1 编写helm charts
2 charts语法检查
执行命令:
helm lint <chart_name>
注意:
请将<chart_name> 替换为自己的chart名称
样例如下:
helm lint gnocchi
输出结果:
==> Linting gnocchi
[INFO] Chart.yaml: icon is recommended
1 chart(s) linted, no failures
3 charts调试命令
执行命令:
helm install --dry-run --debug <chart_name> --namespace <namespace_name>
注意:
请将 <chart_name> 替换为自己的chart名称
请将 <namespace_name> 替换为自己的chart所在的命名空间
样例如下:
helm install --dry-run --debug gnocchi --namespace openstack
如果发生错误,或者输出结果和自己预想的不一样,就继续调试charts,知道输出结果和
预期结果一致。
输出结果示例如下:
[root@node-1 ark]# helm install --dry-run --debug gnocchi -n openstack
[debug] Created tunnel using local port: '38104'
[debug] SERVER: "127.0.0.1:38104"
[debug] Original chart version: ""
[debug] CHART PATH: /root/ark/gnocchi
NAME: openstack
REVISION: 1
RELEASED: Sat Jan 26 09:30:07 2019
CHART: gnocchi-5.0.1
USER-SUPPLIED VALUES:
{}
COMPUTED VALUES:
conf:
ceph:
admin_keyring: null
append: null
monitors: []
override: null
gnocchi:
DEFAULT:
debug: false
api:
auth_mode: keystone
max_limit: 100000
port: 8041
archive_policy:
default_aggregation_methods: mean,min,max
database:
max_retries: -1
incoming:
driver: redis
redis_url: null
indexer:
driver: mysql
keystone_authtoken:
auth_type: password
auth_version: v3
memcache_secret_key: secret
memcache_security_strategy: ENCRYPT
metricd:
workers: 16
statsd:
port: 8125
project_id: 0712a464-ad34-4780-a1e8-c8f1d71b57a9
resource_id: 6ad0aea2-5f16-4621-b7ee-69e391acb6ea
user_id: 47408a08-d20e-40bc-a3a3-9582942ed3a2
storage:
ceph_conffile: /etc/ceph/ceph.conf
ceph_keyring: /etc/ceph/ceph.client.admin.keyring
ceph_pool: metrics
ceph_username: admin
driver: ceph
provided_keyring: null
token:
provider: uuid
paste:
app:gnocchiv1:
paste.app_factory: gnocchi.rest.app:app_factory
root: gnocchi.rest.V1Controller
app:gnocchiversions:
paste.app_factory: gnocchi.rest.app:app_factory
root: gnocchi.rest.VersionsController
composite:gnocchi+auth:
/: gnocchiversions
/v1: gnocchiv1+auth
use: egg:Paste#urlmap
composite:gnocchi+noauth:
/: gnocchiversions
/v1: gnocchiv1+noauth
use: egg:Paste#urlmap
filter:keystone_authtoken:
oslo_config_project: gnocchi
paste.filter_factory: keystonemiddleware.auth_token:filter_factory
pipeline:gnocchiv1+auth:
pipeline: keystone_authtoken gnocchiv1
pipeline:gnocchiv1+noauth:
pipeline: gnocchiv1
pipeline:main:
pipeline: gnocchi+auth
policy:
admin_or_creator: role:admin or project_id:%(created_by_project_id)s
create archive policy: role:admin
create archive policy rule: role:admin
create metric: ""
create resource: ""
create resource type: role:admin
delete archive policy: role:admin
delete archive policy rule: role:admin
delete metric: rule:admin_or_creator
delete resource: rule:admin_or_creator
delete resource type: role:admin
delete resources: rule:admin_or_creator
get archive policy: ""
get archive policy rule: ""
get measures: rule:admin_or_creator or rule:metric_owner
get metric: rule:admin_or_creator or rule:metric_owner
get resource: rule:admin_or_creator or rule:resource_owner
get resource type: ""
get status: role:admin
list all metric: role:admin
list archive policy: ""
list archive policy rule: ""
list metric: ""
list resource: rule:admin_or_creator or rule:resource_owner
list resource type: ""
metric_owner: project_id:%(resource.project_id)s
post measures: rule:admin_or_creator
resource_owner: project_id:%(project_id)s
search metric: rule:admin_or_creator or rule:metric_owner
search resource: rule:admin_or_creator or rule:resource_owner
update archive policy: role:admin
update resource: rule:admin_or_creator
update resource type: role:admin
rally_tests:
run_tempest: true
tests: null
dependencies:
api:
jobs:
- gnocchi-storage-init
- gnocchi-db-sync
- gnocchi-ks-endpoints
- gnocchi-ks-service
- gnocchi-ks-user
services:
- endpoint: internal
service: identity
- endpoint: internal
service: oslo_db
- endpoint: internal
service: redis
db_init:
services:
- endpoint: internal
service: oslo_db
db_init_keystone:
services:
- endpoint: internal
service: oslo_db
db_sync:
jobs:
- gnocchi-db-init-keystone
- gnocchi-db-init-indexer
services:
- endpoint: internal
service: oslo_db
ks_endpoints:
jobs:
- gnocchi-ks-service
services:
- endpoint: internal
service: identity
ks_service:
services:
- endpoint: internal
service: identity
ks_user:
services:
- endpoint: internal
service: identity
metricd:
jobs:
- gnocchi-storage-init
- gnocchi-db-sync
- gnocchi-ks-user
- gnocchi-ks-service
- gnocchi-ks-endpoints
services:
- endpoint: internal
service: oslo_db
- endpoint: internal
service: metric
- endpoint: internal
service: redis
statsd:
jobs:
- gnocchi-storage-init
- gnocchi-db-sync
- gnocchi-ks-user
- gnocchi-ks-service
- gnocchi-ks-endpoints
services:
- endpoint: internal
service: oslo_db
- endpoint: internal
service: metric
- endpoint: internal
service: redis
storage_init:
services: null
tests:
jobs:
- gnocchi-storage-init
- gnocchi-db-sync
services:
- endpoint: internal
service: identity
- endpoint: internal
service: oslo_db
- endpoint: internal
service: metric
endpoints:
cluster_domain_suffix: cluster.local
identity:
auth:
admin:
domain_name: Default
os_auth_type: password
os_tenant_name: service
password: password
project_domain_name: Default
project_name: service
region_name: RegionOne
user_domain_name: Default
username: drone
user:
domain_name: Default
os_auth_type: password
os_tenant_name: service
password: password
project_domain_name: Default
project_name: service
region_name: RegionOne
role: admin
user_domain_name: Default
username: gnocchi
host_fqdn_override:
default: null
hosts:
default: keystone-api
public: keystone
name: keystone
path:
default: /v3
port:
admin:
default: 35357
api:
default: 80
scheme:
default: http
metric:
host_fqdn_override:
default: null
hosts:
default: gnocchi-api
public: gnocchi
name: gnocchi
path:
default: null
port:
api:
default: 8041
public: 80
scheme:
default: http
oslo_cache:
host_fqdn_override:
default: null
hosts:
default: memcache
port:
memcache:
default: 11211
oslo_db:
auth:
admin:
password: password
username: root
user:
password: password
username: gnocchi
host_fqdn_override:
default: null
hosts:
default: mariadb
path: /gnocchi
port:
mysql:
default: 3306
scheme: mysql+pymysql
redis:
host_fqdn_override:
default: null
hosts:
default: redis
public: redis
name: redis
path:
default: null
port:
api:
default: 6379
public: 80
scheme:
default: redis
helm-toolkit:
endpoints:
fqdn: null
global:
region: cluster
tld: local
images:
job_pull_policy: Always
pull_policy: IfNotPresent
tags:
api: hub.easystack.io/production/escloud-linux-source-gnocchi-api:5.0.1
api_job: hub.easystack.io/production/escloud-linux-source-gnocchi-api:latest
db_init_indexer: hub.easystack.io/production/escloud-linux-source-gnocchi-api:latest
db_init_keystone: hub.easystack.io/production/escloud-linux-source-gnocchi-api:latest
db_sync: hub.easystack.io/production/escloud-linux-source-gnocchi-api:latest
dep_check: hub.easystack.io/production/kubernetes-entrypoint:v0.2.1
ks_endpoints: hub.easystack.io/production/escloud-linux-source-heat-engine:latest
ks_service: hub.easystack.io/production/escloud-linux-source-heat-engine:latest
ks_user: hub.easystack.io/production/escloud-linux-source-heat-engine:latest
metricd: hub.easystack.io/production/escloud-linux-source-gnocchi-metricd:5.0.1
statsd: hub.easystack.io/production/escloud-linux-source-gnocchi-statsd:5.0.1
storage_init: hub.easystack.io/production/escloud-linux-ceph-daemon:latest
test: hub.easystack.io/production/escloud-linux-source-rally:5.0.1
labels:
node_selector_key: openstack-control-plane
node_selector_value: enabled
manifests:
configmap_bin: true
configmap_etc: true
daemonset_metricd: true
daemonset_statsd: true
deployment_api: true
ingress_api: true
job_db_init_indexer: true
job_db_init_keystone: true
job_db_sync: true
job_ks_endpoints: true
job_ks_service: true
job_ks_user: true
job_storage_init: true
pdb_api: true
pod_gnocchi_test: true
secret_db: true
secret_keystone: true
service_api: true
service_ingress_api: true
service_statsd: true
network:
api:
external_policy_local: false
ingress:
public: true
node_port:
enabled: false
port: 8041
statsd:
node_port:
enabled: false
port: 8125
pod:
affinity:
anti:
topologyKey:
default: kubernetes.io/hostname
type:
default: requiredDuringSchedulingIgnoredDuringExecution
lifecycle:
disruption_budget:
api:
min_available: 0
termination_grace_period:
api:
timeout: 30
upgrades:
daemonsets:
metricd:
enabled: true
max_unavailable: 1
min_ready_seconds: 0
pod_replacement_strategy: RollingUpdate
statsd:
enabled: true
max_unavailable: 1
min_ready_seconds: 0
deployments:
pod_replacement_strategy: RollingUpdate
revision_history: 3
rolling_update:
max_surge: 3
max_unavailable: 1
mounts:
gnocchi_api:
gnocchi_api: null
init_container: null
gnocchi_metricd:
gnocchi_metricd: null
init_container: null
gnocchi_statsd:
gnocchi_statsd: null
init_container: null
gnocchi_tests:
gnocchi_tests: null
init_container: null
replicas:
api: 3
resources:
api:
enabled: true
limits:
cpu: 4000m
memory: 4096Mi
requests:
cpu: 100m
memory: 124Mi
enabled: false
metricd:
limits:
cpu: 4000m
memory: 4096Mi
requests:
cpu: 100m
memory: 124Mi
statsd:
limits:
cpu: 2000m
memory: 1024Mi
requests:
cpu: 100m
memory: 124Mi
user:
gnocchi:
uid: 42416
secrets:
identity:
admin: gnocchi-keystone-admin
user: gnocchi-keystone-user
oslo_db:
admin: gnocchi-db-admin
user: gnocchi-db-user
rally:
private_key: test
test_user: devops
rbd: gnocchi-rbd-keyring
HOOKS:
---
# openstack-rally-test
apiVersion: v1
kind: Pod
metadata:
name: "openstack-rally-test"
annotations:
"helm.sh/hook": test-success
spec:
restartPolicy: Never
initContainers:
- name: init
image: hub.easystack.io/production/kubernetes-entrypoint:v0.2.1
imagePullPolicy: IfNotPresent
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INTERFACE_NAME
value: eth0
- name: DEPENDENCY_SERVICE
value: "default:keystone-api,default:mariadb,default:gnocchi-api"
- name: DEPENDENCY_JOBS
value: "gnocchi-storage-init,gnocchi-db-sync"
- name: DEPENDENCY_DAEMONSET
value: ""
- name: DEPENDENCY_CONTAINER
value: ""
- name: COMMAND
value: "echo done"
command:
- kubernetes-entrypoint
volumeMounts: []
- name: ceph-keyring-placement
image: hub.easystack.io/production/escloud-linux-source-gnocchi-api:5.0.1
imagePullPolicy: IfNotPresent
command:
- /tmp/ceph-keyring.sh
volumeMounts:
- name: etcceph
mountPath: /etc/ceph
- name: gnocchi-bin
mountPath: /tmp/ceph-keyring.sh
subPath: ceph-keyring.sh
readOnly: true
- name: ceph-keyring
mountPath: /tmp/client-keyring
subPath: key
readOnly: true
containers:
- name: openstack-helm-tests
image: hub.easystack.io/production/escloud-linux-source-rally:5.0.1
imagePullPolicy: IfNotPresent
env:
- name: OS_IDENTITY_API_VERSION
value: "3"
- name: OS_AUTH_URL
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_AUTH_URL
- name: OS_REGION_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_REGION_NAME
- name: OS_PROJECT_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_PROJECT_DOMAIN_NAME
- name: OS_PROJECT_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_PROJECT_NAME
- name: OS_USER_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_USER_DOMAIN_NAME
- name: OS_USERNAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_USERNAME
- name: OS_PASSWORD
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_PASSWORD
- name: OS_AUTH_TYPE
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_AUTH_TYPE
- name: OS_TENANT_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_TENANT_NAME
- name: RALLY_ENV_NAME
value: openstack
- name: PLUGIN_PROJECT
value: openstack
- name: RALLY_PRIVATE_KEY
value: |
test
- name: TEST_USER
value: devops
command:
- /tmp/rally-test.sh
volumeMounts:
- name: gnocchi-etc
mountPath: /etc/gnocchi/gnocchi.conf
subPath: gnocchi.conf
readOnly: true
- name: ceph-etc
mountPath: /etc/ceph/ceph.conf
subPath: ceph.conf
readOnly: true
- name: gnocchi-bin
mountPath: /tmp/rally-test.sh
subPath: rally-test.sh
readOnly: true
- name: rally-db
mountPath: /var/lib/rally
volumes:
- name: gnocchi-etc
configMap:
name: gnocchi-etc
defaultMode: 0444
- name: gnocchi-bin
configMap:
name: gnocchi-bin
defaultMode: 0555
- name: ceph-etc
configMap:
name: ceph-etc
- name: ceph-keyring
secret:
secretName: pvc-ceph-client-key
- name: etcceph
emptyDir: {}
- name: rally-db
emptyDir: {}
---
# openstack-rally-test
apiVersion: v1
kind: Pod
metadata:
name: "openstack-rally-test"
annotations:
"helm.sh/hook": test-success
spec:
restartPolicy: Never
initContainers:
- name: init
image: hub.easystack.io/production/kubernetes-entrypoint:v0.2.1
imagePullPolicy: IfNotPresent
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INTERFACE_NAME
value: eth0
- name: DEPENDENCY_SERVICE
value: "default:keystone-api,default:mariadb,default:gnocchi-api"
- name: DEPENDENCY_JOBS
value: "gnocchi-storage-init,gnocchi-db-sync"
- name: DEPENDENCY_DAEMONSET
value: ""
- name: DEPENDENCY_CONTAINER
value: ""
- name: COMMAND
value: "echo done"
command:
- kubernetes-entrypoint
volumeMounts: []
- name: ceph-keyring-placement
image: hub.easystack.io/production/escloud-linux-source-gnocchi-api:5.0.1
imagePullPolicy: IfNotPresent
command:
- /tmp/ceph-keyring.sh
volumeMounts:
- name: etcceph
mountPath: /etc/ceph
- name: gnocchi-bin
mountPath: /tmp/ceph-keyring.sh
subPath: ceph-keyring.sh
readOnly: true
- name: ceph-keyring
mountPath: /tmp/client-keyring
subPath: key
readOnly: true
containers:
- name: openstack-helm-tests
image: hub.easystack.io/production/escloud-linux-source-gnocchi-api:5.0.1
imagePullPolicy: IfNotPresent
env:
- name: OS_IDENTITY_API_VERSION
value: "3"
- name: OS_AUTH_URL
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_AUTH_URL
- name: OS_REGION_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_REGION_NAME
- name: OS_PROJECT_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_PROJECT_DOMAIN_NAME
- name: OS_PROJECT_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_PROJECT_NAME
- name: OS_USER_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_USER_DOMAIN_NAME
- name: OS_USERNAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_USERNAME
- name: OS_PASSWORD
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_PASSWORD
- name: OS_AUTH_TYPE
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_AUTH_TYPE
- name: OS_TENANT_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_TENANT_NAME
command:
- /tmp/gnocchi-test.sh
volumeMounts:
- name: gnocchi-etc
mountPath: /etc/gnocchi/gnocchi.conf
subPath: gnocchi.conf
readOnly: true
- name: ceph-etc
mountPath: /etc/ceph/ceph.conf
subPath: ceph.conf
readOnly: true
- name: gnocchi-bin
mountPath: /tmp/gnocchi-test.sh
subPath: gnocchi-test.sh
readOnly: true
volumes:
- name: gnocchi-etc
configMap:
name: gnocchi-etc
defaultMode: 0444
- name: gnocchi-bin
configMap:
name: gnocchi-bin
defaultMode: 0555
- name: ceph-etc
configMap:
name: ceph-etc
- name: ceph-keyring
secret:
secretName: pvc-ceph-client-key
- name: etcceph
emptyDir: {}
MANIFEST:
---
# Source: gnocchi/templates/secret-db.yaml
apiVersion: v1
kind: Secret
metadata:
name: gnocchi-db-user
type: Opaque
data:
DB_CONNECTION_INDEXER: bXlzcWwrcHlteXNxbDovL2dub2NjaGk6cGFzc3dvcmRAbWFyaWFkYi5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjMzMDYvZ25vY2NoaQ==
DB_CONNECTION_API: bXlzcWwrcHlteXNxbDovL2dub2NjaGk6cGFzc3dvcmRAbWFyaWFkYi5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjMzMDYvZ25vY2NoaQ==
---
# Source: gnocchi/templates/secret-db.yaml
apiVersion: v1
kind: Secret
metadata:
name: gnocchi-db-admin
type: Opaque
data:
DB_CONNECTION_INDEXER: bXlzcWwrcHlteXNxbDovL3Jvb3Q6cGFzc3dvcmRAbWFyaWFkYi5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjMzMDYvZ25vY2NoaQ==
DB_CONNECTION_API: bXlzcWwrcHlteXNxbDovL3Jvb3Q6cGFzc3dvcmRAbWFyaWFkYi5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjMzMDYvZ25vY2NoaQ==
---
# Source: gnocchi/templates/secret-keystone.yaml
apiVersion: v1
kind: Secret
metadata:
name: gnocchi-keystone-admin
type: Opaque
data:
OS_AUTH_URL: aHR0cDovL2tleXN0b25lLWFwaS5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwL3Yz
OS_REGION_NAME: UmVnaW9uT25l
OS_PROJECT_DOMAIN_NAME: RGVmYXVsdA==
OS_PROJECT_NAME: c2VydmljZQ==
OS_DOMAIN_NAME: RGVmYXVsdA==
OS_USER_DOMAIN_NAME: RGVmYXVsdA==
OS_USERNAME: ZHJvbmU=
OS_PASSWORD: cGFzc3dvcmQ=
OS_AUTH_TYPE: cGFzc3dvcmQ=
OS_TENANT_NAME: c2VydmljZQ==
---
# Source: gnocchi/templates/secret-keystone.yaml
apiVersion: v1
kind: Secret
metadata:
name: gnocchi-keystone-user
type: Opaque
data:
OS_AUTH_URL: aHR0cDovL2tleXN0b25lLWFwaS5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwL3Yz
OS_REGION_NAME: UmVnaW9uT25l
OS_PROJECT_DOMAIN_NAME: RGVmYXVsdA==
OS_PROJECT_NAME: c2VydmljZQ==
OS_DOMAIN_NAME: RGVmYXVsdA==
OS_USER_DOMAIN_NAME: RGVmYXVsdA==
OS_USERNAME: Z25vY2NoaQ==
OS_PASSWORD: cGFzc3dvcmQ=
OS_AUTH_TYPE: cGFzc3dvcmQ=
OS_TENANT_NAME: c2VydmljZQ==
---
# Source: gnocchi/templates/configmap-bin.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: gnocchi-bin
data:
storage-init.sh: |+
#!/bin/bash
set -x
SECRET=$(mktemp --suffix .yaml)
KEYRING=$(mktemp --suffix .keyring)
function cleanup {
rm -f ${SECRET} ${KEYRING}
}
trap cleanup EXIT
set -ex
ceph -s
function ensure_pool () {
ceph osd pool stats $1 || rados mkpool $1
}
ensure_pool ${RBD_POOL_NAME}
if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then
KEYSTR=$(echo $USERINFO | sed 's/.*\( key = .*\) caps mon.*/\1/')
echo $KEYSTR > ${KEYRING}
else
#NOTE(Portdirect): Determine proper privs to assign keyring
ceph auth get-or-create client.${RBD_POOL_USER} \
mon "allow *" \
osd "allow *" \
-o ${KEYRING}
fi
ENCODED_KEYRING=$(sed -n 's/^[[:blank:]]*key[[:blank:]]\+=[[:blank:]]\(.*\)/\1/p' ${KEYRING} | base64 -w0)
cat > ${SECRET} <<EOF
apiVersion: v1
kind: Secret
metadata:
name: "${RBD_POOL_SECRET}"
type: kubernetes.io/rbd
data:
key: $( echo ${ENCODED_KEYRING} )
EOF
kubectl delete secret --namespace ${NAMESPACE} --ignore-not-found=true ${RBD_POOL_SECRET}
kubectl create --namespace ${NAMESPACE} -f ${SECRET}
db-init.sh: |+
#!/bin/bash
set -ex
export HOME=/tmp
pgsql_superuser_cmd () {
DB_COMMAND="$1"
if [[ ! -z $2 ]]; then
EXPORT PGDATABASE=$2
fi
psql \
-h ${DB_FQDN} \
-p ${DB_PORT} \
-U ${ROOT_DB_USER} \
--command="${DB_COMMAND}"
}
pgsql_superuser_cmd () {
DB_COMMAND="$1"
psql \
-h ${DB_FQDN} \
-p ${DB_PORT} \
-U ${ROOT_DB_USER} \
--command="${DB_COMMAND}"
}
if [[ ! -v ROOT_DB_CONNECTION ]]; then
echo "environment variable ROOT_DB_CONNECTION not set"
exit 1
else
echo "Got DB root connection"
fi
if [[ -v OPENSTACK_CONFIG_FILE ]]; then
if [[ ! -v OPENSTACK_CONFIG_DB_SECTION ]]; then
echo "Environment variable OPENSTACK_CONFIG_DB_SECTION not set"
exit 1
elif [[ ! -v OPENSTACK_CONFIG_DB_KEY ]]; then
echo "Environment variable OPENSTACK_CONFIG_DB_KEY not set"
exit 1
fi
echo "Using ${OPENSTACK_CONFIG_FILE} as db config source"
echo "Trying to load db config from ${OPENSTACK_CONFIG_DB_SECTION}:${OPENSTACK_CONFIG_DB_KEY}"
DB_CONN=$(awk -v key=$OPENSTACK_CONFIG_DB_KEY "/^\[${OPENSTACK_CONFIG_DB_SECTION}\]/{f=1} f==1&&/^$OPENSTACK_CONFIG_DB_KEY/{print \$3;exit}" "${OPENSTACK_CONFIG_FILE}")
echo "Found DB connection: $DB_CONN"
elif [[ -v DB_CONNECTION ]]; then
DB_CONN=${DB_CONNECTION}
echo "Got config from DB_CONNECTION env var"
else
echo "Could not get dbconfig"
exit 1
fi
ROOT_DB_PROTO="$(echo $ROOT_DB_CONNECTION | grep '//' | sed -e's,^\(.*://\).*,\1,g')"
ROOT_DB_URL="$(echo $ROOT_DB_CONNECTION | sed -e s,$ROOT_DB_PROTO,,g)"
ROOT_DB_USER="$(echo $ROOT_DB_URL | grep @ | cut -d@ -f1 | cut -d: -f1)"
ROOT_DB_PASS="$(echo $ROOT_DB_URL | grep @ | cut -d@ -f1 | cut -d: -f2)"
DB_FQDN="$(echo $ROOT_DB_URL | sed -e s,$ROOT_DB_USER:$ROOT_DB_PASS@,,g | cut -d/ -f1 | cut -d: -f1)"
DB_PORT="$(echo $ROOT_DB_URL | sed -e s,$ROOT_DB_USER:$ROOT_DB_PASS@,,g | cut -d/ -f1 | cut -d: -f2)"
DB_NAME="$(echo $ROOT_DB_URL | sed -e s,$ROOT_DB_USER:$ROOT_DB_PASS@,,g | cut -d/ -f2 | cut -d? -f1)"
DB_PROTO="$(echo $DB_CONN | grep '//' | sed -e's,^\(.*://\).*,\1,g')"
DB_URL="$(echo $DB_CONN | sed -e s,$DB_PROTO,,g)"
DB_USER="$( echo $DB_URL | grep @ | cut -d@ -f1 | cut -d: -f1)"
DB_PASS="$( echo $DB_URL | grep @ | cut -d@ -f1 | cut -d: -f2)"
#create db
pgsql_superuser_cmd "SELECT 1 FROM pg_database WHERE datname = '$DB_NAME'" | grep -q 1 || pgsql_superuser_cmd "CREATE DATABASE $DB_NAME"
#create db user
pgsql_superuser_cmd "SELECT * FROM pg_roles WHERE rolname = '$DB_USER';" | tail -n +3 | head -n -2 | grep -q 1 || \
pgsql_superuser_cmd "CREATE ROLE ${DB_USER} LOGIN PASSWORD '$DB_PASS';" && pgsql_superuser_cmd "ALTER USER ${DB_USER} WITH SUPERUSER"
#give permissions to user
pgsql_superuser_cmd "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME to $DB_USER;"
db-init.py: |+
#!/usr/bin/env python
# Creates db and user for an OpenStack Service:
# Set ROOT_DB_CONNECTION and DB_CONNECTION environment variables to contain
# SQLAlchemy strings for the root connection to the database and the one you
# wish the service to use. Alternatively, you can use an ini formatted config
# at the location specified by OPENSTACK_CONFIG_FILE, and extract the string
# from the key OPENSTACK_CONFIG_DB_KEY, in the section specified by
# OPENSTACK_CONFIG_DB_SECTION.
import os
import sys
import time
import ConfigParser
import logging
from sqlalchemy import create_engine
# Create logger, console handler and formatter
logger = logging.getLogger('OpenStack-Helm DB Init')
logger.setLevel(logging.DEBUG)
ch = logging.StreamHandler()
ch.setLevel(logging.DEBUG)
formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
# Set the formatter and add the handler
ch.setFormatter(formatter)
logger.addHandler(ch)
# Get the connection string for the service db root user
if "ROOT_DB_CONNECTION" in os.environ:
db_connection = os.environ['ROOT_DB_CONNECTION']
logger.info('Got DB root connection')
else:
logger.critical('environment variable ROOT_DB_CONNECTION not set')
sys.exit(1)
# Get the connection string for the service db
if "OPENSTACK_CONFIG_FILE" in os.environ:
os_conf = os.environ['OPENSTACK_CONFIG_FILE']
if "OPENSTACK_CONFIG_DB_SECTION" in os.environ:
os_conf_section = os.environ['OPENSTACK_CONFIG_DB_SECTION']
else:
logger.critical('environment variable OPENSTACK_CONFIG_DB_SECTION not set')
sys.exit(1)
if "OPENSTACK_CONFIG_DB_KEY" in os.environ:
os_conf_key = os.environ['OPENSTACK_CONFIG_DB_KEY']
else:
logger.critical('environment variable OPENSTACK_CONFIG_DB_KEY not set')
sys.exit(1)
try:
config = ConfigParser.RawConfigParser()
logger.info("Using {0} as db config source".format(os_conf))
config.read(os_conf)
logger.info("Trying to load db config from {0}:{1}".format(
os_conf_section, os_conf_key))
user_db_conn = config.get(os_conf_section, os_conf_key)
logger.info("Got config from {0}".format(os_conf))
except:
logger.critical("Tried to load config from {0} but failed.".format(os_conf))
raise
elif "DB_CONNECTION" in os.environ:
user_db_conn = os.environ['DB_CONNECTION']
logger.info('Got config from DB_CONNECTION env var')
else:
logger.critical('Could not get db config, either from config file or env var')
sys.exit(1)
# Check mariadb to make sure all mariadb are ready.
# If mariadb-0 is ready, we can connect mariadb immediately, but when mariadb-1
# and mariadb-2 start, it will sync with mariadb-0. At this time database operation
# may fail. We should avoid this to make sure db-init and db-sync do not fail.
if 'coaster' not in user_db_conn:
cmd = "curl -s busybox/cmd/ecs/mariadb-all-ready | grep 'Mariadb all ready'"
count = 1
max_count = 100
while os.system(cmd) != 0:
if count > max_count:
break
logger.info('Waiting for all mariadb are ready.')
count += 1
time.sleep(5)
# Root DB engine
try:
root_engine_full = create_engine(db_connection)
root_user = root_engine_full.url.username
root_password = root_engine_full.url.password
drivername = root_engine_full.url.drivername
host = root_engine_full.url.host
port = root_engine_full.url.port
root_engine_url = ''.join([drivername, '://', root_user, ':', root_password, '@', host, ':', str (port)])
root_engine = create_engine(root_engine_url)
connection = root_engine.connect()
connection.close()
logger.info("Tested connection to DB @ {0}:{1} as {2}".format(
host, port, root_user))
except:
logger.critical('Could not connect to database as root user')
raise
# User DB engine
try:
user_engine = create_engine(user_db_conn)
# Get our user data out of the user_engine
database = user_engine.url.database
user = user_engine.url.username
password = user_engine.url.password
logger.info('Got user db config')
except:
logger.critical('Could not get user database config')
raise
# Create DB
try:
root_engine.execute("CREATE DATABASE IF NOT EXISTS {0}".format(database))
logger.info("Created database {0}".format(database))
except:
logger.critical("Could not create database {0}".format(database))
raise
# Create DB User
try:
root_engine.execute(
"GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\'".format(
database, user, password))
logger.info("Created user {0} for {1}".format(user, database))
except:
logger.critical("Could not create user {0} for {1}".format(user, database))
raise
# Test connection
try:
connection = user_engine.connect()
connection.close()
logger.info("Tested connection to DB @ {0}:{1}/{2} as {3}".format(
host, port, database, user))
except:
logger.critical('Could not connect to database as user')
raise
logger.info('Finished DB Management')
db-sync.sh: |+
#!/bin/bash
set -ex
exec gnocchi-upgrade --create-legacy-resource-types
gnocchi-api.sh: |+
#!/usr/local/bin/dumb-init /bin/bash
set -ex
COMMAND="${@:-start}"
function start () {
exec httpd -DFOREGROUND
}
function stop () {
kill -TERM 1
}
$COMMAND
gnocchi-metricd.sh: |+
#!/bin/bash
set -x
exec gnocchi-metricd \
--config-file /etc/gnocchi/gnocchi.conf
gnocchi-statsd.sh: |+
#!/bin/bash
set -x
exec gnocchi-statsd \
--config-file /etc/gnocchi/gnocchi.conf
ks-service.sh: |+
#!/bin/bash
# Copyright 2017 Pete Birley
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
# Service boilerplate description
OS_SERVICE_DESC="${OS_REGION_NAME}: ${OS_SERVICE_NAME} (${OS_SERVICE_TYPE}) service"
# Get Service ID if it exists
unset OS_SERVICE_ID
OS_SERVICE_ID=$( openstack service list -f csv --quote none | \
grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \
sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" )
# If a Service ID was not found, then create the service
if [[ -z ${OS_SERVICE_ID} ]]; then
OS_SERVICE_ID=$(openstack service create -f value -c id \
--name="${OS_SERVICE_NAME}" \
--description "${OS_SERVICE_DESC}" \
--enable \
"${OS_SERVICE_TYPE}")
fi
ks-endpoints.sh: |+
#!/bin/bash
# Copyright 2017 Pete Birley
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
# Get Service ID
OS_SERVICE_ID=$( openstack service list -f csv --quote none | \
grep ",${OS_SERVICE_NAME},${OS_SERVICE_TYPE}$" | \
sed -e "s/,${OS_SERVICE_NAME},${OS_SERVICE_TYPE}//g" )
# Get Endpoint ID if it exists
OS_ENDPOINT_ID=$( openstack endpoint list -f csv --quote none | \
grep "^[a-z0-9]*,${OS_REGION_NAME},${OS_SERVICE_NAME},${OS_SERVICE_TYPE},True,${OS_SVC_ENDPOINT}," | \
awk -F ',' '{ print $1 }' )
# Making sure only a single endpoint exists for a service within a region
if [ "$(echo $OS_ENDPOINT_ID | wc -w)" -gt "1" ]; then
echo "More than one endpoint found, cleaning up"
for ENDPOINT_ID in $OS_ENDPOINT_ID; do
openstack endpoint delete ${ENDPOINT_ID}
done
unset OS_ENDPOINT_ID
fi
# Determine if Endpoint needs updated
if [[ ${OS_ENDPOINT_ID} ]]; then
OS_ENDPOINT_URL_CURRENT=$(openstack endpoint show ${OS_ENDPOINT_ID} -f value -c url)
if [ "${OS_ENDPOINT_URL_CURRENT}" == "${OS_SERVICE_ENDPOINT}" ]; then
echo "Endpoints Match: no action required"
OS_ENDPOINT_UPDATE="False"
else
echo "Endpoints Dont Match: removing existing entries"
openstack endpoint delete ${OS_ENDPOINT_ID}
OS_ENDPOINT_UPDATE="True"
fi
else
OS_ENDPOINT_UPDATE="True"
fi
# Update Endpoint if required
if [[ "${OS_ENDPOINT_UPDATE}" == "True" ]]; then
OS_ENDPOINT_ID=$( openstack endpoint create -f value -c id \
--region="${OS_REGION_NAME}" \
"${OS_SERVICE_ID}" \
${OS_SVC_ENDPOINT} \
"${OS_SERVICE_ENDPOINT}" )
fi
# Display the Endpoint
openstack endpoint show ${OS_ENDPOINT_ID}
ks-user.sh: |+
#!/bin/bash
# Copyright 2017 Pete Birley
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
# Manage project domain
PROJECT_DOMAIN_ID=$(openstack domain create --or-show --enable -f value -c id \
--description="Domain for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}" \
"${SERVICE_OS_PROJECT_DOMAIN_NAME}")
# Display project domain
openstack domain show "${PROJECT_DOMAIN_ID}"
# Manage user project
USER_PROJECT_DESC="Service Project for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}"
USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \
--domain="${PROJECT_DOMAIN_ID}" \
--description="${USER_PROJECT_DESC}" \
"${SERVICE_OS_PROJECT_NAME}");
# Display project
openstack project show "${USER_PROJECT_ID}"
# Manage user domain
USER_DOMAIN_ID=$(openstack domain create --or-show --enable -f value -c id \
--description="Domain for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}" \
"${SERVICE_OS_USER_DOMAIN_NAME}")
# Display user domain
openstack domain show "${USER_DOMAIN_ID}"
# Manage user
USER_DESC="Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}/${SERVICE_OS_SERVICE_NAME}"
USER_ID=$(openstack user create --or-show --enable -f value -c id \
--domain="${USER_DOMAIN_ID}" \
--project-domain="${PROJECT_DOMAIN_ID}" \
--project="${USER_PROJECT_ID}" \
--description="${USER_DESC}" \
"${SERVICE_OS_USERNAME}");
# Manage user password (we do this to ensure the password is updated if required)
openstack user set --password="${SERVICE_OS_PASSWORD}" "${USER_ID}"
# Display user
openstack user show "${USER_ID}"
function ks_assign_user_role () {
# Manage user role assignment
openstack role add \
--user="${USER_ID}" \
--user-domain="${USER_DOMAIN_ID}" \
--project-domain="${PROJECT_DOMAIN_ID}" \
--project="${USER_PROJECT_ID}" \
"${USER_ROLE_ID}"
# Display user role assignment
openstack role assignment list \
--role="${USER_ROLE_ID}" \
--user-domain="${USER_DOMAIN_ID}" \
--user="${USER_ID}"
}
# Manage user service role
export USER_ROLE_ID=$(openstack role create --or-show -f value -c id \
"${SERVICE_OS_ROLE}");
ks_assign_user_role
# Manage user member role
: ${MEMBER_OS_ROLE:="_member_"}
export USER_ROLE_ID=$(openstack role create --or-show -f value -c id \
"${MEMBER_OS_ROLE}");
ks_assign_user_role
openstack role add --user="${USER_ID}" --domain="${USER_DOMAIN_ID}" "admin"
ks-domain-user.sh: |+
#!/bin/bash
# Copyright 2017 Pete Birley
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
# Manage domain
SERVICE_OS_DOMAIN_ID=$(openstack domain create --or-show --enable -f value -c id \
--description="Service Domain for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_DOMAIN_NAME}" \
"${SERVICE_OS_DOMAIN_NAME}")
# Display domain
openstack domain show "${SERVICE_OS_DOMAIN_ID}"
# Manage user
SERVICE_OS_USERID=$(openstack user create --or-show --enable -f value -c id \
--domain="${SERVICE_OS_DOMAIN_ID}" \
--description "Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_DOMAIN_NAME}" \
"${SERVICE_OS_USERNAME}")
# Manage user password (we do this to ensure the password is updated if required)
openstack user set --password="${SERVICE_OS_PASSWORD}" "${SERVICE_OS_USERID}"
# Display user
openstack user show "${SERVICE_OS_USERID}"
# Manage role
SERVICE_OS_ROLE_ID=$(openstack role show -f value -c id \
"${SERVICE_OS_ROLE}" || openstack role create -f value -c id \
"${SERVICE_OS_ROLE}" )
# Manage user role assignment
openstack role add \
--domain="${SERVICE_OS_DOMAIN_ID}" \
--user="${SERVICE_OS_USERID}" \
--user-domain="${SERVICE_OS_DOMAIN_ID}" \
"${SERVICE_OS_ROLE_ID}"
# Display user role assignment
openstack role assignment list \
--role="${SERVICE_OS_ROLE_ID}" \
--user-domain="${SERVICE_OS_DOMAIN_ID}" \
--user="${SERVICE_OS_USERID}"
ceph-keyring.sh: |+
#!/bin/bash
set -ex
export HOME=/tmp
cat <<EOF > /etc/ceph/ceph.client.admin.keyring
[client.admin]
key = $(cat /tmp/client-keyring)
EOF
exit 0
ceph-admin-keyring.sh: |+
#!/bin/bash
set -ex
export HOME=/tmp
cat <<EOF > /etc/ceph/ceph.client.admin.keyring
[client.admin]
key = $(cat /tmp/client-keyring)
EOF
exit 0
rally-test.sh: |+
#!/bin/bash
set -ex
: ${RALLY_ENV_NAME:="openstack-helm"}
: ${PLUGIN_PROJECT:="openstack-helm"}
: ${DEPENDENCY_PROJECT:="openstack-helm"}
: ${TEMPEST_PATTERN:=${RALLY_ENV_NAME}}
: ${RALLY_PRIVATE_KEY:="openstack-helm"}
: ${TEST_USER:="devops"}
: ${PROJECT_BRANCH:="stable/5.0"}
: ${CONCURRENCY:="8"}
# Copy configurations
cp -r /var/lib/esconf/. ~/
echo -e "${RALLY_PRIVATE_KEY}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
rally db create
rally deployment create --fromenv --name ${RALLY_ENV_NAME}
rally deployment use ${RALLY_ENV_NAME}
rally deployment check
VERIFIER_NAME="${RALLY_ENV_NAME}-tempest"
GIT_SOURCE="ssh://[email protected]:29418/easystack"
CONSTRAINT_FILE="http://fs.easystack.cn/constraints/ecs5.0/upper-constraints.txt"
rally verify create-verifier --name $VERIFIER_NAME --type tempest --source ~/tempest/
if [ "${PLUGIN_PROJECT}"x != "openstack-helm"x ]; then
git clone $GIT_SOURCE/${PLUGIN_PROJECT} ~/${PLUGIN_PROJECT} -b $PROJECT_BRANCH
source ~/.rally/verification/verifier-*/.venv/bin/activate
pip install ~/${PLUGIN_PROJECT}
pip install -r ~/${PLUGIN_PROJECT}/test-requirements.txt -c ${CONSTRAINT_FILE}
if [ "${DEPENDENCY_PROJECT}"x != "openstack-helm"x ]; then
git clone $GIT_SOURCE/${DEPENDENCY_PROJECT} ~/${DEPENDENCY_PROJECT} -b $PROJECT_BRANCH
pip install ~/${DEPENDENCY_PROJECT}
pip install -r ~/${DEPENDENCY_PROJECT}/test-requirements.txt -c ${CONSTRAINT_FILE}
fi
PATTERN=${TEMPEST_PATTERN}
else
SERVICE_TYPE=$(rally deployment check | grep ${RALLY_ENV_NAME} | awk -F \| '{print $3}' | tr -d ' ' | tr -d '\n')
PATTERN="tempest.api.$SERVICE_TYPE*"
fi
rally verify start --pattern $PATTERN --concurrency ${CONCURRENCY}
rally verify delete-verifier --id ${RALLY_ENV_NAME}-tempest --force
if [ "${PLUGIN_PROJECT}"x == "openstack-helm"x ]; then
rally task validate /etc/rally/rally_tests.yaml
rally task start /etc/rally/rally_tests.yaml
rally task sla-check
fi
rally deployment destroy --deployment ${RALLY_ENV_NAME}
---
# Source: gnocchi/templates/configmap-etc.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: gnocchi-etc
data:
gnocchi.conf: |+
[DEFAULT]
debug = false
[api]
auth_mode = keystone
max_limit = 100000
port = 8041
[archive_policy]
default_aggregation_methods = mean,min,max
[database]
connection = mysql+pymysql://gnocchi:[email protected]:3306/gnocchi
max_retries = -1
[incoming]
driver = redis
redis_url = redis://redis.default.svc.cluster.local:6379/
[indexer]
driver = mysql
url = mysql+pymysql://gnocchi:[email protected]:3306/gnocchi
[keystone_authtoken]
auth_type = password
auth_uri = http://keystone-api.default.svc.cluster.local:80/v3
auth_url = http://keystone-api.default.svc.cluster.local:80/v3
auth_version = v3
memcache_secret_key = secret
memcache_security_strategy = ENCRYPT
memcached_servers = memcache.default.svc.cluster.local:11211
password = password
project_domain_name = Default
project_name = service
region_name = RegionOne
user_domain_name = Default
username = gnocchi
[metricd]
workers = 16
[statsd]
port = 8125
project_id = 0712a464-ad34-4780-a1e8-c8f1d71b57a9
resource_id = 6ad0aea2-5f16-4621-b7ee-69e391acb6ea
user_id = 47408a08-d20e-40bc-a3a3-9582942ed3a2
[storage]
ceph_conffile = /etc/ceph/ceph.conf
ceph_keyring = /etc/ceph/ceph.client.admin.keyring
ceph_pool = metrics
ceph_username = admin
driver = ceph
provided_keyring =
[token]
provider = uuid
api-paste.ini: |+
[app:gnocchiv1]
paste.app_factory = gnocchi.rest.app:app_factory
root = gnocchi.rest.V1Controller
[app:gnocchiversions]
paste.app_factory = gnocchi.rest.app:app_factory
root = gnocchi.rest.VersionsController
[composite:gnocchi+auth]
/ = gnocchiversions
/v1 = gnocchiv1+auth
use = egg:Paste#urlmap
[composite:gnocchi+noauth]
/ = gnocchiversions
/v1 = gnocchiv1+noauth
use = egg:Paste#urlmap
[filter:keystone_authtoken]
oslo_config_project = gnocchi
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
[pipeline:gnocchiv1+auth]
pipeline = keystone_authtoken gnocchiv1
[pipeline:gnocchiv1+noauth]
pipeline = gnocchiv1
[pipeline:main]
pipeline = gnocchi+auth
policy.json: |+
{"admin_or_creator":"role:admin or project_id:%(created_by_project_id)s","create archive policy":"role:admin","create archive policy rule":"role:admin","create metric":"","create resource":"","create resource type":"role:admin","delete archive policy":"role:admin","delete archive policy rule":"role:admin","delete metric":"rule:admin_or_creator","delete resource":"rule:admin_or_creator","delete resource type":"role:admin","delete resources":"rule:admin_or_creator","get archive policy":"","get archive policy rule":"","get measures":"rule:admin_or_creator or rule:metric_owner","get metric":"rule:admin_or_creator or rule:metric_owner","get resource":"rule:admin_or_creator or rule:resource_owner","get resource type":"","get status":"role:admin","list all metric":"role:admin","list archive policy":"","list archive policy rule":"","list metric":"","list resource":"rule:admin_or_creator or rule:resource_owner","list resource type":"","metric_owner":"project_id:%(resource.project_id)s","post measures":"rule:admin_or_creator","resource_owner":"project_id:%(project_id)s","search metric":"rule:admin_or_creator or rule:metric_owner","search resource":"rule:admin_or_creator or rule:resource_owner","update archive policy":"role:admin","update resource":"rule:admin_or_creator","update resource type":"role:admin"}
wsgi-gnocchi.conf: |+
Listen 0.0.0.0:8041
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
<VirtualHost *:8041>
WSGIDaemonProcess gnocchi processes=4 threads=8 user=gnocchi group=gnocchi display-name=%{GROUP}
WSGIProcessGroup gnocchi
WSGIScriptAlias / "/usr/lib/python2.7/site-packages/gnocchi/rest/app.wsgi"
WSGIApplicationGroup %{GLOBAL}
ErrorLog /dev/stderr
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
<Directory "/usr/lib/python2.7/site-packages/gnocchi/rest">
Require all granted
</Directory>
</VirtualHost>
---
# Source: gnocchi/templates/service-api.yaml
apiVersion: v1
kind: Service
metadata:
name: gnocchi-api
spec:
ports:
- name: gn-api
port: 8041
selector:
release_group: openstack
application: gnocchi
component: api
---
# Source: gnocchi/templates/service-ingress-api.yaml
apiVersion: v1
kind: Service
metadata:
name: gnocchi
spec:
ports:
- name: http
port: 80
type: ExternalName
externalName: ingress.kube-system.svc.cluster.local
---
# Source: gnocchi/templates/service-statsd.yaml
apiVersion: v1
kind: Service
metadata:
name: gnocchi-statsd
spec:
ports:
- port: 8125
selector:
app: gnocchi-statsd
---
# Source: gnocchi/templates/daemonset-metricd.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: gnocchi-metricd
spec:
minReadySeconds: 0
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
release_group: openstack
application: gnocchi
component: metricd
template:
metadata:
labels:
release_group: openstack
application: gnocchi
component: metricd
annotations:
configmap-bin-hash: "c23274ba8ed88686efc7f036decb02013b06dc62c6299d18e648c46d07e01125"
configmap-etc-hash: "a769ec752ca53c530cdf0d051c369d1794c7c25d1570d455249898cde25a6c07"
spec:
nodeSelector:
openstack-control-plane: enabled
initContainers:
- name: init
image: hub.easystack.io/production/kubernetes-entrypoint:v0.2.1
imagePullPolicy: IfNotPresent
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INTERFACE_NAME
value: eth0
- name: DEPENDENCY_SERVICE
value: "default:mariadb,default:gnocchi-api,default:redis"
- name: DEPENDENCY_JOBS
value: "gnocchi-storage-init,gnocchi-db-sync,gnocchi-ks-user,gnocchi-ks-service,gnocchi-ks-endpoints"
- name: DEPENDENCY_DAEMONSET
value: ""
- name: DEPENDENCY_CONTAINER
value: ""
- name: COMMAND
value: "echo done"
command:
- kubernetes-entrypoint
volumeMounts: []
- name: ceph-keyring-placement
image: hub.easystack.io/production/escloud-linux-source-gnocchi-api:5.0.1
imagePullPolicy: IfNotPresent
command:
- /tmp/ceph-keyring.sh
volumeMounts:
- name: etcceph
mountPath: /etc/ceph
- name: gnocchi-bin
mountPath: /tmp/ceph-keyring.sh
subPath: ceph-keyring.sh
readOnly: true
- name: ceph-keyring
mountPath: /tmp/client-keyring
subPath: key
readOnly: true
containers:
- name: gnocchi-metricd
image: hub.easystack.io/production/escloud-linux-source-gnocchi-metricd:5.0.1
imagePullPolicy: IfNotPresent
command:
- /tmp/gnocchi-metricd.sh
volumeMounts:
- name: pod-etc-gnocchi
mountPath: /etc/gnocchi
- name: gnocchi-etc
mountPath: /etc/gnocchi/gnocchi.conf
subPath: gnocchi.conf
readOnly: true
- name: gnocchi-etc
mountPath: /etc/gnocchi/policy.json
subPath: policy.json
readOnly: true
- name: gnocchi-bin
mountPath: /tmp/gnocchi-metricd.sh
subPath: gnocchi-metricd.sh
readOnly: true
- name: etcceph
mountPath: /etc/ceph
- name: ceph-etc
mountPath: /etc/ceph/ceph.conf
subPath: ceph.conf
readOnly: true
- name: ceph-keyring
mountPath: /tmp/client-keyring
subPath: key
readOnly: true
volumes:
- name: pod-etc-gnocchi
emptyDir: {}
- name: gnocchi-etc
configMap:
name: gnocchi-etc
defaultMode: 0444
- name: gnocchi-bin
configMap:
name: gnocchi-bin
defaultMode: 0555
- name: etcceph
emptyDir: {}
- name: ceph-etc
configMap:
name: ceph-etc
- name: ceph-keyring
secret:
secretName: "gnocchi-rbd-keyring"
---
# Source: gnocchi/templates/daemonset-statsd.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: gnocchi-statsd
spec:
minReadySeconds: 0
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
release_group: openstack
application: gnocchi
component: statsd
template:
metadata:
labels:
release_group: openstack
application: gnocchi
component: statsd
annotations:
configmap-bin-hash: "c23274ba8ed88686efc7f036decb02013b06dc62c6299d18e648c46d07e01125"
configmap-etc-hash: "a769ec752ca53c530cdf0d051c369d1794c7c25d1570d455249898cde25a6c07"
spec:
nodeSelector:
openstack-control-plane: enabled
initContainers:
- name: init
image: hub.easystack.io/production/kubernetes-entrypoint:v0.2.1
imagePullPolicy: IfNotPresent
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INTERFACE_NAME
value: eth0
- name: DEPENDENCY_SERVICE
value: "default:mariadb,default:gnocchi-api,default:redis"
- name: DEPENDENCY_JOBS
value: "gnocchi-storage-init,gnocchi-db-sync,gnocchi-ks-user,gnocchi-ks-service,gnocchi-ks-endpoints"
- name: DEPENDENCY_DAEMONSET
value: ""
- name: DEPENDENCY_CONTAINER
value: ""
- name: COMMAND
value: "echo done"
command:
- kubernetes-entrypoint
volumeMounts: []
- name: ceph-keyring-placement
image: hub.easystack.io/production/escloud-linux-source-gnocchi-api:5.0.1
imagePullPolicy: IfNotPresent
command:
- /tmp/ceph-keyring.sh
volumeMounts:
- name: etcceph
mountPath: /etc/ceph
- name: gnocchi-bin
mountPath: /tmp/ceph-keyring.sh
subPath: ceph-keyring.sh
readOnly: true
- name: ceph-keyring
mountPath: /tmp/client-keyring
subPath: key
readOnly: true
containers:
- name: gnocchi-statsd
image: hub.easystack.io/production/escloud-linux-source-gnocchi-statsd:5.0.1
imagePullPolicy: IfNotPresent
command:
- /tmp/gnocchi-statsd.sh
ports:
- name: gn-stats
containerPort: 8125
volumeMounts:
- name: pod-etc-gnocchi
mountPath: /etc/gnocchi
- name: gnocchi-etc
mountPath: /etc/gnocchi/gnocchi.conf
subPath: gnocchi.conf
readOnly: true
- name: gnocchi-etc
mountPath: /etc/gnocchi/api-paste.ini
subPath: api-paste.ini
readOnly: true
- name: gnocchi-etc
mountPath: /etc/gnocchi/policy.json
subPath: policy.json
readOnly: true
- name: gnocchi-bin
mountPath: /tmp/gnocchi-statsd.sh
subPath: gnocchi-statsd.sh
readOnly: true
- name: etcceph
mountPath: /etc/ceph
- name: ceph-etc
mountPath: /etc/ceph/ceph.conf
subPath: ceph.conf
readOnly: true
- name: ceph-keyring
mountPath: /tmp/client-keyring
subPath: key
readOnly: true
volumes:
- name: pod-etc-gnocchi
emptyDir: {}
- name: gnocchi-etc
configMap:
name: gnocchi-etc
defaultMode: 0444
- name: gnocchi-bin
configMap:
name: gnocchi-bin
defaultMode: 0555
- name: etcceph
emptyDir: {}
- name: ceph-etc
configMap:
name: ceph-etc
- name: ceph-keyring
secret:
secretName: "gnocchi-rbd-keyring"
---
# Source: gnocchi/templates/deployment-api.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: gnocchi-api
spec:
replicas: 3
revisionHistoryLimit: 3
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 3
selector:
matchLabels:
release_group: openstack
application: gnocchi
component: api
template:
metadata:
labels:
release_group: openstack
application: gnocchi
component: api
annotations:
configmap-bin-hash: "c23274ba8ed88686efc7f036decb02013b06dc62c6299d18e648c46d07e01125"
configmap-etc-hash: "a769ec752ca53c530cdf0d051c369d1794c7c25d1570d455249898cde25a6c07"
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: release_group
operator: In
values:
- openstack
- key: application
operator: In
values:
- gnocchi
- key: component
operator: In
values:
- api
topologyKey: kubernetes.io/hostname
nodeSelector:
openstack-control-plane: enabled
terminationGracePeriodSeconds: 30
initContainers:
- name: init
image: hub.easystack.io/production/kubernetes-entrypoint:v0.2.1
imagePullPolicy: IfNotPresent
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INTERFACE_NAME
value: eth0
- name: DEPENDENCY_SERVICE
value: "default:keystone-api,default:mariadb,default:redis"
- name: DEPENDENCY_JOBS
value: "gnocchi-storage-init,gnocchi-db-sync,gnocchi-ks-endpoints,gnocchi-ks-service,gnocchi-ks-user"
- name: DEPENDENCY_DAEMONSET
value: ""
- name: DEPENDENCY_CONTAINER
value: ""
- name: COMMAND
value: "echo done"
command:
- kubernetes-entrypoint
volumeMounts: []
- name: ceph-keyring-placement
image: hub.easystack.io/production/escloud-linux-source-gnocchi-api:5.0.1
imagePullPolicy: IfNotPresent
command:
- /tmp/ceph-keyring.sh
volumeMounts:
- name: etcceph
mountPath: /etc/ceph
- name: gnocchi-bin
mountPath: /tmp/ceph-keyring.sh
subPath: ceph-keyring.sh
readOnly: true
- name: ceph-keyring
mountPath: /tmp/client-keyring
subPath: key
readOnly: true
containers:
- name: gnocchi-api
image: hub.easystack.io/production/escloud-linux-source-gnocchi-api:5.0.1
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: "4000m"
memory: "4096Mi"
requests:
cpu: "100m"
memory: "124Mi"
command:
- /tmp/gnocchi-api.sh
- start
lifecycle:
preStop:
exec:
command:
- /tmp/gnocchi-api.sh
- stop
ports:
- name: gn-api
containerPort: 8041
readinessProbe:
tcpSocket:
port: 8041
volumeMounts:
- name: pod-etc-gnocchi
mountPath: /etc/gnocchi
- name: gnocchi-etc
mountPath: /etc/gnocchi/gnocchi.conf
subPath: gnocchi.conf
readOnly: true
- name: gnocchi-etc
mountPath: /etc/gnocchi/api-paste.ini
subPath: api-paste.ini
readOnly: true
- name: gnocchi-etc
mountPath: /etc/gnocchi/policy.json
subPath: policy.json
readOnly: true
- name: gnocchi-etc
mountPath: /etc/httpd/conf.d/wsgi-gnocchi.conf
subPath: wsgi-gnocchi.conf
readOnly: true
- name: etcceph
mountPath: /etc/ceph
- name: ceph-etc
mountPath: /etc/ceph/ceph.conf
subPath: ceph.conf
readOnly: true
- name: ceph-keyring
mountPath: /tmp/client-keyring
subPath: key
readOnly: true
- name: gnocchi-bin
mountPath: /tmp/gnocchi-api.sh
subPath: gnocchi-api.sh
readOnly: true
volumes:
- name: pod-etc-gnocchi
emptyDir: {}
- name: gnocchi-etc
configMap:
name: gnocchi-etc
defaultMode: 0444
- name: gnocchi-bin
configMap:
name: gnocchi-bin
defaultMode: 0555
- name: etcceph
emptyDir: {}
- name: ceph-etc
configMap:
name: ceph-etc
- name: ceph-keyring
secret:
secretName: "gnocchi-rbd-keyring"
---
# Source: gnocchi/templates/job-db-init-indexer.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: gnocchi-db-init-indexer
spec:
template:
metadata:
labels:
release_group: openstack
application: gnocchi
component: db-init-indexer
spec:
restartPolicy: OnFailure
nodeSelector:
openstack-control-plane: enabled
initContainers:
- name: init
image: hub.easystack.io/production/kubernetes-entrypoint:v0.2.1
imagePullPolicy: IfNotPresent
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INTERFACE_NAME
value: eth0
- name: DEPENDENCY_SERVICE
value: "default:mariadb"
- name: DEPENDENCY_JOBS
value: ""
- name: DEPENDENCY_DAEMONSET
value: ""
- name: DEPENDENCY_CONTAINER
value: ""
- name: COMMAND
value: "echo done"
command:
- kubernetes-entrypoint
volumeMounts: []
containers:
- name: gnocchi-db-init-indexer
image: "hub.easystack.io/production/escloud-linux-source-gnocchi-api:latest"
imagePullPolicy: "Always"
env:
- name: ROOT_DB_CONNECTION
valueFrom:
secretKeyRef:
name: gnocchi-db-admin
key: DB_CONNECTION_INDEXER
- name: OPENSTACK_CONFIG_FILE
value: /etc/gnocchi/gnocchi.conf
- name: OPENSTACK_CONFIG_DB_SECTION
value: indexer
- name: OPENSTACK_CONFIG_DB_KEY
value: url
command:
- /tmp/db-init.py
volumeMounts:
- name: gnocchi-etc
mountPath: /etc/gnocchi/gnocchi.conf
subPath: gnocchi.conf
- name: gnocchi-bin
mountPath: /tmp/db-init.py
subPath: db-init.py
readOnly: true
volumes:
- name: gnocchi-etc
configMap:
name: gnocchi-etc
defaultMode: 0444
- name: gnocchi-bin
configMap:
name: gnocchi-bin
defaultMode: 0555
---
# Source: gnocchi/templates/job-db-init-keystone.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: gnocchi-db-init-keystone
spec:
template:
metadata:
labels:
release_group: openstack
application: gnocchi
component: db-init-keystone
spec:
restartPolicy: OnFailure
nodeSelector:
openstack-control-plane: enabled
initContainers:
- name: init
image: hub.easystack.io/production/kubernetes-entrypoint:v0.2.1
imagePullPolicy: IfNotPresent
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INTERFACE_NAME
value: eth0
- name: DEPENDENCY_SERVICE
value: "default:mariadb"
- name: DEPENDENCY_JOBS
value: ""
- name: DEPENDENCY_DAEMONSET
value: ""
- name: DEPENDENCY_CONTAINER
value: ""
- name: COMMAND
value: "echo done"
command:
- kubernetes-entrypoint
volumeMounts: []
containers:
- name: keystone-db-init
image: "hub.easystack.io/production/escloud-linux-source-gnocchi-api:latest"
imagePullPolicy: "Always"
env:
- name: ROOT_DB_CONNECTION
valueFrom:
secretKeyRef:
name: gnocchi-db-admin
key: DB_CONNECTION_API
- name: OPENSTACK_CONFIG_FILE
value: /etc/gnocchi/gnocchi.conf
- name: OPENSTACK_CONFIG_DB_SECTION
value: database
- name: OPENSTACK_CONFIG_DB_KEY
value: connection
command:
- /tmp/db-init.py
volumeMounts:
- name: gnocchi-bin
mountPath: /tmp/db-init.py
subPath: db-init.py
readOnly: true
- name: pod-etc-gnocchi
mountPath: /etc/gnocchi
- name: gnocchi-etc
mountPath: /etc/gnocchi/gnocchi.conf
subPath: gnocchi.conf
readOnly: true
volumes:
- name: gnocchi-bin
configMap:
name: gnocchi-bin
defaultMode: 0555
- name: pod-etc-gnocchi
emptyDir: {}
- name: gnocchi-etc
configMap:
name: gnocchi-etc
defaultMode: 0444
---
# Source: gnocchi/templates/job-db-sync.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: gnocchi-db-sync
spec:
template:
metadata:
labels:
release_group: openstack
application: gnocchi
component: db-sync
spec:
restartPolicy: OnFailure
nodeSelector:
openstack-control-plane: enabled
initContainers:
- name: init
image: hub.easystack.io/production/kubernetes-entrypoint:v0.2.1
imagePullPolicy: IfNotPresent
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INTERFACE_NAME
value: eth0
- name: DEPENDENCY_SERVICE
value: "default:mariadb"
- name: DEPENDENCY_JOBS
value: "gnocchi-db-init-keystone,gnocchi-db-init-indexer"
- name: DEPENDENCY_DAEMONSET
value: ""
- name: DEPENDENCY_CONTAINER
value: ""
- name: COMMAND
value: "echo done"
command:
- kubernetes-entrypoint
volumeMounts: []
- name: ceph-keyring-placement
image: hub.easystack.io/production/escloud-linux-source-gnocchi-api:latest
imagePullPolicy: Always
command:
- /tmp/ceph-keyring.sh
volumeMounts:
- name: etcceph
mountPath: /etc/ceph
- name: gnocchi-bin
mountPath: /tmp/ceph-keyring.sh
subPath: ceph-keyring.sh
readOnly: true
- name: ceph-keyring
mountPath: /tmp/client-keyring
subPath: key
readOnly: true
containers:
- name: gnocchi-db-sync
image: hub.easystack.io/production/escloud-linux-source-gnocchi-api:latest
imagePullPolicy: Always
command:
- /tmp/db-sync.sh
volumeMounts:
- name: gnocchi-etc
mountPath: /etc/gnocchi/gnocchi.conf
subPath: gnocchi.conf
- name: gnocchi-bin
mountPath: /tmp/db-sync.sh
subPath: db-sync.sh
- name: etcceph
mountPath: /etc/ceph
- name: ceph-etc
mountPath: /etc/ceph/ceph.conf
subPath: ceph.conf
readOnly: true
- name: ceph-keyring
mountPath: /tmp/client-keyring
subPath: key
readOnly: true
volumes:
- name: gnocchi-etc
configMap:
name: gnocchi-etc
defaultMode: 0444
- name: gnocchi-bin
configMap:
name: gnocchi-bin
defaultMode: 0555
- name: etcceph
emptyDir: {}
- name: ceph-etc
configMap:
name: ceph-etc
- name: ceph-keyring
secret:
secretName: pvc-ceph-client-key
---
# Source: gnocchi/templates/job-ks-endpoints.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: gnocchi-ks-endpoints
spec:
template:
metadata:
labels:
release_group: openstack
application: gnocchi
component: ks-endpoints
metadata:
annotations:
spec:
restartPolicy: OnFailure
nodeSelector:
openstack-control-plane: enabled
initContainers:
- name: init
image: hub.easystack.io/production/kubernetes-entrypoint:v0.2.1
imagePullPolicy: IfNotPresent
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INTERFACE_NAME
value: eth0
- name: DEPENDENCY_SERVICE
value: "default:keystone-api"
- name: DEPENDENCY_JOBS
value: "gnocchi-ks-service"
- name: DEPENDENCY_DAEMONSET
value: ""
- name: DEPENDENCY_CONTAINER
value: ""
- name: COMMAND
value: "echo done"
command:
- kubernetes-entrypoint
volumeMounts: []
containers:
- name: metric-ks-endpoints-admin
image: hub.easystack.io/production/escloud-linux-source-heat-engine:latest
imagePullPolicy: Always
command:
- /tmp/ks-endpoints.sh
volumeMounts:
- name: ks-endpoints-sh
mountPath: /tmp/ks-endpoints.sh
subPath: ks-endpoints.sh
readOnly: true
env:
- name: OS_IDENTITY_API_VERSION
value: "3"
- name: OS_AUTH_URL
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_AUTH_URL
- name: OS_REGION_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_REGION_NAME
- name: OS_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_DOMAIN_NAME
- name: OS_USER_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_USER_DOMAIN_NAME
- name: OS_USERNAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_USERNAME
- name: OS_PASSWORD
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_PASSWORD
- name: OS_SVC_ENDPOINT
value: admin
- name: OS_SERVICE_NAME
value: "gnocchi"
- name: OS_SERVICE_TYPE
value: metric
- name: OS_SERVICE_ENDPOINT
value: http://gnocchi-api.default.svc.cluster.local:8041/
- name: metric-ks-endpoints-internal
image: hub.easystack.io/production/escloud-linux-source-heat-engine:latest
imagePullPolicy: Always
command:
- /tmp/ks-endpoints.sh
volumeMounts:
- name: ks-endpoints-sh
mountPath: /tmp/ks-endpoints.sh
subPath: ks-endpoints.sh
readOnly: true
env:
- name: OS_IDENTITY_API_VERSION
value: "3"
- name: OS_AUTH_URL
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_AUTH_URL
- name: OS_REGION_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_REGION_NAME
- name: OS_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_DOMAIN_NAME
- name: OS_USER_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_USER_DOMAIN_NAME
- name: OS_USERNAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_USERNAME
- name: OS_PASSWORD
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_PASSWORD
- name: OS_SVC_ENDPOINT
value: internal
- name: OS_SERVICE_NAME
value: "gnocchi"
- name: OS_SERVICE_TYPE
value: metric
- name: OS_SERVICE_ENDPOINT
value: http://gnocchi-api.default.svc.cluster.local:8041/
- name: metric-ks-endpoints-public
image: hub.easystack.io/production/escloud-linux-source-heat-engine:latest
imagePullPolicy: Always
command:
- /tmp/ks-endpoints.sh
volumeMounts:
- name: ks-endpoints-sh
mountPath: /tmp/ks-endpoints.sh
subPath: ks-endpoints.sh
readOnly: true
env:
- name: OS_IDENTITY_API_VERSION
value: "3"
- name: OS_AUTH_URL
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_AUTH_URL
- name: OS_REGION_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_REGION_NAME
- name: OS_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_DOMAIN_NAME
- name: OS_USER_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_USER_DOMAIN_NAME
- name: OS_USERNAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_USERNAME
- name: OS_PASSWORD
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_PASSWORD
- name: OS_SVC_ENDPOINT
value: public
- name: OS_SERVICE_NAME
value: "gnocchi"
- name: OS_SERVICE_TYPE
value: metric
- name: OS_SERVICE_ENDPOINT
value: http://gnocchi.default.svc.cluster.local:80/
volumes:
- name: ks-endpoints-sh
configMap:
name: gnocchi-bin
defaultMode: 0555
---
# Source: gnocchi/templates/job-ks-service.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: gnocchi-ks-service
spec:
template:
metadata:
labels:
release_group: openstack
application: gnocchi
component: ks-service
spec:
restartPolicy: OnFailure
nodeSelector:
openstack-control-plane: enabled
initContainers:
- name: init
image: hub.easystack.io/production/kubernetes-entrypoint:v0.2.1
imagePullPolicy: IfNotPresent
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INTERFACE_NAME
value: eth0
- name: DEPENDENCY_SERVICE
value: "default:keystone-api"
- name: DEPENDENCY_JOBS
value: ""
- name: DEPENDENCY_DAEMONSET
value: ""
- name: DEPENDENCY_CONTAINER
value: ""
- name: COMMAND
value: "echo done"
command:
- kubernetes-entrypoint
volumeMounts: []
containers:
- name: metric-ks-service-registration
image: hub.easystack.io/production/escloud-linux-source-heat-engine:latest
imagePullPolicy: Always
command:
- /tmp/ks-service.sh
volumeMounts:
- name: ks-service-sh
mountPath: /tmp/ks-service.sh
subPath: ks-service.sh
readOnly: true
env:
- name: OS_IDENTITY_API_VERSION
value: "3"
- name: OS_AUTH_URL
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_AUTH_URL
- name: OS_REGION_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_REGION_NAME
- name: OS_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_DOMAIN_NAME
- name: OS_USER_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_USER_DOMAIN_NAME
- name: OS_USERNAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_USERNAME
- name: OS_PASSWORD
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_PASSWORD
- name: OS_SERVICE_NAME
value: "gnocchi"
- name: OS_SERVICE_TYPE
value: metric
volumes:
- name: ks-service-sh
configMap:
name: gnocchi-bin
defaultMode: 0555
---
# Source: gnocchi/templates/job-ks-user.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: gnocchi-ks-user
spec:
template:
metadata:
labels:
release_group: openstack
application: gnocchi
component: ks-user
spec:
restartPolicy: OnFailure
nodeSelector:
openstack-control-plane: enabled
initContainers:
- name: init
image: hub.easystack.io/production/kubernetes-entrypoint:v0.2.1
imagePullPolicy: IfNotPresent
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INTERFACE_NAME
value: eth0
- name: DEPENDENCY_SERVICE
value: "default:keystone-api"
- name: DEPENDENCY_JOBS
value: ""
- name: DEPENDENCY_DAEMONSET
value: ""
- name: DEPENDENCY_CONTAINER
value: ""
- name: COMMAND
value: "echo done"
command:
- kubernetes-entrypoint
volumeMounts: []
containers:
- name: gnocchi-ks-user
image: hub.easystack.io/production/escloud-linux-source-heat-engine:latest
imagePullPolicy: Always
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
- name: OS_IDENTITY_API_VERSION
value: "3"
- name: OS_AUTH_URL
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_AUTH_URL
- name: OS_REGION_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_REGION_NAME
- name: OS_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_DOMAIN_NAME
- name: OS_USER_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_USER_DOMAIN_NAME
- name: OS_USERNAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_USERNAME
- name: OS_PASSWORD
valueFrom:
secretKeyRef:
name: gnocchi-keystone-admin
key: OS_PASSWORD
- name: SERVICE_OS_SERVICE_NAME
value: "gnocchi"
- name: SERVICE_OS_REGION_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-user
key: OS_REGION_NAME
- name: SERVICE_OS_PROJECT_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-user
key: OS_PROJECT_DOMAIN_NAME
- name: SERVICE_OS_PROJECT_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-user
key: OS_PROJECT_NAME
- name: SERVICE_OS_USER_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-user
key: OS_USER_DOMAIN_NAME
- name: SERVICE_OS_USERNAME
valueFrom:
secretKeyRef:
name: gnocchi-keystone-user
key: OS_USERNAME
- name: SERVICE_OS_PASSWORD
valueFrom:
secretKeyRef:
name: gnocchi-keystone-user
key: OS_PASSWORD
- name: SERVICE_OS_ROLE
value: "admin"
volumes:
- name: ks-user-sh
configMap:
name: gnocchi-bin
defaultMode: 0555
---
# Source: gnocchi/templates/job-storage-init.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: gnocchi-storage-init
spec:
template:
metadata:
labels:
release_group: openstack
application: gnocchi
component: storage-init
spec:
restartPolicy: OnFailure
nodeSelector:
openstack-control-plane: enabled
initContainers:
- name: init
image: hub.easystack.io/production/kubernetes-entrypoint:v0.2.1
imagePullPolicy: IfNotPresent
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INTERFACE_NAME
value: eth0
- name: DEPENDENCY_SERVICE
value: ""
- name: DEPENDENCY_JOBS
value: ""
- name: DEPENDENCY_DAEMONSET
value: ""
- name: DEPENDENCY_CONTAINER
value: ""
- name: COMMAND
value: "echo done"
command:
- kubernetes-entrypoint
volumeMounts: []
- name: ceph-keyring-placement
image: hub.easystack.io/production/escloud-linux-source-gnocchi-api:latest
imagePullPolicy: Always
securityContext:
runAsUser: 42416
command:
- /tmp/ceph-admin-keyring.sh
volumeMounts:
- name: etcceph
mountPath: /etc/ceph
- name: gnocchi-bin
mountPath: /tmp/ceph-admin-keyring.sh
subPath: ceph-admin-keyring.sh
readOnly: true
- name: ceph-keyring
mountPath: /tmp/client-keyring
subPath: key
readOnly: true
containers:
- name: gnocchi-storage-init
image: hub.easystack.io/production/escloud-linux-ceph-daemon:latest
imagePullPolicy: Always
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: RBD_POOL_NAME
value: "metrics"
- name: RBD_POOL_USER
value: "admin"
- name: RBD_POOL_SECRET
value: "gnocchi-rbd-keyring"
command:
- /tmp/storage-init.sh
volumeMounts:
- name: gnocchi-bin
mountPath: /tmp/storage-init.sh
subPath: storage-init.sh
readOnly: true
- name: etcceph
mountPath: /etc/ceph
- name: ceph-etc
mountPath: /etc/ceph/ceph.conf
subPath: ceph.conf
readOnly: true
- name: ceph-keyring
mountPath: /tmp/client-keyring
subPath: key
readOnly: true
volumes:
- name: gnocchi-bin
configMap:
name: gnocchi-bin
defaultMode: 0555
- name: etcceph
emptyDir: {}
- name: ceph-etc
configMap:
name: ceph-etc
defaultMode: 0444
- name: ceph-keyring
secret:
secretName: pvc-ceph-client-key
---
# Source: gnocchi/templates/ingress-api.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: gnocchi
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: gnocchi
http:
paths:
- path: /
backend:
serviceName: gnocchi-api
servicePort: gn-api
- host: gnocchi.default
http:
paths:
- path: /
backend:
serviceName: gnocchi-api
servicePort: gn-api
- host: gnocchi.default.svc.cluster.local
http:
paths:
- path: /
backend:
serviceName: gnocchi-api
servicePort: gn-api
---
# Source: gnocchi/templates/pdb-api.yaml
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: gnocchi-api
spec:
minAvailable: 0
selector:
matchLabels:
release_group: openstack
application: gnocchi
component: api