabled
release_group: null
images:
tags:
registry: docker.io/registry:2
registry_proxy: gcr.io/google_containers/kube-registry-proxy:0.4
bootstrap: docker.io/docker:17.07.0
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
pull_policy: "IfNotPresent"
registry:
prefix: null
volume:
class_name: general
size: 2Gi
network:
registry:
ingress:
public: false
node_port:
enabled: false
port: 5000
conf:
registry:
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: redis
filesystem:
rootdirectory: /var/lib/registry
http:
secret: not-so-secret-secret
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
redis:
addr: null
pod:
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
replicas:
registry: 1
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
resources:
enabled: false
registry:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
registry_proxy:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
bootstrap:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
bootstrap:
enabled: true
script:
docker info
preload_images:
- gcr.io/google_containers/ubuntu-slim:0.14
dependencies:
registry:
services:
- service: redis
endpoint: internal
registry_proxy:
services:
- service: docker_registry
endpoint: internal
bootstrap:
daemonset:
- docker-registry-proxy
services:
- service: docker_registry
endpoint: internal
endpoints:
cluster_domain_suffix: cluster.local
docker_registry:
name: docker-registry
hosts:
default: docker-registry
host_fqdn_override:
default: null
path:
default: null
scheme:
default: http
port:
registry:
default: 5000
redis:
namespace: null
hosts:
default: redis
host_fqdn_override:
default: null
port:
redis:
default: 6379
manifests:
configmap_bin: true
daemonset_registry_proxy: true
deployment_registry: true
job_bootstrap: true
pvc_images: true
service_registry: true

18
tiller/requirements.yaml Normal file
View File

@ -0,0 +1,18 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: 0.1.0

View File

@ -46,8 +46,7 @@ spec:
value: {{ .Release.Namespace }} value: {{ .Release.Namespace }}
- name: TILLER_HISTORY_MAX - name: TILLER_HISTORY_MAX
value: "0" value: "0"
image: gcr.io/kubernetes-helm/tiller:v2.7.0-rc1 {{ tuple $envAll "tiller" | include "helm-toolkit.snippets.image" | indent 8 }}
imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
httpGet: httpGet:

31
tiller/values.yaml Normal file
View File

@ -0,0 +1,31 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for helm tiller
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
labels:
node_selector_key: openstack-control-plane
node_selector_value: enabled
release_group: null
images:
tags:
tiller: gcr.io/kubernetes-helm/tiller:v2.7.0-rc1
pull_policy: "IfNotPresent"
registry:
prefix: null

View File

@ -33,14 +33,8 @@
shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository' shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository'
register: helm_server_running register: helm_server_running
ignore_errors: True ignore_errors: True
- name: launching local helm server via systemd
when: ( ansible_distribution == 'Fedora' ) and ( helm_server_running | failed )
shell: |
export XDG_RUNTIME_DIR="/run/user/$UID"
export DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus"
systemd-run --user --unit helm-server helm serve
- name: launching local helm server via shell - name: launching local helm server via shell
when: ( ansible_distribution != 'Fedora' ) and ( helm_server_running | failed ) when: helm_server_running | failed
shell: helm serve & shell: helm serve &
- name: wait for helm server to be ready - name: wait for helm server to be ready
shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository' shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository'

View File

@ -0,0 +1,22 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: remove osh directory
become: yes
become_user: root
file:
path: "{{ item }}"
state: absent
with_items:
- /var/lib/openstack-helm

View File

@ -0,0 +1,32 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This set of tasks creates over-rides that need to be generated dyamicly and
# injected at runtime.
- name: Ensure docker python packages deployed
include_role:
name: deploy-package
tasks_from: pip
vars:
packages:
- yq
- name: setup directorys on host
file:
path: "{{ work_dir }}/tools/gate/local-overrides/"
state: directory
- name: generate overides for bootstrap-registry-registry release
shell: "./tools/image-repo-overides.sh > ./tools/gate/local-overrides/bootstrap-registry-registry.yaml"
args:
chdir: "{{ work_dir }}"

View File

@ -0,0 +1,55 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: installing OS-H dev tools
include_role:
name: deploy-package
tasks_from: dist
vars:
packages:
deb:
- git
- make
- curl
- ca-certificates
- jq
rpm:
- git
- make
- curl
- jq
- block:
- name: removing jq binary on centos
become: true
become_user: root
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
file:
path: "{{ item }}"
state: absent
with_items:
- /usr/bin/jq
- name: installing jq 1.5 binary for centos
become: true
become_user: root
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
get_url:
url: https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64
dest: /usr/bin/jq
mode: 0555
- name: assemble charts
make:
chdir: "{{ work_dir }}"
register: out
- include: util-setup-dev-environment.yaml

View File

@ -0,0 +1,24 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: helm-setup-dev-environment.yaml
- include: generate-dynamic-over-rides.yaml
- name: "iterating through Helm chart groups"
vars:
chart_group_name: "{{ helm_chart_group.name }}"
chart_group_items: "{{ helm_chart_group.charts }}"
include: util-chart-group.yaml
loop_control:
loop_var: helm_chart_group
with_items: "{{ chart_groups }}"

View File

@ -0,0 +1,29 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: "{{ helm_chart_group.name }}"
vars:
chart_def: "{{ charts[helm_chart] }}"
loop_control:
loop_var: helm_chart
include: util-common-helm-chart.yaml
with_items: "{{ helm_chart_group.charts }}"
- name: "Running wait for pods for the charts in the {{ helm_chart_group.name }} group"
when: ('timeout' in helm_chart_group)
include: util-common-wait-for-pods.yaml
vars:
namespace: "{{ charts[helm_chart].namespace }}"
timeout: "{{ helm_chart_group.timeout }}"
loop_control:
loop_var: helm_chart
with_items: "{{ helm_chart_group.charts }}"

View File

@ -0,0 +1,76 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Helm management common block
vars:
check_deployed_result: null
chart_values_file: null
upgrade:
pre:
delete: null
block:
- name: "create temporary file for {{ chart_def['release'] }}'s values .yaml"
tempfile:
state: file
suffix: .yaml
register: chart_values_file
- name: "write out values.yaml for {{ chart_def['release'] }}"
copy:
dest: "{{ chart_values_file.path }}"
content: "{% if 'values' in chart_def %}{{ chart_def['values'] | to_nice_yaml }}{% else %}{% endif %}"
- name: "check if {{ chart_def['release'] }} is deployed"
command: helm status "{{ chart_def['release'] }}"
register: check_deployed_result
ignore_errors: True
- name: "check if local overrides are present in {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml"
stat:
path: "{{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml"
register: local_overrides
- name: "try to deploy release {{ chart_def['release'] }} in {{ chart_def['namespace'] }} namespace with {{ chart_def['chart_name'] }} chart"
when: check_deployed_result | failed
command: "helm install {{ work_dir }}/{{ chart_def['chart_name'] }} --namespace {{ chart_def['namespace'] }} --name {{ chart_def['release'] }} --values={{ chart_values_file.path }}{% if local_overrides.stat.exists %} --values {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml{% endif %}"
register: out
- name: "display info for the helm {{ chart_def['release'] }} release deploy"
when: check_deployed_result | failed
debug:
var: out.stdout_lines
- name: "pre-upgrade, delete jobs for {{ chart_def['release'] }} release"
when: (check_deployed_result | succeeded) and ( 'upgrade' in chart_def ) and ( 'pre' in chart_def['upgrade'] ) and ( 'delete' in chart_def['upgrade']['pre'] ) and (chart_def.upgrade.pre.delete is not none)
with_items: "{{ chart_def.upgrade.pre.delete }}"
loop_control:
loop_var: helm_upgrade_delete_job
command: "kubectl delete --namespace {{ chart_def['namespace'] }} job -l application={{ helm_upgrade_delete_job.labels.application }},component={{ helm_upgrade_delete_job.labels.component }} --ignore-not-found=true"
- name: "try to upgrade release {{ chart_def['release'] }} in {{ chart_def['namespace'] }} namespace with {{ chart_def['chart_name'] }} chart"
when: check_deployed_result | succeeded
command: "helm upgrade {{ chart_def['release'] }} {{ work_dir }}/{{ chart_def['chart_name'] }} --values={{ chart_values_file.path }}{% if local_overrides.stat.exists %} --values {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml{% endif %}"
register: out
- name: "display info for the helm {{ chart_def['release'] }} release upgrade"
when: check_deployed_result | succeeded
debug:
var: out.stdout_lines
- include: util-common-wait-for-pods.yaml
when: ('timeout' in chart_def)
vars:
namespace: "{{ chart_def['namespace'] }}"
timeout: "{{ chart_def['timeout'] }}"
always:
- name: "remove values.yaml for {{ chart_def['release'] }}"
file:
path: "{{ chart_values_file.path }}"
state: absent

View File

@ -0,0 +1,50 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: wait for pods in namespace
vars:
namespace: null
timeout: 600
wait_return_code:
rc: 1
block:
- name: "wait for pods in {{ namespace }} namespace to be ready"
shell: |-
set -e
kubectl get pods --namespace="{{ namespace }}" -o json | jq -r \
'.items[].status.phase' | grep Pending > /dev/null && \
PENDING=True || PENDING=False
query='.items[]|select(.status.phase=="Running")'
query="$query|.status.containerStatuses[].ready"
kubectl get pods --namespace="{{ namespace }}" -o json | jq -r "$query" | \
grep false > /dev/null && READY="False" || READY="True"
kubectl get jobs -o json --namespace="{{ namespace }}" | jq -r \
'.items[] | .spec.completions == .status.succeeded' | \
grep false > /dev/null && JOBR="False" || JOBR="True"
[ $PENDING == "False" -a $READY == "True" -a $JOBR == "True" ] && \
exit 0 || exit 1
args:
executable: /bin/bash
register: wait_return_code
until: wait_return_code.rc == 0
retries: "{{ timeout }}"
delay: 1
rescue:
- name: "pods failed to come up in time, getting kubernetes objects status"
command: kubectl get --all-namespaces all -o wide --show-all
register: out
- name: "pods failed to come up in time, displaying kubernetes objects status"
debug: var=out.stdout_lines
- name: "pods failed to come up in time, stopping execution"
command: exit 1

View File

@ -0,0 +1,31 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: disable rbac
block:
- name: rbac | moving manifests into place
template:
src: "{{ item }}.j2"
dest: "/tmp/{{ item }}"
mode: 0666
with_items:
- clusterrolebinding.yaml
- name: rbac | creating objects
command: "kubectl replace -f /tmp/{{ item }}"
with_items:
- clusterrolebinding.yaml
- name: rbac | removing manifests
file:
path: "/tmp/{{ item }}"
state: absent
with_items:
- clusterrolebinding.yaml

View File

@ -0,0 +1,18 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cluster-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:masters
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:authenticated
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:unauthenticated

View File

@ -12,7 +12,16 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- name: master
- name: setting node labels
vars:
kubeadm_kubelet_labels_node:
- "{% if nodes.labels.all is defined %}{% set comma = joiner(\",\") %}{% for item in nodes.labels.all %}{{ comma() }}{{ item.name }}={{ item.value }}{% endfor %}{% else %}\"\"{% endif %}"
- "{% set comma = joiner(\",\") %}{% for group in group_names %}{% if nodes.labels[group] is defined %}{% for item in nodes.labels[group] %}{{ comma() }}{{ item.name }}={{ item.value }}{% endfor %}{% else %}\"\"{% endif %}{% endfor %}"
set_fact:
kubeadm_kubelet_labels: "{% set comma = joiner(\",\") %}{% for item in kubeadm_kubelet_labels_node %}{{ comma() }}{{ item }}{% endfor %}"
- name: deploy-kubelet
vars: vars:
kubeadm_aio_action: deploy-kubelet kubeadm_aio_action: deploy-kubelet
include: util-kubeadm-aio-run.yaml include: util-kubeadm-aio-run.yaml

View File

@ -15,6 +15,7 @@
- name: Run Kubeadm-AIO container - name: Run Kubeadm-AIO container
vars: vars:
kubeadm_aio_action: null kubeadm_aio_action: null
kubeadm_kubelet_labels: ""
block: block:
- name: "perfoming {{ kubeadm_aio_action }} action" - name: "perfoming {{ kubeadm_aio_action }} action"
become: true become: true
@ -48,6 +49,7 @@
KUBE_NET_POD_SUBNET=192.168.0.0/16 KUBE_NET_POD_SUBNET=192.168.0.0/16
KUBE_NET_DNS_DOMAIN=cluster.local KUBE_NET_DNS_DOMAIN=cluster.local
CONTAINER_RUNTIME=docker CONTAINER_RUNTIME=docker
KUBELET_NODE_LABELS="{{ kubeadm_kubelet_labels }}"
register: kubeadm_master_deploy register: kubeadm_master_deploy
rescue: rescue:
- name: "getting logs for {{ kubeadm_aio_action }} action" - name: "getting logs for {{ kubeadm_aio_action }} action"

View File

@ -12,6 +12,14 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- name: Ensure docker python packages deployed
include_role:
name: deploy-package
tasks_from: pip
vars:
packages:
- yq
- name: pull all images used in repo - name: pull all images used in repo
make: make:
chdir: "{{ work_dir }}" chdir: "{{ work_dir }}"

View File

@ -24,3 +24,75 @@ kubernetes:
default_device: null default_device: null
cluster: cluster:
cni: calico cni: calico
nodes:
labels:
primary:
- name: openstack-helm-node-class
value: primary
nodes:
- name: openstack-helm-node-class
value: general
all:
- name: openstack-control-plane
value: enabled
- name: openstack-compute-node
value: enabled
- name: openvswitch
value: enabled
- name: ceph-mon
value: enabled
- name: ceph-osd
value: enabled
- name: ceph-mds
value: enabled
- name: ceph-rgw
value: enabled
chart_groups:
- name: bootstrap_registry
timeout: 600
charts:
- bootstrap_registry_nfs_provisioner
- bootstrap_registry_redis
- bootstrap_registry_registry
charts:
bootstrap_registry_nfs_provisioner:
chart_name: nfs-provisioner
release: bootstrap-registry-nfs-provisioner
namespace: bootstrap-registry
upgrade:
pre:
delete:
- name: docker-bootstrap
type: job
labels:
application: docker
component: bootstrap
values:
labels:
node_selector_key: openstack-helm-node-class
node_selector_value: primary
storageclass:
name: openstack-helm-bootstrap
bootstrap_registry_redis:
chart_name: redis
release: bootstrap-registry-redis
namespace: bootstrap-registry
values:
labels:
node_selector_key: openstack-helm-node-class
node_selector_value: primary
bootstrap_registry_registry:
chart_name: registry
release: bootstrap-registry-registry
namespace: bootstrap-registry
values:
labels:
node_selector_key: openstack-helm-node-class
node_selector_value: primary
volume:
class_name: openstack-helm-bootstrap

View File

@ -12,6 +12,16 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- hosts: all
vars_files:
- vars.yaml
vars:
work_dir: "{{ zuul.project.src_dir }}"
roles:
- clean-host
tags:
- clean-host
- hosts: primary - hosts: primary
vars_files: vars_files:
- vars.yaml - vars.yaml
@ -31,3 +41,13 @@
- deploy-kubeadm-aio-node - deploy-kubeadm-aio-node
tags: tags:
- deploy-kubeadm-aio-node - deploy-kubeadm-aio-node
- hosts: primary
vars_files:
- vars.yaml
vars:
work_dir: "{{ zuul.project.src_dir }}"
roles:
- deploy-helm-packages
tags:
- deploy-helm-packages

37
tools/image-repo-overides.sh Executable file
View File

@ -0,0 +1,37 @@
#!/usr/bin/env bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
KUBE_VERSION=v1.8.1
KUBE_IMAGES="gcr.io/google_containers/hyperkube-amd64:${KUBE_VERSION}
gcr.io/google_containers/kube-apiserver-amd64:${KUBE_VERSION}
gcr.io/google_containers/kube-controller-manager-amd64:${KUBE_VERSION}
gcr.io/google_containers/kube-proxy-amd64:${KUBE_VERSION}
gcr.io/google_containers/kube-scheduler-amd64:${KUBE_VERSION}
gcr.io/google_containers/pause-amd64:3.0
gcr.io/google_containers/etcd-amd64:3.0.17"
CHART_IMAGES=""
for CHART_DIR in ./*/ ; do
if [ -e ${CHART_DIR}values.yaml ] && [ "${CHART_DIR}" != "./helm-toolkit/" ]; then
CHART_IMAGES+=" $(cat ${CHART_DIR}values.yaml | yq '.images.tags | map(.) | join(" ")' | tr -d '"' )"
fi
done
ALL_IMAGES="${KUBE_IMAGES} ${CHART_IMAGES}"
jq -n -c -M \
--arg devclass "$(echo ${ALL_IMAGES})" \
'{"bootstrap": {"preload_images": ($devclass|split(" "))}}' | \
python -c 'import sys, yaml, json; yaml.safe_dump(json.load(sys.stdin), sys.stdout, default_flow_style=False)'

View File

@ -52,6 +52,7 @@ fi
: ${KUBE_API_BIND_ADDR:="${KUBE_BIND_ADDR}"} : ${KUBE_API_BIND_ADDR:="${KUBE_BIND_ADDR}"}
: ${KUBE_CERTS_DIR:="/etc/kubernetes/pki"} : ${KUBE_CERTS_DIR:="/etc/kubernetes/pki"}
: ${KUBE_SELF_HOSTED:="false"} : ${KUBE_SELF_HOSTED:="false"}
: ${KUBELET_NODE_LABELS:=""}
PLAYBOOK_VARS="{ PLAYBOOK_VARS="{
\"my_container_name\": \"${CONTAINER_NAME}\", \"my_container_name\": \"${CONTAINER_NAME}\",
@ -90,12 +91,18 @@ PLAYBOOK_VARS="{
set -x set -x
if [ "x${ACTION}" == "xdeploy-kubelet" ]; then if [ "x${ACTION}" == "xdeploy-kubelet" ]; then
if [ "x${KUBE_BIND_ADDR}" != "x" ]; then if [ "x${KUBE_BIND_ADDR}" != "x" ]; then
PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".kubelet += {\"bind_addr\": \"${KUBE_BIND_ADDR}\"}") PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".kubelet += {\"bind_addr\": \"${KUBE_BIND_ADDR}\"}")
elif [ "x${KUBE_BIND_DEVICE}" != "x" ]; then elif [ "x${KUBE_BIND_DEVICE}" != "x" ]; then
PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".kubelet += {\"bind_device\": \"${KUBE_BIND_DEVICE}\"}") PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".kubelet += {\"bind_device\": \"${KUBE_BIND_DEVICE}\"}")
fi fi
ansible-playbook /opt/playbooks/kubeadm-aio-deploy-kubelet.yaml \
if [ "x${KUBELET_NODE_LABELS}" != "x" ]; then
PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".kubelet += {\"kubelet_labels\": \"${KUBELET_NODE_LABELS}\"}")
fi
exec ansible-playbook /opt/playbooks/kubeadm-aio-deploy-kubelet.yaml \
--inventory=/opt/playbooks/inventory.ini \ --inventory=/opt/playbooks/inventory.ini \
--inventory=/opt/playbooks/vars.yaml \ --inventory=/opt/playbooks/vars.yaml \
--extra-vars="${PLAYBOOK_VARS}" --extra-vars="${PLAYBOOK_VARS}"
@ -105,12 +112,12 @@ elif [ "x${ACTION}" == "xdeploy-kube" ]; then
elif [ "x${KUBE_API_BIND_DEVICE}" != "x" ]; then elif [ "x${KUBE_API_BIND_DEVICE}" != "x" ]; then
PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".k8s.api += {\"advertiseAddressDevice\": \"${KUBE_API_BIND_DEVICE}\"}") PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".k8s.api += {\"advertiseAddressDevice\": \"${KUBE_API_BIND_DEVICE}\"}")
fi fi
ansible-playbook /opt/playbooks/kubeadm-aio-deploy-master.yaml \ exec ansible-playbook /opt/playbooks/kubeadm-aio-deploy-master.yaml \
--inventory=/opt/playbooks/inventory.ini \ --inventory=/opt/playbooks/inventory.ini \
--inventory=/opt/playbooks/vars.yaml \ --inventory=/opt/playbooks/vars.yaml \
--extra-vars="${PLAYBOOK_VARS}" --extra-vars="${PLAYBOOK_VARS}"
elif [ "x${ACTION}" == "xclean-host" ]; then elif [ "x${ACTION}" == "xclean-host" ]; then
ansible-playbook /opt/playbooks/kubeadm-aio-clean.yaml \ exec ansible-playbook /opt/playbooks/kubeadm-aio-clean.yaml \
--inventory=/opt/playbooks/inventory.ini \ --inventory=/opt/playbooks/inventory.ini \
--inventory=/opt/playbooks/vars.yaml \ --inventory=/opt/playbooks/vars.yaml \
--extra-vars="${PLAYBOOK_VARS}" --extra-vars="${PLAYBOOK_VARS}"

View File

@ -6,6 +6,7 @@ Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain={{ k8s.n
Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt" Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt"
Environment="KUBELET_CADVISOR_ARGS=--cadvisor-port=0" Environment="KUBELET_CADVISOR_ARGS=--cadvisor-port=0"
Environment="KUBELET_CERTIFICATE_ARGS=--rotate-certificates=true --cert-dir=/var/lib/kubelet/pki" Environment="KUBELET_CERTIFICATE_ARGS=--rotate-certificates=true --cert-dir=/var/lib/kubelet/pki"
Environment="KUBELET_NODE_LABELS=--node-labels {{ kubelet.kubelet_labels }}"
#ExecStartPre=-+/sbin/restorecon -v /usr/bin/kubelet #SELinux #ExecStartPre=-+/sbin/restorecon -v /usr/bin/kubelet #SELinux
ExecStart= ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_EXTRA_ARGS ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_NODE_LABELS $KUBELET_EXTRA_ARGS

View File

@ -15,23 +15,9 @@
# limitations under the License. # limitations under the License.
set -x set -x
KUBE_VERSION=v1.8.1 ALL_IMAGES="$(./tools/image-repo-overides.sh | \
KUBE_IMAGES="gcr.io/google_containers/hyperkube-amd64:${KUBE_VERSION} python -c 'import sys, yaml, json; json.dump(yaml.safe_load(sys.stdin), sys.stdout)' | \
gcr.io/google_containers/kube-apiserver-amd64:${KUBE_VERSION} jq '.bootstrap.preload_images |map(.) | join(" ")' | tr -d '"')"
gcr.io/google_containers/kube-controller-manager-amd64:${KUBE_VERSION}
gcr.io/google_containers/kube-proxy-amd64:${KUBE_VERSION}
gcr.io/google_containers/kube-scheduler-amd64:${KUBE_VERSION}
gcr.io/google_containers/pause-amd64:3.0
gcr.io/google_containers/etcd-amd64:3.0.17"
CHART_IMAGES=""
for CHART_DIR in ./*/ ; do
if [ -e ${CHART_DIR}values.yaml ]; then
CHART_IMAGES+=" $(cat ${CHART_DIR}values.yaml | yq '.images.tags | map(.) | join(" ")' | tr -d '"')"
fi
done
ALL_IMAGES="${KUBE_IMAGES} ${CHART_IMAGES}"
for IMAGE in ${ALL_IMAGES}; do for IMAGE in ${ALL_IMAGES}; do
docker inspect $IMAGE >/dev/null|| docker pull $IMAGE docker inspect $IMAGE > /dev/null || docker pull $IMAGE
done done