starlingx/app-distributed-cloud
Code Issues Proposed changes

Create app-distributed-cloud prototype

Browse Source 
This commit introduces the prototype for the app-distributed-cloud

All dcmanager services are being containerized, and the app will
utilize Keystone, certmanager, and rabbitmq from the platform.

The prototype is in its initial phase, and DC functionalities/services
have not yet been thoroughly tested. In this first phase, the subcloud
add command is functional.

This commit includes the dcmanager and dc-vault helm charts, and a
a structure of dcorch, that will be added in a following commit.

Before testing the app, the platform must be configured. Refer to the
README file for details.

Test Plan:
PASS: Execute a subcloud add successfully.

Story: 2011312
Task: 51841

Change-Id: Ifa6dbbb39d5bdd48eedd06c732d24d26a48f6ae8
Co-Authored-By: Matt Peters <matt.peters@windriver.com>
Co-Authored-By: Enzo Candotti <enzo.candotti@windriver.com>
Co-Authored-By: Yuxing Jiang <yuxing.jiang@windriver.com>
Signed-off-by: Hugo Brito <hugo.brito@windriver.com>
This commit is contained in:
Hugo Brito 2025-03-17 18:42:32 -03:00
parent 93670cf51b
commit 05b7684f3e
114 changed files with 4488 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
HACKING.rst Normal file
View File

@ -0,0 +1,17 @@
StarlingX app-distributed-cloud Style Commandments
==================================================
- Step 1: Read the OpenStack style commandments
https://docs.openstack.org/hacking/latest/
- Step 2: Read on
app-distributed-cloud Specific Commandments
-------------------------------------------
None so far
Running tests
-------------
The approach to running tests is to simply run the command ``tox``. This will
create virtual environments, populate them with dependencies and run all of
the tests that OpenStack CI systems run.

437
README.md Normal file
View File

@ -0,0 +1,437 @@
# app-distributed-cloud (Prototype)
This tutorial provides a step-by-step guide on containerizing DC Services using the
app-distributed-cloud prototype.
> **Note:** All dcmanager operations are not fully tested or operational.
## Disable Service Management
Disable the dcmanager services on the platform
```bash
source /etc/platform/openrc
sudo sm-unmanage service dcmanager-manager
sudo sm-unmanage service dcmanager-api
sudo sm-unmanage service dcmanager-audit
sudo sm-unmanage service dcmanager-audit-worker
sudo sm-unmanage service dcmanager-orchestrator
sudo sm-unmanage service dcmanager-state
sudo sm-unmanage service dcorch-engine
sudo sm-unmanage service dcorch-engine-worker
sudo sm-unmanage service dcorch-sysinv-api-proxy
sudo sm-unmanage service dcorch-patch-api-proxy
sudo sm-unmanage service dcorch-identity-api-proxy
sudo sm-unmanage service dcdbsync-api
sudo pkill -f ^".*/bin/dcmanager.*"
sudo pkill -f ^".*/bin/dcorch.*"
sudo pkill -f ^".*/bin/dcdbsync.*"
```
## Platform Setup
```bash
system host-label-assign controller-0 starlingx.io/distributed-cloud=enabled
system host-label-assign controller-1 starlingx.io/distributed-cloud=enabled
```
> **Note:** If you have issues with downloading the nginx image for dc-vault-nginx,
assign the distributed-cloud label just for the controller-0
## Create the namespace and root-ca secret
```bash
# Create distributed-cloud namespace
kubectl create namespace distributed-cloud
# Create system-local-ca secret
cp /etc/ssl/certs/dc-adminep-root-ca.pem /home/sysadmin/root-ca.pem
kubectl -n distributed-cloud create secret generic root-ca --from-file=ca.crt=/home/sysadmin/root-ca.pem
```
## Distributed Cloud Application Deployment (development)
```bash
# Configure Docker Image
# Create or download the docker image used for the dcmanager pods
DOCKER_IMAGE=registry.local:9001/docker.io/starlingx/stx-distributed-cloud:master-debian-stable-latest
sudo docker login registry.local:9001
sudo docker image pull <POD_IMAGE>
sudo docker image tag <POD_IMAGE> ${DOCKER_IMAGE}
sudo docker image push ${DOCKER_IMAGE}
# Upload the prototype
system application-upload /usr/local/share/applications/helm/distributed-cloud-25.09-0.tgz
```
```bash
# Set Password Variables
ADMIN_KS_PASSWORD=$(keyring get CGCS admin)
RABBITMQ_PASSWORD=$(keyring get amqp rabbit)
DCMANAGER_DB_PASSWORD=$(keyring get dcmanager database)
DCMANAGER_KS_PASSWORD=$(keyring get dcmanager services)
DCORCH_DB_PASSWORD=$(keyring get dcorch database)
DCORCH_KS_PASSWORD=$(keyring get dcorch services)
# Create dcmanager and dcorch overrides
cat<<EOF>dcmanager.yaml
images:
tags:
dcmanager: ${DOCKER_IMAGE}
ks_user: ${DOCKER_IMAGE}
ks_service: ${DOCKER_IMAGE}
ks_endpoints: ${DOCKER_IMAGE}
dcmanager_db_sync: ${DOCKER_IMAGE}
db_init: ${DOCKER_IMAGE}
db_drop: ${DOCKER_IMAGE}
pullPolicy: Always
pod:
image_pull_secrets:
default:
- name: default-registry-key
tolerations:
dcmanager:
enabled: true
conf:
dcmanager:
DEFAULT:
log_config_append: /etc/dcmanager/logging.conf
transport_url: rabbit://guest:${RABBITMQ_PASSWORD}@controller.internal:5672
auth_strategy: keystone
playbook_timeout: 3600
use_usm: False
workers: 1
orch_workers: 1
state_workers: 1
audit_workers: 1
audit_worker_workers: 1
cache:
auth_uri: http://controller.internal:5000/v3
admin_tenant: admin
admin_username: admin
admin_password: ${ADMIN_KS_PASSWORD}
endpoint_cache:
auth_uri: http://controller.internal:5000/v3
auth_plugin: password
username: dcmanager
password: ${DCMANAGER_KS_PASSWORD}
project_name: services
user_domain_name: Default
project_domain_name: Default
http_connect_timeout: 15
database:
connection_recycle_time: 3600
max_pool_size: 105
max_overflow: 100
keystone_authtoken:
auth_version: v3
auth_type: password
dependencies:
static:
api:
jobs:
- dcmanager-ks-user
- dcmanager-ks-service
- dcmanager-ks-endpoints
ks_endpoints:
jobs:
- dcmanager-ks-user
- dcmanager-ks-service
endpoints:
cluster_domain_suffix: cluster.local
oslo_db:
auth:
admin:
username: admin-dcmanager
password: ${DCMANAGER_DB_PASSWORD}
dcmanager:
username: admin-dcmanager
password: ${DCMANAGER_DB_PASSWORD}
hosts:
default: postgresql
host_fqdn_override:
default: controller.internal
port:
postgresql:
default: 5432
path: /dcmanager
scheme: postgresql+psycopg2
oslo_messaging:
auth:
admin:
username: guest
password: ${RABBITMQ_PASSWORD}
dcmanager:
username: guest
password: ${RABBITMQ_PASSWORD}
hosts:
default: rabbitmq
host_fqdn_override:
default: controller.internal
path: /
scheme: rabbit
port:
amqp:
default: 5672
http:
default: 15672
identity:
name: keystone
auth:
admin:
username: admin
password: ${ADMIN_KS_PASSWORD}
region_name: RegionOne
project_name: admin
user_domain_name: Default
project_domain_name: Default
dcmanager:
role: admin
username: dcmanager
password: ${DCMANAGER_KS_PASSWORD}
region_name: RegionOne
project_name: services
user_domain_name: Default
project_domain_name: Default
hosts:
default: keystone-api
public: keystone
host_fqdn_override:
default: controller.internal
path:
default: /v3
scheme:
default: http
port:
api:
default: 80
internal: 5000
dcmanager:
name: dcmanager
hosts:
default: dcmanager-api
public: dcmanager
host_fqdn_override:
default: null
path:
default: /v1.0
scheme:
default: 'http'
port:
api:
default: 8119
public: 80
EOF
cat<<EOF>dcorch.yaml
images:
tags:
dcorch: ${DOCKER_IMAGE}
ks_user: ${DOCKER_IMAGE}
ks_service: ${DOCKER_IMAGE}
ks_endpoints: ${DOCKER_IMAGE}
dcorch_db_sync: ${DOCKER_IMAGE}
db_init: ${DOCKER_IMAGE}
db_drop: ${DOCKER_IMAGE}
pullPolicy: Always
pod:
image_pull_secrets:
default:
- name: default-registry-key
tolerations:
dcorch:
enabled: true
replicas:
dcorch_engine_worker: 1
dcorch_sysinv_api_proxy: 1
keystone_api_proxy: 1
dcorch_patch_api_proxy: 1
dcorch_usm_api_proxy: 1
conf:
dcorch:
DEFAULT:
log_config_append: /etc/dcorch/logging.conf
transport_url: rabbit://guest:${RABBITMQ_PASSWORD}@controller.internal:5672
auth_strategy: keystone
playbook_timeout: 3600
use_usm: False
endpoint_cache:
password: ${DCMANAGER_KS_PASSWORD}
database:
connection_recycle_time: 3600
max_pool_size: 105
max_overflow: 100
keystone_authtoken:
auth_version: v3
auth_type: password
dependencies:
static:
api:
jobs:
- dcorch-ks-user
- dcorch-ks-service
- dcorch-ks-endpoints
ks_endpoints:
jobs:
- dcorch-ks-user
- dcorch-ks-service
endpoints:
cluster_domain_suffix: cluster.local
oslo_db:
auth:
admin:
username: admin-dcorch
password: ${DCORCH_DB_PASSWORD}
dcorch:
username: admin-dcorch
password: ${DCORCH_DB_PASSWORD}
dcmanager:
username: admin-dcmanager
password: ${DCMANAGER_DB_PASSWORD}
hosts:
default: postgresql
host_fqdn_override:
default: controller.internal
port:
postgresql:
default: 5432
path: /dcorch
scheme: postgresql+psycopg2
oslo_messaging:
auth:
admin:
username: guest
password: ${RABBITMQ_PASSWORD}
dcmanager:
username: guest
password: ${RABBITMQ_PASSWORD}
hosts:
default: rabbitmq
host_fqdn_override:
default: controller.internal
path: /
scheme: rabbit
port:
amqp:
default: 5672
http:
default: 15672
identity:
name: keystone
auth:
admin:
username: admin
password: ${ADMIN_KS_PASSWORD}
region_name: RegionOne
project_name: admin
user_domain_name: Default
project_domain_name: Default
dcorch:
role: admin
username: dcorch
password: ${DCORCH_KS_PASSWORD}
region_name: RegionOne
project_name: services
user_domain_name: Default
project_domain_name: Default
hosts:
default: keystone-api
public: keystone
host_fqdn_override:
default: controller.internal
path:
default: /v3
scheme:
default: http
port:
api:
default: 80
internal: 5000
dcorch:
name: dcorch
hosts:
default: dcorch-api
public: dcorch
host_fqdn_override:
default: null
path:
default: /v1.0
scheme:
default: 'http'
port:
api:
default: 8118
public: 80
EOF
```
```bash
system helm-override-update distributed-cloud dcmanager distributed-cloud --values dcmanager.yaml
system helm-override-update distributed-cloud dcorch distributed-cloud --values dcorch.yaml
system helm-override-show distributed-cloud dcmanager distributed-cloud
system helm-override-show distributed-cloud dcorch distributed-cloud
```
## Apply app-distributed-cloud
```bash
system application-apply distributed-cloud
system application-show distributed-cloud
```
## To remove
```bash
system application-remove distributed-cloud
system application-delete distributed-cloud
```
## Check dcmanager endpoints
```bash
openstack endpoint list | grep dcmanager
```
## Check if dcmanager-api endpoint works
```bash
kubectl get svc dcmanager-api -n distributed-cloud
kubectl get endpoints dcmanager-api -n distributed-cloud
# Get Token
openstack token issue
curl -i http://<endpoint>/v1.0/subclouds -X GET -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token:${TOKEN}"
```
## Configure dcmanager-client
Edit file: /usr/lib/python3/dist-packages/dcmanagerclient/api/v1/client.py
```python
_DEFAULT_DCMANAGER_URL = (
"http://dcmanager-api.distributed-cloud.svc.cluster.local:8119/v1.0"
)
# delete if not dcmanager_url: to always set default
dcmanager_url = _DEFAULT_DCMANAGER_URL
```
## Check dcmanager-manager is working
```bash
dcmanager subcloud-group add --name test
dcmanager subcloud update --group 2 subcloud2-stx-latest
```

10
bindep.txt Normal file
View File

@ -0,0 +1,10 @@
# This is a cross-platform list tracking distribution packages needed for install and tests;
# see https://docs.openstack.org/infra/bindep/ for additional information.
libffi-dev [platform:dpkg]
libldap2-dev [platform:dpkg]
libxml2-dev [platform:dpkg]
libxslt1-dev [platform:dpkg]
libsasl2-dev [platform:dpkg]
libffi-devel [platform:rpm]
python3-all-dev [platform:dpkg]

1
debian_iso_image.inc Normal file
View File

@ -0,0 +1 @@
stx-distributed-cloud-helm

2
debian_pkg_dirs Normal file
View File

@ -0,0 +1,2 @@
python3-k8sapp-distributed-cloud
stx-distributed-cloud-helm

1
debian_stable_docker_images.inc Normal file
View File

@ -0,0 +1 @@
stx-distributed-cloud-images

5
python3-k8sapp-distributed-cloud/debian/deb_folder/changelog Normal file
View File

@ -0,0 +1,5 @@
python3-k8sapp-distributed-cloud (1.0-0) unstable; urgency=medium
* Initial release.
-- Hugo Brito <hugo.brito@windriver.com> Tue, 25 Mar 2025 00:00:00 +0000

27
python3-k8sapp-distributed-cloud/debian/deb_folder/control Normal file
View File

@ -0,0 +1,27 @@
Source: python3-k8sapp-distributed-cloud
Section: libs
Priority: optional
Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
Build-Depends: debhelper-compat (= 13),
dh-python,
python3-all,
python3-pbr,
python3-setuptools,
python3-wheel,
build-info
Standards-Version: 4.5.1
Homepage: https://www.starlingx.io
Package: python3-k8sapp-distributed-cloud
Section: libs
Architecture: any
Depends: ${misc:Depends}, ${python3:Depends}
Description: StarlingX Sysinv Distributed Cloud Extensions
This package contains sysinv plugins for the Distributed Cloud K8S app.
Package: python3-k8sapp-distributed-cloud-wheels
Section: libs
Architecture: any
Depends: ${misc:Depends}, ${python3:Depends}, python3-wheel
Description: StarlingX Sysinv Distributed Cloud Extension Wheels
This package contains python wheels for the Distributed Cloud K8S app plugins.

41
python3-k8sapp-distributed-cloud/debian/deb_folder/copyright Normal file
View File

@ -0,0 +1,41 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: python3-k8sapp-distributed-cloud
Source: https://opendev.org/starlingx/app-distributed-cloud/
Files: *
Copyright: (c) 2025 Wind River Systems, Inc
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.
# If you want to use GPL v2 or later for the /debian/* files use
# the following clauses, or change it to suit. Delete these two lines
Files: debian/*
Copyright: 2025 Wind River Systems, Inc
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.

1
python3-k8sapp-distributed-cloud/debian/deb_folder/python3-k8sapp-distributed-cloud-wheels.install Normal file
View File

@ -0,0 +1 @@
plugins/*.whl

1
python3-k8sapp-distributed-cloud/debian/deb_folder/python3-k8sapp-distributed-cloud.install Normal file
View File

@ -0,0 +1 @@
usr/lib/python3/dist-packages/k8sapp_*

31
python3-k8sapp-distributed-cloud/debian/deb_folder/rules Executable file
View File

@ -0,0 +1,31 @@
#!/usr/bin/make -f
# export DH_VERBOSE = 1
export APP_NAME = distributed-cloud
export PYBUILD_NAME = k8sapp-distributed-cloud
export DEB_VERSION = $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ')
export MAJOR = $(shell cat /etc/build.info | grep SW_VERSION | cut -d'"' -f2)
export MINOR_PATCH = $(shell echo $(DEB_VERSION) | cut -f 4 -d '.')
export PBR_VERSION = $(MAJOR).$(MINOR_PATCH)
export ROOT = $(CURDIR)/debian/tmp
export SKIP_PIP_INSTALL = 1
%:
dh $@ --with=python3 --buildsystem=pybuild
override_dh_auto_install:
python3 setup.py install \
--install-layout=deb \
--root $(ROOT)
python3 setup.py bdist_wheel \
--universal \
-d $(ROOT)/plugins
override_dh_python3:
dh_python3 --shebang=/usr/bin/python3
override_dh_auto_test:
PYTHONDIR=$(CURDIR) stestr run

1
python3-k8sapp-distributed-cloud/debian/deb_folder/source/format Normal file
View File

@ -0,0 +1 @@
3.0 (quilt)

6
python3-k8sapp-distributed-cloud/debian/meta_data.yaml Normal file
View File

@ -0,0 +1,6 @@
---
debname: python3-k8sapp-distributed-cloud
debver: 1.0-0
src_path: k8sapp_distributed_cloud
revision:
dist: $STX_DIST

35
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/.gitignore vendored Normal file
View File

@ -0,0 +1,35 @@
# Compiled files
*.py[co]
*.a
*.o
*.so
# Sphinx
_build
doc/source/api/
# Packages/installer info
*.egg
*.egg-info
dist
build
eggs
parts
var
sdist
develop-eggs
.installed.cfg
# Other
*.DS_Store
.stestr
.testrepository
.tox
.venv
.*.swp
.coverage
bandit.xml
cover
AUTHORS
ChangeLog
*.sqlite

4
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/.stestr.conf Normal file
View File

@ -0,0 +1,4 @@
[DEFAULT]
test_path=./k8sapp_distributed_cloud/tests
top_dir=./k8sapp_distributed_cloud
#parallel_class=True

202
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/LICENSE Normal file
View File

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2019 Wind River Systems, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

7
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/README.rst Normal file
View File

@ -0,0 +1,7 @@
k8sapp-distributed-cloud
========================
This project contains StarlingX Kubernetes application specific python plugins
for Distributed Cloud. These plugins are required to integrate the Distributed Cloud
application into the StarlingX application framework and to support the
various StarlingX deployments.

0
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/k8sapp_distributed_cloud/__init__.py Normal file
View File

0
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/k8sapp_distributed_cloud/common/__init__.py Normal file
View File

29
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/k8sapp_distributed_cloud/common/constants.py Normal file
View File

@ -0,0 +1,29 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# Helm: Supported charts:
# These values match the names in the chart package's Chart.yaml
HELM_CHART_DCMANAGER = 'dcmanager'
HELM_CHART_DCORCH = 'dcorch'
# FluxCD
FLUXCD_HELM_RELEASE_DCMANAGER = 'dcmanager'
FLUXCD_HELM_RELEASE_DCORCH = 'dcorch'
# Namespace to deploy the application
HELM_NS_DISTCLOUD = 'distributed-cloud'
# Application Name
HELM_APP_DISTCLOUD = 'distributed-cloud'
# Application Services
HELM_SERVICE_DCMANAGER_API = "dcmanager-api"
# Application component label
HELM_LABEL_PARAMETER = 'labels'
HELM_COMPONENT_LABEL = 'app.starlingx.io/component'
HELM_COMPONENT_LABEL_VALUE_PLATFORM = 'platform'
HELM_COMPONENT_LABEL_VALUE_APPLICATION = 'application'

0
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/k8sapp_distributed_cloud/helm/__init__.py Normal file
View File

163
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/k8sapp_distributed_cloud/helm/base.py Normal file
View File

@ -0,0 +1,163 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
import keyring
import yaml
from oslo_log import log as logging
from sysinv.common import exception
from sysinv.db import api as dbapi
from sysinv.helm import base
from k8sapp_distributed_cloud.common import constants as app_constants
LOG = logging.getLogger(__name__)
class DistributedCloudHelm(base.FluxCDBaseHelm):
"""Class to encapsulate helm operations for the Distributed Cloud charts"""
SUPPORTED_NAMESPACES = base.FluxCDBaseHelm.SUPPORTED_NAMESPACES + \
[app_constants.HELM_NS_DISTCLOUD]
SUPPORTED_APP_NAMESPACES = {
app_constants.HELM_APP_DISTCLOUD: SUPPORTED_NAMESPACES,
}
SERVICE_NAME = app_constants.HELM_APP_DISTCLOUD
SUPPORTED_COMPONENT_OVERRIDES = [
app_constants.HELM_COMPONENT_LABEL_VALUE_PLATFORM,
app_constants.HELM_COMPONENT_LABEL_VALUE_APPLICATION
]
DEFAULT_AFFINITY = app_constants.HELM_COMPONENT_LABEL_VALUE_PLATFORM
KEYRING_SERVICE_ADMIN = 'CGCS'
KEYRING_SERVICE_AMQP = 'amqp'
KEYRING_USER_DATABASE = 'database'
KEYRING_USER_SERVICES = 'services'
KEYRING_USER_ADMIN = 'admin'
KEYRING_USER_AMQP = 'rabbit'
@property
def CHART(self):
raise NotImplemented("CHART property not implemented")
@property
def HELM_RELEASE(self):
raise NotImplemented("HELM_RELEASE property not implemented")
def get_namespaces(self):
return self.SUPPORTED_NAMESPACES
def get_overrides(self, namespace=None):
dbapi_instance = dbapi.get_instance()
db_app = dbapi_instance.kube_app_get(app_constants.HELM_APP_DISTCLOUD)
# User chart overrides
chart_overrides = self._get_helm_overrides(
dbapi_instance,
db_app,
self.CHART,
app_constants.HELM_NS_DISTCLOUD,
'user_overrides')
user_affinity = chart_overrides.get(app_constants.HELM_COMPONENT_LABEL,
self.DEFAULT_AFFINITY)
if user_affinity in self.SUPPORTED_COMPONENT_OVERRIDES:
affinity = user_affinity
else:
LOG.warn(f"User override value {user_affinity} "
f"for {app_constants.HELM_COMPONENT_LABEL} is invalid, "
f"using default value {self.DEFAULT_AFFINITY}")
affinity = self.DEFAULT_AFFINITY
overrides = {
app_constants.HELM_NS_DISTCLOUD: {
app_constants.HELM_LABEL_PARAMETER: {
app_constants.HELM_COMPONENT_LABEL: affinity
},
"endpoints": self._get_endpoint_overrides()
}
}
if namespace in self.SUPPORTED_NAMESPACES:
return overrides[namespace]
if namespace:
raise exception.InvalidHelmNamespace(chart=self.CHART,
namespace=namespace)
return overrides
@staticmethod
def _get_helm_overrides(dbapi_instance, app, chart, namespace,
type_of_overrides):
"""Helper function for querying helm overrides from db."""
helm_overrides = {}
try:
overrides = dbapi_instance.helm_override_get(
app_id=app.id,
name=chart,
namespace=namespace,
)[type_of_overrides]
if isinstance(overrides, str):
helm_overrides = yaml.safe_load(overrides)
except exception.HelmOverrideNotFound:
LOG.debug("Overrides for this chart not found, nothing to be done.")
return helm_overrides
def _get_endpoint_overrides(self):
"""Get common endpoint helm overrides"""
admin_ks_password=keyring.get_password(self.KEYRING_SERVICE_ADMIN,
self.KEYRING_USER_ADMIN)
rabbitmq_password=keyring.get_password(self.KEYRING_SERVICE_AMQP,
self.KEYRING_USER_AMQP)
service_db_password=keyring.get_password(self.CHART,
self.KEYRING_USER_DATABASE)
service_ks_password=keyring.get_password(self.CHART,
self.KEYRING_USER_SERVICES)
endpoints = {
"oslo_db": {
"auth": {
"admin": {
"password": service_db_password,
},
self.CHART: {
"password": service_db_password,
}
}
},
"oslo_messaging": {
"auth": {
"admin": {
"password": rabbitmq_password,
},
self.CHART: {
"password": rabbitmq_password,
}
}
},
"identity": {
"auth": {
"admin": {
"password": admin_ks_password,
},
self.CHART: {
"password": service_ks_password,
}
}
}
}
return endpoints

20
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/k8sapp_distributed_cloud/helm/dcmanager.py Normal file
View File

@ -0,0 +1,20 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from . import base
from k8sapp_distributed_cloud.common import constants as app_constants
class DCManagerHelm(base.DistributedCloudHelm):
@property
def CHART(self):
return app_constants.HELM_CHART_DCMANAGER
@property
def HELM_RELEASE(self):
return app_constants.FLUXCD_HELM_RELEASE_DCMANAGER

20
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/k8sapp_distributed_cloud/helm/dcorch.py Normal file
View File

@ -0,0 +1,20 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from . import base
from k8sapp_distributed_cloud.common import constants as app_constants
class DCOrchHelm(base.DistributedCloudHelm):
@property
def CHART(self):
return app_constants.HELM_CHART_DCORCH
@property
def HELM_RELEASE(self):
return app_constants.FLUXCD_HELM_RELEASE_DCORCH

0
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/k8sapp_distributed_cloud/lifecycle/__init__.py Normal file
View File

50
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/k8sapp_distributed_cloud/lifecycle/lifecycle_distributed_cloud.py Normal file
View File

@ -0,0 +1,50 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# All Rights Reserved.
#
""" System Inventory App lifecycle operator."""
from oslo_log import log as logging
from sysinv.common import constants as c
from sysinv.helm import lifecycle_base as base
from sysinv.helm import lifecycle_utils
from k8sapp_distributed_cloud.common import constants as app_constants
LOG = logging.getLogger(__name__)
class DistributedCloudAppLifecycleOperator(base.AppLifecycleOperator):
def app_lifecycle_actions(self, context, conductor_obj,
app_op, app, hook_info):
"""Perform lifecycle actions for an operation
:param context: request context, can be None
:param conductor_obj: conductor object, can be None
:param app_op: AppOperator object
:param app: AppOperator.Application object
:param hook_info: LifecycleHookInfo object
"""
if hook_info.lifecycle_type == c.APP_LIFECYCLE_TYPE_OPERATION:
if hook_info.operation == c.APP_REMOVE_OP:
if hook_info.relative_timing == c.APP_LIFECYCLE_TIMING_POST:
self._post_remove(app_op)
super().app_lifecycle_actions(context, conductor_obj,
app_op, app, hook_info)
@staticmethod
def _post_remove(app_op):
# Helm doesn't delete the namespace. To clean up after
# application-remove, we need to explicitly delete it.
LOG.debug(f"Executing post_remove for {app_constants.HELM_APP_DISTCLOUD} app")
lifecycle_utils.delete_namespace(app_op, app_constants.HELM_NS_DISTCLOUD)

0
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/k8sapp_distributed_cloud/tests/__init__.py Normal file
View File

28
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/k8sapp_distributed_cloud/tests/test_distributed_cloud.py Normal file
View File

@ -0,0 +1,28 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from sysinv.db import api as dbapi
from sysinv.tests.db import base as dbbase
from sysinv.tests.db import utils as dbutils
from sysinv.tests.helm import base
from k8sapp_distributed_cloud.tests import test_plugins
class DistributedCloudTestCase(test_plugins.K8SAppDistributedCloudAppMixin,
base.HelmTestCaseMixin):
def setUp(self):
super().setUp()
self.app = dbutils.create_test_app(name='distributed-cloud')
self.dbapi = dbapi.get_instance()
class DistributedCloudTestCaseDummy(DistributedCloudTestCase,
dbbase.ProvisionedControllerHostTestCase):
# without a test zuul will fail
def test_dummy(self):
pass

45
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/k8sapp_distributed_cloud/tests/test_plugins.py Normal file
View File

@ -0,0 +1,45 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from sysinv.tests.db import base as dbbase
from k8sapp_distributed_cloud.common import constants as app_constants
class K8SAppDistributedCloudAppMixin(object):
app_name = app_constants.HELM_APP_DISTCLOUD
path_name = app_name + '.tgz'
# pylint: disable=invalid-name,useless-parent-delegation
def setUp(self):
super().setUp()
def test_stub(self):
# Replace this with a real unit test.
pass
# Test Configuration:
# - Controller
# - IPv6
# - Ceph Storage
# - distributed-cloud app
class K8sAppDistributedCloudControllerTestCase(K8SAppDistributedCloudAppMixin,
dbbase.BaseIPv6Mixin,
dbbase.BaseCephStorageBackendMixin,
dbbase.ControllerHostTestCase):
pass
# Test Configuration:
# - AIO
# - IPv4
# - Ceph Storage
# - distributed-cloud app
class K8SAppDistributedCloudAIOTestCase(K8SAppDistributedCloudAppMixin,
dbbase.BaseCephStorageBackendMixin,
dbbase.AIOSimplexHostTestCase):
pass

234
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/pylint.rc Normal file
View File

@ -0,0 +1,234 @@
[MASTER]
# Specify a configuration file.
rcfile=pylint.rc
# Python code to execute, usually for sys.path manipulation such as
# pygtk.require().
#init-hook=
# Add files or directories to the blacklist. Should be base names, not paths.
ignore=
# Pickle collected data for later comparisons.
persistent=yes
# List of plugins (as comma separated values of python modules names) to load,
# usually to register additional checkers.
load-plugins=pylint.extensions.bad_builtin
# Use multiple processes to speed up Pylint.
jobs=4
# Allow loading of arbitrary C extensions. Extensions are imported into the
# active Python interpreter and may run arbitrary code.
unsafe-load-any-extension=no
# A comma-separated list of package or module names from where C extensions may
# be loaded. Extensions are loading into the active Python interpreter and may
# run arbitrary code
extension-pkg-whitelist=lxml.etree,greenlet
[MESSAGES CONTROL]
# Disable the message, report, category or checker with the given id(s). You
# can either give multiple identifier separated by comma (,) or put this option
# multiple time (only on the command line, not in the configuration file where
# it should appear only once).
# See "Messages Control" section of
# https://pylint.readthedocs.io/en/latest/user_guide
disable=
# C codes refer to Convention
C0114, # missing-module-docstring
C0115, # missing-class-docstring
C0116, # missing-function-docstring
# R codes refer to refactoring
R0205, # useless-object-inheritance
R0901, # too-many-ancestors
R0903, # too-few-public-methods
R0913, # too-many-arguments
# W codes are warnings
W0212, # protected-access
[REPORTS]
# Set the output format. Available formats are text, parseable, colorized, msvs
# (visual studio) and html
output-format=text
# Tells whether to display a full report or only the messages
reports=no
# Python expression which should return a note less than 10 (10 is the highest
# note). You have access to the variables errors warning, statement which
# respectively contain the number of errors / warnings messages and the total
# number of statements analyzed. This is used by the global evaluation report
# (RP0004).
evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
[SIMILARITIES]
# Minimum lines number of a similarity.
min-similarity-lines=4
# Ignore comments when computing similarities.
ignore-comments=yes
# Ignore docstrings when computing similarities.
ignore-docstrings=yes
[FORMAT]
# Maximum number of characters on a single line.
max-line-length=85
# Maximum number of lines in a module
max-module-lines=1000
# String used as indentation unit. This is usually 4 spaces or "\t" (1 tab).
indent-string=' '
[TYPECHECK]
# Tells whether missing members accessed in mixin class should be ignored. A
# mixin class is detected if its name ends with "mixin" (case insensitive).
ignore-mixin-members=yes
# List of module names for which member attributes should not be checked
# (useful for modules/projects where namespaces are manipulated during runtime
# and thus existing member attributes cannot be deduced by static analysis
ignored-modules=distutils,eventlet.green.subprocess,six,six.moves
# List of classes names for which member attributes should not be checked
# (useful for classes with attributes dynamically set).
# pylint is confused by sqlalchemy Table, as well as sqlalchemy Enum types
# ie: (unprovisioned, identity)
# LookupDict in requests library confuses pylint
ignored-classes=SQLObject, optparse.Values, thread._local, _thread._local,
Table, unprovisioned, identity, LookupDict
# List of members which are set dynamically and missed by pylint inference
# system, and so shouldn't trigger E0201 when accessed. Python regular
# expressions are accepted.
generated-members=REQUEST,acl_users,aq_parent
[BASIC]
# Regular expression which should only match correct module names
module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
# Regular expression which should only match correct module level names
const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$
# Regular expression which should only match correct class names
class-rgx=[A-Z_][a-zA-Z0-9]+$
# Regular expression which should only match correct function names
function-rgx=[a-z_][a-z0-9_]{2,30}$
# Regular expression which should only match correct method names
method-rgx=[a-z_][a-z0-9_]{2,30}$
# Regular expression which should only match correct instance attribute names
attr-rgx=[a-z_][a-z0-9_]{2,30}$
# Regular expression which should only match correct argument names
argument-rgx=[a-z_][a-z0-9_]{2,30}$
# Regular expression which should only match correct variable names
variable-rgx=[a-z_][a-z0-9_]{2,30}$
# Regular expression which should only match correct list comprehension /
# generator expression variable names
inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$
# Good variable names which should always be accepted, separated by a comma
good-names=i,j,k,ex,Run,_
# Bad variable names which should always be refused, separated by a comma
bad-names=foo,bar,baz,toto,tutu,tata
# Regular expression which should only match functions or classes name which do
# not require a docstring
no-docstring-rgx=__.*__
[MISCELLANEOUS]
# List of note tags to take in consideration, separated by a comma.
notes=FIXME,XXX,TODO
[VARIABLES]
# Tells whether we should check for unused import in __init__ files.
init-import=no
# A regular expression matching the beginning of the name of dummy variables
# (i.e. not used).
dummy-variables-rgx=_|dummy
# List of additional names supposed to be defined in builtins. Remember that
# you should avoid to define new builtins when possible.
additional-builtins=
[IMPORTS]
# Deprecated modules which should not be used, separated by a comma
deprecated-modules=regsub,string,TERMIOS,Bastion,rexec
# Create a graph of every (i.e. internal and external) dependencies in the
# given file (report RP0402 must not be disabled)
import-graph=
# Create a graph of external dependencies in the given file (report RP0402 must
# not be disabled)
ext-import-graph=
# Create a graph of internal dependencies in the given file (report RP0402 must
# not be disabled)
int-import-graph=
[DESIGN]
# Maximum number of arguments for function / method
max-args=5
# Argument names that match this expression will be ignored. Default to name
# with leading underscore
ignored-argument-names=_.*
# Maximum number of locals for function / method body
max-locals=15
# Maximum number of return / yield for function / method body
max-returns=6
# Maximum number of branch for function / method body
max-branches=12
# Maximum number of statements in function / method body
max-statements=50
# Maximum number of parents for a class (see R0901).
max-parents=7
# Maximum number of attributes for a class (see R0902).
max-attributes=7
# Minimum number of public methods for a class (see R0903).
min-public-methods=2
# Maximum number of public methods for a class (see R0904).
max-public-methods=20
[CLASSES]
# List of method names used to declare (i.e. assign) instance attributes.
defining-attr-methods=__init__,__new__,setUp
# List of valid names for the first argument in a class method.
valid-classmethod-first-arg=cls
[EXCEPTIONS]
# Exceptions that will emit a warning when being caught. Defaults to
# "Exception"
overgeneral-exceptions=builtins.BaseException,builtins.Exception

2
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/requirements.txt Normal file
View File

@ -0,0 +1,2 @@
pbr>=2.0.0
PyYAML>=3.10.0

40
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/setup.cfg Normal file
View File

@ -0,0 +1,40 @@
[metadata]
name = k8sapp-distributed-cloud
summary = StarlingX sysinv extensions for Distributed Cloud
long_description = file: README.rst
long_description_content_type = text/x-rst
license = Apache 2.0
author = StarlingX
author-email = starlingx-discuss@lists.starlingx.io
home-page = https://www.starlingx.io/
classifier =
Environment :: OpenStack
Intended Audience :: Information Technology
Intended Audience :: System Administrators
License :: OSI Approved :: Apache Software License
Operating System :: POSIX :: Linux
Programming Language :: Python
Programming Language :: Python :: 3
Programming Language :: Python :: 3.9
[files]
packages =
k8sapp_distributed_cloud
[global]
setup-hooks =
pbr.hooks.setup_hook
[entry_points]
systemconfig.helm_applications =
distributed-cloud = systemconfig.helm_plugins.distributed_cloud
systemconfig.helm_plugins.distributed_cloud =
001_dcmanager = k8sapp_distributed_cloud.helm.dcmanager:DCManagerHelm
002_dcorch = k8sapp_distributed_cloud.helm.dcorch:DCOrchHelm
systemconfig.app_lifecycle =
distributed-cloud = k8sapp_distributed_cloud.lifecycle.lifecycle_distributed_cloud:DistributedCloudAppLifecycleOperator
[bdist_wheel]
universal = 1

12
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/setup.py Normal file
View File

@ -0,0 +1,12 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
import setuptools
setuptools.setup(
setup_requires=['pbr>=2.0.0'],
pbr=True)

20
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/test-requirements.txt Normal file
View File

@ -0,0 +1,20 @@
# The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
hacking>=1.1.0,<=2.0.0 # Apache-2.0
astroid
bandit<1.7.2;python_version>="3.0"
coverage>=3.6
fixtures>=3.0.0 # Apache-2.0/BSD
mock>=2.0.0 # BSD
python-subunit>=0.0.18
requests-mock>=0.6.0 # Apache-2.0
sphinx
oslosphinx
oslotest>=3.2.0 # Apache-2.0
stestr>=1.0.0 # Apache-2.0
testrepository>=0.0.18
testtools!=1.2.0,>=0.9.36
isort<5;python_version>="3.0"
pylint
pycryptodomex

88
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/tox.ini Normal file
View File

@ -0,0 +1,88 @@
[tox]
envlist = flake8,py39,pylint,bandit
minversion = 2.9
skipsdist = True
# tox does not work if the path to the workdir is too long, so move it to /tmp
toxworkdir = /tmp/{env:USER}_k8sdistributedcloudtox
stxdir = {toxinidir}/../../..
distshare={toxworkdir}/.tox/distshare
[testenv]
allowlist_externals = bash
find
basepython = python3.9
sitepackages = False
install_command = pip install -v -v -v \
-c{toxinidir}/upper-constraints.txt \
-c{env:UPPER_CONSTRAINTS_FILE:https://opendev.org/starlingx/root/raw/branch/master/build-tools/requirements/debian/upper-constraints.txt} \
{opts} {packages}
# Note the hash seed is set to 0 until can be tested with a
# random hash seed successfully.
setenv = VIRTUAL_ENV={envdir}
PYTHONHASHSEED=0
PYTHONDONTWRITEBYTECODE=1
OS_TEST_PATH=./k8sapp_distributed_cloud/tests
LANG=en_US.UTF-8
LANGUAGE=en_US:en
LC_ALL=C
SYSINV_TEST_ENV=True
TOX_WORK_DIR={toxworkdir}
PYLINTHOME={toxworkdir}
deps = -r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
-e{[tox]stxdir}/config/sysinv/sysinv/sysinv
-e{[tox]stxdir}/config/tsconfig/tsconfig
-e{[tox]stxdir}/fault/fm-api/source
-e{[tox]stxdir}/fault/python-fmclient/fmclient
-e{[tox]stxdir}/utilities/ceph/python-cephclient/python-cephclient
-e{[tox]stxdir}/update/sw-patch/cgcs-patch
commands =
find . -type f -name "*.pyc" -delete
[flake8]
exclude = build,dist,tools,.eggs
max-line-length=80
[testenv:flake8]
deps = -r{toxinidir}/test-requirements.txt
commands =
flake8 {posargs} .
[testenv:py39]
commands =
{[testenv]commands}
stestr run {posargs}
stestr slowest
[testenv:pep8]
deps = {[testenv:flake8]deps}
commands = {[testenv:flake8]commands}
[testenv:venv]
commands = {posargs}
[bandit]
# Add bandit configuration here
[testenv:bandit]
deps = -r{toxinidir}/test-requirements.txt
commands = bandit --ini tox.ini -n 5 -r k8sapp_distributed_cloud
[testenv:pylint]
commands =
pylint {posargs} k8sapp_distributed_cloud --rcfile=./pylint.rc
[testenv:pip-missing-reqs]
# do not install test-requirements as that will pollute the virtualenv for
# determining missing packages
# this also means that pip-missing-reqs must be installed separately, outside
# of the requirements.txt files
deps = pip_missing_reqs
-rrequirements.txt
commands=pip-missing-reqs -d --ignore-file=/k8sapp_distributed_cloud/tests k8sapp_distributed_cloud

1
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/upper-constraints.txt Normal file
View File

@ -0,0 +1 @@
# Override upstream constraints based on StarlingX load

5
stx-distributed-cloud-helm/debian/deb_folder/changelog Normal file
View File

@ -0,0 +1,5 @@
stx-distributed-cloud-helm (1.0-1) unstable; urgency=medium
* Initial release.
-- Hugo Brito <hugo.brito@windriver.com> Tue, 25 Mar 2025 13:30:15 +0000

21
stx-distributed-cloud-helm/debian/deb_folder/control Normal file
View File

@ -0,0 +1,21 @@
Source: stx-distributed-cloud-helm
Section: libs
Priority: optional
Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
Build-Depends: debhelper-compat (= 13),
chartmuseum,
helm,
procps,
python3-k8sapp-distributed-cloud,
python3-k8sapp-distributed-cloud-wheels,
build-info
Standards-Version: 4.5.1
Homepage: https://www.starlingx.io
Package: stx-distributed-cloud-helm
Section: libs
Architecture: any
Depends: ${misc:Depends}
Description: StarlingX Distributed Cloud FluxCD Helm Charts
This package contains FluxCD helm charts for the Distributed Cloud
application.

41
stx-distributed-cloud-helm/debian/deb_folder/copyright Normal file
View File

@ -0,0 +1,41 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: stx-distributed-cloud-helm
Source: https://opendev.org/starlingx/app-distributed-cloud/
Files: *
Copyright: (c) 2025 Wind River Systems, Inc
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.
# If you want to use GPL v2 or later for the /debian/* files use
# the following clauses, or change it to suit. Delete these two lines
Files: debian/*
Copyright: 2025 Wind River Systems, Inc
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.

57
stx-distributed-cloud-helm/debian/deb_folder/rules Normal file
View File

@ -0,0 +1,57 @@
#!/usr/bin/make -f
# export DH_VERBOSE = 1
export ROOT = debian/tmp
export APP_FOLDER = $(ROOT)/usr/local/share/applications/helm
export DEB_VERSION = $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ')
export RELEASE = $(shell cat /etc/build.info | grep SW_VERSION | cut -d'"' -f2)
export REVISION = $(shell echo $(DEB_VERSION) | cut -f 4 -d '.')
export APP_NAME = distributed-cloud
export APP_VERSION = $(RELEASE)-$(REVISION)
export APP_TARBALL = $(APP_NAME)-$(APP_VERSION).tgz
export HELM_REPO = stx-platform
export HELM_FOLDER = /usr/lib/helm
export STAGING = staging
%:
dh $@
override_dh_auto_build:
# Create the TGZ file
cd helm-charts && $(MAKE)
# Setup the staging directory
mkdir -p $(STAGING)
cp files/metadata.yaml $(STAGING)
mkdir -p $(STAGING)/charts
cp helm-charts/*.tgz $(STAGING)/charts
# Populate metadata
sed -i 's/APP_REPLACE_NAME/$(APP_NAME)/g' $(STAGING)/metadata.yaml
sed -i 's/APP_REPLACE_VERSION/$(APP_VERSION)/g' $(STAGING)/metadata.yaml
sed -i 's/HELM_REPLACE_REPO/$(HELM_REPO)/g' $(STAGING)/metadata.yaml
# Copy the plugins: installed in the buildroot
mkdir -p $(STAGING)/plugins
cp /plugins/*.whl $(STAGING)/plugins
# Prepare staging for fluxcd package
cp -R fluxcd-manifests $(STAGING)/
# Calculate checksum of all files in staging for the fluxcd app
cd $(STAGING) && find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5
# Package fluxcd app
tar cfz $(APP_TARBALL) -C $(STAGING)/ .
# Cleanup staging
rm -rf $(STAGING)
override_dh_auto_install:
# Install the app tar file.
install -d -m 755 $(APP_FOLDER)
install -p -D -m 755 $(APP_TARBALL) $(APP_FOLDER)
override_dh_usrlocal:

1
stx-distributed-cloud-helm/debian/deb_folder/source/format Normal file
View File

@ -0,0 +1 @@
3.0 (quilt)

1
stx-distributed-cloud-helm/debian/deb_folder/stx-distributed-cloud-helm.install Normal file
View File

@ -0,0 +1 @@
usr/local/share/applications/helm/*

6
stx-distributed-cloud-helm/debian/meta_data.yaml Normal file
View File

@ -0,0 +1,6 @@
---
debname: stx-distributed-cloud-helm
debver: 1.0-0
src_path: stx-distributed-cloud-helm
revision:
dist: $STX_DIST

23
stx-distributed-cloud-helm/stx-distributed-cloud-helm/files/metadata.yaml Normal file
View File

@ -0,0 +1,23 @@
# Copyright (c) 2024 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
app_name: APP_REPLACE_NAME
app_version: APP_REPLACE_VERSION
helm_repo: HELM_REPLACE_REPO
maintain_user_overrides: true
upgrades:
auto_update: true
supported_k8s_version:
minimum: 1.24.4
behavior:
platform_managed_app: yes
evaluate_reapply:
triggers:
- type: host-label-assign
- type: host-modify

13
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/base/helmrepository.yaml Normal file
View File

@ -0,0 +1,13 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: stx-platform
spec:
url: http://192.168.206.1:8080/helm_charts/stx-platform
interval: 1m

8
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/base/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
resources:
- helmrepository.yaml

10
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/base/namespace.yaml Normal file
View File

@ -0,0 +1,10 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Namespace
metadata:
name: distributed-cloud

16
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/dc-vault-nginx/dc-vault-nginx-static-overrides.yaml Normal file
View File

@ -0,0 +1,16 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
nginx:
replicas: 1
node_selector_key: starlingx.io/distributed-cloud
node_selector_value: enabled
volume:
vault:
size: 20Gi
backup:
size: 15Gi

5
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/dc-vault-nginx/dc-vault-nginx-system-overrides.yaml Normal file
View File

@ -0,0 +1,5 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#

36
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/dc-vault-nginx/helmrelease.yaml Normal file
View File

@ -0,0 +1,36 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
kind: HelmRelease
metadata:
name: dc-vault-nginx
labels:
chart_group: dc-vault-nginx
spec:
releaseName: dc-vault-nginx
chart:
spec:
chart: dc-vault-nginx
version: 1.0.0
sourceRef:
kind: HelmRepository
name: stx-platform
interval: 1m
timeout: 30m
test:
enable: false
install:
disableHooks: false
upgrade:
disableHooks: false
valuesFrom:
- kind: Secret
name: dc-vault-nginx-static-overrides
valuesKey: dc-vault-nginx-static-overrides.yaml
- kind: Secret
name: dc-vault-nginx-system-overrides
valuesKey: dc-vault-nginx-system-overrides.yaml

18
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/dc-vault-nginx/kustomization.yaml Normal file
View File

@ -0,0 +1,18 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
namespace: distributed-cloud
resources:
- helmrelease.yaml
secretGenerator:
- name: dc-vault-nginx-static-overrides
files:
- dc-vault-nginx-static-overrides.yaml
- name: dc-vault-nginx-system-overrides
files:
- dc-vault-nginx-system-overrides.yaml
generatorOptions:
disableNameSuffixHash: true

33
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/dcmanager/dcmanager-static-overrides.yaml Normal file
View File

@ -0,0 +1,33 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
pod:
image_pull_secrets:
default:
- name: default-registry-key
tolerations:
dcmanager:
enabled: true
endpoints:
oslo_db:
auth:
admin:
username: admin-dcmanager
dcmanager:
username: admin-dcmanager
oslo_messaging:
auth:
admin:
username: guest
dcmanager:
username: guest
identity:
auth:
admin:
username: admin
dcmanager:
username: dcmanager

5
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/dcmanager/dcmanager-system-overrides.yaml Normal file
View File

@ -0,0 +1,5 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#

36
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/dcmanager/helmrelease.yaml Normal file
View File

@ -0,0 +1,36 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
kind: HelmRelease
metadata:
name: dcmanager
labels:
chart_group: dcmanager
spec:
releaseName: dcmanager
chart:
spec:
chart: dcmanager
version: 0.1.0
sourceRef:
kind: HelmRepository
name: stx-platform
interval: 1m
timeout: 30m
test:
enable: false
install:
disableHooks: false
upgrade:
disableHooks: false
valuesFrom:
- kind: Secret
name: dcmanager-static-overrides
valuesKey: dcmanager-static-overrides.yaml
- kind: Secret
name: dcmanager-system-overrides
valuesKey: dcmanager-system-overrides.yaml

18
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/dcmanager/kustomization.yaml Normal file
View File

@ -0,0 +1,18 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
namespace: distributed-cloud
resources:
- helmrelease.yaml
secretGenerator:
- name: dcmanager-static-overrides
files:
- dcmanager-static-overrides.yaml
- name: dcmanager-system-overrides
files:
- dcmanager-system-overrides.yaml
generatorOptions:
disableNameSuffixHash: true

33
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/dcorch/dcorch-static-overrides.yaml Normal file
View File

@ -0,0 +1,33 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
pod:
image_pull_secrets:
default:
- name: default-registry-key
tolerations:
dcorch:
enabled: true
endpoints:
oslo_db:
auth:
admin:
username: admin-dcorch
dcorch:
username: admin-dcorch
oslo_messaging:
auth:
admin:
username: guest
dcorch:
username: guest
identity:
auth:
admin:
username: admin
dcorch:
username: dcorch

5
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/dcorch/dcorch-system-overrides.yaml Normal file
View File

@ -0,0 +1,5 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#

36
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/dcorch/helmrelease.yaml Normal file
View File

@ -0,0 +1,36 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
kind: HelmRelease
metadata:
name: dcorch
labels:
chart_group: dcorch
spec:
releaseName: dcorch
chart:
spec:
chart: dcorch
version: 0.1.0
sourceRef:
kind: HelmRepository
name: stx-platform
interval: 1m
timeout: 30m
test:
enable: false
install:
disableHooks: false
upgrade:
disableHooks: false
valuesFrom:
- kind: Secret
name: dcorch-static-overrides
valuesKey: dcorch-static-overrides.yaml
- kind: Secret
name: dcorch-system-overrides
valuesKey: dcorch-system-overrides.yaml

18
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/dcorch/kustomization.yaml Normal file
View File

@ -0,0 +1,18 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
namespace: distributed-cloud
resources:
- helmrelease.yaml
secretGenerator:
- name: dcorch-static-overrides
files:
- dcorch-static-overrides.yaml
- name: dcorch-system-overrides
files:
- dcorch-system-overrides.yaml
generatorOptions:
disableNameSuffixHash: true

14
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/kustomization.yaml Normal file
View File

@ -0,0 +1,14 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: distributed-cloud
resources:
- base
- dcmanager
- dcorch
- dc-vault-nginx

2
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
*.tgz
**/Chart.lock

42
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/Makefile Normal file
View File

@ -0,0 +1,42 @@
#
# Copyright 2017 The Openstack-Helm Authors.
#
# Copyright (c) 2024 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# It's necessary to set this because some environments don't link sh -> bash.
SHELL := /bin/bash
TASK := build
EXCLUDES := helm-toolkit doc tests tools logs tmp
CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
.PHONY: $(EXCLUDES) $(CHARTS)
all: $(CHARTS)
$(CHARTS):
@if [ -d $@ ]; then \
echo; \
echo "===== Processing [$@] chart ====="; \
$(MAKE) $(TASK)-$@; \
fi
init-%:
if [ -f $*/Makefile ]; then make -C $*; fi
lint-%: init-%
if [ -d $* ]; then helm lint $*; fi
build-%: lint-%
if [ -d $* ]; then helm package $*; fi
clean:
@echo "Clean all build artifacts"
rm -f */templates/_partials.tpl */templates/_globals.tpl
rm -f *tgz */charts/*tgz */requirements.lock
rm -rf */charts */tmpcharts
%:
@:

23
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dc-vault-nginx/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

9
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dc-vault-nginx/Chart.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v2
name: dc-vault-nginx
description: A Helm chart for DC Vault NGINX
version: 1.0.0
appVersion: "1.0.0"
dependencies:
- name: helm-toolkit
version: ">= 0.1.0"
repository: file://../helm-toolkit

BIN
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dc-vault-nginx/charts/helm-toolkit-0.2.59.tgz Normal file
View File

Binary file not shown.

20
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dc-vault-nginx/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,20 @@
{{- define "dc-vault-nginx.fullname" -}}
{{- if .Release.Name -}}
{{ .Release.Name }}
{{- else -}}
dc-vault-nginx
{{- end -}}
{{- end }}
{{- define "dc-vault-nginx.labels" -}}
app.kubernetes.io/name: {{ default "dc-vault-nginx" .Chart.Name }}
app.kubernetes.io/instance: {{ .Release.Name | default "dc-vault-nginx" }}
app.kubernetes.io/version: {{ .Chart.AppVersion | default "1.0.0" }}
app.kubernetes.io/managed-by: {{ .Release.Service | default "Helm" }}
{{- end }}
{{- define "dc-vault-nginx.serverNames" -}}
{{- range $index, $host := .Values.ingress.hosts -}}
{{- if $index -}} {{ " " }}{{- end -}}{{ $host.host }}
{{- end -}}
{{- end }}

27
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dc-vault-nginx/templates/configmap.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Values.nginx.configMapName }}
namespace: {{ .Release.Namespace }}
data:
nginx.conf: |
events {
worker_connections {{ .Values.nginx.worker_connections | default 1024 }};
}
http {
server {
listen {{ .Values.nginx.port }};
server_name {{ include "dc-vault-nginx.serverNames" . }};
autoindex {{ .Values.nginx.autoindex | default "on" }};
autoindex_exact_size {{ .Values.nginx.autoindex_exact_size | default "off" }};
autoindex_localtime {{ .Values.nginx.autoindex_localtime | default "on" }};
root {{ .Values.volume.vault.path | default "/opt/dc-vault" }};
location / {
root {{ .Values.volume.vault.path | default "/opt/dc-vault" }};
try_files $uri $uri/ =404;
}
}
}

61
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dc-vault-nginx/templates/deployment.yaml Normal file
View File

@ -0,0 +1,61 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.nginx.name }}
namespace: {{ .Values.namespace }}
spec:
replicas: {{ .Values.nginx.replicas }}
selector:
matchLabels:
app: {{ .Values.nginx.name }}
template:
metadata:
labels:
app: {{ .Values.nginx.name }}
spec:
nodeSelector:
{{ .Values.nginx.node_selector_key }}: {{ .Values.nginx.node_selector_value }}
containers:
- name: nginx
image: {{ .Values.nginx.image }}
ports:
- containerPort: {{ .Values.nginx.port }}
volumeMounts:
- name: {{ .Values.volume.vault.name }}
mountPath: {{ .Values.volume.vault.path }}
- name: {{ .Values.volume.backup.name }}
mountPath: {{ .Values.volume.backup.path }}
- name: {{ .Values.volume.platform.name }}
mountPath: {{ .Values.volume.platform.path }}
- name: nginx-config
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
volumes:
{{- if .Values.volume.vault.enabled }}
- name: {{ .Values.volume.vault.name }}
persistentVolumeClaim:
claimName: {{ .Values.volume.vault.claimName }}
{{- else }}
- name: {{ .Values.volume.vault.name }}
hostPath:
path: {{ .Values.conf.vault.base_path }}
type: DirectoryOrCreate
{{- end }}
{{- if .Values.volume.backup.enabled }}
- name: {{ .Values.volume.backup.name }}
persistentVolumeClaim:
claimName: {{ .Values.volume.backup.claimName }}
{{- else }}
- name: {{ .Values.volume.backup.name }}
hostPath:
path: {{ .Values.conf.backup.base_path }}
type: DirectoryOrCreate
{{- end }}
{{- if .Values.volume.platform.enabled }}
- name: {{ .Values.volume.platform.name }}
persistentVolumeClaim:
claimName: {{ .Values.volume.platform.claimName }}
{{- end }}
- name: nginx-config
configMap:
name: {{ .Values.nginx.configMapName }}

31
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dc-vault-nginx/templates/ingress.yaml Normal file
View File

@ -0,0 +1,31 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := .Values.service.name -}}
{{- $svcPort := .Values.nginx.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "dc-vault-nginx.fullname" . }}
labels:
{{ include "dc-vault-nginx.labels" . | nindent 4 }}
annotations:
{{- with .Values.ingress.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
ingressClassName: {{ .Values.ingress.className }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
pathType: {{ .pathType | default "Prefix" }}
backend:
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

62
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dc-vault-nginx/templates/pvc.yaml Normal file
View File

@ -0,0 +1,62 @@
{{- if .Values.volume.vault.enabled }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .Values.volume.vault.claimName }}
namespace: {{ .Values.namespace }}
spec:
accessModes: {{ .Values.volume.vault.accessModes | toYaml | nindent 2 }}
resources:
requests:
storage: {{ .Values.volume.vault.size }}
storageClassName: {{ .Values.volume.vault.class_name }}
{{- end }}
{{- if .Values.volume.backup.enabled }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .Values.volume.backup.claimName }}
namespace: {{ .Values.namespace }}
spec:
accessModes: {{ .Values.volume.backup.accessModes | toYaml | nindent 2 }}
resources:
requests:
storage: {{ .Values.volume.backup.size }}
storageClassName: {{ .Values.volume.backup.class_name }}
{{- end }}
{{- if .Values.volume.platform.enabled }}
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ .Values.volume.platform.volumeName }}
spec:
capacity:
storage: {{ .Values.volume.platform.size }}
accessModes:
- {{ .Values.volume.platform.accessModes | join ", " }}
hostPath:
path: {{ .Values.volume.platform.path }}
type: DirectoryOrCreate
persistentVolumeReclaimPolicy: Retain
storageClassName: manual
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .Values.volume.platform.claimName }}
namespace: {{ .Values.namespace }}
spec:
accessModes:
- {{ .Values.volume.platform.accessModes | join ", " }}
resources:
requests:
storage: {{ .Values.volume.platform.size }}
volumeName: {{ .Values.volume.platform.volumeName }}
storageClassName: manual
{{- end }}

23
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dc-vault-nginx/templates/service.yaml Normal file
View File

@ -0,0 +1,23 @@
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.service.name }}
namespace: {{ .Release.Namespace }}
spec:
{{- if .Values.service.type }}
type: {{ .Values.service.type }} # ClusterIP or NodePort
{{- else }}
type: ClusterIP
{{- end }}
ports:
- name: http
port: {{ .Values.service.port }}
targetPort: {{ .Values.service.port }}
{{- if and (eq .Values.service.type "NodePort") .Values.service.nodePort }}
nodePort: {{ .Values.service.nodePort }}
{{- end }}
selector:
app: {{ .Values.nginx.name }}
{{- if and (eq .Values.service.type "NodePort") .Values.service.externalPolicyLocal }}
externalTrafficPolicy: Local
{{- end }}

69
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dc-vault-nginx/values.yaml Normal file
View File

@ -0,0 +1,69 @@
namespace: distributed-cloud
nginx:
name: dc-vault-nginx
replicas: 1
image: nginx:stable-alpine
port: 8125
storageMountPath: /var/www/dc-vault
configMapName: dc-vault-nginx-config
node_selector_key: starlingx.io/distributed-cloud
node_selector_value: enabled
worker_connections: 1024
autoindex: "on"
autoindex_exact_size: "off"
autoindex_localtime: "on"
imagePullSecrets:
- name: default-registry-key
service:
name: "dc-vault-nginx-service"
type: NodePort # "ClusterIP" or "NodePort"
port: 8125
nodePort: 30080
externalPolicyLocal: false
ingress:
enabled: true
className: "nginx"
annotations: ""
hosts:
- host: controller-0-cluster-host
paths:
- path: /
pathType: Prefix
- host: controller-1-cluster-host
paths:
- path: /
pathType: Prefix
tls: []
volume:
vault:
enabled: true
accessModes:
- ReadWriteMany
class_name: cephfs
size: 15Gi
name: dc-vault-dir
claimName: dc-vault-pvc
path: /opt/dc-vault
backup:
enabled: true
accessModes:
- ReadWriteMany
class_name: cephfs
size: 10Gi
name: dc-backup-dir
claimName: dc-backup-pvc
path: /opt/dc-vault/backups
platform:
name: platform-volume
enabled: true
accessModes:
- ReadWriteMany
claimName: platform-pvc
path: /opt/platform
size: 15Gi
volumeName: platform-pv

23
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

29
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/Chart.yaml Normal file
View File

@ -0,0 +1,29 @@
apiVersion: v2
name: dcmanager
description: StarlingX Distributed Cloud Manager Service
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.0"
dependencies:
- name: helm-toolkit
version: ">= 0.1.0"
repository: file://../helm-toolkit

BIN
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/charts/helm-toolkit-0.2.59.tgz Normal file
View File

Binary file not shown.

62
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "dcmanager.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "dcmanager.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "dcmanager.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "dcmanager.labels" -}}
helm.sh/chart: {{ include "dcmanager.chart" . }}
{{ include "dcmanager.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "dcmanager.selectorLabels" -}}
app.kubernetes.io/name: {{ include "dcmanager.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "dcmanager.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "dcmanager.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

11
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/bin/_db-drop.sh.tpl Normal file
View File

@ -0,0 +1,11 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
dropdb -h 127.0.0.1 -Uroot dcmanager

11
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/bin/_db-sync.sh.tpl Normal file
View File

@ -0,0 +1,11 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
dcmanager-manage db_sync

16
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/bin/_dcmanager-api.sh.tpl Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
if ! update-ca-certificates; then
echo "Failed to update CA certificates!" >&2
exit 1
fi
python /var/lib/openstack/bin/dcmanager-api --config-file=/etc/dcmanager/dcmanager.conf

16
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/bin/_dcmanager-audit-worker.sh.tpl Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
if ! update-ca-certificates; then
echo "Failed to update CA certificates!" >&2
exit 1
fi
python /var/lib/openstack/bin/dcmanager-audit-worker --config-file=/etc/dcmanager/dcmanager.conf

16
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/bin/_dcmanager-audit.sh.tpl Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
if ! update-ca-certificates; then
echo "Failed to update CA certificates!" >&2
exit 1
fi
python /var/lib/openstack/bin/dcmanager-audit --config-file=/etc/dcmanager/dcmanager.conf

17
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/bin/_dcmanager-manager.sh.tpl Normal file
View File

@ -0,0 +1,17 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
if ! update-ca-certificates; then
echo "Failed to update CA certificates!" >&2
exit 1
fi
python /var/lib/openstack/bin/dcmanager-manager --config-file=/etc/dcmanager/dcmanager.conf

11
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/bin/_dcmanager-orchestrator.sh.tpl Normal file
View File

@ -0,0 +1,11 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
python /var/lib/openstack/bin/dcmanager-orchestrator --config-file=/etc/dcmanager/dcmanager.conf

11
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/bin/_dcmanager-state.sh.tpl Normal file
View File

@ -0,0 +1,11 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
python /var/lib/openstack/bin/dcmanager-state --config-file=/etc/dcmanager/dcmanager.conf

37
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/configmap-bin.yaml Normal file
View File

@ -0,0 +1,37 @@
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
apiVersion: v1
kind: ConfigMap
metadata:
name: dcmanager-bin
data:
dcmanager-api.sh: |
{{ tuple "bin/_dcmanager-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
dcmanager-manager.sh: |
{{ tuple "bin/_dcmanager-manager.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
dcmanager-state.sh: |
{{ tuple "bin/_dcmanager-state.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
dcmanager-orchestrator.sh: |
{{ tuple "bin/_dcmanager-orchestrator.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
dcmanager-audit.sh: |
{{ tuple "bin/_dcmanager-audit.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
dcmanager-audit-worker.sh: |
{{ tuple "bin/_dcmanager-audit-worker.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
db-sync.sh: |
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
db-init.py: |
{{- include "helm-toolkit.scripts.db_init" . | indent 4 }}
db-drop.sh: |
{{ tuple "bin/_db-drop.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
db-drop.py: |
{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }}
ks-service.sh: |
{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }}
ks-endpoints.sh: |
{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
ks-user.sh: |
{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}

156
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/deployment-api.yaml Normal file
View File

@ -0,0 +1,156 @@
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- define "dcManagerApiLivenessProbeTemplate" }}
tcpSocket:
port: {{ tuple "dcmanager" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
{{- if .Values.manifests.deployment_api }}
{{- $envAll := . }}
{{- $mounts_dcmanager_api := .Values.pod.mounts.api.dcmanager }}
{{- $mounts_dcmanager_api_init := .Values.pod.mounts.api.init_container }}
{{- $serviceAccountName := "dcmanager" }}
{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: dcmanager-api
labels:
{{ tuple $envAll "dcmanager" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
{{- if not .Values.pod.autoscaling.enabled }}
replicas: {{ .Values.pod.replicas.api }}
{{- end }}
selector:
matchLabels:
{{ tuple $envAll "dcmanager" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
{{- with .Values.pod.annotations.api }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{ tuple $envAll "dcmanager" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "api" $mounts_dcmanager_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: dcmanager
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: REQUESTS_CA_BUNDLE
value: /etc/ssl/certs/ca-certificates.crt
volumeMounts:
- name: dcmanager-bin
mountPath: /tmp/dcmanager-api.sh
subPath: dcmanager-api.sh
readOnly: true
- name: dcmanager-etc
mountPath: /etc/dcmanager/dcmanager.conf
subPath: dcmanager.conf
readOnly: true
- name: dcmanager-etc
mountPath: /etc/dcmanager/logging.conf
subPath: logging.conf
readOnly: true
- name: buildinfo
mountPath: /etc/build.info
readOnly: true
- name: platformconf
mountPath: /etc/platform/platform.conf
readOnly: true
- name: applications
mountPath: /usr/local/share/applications/
readOnly: true
- name: dc-vault-dir
mountPath: {{ .Values.conf.dcmanager.vault.base_path }}
- name: dc-backup-dir
mountPath: {{ .Values.conf.dcmanager.backup.base_path }}
- name: dc-deploy-dir
mountPath: {{ .Values.conf.dcmanager.deploy.base_path }}/{{ .Values.conf.dcmanager.deploy.version }}
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
mountPath: /usr/local/share/ca-certificates/root-ca.crt
subPath: ca.crt
readOnly: true
{{- end }}
{{ if $mounts_dcmanager_api.volumeMounts }}{{ toYaml $mounts_dcmanager_api.volumeMounts | indent 12 }}{{ end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.dcmanager.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ dict "envAll" . "component" "api" "container" "default" "type" "liveness" "probeTemplate" (include "dcManagerApiLivenessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
command:
- /tmp/dcmanager-api.sh
image: "{{ .Values.images.tags.dcmanager }}"
imagePullPolicy: {{ .Values.images.pullPolicy }}
ports:
- name: http
containerPort: {{ tuple "dcmanager" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
protocol: TCP
{{ tuple $envAll "dcmanager" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ .Values.labels.dcmanager.node_selector_key }}: {{ .Values.labels.dcmanager.node_selector_value }}
{{ if $envAll.Values.pod.tolerations.dcmanager.enabled }}
{{ tuple $envAll "dcmanager" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
affinity:
{{ tuple $envAll "dcmanager" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
volumes:
- name: dcmanager-etc
secret:
secretName: dcmanager-etc
defaultMode: 0644
- name: dcmanager-bin
configMap:
name: dcmanager-bin
defaultMode: 0755
- name: buildinfo
hostPath:
path: /etc/build.info
- name: platformconf
hostPath:
path: /etc/platform/platform.conf
- name: applications
hostPath:
path: /usr/local/share/applications
type: Directory
- name: dc-deploy-dir
hostPath:
path: /opt/dc-vault/deploy/{{ .Values.conf.dcmanager.deploy.version }}
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
secret:
secretName: {{ .Values.ca_certificates.root_ca }}
defaultMode: 0644
{{- end }}
{{- if and .Values.volume.vault.enabled .Values.manifests.pvc_vault }}
- name: dc-vault-dir
persistentVolumeClaim:
claimName: dc-vault-pvc
{{- else }}
- name: dc-vault-dir
hostPath:
path: {{ .Values.conf.dcmanager.vault.base_path }}
type: DirectoryOrCreate
{{- end }}
{{- if and .Values.volume.backup.enabled .Values.manifests.pvc_backup }}
- name: dc-backup-dir
persistentVolumeClaim:
claimName: dc-backup-pvc
{{- else }}
- name: dc-backup-dir
hostPath:
path: {{ .Values.conf.dcmanager.backup.base_path }}
type: DirectoryOrCreate
{{- end }}
{{ if $mounts_dcmanager_api.volumes }}{{ toYaml $mounts_dcmanager_api.volumes | indent 8 }}{{ end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.dcmanager.api.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end }}

96
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/deployment-audit-worker.yaml Normal file
View File

@ -0,0 +1,96 @@
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.deployment_audit }}
{{- $envAll := . }}
{{- $mounts_dcmanager_audit := .Values.pod.mounts.audit.dcmanager }}
{{- $mounts_dcmanager_audit_init := .Values.pod.mounts.audit.init_container }}
{{- $serviceAccountName := "dcmanager-audit-worker" }}
{{ tuple $envAll "audit" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: dcmanager-audit-worker
labels:
{{ tuple $envAll "dcmanager" "audit" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
{{- if not .Values.pod.autoscaling.enabled }}
replicas: {{ .Values.pod.replicas.audit_worker }}
{{- end }}
selector:
matchLabels:
{{ tuple $envAll "dcmanager" "audit" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
{{- with .Values.pod.annotations.audit }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{ tuple $envAll "dcmanager" "audit" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "audit" $mounts_dcmanager_audit_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: dcmanager
{{ tuple $envAll $envAll.Values.pod.resources.audit_worker | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: REQUESTS_CA_BUNDLE
value: /etc/ssl/certs/ca-certificates.crt
volumeMounts:
- name: dcmanager-bin
mountPath: /tmp/dcmanager-audit-worker.sh
subPath: dcmanager-audit-worker.sh
readOnly: true
- name: dcmanager-etc
mountPath: /etc/dcmanager/dcmanager.conf
subPath: dcmanager.conf
readOnly: true
- name: dcmanager-etc
mountPath: /etc/dcmanager/logging.conf
subPath: logging.conf
readOnly: true
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
mountPath: /usr/local/share/ca-certificates/root-ca.crt
subPath: ca.crt
readOnly: true
{{- end }}
{{ if $mounts_dcmanager_audit.volumeMounts }}{{ toYaml $mounts_dcmanager_audit.volumeMounts | indent 12 }}{{ end }}
command:
- /tmp/dcmanager-audit-worker.sh
image: "{{ .Values.images.tags.dcmanager }}"
imagePullPolicy: {{ .Values.images.pullPolicy }}
{{ tuple $envAll "dcmanager" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ .Values.labels.dcmanager.node_selector_key }}: {{ .Values.labels.dcmanager.node_selector_value }}
{{ if $envAll.Values.pod.tolerations.dcmanager.enabled }}
{{ tuple $envAll "dcmanager" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
affinity:
{{ tuple $envAll "dcmanager" "audit" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
volumes:
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
secret:
secretName: {{ .Values.ca_certificates.root_ca }}
defaultMode: 0644
{{- end }}
- name: dcmanager-etc
secret:
secretName: dcmanager-etc
defaultMode: 0644
- name: dcmanager-bin
configMap:
name: dcmanager-bin
defaultMode: 0755
{{ if $mounts_dcmanager_audit.volumes }}{{ toYaml $mounts_dcmanager_audit.volumes | indent 8 }}{{ end }}
{{- end }}

138
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/deployment-audit.yaml Normal file
View File

@ -0,0 +1,138 @@
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.deployment_audit }}
{{- $envAll := . }}
{{- $mounts_dcmanager_audit := .Values.pod.mounts.audit.dcmanager }}
{{- $mounts_dcmanager_audit_init := .Values.pod.mounts.audit.init_container }}
{{- $serviceAccountName := "dcmanager-audit" }}
{{ tuple $envAll "audit" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: dcmanager-audit
labels:
{{ tuple $envAll "dcmanager" "audit" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
{{- if not .Values.pod.autoscaling.enabled }}
replicas: {{ .Values.pod.replicas.audit }}
{{- end }}
selector:
matchLabels:
{{ tuple $envAll "dcmanager" "audit" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
{{- with .Values.pod.annotations.audit }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{ tuple $envAll "dcmanager" "audit" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "audit" $mounts_dcmanager_audit_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: dcmanager
{{ tuple $envAll $envAll.Values.pod.resources.audit | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: REQUESTS_CA_BUNDLE
value: /etc/ssl/certs/ca-certificates.crt
volumeMounts:
- name: dcmanager-bin
mountPath: /tmp/dcmanager-audit.sh
subPath: dcmanager-audit.sh
readOnly: true
- name: dcmanager-etc
mountPath: /etc/dcmanager/dcmanager.conf
subPath: dcmanager.conf
readOnly: true
- name: dcmanager-etc
mountPath: /etc/dcmanager/logging.conf
subPath: logging.conf
readOnly: true
- name: platform-volume
mountPath: /opt/platform/
- name: buildinfo
mountPath: /etc/build.info
readOnly: true
- name: platformconf
mountPath: /etc/platform/platform.conf
readOnly: true
- name: dc-vault-dir
mountPath: {{ .Values.conf.dcmanager.vault.base_path }}
- name: dc-backup-dir
mountPath: {{ .Values.conf.dcmanager.backup.base_path }}
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
mountPath: /usr/local/share/ca-certificates/root-ca.crt
subPath: ca.crt
readOnly: true
{{- end }}
{{ if $mounts_dcmanager_audit.volumeMounts }}{{ toYaml $mounts_dcmanager_audit.volumeMounts | indent 12 }}{{ end }}
command:
- /tmp/dcmanager-audit.sh
image: "{{ .Values.images.tags.dcmanager }}"
imagePullPolicy: {{ .Values.images.pullPolicy }}
{{ tuple $envAll "dcmanager" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ .Values.labels.dcmanager.node_selector_key }}: {{ .Values.labels.dcmanager.node_selector_value }}
{{ if $envAll.Values.pod.tolerations.dcmanager.enabled }}
{{ tuple $envAll "dcmanager" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
affinity:
{{ tuple $envAll "dcmanager" "audit" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
volumes:
- name: dcmanager-etc
secret:
secretName: dcmanager-etc
defaultMode: 0644
- name: dcmanager-bin
configMap:
name: dcmanager-bin
defaultMode: 0755
- name: platform-volume
hostPath:
path: /opt/platform/
type: DirectoryOrCreate
- name: buildinfo
hostPath:
path: /etc/build.info
- name: platformconf
hostPath:
path: /etc/platform/platform.conf
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
secret:
secretName: {{ .Values.ca_certificates.root_ca }}
defaultMode: 0644
{{- end }}
{{- if and .Values.volume.vault.enabled .Values.manifests.pvc_vault }}
- name: dc-vault-dir
persistentVolumeClaim:
claimName: dc-vault-pvc
{{- else }}
- name: dc-vault-dir
hostPath:
path: {{ .Values.conf.dcmanager.vault.base_path }}
type: DirectoryOrCreate
{{- end }}
{{- if and .Values.volume.backup.enabled .Values.manifests.pvc_backup }}
- name: dc-backup-dir
persistentVolumeClaim:
claimName: dc-backup-pvc
{{- else }}
- name: dc-backup-dir
hostPath:
path: {{ .Values.conf.dcmanager.backup.base_path }}
type: DirectoryOrCreate
{{- end }}
{{ if $mounts_dcmanager_audit.volumes }}{{ toYaml $mounts_dcmanager_audit.volumes | indent 8 }}{{ end }}
{{- end }}

162
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/deployment-manager.yaml Normal file
View File

@ -0,0 +1,162 @@
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.deployment_manager }}
{{- $envAll := . }}
{{- $mounts_dcmanager_manager := .Values.pod.mounts.manager.dcmanager }}
{{- $mounts_dcmanager_manager_init := .Values.pod.mounts.manager.init_container }}
{{- $serviceAccountName := "dcmanager-manager" }}
{{ tuple $envAll "manager" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: dcmanager-manager
labels:
{{ tuple $envAll "dcmanager" "manager" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
{{- if not .Values.pod.autoscaling.enabled }}
replicas: {{ .Values.pod.replicas.manager }}
{{- end }}
selector:
matchLabels:
{{ tuple $envAll "dcmanager" "manager" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
{{- with .Values.pod.annotations.manager }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{ tuple $envAll "dcmanager" "manager" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "manager" $mounts_dcmanager_manager_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: dcmanager
{{ tuple $envAll $envAll.Values.pod.resources.manager | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: REQUESTS_CA_BUNDLE
value: /etc/ssl/certs/ca-certificates.crt
volumeMounts:
- name: dcmanager-bin
mountPath: /tmp/dcmanager-manager.sh
subPath: dcmanager-manager.sh
readOnly: true
- name: dcmanager-etc
mountPath: /etc/dcmanager/dcmanager.conf
subPath: dcmanager.conf
readOnly: true
- name: dcmanager-etc
mountPath: /etc/dcmanager/logging.conf
subPath: logging.conf
readOnly: true
- name: dcmanager-etc
mountPath: /etc/ansible/ansible.cfg
subPath: ansible.cfg
readOnly: true
- name: platform-volume
mountPath: /opt/platform
- name: buildinfo
mountPath: /etc/build.info
readOnly: true
- name: platformconf
mountPath: /etc/platform/platform.conf
readOnly: true
- name: pki-volume
mountPath: /etc/kubernetes/pki
readOnly: true
- name: registry-cert-volume
mountPath: /etc/docker/certs.d/registry.local:9001/registry-cert.crt
readOnly: true
- name: kube-config
mountPath: /etc/kubernetes/admin.conf
readOnly: true
- name: dc-vault-dir
mountPath: {{ .Values.conf.dcmanager.vault.base_path }}
- name: dc-backup-dir
mountPath: {{ .Values.conf.dcmanager.backup.base_path }}
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
mountPath: /usr/local/share/ca-certificates/root-ca.crt
subPath: ca.crt
readOnly: true
{{- end }}
{{ if $mounts_dcmanager_manager.volumeMounts }}{{ toYaml $mounts_dcmanager_manager.volumeMounts | indent 12 }}{{ end }}
command:
- /tmp/dcmanager-manager.sh
image: "{{ .Values.images.tags.dcmanager }}"
imagePullPolicy: {{ .Values.images.pullPolicy }}
{{ tuple $envAll "dcmanager" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ .Values.labels.dcmanager.node_selector_key }}: {{ .Values.labels.dcmanager.node_selector_value }}
{{ if $envAll.Values.pod.tolerations.dcmanager.enabled }}
{{ tuple $envAll "dcmanager" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
affinity:
{{ tuple $envAll "dcmanager" "manager" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
volumes:
- name: dcmanager-etc
secret:
secretName: dcmanager-etc
defaultMode: 0644
- name: dcmanager-bin
configMap:
name: dcmanager-bin
defaultMode: 0755
- name: platform-volume
hostPath:
path: /opt/platform/
type: DirectoryOrCreate
- name: kube-config
hostPath:
path: /etc/kubernetes/admin.conf
- name: buildinfo
hostPath:
path: /etc/build.info
- name: platformconf
hostPath:
path: /etc/platform/platform.conf
- name: pki-volume
hostPath:
path: /etc/kubernetes/pki
defaultMode: 0644
- name: registry-cert-volume
hostPath:
path: /etc/docker/certs.d/registry.local:9001/registry-cert.crt
type: File
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
secret:
secretName: {{ .Values.ca_certificates.root_ca }}
defaultMode: 0644
{{- end }}
{{- if and .Values.volume.vault.enabled .Values.manifests.pvc_vault }}
- name: dc-vault-dir
persistentVolumeClaim:
claimName: dc-vault-pvc
{{- else }}
- name: dc-vault-dir
hostPath:
path: {{ .Values.conf.dcmanager.vault.base_path }}
type: DirectoryOrCreate
{{- end }}
{{- if and .Values.volume.backup.enabled .Values.manifests.pvc_backup }}
- name: dc-backup-dir
persistentVolumeClaim:
claimName: dc-backup-pvc
{{- else }}
- name: dc-backup-dir
hostPath:
path: {{ .Values.conf.dcmanager.backup.base_path }}
type: DirectoryOrCreate
{{- end }}
{{ if $mounts_dcmanager_manager.volumes }}{{ toYaml $mounts_dcmanager_manager.volumes | indent 8 }}{{ end }}
{{- end }}

84
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/deployment-orchestrator.yaml Normal file
View File

@ -0,0 +1,84 @@
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.deployment_orchestrator }}
{{- $envAll := . }}
{{- $mounts_dcmanager_orchestrator := .Values.pod.mounts.orchestrator.dcmanager }}
{{- $mounts_dcmanager_orchestrator_init := .Values.pod.mounts.orchestrator.init_container }}
{{- $serviceAccountName := "dcmanager-orchestrator" }}
{{ tuple $envAll "orchestrator" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: dcmanager-orchestrator
labels:
{{ tuple $envAll "dcmanager" "orchestrator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
{{- if not .Values.pod.autoscaling.enabled }}
replicas: {{ .Values.pod.replicas.orchestrator }}
{{- end }}
selector:
matchLabels:
{{ tuple $envAll "dcmanager" "orchestrator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
{{- with .Values.pod.annotations.orchestrator }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{ tuple $envAll "dcmanager" "orchestrator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "orchestrator" $mounts_dcmanager_orchestrator_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: dcmanager
{{ tuple $envAll $envAll.Values.pod.resources.orchestrator | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
envFrom:
- secretRef:
name: dcmanager-keystone-admin
volumeMounts:
- name: dcmanager-bin
mountPath: /tmp/dcmanager-orchestrator.sh
subPath: dcmanager-orchestrator.sh
readOnly: true
- name: dcmanager-etc
mountPath: /etc/dcmanager/dcmanager.conf
subPath: dcmanager.conf
readOnly: true
- name: dcmanager-etc
mountPath: /etc/dcmanager/logging.conf
subPath: logging.conf
readOnly: true
{{ if $mounts_dcmanager_orchestrator.volumeMounts }}{{ toYaml $mounts_dcmanager_orchestrator.volumeMounts | indent 12 }}{{ end }}
command:
- /tmp/dcmanager-orchestrator.sh
image: "{{ .Values.images.tags.dcmanager }}"
imagePullPolicy: {{ .Values.images.pullPolicy }}
{{ tuple $envAll "dcmanager" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ .Values.labels.dcmanager.node_selector_key }}: {{ .Values.labels.dcmanager.node_selector_value }}
{{ if $envAll.Values.pod.tolerations.dcmanager.enabled }}
{{ tuple $envAll "dcmanager" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
affinity:
{{ tuple $envAll "dcmanager" "orchestrator" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
volumes:
- name: dcmanager-etc
secret:
secretName: dcmanager-etc
defaultMode: 0644
- name: dcmanager-bin
configMap:
name: dcmanager-bin
defaultMode: 0755
{{ if $mounts_dcmanager_orchestrator.volumes }}{{ toYaml $mounts_dcmanager_orchestrator.volumes | indent 8 }}{{ end }}
{{- end }}

84
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/deployment-state.yaml Normal file
View File

@ -0,0 +1,84 @@
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.deployment_state }}
{{- $envAll := . }}
{{- $mounts_dcmanager_state := .Values.pod.mounts.state.dcmanager }}
{{- $mounts_dcmanager_state_init := .Values.pod.mounts.state.init_container }}
{{- $serviceAccountName := "dcmanager-state" }}
{{ tuple $envAll "state" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: dcmanager-state
labels:
{{ tuple $envAll "dcmanager" "state" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
{{- if not .Values.pod.autoscaling.enabled }}
replicas: {{ .Values.pod.replicas.state }}
{{- end }}
selector:
matchLabels:
{{ tuple $envAll "dcmanager" "state" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
{{- with .Values.pod.annotations.state }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{ tuple $envAll "dcmanager" "state" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "state" $mounts_dcmanager_state_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: dcmanager
{{ tuple $envAll $envAll.Values.pod.resources.state | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
envFrom:
- secretRef:
name: dcmanager-keystone-admin
volumeMounts:
- name: dcmanager-bin
mountPath: /tmp/dcmanager-state.sh
subPath: dcmanager-state.sh
readOnly: true
- name: dcmanager-etc
mountPath: /etc/dcmanager/dcmanager.conf
subPath: dcmanager.conf
readOnly: true
- name: dcmanager-etc
mountPath: /etc/dcmanager/logging.conf
subPath: logging.conf
readOnly: true
{{ if $mounts_dcmanager_state.volumeMounts }}{{ toYaml $mounts_dcmanager_state.volumeMounts | indent 12 }}{{ end }}
command:
- /tmp/dcmanager-state.sh
image: "{{ .Values.images.tags.dcmanager }}"
imagePullPolicy: {{ .Values.images.pullPolicy }}
{{ tuple $envAll "dcmanager" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ .Values.labels.dcmanager.node_selector_key }}: {{ .Values.labels.dcmanager.node_selector_value }}
{{ if $envAll.Values.pod.tolerations.dcmanager.enabled }}
{{ tuple $envAll "dcmanager" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
affinity:
{{ tuple $envAll "dcmanager" "state" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
volumes:
- name: dcmanager-etc
secret:
secretName: dcmanager-etc
defaultMode: 0644
- name: dcmanager-bin
configMap:
name: dcmanager-bin
defaultMode: 0755
{{ if $mounts_dcmanager_state.volumes }}{{ toYaml $mounts_dcmanager_state.volumes | indent 8 }}{{ end }}
{{- end }}

61
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/ingress.yaml Normal file
View File

@ -0,0 +1,61 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "dcmanager.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "dcmanager.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

13
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/job-db-drop.yaml Normal file
View File

@ -0,0 +1,13 @@
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.job_db_drop }}
{{- $dbDropJob := dict "envAll" . "serviceName" "dcmanager" -}}
{{- if .Values.pod.tolerations.dcmanager.enabled -}}
{{- $_ := set $dbDropJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }}
{{- end }}

13
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/job-db-init.yaml Normal file
View File

@ -0,0 +1,13 @@
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.job_db_init }}
{{- $dbInitJob := dict "envAll" . "serviceName" "dcmanager" -}}
{{- if .Values.pod.tolerations.dcmanager.enabled -}}
{{- $_ := set $dbInitJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }}
{{- end }}

13
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/job-db-sync.yaml Normal file
View File

@ -0,0 +1,13 @@
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.job_db_sync }}
{{- $dbSyncJob := dict "envAll" . "serviceName" "dcmanager" -}}
{{- if .Values.pod.tolerations.dcmanager.enabled -}}
{{- $_ := set $dbSyncJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }}
{{- end }}

16
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/job-ks-endpoints.yaml Normal file
View File

@ -0,0 +1,16 @@
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.job_ks_endpoints }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "dcmanager" "serviceTypes" ( tuple "dcmanager" ) -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.dcmanager.api.public -}}
{{- end -}}
{{- if .Values.pod.tolerations.dcmanager.enabled -}}
{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }}
{{- end }}

16
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/job-ks-service.yaml Normal file
View File

@ -0,0 +1,16 @@
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.job_ks_service }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "dcmanager" "serviceTypes" ( tuple "dcmanager" ) -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.dcmanager.api.public -}}
{{- end -}}
{{- if .Values.pod.tolerations.dcmanager.enabled -}}
{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }}
{{- end }}

16
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/job-ks-user.yaml Normal file
View File

@ -0,0 +1,16 @@
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.job_ks_user }}
{{- $ksUserJob := dict "envAll" . "serviceName" "dcmanager" -}}
{{- if .Values.pod.tolerations.dcmanager.enabled -}}
{{- $_ := set $ksUserJob "tolerationsEnabled" true -}}
{{- end -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.dcmanager.api.public -}}
{{- end -}}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}

19
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/pvc-backup.yaml Normal file
View File

@ -0,0 +1,19 @@
# {{/*
# #
# # SPDX-License-Identifier: Apache-2.0
# #
# */}}
# {{- if and .Values.volume.backup.enabled .Values.manifests.pvc_backup }}
# ---
# kind: PersistentVolumeClaim
# apiVersion: v1
# metadata:
# name: dc-backup-pvc
# spec:
# accessModes: {{ .Values.volume.backup.accessModes }}
# resources:
# requests:
# storage: {{ .Values.volume.backup.size }}
# storageClassName: {{ .Values.volume.backup.class_name }}
# {{- end }}

Some files were not shown because too many files have changed in this diff Show More