starlingx/app-distributed-cloud
Code Issues Proposed changes

Add Helm charts for dcorch, dcdbsync and dcagent

Browse Source 
This review adds the Helm charts for dcagent, dcdbsync, and dcorch —
including components like dcorch-api, dcorch-engine,
dcorch-engine-worker, and the various dcorch-* proxies.

At this stage, subcloud synchronization via dcorch is functional.

The job-ks-user templates create the OpenStack users for dcagent,
dcorch, and dcdbsync. The job-ks-service templates register the
dcagent, dcorch-dcdbsync, and dcdbsync OpenStack services.

The job-ks-endpoints templates create the OpenStack endpoints for
each API: dcagent, dcdbsync, identity-proxy, sysinv-proxy,
usm-proxy, and patching-proxy.

For dcdbsync, the approach is slightly different, as it must run on
both the SystemController and the subcloud. To support this,
nodeAffinity was added to all dcdbsync jobs and to the
dcdbsync-api pod, using the starlingx.io/distributed-cloud and
starlingx.io/subcloud labels.

For dcagent and dcdbsync in the subcloud, incoming traffic from the
SystemController is routed through HAProxy admin ports — 8220 for
dcdbsync and 8326 for dcagent. HAProxy then forwards the traffic to
controller.internal:8219 for dcdbsync and controller.internal:8325
for dcagent.

To support this behavior, two new deployments were added:
dcdbsync-nginx-proxy.yaml and dcagent-nginx-proxy.yaml. These run
NGINX containers that listen on 0.0.0.0:8219 and 0.0.0.0:8325
respectively, and forward traffic to the internal dcdbsync-api and
dcagent-api services.

Test Plan:
  PASS: During a subcloud add command, verify that dcorch receives
        notifications from dcmanager-state, and that the subcloud
        is correctly added to the database.
  PASS: Initial sync process completes successfully.
  PASS: Both dcagent and dcdbsync in the subcloud is reached correctly
        from Systemcontroller.
  PASS: Identity and platform resource propagation works correctly.
        Verify dcorch audit, dcorch sync, dcdbsync and dcagent
        behavior.
  PASS: Resource propagation through the proxy works as expected.
        Verify keystone and platform api-proxies functionality.
  PASS: Run a software upload command with --os-region-name
        SystemController and verify that it works correctly and that
        the content is added to dc-vault.

Story: 2011312
Task: 51859

Change-Id: I431d9ab83ab17bbf5ea712e4bb5c65a427c85d78
Co-Authored-By: Yuxing Jiang <yuxing.jiang@windriver.com>
Signed-off-by: Enzo Candotti <Enzo.Candotti@windriver.com>
This commit is contained in:
Enzo Candotti 2025-03-24 18:19:02 -03:00
parent 05b7684f3e
commit 89135ed0f1
109 changed files with 4768 additions and 191 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

197
README.md
View File

@ -26,11 +26,12 @@ sudo sm-unmanage service dcorch-patch-api-proxy
sudo sm-unmanage service dcorch-identity-api-proxy sudo sm-unmanage service dcorch-identity-api-proxy
sudo sm-unmanage service dcdbsync-api sudo sm-unmanage service dcdbsync-api
sudo sm-unmanage service dcagent-api
sudo pkill -f ^".*/bin/dcmanager.*" sudo pkill -f ^".*/bin/dcmanager.*"
sudo pkill -f ^".*/bin/dcorch.*" sudo pkill -f ^".*/bin/dcorch.*"
sudo pkill -f ^".*/bin/dcdbsync.*" sudo pkill -f ^".*/bin/dcdbsync.*"
sudo pkill -f ^".*/bin/dcagent.*"
``` ```
## Platform Setup ## Platform Setup
@ -50,11 +51,21 @@ system host-label-assign controller-1 starlingx.io/distributed-cloud=enabled
kubectl create namespace distributed-cloud kubectl create namespace distributed-cloud
# Create system-local-ca secret # Create default-registry-key secret | if using registry.local:9001
kubectl create secret docker-registry default-registry-key \
--docker-server=registry.local:9001 \
--docker-username=admin \
--docker-password=${OS_PASSWORD} \
--namespace=distributed-cloud
# Create ca-cert secret to allow SSL
sudo cp /etc/ssl/certs/ca-certificates.crt /home/sysadmin
sudo chown sysadmin:sys_protected /home/sysadmin/ca-certificates.crt
kubectl -n distributed-cloud create secret generic root-ca --from-file=ca.crt=/home/sysadmin/ca-certificates.crt
cp /etc/ssl/certs/dc-adminep-root-ca.pem /home/sysadmin/root-ca.pem
kubectl -n distributed-cloud create secret generic root-ca --from-file=ca.crt=/home/sysadmin/root-ca.pem
``` ```
## Distributed Cloud Application Deployment (development) ## Distributed Cloud Application Deployment (development)
@ -82,6 +93,9 @@ DCMANAGER_DB_PASSWORD=$(keyring get dcmanager database)
DCMANAGER_KS_PASSWORD=$(keyring get dcmanager services) DCMANAGER_KS_PASSWORD=$(keyring get dcmanager services)
DCORCH_DB_PASSWORD=$(keyring get dcorch database) DCORCH_DB_PASSWORD=$(keyring get dcorch database)
DCORCH_KS_PASSWORD=$(keyring get dcorch services) DCORCH_KS_PASSWORD=$(keyring get dcorch services)
DCDBSYNC_KS_PASSWORD=$(keyring get dcdbsync services)
KEYSTONE_DB_PASSWORD=$(keyring get keystone database)
DCAGENT_KS_PASSWORD=$(keyring get dcagent services)
# Create dcmanager and dcorch overrides # Create dcmanager and dcorch overrides
cat<<EOF>dcmanager.yaml cat<<EOF>dcmanager.yaml
@ -191,7 +205,7 @@ endpoints:
admin: admin:
username: admin username: admin
password: ${ADMIN_KS_PASSWORD} password: ${ADMIN_KS_PASSWORD}
region_name: RegionOne region_name: ${OS_REGION_NAME}
project_name: admin project_name: admin
user_domain_name: Default user_domain_name: Default
project_domain_name: Default project_domain_name: Default
@ -199,7 +213,7 @@ endpoints:
role: admin role: admin
username: dcmanager username: dcmanager
password: ${DCMANAGER_KS_PASSWORD} password: ${DCMANAGER_KS_PASSWORD}
region_name: RegionOne region_name: ${OS_REGION_NAME}
project_name: services project_name: services
user_domain_name: Default user_domain_name: Default
project_domain_name: Default project_domain_name: Default
@ -240,7 +254,6 @@ images:
ks_user: ${DOCKER_IMAGE} ks_user: ${DOCKER_IMAGE}
ks_service: ${DOCKER_IMAGE} ks_service: ${DOCKER_IMAGE}
ks_endpoints: ${DOCKER_IMAGE} ks_endpoints: ${DOCKER_IMAGE}
dcorch_db_sync: ${DOCKER_IMAGE}
db_init: ${DOCKER_IMAGE} db_init: ${DOCKER_IMAGE}
db_drop: ${DOCKER_IMAGE} db_drop: ${DOCKER_IMAGE}
pullPolicy: Always pullPolicy: Always
@ -280,12 +293,10 @@ dependencies:
jobs: jobs:
- dcorch-ks-user - dcorch-ks-user
- dcorch-ks-service - dcorch-ks-service
- dcorch-ks-endpoints
ks_endpoints: ks_endpoints:
jobs: jobs:
- dcorch-ks-user - dcorch-ks-user
- dcorch-ks-service - dcorch-ks-service
endpoints: endpoints:
cluster_domain_suffix: cluster.local cluster_domain_suffix: cluster.local
oslo_db: oslo_db:
@ -333,7 +344,7 @@ endpoints:
admin: admin:
username: admin username: admin
password: ${ADMIN_KS_PASSWORD} password: ${ADMIN_KS_PASSWORD}
region_name: RegionOne region_name: ${OS_REGION_NAME}
project_name: admin project_name: admin
user_domain_name: Default user_domain_name: Default
project_domain_name: Default project_domain_name: Default
@ -341,7 +352,7 @@ endpoints:
role: admin role: admin
username: dcorch username: dcorch
password: ${DCORCH_KS_PASSWORD} password: ${DCORCH_KS_PASSWORD}
region_name: RegionOne region_name: ${OS_REGION_NAME}
project_name: services project_name: services
user_domain_name: Default user_domain_name: Default
project_domain_name: Default project_domain_name: Default
@ -374,18 +385,182 @@ endpoints:
default: 8118 default: 8118
public: 80 public: 80
EOF EOF
cat<<EOF>dcdbsync.yaml
images:
tags:
dcdbsync: ${DOCKER_IMAGE}
ks_user: ${DOCKER_IMAGE}
ks_service: ${DOCKER_IMAGE}
ks_endpoints: ${DOCKER_IMAGE}
conf:
dcdbsync:
keystone_authtoken:
region_name: ${OS_REGION_NAME}
password: ${DCDBSYNC_KS_PASSWORD}
endpoint_cache:
region_name: ${OS_REGION_NAME}
password: ${DCDBSYNC_KS_PASSWORD}
endpoints:
cluster_domain_suffix: cluster.local
sql_alchemy:
auth:
keystone:
password: ${KEYSTONE_DB_PASSWORD}
identity:
name: keystone
auth:
admin:
username: admin
password: ${ADMIN_KS_PASSWORD}
region_name: ${OS_REGION_NAME}
project_name: admin
user_domain_name: Default
project_domain_name: Default
dcdbsync:
role: admin
username: dcdbsync
password: ${DCDBSYNC_KS_PASSWORD}
region_name: ${OS_REGION_NAME}
project_name: services
user_domain_name: Default
project_domain_name: Default
hosts:
default: keystone-api
public: keystone
host_fqdn_override:
default: controller.internal
path:
default: /v3
scheme:
default: http
port:
api:
default: 80
internal: 5000
EOF
cat<<EOF>dcagent.yaml
images:
tags:
dcagent: ${DOCKER_IMAGE}
ks_user: ${DOCKER_IMAGE}
ks_service: ${DOCKER_IMAGE}
ks_endpoints: ${DOCKER_IMAGE}
pullPolicy: Always
pod:
image_pull_secrets:
default:
- name: default-registry-key
tolerations:
dcagent:
enabled: true
conf:
dcagent:
DEFAULT:
log_config_append: /etc/dcagent/logging.conf
auth_strategy: keystone
workers: 1
keystone_authtoken:
auth_uri: http://controller.internal:5000
auth_url: http://controller.internal:5000
auth_type: password
region_name: ${OS_REGION_NAME}
username: dcagent
password: ${DCAGENT_KS_PASSWORD}
project_name: services
user_domain_name: Default
project_domain_name: Default
endpoint_cache:
auth_uri: http://controller.internal:5000/v3
auth_plugin: password
region_name: ${OS_REGION_NAME}
username: dcagent
password: ${DCAGENT_KS_PASSWORD}
user_domain_name: Default
project_name: services
project_domain_name: Default
http_connect_timeout: 15
dependencies:
static:
api:
jobs:
- dcagent-ks-user
- dcagent-ks-service
- dcagent-ks-endpoints
ks_endpoints:
jobs:
- dcagent-ks-user
- dcagent-ks-service
endpoints:
cluster_domain_suffix: cluster.local
identity:
name: keystone
auth:
admin:
username: admin
password: ${ADMIN_KS_PASSWORD}
region_name: ${OS_REGION_NAME}
project_name: admin
user_domain_name: Default
project_domain_name: Default
dcagent:
role: admin
username: dcagent
password: ${DCAGENT_KS_PASSWORD}
region_name: ${OS_REGION_NAME}
project_name: services
user_domain_name: Default
project_domain_name: Default
hosts:
default: keystone-api
public: keystone
host_fqdn_override:
default: controller.internal
path:
default: /v3
scheme:
default: http
port:
api:
default: 80
internal: 5000
dcagent:
name: dcagent
hosts:
default: dcagent-api
public: dcagent
host_fqdn_override:
default: null
path:
default: /v1
scheme:
default: 'http'
port:
api:
default: 8325
public: 80
EOF
``` ```
```bash ```bash
system helm-override-update distributed-cloud dcmanager distributed-cloud --values dcmanager.yaml system helm-override-update distributed-cloud dcmanager distributed-cloud --values dcmanager.yaml
system helm-override-update distributed-cloud dcorch distributed-cloud --values dcorch.yaml system helm-override-update distributed-cloud dcorch distributed-cloud --values dcorch.yaml
system helm-override-update distributed-cloud dcdbsync distributed-cloud --values dcdbsync.yaml
system helm-override-update distributed-cloud dcagent distributed-cloud --values dcagent.yaml
system helm-override-show distributed-cloud dcmanager distributed-cloud system helm-override-show distributed-cloud dcmanager distributed-cloud
system helm-override-show distributed-cloud dcorch distributed-cloud system helm-override-show distributed-cloud dcorch distributed-cloud
system helm-override-show distributed-cloud dcdbsync distributed-cloud
system helm-override-show distributed-cloud dcagent distributed-cloud
``` ```
## Apply app-distributed-cloud ## Apply app-distributed-cloud
```bash ```bash
system application-apply distributed-cloud system application-apply distributed-cloud
system application-show distributed-cloud system application-show distributed-cloud

6
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/k8sapp_distributed_cloud/common/constants.py
View File

@ -8,10 +8,14 @@
# These values match the names in the chart package's Chart.yaml # These values match the names in the chart package's Chart.yaml
HELM_CHART_DCMANAGER = 'dcmanager' HELM_CHART_DCMANAGER = 'dcmanager'
HELM_CHART_DCORCH = 'dcorch' HELM_CHART_DCORCH = 'dcorch'
HELM_CHART_DCDBSYNC = 'dcdbsync'
HELM_CHART_DCAGENT = 'dcagent'
# FluxCD # FluxCD
FLUXCD_HELM_RELEASE_DCMANAGER = 'dcmanager' FLUXCD_HELM_RELEASE_DCMANAGER = 'dcmanager'
FLUXCD_HELM_RELEASE_DCORCH = 'dcorch' FLUXCD_HELM_RELEASE_DCORCH = 'dcorch'
FLUXCD_HELM_RELEASE_DCDBSYNC = 'dcdbsync'
FLUXCD_HELM_RELEASE_DCAGENT = 'dcagent'
# Namespace to deploy the application # Namespace to deploy the application
HELM_NS_DISTCLOUD = 'distributed-cloud' HELM_NS_DISTCLOUD = 'distributed-cloud'
@ -21,6 +25,8 @@ HELM_APP_DISTCLOUD = 'distributed-cloud'
# Application Services # Application Services
HELM_SERVICE_DCMANAGER_API = "dcmanager-api" HELM_SERVICE_DCMANAGER_API = "dcmanager-api"
HELM_SERVICE_DCDBSYNC_API = "dcdbsync-api"
HELM_SERVICE_DCAGENT_API = "dcagent-api"
# Application component label # Application component label
HELM_LABEL_PARAMETER = 'labels' HELM_LABEL_PARAMETER = 'labels'

20
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/k8sapp_distributed_cloud/helm/dcagent.py Normal file
View File

@ -0,0 +1,20 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from . import base
from k8sapp_distributed_cloud.common import constants as app_constants
class DCAgentHelm(base.DistributedCloudHelm):
@property
def CHART(self):
return app_constants.HELM_CHART_DCAGENT
@property
def HELM_RELEASE(self):
return app_constants.FLUXCD_HELM_RELEASE_DCAGENT

20
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/k8sapp_distributed_cloud/helm/dcdbsync.py Normal file
View File

@ -0,0 +1,20 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from . import base
from k8sapp_distributed_cloud.common import constants as app_constants
class DCDBSyncHelm(base.DistributedCloudHelm):
@property
def CHART(self):
return app_constants.HELM_CHART_DCDBSYNC
@property
def HELM_RELEASE(self):
return app_constants.FLUXCD_HELM_RELEASE_DCDBSYNC

2
python3-k8sapp-distributed-cloud/k8sapp_distributed_cloud/setup.cfg
View File

@ -32,6 +32,8 @@ systemconfig.helm_applications =
systemconfig.helm_plugins.distributed_cloud = systemconfig.helm_plugins.distributed_cloud =
001_dcmanager = k8sapp_distributed_cloud.helm.dcmanager:DCManagerHelm 001_dcmanager = k8sapp_distributed_cloud.helm.dcmanager:DCManagerHelm
002_dcorch = k8sapp_distributed_cloud.helm.dcorch:DCOrchHelm 002_dcorch = k8sapp_distributed_cloud.helm.dcorch:DCOrchHelm
003_dcdbsync = k8sapp_distributed_cloud.helm.dcdbsync:DCDBSyncHelm
004_dcagent = k8sapp_distributed_cloud.helm.dcagent:DCAgentHelm
systemconfig.app_lifecycle = systemconfig.app_lifecycle =
distributed-cloud = k8sapp_distributed_cloud.lifecycle.lifecycle_distributed_cloud:DistributedCloudAppLifecycleOperator distributed-cloud = k8sapp_distributed_cloud.lifecycle.lifecycle_distributed_cloud:DistributedCloudAppLifecycleOperator

8
stx-distributed-cloud-helm/stx-distributed-cloud-helm/files/metadata.yaml
View File

@ -1,4 +1,4 @@
# Copyright (c) 2024 Wind River Systems, Inc. # Copyright (c) 2025 Wind River Systems, Inc.
# #
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
@ -21,3 +21,9 @@ behavior:
triggers: triggers:
- type: host-label-assign - type: host-label-assign
- type: host-modify - type: host-modify
disabled_charts:
- dcmanager
- dcorch
- dcdbsync
- dcagent

21
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/dcagent/dcagent-static-overrides.yaml Normal file
View File

@ -0,0 +1,21 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
pod:
image_pull_secrets:
default:
- name: default-registry-key
tolerations:
dcagent:
enabled: true
endpoints:
identity:
auth:
admin:
username: admin
dcmanager:
username: dcagent

5
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/dcagent/dcagent-system-overrides.yaml Normal file
View File

@ -0,0 +1,5 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#

36
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/dcagent/helmrelease.yaml Normal file
View File

@ -0,0 +1,36 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
kind: HelmRelease
metadata:
name: dcagent
labels:
chart_group: dcagent
spec:
releaseName: dcagent
chart:
spec:
chart: dcagent
version: 0.1.0
sourceRef:
kind: HelmRepository
name: stx-platform
interval: 1m
timeout: 30m
test:
enable: false
install:
disableHooks: false
upgrade:
disableHooks: false
valuesFrom:
- kind: Secret
name: dcagent-static-overrides
valuesKey: dcagent-static-overrides.yaml
- kind: Secret
name: dcagent-system-overrides
valuesKey: dcagent-system-overrides.yaml

18
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/dcagent/kustomization.yaml Normal file
View File

@ -0,0 +1,18 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
namespace: distributed-cloud
resources:
- helmrelease.yaml
secretGenerator:
- name: dcagent-static-overrides
files:
- dcagent-static-overrides.yaml
- name: dcagent-system-overrides
files:
- dcagent-system-overrides.yaml
generatorOptions:
disableNameSuffixHash: true

21
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/dcdbsync/dcdbsync-static-overrides.yaml Normal file
View File

@ -0,0 +1,21 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
pod:
image_pull_secrets:
default:
- name: default-registry-key
tolerations:
dcdbsync:
enabled: true
endpoints:
identity:
auth:
admin:
username: admin
dcdbsync:
username: dcdbsync

5
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/dcdbsync/dcdbsync-system-overrides.yaml Normal file
View File

@ -0,0 +1,5 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#

36
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/dcdbsync/helmrelease.yaml Normal file
View File

@ -0,0 +1,36 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
kind: HelmRelease
metadata:
name: dcdbsync
labels:
chart_group: dcdbsync
spec:
releaseName: dcdbsync
chart:
spec:
chart: dcdbsync
version: 0.1.0
sourceRef:
kind: HelmRepository
name: stx-platform
interval: 1m
timeout: 30m
test:
enable: false
install:
disableHooks: false
upgrade:
disableHooks: false
valuesFrom:
- kind: Secret
name: dcdbsync-static-overrides
valuesKey: dcdbsync-static-overrides.yaml
- kind: Secret
name: dcdbsync-system-overrides
valuesKey: dcdbsync-system-overrides.yaml

18
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/dcdbsync/kustomization.yaml Normal file
View File

@ -0,0 +1,18 @@
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
namespace: distributed-cloud
resources:
- helmrelease.yaml
secretGenerator:
- name: dcdbsync-static-overrides
files:
- dcdbsync-static-overrides.yaml
- name: dcdbsync-system-overrides
files:
- dcdbsync-system-overrides.yaml
generatorOptions:
disableNameSuffixHash: true

2
stx-distributed-cloud-helm/stx-distributed-cloud-helm/fluxcd-manifests/kustomization.yaml
View File

@ -11,4 +11,6 @@ resources:
- base - base
- dcmanager - dcmanager
- dcorch - dcorch
- dcdbsync
- dc-vault-nginx - dc-vault-nginx
- dcagent

4
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/Makefile
View File

@ -1,7 +1,5 @@
# #
# Copyright 2017 The Openstack-Helm Authors. # Copyright (c) 2025 Wind River Systems, Inc.
#
# Copyright (c) 2024 Wind River Systems, Inc.
# #
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #

BIN
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dc-vault-nginx/charts/helm-toolkit-0.2.59.tgz
View File

Binary file not shown.

5
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dc-vault-nginx/values.yaml
View File

@ -14,12 +14,9 @@ nginx:
autoindex_exact_size: "off" autoindex_exact_size: "off"
autoindex_localtime: "on" autoindex_localtime: "on"
imagePullSecrets:
- name: default-registry-key
service: service:
name: "dc-vault-nginx-service" name: "dc-vault-nginx-service"
type: NodePort # "ClusterIP" or "NodePort" type: NodePort
port: 8125 port: 8125
nodePort: 30080 nodePort: 30080
externalPolicyLocal: false externalPolicyLocal: false

23
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcagent/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

29
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcagent/Chart.yaml Normal file
View File

@ -0,0 +1,29 @@
apiVersion: v2
name: dcagent
description: StarlingX Distributed Cloud Agent Service
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.0"
dependencies:
- name: helm-toolkit
version: ">= 0.1.0"
repository: file://../helm-toolkit

BIN
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcagent/charts/helm-toolkit-0.2.59.tgz Normal file
View File

Binary file not shown.

62
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcagent/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "dcagent.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "dcagent.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "dcagent.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "dcagent.labels" -}}
helm.sh/chart: {{ include "dcagent.chart" . }}
{{ include "dcagent.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "dcagent.selectorLabels" -}}
app.kubernetes.io/name: {{ include "dcagent.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "dcagent.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "dcagent.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

16
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcagent/templates/bin/_dcagent-api.sh.tpl Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
if ! update-ca-certificates; then
echo "Failed to update CA certificates!" >&2
exit 1
fi
exec python /var/lib/openstack/bin/dcagent-api --config-file=/etc/dcagent/dcagent.conf

21
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcagent/templates/configmap-bin.yaml Normal file
View File

@ -0,0 +1,21 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
apiVersion: v1
kind: ConfigMap
metadata:
name: dcagent-bin
data:
dcagent-api.sh: |
{{ tuple "bin/_dcagent-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ks-service.sh: |
{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }}
ks-endpoints.sh: |
{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
ks-user.sh: |
{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}

109
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcagent/templates/dcagent-api.yaml Normal file
View File

@ -0,0 +1,109 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- define "dcagentApiLivenessProbeTemplate" }}
tcpSocket:
port: {{ tuple "dcagent" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
{{- if .Values.manifests.dcagent_api }}
{{- $envAll := . }}
{{- $mounts_dcagent_api := .Values.pod.mounts.api.dcagent }}
{{- $mounts_dcagent_api_init := .Values.pod.mounts.api.init_container }}
{{- $serviceAccountName := "dcagent" }}
{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: dcagent-api
labels:
{{ tuple $envAll "dcagent" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
{{- if not .Values.pod.autoscaling.enabled }}
replicas: {{ .Values.pod.replicas.api }}
{{- end }}
selector:
matchLabels:
{{ tuple $envAll "dcagent" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
{{- with .Values.pod.annotations.api }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{ tuple $envAll "dcagent" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "api" $mounts_dcagent_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: dcagent
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: REQUESTS_CA_BUNDLE
value: /etc/ssl/certs/ca-certificates.crt
volumeMounts:
- name: dcagent-bin
mountPath: /tmp/dcagent-api.sh
subPath: dcagent-api.sh
readOnly: true
- name: dcagent-etc
mountPath: /etc/dcagent/dcagent.conf
subPath: dcagent.conf
readOnly: true
- name: dcagent-etc
mountPath: /etc/dcagent/logging.conf
subPath: logging.conf
readOnly: true
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
mountPath: /usr/local/share/ca-certificates/root-ca.crt
subPath: ca.crt
readOnly: true
{{- end }}
{{ if $mounts_dcagent_api.volumeMounts }}{{ toYaml $mounts_dcagent_api.volumeMounts | indent 12 }}{{ end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.dcagent.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ dict "envAll" . "component" "api" "container" "default" "type" "liveness" "probeTemplate" (include "dcagentApiLivenessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
command:
- /tmp/dcagent-api.sh
image: "{{ .Values.images.tags.dcagent }}"
imagePullPolicy: {{ .Values.images.pullPolicy }}
ports:
- name: http
containerPort: {{ tuple "dcagent" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
protocol: TCP
{{ tuple $envAll "dcagent" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ .Values.labels.dcagent.node_selector_key }}: {{ .Values.labels.dcagent.node_selector_value }}
{{ if $envAll.Values.pod.tolerations.dcagent.enabled }}
{{ tuple $envAll "dcagent" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
affinity:
{{ tuple $envAll "dcagent" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
volumes:
- name: dcagent-etc
secret:
secretName: dcagent-etc
defaultMode: 0644
- name: dcagent-bin
configMap:
name: dcagent-bin
defaultMode: 0755
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
secret:
secretName: {{ .Values.ca_certificates.root_ca }}
defaultMode: 0644
{{- end }}
{{ if $mounts_dcagent_api.volumes }}{{ toYaml $mounts_dcagent_api.volumes | indent 8 }}{{ end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.dcagent.api.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end }}

72
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcagent/templates/dcagent-nginx-proxy.yaml Normal file
View File

@ -0,0 +1,72 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
apiVersion: v1
kind: ConfigMap
metadata:
name: dcagent-nginx-proxy-conf
data:
nginx.conf: |
events {}
http {
server {
listen 0.0.0.0:8325;
location / {
proxy_pass http://dcagent-api.distributed-cloud.svc.cluster.local:8325;
}
}
}
{{- $envAll := . }}
{{- $mounts_dcagent_nginx_proxy_init := .Values.pod.mounts.nginx_proxy.init_container }}
{{- $serviceUser := "dcagent" }}
{{- $serviceAccountNginxProxy := printf "%s-%s" $serviceUser "nginx-proxy" }}
{{ tuple $envAll "nginx_proxy" $serviceAccountNginxProxy | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "dcagent.fullname" . }}-nginx-proxy
namespace: {{ .Release.Namespace }}
labels:
{{- include "dcagent.labels" . | nindent 4 }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ include "dcagent.name" . }}-nginx-proxy
template:
metadata:
labels:
app: {{ include "dcagent.name" . }}-nginx-proxy
{{- include "dcagent.labels" . | nindent 8 }}
spec:
serviceAccountName: dcagent-nginx-proxy
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
nodeSelector:
{{ .Values.nginx_proxy.node_selector_key }}: {{ .Values.nginx_proxy.node_selector_value }}
initContainers:
{{ tuple $envAll "nginx_proxy" $mounts_dcagent_nginx_proxy_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: nginx
image: {{ .Values.nginx_proxy.image }}
ports:
- containerPort: {{ .Values.nginx_proxy.port }}
hostPort: {{ .Values.nginx_proxy.port }}
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
volumes:
- name: nginx-conf
configMap:
name: {{ include "dcagent.fullname" . }}-nginx-proxy-conf

18
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcagent/templates/job-ks-endpoints.yaml Normal file
View File

@ -0,0 +1,18 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.job_ks_endpoints }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "dcagent" "serviceTypes" ( tuple "dcagent" ) -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.dcagent.api.public -}}
{{- end -}}
{{- if .Values.pod.tolerations.dcagent.enabled -}}
{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }}
{{- end }}

18
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcagent/templates/job-ks-service.yaml Normal file
View File

@ -0,0 +1,18 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.job_ks_service }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "dcagent" "serviceTypes" ( tuple "dcagent" ) -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.dcagent.api.public -}}
{{- end -}}
{{- if .Values.pod.tolerations.dcagent.enabled -}}
{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }}
{{- end }}

18
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcagent/templates/job-ks-user.yaml Normal file
View File

@ -0,0 +1,18 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.job_ks_user }}
{{- $ksUserJob := dict "envAll" . "serviceName" "dcagent" -}}
{{- if .Values.pod.tolerations.dcagent.enabled -}}
{{- $_ := set $ksUserJob "tolerationsEnabled" true -}}
{{- end -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.dcagent.api.public -}}
{{- end -}}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}

65
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcagent/templates/secret-etc.yaml Normal file
View File

@ -0,0 +1,65 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if empty .Values.conf.dcagent.keystone_authtoken.auth_uri -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.dcagent.keystone_authtoken "auth_uri" -}}
{{- end -}}
{{- if empty .Values.conf.dcagent.keystone_authtoken.auth_url -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.dcagent.keystone_authtoken "auth_url" -}}
{{- end -}}
{{- if empty .Values.conf.dcagent.keystone_authtoken.region_name -}}
{{- $_ := set .Values.conf.dcagent.keystone_authtoken "region_name" .Values.endpoints.identity.auth.dcagent.region_name -}}
{{- end -}}
{{- if empty .Values.conf.dcagent.keystone_authtoken.project_name -}}
{{- $_ := set .Values.conf.dcagent.keystone_authtoken "project_name" .Values.endpoints.identity.auth.dcagent.project_name -}}
{{- end -}}
{{- if empty .Values.conf.dcagent.keystone_authtoken.project_domain_name -}}
{{- $_ := set .Values.conf.dcagent.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.dcagent.project_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.dcagent.keystone_authtoken.user_domain_name -}}
{{- $_ := set .Values.conf.dcagent.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.dcagent.user_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.dcagent.keystone_authtoken.username -}}
{{- $_ := set .Values.conf.dcagent.keystone_authtoken "username" .Values.endpoints.identity.auth.dcagent.username -}}
{{- end -}}
{{- if empty .Values.conf.dcagent.keystone_authtoken.password -}}
{{- $_ := set .Values.conf.dcagent.keystone_authtoken "password" .Values.endpoints.identity.auth.dcagent.password -}}
{{- end -}}
{{- if empty .Values.conf.dcagent.keystone_authtoken.interface -}}
{{- $_ := set .Values.conf.dcagent.keystone_authtoken "interface" (default "internal" .Values.endpoints.identity.auth.dcagent.interface) -}}
{{- end -}}
{{- if empty .Values.conf.dcagent.endpoint_cache.auth_uri -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.dcagent.keystone_authtoken "auth_uri" -}}
{{- end -}}
{{- if empty .Values.conf.dcagent.endpoint_cache.region_name -}}
{{- $_ := set .Values.conf.dcagent.keystone_authtoken "region_name" .Values.endpoints.identity.auth.dcagent.region_name -}}
{{- end -}}
{{- if empty .Values.conf.dcagent.endpoint_cache.project_name -}}
{{- $_ := set .Values.conf.dcagent.keystone_authtoken "project_name" .Values.endpoints.identity.auth.dcagent.project_name -}}
{{- end -}}
{{- if empty .Values.conf.dcagent.endpoint_cache.project_domain_name -}}
{{- $_ := set .Values.conf.dcagent.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.dcagent.project_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.dcagent.endpoint_cache.user_domain_name -}}
{{- $_ := set .Values.conf.dcagent.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.dcagent.user_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.dcagent.endpoint_cache.username -}}
{{- $_ := set .Values.conf.dcagent.keystone_authtoken "username" .Values.endpoints.identity.auth.dcagent.username -}}
{{- end -}}
{{- if empty .Values.conf.dcagent.endpoint_cache.password -}}
{{- $_ := set .Values.conf.dcagent.keystone_authtoken "password" .Values.endpoints.identity.auth.dcagent.password -}}
{{- end -}}
apiVersion: v1
kind: Secret
metadata:
name: dcagent-etc
type: Opaque
data:
dcagent.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.dcagent | b64enc }}
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}

22
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcagent/templates/secret-keystone.yaml Normal file
View File

@ -0,0 +1,22 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "dcagent" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
{{- end }}
{{- end }}

31
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcagent/templates/service.yaml Normal file
View File

@ -0,0 +1,31 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.service_dcagent }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "dcagent" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: dcagent-port
port: {{ .Values.network.dcagent.port }}
{{ if .Values.network.dcagent.node_port.enabled }}
nodePort: {{ .Values.network.dcagent.node_port.port }}
{{ end }}
selector:
{{ tuple $envAll "dcagent" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ if .Values.network.dcagent.node_port.enabled }}
type: NodePort
{{ if .Values.network.dcagent.external_policy_local }}
externalTrafficPolicy: Local
{{ end }}
{{ end }}
{{- end }}

325
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcagent/values.yaml Normal file
View File

@ -0,0 +1,325 @@
#
# SPDX-License-Identifier: Apache-2.0
#
# Default values for dcagent.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
nameOverride: ""
fullnameOverride: ""
images:
tags:
dcagent: docker.io/starlingx/stx-distributed-cloud:master-debian-stable-latest
ks_user: docker.io/starlingx/stx-distributed-cloud:master-debian-stable-latest
ks_service: docker.io/starlingx/stx-distributed-cloud:master-debian-stable-latest
ks_endpoints: docker.io/starlingx/stx-distributed-cloud:master-debian-stable-latest
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
pullPolicy: IfNotPresent
local_registry:
active: false
serviceAccount:
# Specifies whether a service account should be created
create: true
# Automatically mount a ServiceAccount's API credentials?
automount: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
labels:
dcagent:
node_selector_key: starlingx.io/subcloud
node_selector_value: enabled
job:
node_selector_key: starlingx.io/subcloud
node_selector_value: enabled
network:
dcagent:
ingress:
public: true
classes:
namespace: "dc-nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
port: 8325
node_port:
enabled: false
port: 30325
external_policy_local: false
ingress:
className: "dc-nginx"
enabled: true
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
hosts:
- host: controller
paths:
- path: "/"
pathType: Prefix
tls: []
volume: []
conf:
dcagent:
DEFAULT:
log_config_append: /etc/dcagent/logging.conf
auth_strategy: keystone
workers: 1
keystone_authtoken:
auth_uri: http://controller.internal:5000
auth_url: http://controller.internal:5000
auth_type: password
region_name: RegionOne
username: dcagent
password: password
project_name: services
user_domain_name: Default
project_domain_name: Default
cache:
auth_uri: http://controller.internal:5000/v3
endpoint_cache:
auth_uri: http://controller.internal:5000/v3
auth_plugin: password
http_connect_timeout: 15
region_name: RegionOne
project_name: services
user_domain_name: Default
project_domain_name: Default
logging:
loggers:
keys:
- root
- dcagent
handlers:
keys:
- stdout
- stderr
- "null"
formatters:
keys:
- context
- default
logger_root:
level: WARNING
handlers: 'null'
logger_dcagent:
level: INFO
handlers:
- stdout
qualname: dcagent
logger_eventletwsgi:
# The dcagent needs the INFO log from wsgi to see the requests content
level: INFO
handlers:
- stdout
- stderr
qualname: eventlet.wsgi.server
logger_keystoneauth:
level: ERROR
handlers: stderr
qualname: keystoneauth
logger_sqlalchemy:
level: WARNING
handlers: stderr
qualname: sqlalchemy
handler_null:
class: logging.NullHandler
formatter: default
args: ()
handler_stdout:
class: StreamHandler
args: (sys.stdout,)
formatter: context
handler_stderr:
class: StreamHandler
args: (sys.stderr,)
formatter: context
formatter_context:
class: oslo_log.formatters.ContextFormatter
formatter_default:
format: "%(message)s"
dependencies:
static:
api:
jobs:
- dcagent-ks-user
- dcagent-ks-service
- dcagent-ks-endpoints
ks_endpoints:
jobs:
- dcagent-ks-user
- dcagent-ks-service
nginx_proxy:
jobs:
- dcagent-ks-endpoints
manifests:
certificates: false
configmap_bin: true
dcagent_api: true
ingress: true
job_ks_user: true
job_ks_service: true
job_ks_endpoints: true
secret_etc: true
secret_ingress_tls: false
secret_keystone: true
service_dcagent: true
service_ingress: true
endpoints:
cluster_domain_suffix: cluster.local
identity:
name: keystone
auth:
admin:
username: admin
password: password
region_name: RegionOne
project_name: admin
user_domain_name: Default
project_domain_name: Default
dcagent:
role: admin
username: dcagent
password: password
region_name: RegionOne
project_name: services
user_domain_name: Default
project_domain_name: Default
hosts:
default: keystone-api
public: keystone
host_fqdn_override:
default: controller.internal
path:
default: /v3
scheme:
default: http
port:
api:
default: 5000
internal: 5000
dcagent:
name: dcagent
hosts:
default: dcagent-api
public: dcagent
host_fqdn_override:
default: null
path:
default: /v1
scheme:
default: 'http'
port:
api:
default: 8325
public: 80
pod:
probes:
api:
default:
liveness:
enabled: True
params:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
user:
api:
uid: 0
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
annotations: {}
tolerations:
dcagent:
enabled: false
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
mounts:
api:
init_container: null
dcagent:
nginx_proxy:
init_container: []
autoscaling:
enabled: false
replicas:
api: 1
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
daemonsets:
pod_replacement_strategy: RollingUpdate
compute:
enabled: true
min_ready_seconds: 0
max_unavailable: 1
disruption_budget:
dcagent:
min_available: 0
termination_grace_period:
dcagent:
timeout: 30
resources:
enabled: false
api:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
ks_endpoints:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
secrets:
identity:
admin: dcagent-keystone-admin
dcagent: dcagent-keystone-user
tls:
dcagent:
api:
public: dcagent-api-tls-public
internal: dcagent-api-tls-internal
ca_certificates:
root_ca: root-ca
nginx_proxy:
port: 8325
image: nginx:stable-alpine
node_selector_key: starlingx.io/subcloud
node_selector_value: enabled

29
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcdbsync/Chart.yaml Normal file
View File

@ -0,0 +1,29 @@
apiVersion: v2
name: dcdbsync
description: StarlingX Distributed Cloud Orchestrator Service
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.0"
dependencies:
- name: helm-toolkit
version: ">= 0.1.0"
repository: file://../helm-toolkit

BIN
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcdbsync/charts/helm-toolkit-0.2.59.tgz Normal file
View File

Binary file not shown.

62
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcdbsync/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "dcdbsync.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "dcdbsync.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "dcdbsync.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "dcdbsync.labels" -}}
helm.sh/chart: {{ include "dcdbsync.chart" . }}
{{ include "dcdbsync.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "dcdbsync.selectorLabels" -}}
app.kubernetes.io/name: {{ include "dcdbsync.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "dcdbsync.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "dcdbsync.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

16
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcdbsync/templates/bin/_dcdbsync-api.sh.tpl Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
if ! update-ca-certificates; then
echo "Failed to update CA certificates!" >&2
exit 1
fi
python /var/lib/openstack/bin/dcdbsync-api --config-file=/etc/dcdbsync/dcdbsync.conf

21
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcdbsync/templates/configmap-bin.yaml Normal file
View File

@ -0,0 +1,21 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
apiVersion: v1
kind: ConfigMap
metadata:
name: dcdbsync-bin
data:
dcdbsync-api.sh: |
{{ tuple "bin/_dcdbsync-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ks-service.sh: |
{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }}
ks-endpoints.sh: |
{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
ks-user.sh: |
{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}

114
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcdbsync/templates/dcdbsync-api.yaml Normal file
View File

@ -0,0 +1,114 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- define "DCDBSyncApiLivenessProbeTemplate" }}
tcpSocket:
port: {{ tuple "dcorch_dbsync" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
{{- if .Values.manifests.dcdbsync_api_deployment }}
{{- $envAll := . }}
{{- $mounts_dcdbsync_api := .Values.pod.mounts.api.dcdbsync }}
{{- $mounts_dcdbsync_api_init := .Values.pod.mounts.api.init_container }}
{{- $serviceAccountName := "dcdbsync-api" }}
{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: dcdbsync-api
labels:
{{ tuple $envAll "dcdbsync" "dcdbsync-api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
{{- if not .Values.pod.autoscaling.enabled }}
replicas: {{ .Values.pod.replicas.dcdbsync_api }}
{{- end }}
selector:
matchLabels:
{{ tuple $envAll "dcdbsync" "dcdbsync-api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
{{- with .Values.pod.annotations.dcdbsync_api }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{ tuple $envAll "dcdbsync" "dcdbsync-api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "api" $mounts_dcdbsync_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: dcdbsync-api
{{ tuple $envAll $envAll.Values.pod.resources.dcdbsync_api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: REQUESTS_CA_BUNDLE
value: /etc/ssl/certs/ca-certificates.crt
volumeMounts:
- name: dcdbsync-bin
mountPath: /tmp/dcdbsync-api.sh
subPath: dcdbsync-api.sh
readOnly: true
- name: dcdbsync-etc
mountPath: /etc/dcdbsync/dcdbsync.conf
subPath: dcdbsync.conf
readOnly: true
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
mountPath: /usr/local/share/ca-certificates/root-ca.crt
subPath: ca.crt
readOnly: true
{{- end }}
{{ if $mounts_dcdbsync_api.volumeMounts }}{{ toYaml $mounts_dcdbsync_api.volumeMounts | indent 12 }}{{ end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.dcdbsync.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ dict "envAll" . "component" "api" "container" "default" "type" "liveness" "probeTemplate" (include "DCDBSyncApiLivenessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
command:
- /tmp/dcdbsync-api.sh
image: "{{ .Values.images.tags.dcdbsync }}"
imagePullPolicy: {{ .Values.images.pullPolicy }}
ports:
- name: http
containerPort: {{ tuple "dcorch_dbsync" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
protocol: TCP
{{ tuple $envAll "dcdbsync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
{{ if $envAll.Values.pod.tolerations.dcdbsync.enabled }}
{{ tuple $envAll "dcdbsync" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
affinity:
{{ tuple $envAll "dcdbsync" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
{{- range $key := .Values.labels.dcdbsync.node_affinity_keys }}
- matchExpressions:
- key: {{ $key }}
operator: In
values:
- enabled
{{- end }}
volumes:
- name: dcdbsync-etc
secret:
secretName: dcdbsync-etc
defaultMode: 0644
- name: dcdbsync-bin
configMap:
name: dcdbsync-bin
defaultMode: 0755
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
secret:
secretName: {{ .Values.ca_certificates.root_ca }}
defaultMode: 0644
{{- end }}
{{ if $mounts_dcdbsync_api.volumes }}{{ toYaml $mounts_dcdbsync_api.volumes | indent 8 }}{{ end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.dcdbsync.api.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end }}

68
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcdbsync/templates/dcdbsync-nginx-proxy.yaml Normal file
View File

@ -0,0 +1,68 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
apiVersion: v1
kind: ConfigMap
metadata:
name: dcdbsync-nginx-proxy-conf
data:
nginx.conf: |
events {}
http {
server {
listen 0.0.0.0:8219;
location / {
proxy_pass http://dcdbsync-api.distributed-cloud.svc.cluster.local:8219;
}
}
}
{{- $envAll := . }}
{{- $mounts_dcdbsync_nginx_proxy_init := .Values.pod.mounts.nginx_proxy.init_container }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "dcdbsync.fullname" . }}-nginx-proxy
namespace: {{ .Release.Namespace }}
labels:
{{- include "dcdbsync.labels" . | nindent 4 }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ include "dcdbsync.name" . }}-nginx-proxy
template:
metadata:
labels:
app: {{ include "dcdbsync.name" . }}-nginx-proxy
{{- include "dcdbsync.labels" . | nindent 8 }}
spec:
serviceAccountName: dcdbsync-nginx-proxy
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
nodeSelector:
{{ .Values.nginx_proxy.node_selector_key }}: {{ .Values.nginx_proxy.node_selector_value }}
initContainers:
{{ tuple $envAll "nginx_proxy" $mounts_dcdbsync_nginx_proxy_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: nginx
image: {{ .Values.nginx_proxy.image }}
ports:
- containerPort: {{ .Values.nginx_proxy.port }}
hostPort: {{ .Values.nginx_proxy.port }}
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
volumes:
- name: nginx-conf
configMap:
name: {{ include "dcdbsync.fullname" . }}-nginx-proxy-conf

101
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcdbsync/templates/job-ks-endpoints.yaml Normal file
View File

@ -0,0 +1,101 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.job_ks_endpoints }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: dcdbsync-ks-endpoints
labels:
{{ tuple . "dcdbsync" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
backoffLimit: 1000
template:
metadata:
labels:
{{ tuple . "dcdbsync" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple . | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
serviceAccountName: dcdbsync-ks-endpoints
restartPolicy: OnFailure
{{ tuple . "ks_endpoints" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
{{- if and .Values.labels.dcdbsync.node_affinity_keys .Values.labels.dcdbsync.node_affinity_values }}
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
{{- range $key := .Values.labels.dcdbsync.node_affinity_keys }}
- matchExpressions:
- key: {{ $key }}
operator: In
values:
{{ toYaml $.Values.labels.dcdbsync.node_affinity_values | indent 22 }}
{{- end }}
{{- end }}
{{- if .Values.pod.tolerations.dcdbsync.enabled }}
{{ tuple . "dcdbsync" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{- end }}
initContainers:
{{ tuple . "ks_endpoints" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
{{- range $type := tuple "dcorch-dbsync" }}
{{- range $endpoint := tuple "admin" "internal" "public" }}
- name: {{ printf "%s-%s-%s" $type "ks-endpoints" $endpoint }}
image: {{ $.Values.images.tags.ks_endpoints }}
imagePullPolicy: {{ $.Values.images.pullPolicy }}
{{ tuple $ $.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /bin/bash
- -c
- /tmp/ks-endpoints.sh
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: ks-endpoints-sh
mountPath: /tmp/ks-endpoints.sh
subPath: ks-endpoints.sh
readOnly: true
{{- if $.Values.manifests.certificates }}
- name: tls-certs
mountPath: /etc/ssl/certs/openstack-helm.crt
subPath: ca.crt
readOnly: true
{{- end }}
env:
- name: OS_SVC_ENDPOINT
value: {{ $endpoint | quote }}
- name: OS_SERVICE_NAME
value: dcdbsync
- name: OS_SERVICE_TYPE
value: {{ $type | quote }}
- name: OS_SERVICE_ENDPOINT
value: {{ tuple $type $endpoint "api" $ | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
{{- $useCA := ternary true false $.Values.manifests.certificates }}
{{- with $env := dict "ksUserSecret" $.Values.secrets.identity.admin "useCA" $useCA }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
{{- end }}
{{- end }}
volumes:
- name: pod-tmp
emptyDir: {}
- name: ks-endpoints-sh
configMap:
name: dcdbsync-bin
defaultMode: 0555
{{- if .Values.manifests.certificates }}
- name: tls-certs
secret:
secretName: {{ .Values.secrets.tls.dcdbsync.api.public }}
defaultMode: 0444
{{- end }}
{{- end }}

93
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcdbsync/templates/job-ks-service.yaml Normal file
View File

@ -0,0 +1,93 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.job_ks_service }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: dcdbsync-ks-service
labels:
{{ tuple . "dcdbsync" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
backoffLimit: 1000
template:
metadata:
labels:
{{ tuple . "dcdbsync" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple . | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
serviceAccountName: dcdbsync-ks-service
restartPolicy: OnFailure
{{ tuple . "ks_service" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
{{- if and .Values.labels.dcdbsync.node_affinity_keys .Values.labels.dcdbsync.node_affinity_values }}
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
{{- range $key := .Values.labels.dcdbsync.node_affinity_keys }}
- matchExpressions:
- key: {{ $key }}
operator: In
values:
{{ toYaml $.Values.labels.dcdbsync.node_affinity_values | indent 22 }}
{{- end }}
{{- end }}
{{- if .Values.pod.tolerations.dcdbsync.enabled }}
{{ tuple . "dcdbsync" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{- end }}
initContainers:
{{ tuple . "ks_service" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: dcorch-dbsync-ks-service-registration
image: {{ .Values.images.tags.ks_service }}
imagePullPolicy: {{ .Values.images.pullPolicy }}
{{ tuple . .Values.pod.resources.jobs.ks_service | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /bin/bash
- -c
- /tmp/ks-service.sh
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: ks-service-sh
mountPath: /tmp/ks-service.sh
subPath: ks-service.sh
readOnly: true
{{- if .Values.manifests.certificates }}
- name: tls-certs
mountPath: /etc/ssl/certs/openstack-helm.crt
subPath: ca.crt
readOnly: true
{{- end }}
env:
- name: OS_SERVICE_NAME
value: {{ include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" (tuple "dcorch-dbsync" .) }}
- name: OS_SERVICE_TYPE
value: "dcorch-dbsync"
{{- $useCA := ternary true false .Values.manifests.certificates }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" $useCA }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
volumes:
- name: pod-tmp
emptyDir: {}
- name: ks-service-sh
configMap:
name: dcdbsync-bin
defaultMode: 0555
{{- if .Values.manifests.certificates }}
- name: tls-certs
secret:
secretName: {{ .Values.secrets.tls.dcdbsync.api.public }}
defaultMode: 0444
{{- end }}
{{- end }}

104
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcdbsync/templates/job-ks-user.yaml Normal file
View File

@ -0,0 +1,104 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.job_ks_user }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: dcdbsync-ks-user
labels:
{{ tuple . "dcdbsync" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
backoffLimit: 1000
template:
metadata:
labels:
{{ tuple . "dcdbsync" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple . | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
serviceAccountName: dcdbsync-ks-user
{{ dict "envAll" . "application" "ks_user" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
restartPolicy: OnFailure
{{ tuple . "ks_user" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
{{- if and .Values.labels.dcdbsync.node_affinity_keys .Values.labels.dcdbsync.node_affinity_values }}
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
{{- range $key := .Values.labels.dcdbsync.node_affinity_keys }}
- matchExpressions:
- key: {{ $key }}
operator: In
values:
{{ toYaml $.Values.labels.dcdbsync.node_affinity_values | indent 22 }}
{{- end }}
{{- end }}
{{- if .Values.pod.tolerations.dcdbsync.enabled }}
{{ tuple . "dcdbsync" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{- end }}
initContainers:
{{ tuple . "ks_user" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pullPolicy }}
{{ tuple . .Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" . "application" "ks_user" "container" "ks-user" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
- /bin/bash
- -c
- /tmp/ks-user.sh
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
{{- if .Values.manifests.certificates }}
- name: tls-certs
mountPath: /etc/ssl/certs/openstack-helm.crt
subPath: ca.crt
readOnly: true
{{- end }}
env:
- name: OS_IDENTITY_API_VERSION
value: "3"
- name: SERVICE_OS_SERVICE_NAME
value: dcdbsync
{{- $useCA := ternary true false .Values.manifests.certificates }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" $useCA }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.dcdbsync "useCA" $useCA }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLES
value: admin
volumes:
- name: pod-tmp
emptyDir: {}
- name: ks-user-sh
configMap:
name: dcdbsync-bin
defaultMode: 0555
{{- if .Values.manifests.certificates }}
- name: tls-certs
secret:
secretName: {{ .Values.secrets.tls.dcdbsync.api.public }}
defaultMode: 0444
{{- end }}
{{- end }}

70
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcdbsync/templates/secret-etc.yaml Normal file
View File

@ -0,0 +1,70 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if empty .Values.conf.dcdbsync.keystone_authtoken.auth_uri -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.dcdbsync.keystone_authtoken "auth_uri" -}}
{{- end -}}
{{- if empty .Values.conf.dcdbsync.keystone_authtoken.auth_url -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.dcdbsync.keystone_authtoken "auth_url" -}}
{{- end -}}
{{- if empty .Values.conf.dcdbsync.keystone_authtoken.region_name -}}
{{- $_ := set .Values.conf.dcdbsync.keystone_authtoken "region_name" .Values.endpoints.identity.auth.dcdbsync.region_name -}}
{{- end -}}
{{- if empty .Values.conf.dcdbsync.keystone_authtoken.project_name -}}
{{- $_ := set .Values.conf.dcdbsync.keystone_authtoken "project_name" .Values.endpoints.identity.auth.dcdbsync.project_name -}}
{{- end -}}
{{- if empty .Values.conf.dcdbsync.keystone_authtoken.project_domain_name -}}
{{- $_ := set .Values.conf.dcdbsync.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.dcdbsync.project_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.dcdbsync.keystone_authtoken.user_domain_name -}}
{{- $_ := set .Values.conf.dcdbsync.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.dcdbsync.user_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.dcdbsync.keystone_authtoken.username -}}
{{- $_ := set .Values.conf.dcdbsync.keystone_authtoken "username" .Values.endpoints.identity.auth.dcdbsync.username -}}
{{- end -}}
{{- if empty .Values.conf.dcdbsync.keystone_authtoken.password -}}
{{- $_ := set .Values.conf.dcdbsync.keystone_authtoken "password" .Values.endpoints.identity.auth.dcdbsync.password -}}
{{- end -}}
{{- if empty .Values.conf.dcdbsync.keystone_authtoken.interface -}}
{{- $_ := set .Values.conf.dcdbsync.keystone_authtoken "interface" (default "internal" .Values.endpoints.identity.auth.dcdbsync.interface) -}}
{{- end -}}
{{- if empty .Values.conf.dcdbsync.endpoint_cache.auth_uri -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.dcdbsync.keystone_authtoken "auth_uri" -}}
{{- end -}}
{{- if empty .Values.conf.dcdbsync.endpoint_cache.region_name -}}
{{- $_ := set .Values.conf.dcdbsync.keystone_authtoken "region_name" .Values.endpoints.identity.auth.dcdbsync.region_name -}}
{{- end -}}
{{- if empty .Values.conf.dcdbsync.endpoint_cache.project_name -}}
{{- $_ := set .Values.conf.dcdbsync.keystone_authtoken "project_name" .Values.endpoints.identity.auth.dcdbsync.project_name -}}
{{- end -}}
{{- if empty .Values.conf.dcdbsync.endpoint_cache.project_domain_name -}}
{{- $_ := set .Values.conf.dcdbsync.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.dcdbsync.project_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.dcdbsync.endpoint_cache.user_domain_name -}}
{{- $_ := set .Values.conf.dcdbsync.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.dcdbsync.user_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.dcdbsync.endpoint_cache.username -}}
{{- $_ := set .Values.conf.dcdbsync.keystone_authtoken "username" .Values.endpoints.identity.auth.dcdbsync.username -}}
{{- end -}}
{{- if empty .Values.conf.dcdbsync.endpoint_cache.password -}}
{{- $_ := set .Values.conf.dcdbsync.keystone_authtoken "password" .Values.endpoints.identity.auth.dcdbsync.password -}}
{{- end -}}
{{- if empty .Values.conf.dcdbsync.database.connection -}}
{{- $connection := tuple "sql_alchemy" "internal" "keystone" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
{{- $_ := set .Values.conf.dcdbsync.database "connection" $connection -}}
{{- end -}}
apiVersion: v1
kind: Secret
metadata:
name: dcdbsync-etc
type: Opaque
data:
dcdbsync.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.dcdbsync | b64enc }}
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}

22
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcdbsync/templates/secret-keystone.yaml Normal file
View File

@ -0,0 +1,22 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "dcdbsync" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
{{- end }}
{{- end }}

29
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcdbsync/templates/service.yaml Normal file
View File

@ -0,0 +1,29 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.service_dcdbsync }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "dcorch-dbsync" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
type: {{ if .Values.network.dcdbsync_api.node_port.enabled }}NodePort{{ else }}ClusterIP{{ end }}
ports:
- name: dcdbsync-api
port: {{ .Values.network.dcdbsync_api.port }}
targetPort: {{ .Values.network.dcdbsync_api.port }}
{{- if .Values.network.dcdbsync_api.node_port.enabled }}
nodePort: {{ .Values.network.dcdbsync_api.node_port.port }}
{{- end }}
selector:
{{ tuple . "dcdbsync" "dcdbsync-api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ if .Values.network.dcdbsync_api.external_policy_local }}
externalTrafficPolicy: Local
{{ end }}
{{- end }}

24
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcdbsync/templates/serviceaccounts.yaml Normal file
View File

@ -0,0 +1,24 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- $envAll := . }}
{{- $serviceName := "dcdbsync" }}
{{- $serviceUser := "dcdbsync" }}
{{- $serviceUserPretty := $serviceUser | replace "_" "-" }}
{{- $serviceAccountUser := printf "%s-%s" $serviceUserPretty "ks-user" }}
{{ tuple $envAll "ks_user" $serviceAccountUser | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
{{- $serviceAccountService := printf "%s-%s" $serviceUserPretty "ks-service" }}
{{ tuple $envAll "ks_service" $serviceAccountService | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
{{- $serviceAccountEndpoints := printf "%s-%s" $serviceUserPretty "ks-endpoints" }}
{{ tuple $envAll "ks_endpoints" $serviceAccountEndpoints | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
{{- $serviceAccountNginxProxy := printf "%s-%s" $serviceUserPretty "nginx-proxy" }}
{{ tuple $envAll "nginx_proxy" $serviceAccountNginxProxy | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}

336
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcdbsync/values.yaml Normal file
View File

@ -0,0 +1,336 @@
#
# SPDX-License-Identifier: Apache-2.0
#
# Default values for dcorch.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
nameOverride: ""
fullnameOverride: ""
images:
tags:
dcdbsync: docker.io/starlingx/stx-distributed-cloud:master-debian-stable-latest
ks_user: docker.io/starlingx/stx-distributed-cloud:master-debian-stable-latest
ks_service: docker.io/starlingx/stx-distributed-cloud:master-debian-stable-latest
ks_endpoints: docker.io/starlingx/stx-distributed-cloud:master-debian-stable-latest
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
pullPolicy: IfNotPresent
local_registry:
active: false
labels:
job:
node_selector_key: node-role.kubernetes.io/control-plane
node_selector_value: ""
dcdbsync:
node_affinity_keys:
- starlingx.io/subcloud
- starlingx.io/distributed-cloud
node_affinity_values:
- enabled
serviceAccount:
# Specifies whether a service account should be created
create: true
# Automatically mount a ServiceAccount's API credentials?
automount: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
securityContext: {}
network:
dcdbsync_api:
port: 8219
node_port:
enabled: true
port: 30219
external_policy_local: false
volume: []
conf:
dcdbsync:
DEFAULT:
debug: False
use_syslog: True
syslog_log_facility: local4
verbose: False
bind_port: 8219
auth_strategy: keystone
database:
connection_recycle_time: 3600
max_overflow: 10
max_pool_size: 5
idle_timeout: 3600
keystone_authtoken:
auth_uri: http://controller.internal:5000
region_name: RegionOne
include_service_catalog: false
auth_type: password
interface: internal
auth_url: http://controller.internal:5000
project_name: services
username: dcdbsync
user_domain_name: Default
project_domain_name: Default
cache:
auth_uri: http://controller.internal:5000/v3
endpoint_cache:
auth_uri: http://controller.internal:5000/v3
auth_plugin: password
http_connect_timeout: 15
region_name: RegionOne
project_name: services
user_domain_name: Default
project_domain_name: Default
logging:
loggers:
keys:
- root
- dcdbsync
handlers:
keys:
- stdout
- stderr
- "null"
formatters:
keys:
- context
- default
logger_root:
level: WARNING
handlers: 'null'
logger_dcdbsync:
level: INFO
handlers:
- stdout
qualname: dcdbsync
logger_eventletwsgi:
level: INFO
handlers:
- stdout
- stderr
qualname: eventlet.wsgi.server
logger_keystoneauth:
level: ERROR
handlers: stderr
qualname: keystoneauth
logger_sqlalchemy:
level: WARNING
handlers: stderr
qualname: sqlalchemy
handler_null:
class: logging.NullHandler
formatter: default
args: ()
handler_stdout:
class: StreamHandler
args: (sys.stdout,)
formatter: context
handler_stderr:
class: StreamHandler
args: (sys.stderr,)
formatter: context
formatter_context:
class: oslo_log.formatters.ContextFormatter
formatter_default:
format: "%(message)s"
dependencies:
static:
api:
jobs:
- dcdbsync-ks-endpoints
ks_endpoints:
jobs:
- dcdbsync-ks-user
- dcdbsync-ks-service
nginx_proxy:
jobs:
- dcdbsync-ks-endpoints
manifests:
certificates: false
configmap_bin: true
job_ks_endpoints_dcdbsync: true
dcdbsync_api_deployment: true
ingress: true
job_ks_user: true
job_ks_service: true
job_ks_endpoints: true
secret_etc: true
secret_db: true
secret_ingress_tls: false
secret_keystone: true
service_ingress: true
service_dcdbsync: true
endpoints:
cluster_domain_suffix: cluster.local
dcorch_dbsync:
name: dcdbsync
hosts:
default: dcdbsync-api
internal: dcdbsync-api
host_fqdn_override:
default: null
path:
default: /v1.0
scheme:
default: 'http'
port:
api:
default: 8219
sql_alchemy:
auth:
keystone:
username: admin-keystone
password: password
hosts:
default: postgresql
host_fqdn_override:
default: controller.internal
port:
postgresql:
default: 5432
path: /keystone
scheme: postgresql+psycopg2
identity:
name: keystone
auth:
admin:
username: admin
password: password
region_name: RegionOne
project_name: admin
user_domain_name: Default
project_domain_name: Default
dcdbsync:
role: admin
auth_url: http://controller.internal:5000/v3
username: dcdbsync
password: password
region_name: RegionOne
project_name: services
user_domain_name: Default
project_domain_name: Default
interface: internal
hosts:
default: keystone-api
public: keystone
host_fqdn_override:
default: controller.internal
path:
default: /v3
scheme:
default: http
port:
api:
default: 80
internal: 5000
pod:
probes:
api:
default:
liveness:
enabled: True
params:
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
user:
api:
uid: 0
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
annotations: {}
tolerations:
dcdbsync:
enabled: false
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
mounts:
api:
init_container: null
dcdbsync:
nginx_proxy:
init_container: []
autoscaling:
enabled: false
replicas:
dcdbsync_api: 1
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
daemonsets:
pod_replacement_strategy: RollingUpdate
compute:
enabled: true
min_ready_seconds: 0
max_unavailable: 1
disruption_budget:
dcorch:
min_available: 0
termination_grace_period:
dcorch:
timeout: 30
resources:
enabled: false
dcdbsync_api: []
jobs:
ks_endpoints: []
secrets:
identity:
admin: dcdbsync-keystone-admin
dcdbsync: dcdbsync-keystone-user
oslo_db:
admin: dcorch-db-admin
dcorch: dcorch-db-user
dcmanager: dcmanager-keystone-user
oslo_messaging:
admin: dcorch-rabbitmq-admin
dcorch: dcorch-rabbitmq-user
tls:
dcdbsync:
api:
public: dcdbsync-api-tls-public
internal: dcdbsync-api-tls-internal
ca_certificates:
root_ca: root-ca
nginx_proxy:
port: 8219
image: nginx:stable-alpine
node_selector_key: starlingx.io/subcloud
node_selector_value: enabled

2
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/configmap-bin.yaml
View File

@ -1,5 +1,7 @@
{{/* {{/*
# #
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
*/}} */}}

2
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/deployment-api.yaml
View File

@ -1,5 +1,7 @@
{{/* {{/*
# #
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
*/}} */}}

2
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/deployment-audit-worker.yaml
View File

@ -1,5 +1,7 @@
{{/* {{/*
# #
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
*/}} */}}

2
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/deployment-audit.yaml
View File

@ -1,5 +1,7 @@
{{/* {{/*
# #
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
*/}} */}}

2
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/deployment-manager.yaml
View File

@ -1,5 +1,7 @@
{{/* {{/*
# #
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
*/}} */}}

2
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/deployment-orchestrator.yaml
View File

@ -1,5 +1,7 @@
{{/* {{/*
# #
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
*/}} */}}

2
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/deployment-state.yaml
View File

@ -1,5 +1,7 @@
{{/* {{/*
# #
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
*/}} */}}

8
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/ingress.yaml
View File

@ -1,3 +1,11 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.ingress.enabled -}} {{- if .Values.ingress.enabled -}}
{{- $fullName := include "dcmanager.fullname" . -}} {{- $fullName := include "dcmanager.fullname" . -}}
{{- $svcPort := .Values.service.port -}} {{- $svcPort := .Values.service.port -}}

2
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/job-db-drop.yaml
View File

@ -1,5 +1,7 @@
{{/* {{/*
# #
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
*/}} */}}

2
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/job-db-init.yaml
View File

@ -1,5 +1,7 @@
{{/* {{/*
# #
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
*/}} */}}

2
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/job-db-sync.yaml
View File

@ -1,5 +1,7 @@
{{/* {{/*
# #
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
*/}} */}}

2
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/job-ks-endpoints.yaml
View File

@ -1,5 +1,7 @@
{{/* {{/*
# #
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
*/}} */}}

2
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/job-ks-service.yaml
View File

@ -1,5 +1,7 @@
{{/* {{/*
# #
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
*/}} */}}

2
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/job-ks-user.yaml
View File

@ -1,5 +1,7 @@
{{/* {{/*
# #
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
*/}} */}}

19
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/pvc-backup.yaml
View File

@ -1,19 +0,0 @@
# {{/*
# #
# # SPDX-License-Identifier: Apache-2.0
# #
# */}}
# {{- if and .Values.volume.backup.enabled .Values.manifests.pvc_backup }}
# ---
# kind: PersistentVolumeClaim
# apiVersion: v1
# metadata:
# name: dc-backup-pvc
# spec:
# accessModes: {{ .Values.volume.backup.accessModes }}
# resources:
# requests:
# storage: {{ .Values.volume.backup.size }}
# storageClassName: {{ .Values.volume.backup.class_name }}
# {{- end }}

19
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/pvc-vault.yaml
View File

@ -1,19 +0,0 @@
# {{/*
# #
# # SPDX-License-Identifier: Apache-2.0
# #
# */}}
# {{- if and .Values.volume.vault.enabled .Values.manifests.pvc_vault }}
# ---
# kind: PersistentVolumeClaim
# apiVersion: v1
# metadata:
# name: dc-vault-pvc
# spec:
# accessModes: {{ .Values.volume.vault.accessModes }}
# resources:
# requests:
# storage: {{ .Values.volume.vault.size }}
# storageClassName: {{ .Values.volume.vault.class_name }}
# {{- end }}

2
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/secret-db.yaml
View File

@ -1,5 +1,7 @@
{{/* {{/*
# #
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
*/}} */}}

2
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/secret-etc.yaml
View File

@ -1,5 +1,7 @@
{{/* {{/*
# #
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
*/}} */}}

2
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/secret-keystone.yaml
View File

@ -1,5 +1,7 @@
{{/* {{/*
# #
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
*/}} */}}

4
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/secret-rabbitmq.yaml
View File

@ -1,5 +1,7 @@
{{/* {{/*
# #
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
*/}} */}}
@ -17,4 +19,4 @@ type: Opaque
data: data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "amqp" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }} RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "amqp" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }} {{- end }}
{{- end }} {{- end }}

2
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/templates/service.yaml
View File

@ -1,5 +1,7 @@
{{/* {{/*
# #
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
*/}} */}}

88
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcmanager/values.yaml
View File

@ -383,84 +383,18 @@ pod:
timeout: 30 timeout: 30
resources: resources:
enabled: false enabled: false
api: api: []
requests: manager: []
memory: "128Mi" state: []
cpu: "100m" orchestrator: []
limits: audit: []
memory: "1024Mi" audit_worker: []
cpu: "2000m"
manager:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
state:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
orchestrator:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
audit:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
audit_worker:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs: jobs:
ks_endpoints: ks_endpoints: []
requests: db_init: []
memory: "128Mi" db_sync: []
cpu: "100m" db_drop: []
limits: rabbit_init: []
memory: "1024Mi"
cpu: "2000m"
db_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_drop:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
rabbit_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
secrets: secrets:
identity: identity:

BIN
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/charts/helm-toolkit-0.2.59.tgz
View File

Binary file not shown.

16
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/bin/_db-drop.sh.tpl Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
if ! update-ca-certificates --localcertsdir /etc/pki/ca-trust/source/anchors; then
echo "Failed to update CA certificates!" >&2
exit 1
fi
dropdb -h 127.0.0.1 -Uroot dcorch

16
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/bin/_db-sync.sh.tpl Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
if ! update-ca-certificates --localcertsdir /etc/pki/ca-trust/source/anchors; then
echo "Failed to update CA certificates!" >&2
exit 1
fi
dcorch-manage db_sync

16
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/bin/_dcorch-api.sh.tpl Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
if ! update-ca-certificates --localcertsdir /etc/pki/ca-trust/source/anchors; then
echo "Failed to update CA certificates!" >&2
exit 1
fi
python /var/lib/openstack/bin/dcorch-api --config-file=/etc/dcorch/dcorch.conf

15
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/bin/_dcorch-engine-worker.sh.tpl Normal file
View File

@ -0,0 +1,15 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
if ! update-ca-certificates --localcertsdir /etc/pki/ca-trust/source/anchors; then
echo "Failed to update CA certificates!" >&2
exit 1
fi
python /var/lib/openstack/bin/dcorch-engine-worker --config-file=/etc/dcorch/dcorch.conf

16
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/bin/_dcorch-engine.sh.tpl Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
if ! update-ca-certificates --localcertsdir /etc/pki/ca-trust/source/anchors; then
echo "Failed to update CA certificates!" >&2
exit 1
fi
python /var/lib/openstack/bin/dcorch-engine --config-file=/etc/dcorch/dcorch.conf

16
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/bin/_dcorch-identity-api-proxy.sh.tpl Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
if ! update-ca-certificates --localcertsdir /etc/pki/ca-trust/source/anchors; then
echo "Failed to update CA certificates!" >&2
exit 1
fi
python /var/lib/openstack/bin/dcorch-api-proxy --config-file=/etc/dcorch/dcorch.conf --type=identity

16
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/bin/_dcorch-patch-api-proxy.sh.tpl Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
if ! update-ca-certificates --localcertsdir /etc/pki/ca-trust/source/anchors; then
echo "Failed to update CA certificates!" >&2
exit 1
fi
python /var/lib/openstack/bin/dcorch-api-proxy --config-file=/etc/dcorch/dcorch.conf --type=patching

16
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/bin/_dcorch-sysinv-api-proxy.sh.tpl Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
if ! update-ca-certificates --localcertsdir /etc/pki/ca-trust/source/anchors; then
echo "Failed to update CA certificates!" >&2
exit 1
fi
python /var/lib/openstack/bin/dcorch-api-proxy --config-file=/etc/dcorch/dcorch.conf --type=platform

16
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/bin/_dcorch-usm-api-proxy.sh.tpl Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
if ! update-ca-certificates --localcertsdir /etc/pki/ca-trust/source/anchors; then
echo "Failed to update CA certificates!" >&2
exit 1
fi
python /var/lib/openstack/bin/dcorch-api-proxy --config-file=/etc/dcorch/dcorch.conf --type=usm

35
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/bin/_endpoint-update.sh.tpl Executable file
View File

@ -0,0 +1,35 @@
#!/bin/bash
{{/*
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
# Get service id
OS_SERVICE_ID=$( openstack service list -c Type -c ID -f value | \
grep ${OS_SERVICE_TYPE} | cut -f1 -d" " )
# Check if endpoint exists
OS_ENDPOINT_ID=$( openstack endpoint list --service ${OS_SERVICE_TYPE} \
--region ${OS_SERVICE_REGION} \
--interface ${OS_SVC_ENDPOINT} -c ID -f value )
# Delete the old endpoint
if [[ -n "$OS_ENDPOINT_ID" ]]; then
openstack endpoint delete ${OS_ENDPOINT_ID}
fi
# Create the new endpoint
OS_ENDPOINT_ID=$( openstack endpoint create -f value -c id \
--region=${OS_SERVICE_REGION} \
"${OS_SERVICE_ID}" \
${OS_SVC_ENDPOINT} \
"${OS_SERVICE_ENDPOINT}" )
# Display the Endpoint
openstack endpoint show ${OS_ENDPOINT_ID}

16
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/bin/_keystone-api-proxy.sh.tpl Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
if ! update-ca-certificates --localcertsdir /etc/pki/ca-trust/source/anchors; then
echo "Failed to update CA certificates!" >&2
exit 1
fi
python /var/lib/openstack/bin/dcorch-api-proxy --config-file=/etc/dcorch/dcorch.conf --type=identity

16
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/bin/_patching-api-proxy.sh.tpl Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
if ! update-ca-certificates --localcertsdir /etc/pki/ca-trust/source/anchors; then
echo "Failed to update CA certificates!" >&2
exit 1
fi
python /var/lib/openstack/bin/dcorch-api-proxy --config-file=/etc/dcorch/dcorch.conf --type=patching

16
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/bin/_sysinv-api-proxy.sh.tpl Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
if ! update-ca-certificates --localcertsdir /etc/pki/ca-trust/source/anchors; then
echo "Failed to update CA certificates!" >&2
exit 1
fi
python /var/lib/openstack/bin/dcorch-api-proxy --config-file=/etc/dcorch/dcorch.conf --type=platform

16
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/bin/_usm-api-proxy.sh.tpl Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
{{/*
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
set -ex
if ! update-ca-certificates --localcertsdir /etc/pki/ca-trust/source/anchors; then
echo "Failed to update CA certificates!" >&2
exit 1
fi
python /var/lib/openstack/bin/dcorch-api-proxy --config-file=/etc/dcorch/dcorch.conf --type=usm

43
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/configmap-bin.yaml Normal file
View File

@ -0,0 +1,43 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
apiVersion: v1
kind: ConfigMap
metadata:
name: dcorch-bin
data:
dcorch-api.sh: |
{{ tuple "bin/_dcorch-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
dcorch-engine-worker.sh: |
{{ tuple "bin/_dcorch-engine-worker.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
dcorch-engine.sh: |
{{ tuple "bin/_dcorch-engine.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
keystone-api-proxy.sh: |
{{ tuple "bin/_keystone-api-proxy.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
sysinv-api-proxy.sh: |
{{ tuple "bin/_sysinv-api-proxy.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
patching-api-proxy.sh: |
{{ tuple "bin/_patching-api-proxy.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
usm-api-proxy.sh: |
{{ tuple "bin/_usm-api-proxy.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
db-init.py: |
{{- include "helm-toolkit.scripts.db_init" . | indent 4 }}
db-sync.sh: |
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
db-drop.sh: |
{{ tuple "bin/_db-drop.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
db-drop.py: |
{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }}
ks-service.sh: |
{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }}
ks-endpoints.sh: |
{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
ks-user.sh: |
{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
endpoint-update.sh: |
{{ tuple "bin/_endpoint-update.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}

137
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/dcorch-api.yaml Normal file
View File

@ -0,0 +1,137 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- define "dcOrchApiLivenessProbeTemplate" }}
tcpSocket:
port: {{ tuple "dcorch" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
{{- if .Values.manifests.deployment_api }}
{{- $envAll := . }}
{{- $mounts_dcorch_api := .Values.pod.mounts.api.dcorch }}
{{- $mounts_dcorch_api_init := .Values.pod.mounts.api.init_container }}
{{- $serviceAccountName := "dcorch" }}
{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: dcorch-api
labels:
{{ tuple $envAll "dcorch" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
{{- if not .Values.pod.autoscaling.enabled }}
replicas: {{ .Values.pod.replicas.api }}
{{- end }}
selector:
matchLabels:
{{ tuple $envAll "dcorch" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
{{- with .Values.pod.annotations.api }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{ tuple $envAll "dcorch" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "api" $mounts_dcorch_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: dcorch
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: SSL_CERT_FILE
value: /etc/ssl/certs/ca-certificates.crt
envFrom:
- secretRef:
name: dcorch-keystone-admin
volumeMounts:
- name: dcorch-bin
mountPath: /tmp/dcorch-api.sh
subPath: dcorch-api.sh
readOnly: true
- name: dcorch-etc
mountPath: /etc/dcorch/dcorch.conf
subPath: dcorch.conf
readOnly: true
- name: dcorch-etc
mountPath: /etc/dcorch/logging.conf
subPath: logging.conf
readOnly: true
- name: dc-vault-dir
mountPath: {{ .Values.conf.dcorch.vault.base_path }}
- name: dc-backup-dir
mountPath: {{ .Values.conf.dcorch.backup.base_path }}
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
mountPath: /usr/local/share/ca-certificates/root-ca.crt
subPath: ca.crt
readOnly: true
{{- end }}
{{ if $mounts_dcorch_api.volumeMounts }}{{ toYaml $mounts_dcorch_api.volumeMounts | indent 12 }}{{ end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.dcorch.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ dict "envAll" . "component" "api" "container" "default" "type" "liveness" "probeTemplate" (include "dcOrchApiLivenessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
command:
- /tmp/dcorch-api.sh
image: "{{ .Values.images.tags.dcorch }}"
imagePullPolicy: {{ .Values.images.pullPolicy }}
ports:
- name: http
containerPort: {{ tuple "dcorch" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
protocol: TCP
{{ tuple $envAll "dcorch" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ .Values.labels.dcorch.node_selector_key }}: {{ .Values.labels.dcorch.node_selector_value }}
{{ if $envAll.Values.pod.tolerations.dcorch.enabled }}
{{ tuple $envAll "dcorch" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
affinity:
{{ tuple $envAll "dcorch" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
volumes:
- name: dcorch-etc
secret:
secretName: dcorch-etc
defaultMode: 0644
- name: dcorch-bin
configMap:
name: dcorch-bin
defaultMode: 0755
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
secret:
secretName: {{ .Values.ca_certificates.root_ca }}
defaultMode: 0644
{{- end }}
{{- if and .Values.volume.vault.enabled .Values.manifests.pvc_vault }}
- name: dc-vault-dir
persistentVolumeClaim:
claimName: dc-vault-pvc
{{- else }}
- name: dc-vault-dir
hostPath:
path: {{ .Values.conf.dcorch.vault.base_path }}
type: DirectoryOrCreate
{{- end }}
{{- if and .Values.volume.backup.enabled .Values.manifests.pvc_backup }}
- name: dc-backup-dir
persistentVolumeClaim:
claimName: dc-backup-pvc
{{- else }}
- name: dc-backup-dir
hostPath:
path: {{ .Values.conf.dcorch.backup.base_path }}
type: DirectoryOrCreate
{{- end }}
{{ if $mounts_dcorch_api.volumes }}{{ toYaml $mounts_dcorch_api.volumes | indent 8 }}{{ end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.dcorch.api.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end }}

98
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/dcorch-engine-worker.yaml Normal file
View File

@ -0,0 +1,98 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.deployment_engine }}
{{- $envAll := . }}
{{- $mounts_dcorch_engine := .Values.pod.mounts.engine.dcorch }}
{{- $mounts_dcorch_engine_init := .Values.pod.mounts.engine.init_container }}
{{- $serviceAccountName := "dcorch-engine-worker" }}
{{ tuple $envAll "engine" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: dcorch-engine-worker
labels:
{{ tuple $envAll "dcorch" "engine" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
{{- if not .Values.pod.autoscaling.enabled }}
replicas: {{ .Values.pod.replicas.dcorch_engine_worker }}
{{- end }}
selector:
matchLabels:
{{ tuple $envAll "dcorch" "engine" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
{{- with .Values.pod.annotations.dcorch_engine }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{ tuple $envAll "dcorch" "engine" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "engine" $mounts_dcorch_engine_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: dcorch
{{ tuple $envAll $envAll.Values.pod.resources.dcorch_engine_worker | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: REQUESTS_CA_BUNDLE
value: /etc/ssl/certs/ca-certificates.crt
volumeMounts:
- name: dcorch-bin
mountPath: /tmp/dcorch-engine-worker.sh
subPath: dcorch-engine-worker.sh
readOnly: true
- name: dcorch-etc
mountPath: /etc/dcorch/dcorch.conf
subPath: dcorch.conf
readOnly: true
- name: dcorch-etc
mountPath: /etc/dcorch/logging.conf
subPath: logging.conf
readOnly: true
{{- if .Values.ca_certificates.root_ca }}
- name: ca-certs
mountPath: /etc/pki/ca-trust/source/anchors/ca-cert.crt
subPath: ca.crt
readOnly: true
{{- end }}
{{ if $mounts_dcorch_engine.volumeMounts }}{{ toYaml $mounts_dcorch_engine.volumeMounts | indent 12 }}{{ end }}
command:
- /tmp/dcorch-engine-worker.sh
image: "{{ .Values.images.tags.dcorch }}"
imagePullPolicy: {{ .Values.images.pullPolicy }}
{{ tuple $envAll "dcorch" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ .Values.labels.dcorch.node_selector_key }}: {{ .Values.labels.dcorch.node_selector_value }}
{{ if $envAll.Values.pod.tolerations.dcorch.enabled }}
{{ tuple $envAll "dcorch" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
affinity:
{{ tuple $envAll "dcorch" "engine" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
volumes:
- name: dcorch-etc
secret:
secretName: dcorch-etc
defaultMode: 0644
- name: dcorch-bin
configMap:
name: dcorch-bin
defaultMode: 0755
{{- if .Values.ca_certificates.root_ca }}
- name: ca-certs
secret:
secretName: {{ .Values.ca_certificates.root_ca }}
defaultMode: 0644
{{- end }}
{{ if $mounts_dcorch_engine.volumes }}{{ toYaml $mounts_dcorch_engine.volumes | indent 8 }}{{ end }}
{{- end }}

101
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/dcorch-engine.yaml Normal file
View File

@ -0,0 +1,101 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.deployment_engine }}
{{- $envAll := . }}
{{- $mounts_dcorch_engine := .Values.pod.mounts.engine.dcorch }}
{{- $mounts_dcorch_engine_init := .Values.pod.mounts.engine.init_container }}
{{- $serviceAccountName := "dcorch-engine" }}
{{ tuple $envAll "engine" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: dcorch-engine
labels:
{{ tuple $envAll "dcorch" "engine" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
{{- if not .Values.pod.autoscaling.enabled }}
replicas: {{ .Values.pod.replicas.dcorch_engine }}
{{- end }}
selector:
matchLabels:
{{ tuple $envAll "dcorch" "engine" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
{{- with .Values.pod.annotations.dcorch_engine }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{ tuple $envAll "dcorch" "engine" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "engine" $mounts_dcorch_engine_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: dcorch
{{ tuple $envAll $envAll.Values.pod.resources.dcorch_engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: SSL_CERT_FILE
value: /etc/ssl/certs/ca-certificates.crt
envFrom:
- secretRef:
name: dcorch-keystone-admin
volumeMounts:
- name: dcorch-bin
mountPath: /tmp/dcorch-engine.sh
subPath: dcorch-engine.sh
readOnly: true
- name: dcorch-etc
mountPath: /etc/dcorch/dcorch.conf
subPath: dcorch.conf
readOnly: true
- name: dcorch-etc
mountPath: /etc/dcorch/logging.conf
subPath: logging.conf
readOnly: true
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
mountPath: /usr/local/share/ca-certificates/root-ca.crt
subPath: ca.crt
readOnly: true
{{- end }}
{{ if $mounts_dcorch_engine.volumeMounts }}{{ toYaml $mounts_dcorch_engine.volumeMounts | indent 12 }}{{ end }}
command:
- /tmp/dcorch-engine.sh
image: "{{ .Values.images.tags.dcorch }}"
imagePullPolicy: {{ .Values.images.pullPolicy }}
{{ tuple $envAll "dcorch" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ .Values.labels.dcorch.node_selector_key }}: {{ .Values.labels.dcorch.node_selector_value }}
{{ if $envAll.Values.pod.tolerations.dcorch.enabled }}
{{ tuple $envAll "dcorch" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
affinity:
{{ tuple $envAll "dcorch" "engine" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
volumes:
- name: dcorch-etc
secret:
secretName: dcorch-etc
defaultMode: 0644
- name: dcorch-bin
configMap:
name: dcorch-bin
defaultMode: 0755
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
secret:
secretName: {{ .Values.ca_certificates.root_ca }}
defaultMode: 0644
{{- end }}
{{ if $mounts_dcorch_engine.volumes }}{{ toYaml $mounts_dcorch_engine.volumes | indent 8 }}{{ end }}
{{- end }}

15
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/job-db-drop.yaml Normal file
View File

@ -0,0 +1,15 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.job_db_drop }}
{{- $dbDropJob := dict "envAll" . "serviceName" "dcorch" -}}
{{- if .Values.pod.tolerations.dcorch.enabled -}}
{{- $_ := set $dbDropJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }}
{{- end }}

15
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/job-db-init.yaml Normal file
View File

@ -0,0 +1,15 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.job_db_init }}
{{- $dbInitJob := dict "envAll" . "serviceName" "dcorch" -}}
{{- if .Values.pod.tolerations.dcorch.enabled -}}
{{- $_ := set $dbInitJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }}
{{- end }}

15
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/job-db-sync.yaml Normal file
View File

@ -0,0 +1,15 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.job_db_sync }}
{{- $dbSyncJob := dict "envAll" . "serviceName" "dcorch" -}}
{{- if .Values.pod.tolerations.dcorch.enabled -}}
{{- $_ := set $dbSyncJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }}
{{- end }}

89
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/job-ks-endpoints-identity.yaml Normal file
View File

@ -0,0 +1,89 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
#
*/}}
{{- if .Values.manifests.job_ks_endpoints_identity }}
{{- $envAll := . }}
{{- $serviceName := "keystone-api-proxy" }}
{{- $serviceRegion := $envAll.Values.endpoints.keystone_api_proxy.region_name }}
{{- $nodeSelector := dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value -}}
{{- $serviceAccountName := printf "%s-%s" $serviceName "ks-endpoints" }}
{{ tuple $envAll "ks_endpoints_identity" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ printf "%s-%s" $serviceName "ks-endpoints" | quote }}
spec:
template:
metadata:
labels:
{{ tuple $envAll $serviceName "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
imagePullSecrets:
- name: default-registry-key
restartPolicy: OnFailure
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
containers:
{{- range $key1, $osServiceType := tuple "identity" }}
{{- range $key2, $osRealServiceType := tuple "keystone_api_proxy" }}
{{- range $key3, $osServiceEndPoint := tuple "admin" "internal" "public" }}
- name: {{ printf "%s-%s-%s" "keystone-proxy" "ks-endpoints" $osServiceEndPoint | quote }}
image: {{ $envAll.Values.images.tags.ks_endpoints }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
command:
- /tmp/endpoint-update.sh
volumeMounts:
- name: endpoint-update-sh
mountPath: /tmp/endpoint-update.sh
subPath: endpoint-update.sh
readOnly: true
env:
- name: OS_SVC_ENDPOINT
value: {{ $osServiceEndPoint | quote }}
- name: OS_SERVICE_NAME
value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }}
- name: OS_SERVICE_TYPE
value: {{ $osServiceType | quote }}
- name: OS_SERVICE_ENDPOINT
value: {{ tuple $osRealServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
- name: OS_SERVICE_REGION
value: {{ $serviceRegion | quote }}
- name: OS_AUTH_URL
value: http://controller.internal:5000/v3
- name: OS_USERNAME
value: "admin"
- name: OS_ENDPOINT_TYPE
value: "internal"
- name: OS_INTERFACE
value: "internal"
- name: OS_PASSWORD
valueFrom:
secretKeyRef:
name: dcorch-keystone-admin
key: OS_PASSWORD
- name: OS_PROJECT_NAME
value: "admin"
- name: OS_USER_DOMAIN_NAME
value: "Default"
- name: OS_PROJECT_DOMAIN_NAME
value: "Default"
{{- end }}
{{- end }}
volumes:
- name: endpoint-update-sh
configMap:
name: dcorch-bin
defaultMode: 0555
{{- end }}
{{- end }}

89
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/job-ks-endpoints-patching.yaml Normal file
View File

@ -0,0 +1,89 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
#
*/}}
{{- if .Values.manifests.job_ks_endpoints_patching }}
{{- $envAll := . }}
{{- $serviceName := "patching-api-proxy" }}
{{- $serviceRegion := $envAll.Values.endpoints.patching_api_proxy.region_name }}
{{- $nodeSelector := dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value -}}
{{- $serviceAccountName := printf "%s-%s" $serviceName "ks-endpoints" }}
{{ tuple $envAll "ks_endpoints_patching" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ printf "%s-%s" $serviceName "ks-endpoints" | quote }}
spec:
template:
metadata:
labels:
{{ tuple $envAll $serviceName "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
imagePullSecrets:
- name: default-registry-key
restartPolicy: OnFailure
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
containers:
{{- range $key1, $osServiceType := tuple "patching" }}
{{- range $key2, $osRealServiceType := tuple "patching_api_proxy" }}
{{- range $key3, $osServiceEndPoint := tuple "admin" "internal" "public" }}
- name: {{ printf "%s-%s-%s" "patching-proxy" "ks-endpoints" $osServiceEndPoint | quote }}
image: {{ $envAll.Values.images.tags.ks_endpoints }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
command:
- /tmp/endpoint-update.sh
volumeMounts:
- name: endpoint-update-sh
mountPath: /tmp/endpoint-update.sh
subPath: endpoint-update.sh
readOnly: true
env:
- name: OS_SVC_ENDPOINT
value: {{ $osServiceEndPoint | quote }}
- name: OS_SERVICE_NAME
value: "patching"
- name: OS_SERVICE_TYPE
value: {{ $osServiceType | quote }}
- name: OS_SERVICE_ENDPOINT
value: {{ tuple $osRealServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
- name: OS_SERVICE_REGION
value: {{ $serviceRegion | quote }}
- name: OS_AUTH_URL
value: http://controller.internal:5000/v3
- name: OS_USERNAME
value: "admin"
- name: OS_ENDPOINT_TYPE
value: "internal"
- name: OS_INTERFACE
value: "internal"
- name: OS_PASSWORD
valueFrom:
secretKeyRef:
name: dcorch-keystone-admin
key: OS_PASSWORD
- name: OS_PROJECT_NAME
value: "admin"
- name: OS_USER_DOMAIN_NAME
value: "Default"
- name: OS_PROJECT_DOMAIN_NAME
value: "Default"
{{- end }}
{{- end }}
volumes:
- name: endpoint-update-sh
configMap:
name: dcorch-bin
defaultMode: 0555
{{- end }}
{{- end }}

89
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/job-ks-endpoints-sysinv.yaml Normal file
View File

@ -0,0 +1,89 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
#
*/}}
{{- if .Values.manifests.job_ks_endpoints_sysinv }}
{{- $envAll := . }}
{{- $serviceName := "sysinv-api-proxy" }}
{{- $serviceRegion := $envAll.Values.endpoints.sysinv_api_proxy.region_name }}
{{- $nodeSelector := dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value -}}
{{- $serviceAccountName := printf "%s-%s" $serviceName "ks-endpoints" }}
{{ tuple $envAll "ks_endpoints_sysinv" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ printf "%s-%s" $serviceName "ks-endpoints" | quote }}
spec:
template:
metadata:
labels:
{{ tuple $envAll $serviceName "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
imagePullSecrets:
- name: default-registry-key
restartPolicy: OnFailure
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
containers:
{{- range $key1, $osServiceType := tuple "platform" }}
{{- range $key2, $osRealServiceType := tuple "sysinv_api_proxy" }}
{{- range $key3, $osServiceEndPoint := tuple "admin" "internal" "public" }}
- name: {{ printf "%s-%s-%s" "sysinv-proxy" "ks-endpoints" $osServiceEndPoint | quote }}
image: {{ $envAll.Values.images.tags.ks_endpoints }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
command:
- /tmp/endpoint-update.sh
volumeMounts:
- name: endpoint-update-sh
mountPath: /tmp/endpoint-update.sh
subPath: endpoint-update.sh
readOnly: true
env:
- name: OS_SVC_ENDPOINT
value: {{ $osServiceEndPoint | quote }}
- name: OS_SERVICE_NAME
value: "sysinv"
- name: OS_SERVICE_TYPE
value: {{ $osServiceType | quote }}
- name: OS_SERVICE_ENDPOINT
value: {{ tuple $osRealServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
- name: OS_SERVICE_REGION
value: {{ $serviceRegion | quote }}
- name: OS_AUTH_URL
value: http://controller.internal:5000/v3
- name: OS_USERNAME
value: "admin"
- name: OS_ENDPOINT_TYPE
value: "internal"
- name: OS_INTERFACE
value: "internal"
- name: OS_PASSWORD
valueFrom:
secretKeyRef:
name: dcorch-keystone-admin
key: OS_PASSWORD
- name: OS_PROJECT_NAME
value: "admin"
- name: OS_USER_DOMAIN_NAME
value: "Default"
- name: OS_PROJECT_DOMAIN_NAME
value: "Default"
{{- end }}
{{- end }}
volumes:
- name: endpoint-update-sh
configMap:
name: dcorch-bin
defaultMode: 0555
{{- end }}
{{- end }}

89
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/job-ks-endpoints-usm.yaml Normal file
View File

@ -0,0 +1,89 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
#
*/}}
{{- if .Values.manifests.job_ks_endpoints_usm }}
{{- $envAll := . }}
{{- $serviceName := "usm-api-proxy" }}
{{- $serviceRegion := $envAll.Values.endpoints.usm_api_proxy.region_name }}
{{- $nodeSelector := dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value -}}
{{- $serviceAccountName := printf "%s-%s" $serviceName "ks-endpoints" }}
{{ tuple $envAll "ks_endpoints_usm" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ printf "%s-%s" $serviceName "ks-endpoints" | quote }}
spec:
template:
metadata:
labels:
{{ tuple $envAll $serviceName "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
imagePullSecrets:
- name: default-registry-key
restartPolicy: OnFailure
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
containers:
{{- range $key1, $osServiceType := tuple "usm" }}
{{- range $key2, $osRealServiceType := tuple "usm_api_proxy" }}
{{- range $key3, $osServiceEndPoint := tuple "admin" "internal" "public" }}
- name: {{ printf "%s-%s-%s" "usm-proxy" "ks-endpoints" $osServiceEndPoint | quote }}
image: {{ $envAll.Values.images.tags.ks_endpoints }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
command:
- /tmp/endpoint-update.sh
volumeMounts:
- name: endpoint-update-sh
mountPath: /tmp/endpoint-update.sh
subPath: endpoint-update.sh
readOnly: true
env:
- name: OS_SVC_ENDPOINT
value: {{ $osServiceEndPoint | quote }}
- name: OS_SERVICE_NAME
value: "usm"
- name: OS_SERVICE_TYPE
value: {{ $osServiceType | quote }}
- name: OS_SERVICE_ENDPOINT
value: {{ tuple $osRealServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
- name: OS_SERVICE_REGION
value: {{ $serviceRegion | quote }}
- name: OS_AUTH_URL
value: http://controller.internal:5000/v3
- name: OS_USERNAME
value: "admin"
- name: OS_ENDPOINT_TYPE
value: "internal"
- name: OS_INTERFACE
value: "internal"
- name: OS_PASSWORD
valueFrom:
secretKeyRef:
name: dcorch-keystone-admin
key: OS_PASSWORD
- name: OS_PROJECT_NAME
value: "admin"
- name: OS_USER_DOMAIN_NAME
value: "Default"
- name: OS_PROJECT_DOMAIN_NAME
value: "Default"
{{- end }}
{{- end }}
volumes:
- name: endpoint-update-sh
configMap:
name: dcorch-bin
defaultMode: 0555
{{- end }}
{{- end }}

18
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/job-ks-service.yaml Normal file
View File

@ -0,0 +1,18 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.job_ks_service }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "dcorch" "serviceTypes" ( tuple "dcorch" ) -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.dcorch.api.public -}}
{{- end -}}
{{- if .Values.pod.tolerations.dcorch.enabled -}}
{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }}
{{- end }}

18
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/job-ks-user.yaml Normal file
View File

@ -0,0 +1,18 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- if .Values.manifests.job_ks_user }}
{{- $ksUserJob := dict "envAll" . "serviceName" "dcorch" -}}
{{- if .Values.pod.tolerations.dcorch.enabled -}}
{{- $_ := set $ksUserJob "tolerationsEnabled" true -}}
{{- end -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.dcorch.api.public -}}
{{- end -}}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}

116
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/keystone-api-proxy.yaml Normal file
View File

@ -0,0 +1,116 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- define "KeystoneApiLivenessProbeTemplate" }}
tcpSocket:
port: {{ tuple "keystone_api_proxy" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
{{- if .Values.manifests.ks_deployment_api_proxy }}
{{- $envAll := . }}
{{- $mounts_keystone_api_proxy := .Values.pod.mounts.keystone_api_proxy.keystone_api_proxy }}
{{- $mounts_keystone_api_proxy_init := .Values.pod.mounts.keystone_api_proxy.init_container }}
{{- $serviceAccountName := "keystone-api-proxy" }}
{{ tuple $envAll "keystone-api-proxy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keystone-api-proxy
labels:
{{ tuple $envAll "dcorch" "keystone-api-proxy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
{{- if not .Values.pod.autoscaling.enabled }}
replicas: {{ .Values.pod.replicas.keystone_api_proxy }}
{{- end }}
selector:
matchLabels:
{{ tuple $envAll "dcorch" "keystone-api-proxy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
{{- with .Values.pod.annotations.keystone_api_proxy }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{ tuple $envAll "dcorch" "keystone-api-proxy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "ks_endpoints_identity" $mounts_keystone_api_proxy_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: keystone-api-proxy
{{ tuple $envAll $envAll.Values.pod.resources.keystone_api_proxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: SSL_CERT_FILE
value: /etc/ssl/certs/ca-certificates.crt
envFrom:
- secretRef:
name: dcorch-keystone-admin
volumeMounts:
- name: dcorch-bin
mountPath: /tmp/keystone-api-proxy.sh
subPath: keystone-api-proxy.sh
readOnly: true
- name: dcorch-etc
mountPath: /etc/dcorch/dcorch.conf
subPath: dcorch.conf
readOnly: true
- name: dcorch-etc
mountPath: /etc/dcorch/logging.conf
subPath: logging.conf
readOnly: true
- name: dcorch-etc
mountPath: /etc/dcorch/api-paste.ini
subPath: api-paste.ini
readOnly: true
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
mountPath: /usr/local/share/ca-certificates/root-ca.crt
subPath: ca.crt
readOnly: true
{{- end }}
{{ if $mounts_keystone_api_proxy.volumeMounts }}{{ toYaml $mounts_keystone_api_proxy.volumeMounts | indent 12 }}{{ end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.keystone_api_proxy.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ dict "envAll" . "component" "api" "container" "default" "type" "liveness" "probeTemplate" (include "KeystoneApiLivenessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
command:
- /tmp/keystone-api-proxy.sh
image: "{{ .Values.images.tags.dcorch }}"
imagePullPolicy: {{ .Values.images.pullPolicy }}
ports:
- name: ks-proxy
containerPort: {{ tuple "keystone_api_proxy" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
protocol: TCP
{{ tuple $envAll "dcorch" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ .Values.labels.dcorch.node_selector_key }}: {{ .Values.labels.dcorch.node_selector_value }}
{{ if $envAll.Values.pod.tolerations.dcorch.enabled }}
{{ tuple $envAll "dcorch" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
affinity:
{{ tuple $envAll "dcorch" "keystone-api-proxy" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
volumes:
- name: dcorch-etc
secret:
secretName: dcorch-etc
defaultMode: 0644
- name: dcorch-bin
configMap:
name: dcorch-bin
defaultMode: 0755
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
secret:
secretName: {{ .Values.ca_certificates.root_ca }}
defaultMode: 0644
{{- end }}
{{ if $mounts_keystone_api_proxy.volumes }}{{ toYaml $mounts_keystone_api_proxy.volumes | indent 8 }}{{ end }}
{{- end }}

140
stx-distributed-cloud-helm/stx-distributed-cloud-helm/helm-charts/dcorch/templates/patching-api-proxy.yaml Normal file
View File

@ -0,0 +1,140 @@
{{/*
#
# Copyright (c) 2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}
{{- define "PatchingApiLivenessProbeTemplate" }}
tcpSocket:
port: {{ tuple "patching_api_proxy" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
{{- if .Values.manifests.patching_deployment_api_proxy }}
{{- $envAll := . }}
{{- $mounts_patching_api_proxy := .Values.pod.mounts.patching_api_proxy.patching_api_proxy }}
{{- $mounts_patching_api_proxy_init := .Values.pod.mounts.patching_api_proxy.init_container }}
{{- $serviceAccountName := "patching-api-proxy" }}
{{ tuple $envAll "patching-api-proxy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: patching-api-proxy
labels:
{{ tuple $envAll "dcorch" "patching-api-proxy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
{{- if not .Values.pod.autoscaling.enabled }}
replicas: {{ .Values.pod.replicas.patching_api_proxy }}
{{- end }}
selector:
matchLabels:
{{ tuple $envAll "dcorch" "patching-api-proxy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
{{- with .Values.pod.annotations.patching_api_proxy }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{ tuple $envAll "dcorch" "patching-api-proxy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "ks_endpoints_patching" $mounts_patching_api_proxy_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: patching-api-proxy
{{ tuple $envAll $envAll.Values.pod.resources.patching_api_proxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: SSL_CERT_FILE
value: /etc/ssl/certs/ca-certificates.crt
envFrom:
- secretRef:
name: dcorch-keystone-admin
volumeMounts:
- name: dcorch-bin
mountPath: /tmp/patching-api-proxy.sh
subPath: patching-api-proxy.sh
readOnly: true
- name: dcorch-etc
mountPath: /etc/dcorch/dcorch.conf
subPath: dcorch.conf
readOnly: true
- name: dcorch-etc
mountPath: /etc/dcorch/logging.conf
subPath: logging.conf
readOnly: true
- name: dcorch-etc
mountPath: /etc/dcorch/api-paste.ini
subPath: api-paste.ini
readOnly: true
- name: dc-vault-dir
mountPath: {{ .Values.conf.dcorch.vault.base_path }}
- name: dc-backup-dir
mountPath: {{ .Values.conf.dcorch.backup.base_path }}
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
mountPath: /usr/local/share/ca-certificates/root-ca.crt
subPath: ca.crt
readOnly: true
{{- end }}
{{ if $mounts_patching_api_proxy.volumeMounts }}{{ toYaml $mounts_patching_api_proxy.volumeMounts | indent 12 }}{{ end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.patching_api_proxy.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ dict "envAll" . "component" "api" "container" "default" "type" "liveness" "probeTemplate" (include "PatchingApiLivenessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
command:
- /tmp/patching-api-proxy.sh
image: "{{ .Values.images.tags.dcorch }}"
imagePullPolicy: {{ .Values.images.pullPolicy }}
ports:
- name: ks-proxy
containerPort: {{ tuple "patching_api_proxy" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
protocol: TCP
{{ tuple $envAll "dcorch" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ .Values.labels.dcorch.node_selector_key }}: {{ .Values.labels.dcorch.node_selector_value }}
{{ if $envAll.Values.pod.tolerations.dcorch.enabled }}
{{ tuple $envAll "dcorch" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
affinity:
{{ tuple $envAll "dcorch" "patching-api-proxy" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
volumes:
- name: dcorch-etc
secret:
secretName: dcorch-etc
defaultMode: 0644
- name: dcorch-bin
configMap:
name: dcorch-bin
defaultMode: 0755
{{- if .Values.ca_certificates.root_ca }}
- name: root-ca
secret:
secretName: {{ .Values.ca_certificates.root_ca }}
defaultMode: 0644
{{- end }}
{{- if and .Values.volume.vault.enabled .Values.manifests.pvc_vault }}
- name: dc-vault-dir
persistentVolumeClaim:
claimName: dc-vault-pvc
{{- else }}
- name: dc-vault-dir
hostPath:
path: {{ .Values.conf.dcorch.vault.base_path }}
type: DirectoryOrCreate
{{- end }}
{{- if and .Values.volume.backup.enabled .Values.manifests.pvc_backup }}
- name: dc-backup-dir
persistentVolumeClaim:
claimName: dc-backup-pvc
{{- else }}
- name: dc-backup-dir
hostPath:
path: {{ .Values.conf.dcorch.backup.base_path }}
type: DirectoryOrCreate
{{- end }}
{{ if $mounts_patching_api_proxy.volumes }}{{ toYaml $mounts_patching_api_proxy.volumes | indent 8 }}{{ end }}
{{- end }}

Some files were not shown because too many files have changed in this diff Show More