From 37fd9663c087532e35d3e514d91b29994022abfa Mon Sep 17 00:00:00 2001 From: Angie Wang Date: Wed, 14 Nov 2018 11:58:17 -0500 Subject: [PATCH 1/1] Add Panko Chart This commit adds a helm chart to deploy Panko. Panko chart is created based on the upstream unfinished one: https://review.openstack.org/#/c/469180/ --- panko/Chart.yaml | 24 + panko/requirements.yaml | 18 + panko/templates/bin/_bootstrap.sh.tpl | 20 + panko/templates/bin/_db-sync.sh.tpl | 21 + panko/templates/bin/_panko-api.sh.tpl | 40 ++ panko/templates/bin/_panko-events-cleaner.sh.tpl | 21 + panko/templates/bin/_panko-test.sh.tpl | 29 ++ panko/templates/configmap-bin.yaml | 51 +++ panko/templates/configmap-etc.yaml | 91 ++++ panko/templates/cron-job-events-cleaner.yaml | 84 ++++ panko/templates/deployment-api.yaml | 121 +++++ panko/templates/ingress-api.yaml | 20 + panko/templates/job-bootstrap.yaml | 20 + panko/templates/job-db-drop.yaml | 20 + panko/templates/job-db-init.yaml | 20 + panko/templates/job-db-sync.yaml | 20 + panko/templates/job-image-repo-sync.yaml | 20 + panko/templates/job-ks-endpoints.yaml | 20 + panko/templates/job-ks-service.yaml | 20 + panko/templates/job-ks-user.yaml | 20 + panko/templates/pdb-api.yaml | 29 ++ panko/templates/pod-panko-test.yaml | 72 +++ panko/templates/secret-db.yaml | 30 ++ panko/templates/secret-keystone.yaml | 30 ++ panko/templates/service-api.yaml | 39 ++ panko/templates/service-ingress-api.yaml | 20 + panko/values.yaml | 535 +++++++++++++++++++++++ 27 files changed, 1455 insertions(+) create mode 100755 panko/Chart.yaml create mode 100755 panko/requirements.yaml create mode 100755 panko/templates/bin/_bootstrap.sh.tpl create mode 100755 panko/templates/bin/_db-sync.sh.tpl create mode 100755 panko/templates/bin/_panko-api.sh.tpl create mode 100755 panko/templates/bin/_panko-events-cleaner.sh.tpl create mode 100755 panko/templates/bin/_panko-test.sh.tpl create mode 100755 panko/templates/configmap-bin.yaml create mode 100755 panko/templates/configmap-etc.yaml create mode 100755 panko/templates/cron-job-events-cleaner.yaml create mode 100755 panko/templates/deployment-api.yaml create mode 100755 panko/templates/ingress-api.yaml create mode 100755 panko/templates/job-bootstrap.yaml create mode 100755 panko/templates/job-db-drop.yaml create mode 100755 panko/templates/job-db-init.yaml create mode 100755 panko/templates/job-db-sync.yaml create mode 100755 panko/templates/job-image-repo-sync.yaml create mode 100755 panko/templates/job-ks-endpoints.yaml create mode 100755 panko/templates/job-ks-service.yaml create mode 100755 panko/templates/job-ks-user.yaml create mode 100755 panko/templates/pdb-api.yaml create mode 100755 panko/templates/pod-panko-test.yaml create mode 100755 panko/templates/secret-db.yaml create mode 100755 panko/templates/secret-keystone.yaml create mode 100755 panko/templates/service-api.yaml create mode 100755 panko/templates/service-ingress-api.yaml create mode 100755 panko/values.yaml diff --git a/panko/Chart.yaml b/panko/Chart.yaml new file mode 100755 index 0000000..7c5842a --- /dev/null +++ b/panko/Chart.yaml @@ -0,0 +1,24 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Openstack-Helm Panko +name: panko +version: 0.1.0 +home: https://docs.openstack.org/developer/panko +sources: + - https://git.openstack.org/cgit/openstack/panko + - https://git.openstack.org/cgit/openstack/openstack-helm +maintainers: + - name: OpenStack-Helm Authors diff --git a/panko/requirements.yaml b/panko/requirements.yaml new file mode 100755 index 0000000..53782e6 --- /dev/null +++ b/panko/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/panko/templates/bin/_bootstrap.sh.tpl b/panko/templates/bin/_bootstrap.sh.tpl new file mode 100755 index 0000000..81a93b4 --- /dev/null +++ b/panko/templates/bin/_bootstrap.sh.tpl @@ -0,0 +1,20 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +{{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} \ No newline at end of file diff --git a/panko/templates/bin/_db-sync.sh.tpl b/panko/templates/bin/_db-sync.sh.tpl new file mode 100755 index 0000000..8ca583a --- /dev/null +++ b/panko/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +exec panko-dbsync diff --git a/panko/templates/bin/_panko-api.sh.tpl b/panko/templates/bin/_panko-api.sh.tpl new file mode 100755 index 0000000..bd08a43 --- /dev/null +++ b/panko/templates/bin/_panko-api.sh.tpl @@ -0,0 +1,40 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +COMMAND="${@:-start}" + +function start () { + + cp -a $(type -p panko-api) /var/www/cgi-bin/panko/ + + if [ -f /etc/apache2/envvars ]; then + # Loading Apache2 ENV variables + source /etc/apache2/envvars + fi + + # Start Apache2 + exec apache2 -DFOREGROUND +} + +function stop () { + kill -TERM 1 +} + +$COMMAND + diff --git a/panko/templates/bin/_panko-events-cleaner.sh.tpl b/panko/templates/bin/_panko-events-cleaner.sh.tpl new file mode 100755 index 0000000..10f3a86 --- /dev/null +++ b/panko/templates/bin/_panko-events-cleaner.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +panko-expirer diff --git a/panko/templates/bin/_panko-test.sh.tpl b/panko/templates/bin/_panko-test.sh.tpl new file mode 100755 index 0000000..28273f9 --- /dev/null +++ b/panko/templates/bin/_panko-test.sh.tpl @@ -0,0 +1,29 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +export HOME=/tmp + +echo "Test: list event types" +openstack event type list +sleep 5 + +echo "Test: list events" +openstack event list + +exit 0 diff --git a/panko/templates/configmap-bin.yaml b/panko/templates/configmap-bin.yaml new file mode 100755 index 0000000..2eb73f4 --- /dev/null +++ b/panko/templates/configmap-bin.yaml @@ -0,0 +1,51 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: panko-bin +data: +{{- if .Values.images.local_registry.active }} + image-repo-sync.sh: | +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} +{{- if .Values.bootstrap.enabled }} + bootstrap.sh: | +{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} + panko-test.sh: | +{{ tuple "bin/_panko-test.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + db-init.py: | +{{- include "helm-toolkit.scripts.db_init" . | indent 4 }} + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + db-drop.py: | +{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }} + panko-api.sh: | +{{ tuple "bin/_panko-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + panko-events-cleaner.sh: | +{{ tuple "bin/_panko-events-cleaner.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + ks-service.sh: | +{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }} + ks-endpoints.sh: | +{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }} + ks-user.sh: | +{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} +{{- end }} diff --git a/panko/templates/configmap-etc.yaml b/panko/templates/configmap-etc.yaml new file mode 100755 index 0000000..f2d02c8 --- /dev/null +++ b/panko/templates/configmap-etc.yaml @@ -0,0 +1,91 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_etc }} +{{- $envAll := . }} + +{{- if empty .Values.conf.panko.keystone_authtoken.auth_uri -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.panko.keystone_authtoken "auth_uri" -}} +{{- end -}} + +{{- if empty .Values.conf.panko.keystone_authtoken.auth_url -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.panko.keystone_authtoken "auth_url" -}} +{{- end -}} + +{{- if empty .Values.conf.panko.keystone_authtoken.region_name -}} +{{- $_ := set .Values.conf.panko.keystone_authtoken "region_name" .Values.endpoints.identity.auth.panko.region_name -}} +{{- end -}} + +{{- if empty .Values.conf.panko.keystone_authtoken.project_name -}} +{{- $_ := set .Values.conf.panko.keystone_authtoken "project_name" .Values.endpoints.identity.auth.panko.project_name -}} +{{- end -}} + +{{- if empty .Values.conf.panko.keystone_authtoken.project_domain_name -}} +{{- $_ := set .Values.conf.panko.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.panko.project_domain_name -}} +{{- end -}} + +{{- if empty .Values.conf.panko.keystone_authtoken.user_domain_name -}} +{{- $_ := set .Values.conf.panko.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.panko.user_domain_name -}} +{{- end -}} + +{{- if empty .Values.conf.panko.keystone_authtoken.username -}} +{{- $_ := set .Values.conf.panko.keystone_authtoken "username" .Values.endpoints.identity.auth.panko.username -}} +{{- end -}} + +{{- if empty .Values.conf.panko.keystone_authtoken.password -}} +{{- $_ := set .Values.conf.panko.keystone_authtoken "password" .Values.endpoints.identity.auth.panko.password -}} +{{- end -}} + +{{- if empty .Values.conf.panko.keystone_authtoken.memcached_servers -}} +{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.panko.keystone_authtoken "memcached_servers" -}} +{{- end -}} + +{{- if empty .Values.conf.panko.keystone_authtoken.memcache_secret_key -}} +{{- $_ := set .Values.conf.panko.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}} +{{- end -}} + +{{- if empty .Values.conf.panko.database.connection -}} +{{- $_ := tuple "oslo_db" "internal" "panko" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.panko.database "connection" -}} +{{- end -}} + +{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}} +{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} +{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .Release.Name $fluentd_host $fluentd_port }} +{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}} +{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}} +{{- end -}} + +{{- if and (empty .Values.conf.logging.formatter_fluent) (has "fluent" .Values.conf.logging.formatters.keys) -}} +{{- $formatter_fluent := dict "class" "oslo_log.formatters.FluentFormatter" -}} +{{- $_ := set .Values.conf.logging "formatter_fluent" $formatter_fluent -}} +{{- end -}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: panko-etc +data: + panko.conf: | +{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.panko | indent 4 }} + logging.conf: | +{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | indent 4 }} + api_paste.ini: | +{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }} + policy.json: | +{{ toJson .Values.conf.policy | indent 4 }} +{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_panko "key" "wsgi-panko.conf" ) | indent 2 }} +{{- end }} diff --git a/panko/templates/cron-job-events-cleaner.yaml b/panko/templates/cron-job-events-cleaner.yaml new file mode 100755 index 0000000..b0794b5 --- /dev/null +++ b/panko/templates/cron-job-events-cleaner.yaml @@ -0,0 +1,84 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.cron_job_events_cleaner }} +{{- $envAll := . }} + +{{- $mounts_panko_events_cleaner := .Values.pod.mounts.panko_events_cleaner.panko_events_cleaner }} +{{- $mounts_panko_events_cleaner_init := .Values.pod.mounts.panko_events_cleaner.init_container }} + +{{- $serviceAccountName := "panko-events-cleaner" }} +{{ tuple $envAll "events_cleaner" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: panko-events-cleaner + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +spec: + schedule: {{ .Values.jobs.events_cleaner.cron | quote }} + successfulJobsHistoryLimit: {{ .Values.jobs.events_cleaner.history.success }} + failedJobsHistoryLimit: {{ .Values.jobs.events_cleaner.history.failed }} + concurrencyPolicy: Forbid + jobTemplate: + metadata: + labels: +{{ tuple $envAll "panko" "events-cleaner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + template: + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + initContainers: +{{ tuple $envAll "events_cleaner" $mounts_panko_events_cleaner_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }} + containers: + - name: panko-events-cleaner +{{ tuple $envAll "panko_events_cleaner" | include "helm-toolkit.snippets.image" | indent 14 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.events_cleaner | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }} + command: + - /tmp/panko-events-cleaner.sh + volumeMounts: + - name: panko-bin + mountPath: /tmp/panko-events-cleaner.sh + subPath: panko-events-cleaner.sh + readOnly: true + - name: etcpanko + mountPath: /etc/panko + - name: panko-etc + mountPath: /etc/panko/panko.conf + subPath: panko.conf + readOnly: true + - name: panko-etc + mountPath: {{ .Values.conf.panko.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.panko.DEFAULT.log_config_append }} + readOnly: true +{{ if $mounts_panko_events_cleaner.volumeMounts }}{{ toYaml $mounts_panko_events_cleaner.volumeMounts | indent 14 }}{{ end }} + volumes: + - name: etcpanko + emptyDir: {} + - name: panko-etc + configMap: + name: panko-etc + defaultMode: 0444 + - name: panko-bin + configMap: + name: panko-bin + defaultMode: 0555 +{{ if $mounts_panko_events_cleaner.volumes }}{{ toYaml $mounts_panko_events_cleaner.volumes | indent 10 }}{{ end }} +{{- end }} diff --git a/panko/templates/deployment-api.yaml b/panko/templates/deployment-api.yaml new file mode 100755 index 0000000..93c3ada --- /dev/null +++ b/panko/templates/deployment-api.yaml @@ -0,0 +1,121 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_api }} +{{- $envAll := . }} + +{{- $mounts_panko_api := .Values.pod.mounts.panko_api.panko_api }} +{{- $mounts_panko_api_init := .Values.pod.mounts.panko_api.init_container }} + +{{- $serviceAccountName := "panko-api" }} +{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: panko-api + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "panko" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.api }} + selector: + matchLabels: +{{ tuple $envAll "panko" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "panko" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "panko" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }} + initContainers: +{{ tuple $envAll "api" $mounts_panko_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: panko-api +{{ tuple $envAll "panko_api" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + runAsUser: {{ .Values.pod.user.panko.uid }} + command: + - /tmp/panko-api.sh + - start + lifecycle: + preStop: + exec: + command: + - /tmp/panko-api.sh + - stop + ports: + - name: p-api + containerPort: {{ tuple "event" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + readinessProbe: + tcpSocket: + port: {{ tuple "event" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + volumeMounts: + - name: wsgi-panko + mountPath: /var/www/cgi-bin/panko + - name: etcpanko + mountPath: /etc/panko + - name: panko-etc + mountPath: /etc/panko/panko.conf + subPath: panko.conf + readOnly: true + - name: panko-etc + mountPath: {{ .Values.conf.panko.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.panko.DEFAULT.log_config_append }} + readOnly: true + - name: panko-etc + mountPath: /etc/panko/api_paste.ini + subPath: api_paste.ini + readOnly: true + - name: panko-etc + mountPath: /etc/panko/policy.json + subPath: policy.json + readOnly: true + - name: panko-etc + mountPath: /etc/apache2/conf-enabled/wsgi-panko.conf + subPath: wsgi-panko.conf + readOnly: true + - name: panko-bin + mountPath: /tmp/panko-api.sh + subPath: panko-api.sh + readOnly: true +{{ if $mounts_panko_api.volumeMounts }}{{ toYaml $mounts_panko_api.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: wsgi-panko + emptyDir: {} + - name: etcpanko + emptyDir: {} + - name: panko-etc + configMap: + name: panko-etc + defaultMode: 0444 + - name: panko-bin + configMap: + name: panko-bin + defaultMode: 0555 +{{ if $mounts_panko_api.volumes }}{{ toYaml $mounts_panko_api.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/panko/templates/ingress-api.yaml b/panko/templates/ingress-api.yaml new file mode 100755 index 0000000..d6d0e88 --- /dev/null +++ b/panko/templates/ingress-api.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendServiceType" "event" "backendPort" "p-api" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} diff --git a/panko/templates/job-bootstrap.yaml b/panko/templates/job-bootstrap.yaml new file mode 100755 index 0000000..7321d4b --- /dev/null +++ b/panko/templates/job-bootstrap.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }} +{{- $bootstrapJob := dict "envAll" . "serviceName" "panko" "keystoneUser" .Values.bootstrap.ks_user -}} +{{ $bootstrapJob | include "helm-toolkit.manifests.job_bootstrap" }} +{{- end }} diff --git a/panko/templates/job-db-drop.yaml b/panko/templates/job-db-drop.yaml new file mode 100755 index 0000000..7e50dbe --- /dev/null +++ b/panko/templates/job-db-drop.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_drop }} +{{- $dbDropJob := dict "envAll" . "serviceName" "panko" -}} +{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} +{{- end }} \ No newline at end of file diff --git a/panko/templates/job-db-init.yaml b/panko/templates/job-db-init.yaml new file mode 100755 index 0000000..22f4ddb --- /dev/null +++ b/panko/templates/job-db-init.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_init }} +{{- $dbInitJob := dict "envAll" . "serviceName" "panko" -}} +{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} +{{- end }} \ No newline at end of file diff --git a/panko/templates/job-db-sync.yaml b/panko/templates/job-db-sync.yaml new file mode 100755 index 0000000..4b2fe73 --- /dev/null +++ b/panko/templates/job-db-sync.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_sync }} +{{- $dbSyncJob := dict "envAll" . "serviceName" "panko" -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} +{{- end }} \ No newline at end of file diff --git a/panko/templates/job-image-repo-sync.yaml b/panko/templates/job-image-repo-sync.yaml new file mode 100755 index 0000000..8faed5b --- /dev/null +++ b/panko/templates/job-image-repo-sync.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} +{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "panko" -}} +{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} +{{- end }} \ No newline at end of file diff --git a/panko/templates/job-ks-endpoints.yaml b/panko/templates/job-ks-endpoints.yaml new file mode 100755 index 0000000..77457ba --- /dev/null +++ b/panko/templates/job-ks-endpoints.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_endpoints }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "panko" "serviceTypes" ( tuple "event" ) -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} +{{- end }} \ No newline at end of file diff --git a/panko/templates/job-ks-service.yaml b/panko/templates/job-ks-service.yaml new file mode 100755 index 0000000..1531564 --- /dev/null +++ b/panko/templates/job-ks-service.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_service }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "panko" "serviceTypes" ( tuple "event" ) -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} +{{- end }} \ No newline at end of file diff --git a/panko/templates/job-ks-user.yaml b/panko/templates/job-ks-user.yaml new file mode 100755 index 0000000..bff96ed --- /dev/null +++ b/panko/templates/job-ks-user.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_user }} +{{- $ksUserJob := dict "envAll" . "serviceName" "panko" -}} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} +{{- end }} \ No newline at end of file diff --git a/panko/templates/pdb-api.yaml b/panko/templates/pdb-api.yaml new file mode 100755 index 0000000..fc6fcd0 --- /dev/null +++ b/panko/templates/pdb-api.yaml @@ -0,0 +1,29 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.pdb_api }} +{{- $envAll := . }} +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: panko-api +spec: + minAvailable: {{ .Values.pod.lifecycle.disruption_budget.api.min_available }} + selector: + matchLabels: +{{ tuple $envAll "cinder" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{- end }} diff --git a/panko/templates/pod-panko-test.yaml b/panko/templates/pod-panko-test.yaml new file mode 100755 index 0000000..2acc43a --- /dev/null +++ b/panko/templates/pod-panko-test.yaml @@ -0,0 +1,72 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.pod_panko_test }} +{{- $envAll := . }} + +{{- $mounts_tests := .Values.pod.mounts.panko_tests.panko_tests }} +{{- $mounts_tests_init := .Values.pod.mounts.panko_tests.init_container }} + +{{- $serviceAccountName := print $envAll.Release.Name "-test" }} +{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: v1 +kind: Pod +metadata: + name: {{ print $envAll.Release.Name "-test" }} + labels: +{{ tuple $envAll "panko" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + annotations: + "helm.sh/hook": test-success + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +spec: + restartPolicy: Never + nodeSelector: + {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} + serviceAccountName: {{ $serviceAccountName }} + initContainers: +{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }} + containers: + - name: {{ .Release.Name }}-test +{{ tuple $envAll "panko_api" | include "helm-toolkit.snippets.image" | indent 6 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} + env: +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }} +{{- end }} + command: + - /tmp/panko-test.sh + volumeMounts: + - name: panko-etc + mountPath: /etc/panko/panko.conf + subPath: panko.conf + readOnly: true + - name: panko-bin + mountPath: /tmp/panko-test.sh + subPath: panko-test.sh + readOnly: true +{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} + volumes: + - name: panko-etc + configMap: + name: panko-etc + defaultMode: 0444 + - name: panko-bin + configMap: + name: panko-bin + defaultMode: 0555 +{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }} +{{- end }} diff --git a/panko/templates/secret-db.yaml b/panko/templates/secret-db.yaml new file mode 100755 index 0000000..58edac4 --- /dev/null +++ b/panko/templates/secret-db.yaml @@ -0,0 +1,30 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_db }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "panko" }} +{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/panko/templates/secret-keystone.yaml b/panko/templates/secret-keystone.yaml new file mode 100755 index 0000000..9b44ceb --- /dev/null +++ b/panko/templates/secret-keystone.yaml @@ -0,0 +1,30 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_keystone }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "panko" }} +{{- $secretName := index $envAll.Values.secrets.identity $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: +{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}} +{{- end }} +{{- end }} diff --git a/panko/templates/service-api.yaml b/panko/templates/service-api.yaml new file mode 100755 index 0000000..893d9e3 --- /dev/null +++ b/panko/templates/service-api.yaml @@ -0,0 +1,39 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_api }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "event" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: p-api + port: {{ tuple "event" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{ if .Values.network.api.node_port.enabled }} + nodePort: {{ .Values.network.api.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "panko" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.api.node_port.enabled }} + type: NodePort + {{ if .Values.network.api.external_policy_local }} + externalTrafficPolicy: Local + {{ end }} + {{ end }} +{{- end }} diff --git a/panko/templates/service-ingress-api.yaml b/panko/templates/service-ingress-api.yaml new file mode 100755 index 0000000..422e74d --- /dev/null +++ b/panko/templates/service-ingress-api.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "event" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} +{{- end }} \ No newline at end of file diff --git a/panko/values.yaml b/panko/values.yaml new file mode 100755 index 0000000..a206a31 --- /dev/null +++ b/panko/values.yaml @@ -0,0 +1,535 @@ +# Default values for panko. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +release_group: null + +labels: + api: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + test: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +images: + tags: + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 + db_init: docker.io/kolla/ubuntu-source-panko-api:3.0.3-beta.1 + db_drop: docker.io/openstackhelm/heat:newton + bootstrap: docker.io/openstackhelm/heat:newton + panko_db_sync: docker.io/kolla/ubuntu-source-panko-api:3.0.3-beta.1 + ks_user: docker.io/openstackhelm/heat:newton + ks_service: docker.io/openstackhelm/heat:newton + ks_endpoints: docker.io/openstackhelm/heat:newton + panko_api: docker.io/kolla/ubuntu-source-panko-api:3.0.3-beta.1 + panko_events_cleaner: docker.io/kolla/ubuntu-source-panko-base:3.0.3-beta.1 + image_repo_sync: docker.io/docker:17.07.0 + pull_policy: "IfNotPresent" + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +jobs: + events_cleaner: + # hourly + cron: "0 * * * *" + history: + success: 3 + failed: 1 + +network: + api: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + external_policy_local: false + node_port: + enabled: false + port: 8977 + +dependencies: + dynamic: + common: + local_image_registry: + jobs: + - panko-image-repo-sync + services: + - endpoint: node + service: local_image_registry + static: + api: + jobs: + - panko-db-sync + - panko-ks-user + - panko-ks-endpoints + services: + - endpoint: internal + service: oslo_db + - endpoint: internal + service: identity + events_cleaner: + jobs: + - panko-db-sync + - panko-ks-user + - panko-ks-endpoints + services: + - endpoint: internal + service: oslo_db + - endpoint: internal + service: identity + bootstrap: + services: + - endpoint: internal + service: identity + db_init: + services: + - endpoint: internal + service: oslo_db + db_sync: + jobs: + - panko-db-init + services: + - endpoint: internal + service: oslo_db + db_drop: + services: + - endpoint: internal + service: oslo_db + ks_endpoints: + jobs: + - panko-ks-service + services: + - endpoint: internal + service: identity + ks_service: + services: + - endpoint: internal + service: identity + ks_user: + services: + - endpoint: internal + service: identity + image_repo_sync: + services: + - endpoint: internal + service: local_image_registry + tests: + jobs: + - panko-db-sync + services: + - endpoint: internal + service: identity + - endpoint: internal + service: oslo_db + - endpoint: internal + service: event + +# Names of secrets used by bootstrap and environmental checks +secrets: + identity: + admin: panko-keystone-admin + panko: panko-keystone-user + oslo_db: + admin: panko-db-admin + panko: panko-db-user + +bootstrap: + enabled: false + ks_user: panko + script: | + openstack token issue + +conf: + wsgi_panko: | + Listen 0.0.0.0:{{ tuple "event" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy + + SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded + CustomLog /dev/stdout combined env=!forwarded + CustomLog /dev/stdout proxy env=forwarded + + + WSGIDaemonProcess panko processes=1 threads=2 user=panko group=panko display-name=%{GROUP} + WSGIProcessGroup panko + WSGIScriptAlias / /var/www/cgi-bin/panko/panko-api + WSGIApplicationGroup %{GLOBAL} + = 2.4> + ErrorLogFormat "%{cu}t %M" + + + ErrorLog /dev/stdout + SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded + CustomLog /dev/stdout combined env=!forwarded + CustomLog /dev/stdout proxy env=forwarded + + paste: + composite:panko+noauth: + use: egg:Paste#urlmap + /: pankoversions_pipeline + /v2: pankov2_noauth_pipeline + composite:panko+keystone: + use: egg:Paste#urlmap + /: pankoversions_pipeline + /v2: pankov2_keystone_pipeline + pipeline:pankoversions_pipeline: + pipeline: cors http_proxy_to_wsgi pankoversions + app:pankoversions: + paste.app_factory: panko.api.app:app_factory + root: panko.api.controllers.root.VersionsController + pipeline:pankov2_keystone_pipeline: + pipeline: cors http_proxy_to_wsgi request_id authtoken pankov2 + pipeline:pankov2_noauth_pipeline: + pipeline: cors http_proxy_to_wsgi request_id pankov2 + app:pankov2: + paste.app_factory: panko.api.app:app_factory + root: panko.api.controllers.v2.root.V2Controller + filter:authtoken: + paste.filter_factory: keystonemiddleware.auth_token:filter_factory + oslo_config_project: panko + filter:request_id: + paste.filter_factory: oslo_middleware:RequestId.factory + filter:cors: + paste.filter_factory: oslo_middleware.cors:filter_factory + oslo_config_project: panko + filter:http_proxy_to_wsgi: + paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory + oslo_config_project: panko + policy: + context_is_admin: role:admin + segregation: rule:context_is_admin + telemetry:events:index: '' + telemetry:events:show: '' + panko: + DEFAULT: + debug: false + log_config_append: /etc/panko/logging.conf + database: + event_time_to_live: 86400 + max_retries: -1 + keystone_authtoken: + auth_version: v3 + auth_type: password + memcache_security_strategy: ENCRYPT + logging: + loggers: + keys: + - root + - panko + handlers: + keys: + - stdout + - stderr + - "null" + formatters: + keys: + - context + - default + logger_root: + level: WARNING + handlers: 'null' + logger_panko: + level: INFO + handlers: + - stdout + qualname: panko + logger_amqp: + level: WARNING + handlers: stderr + qualname: amqp + logger_amqplib: + level: WARNING + handlers: stderr + qualname: amqplib + logger_eventletwsgi: + level: WARNING + handlers: stderr + qualname: eventlet.wsgi.server + logger_sqlalchemy: + level: WARNING + handlers: stderr + qualname: sqlalchemy + logger_boto: + level: WARNING + handlers: stderr + qualname: boto + handler_null: + class: logging.NullHandler + formatter: default + args: () + handler_stdout: + class: StreamHandler + args: (sys.stdout,) + formatter: context + handler_stderr: + class: StreamHandler + args: (sys.stderr,) + formatter: context + formatter_context: + class: oslo_log.formatters.ContextFormatter + formatter_default: + format: "%(message)s" + +# typically overriden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + identity: + name: keystone + auth: + admin: + region_name: RegionOne + username: admin + password: password + project_name: admin + user_domain_name: default + project_domain_name: default + panko: + role: admin + region_name: RegionOne + username: panko + password: password + project_name: service + user_domain_name: service + project_domain_name: service + hosts: + default: keystone + internal: keystone-api + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: 'http' + port: + api: + default: 80 + internal: 5000 + event: + name: panko + hosts: + default: panko-api + public: panko + host_fqdn_override: + default: null + path: + default: null + scheme: + default: 'http' + port: + api: + default: 8977 + public: 80 + oslo_db: + auth: + admin: + username: root + password: password + panko: + username: panko + password: password + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /panko + scheme: mysql+pymysql + port: + mysql: + default: 3306 + oslo_cache: + auth: + # NOTE: this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + fluentd: + namespace: null + name: fluentd + hosts: + default: fluentd-logging + host_fqdn_override: + default: null + path: + default: null + scheme: 'http' + port: + service: + default: 24224 + metrics: + default: 24220 + +pod: + user: + panko: + uid: 42424 + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + mounts: + panko_api: + init_container: null + panko_api: + panko_events_cleaner: + init_container: null + panko_events_cleaner: + panko_bootstrap: + init_container: null + panko_bootstrap: + panko_tests: + init_container: null + panko_tests: + replicas: + api: 1 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + disruption_budget: + api: + min_available: 0 + termination_grace_period: + api: + timeout: 600 + resources: + enabled: false + api: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + jobs: + bootstrap: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_user: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_service: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_endpoints: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + events_cleaner: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_drop: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + tests: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +manifests: + configmap_bin: true + configmap_etc: true + cron_job_events_cleaner: true + deployment_api: true + ingress_api: true + job_bootstrap: true + job_db_drop: false + job_db_init: true + job_image_repo_sync: true + job_db_sync: true + job_ks_endpoints: true + job_ks_service: true + job_ks_user: true + pdb_api: true + pod_panko_test: true + secret_db: true + secret_keystone: true + service_api: true + service_ingress_api: true + -- 1.8.3.1