From 3d3537662df9d25f0cda6aa0b8f907c44209827b Mon Sep 17 00:00:00 2001 From: kernel53 Date: Fri, 8 Aug 2025 16:48:04 +0000 Subject: [PATCH] Add Cloudkitty Helm chart, Rating service Adding Cloudkitty Rating service to allow for chargeback/showback ability. This is the inital helm chart to be added to openstack-helm for deployment on Kubernetes Change-Id: I001ad492c38aca3211246caa836ffdd958cd0cbb Co-Authored-By: Vladimir Kozhukalov Signed-off-by: kernel53 Signed-off-by: Vladimir Kozhukalov --- cloudkitty/Chart.yaml | 31 + cloudkitty/templates/bin/_bootstrap.sh.tpl | 20 + .../templates/bin/_cloudkitty-api.sh.tpl | 28 + .../bin/_cloudkitty-processor.sh.tpl | 29 + cloudkitty/templates/bin/_db-sync.sh.tpl | 19 + cloudkitty/templates/bin/_storage-init.sh.tpl | 19 + cloudkitty/templates/configmap-bin.yaml | 51 ++ cloudkitty/templates/configmap-etc.yaml | 96 +++ cloudkitty/templates/deployment-api.yaml | 135 +++ .../templates/deployment-processor.yaml | 113 +++ cloudkitty/templates/ingress-api.yaml | 18 + cloudkitty/templates/job-bootstrap.yaml | 18 + cloudkitty/templates/job-db-drop.yaml | 19 + cloudkitty/templates/job-db-init.yaml | 28 + cloudkitty/templates/job-db-sync.yaml | 33 + cloudkitty/templates/job-image-repo-sync.yaml | 18 + cloudkitty/templates/job-ks-endpoints.yaml | 26 + cloudkitty/templates/job-ks-service.yaml | 26 + cloudkitty/templates/job-ks-user.yaml | 26 + cloudkitty/templates/job-rabbitmq-init.yaml | 26 + cloudkitty/templates/job-storage-init.yaml | 79 ++ cloudkitty/templates/network_policy.yaml | 18 + cloudkitty/templates/pbd-api.yaml | 27 + cloudkitty/templates/secret-db.yaml | 35 + cloudkitty/templates/secret-keystone.yaml | 30 + cloudkitty/templates/secret-ks-etc.yaml | 27 + cloudkitty/templates/secret-rabbitmq.yaml | 35 + cloudkitty/templates/secret-registry.yaml | 17 + cloudkitty/templates/service-api.yaml | 34 + cloudkitty/values.yaml | 807 ++++++++++++++++++ doc/source/chart/openstack_charts.rst | 1 + releasenotes/config.yaml | 1 + releasenotes/notes/cloudkitty.yaml | 4 + .../component/cloudkitty/cloudkitty.sh | 36 + .../cloudkitty/2024.2-ubuntu_jammy.yaml | 14 + .../cloudkitty/2025.1-ubuntu_jammy.yaml | 14 + .../cloudkitty/2025.1-ubuntu_noble.yaml | 14 + zuul.d/2025.1.yaml | 11 + zuul.d/base.yaml | 21 + zuul.d/project.yaml | 1 + 40 files changed, 2005 insertions(+) create mode 100644 cloudkitty/Chart.yaml create mode 100644 cloudkitty/templates/bin/_bootstrap.sh.tpl create mode 100644 cloudkitty/templates/bin/_cloudkitty-api.sh.tpl create mode 100644 cloudkitty/templates/bin/_cloudkitty-processor.sh.tpl create mode 100644 cloudkitty/templates/bin/_db-sync.sh.tpl create mode 100644 cloudkitty/templates/bin/_storage-init.sh.tpl create mode 100644 cloudkitty/templates/configmap-bin.yaml create mode 100644 cloudkitty/templates/configmap-etc.yaml create mode 100644 cloudkitty/templates/deployment-api.yaml create mode 100644 cloudkitty/templates/deployment-processor.yaml create mode 100644 cloudkitty/templates/ingress-api.yaml create mode 100644 cloudkitty/templates/job-bootstrap.yaml create mode 100644 cloudkitty/templates/job-db-drop.yaml create mode 100644 cloudkitty/templates/job-db-init.yaml create mode 100644 cloudkitty/templates/job-db-sync.yaml create mode 100644 cloudkitty/templates/job-image-repo-sync.yaml create mode 100644 cloudkitty/templates/job-ks-endpoints.yaml create mode 100644 cloudkitty/templates/job-ks-service.yaml create mode 100644 cloudkitty/templates/job-ks-user.yaml create mode 100644 cloudkitty/templates/job-rabbitmq-init.yaml create mode 100644 cloudkitty/templates/job-storage-init.yaml create mode 100644 cloudkitty/templates/network_policy.yaml create mode 100644 cloudkitty/templates/pbd-api.yaml create mode 100644 cloudkitty/templates/secret-db.yaml create mode 100644 cloudkitty/templates/secret-keystone.yaml create mode 100644 cloudkitty/templates/secret-ks-etc.yaml create mode 100644 cloudkitty/templates/secret-rabbitmq.yaml create mode 100644 cloudkitty/templates/secret-registry.yaml create mode 100644 cloudkitty/templates/service-api.yaml create mode 100644 cloudkitty/values.yaml create mode 100644 releasenotes/notes/cloudkitty.yaml create mode 100755 tools/deployment/component/cloudkitty/cloudkitty.sh create mode 100644 values_overrides/cloudkitty/2024.2-ubuntu_jammy.yaml create mode 100644 values_overrides/cloudkitty/2025.1-ubuntu_jammy.yaml create mode 100644 values_overrides/cloudkitty/2025.1-ubuntu_noble.yaml diff --git a/cloudkitty/Chart.yaml b/cloudkitty/Chart.yaml new file mode 100644 index 0000000000..c9fbe448ba --- /dev/null +++ b/cloudkitty/Chart.yaml @@ -0,0 +1,31 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: v2 +appVersion: v1.0.0 +description: OpenStack-Helm Cloudkitty +name: cloudkitty +version: 2025.1.0 +home: https://docs.openstack.org/cloudkitty/latest/ +icon: https://opendev.org/openstack/cloudkitty/media/branch/master/doc/source/images/cloudkitty-logo.png +sources: + - https://opendev.org/openstack/cloudkitty + - https://opendev.org/openstack/openstack-helm +maintainers: + - name: OpenStack-Helm Authors + +dependencies: + - name: helm-toolkit + repository: file://../helm-toolkit + version: ">= 0.1.0" +... diff --git a/cloudkitty/templates/bin/_bootstrap.sh.tpl b/cloudkitty/templates/bin/_bootstrap.sh.tpl new file mode 100644 index 0000000000..533c0a5a3f --- /dev/null +++ b/cloudkitty/templates/bin/_bootstrap.sh.tpl @@ -0,0 +1,20 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +{{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} diff --git a/cloudkitty/templates/bin/_cloudkitty-api.sh.tpl b/cloudkitty/templates/bin/_cloudkitty-api.sh.tpl new file mode 100644 index 0000000000..90e60d9507 --- /dev/null +++ b/cloudkitty/templates/bin/_cloudkitty-api.sh.tpl @@ -0,0 +1,28 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +COMMAND="${@:-start}" + +function start () { + exec uwsgi --ini /etc/cloudkitty/cloudkitty-api-uwsgi.ini +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/cloudkitty/templates/bin/_cloudkitty-processor.sh.tpl b/cloudkitty/templates/bin/_cloudkitty-processor.sh.tpl new file mode 100644 index 0000000000..3c5a7a9173 --- /dev/null +++ b/cloudkitty/templates/bin/_cloudkitty-processor.sh.tpl @@ -0,0 +1,29 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +COMMAND="${@:-start}" + +function start () { + exec cloudkitty-processor --config-file /etc/cloudkitty/cloudkitty.conf +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/cloudkitty/templates/bin/_db-sync.sh.tpl b/cloudkitty/templates/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..c116931065 --- /dev/null +++ b/cloudkitty/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +cloudkitty-dbsync upgrade diff --git a/cloudkitty/templates/bin/_storage-init.sh.tpl b/cloudkitty/templates/bin/_storage-init.sh.tpl new file mode 100644 index 0000000000..2e72c2b43a --- /dev/null +++ b/cloudkitty/templates/bin/_storage-init.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +cloudkitty-storage-init diff --git a/cloudkitty/templates/configmap-bin.yaml b/cloudkitty/templates/configmap-bin.yaml new file mode 100644 index 0000000000..8035d91509 --- /dev/null +++ b/cloudkitty/templates/configmap-bin.yaml @@ -0,0 +1,51 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: cloudkitty-bin +data: +{{- if .Values.images.local_registry.active }} + image-repo-sync.sh: | +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} +{{- if .Values.bootstrap.enabled }} + bootstrap.sh: | +{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} + cloudkitty-processor.sh: | +{{ tuple "bin/_cloudkitty-processor.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + cloudkitty-api.sh: | +{{ tuple "bin/_cloudkitty-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + db-init.py: | +{{- include "helm-toolkit.scripts.db_init" . | indent 4 }} + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + storage-init.sh: | +{{ tuple "bin/_storage-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + db-drop.py: | +{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }} + ks-user.sh: | +{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} + ks-service.sh: | +{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }} + ks-endpoints.sh: | +{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }} + rabbit-init.sh: | +{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }} +{{- end }} diff --git a/cloudkitty/templates/configmap-etc.yaml b/cloudkitty/templates/configmap-etc.yaml new file mode 100644 index 0000000000..d98b541bd4 --- /dev/null +++ b/cloudkitty/templates/configmap-etc.yaml @@ -0,0 +1,96 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "cloudkitty.configmap.etc" }} +{{- $configMapName := index . 0 }} +{{- $envAll := index . 1 }} +{{- with $envAll }} + +{{- if empty .Values.conf.cloudkitty.keystone_authtoken.auth_url -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.cloudkitty.keystone_authtoken "auth_url" -}} +{{- end -}} + +{{- if empty .Values.conf.cloudkitty.keystone_authtoken.auth_url -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cloudkitty.keystone_authtoken "auth_url" -}} +{{- end -}} + +{{- if empty .Values.conf.cloudkitty.keystone_authtoken.memcached_servers -}} +{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.cloudkitty.keystone_authtoken "memcached_servers" -}} +{{- end -}} +{{- if empty .Values.conf.cloudkitty.keystone_authtoken.memcache_secret_key -}} +{{- $_ := set .Values.conf.cloudkitty.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}} +{{- end -}} + +{{- if empty .Values.conf.cloudkitty.database.connection -}} +{{- $connection := tuple "oslo_db" "internal" "cloudkitty" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}} +{{- if .Values.manifests.certificates -}} +{{- $_ := (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | set .Values.conf.cloudkitty.database "connection" -}} +{{- else -}} +{{- $_ := set .Values.conf.cloudkitty.database "connection" $connection -}} +{{- end -}} +{{- end -}} + +{{- if empty .Values.conf.cloudkitty.DEFAULT.transport_url -}} +{{- $_ := tuple "oslo_messaging" "internal" "cloudkitty" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.cloudkitty.DEFAULT "transport_url" -}} +{{- end -}} + +{{- if empty .Values.conf.cloudkitty.DEFAULT.os_privileged_user_name -}} +{{- $_ := set .Values.conf.cloudkitty.DEFAULT "os_privileged_user_name" .Values.endpoints.identity.auth.cloudkitty.username }} +{{- end -}} +{{- if empty .Values.conf.cloudkitty.DEFAULT.os_privileged_user_password -}} +{{- $_ := set .Values.conf.cloudkitty.DEFAULT "os_privileged_user_password" .Values.endpoints.identity.auth.cloudkitty.password }} +{{- end -}} +{{- if empty .Values.conf.cloudkitty.DEFAULT.os_privileged_user_auth_url -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.cloudkitty.DEFAULT "os_privileged_user_auth_url" }} +{{- end -}} +{{- if empty .Values.conf.cloudkitty.DEFAULT.os_privileged_user_tenant -}} +{{- $_ := set .Values.conf.cloudkitty.DEFAULT "os_privileged_user_tenant" .Values.endpoints.identity.auth.cloudkitty.project_name }} +{{- end -}} + +{{- if empty .Values.conf.cloudkitty.DEFAULT.os_region_name -}} +{{- $_ := set .Values.conf.cloudkitty.DEFAULT "os_region_name" .Values.endpoints.identity.auth.cloudkitty.region_name }} +{{- end -}} + +{{- if empty .Values.conf.cloudkitty.DEFAULT.os_user_domain_name -}} +{{- $_ := set .Values.conf.cloudkitty.DEFAULT "os_user_domain_name" .Values.endpoints.identity.auth.cloudkitty.user_domain_name }} +{{- end -}} + +{{- if empty .Values.conf.cloudkitty.DEFAULT.os_project_domain_name -}} +{{- $_ := set .Values.conf.cloudkitty.DEFAULT "os_project_domain_name" .Values.endpoints.identity.auth.cloudkitty.user_domain_name }} +{{- end -}} + +{{- if empty (index .Values.conf.cloudkitty_api_uwsgi.uwsgi "http-socket") -}} +{{- $http_socket_port := tuple "rating" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | toString }} +{{- $http_socket := printf "0.0.0.0:%s" $http_socket_port }} +{{- $_ := set .Values.conf.cloudkitty_api_uwsgi.uwsgi "http-socket" $http_socket -}} +{{- end -}} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $configMapName }} +type: Opaque +data: + cloudkitty.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.cloudkitty | b64enc }} + logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} + api-paste.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.paste | b64enc }} + metrics.yml: {{ $envAll.Values.conf.processor_metrics | b64enc }} + cloudkitty_sudoers: {{ $envAll.Values.conf.cloudkitty_sudoers | b64enc }} + cloudkitty-api-uwsgi.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.cloudkitty_api_uwsgi | b64enc }} +{{- end }} +{{- end }} +{{- if .Values.manifests.configmap_etc }} +{{- list "cloudkitty-etc" . | include "cloudkitty.configmap.etc" }} +{{- end }} diff --git a/cloudkitty/templates/deployment-api.yaml b/cloudkitty/templates/deployment-api.yaml new file mode 100644 index 0000000000..8fbb26f15b --- /dev/null +++ b/cloudkitty/templates/deployment-api.yaml @@ -0,0 +1,135 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "cloudkittyApiLivenessProbeTemplate" }} +httpGet: + scheme: {{ tuple "rating" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }} + path: / + port: {{ tuple "rating" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- end }} + +{{- define "cloudkittyApiReadinessProbeTemplate" }} +httpGet: + scheme: HTTP + path: / + port: {{ tuple "rating" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- end }} + + +{{- if .Values.manifests.deployment_api }} +{{- $envAll := . }} + +{{- $mounts_cloudkitty_api := .Values.pod.mounts.cloudkitty_api.cloudkitty_api }} +{{- $mounts_cloudkitty_api_init := .Values.pod.mounts.cloudkitty_api.init_container }} + +{{- $serviceAccountName := "cloudkitty-api" }} +{{- tuple $envAll "cloudkitty_api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cloudkitty-api + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "cloudkitty" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.cloudkitty_api }} + selector: + matchLabels: +{{ tuple $envAll "cloudkitty" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "cloudkitty" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} +{{ tuple "cloudkitty_api" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }} +{{ dict "envAll" $envAll "podName" "cloudkitty-api" "containerNames" (list "cloudkitty-api-init" "cloudkitty-api" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} +{{ dict "envAll" $envAll "application" "cloudkitty" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: +{{ tuple $envAll "cloudkitty" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.cloudkitty.node_selector_key }}: {{ .Values.labels.cloudkitty.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.cloudkitty_api.timeout | default "30" }} + initContainers: +{{ tuple $envAll "cloudkitty_api" $mounts_cloudkitty_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: cloudkitty-api +{{ tuple $envAll "cloudkitty_api" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.cloudkitty_api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "cloudkitty" "container" "cloudkitty_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/cloudkitty-api.sh + - start + lifecycle: + preStop: + exec: + command: + - /tmp/cloudkitty-api.sh + - stop + ports: + - name: c-api + containerPort: {{ tuple "rating" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{ dict "envAll" $envAll "component" "cloudkitty" "container" "default" "type" "liveness" "probeTemplate" (include "cloudkittyApiLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} +{{ dict "envAll" $envAll "component" "cloudkitty" "container" "default" "type" "readiness" "probeTemplate" (include "cloudkittyApiReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: cloudkitty-bin + mountPath: /tmp/cloudkitty-api.sh + subPath: cloudkitty-api.sh + - name: etccloudkitty + mountPath: /etc/cloudkitty + - name: cloudkitty-etc + mountPath: /etc/cloudkitty/cloudkitty.conf + subPath: cloudkitty.conf + - name: cloudkitty-etc + mountPath: /etc/cloudkitty/logging.conf + subPath: logging.conf + - name: cloudkitty-etc + mountPath: /etc/cloudkitty/api-paste.ini + subPath: api-paste.ini + - name: cloudkitty-etc + mountPath: /etc/cloudkitty/cloudkitty-api-uwsgi.ini + subPath: cloudkitty-api-uwsgi.ini + - name: cloudkitty-etc-snippets + mountPath: /etc/cloudkitty/cloudkitty.conf.d/ + readOnly: true +{{ if $mounts_cloudkitty_api.volumeMounts }}{{ toYaml $mounts_cloudkitty_api.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: etccloudkitty + emptyDir: {} + - name: cloudkitty-bin + configMap: + name: cloudkitty-bin + defaultMode: 0555 + - name: cloudkitty-etc + secret: + secretName: cloudkitty-etc + defaultMode: 0444 + - name: cloudkitty-etc-snippets + projected: + sources: + - secret: + name: cloudkitty-ks-etc +{{ if $mounts_cloudkitty_api.volumes }}{{ toYaml $mounts_cloudkitty_api.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/cloudkitty/templates/deployment-processor.yaml b/cloudkitty/templates/deployment-processor.yaml new file mode 100644 index 0000000000..5e4246e3b1 --- /dev/null +++ b/cloudkitty/templates/deployment-processor.yaml @@ -0,0 +1,113 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_processor }} +{{- $envAll := . }} + +{{- $mounts_cloudkitty_processor := .Values.pod.mounts.cloudkitty_processor.cloudkitty_processor }} +{{- $mounts_cloudkitty_processor_init := .Values.pod.mounts.cloudkitty_processor.init_container }} + +{{- $serviceAccountName := "cloudkitty-processor" }} +{{- tuple $envAll "cloudkitty_processor" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cloudkitty-processor + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "cloudkitty" "processor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.cloudkitty_processor }} + selector: + matchLabels: +{{ tuple $envAll "cloudkitty" "processor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "cloudkitty" "processor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} +{{ tuple "cloudkitty_processor" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }} +{{ dict "envAll" $envAll "podName" "cloudkitty-processor" "containerNames" (list "cloudkitty-processor-init" "cloudkitty-processor" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} +{{ dict "envAll" $envAll "application" "cloudkitty-processor" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: +{{ tuple $envAll "cloudkitty" "processor" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.cloudkitty.node_selector_key }}: {{ .Values.labels.cloudkitty.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.cloudkitty_processor.timeout | default "30" }} + initContainers: +{{ tuple $envAll "cloudkitty_processor" $mounts_cloudkitty_processor_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: cloudkitty-processor +{{ tuple $envAll "cloudkitty_processor" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.cloudkitty_processor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "cloudkitty" "container" "cloudkitty_processor" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/cloudkitty-processor.sh + - start + lifecycle: + preStop: + exec: + command: + - /tmp/cloudkitty-processor.sh + - stop + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: cloudkitty-bin + mountPath: /tmp/cloudkitty-processor.sh + subPath: cloudkitty-processor.sh + readOnly: true + - name: etccloudkitty + mountPath: /etc/cloudkitty + - name: cloudkitty-etc + mountPath: /etc/cloudkitty/cloudkitty.conf + subPath: cloudkitty.conf + - name: cloudkitty-etc + mountPath: /etc/cloudkitty/logging.conf + subPath: logging.conf + - name: cloudkitty-etc + mountPath: /etc/cloudkitty/metrics.yml + subPath: metrics.yml + - name: cloudkitty-etc-snippets + mountPath: /etc/cloudkitty/cloudkitty.conf.d/ + readOnly: true +{{ if $mounts_cloudkitty_processor.volumeMounts }}{{ toYaml $mounts_cloudkitty_processor.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: etccloudkitty + emptyDir: {} + - name: cloudkitty-bin + configMap: + name: cloudkitty-bin + defaultMode: 0555 + - name: cloudkitty-etc + secret: + secretName: cloudkitty-etc + defaultMode: 0444 + - name: cloudkitty-etc-snippets + projected: + sources: + - secret: + name: cloudkitty-ks-etc +{{ if $mounts_cloudkitty_processor.volumes}}{{ toYaml $mounts_cloudkitty_processor.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/cloudkitty/templates/ingress-api.yaml b/cloudkitty/templates/ingress-api.yaml new file mode 100644 index 0000000000..f28447af81 --- /dev/null +++ b/cloudkitty/templates/ingress-api.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendServiceType" "rating" "backendPort" "c-api" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} diff --git a/cloudkitty/templates/job-bootstrap.yaml b/cloudkitty/templates/job-bootstrap.yaml new file mode 100644 index 0000000000..a7f67a1bc1 --- /dev/null +++ b/cloudkitty/templates/job-bootstrap.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }} +{{- $bootstrapJob := dict "envAll" . "serviceName" "cloudkitty" "keystoneUser" .Values.bootstrap.ks_user "logConfigFile" .Values.conf.cloudkitty.DEFAULT.log_config_append -}} +{{ $bootstrapJob | include "helm-toolkit.manifests.job_bootstrap" }} +{{- end }} diff --git a/cloudkitty/templates/job-db-drop.yaml b/cloudkitty/templates/job-db-drop.yaml new file mode 100644 index 0000000000..c1f913a670 --- /dev/null +++ b/cloudkitty/templates/job-db-drop.yaml @@ -0,0 +1,19 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_drop }} +{{- $dbToDrop := dict "inputType" "secret" "adminSecret" .Values.secrets.oslo_db.admin "userSecret" .Values.secrets.oslo_db.cloudkitty -}} +{{- $dbDropJob := dict "envAll" . "serviceName" "cloudkitty" "dbToDrop" $dbToDrop -}} +{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} +{{- end }} diff --git a/cloudkitty/templates/job-db-init.yaml b/cloudkitty/templates/job-db-init.yaml new file mode 100644 index 0000000000..398731250c --- /dev/null +++ b/cloudkitty/templates/job-db-init.yaml @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.db_init" }} +{{- if .Values.helm3_hook -}} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-5" +{{- end -}} +{{- end }} + +{{- if .Values.manifests.job_db_init }} +{{- $dbInitJob := dict "envAll" . "serviceName" "cloudkitty" -}} +{{- if .Values.helm3_hook }} +{{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml ) }} +{{- end }} +{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} +{{- end }} diff --git a/cloudkitty/templates/job-db-sync.yaml b/cloudkitty/templates/job-db-sync.yaml new file mode 100644 index 0000000000..cafde02b08 --- /dev/null +++ b/cloudkitty/templates/job-db-sync.yaml @@ -0,0 +1,33 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + + +{{- define "metadata.annotations.job.db_sync" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-4" +{{- end }} + +{{- if .Values.manifests.job_db_sync }} +{{- $dbSyncJob := dict "envAll" . "serviceName" "cloudkitty" "podVolMounts" .Values.pod.mounts.cloudkitty_db_sync.cloudkitty_db_sync.volumeMounts "podVols" .Values.pod.mounts.cloudkitty_db_sync.cloudkitty_db_sync.volumes -}} +{{- if .Values.manifests.certificates -}} +{{- $_ := set $dbSyncJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} +{{- end -}} +{{- if .Values.helm3_hook }} +{{- $_ := set $dbSyncJob "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) }} +{{- end }} +{{- if .Values.pod.tolerations.cloudkitty.enabled -}} +{{- $_ := set $dbSyncJob "tolerationsEnabled" true -}} +{{- end -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} +{{- end }} diff --git a/cloudkitty/templates/job-image-repo-sync.yaml b/cloudkitty/templates/job-image-repo-sync.yaml new file mode 100644 index 0000000000..cd06492b5e --- /dev/null +++ b/cloudkitty/templates/job-image-repo-sync.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} +{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "cloudkitty" -}} +{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} +{{- end }} diff --git a/cloudkitty/templates/job-ks-endpoints.yaml b/cloudkitty/templates/job-ks-endpoints.yaml new file mode 100644 index 0000000000..e03a42fb55 --- /dev/null +++ b/cloudkitty/templates/job-ks-endpoints.yaml @@ -0,0 +1,26 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.ks_endpoints" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-2" +{{- end }} + +{{- if .Values.manifests.job_ks_endpoints }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "cloudkitty" "serviceTypes" ( tuple "rating" ) -}} +{{- if .Values.helm3_hook }} +{{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_endpoints" . | fromYaml ) }} +{{- end }} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} +{{- end }} diff --git a/cloudkitty/templates/job-ks-service.yaml b/cloudkitty/templates/job-ks-service.yaml new file mode 100644 index 0000000000..d75606649c --- /dev/null +++ b/cloudkitty/templates/job-ks-service.yaml @@ -0,0 +1,26 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.ks_service" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-3" +{{- end }} + +{{- if .Values.manifests.job_ks_service }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "cloudkitty" "serviceTypes" ( tuple "rating" ) -}} +{{- if .Values.helm3_hook }} +{{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_service" . | fromYaml ) }} +{{- end }} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} +{{- end }} diff --git a/cloudkitty/templates/job-ks-user.yaml b/cloudkitty/templates/job-ks-user.yaml new file mode 100644 index 0000000000..4a912a83cb --- /dev/null +++ b/cloudkitty/templates/job-ks-user.yaml @@ -0,0 +1,26 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.ks_user" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-1" +{{- end }} + +{{- if .Values.manifests.job_ks_user }} +{{- $ksUserJob := dict "envAll" . "serviceName" "cloudkitty" -}} +{{- if .Values.helm3_hook }} +{{- $_ := set $ksUserJob "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml ) }} +{{- end }} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} +{{- end }} diff --git a/cloudkitty/templates/job-rabbitmq-init.yaml b/cloudkitty/templates/job-rabbitmq-init.yaml new file mode 100644 index 0000000000..b1323f6ec4 --- /dev/null +++ b/cloudkitty/templates/job-rabbitmq-init.yaml @@ -0,0 +1,26 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.rabbit_init" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-4" +{{- end }} + +{{- if .Values.manifests.job_rabbit_init }} +{{- $rmqUserJob := dict "envAll" . "serviceName" "cloudkitty" -}} +{{- if .Values.helm3_hook }} +{{- $_ := set $rmqUserJob "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) }} +{{- end }} +{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }} +{{- end }} diff --git a/cloudkitty/templates/job-storage-init.yaml b/cloudkitty/templates/job-storage-init.yaml new file mode 100644 index 0000000000..f9984842c6 --- /dev/null +++ b/cloudkitty/templates/job-storage-init.yaml @@ -0,0 +1,79 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_storage_init }} +{{- $envAll := . }} + +{{- $serviceAccountName := "cloudkitty-storage-init" }} +{{ tuple $envAll "storage_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: cloudkitty-storage-init + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} +{{- if .Values.helm3_hook }} + "helm.sh/hook": "post-install,post-upgrade" + "helm.sh/hook-weight": "-4" +{{- end }} +spec: + template: + metadata: + labels: +{{ tuple $envAll "cloudkitty" "db-migrate" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + initContainers: +{{ tuple $envAll "storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: cloudkitty-storage-init +{{ tuple $envAll "cloudkitty_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.storage_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "cloudkitty" "container" "cloudkitty_storage_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/storage-init.sh + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: cloudkitty-bin + mountPath: /tmp/storage-init.sh + subPath: storage-init.sh + - name: etccloudkitty + mountPath: /etc/cloudkitty + - name: cloudkitty-etc + mountPath: /etc/cloudkitty/cloudkitty.conf + subPath: cloudkitty.conf + - name: cloudkitty-etc + mountPath: /etc/cloudkitty/logging.conf + subPath: logging.conf + volumes: + - name: pod-tmp + emptyDir: {} + - name: etccloudkitty + emptyDir: {} + - name: cloudkitty-etc + secret: + secretName: cloudkitty-etc + defaultMode: 0444 + - name: cloudkitty-bin + configMap: + name: cloudkitty-bin + defaultMode: 0555 +{{- end }} diff --git a/cloudkitty/templates/network_policy.yaml b/cloudkitty/templates/network_policy.yaml new file mode 100644 index 0000000000..9c1cfe9b13 --- /dev/null +++ b/cloudkitty/templates/network_policy.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.network_policy -}} +{{- $netpol_opts := dict "envAll" . "name" "application" "label" "cloudkitty" -}} +{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }} +{{- end -}} diff --git a/cloudkitty/templates/pbd-api.yaml b/cloudkitty/templates/pbd-api.yaml new file mode 100644 index 0000000000..cbd16831c0 --- /dev/null +++ b/cloudkitty/templates/pbd-api.yaml @@ -0,0 +1,27 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.pdb_api }} +{{- $envAll := . }} +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: cloudkitty-api +spec: + minAvailable: {{ .Values.pod.lifecycle.disruption_budget.cloudkitty_api.min_available }} + selector: + matchLabels: +{{ tuple $envAll "cloudkitty" "cloudkitty_api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{- end }} diff --git a/cloudkitty/templates/secret-db.yaml b/cloudkitty/templates/secret-db.yaml new file mode 100644 index 0000000000..a43252d47b --- /dev/null +++ b/cloudkitty/templates/secret-db.yaml @@ -0,0 +1,35 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_db }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "cloudkitty" }} +{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} +{{- $connection := tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + annotations: +{{ tuple "oslo_db" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} +type: Opaque +data: +{{- if $envAll.Values.manifests.certificates }} + DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}} +{{- else }} + DB_CONNECTION: {{ $connection | b64enc -}} +{{- end }} +{{- end }} +{{- end }} diff --git a/cloudkitty/templates/secret-keystone.yaml b/cloudkitty/templates/secret-keystone.yaml new file mode 100644 index 0000000000..d33ccca2f4 --- /dev/null +++ b/cloudkitty/templates/secret-keystone.yaml @@ -0,0 +1,30 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_keystone }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "cloudkitty" "test" }} +{{- $secretName := index $envAll.Values.secrets.identity $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + annotations: +{{ tuple "identity" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} +type: Opaque +data: +{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}} +{{- end }} +{{- end }} diff --git a/cloudkitty/templates/secret-ks-etc.yaml b/cloudkitty/templates/secret-ks-etc.yaml new file mode 100644 index 0000000000..4ec94f1581 --- /dev/null +++ b/cloudkitty/templates/secret-ks-etc.yaml @@ -0,0 +1,27 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_ks_etc }} +{{- $envAll := . -}} +{{/* the endpoints.identity.auth sections with the oslo conf sections they get rendered to */}} +{{- $ksUsers := dict + "cloudkitty" "keystone_authtoken" +-}} +{{ dict + "envAll" $envAll + "serviceName" "cloudkitty" + "serviceUserSections" $ksUsers + | include "helm-toolkit.manifests.secret_ks_etc" +}} +{{- end }} \ No newline at end of file diff --git a/cloudkitty/templates/secret-rabbitmq.yaml b/cloudkitty/templates/secret-rabbitmq.yaml new file mode 100644 index 0000000000..fde0761953 --- /dev/null +++ b/cloudkitty/templates/secret-rabbitmq.yaml @@ -0,0 +1,35 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_rabbitmq }} +{{- $envAll := . }} +{{- $rabbitmqProtocol := "http" }} +{{- if $envAll.Values.manifests.certificates }} +{{- $rabbitmqProtocol = "https" }} +{{- end }} +{{- range $key1, $userClass := tuple "admin" "cloudkitty" }} +{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + annotations: +{{ tuple "oslo_messaging" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }} +type: Opaque +data: + RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }} + TRANSPORT_URL: {{ tuple "oslo_messaging" "internal" $userClass "amqp" $envAll | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | b64enc }} +{{- end }} +{{- end }} diff --git a/cloudkitty/templates/secret-registry.yaml b/cloudkitty/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/cloudkitty/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/cloudkitty/templates/service-api.yaml b/cloudkitty/templates/service-api.yaml new file mode 100644 index 0000000000..a486ad5342 --- /dev/null +++ b/cloudkitty/templates/service-api.yaml @@ -0,0 +1,34 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_api }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "rating" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: c-api + port: {{ tuple "rating" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{ if .Values.network.api.node_port.enabled }} + nodePort: {{ .Values.network.api.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "cloudkitty" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.api.node_port.enabled }} + type: NodePort + {{ end }} +{{- end }} diff --git a/cloudkitty/values.yaml b/cloudkitty/values.yaml new file mode 100644 index 0000000000..4fb6d78260 --- /dev/null +++ b/cloudkitty/values.yaml @@ -0,0 +1,807 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +images: + tags: + bootstrap: quay.io/airshipit/heat:2024.1-ubuntu_jammy + cloudkitty_api: quay.io/airshipit/cloudkitty:2024.1-ubuntu_jammy + cloudkitty_db_sync: quay.io/airshipit/cloudkitty:2024.1-ubuntu_jammy + cloudkitty_processor: quay.io/airshipit/cloudkitty:2024.1-ubuntu_jammy + cloudkitty_storage_init: quay.io/airshipit/cloudkitty:2024.1-ubuntu_jammy + db_init: quay.io/airshipit/heat:2024.1-ubuntu_jammy + db_drop: quay.io/airshipit/heat:2024.1-ubuntu_jammy + dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal + ks_endpoints: quay.io/airshipit/heat:2024.1-ubuntu_jammy + ks_service: quay.io/airshipit/heat:2024.1-ubuntu_jammy + ks_user: quay.io/airshipit/heat:2024.1-ubuntu_jammy + rabbit_init: docker.io/rabbitmq:3.13-management + image_repo_sync: docker.io/docker:17.07.0 + pull_policy: "IfNotPresent" + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +labels: + cloudkitty: + node_selector_key: openstack-control-plane + node_selector_value: enabled + processor: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + test: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + cloudkitty: + username: cloudkitty + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null + rating: + name: cloudkitty + hosts: + default: cloudkitty-api + public: cloudkitty-api + host_fqdn_override: + default: null + path: + default: "" + scheme: + default: "http" + port: + api: + default: 8089 + public: 80 + oslo_db: + auth: + admin: + username: root + password: password + secret: + tls: + internal: mariadb-tls-direct + cloudkitty: + username: cloudkitty + password: password + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /cloudkitty + scheme: mysql+pymysql + port: + mysql: + default: 3306 + identity: + name: keystone + auth: + admin: + region_name: RegionOne + username: admin + password: password + project_name: admin + user_domain_name: default + project_domain_name: default + cloudkitty: + role: admin + region_name: RegionOne + username: cloudkitty + password: password + project_name: service + user_domain_name: service + project_domain_name: service + test: + role: admin + region_name: RegionOne + username: test + password: password + project_name: test + user_domain_name: service + project_domain_name: service + hosts: + default: keystone + internal: keystone-api + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: http + port: + api: + default: 80 + internal: 5000 + oslo_messaging: + auth: + admin: + username: rabbitmq + password: password + secret: + tls: + internal: rabbitmq-tls-direct + cloudkitty: + username: cloudkitty + password: password + statefulset: + replicas: 2 + name: rabbitmq-rabbitmq + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: /cloudkitty + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + fluentd: + namespace: null + name: fluentd + hosts: + default: fluentd-logging + host_fqdn_override: + default: null + path: + default: null + scheme: "http" + port: + service: + default: 24224 + metrics: + default: 24220 + # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress + # They are using to enable the Egress K8s network policy. + kube_dns: + namespace: kube-system + name: kubernetes-dns + hosts: + default: kube-dns + host_fqdn_override: + default: null + path: + default: null + scheme: http + port: + dns: + default: 53 + protocol: UDP + ingress: + namespace: null + name: ingress + hosts: + default: ingress + port: + ingress: + default: 80 + +secrets: + identity: + admin: cloudkitty-keystone-admin + cloudkitty: cloudkitty-keystone-user + test: cloudkitty-keystone-test + oslo_db: + admin: cloudkitty-db-admin + cloudkitty: cloudkitty-db-user + oslo_messaging: + admin: cloudkitty-rabbitmq-admin + cloudkitty: cloudkitty-rabbitmq-user + oci_image_registry: + cloudkitty: cloudkitty-oci-image-registry + +bootstrap: + enabled: false + ks_user: cloudkitty + script: | + openstack token issue + +dependencies: + dynamic: + common: + local_image_registry: + jobs: + - cloudkitty-image-repo-sync + services: + - endpoint: node + service: local_image_registry + + static: + cloudkitty_api: + jobs: + - cloudkitty-db-sync + - cloudkitty-storage-init + - cloudkitty-ks-user + - cloudkitty-ks-endpoints + - cloudkitty-ks-service + services: + - endpoint: internal + service: identity + cloudkitty_processor: + jobs: + - cloudkitty-db-sync + - cloudkitty-storage-init + - cloudkitty-ks-user + - cloudkitty-ks-endpoints + - cloudkitty-ks-service + services: + - endpoint: internal + service: identity + db_init: + services: + - endpoint: internal + service: oslo_db + db_sync: + jobs: + - cloudkitty-db-init + services: + - endpoint: internal + service: oslo_db + storage_init: + jobs: + - cloudkitty-db-sync + servcies: + - endpoint: internal + service: oslo_db + ks_endpoints: + jobs: + - cloudkitty-ks-service + services: + - endpoint: internal + service: identity + ks_service: + services: + - endpoint: internal + service: identity + ks_user: + services: + - endpoint: internal + service: identity + rabbit_init: + services: + - service: oslo_messaging + endpoint: internal + image_repo_sync: + services: + - endpoint: internal + service: local_image_registry + +pod: + security_context: + cloudkitty: + pod: + runAsUser: 42424 + container: + cloudkitty_api: + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsUser: 42424 + cloudkitty_processor: + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsUser: 42424 + cloudkitty_db_sync: + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsUser: 42424 + test: + pod: + runAsUser: 42424 + container: + horizon_test: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + probes: + cloudkitty: + default: + liveness: + enabled: true + params: {} + readiness: + enabled: true + params: {} + cloudkitty-processor: + default: + liveness: + enabled: true + params: {} + readiness: + enabled: true + params: {} + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + weight: + default: 10 + replicas: + cloudkitty_api: 1 + cloudkitty_processor: 1 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + daemonsets: + pod_replacement_strategy: RollingUpdate + compute: + enabled: true + min_ready_seconds: 0 + max_unavailable: 1 + disruption_budget: + cloudkitty_api: + min_available: 0 + cloudkitty_processor: + min_available: 0 + termination_grace_period: + cloudkitty_api: + timeout: 30 + cloudkitty_processor: + timeout: 30 + tolerations: + cloudkitty: + enabled: false + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule + mounts: + cloudkitty_api: + init_container: null + cloudkitty_api: + volumeMounts: + volumes: + cloudkitty_processor: + init_container: null + cloudkitty_processor: + volumeMounts: + volumes: + cloudkitty_db_sync: + cloudkitty_db_sync: + volumeMounts: + volumes: + cloudkitty_db_init: + cloudkitty_db_sync: + volumeMounts: + volumes: + cloudkitty_ks_users: + cloudkitty_db_sync: + volumeMounts: + volumes: + cloudkitty_ks_service: + cloudkitty_db_sync: + volumeMounts: + volumes: + resources: + enabled: false + cloudkitty_api: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + cloudkitty_processor: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + jobs: + bootstrap: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + rabbit_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + storage_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_drop: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_endpoints: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_service: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + ks_user: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" +conf: + paste: + pipeline:cloudkitty+noauth: + pipeline: cors healthcheck http_proxy_to_wsgi request_id ck_api + pipeline:cloudkitty+keystone: + pipeline: cors healthcheck http_proxy_to_wsgi request_id authtoken ck_api + app:ck_api: + paste.app_factory: cloudkitty.api.app:app_factory + filter:authtoken: + acl_public_routes: /, /v1, /v2, /healthcheck + paste.filter_factory: cloudkitty.api.middleware:AuthTokenMiddleware.factory + filter:request_id: + paste.filter_factory: oslo_middleware:RequestId.factory + filter:cors: + paste.filter_factory: oslo_middleware.cors:filter_factory + oslo_config_project: cloudkitty + filter:healthcheck: + paste.filter_factory: oslo_middleware:Healthcheck.factory + backends: disable_by_file + disable_by_file_path: /etc/cloudkitty/healthcheck_disable + filter:http_proxy_to_wsgi: + paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory + oslo_config_project: cloudkitty + cloudkitty_api_uwsgi: + uwsgi: + add-header: "Connection: close" + buffer-size: 65535 + die-on-term: true + enable-threads: true + exit-on-reload: false + hook-master-start: unix_signal:15 gracefully_kill_them_all + lazy-apps: true + log-x-forwarded-for: true + master: true + procname-prefix-spaced: "cloudkitty-api:" + route-user-agent: '^kube-probe.* donotlog:' + thunder-lock: true + worker-reload-mercy: 80 + wsgi-file: /var/lib/openstack/bin/cloudkitty-api + processes: 1 + cloudkitty: + DEFAULT: + log_config_append: /etc/cloudkitty/logging.conf + api_paste_config: /etc/cloudkitty/api-paste.ini + auth_strategy: keystone + debug: false + keystone_authtoken: + auth_type: password + username: cloudkitty + service_token_roles_required: true + service_token_roles: admin,rating,service + service_type: rating + database: + max_retries: -1 + collect: + collector: gnocchi + collector_gnocchi: + auth_section: keystone_authtoken + fetcher: + backend: gnocchi + fetcher_gnocchi: + auth_section: keystone_authtoken + output: + pipeline: osrf + basepath: /var/cloudkitty/reports + backend: cloudkitty.backend.file.FileBackend + storage: + backend: sqlalchemy + version: 1 + logging: + loggers: + keys: + - root + - cloudkitty + handlers: + keys: + - stdout + - stderr + - "null" + formatters: + keys: + - context + - default + logger_root: + level: DEBUG + handlers: + - stdout + logger_cloudkitty: + level: DEBUG + handlers: + - stdout + qualname: cloudkitty + logger_amqp: + level: WARNING + handlers: stderr + qualname: amqp + logger_amqplib: + level: WARNING + handlers: stderr + qualname: amqplib + logger_eventletwsgi: + level: WARNING + handlers: stderr + qualname: eventlet.wsgi.server + logger_sqlalchemy: + level: WARNING + handlers: stderr + qualname: sqlalchemy + logger_boto: + level: WARNING + handlers: stderr + qualname: boto + handler_null: + class: logging.NullHandler + formatter: default + args: () + handler_stdout: + class: StreamHandler + args: (sys.stdout,) + formatter: context + handler_stderr: + class: StreamHandler + args: (sys.stderr,) + formatter: context + formatter_context: + class: oslo_log.formatters.ContextFormatter + datefmt: "%Y-%m-%d %H:%M:%S" + formatter_default: + format: "%(message)s" + datefmt: "%Y-%m-%d %H:%M:%S" + cloudkitty_sudoers: | + Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin" + cloudkitty ALL=(ALL:ALL) NOPASSWD: /var/lib/openstack/bin/privsep-helper + processor_metrics: | + metrics: + cpu: + alt_name: instance + extra_args: + aggregation_method: mean + resource_type: instance + groupby: + - id + - user_id + - project_id + metadata: + - flavor_name + - flavor_id + - vcpus + mutate: NUMBOOL + unit: instance + image.size: + extra_args: + aggregation_method: mean + resource_type: image + factor: 1/1048576 + groupby: + - id + - user_id + - project_id + metadata: + - container_format + - disk_format + unit: MiB + ip.floating: + extra_args: + aggregation_method: mean + resource_type: network + groupby: + - id + - user_id + - project_id + metadata: + - state + mutate: NUMBOOL + unit: ip + network.incoming.bytes.rate: + extra_args: + aggregation_method: mean + resource_type: instance_network_interface + factor: 3600/1000000 + groupby: + - id + - project_id + - user_id + metadata: + - instance_id + unit: MB + network.outgoing.bytes.rate: + extra_args: + aggregation_method: mean + resource_type: instance_network_interface + factor: 3600/1000000 + groupby: + - id + - project_id + - user_id + metadata: + - instance_id + unit: MB + radosgw.objects.size: + extra_args: + aggregation_method: mean + resource_type: ceph_account + factor: 1/1073741824 + groupby: + - id + - user_id + - project_id + unit: GiB + volume.size: + extra_args: + aggregation_method: mean + resource_type: volume + groupby: + - id + - user_id + - project_id + metadata: + - volume_type + unit: GiB + +# Note(xuxant): Hooks will break the upgrade for helm2 +# Set to false if using helm2. +helm3_hook: true + +network: + api: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + node_port: + enabled: false + port: 33053 + +network_policy: + cloudkitty: + ingress: + - from: + - podSelector: + matchLabels: + application: cloudkitty + - podSelector: + matchLabels: + application: horizon + - podSelector: + matchLabels: + application: ingress + - podSelector: + matchLabels: + application: gnocchi + ports: + - protocol: TCP + port: 80 + - protocol: TCP + port: 8089 + +manifests: + configmap_bin: true + configmap_etc: true + deployment_api: true + deployment_processor: true + ingress_api: true + job_bootstrap: true + job_ks_user: true + job_db_sync: true + job_db_init: true + job_db_drop: false + job_ks_endpoints: true + job_ks_service: true + job_rabbit_init: true + job_storage_init: true + pdb_api: true + network_policy: false + secret_db: true + secret_rabbitmq: true + secret_keystone: true + secret_registry: true + service_api: true + secret_ks_etc: true +... diff --git a/doc/source/chart/openstack_charts.rst b/doc/source/chart/openstack_charts.rst index 3b1d01e8f1..2526699e11 100644 --- a/doc/source/chart/openstack_charts.rst +++ b/doc/source/chart/openstack_charts.rst @@ -10,6 +10,7 @@ OpenStack charts options ceilometer cinder cyborg + cloudkitty designate glance heat diff --git a/releasenotes/config.yaml b/releasenotes/config.yaml index c9af02228b..44aa3c51c6 100644 --- a/releasenotes/config.yaml +++ b/releasenotes/config.yaml @@ -19,6 +19,7 @@ sections: - [ceph-osd, ceph-osd Chart] - [ceph-provisioners, ceph-provisioners Chart] - [cinder, cinder Chart] + - [cloudkitty, cloudkitty Chart] - [daemonjob-controller, daemonjob-controller Chart] - [designate, designate Chart] - [elastic-apm-server, elastic-apm-server Chart] diff --git a/releasenotes/notes/cloudkitty.yaml b/releasenotes/notes/cloudkitty.yaml new file mode 100644 index 0000000000..f16ba228fc --- /dev/null +++ b/releasenotes/notes/cloudkitty.yaml @@ -0,0 +1,4 @@ +--- +cloudkitty: + - 0.1.0 Initial Chart +... diff --git a/tools/deployment/component/cloudkitty/cloudkitty.sh b/tools/deployment/component/cloudkitty/cloudkitty.sh new file mode 100755 index 0000000000..c816aca506 --- /dev/null +++ b/tools/deployment/component/cloudkitty/cloudkitty.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +#NOTE: Define variables +: ${OSH_HELM_REPO:="../openstack-helm"} +: ${OSH_VALUES_OVERRIDES_PATH:="../openstack-helm/values_overrides"} +: ${OSH_EXTRA_HELM_ARGS_CLOUDKITTY:="$(helm osh get-values-overrides ${DOWNLOAD_OVERRIDES:-} -p ${OSH_VALUES_OVERRIDES_PATH} -c cloudkitty ${FEATURES})"} +: ${RUN_HELM_TESTS:="no"} + +#NOTE: Deploy command +helm upgrade --install cloudkitty ${OSH_HELM_REPO}/cloudkitty \ + --namespace=openstack \ + ${OSH_EXTRA_HELM_ARGS} \ + ${OSH_EXTRA_HELM_ARGS_CLOUDKITTY} + +#NOTE: Wait for deploy +helm osh wait-for-pods openstack 1800 + +#NOTE: Validate Deployment +export OS_CLOUD=openstack_helm +openstack service list + +openstack rating module list diff --git a/values_overrides/cloudkitty/2024.2-ubuntu_jammy.yaml b/values_overrides/cloudkitty/2024.2-ubuntu_jammy.yaml new file mode 100644 index 0000000000..eb006ee6af --- /dev/null +++ b/values_overrides/cloudkitty/2024.2-ubuntu_jammy.yaml @@ -0,0 +1,14 @@ +--- +images: + tags: + bootstrap: quay.io/airshipit/heat:2024.2-ubuntu_jammy + db_init: quay.io/airshipit/heat:2024.2-ubuntu_jammy + db_drop: quay.io/airshipit/heat:2024.2-ubuntu_jammy + ks_user: quay.io/airshipit/heat:2024.2-ubuntu_jammy + ks_service: quay.io/airshipit/heat:2024.2-ubuntu_jammy + ks_endpoints: quay.io/airshipit/heat:2024.2-ubuntu_jammy + cloudkitty_api: quay.io/airshipit/cloudkitty:2024.2-ubuntu_jammy + cloudkitty_db_sync: quay.io/airshipit/cloudkitty:2024.2-ubuntu_jammy + cloudkitty_processor: quay.io/airshipit/cloudkitty:2024.2-ubuntu_jammy + cloudkitty_storage_init: quay.io/airshipit/cloudkitty:2024.2-ubuntu_jammy +... diff --git a/values_overrides/cloudkitty/2025.1-ubuntu_jammy.yaml b/values_overrides/cloudkitty/2025.1-ubuntu_jammy.yaml new file mode 100644 index 0000000000..ecfbd8e289 --- /dev/null +++ b/values_overrides/cloudkitty/2025.1-ubuntu_jammy.yaml @@ -0,0 +1,14 @@ +--- +images: + tags: + bootstrap: quay.io/airshipit/heat:2025.1-ubuntu_jammy + db_init: quay.io/airshipit/heat:2025.1-ubuntu_jammy + db_drop: quay.io/airshipit/heat:2025.1-ubuntu_jammy + ks_user: quay.io/airshipit/heat:2025.1-ubuntu_jammy + ks_service: quay.io/airshipit/heat:2025.1-ubuntu_jammy + ks_endpoints: quay.io/airshipit/heat:2025.1-ubuntu_jammy + cloudkitty_api: quay.io/airshipit/cloudkitty:2025.1-ubuntu_jammy + cloudkitty_db_sync: quay.io/airshipit/cloudkitty:2025.1-ubuntu_jammy + cloudkitty_processor: quay.io/airshipit/cloudkitty:2025.1-ubuntu_jammy + cloudkitty_storage_init: quay.io/airshipit/cloudkitty:2025.1-ubuntu_jammy +... diff --git a/values_overrides/cloudkitty/2025.1-ubuntu_noble.yaml b/values_overrides/cloudkitty/2025.1-ubuntu_noble.yaml new file mode 100644 index 0000000000..a91923018c --- /dev/null +++ b/values_overrides/cloudkitty/2025.1-ubuntu_noble.yaml @@ -0,0 +1,14 @@ +--- +images: + tags: + bootstrap: quay.io/airshipit/heat:2025.1-ubuntu_noble + db_init: quay.io/airshipit/heat:2025.1-ubuntu_noble + db_drop: quay.io/airshipit/heat:2025.1-ubuntu_noble + ks_user: quay.io/airshipit/heat:2025.1-ubuntu_noble + ks_service: quay.io/airshipit/heat:2025.1-ubuntu_noble + ks_endpoints: quay.io/airshipit/heat:2025.1-ubuntu_noble + cloudkitty_api: quay.io/airshipit/cloudkitty:2025.1-ubuntu_noble + cloudkitty_db_sync: quay.io/airshipit/cloudkitty:2025.1-ubuntu_noble + cloudkitty_processor: quay.io/airshipit/cloudkitty:2025.1-ubuntu_noble + cloudkitty_storage_init: quay.io/airshipit/cloudkitty:2025.1-ubuntu_noble +... diff --git a/zuul.d/2025.1.yaml b/zuul.d/2025.1.yaml index 2387024e74..772be48397 100644 --- a/zuul.d/2025.1.yaml +++ b/zuul.d/2025.1.yaml @@ -96,4 +96,15 @@ openstack_release: "2025.1" container_distro_name: ubuntu container_distro_version: jammy + +- job: + name: openstack-helm-cloudkitty-2025-1-ubuntu_jammy + parent: openstack-helm-cloudkitty + nodeset: openstack-helm-3nodes-ubuntu_jammy + timeout: 10800 + vars: + osh_params: + openstack_release: "2025.1" + container_distro_name: ubuntu + container_distro_version: jammy ... diff --git a/zuul.d/base.yaml b/zuul.d/base.yaml index 6d5a53c8eb..681c05f342 100644 --- a/zuul.d/base.yaml +++ b/zuul.d/base.yaml @@ -557,4 +557,25 @@ - ./tools/deployment/component/blazar/blazar.sh - ./tools/deployment/component/blazar/blazar_smoke_test.sh - ./tools/deployment/common/run-helm-tests.sh blazar + +- job: + name: openstack-helm-cloudkitty + parent: openstack-helm-deploy + timeout: 7200 + vars: + gate_scripts: + - ./tools/deployment/common/prepare-bashrc.sh + - ./tools/deployment/common/prepare-k8s.sh + - ./tools/deployment/common/prepare-charts.sh + - ./tools/deployment/common/setup-client.sh + - export VOLUME_HELM_ARGS="--set volume.enabled=false"; ./tools/deployment/component/common/rabbitmq.sh + - ./tools/deployment/db/mariadb.sh + - ./tools/deployment/component/common/memcached.sh + - ./tools/deployment/component/keystone/keystone.sh + - ./tools/deployment/component/heat/heat.sh + - export GLANCE_BACKEND=local; ./tools/deployment/component/glance/glance.sh + - ./tools/deployment/component/compute-kit/openvswitch.sh + - ./tools/deployment/component/compute-kit/libvirt.sh + - ./tools/deployment/component/compute-kit/compute-kit.sh + - ./tools/deployment/component/cloudkitty/cloudkitty.sh ... diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index ee46d8a868..65e96428bd 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -64,4 +64,5 @@ - openstack-helm-compute-kit-helm-repo-public-2024-1-ubuntu_jammy # 1 node + 3 nodes - openstack-helm-watcher-2025-1-ubuntu_jammy # 3 nodes - openstack-helm-blazar-2025-1-ubuntu_jammy # 3 nodes + - openstack-helm-cloudkitty-2025-1-ubuntu_jammy # 3 nodes ...