Enable 'platform-integ-apps' application support

This commit enables a new application tarball by:
 - adding existence through the stevedore plugin framework
 - register it as a system app to that system overrides can be generated
 - provide initial overrides for the rbd-provisioner and
   ceph_pools_audit charts
 - updates the rbd-provisioner to support installation of multiple
   provisioners in the same cluster.

Change-Id: I34ad8789768bfd081ab2dcd45d110d9cd8349875
Depends-On: I0caaa878a6c6781d038b48b8caa2aa507ee9568a
Story: 2005424
Task: 30646
Signed-off-by: Robert Church <robert.church@windriver.com>

kubernetes/helm-charts/rbd-provisioner/templates/daemonset.yaml

@@ -43,6 +43,5 @@ spec:
 {{- end }}
           env:
           - name: PROVISIONER_NAME
-            value: ceph.com/rbd
+            value: {{ .Values.global.provisioner_name }}
 {{- end}}
-

kubernetes/helm-charts/rbd-provisioner/templates/deployment.yaml

@@ -39,7 +39,7 @@ spec:
         image: {{ .Values.images.tags.rbd_provisioner | quote }}
         env:
         - name: PROVISIONER_NAME
-          value: ceph.com/rbd
+          value: {{ .Values.global.provisioner_name }}
 {{- if .Values.global.nodeSelector }}
       nodeSelector:
 {{ .Values.global.nodeSelector | toYaml | trim | indent 8 }}

kubernetes/helm-charts/rbd-provisioner/templates/storageclass.yaml

@@ -9,12 +9,13 @@
 {{- if .Values.global.provisionStorageClass }}
 {{ $namespace := .Release.Namespace }}
 {{ $defaults := .Values.classdefaults}}
+{{ $provisioner := .Values.global.provisioner_name }}
 {{- range $classConfig := .Values.classes }}
 apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
     name: {{ $classConfig.name }}
-provisioner: ceph.com/rbd
+provisioner: {{ $provisioner }}
 parameters:
     monitors: {{ $monitors := or $classConfig.monitors $defaults.monitors }}{{ join "," $monitors}}
     adminId: {{ or $classConfig.adminId $defaults.adminId}}
@@ -27,4 +28,4 @@ parameters:
     imageFeatures: {{ or $classConfig.imageFeatures $defaults.imageFeatures}}
 ---
 {{- end }}
-{{- end }}
+{{- end }}

kubernetes/helm-charts/rbd-provisioner/values.yaml

@@ -9,10 +9,14 @@
 # Defaults should be fine in most cases.
 global:
   #
-  # Defines the name of a Provisioner.
+  # Defines the application name of the provisioner.
   #
   name: "rbd-provisioner"
   #
+  # Defines the name of the provisioner associated with a set of storage classes
+  #
+  provisioner_name: "ceph.com/rbd"
+  #
   # Execute initialization job to verify external Ceph cluster access
   # and setup additional dependencies assumed by dependent helm charts
   # (i.e. configmap and secrets).

kubernetes/platform/stx-platform/stx-platform-helm/centos/build_srpm.data

@@ -5,4 +5,4 @@ $PKG_BASE/../../../helm-charts/node-feature-discovery \
 $PKG_BASE/../../../helm-charts/rbd-provisioner  \
 $PKG_BASE/../../../helm-charts/ceph-pools-audit"
 
-TIS_PATCH_VER=2
+TIS_PATCH_VER=3

kubernetes/platform/stx-platform/stx-platform-helm/stx-platform-helm/manifests/manifest.yaml

@@ -37,10 +37,10 @@ data:
           labels:
             app: rbd-provisioner
   values:
-    images:
-      tags:
-        # TODO: Remove after ceph upgrade
-        rbd_provisioner_storage_init: docker.io/starlingx/stx-ceph-config-helper:master-centos-stable-latest
+    global:
+      # TODO (rchurch): Remove after enabling the stx-openstack application to
+      # use the default system provisioner.
+      provisioner_name: "ceph.com/rbd-platform"
     rbac:
       clusterRole: stx-rbd-provisioner
       clusterRoleBinding: stx-rbd-provisioner

sysinv/sysinv/centos/build_srpm.data

@@ -1,2 +1,2 @@
 SRC_DIR="sysinv"
-TIS_PATCH_VER=313
+TIS_PATCH_VER=314

sysinv/sysinv/sysinv/setup.cfg

@@ -75,6 +75,12 @@ systemconfig.puppet_plugins =
 
 systemconfig.helm_applications =
     stx-openstack = systemconfig.helm_plugins.stx_openstack
+    platform-integ-apps = systemconfig.helm_plugins.platform_integ_apps
+
+systemconfig.helm_plugins.platform_integ_apps =
+    001_helm-toolkit = sysinv.helm.helm_toolkit:HelmToolkitHelm
+    002_rbd-provisioner = sysinv.helm.rbd_provisioner:RbdProvisionerHelm
+    003_ceph-pools-audit = sysinv.helm.ceph_pools_audit:CephPoolsAuditHelm
 
 systemconfig.helm_plugins.stx_openstack =
     001_ingress = sysinv.helm.ingress:IngressHelm

sysinv/sysinv/sysinv/sysinv/common/constants.py

@@ -1457,9 +1457,11 @@ HELM_CHART_KEYSTONE_API_PROXY = 'keystone-api-proxy'
 
 # Helm: Supported application (aka chart bundles)
 HELM_APP_OPENSTACK = 'stx-openstack'
+HELM_APP_PLATFORM = 'platform-integ-apps'
 
-SUPPORTED_HELM_APP_NAMES = [
-    HELM_APP_OPENSTACK
+HELM_APPS_SUPPORTED = [
+    HELM_APP_OPENSTACK,
+    HELM_APP_PLATFORM,
 ]
 
 # Apply mode for openstack app

sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py

@@ -933,7 +933,8 @@ class AppOperator(object):
         :param tarfile: location of application tarfile
         """
 
-        app = AppOperator.Application(rpc_app)
+        app = AppOperator.Application(rpc_app,
+            rpc_app.get('name') in self._helm.get_helm_applications())
         LOG.info("Application (%s) upload started." % app.name)
 
         try:
@@ -1005,7 +1006,8 @@ class AppOperator(object):
         :return boolean: whether application apply was successful
         """
 
-        app = AppOperator.Application(rpc_app)
+        app = AppOperator.Application(rpc_app,
+            rpc_app.get('name') in self._helm.get_helm_applications())
         LOG.info("Application (%s) apply started." % app.name)
 
         overrides_str = ''
@@ -1067,7 +1069,8 @@ class AppOperator(object):
         :return boolean: whether application remove was successful
         """
 
-        app = AppOperator.Application(rpc_app)
+        app = AppOperator.Application(rpc_app,
+            rpc_app.get('name') in self._helm.get_helm_applications())
         LOG.info("Application (%s) remove started." % app.name)
 
         app.charts = self._get_list_of_charts(app.armada_mfile_abs)
@@ -1079,8 +1082,11 @@ class AppOperator(object):
 
                 try:
                     self._delete_local_registry_secrets(app.name)
-                    self._delete_persistent_volume_claim(common.HELM_NS_OPENSTACK)
-                    self._delete_namespace(common.HELM_NS_OPENSTACK)
+                    # TODO (rchurch): Clean up needs to be conditional based on
+                    # the application. For now only clean up the stx-openstack.
+                    if app.name == constants.HELM_APP_OPENSTACK:
+                        self._delete_persistent_volume_claim(common.HELM_NS_OPENSTACK)
+                        self._delete_namespace(common.HELM_NS_OPENSTACK)
                 except Exception as e:
                     self._abort_operation(app, constants.APP_REMOVE_OP)
                     LOG.exception(e)
@@ -1104,7 +1110,8 @@ class AppOperator(object):
         :param rpc_app: application object in the RPC request
         """
 
-        app = AppOperator.Application(rpc_app)
+        app = AppOperator.Application(rpc_app,
+            rpc_app.get('name') in self._helm.get_helm_applications())
         try:
             self._dbapi.kube_app_destroy(app.name)
             self._cleanup(app)
@@ -1124,7 +1131,7 @@ class AppOperator(object):
             support application related operations.
         """
 
-        def __init__(self, rpc_app):
+        def __init__(self, rpc_app, is_system_app):
             self._kube_app = rpc_app
             self.path = os.path.join(constants.APP_INSTALL_PATH,
                                      self._kube_app.get('name'))
@@ -1132,9 +1139,7 @@ class AppOperator(object):
             self.images_dir = os.path.join(self.path, 'images')
             self.tarfile = None
             self.downloaded_tarfile = False
-            self.system_app =\
-                (self._kube_app.get('name') == constants.HELM_APP_OPENSTACK)
-
+            self.system_app = is_system_app
             self.armada_mfile = generate_armada_manifest_filename(
                 self._kube_app.get('name'),
                 self._kube_app.get('manifest_file'))

sysinv/sysinv/sysinv/sysinv/helm/base.py

@@ -28,6 +28,7 @@ class BaseHelm(object):
     DEFAULT_REGION_NAME = 'RegionOne'
     CEPH_MON_SERVICE_PORT = 6789
     SUPPORTED_NAMESPACES = []
+    SUPPORTED_APP_NAMESPACES = {}
     SYSTEM_CONTROLLER_SERVICES = [
         constants.HELM_CHART_KEYSTONE_API_PROXY,
     ]
@@ -205,6 +206,15 @@ class BaseHelm(object):
         """
         return self.SUPPORTED_NAMESPACES
 
+    def get_namespaces_by_app(self, app_name):
+        """
+        Return list of namespaces supported by an applcation
+        """
+        if app_name in self.SUPPORTED_APP_NAMESPACES:
+            return self.SUPPORTED_APP_NAMESPACES[app_name]
+        else:
+            return []
+
     def get_overrides(self, namespace=None):
         """
         Return chart-specific values overrides

sysinv/sysinv/sysinv/sysinv/helm/ceph_pools_audit.py

@@ -18,9 +18,15 @@ class CephPoolsAuditHelm(base.BaseHelm):
     """Class to encapsulate helm operations for the ceph-pools-audit chart"""
 
     CHART = constants.HELM_CHART_CEPH_POOLS_AUDIT
-    SUPPORTED_NAMESPACES = [
-        common.HELM_NS_OPENSTACK
-    ]
+    SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \
+                           [common.HELM_NS_OPENSTACK,
+                            common.HELM_NS_KUBE_SYSTEM]
+    SUPPORTED_APP_NAMESPACES = {
+        constants.HELM_APP_OPENSTACK:
+            base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_OPENSTACK],
+        constants.HELM_APP_PLATFORM:
+            base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_KUBE_SYSTEM],
+    }
 
     SERVICE_NAME = 'ceph-pools'
 
@@ -63,6 +69,9 @@ class CephPoolsAuditHelm(base.BaseHelm):
             tiers_cfg.append(tier_cfg)
 
         overrides = {
+            # TODO (rchurch): Support running in both namespaces for the near
+            # term. A future commit will remove this from the stx-openstack
+            # application
             common.HELM_NS_OPENSTACK: {
                 'conf': {
                     'ceph': {
@@ -70,6 +79,14 @@ class CephPoolsAuditHelm(base.BaseHelm):
                         'storage_tiers': tiers_cfg
                     }
                 }
+            },
+            common.HELM_NS_KUBE_SYSTEM: {
+                'conf': {
+                    'ceph': {
+                        'monitors': monitors,
+                        'storage_tiers': tiers_cfg
+                    }
+                }
             }
         }
 

sysinv/sysinv/sysinv/sysinv/helm/helm.py

@@ -86,6 +86,23 @@ class HelmOperator(object):
         thread_context = eventlet.greenthread.getcurrent()
         return getattr(thread_context, '_helm_context')
 
+    def get_helm_chart_namespaces_by_app(self, chart_name, app_name):
+        """Get supported chart namespaces for a given application.
+
+        This method retrieves the namespace supported by a given chart.
+
+        :param chart_name: name of the chart
+        :param app_name: name of the application
+        :returns: list of supported namespaces that associated overrides may be
+                  provided.
+        """
+
+        namespaces = []
+        if chart_name in self.chart_operators:
+            namespaces = self.chart_operators[chart_name].get_namespaces_by_app(
+                app_name)
+        return namespaces
+
     def get_helm_chart_namespaces(self, chart_name):
         """Get supported chart namespaces.
 
@@ -167,9 +184,10 @@ class HelmOperator(object):
         if app_name in self.helm_applications:
             for chart_name in self.helm_applications[app_name]:
                 try:
-                    app_namespaces.update({chart_name:
-                                           self.get_helm_chart_namespaces(
-                                               chart_name)})
+                    app_namespaces.update(
+                        {chart_name:
+                         self.get_helm_chart_namespaces_by_app(
+                             chart_name, app_name)})
                 except exception.InvalidHelmNamespace as e:
                     LOG.info(e)
         return app_namespaces

sysinv/sysinv/sysinv/sysinv/helm/openstack.py

@@ -26,6 +26,10 @@ class OpenstackBaseHelm(base.BaseHelm):
 
     SUPPORTED_NAMESPACES = \
         base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_OPENSTACK]
+    SUPPORTED_APP_NAMESPACES = {
+        constants.HELM_APP_OPENSTACK:
+            base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_OPENSTACK]
+    }
 
     def _get_service_config(self, service):
         configs = self.context.setdefault('_service_configs', {})

sysinv/sysinv/sysinv/sysinv/helm/rbd_provisioner.py

@@ -4,6 +4,8 @@
 # SPDX-License-Identifier: Apache-2.0
 #
 
+import copy
+
 from sysinv.common import constants
 from sysinv.common import exception
 from sysinv.common.storage_backend_conf import K8RbdProvisioner
@@ -19,8 +21,15 @@ class RbdProvisionerHelm(base.BaseHelm):
     """Class to encapsulate helm operations for the rbd-provisioner chart"""
 
     CHART = constants.HELM_CHART_RBD_PROVISIONER
-    SUPPORTED_NAMESPACES = \
-        base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_OPENSTACK]
+    SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \
+        [common.HELM_NS_OPENSTACK,
+         common.HELM_NS_KUBE_SYSTEM]
+    SUPPORTED_APP_NAMESPACES = {
+        constants.HELM_APP_OPENSTACK:
+            base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_OPENSTACK],
+        constants.HELM_APP_PLATFORM:
+            base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_KUBE_SYSTEM],
+    }
 
     SERVICE_NAME = 'rbd-provisioner'
     SERVICE_PORT_MON = 6789
@@ -69,13 +78,34 @@ class RbdProvisionerHelm(base.BaseHelm):
             "replicas": self._num_controllers()
         }
 
-        overrides = {
+        overrides = {}
+        # TODO(rchurch): Multiple rbd-provsioners can be run in the k8s cluster.
+        # This will be the case for the near term until an update is provided to
+        # the stx-openstack application to support using the default system
+        # provisioner which will be installed in the kube-system namespace.
+        overrides.update({
             common.HELM_NS_OPENSTACK: {
+                "classdefaults": copy.deepcopy(classdefaults),
+                "classes": copy.deepcopy(classes),
+                "global": global_settings
+            }
+        })
+
+        # TODO(rchurch): For the near term ensure, provisioner isolation
+        classdefaults["adminId"] += '-platform'
+        classdefaults["adminSecretName"] += '-platform'
+        for c in classes:
+            c["name"] += '-platform'
+            c["pool_name"] += '-platform'
+            c["userId"] += '-platform'
+            c["userSecretName"] += '-platform'
+        overrides.update({
+            common.HELM_NS_KUBE_SYSTEM: {
                 "classdefaults": classdefaults,
                 "classes": classes,
                 "global": global_settings
             }
-        }
+        })
 
         if namespace in self.SUPPORTED_NAMESPACES:
             return overrides[namespace]