Add sync-root-ceph-endpoint job to openstack-dep chart

kungze · Jul 8, 2022 · ac80557 · ac80557
1 parent e8bc069
commit ac80557
Show file tree

Hide file tree

Showing 8 changed files with 292 additions and 4 deletions.
diff --git a/charts/openstack-dep/Chart.yaml b/charts/openstack-dep/Chart.yaml
@@ -13,7 +13,7 @@
 apiVersion: v2
 description: Install openstack dependency service
 name: openstack-dep
-version: 1.0.1
+version: 1.0.2
 home: https://github.com/kungze/kolla-helm
 maintainers:
   - name: Kungze

diff --git a/charts/openstack-dep/README.md b/charts/openstack-dep/README.md
@@ -47,9 +47,26 @@ type: Opaque
 
 ### Global Parameters
 
-| Name                  | Form title           | Description                                    | Value           |
-| --------------------- | -------------------- | ---------------------------------------------- | --------------- |
-| `clusterDomainSuffix` | Cluser domain suffix | The domain suffix of of the current k8s cluser | `cluster.local` |
+| Name                 | Form title           | Description                                    | Value           |
+| -------------------- | -------------------- | ---------------------------------------------- | --------------- |
+| `clusterDomainSuffix`| Cluser domain suffix | The domain suffix of of the current k8s cluser | `cluster.local` |
+
+
+### Deployment Parameters
+
+| Name                   | Form title              | Description                                    | Value           |
+| ---------------------- | ----------------------- | ---------------------------------------------- | --------------- |
+| `serviceAccountName`   | ServiceAccount name     | The k8s ServiceAccount name used by this chart | `openstack-dep` |
+
+
+### Image Parameters
+
+| Name             | Form title        | Description                                     | Value                   |
+| ---------------- | ----------------- | ----------------------------------------------- | ----------------------- |
+| `imageRegistry`  | Image Registry    | The registry address of openstack kolla image   | `registry.aliyuncs.com` |
+| `imageNamespace` | Image Namespace   | The registry namespace of openstack kolla image | `kolla-helm`            |
+| `openstackTag`   | Openstack version | The openstack version                           | `yoga`                  |
+| `pullPolicy`     | Pull Policy       | The image pull policy                           | `IfNotPresent`          |
 
 
 ### Ingress parameters
@@ -99,6 +116,13 @@ type: Opaque
 | `memcached.enabled`      | Memcached  | Whether or not deploy memcached | `true`  |
 | `memcached.service.port` |            | Memcached service port          | `11211` |
 
+### Ceph parameters
+
+| Name                         | Form title                       | Description                     | Value   |
+| ---------------------------- | -------------------------------- | ------------------------------- | --------------- |
+| `ceph.enabled`               | ceph                             | Whether or not deploy ceph      | `true`          |
+| `ceph.cephClusterNamespace`  | Rook Ceph Cluster Namespace      | The k8s namespace of rook       | `rook-ceph`     |
+| `ceph.cephClusterName`       | Rook Ceph Cluster Name           | The rook cephcluster            | `rook-ceph`     |
 
 [mariadb]: https://github.com/bitnami/charts/tree/master/bitnami/mariadb
 [rabbitmq]: https://github.com/bitnami/charts/tree/master/bitnami/rabbitmq

diff --git a/charts/openstack-dep/templates/_helpers.tpl b/charts/openstack-dep/templates/_helpers.tpl
@@ -118,3 +118,19 @@ Return the memcached connInfo
     {{- $memcachedPort := (include "openstack.cachePort" . | int) }}
     {{- printf "%s:%d" $memcachedHost $memcachedPort }}
 {{- end -}}
+
+{{- define "common.template" -}}
+{{- $name := index . 0 -}}
+{{- $context := index . 1 -}}
+{{- $last := base $context.Template.Name }}
+{{- $wtf := $context.Template.Name | replace $last $name -}}
+{{ include $wtf $context }}
+{{- end -}}
+
+{{/*
+Return the sync endpoint image name
+*/}}
+{{- define "sync.endpoint.image" -}}
+{{- $repository := "ubuntu-source-kolla-toolbox" -}}
+{{- printf "%s/%s/%s:%s" .Values.imageRegistry .Values.imageNamespace $repository .Values.openstackTag }}
+{{- end -}}
diff --git a/charts/openstack-dep/templates/bin/_sync-ceph-endpoint.py.tpl b/charts/openstack-dep/templates/bin/_sync-ceph-endpoint.py.tpl
@@ -0,0 +1,88 @@
+import logging
+import requests
+import os
+import sys
+
+
+KUBE_HOST = None
+KUBE_CERT = '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
+KUBE_TOKEN = None
+NAMESPACE = os.environ['KUBERNETES_NAMESPACE']
+ROOK_CEPH_CLUSTER_NAMESPACE = os.getenv('ROOK_CEPH_CLUSTER_NAMESPACE', None)
+ROOK_CEPH_MON_ENDPOINTS_CONFIGMAP = os.getenv('ROOK_CEPH_MON_ENDPOINTS_CONFIGMAP', None)
+OS_CEPH_MON_CONFIGMAP = os.getenv('OS_CEPH_MON_CONFIGMAP', None)
+
+LOG_DATEFMT = "%Y-%m-%d %H:%M:%S"
+LOG_FORMAT = "%(asctime)s.%(msecs)03d - %(levelname)s - %(message)s"
+logging.basicConfig(format=LOG_FORMAT, datefmt=LOG_DATEFMT)
+LOG = logging.getLogger(__name__)
+LOG.setLevel(logging.INFO)
+
+
+def read_kube_config():
+    global KUBE_HOST, KUBE_TOKEN
+    KUBE_HOST = "https://%s:%s" % ('kubernetes.default',
+                                    os.environ['KUBERNETES_SERVICE_PORT'])
+    with open('/var/run/secrets/kubernetes.io/serviceaccount/token', 'r') as f:
+        KUBE_TOKEN = f.read()
+
+
+def get_rook_configmap(name):
+    url = '%s/api/v1/namespaces/%s/configmaps/%s' % (KUBE_HOST,
+                                                        ROOK_CEPH_CLUSTER_NAMESPACE,
+                                                        name)
+    resp = requests.get(url,
+                        headers={'Authorization': 'Bearer %s' % KUBE_TOKEN},
+                        verify=KUBE_CERT)
+    if resp.status_code != 200:
+        LOG.error('Cannot get configmap %s.', name)
+        LOG.error(resp.text)
+        return None
+    LOG.info('Request rook namespaces configmaps url %s.', url)
+    return resp.json()
+
+
+def get_self_configmap(name):
+    url = '%s/api/v1/namespaces/%s/configmaps/%s' % (KUBE_HOST,
+                                                        NAMESPACE,
+                                                        name)
+    resp = requests.get(url,
+                        headers={'Authorization': 'Bearer %s' % KUBE_TOKEN},
+                        verify=KUBE_CERT)
+    if resp.status_code != 200:
+        LOG.error('Cannot get configmap %s.', name)
+        LOG.error(resp.text)
+        return None
+    LOG.info('Request configmaps url %s.', url)
+    return resp.json()
+
+
+def update_configmap(configmap):
+    url = '%s/api/v1/namespaces/%s/configmaps/%s' % (KUBE_HOST,
+                                                        NAMESPACE,
+                                                        OS_CEPH_MON_CONFIGMAP)
+    resp = requests.put(url,
+                        json=configmap,
+                        headers={'Authorization': 'Bearer %s' % KUBE_TOKEN},
+                        verify=KUBE_CERT)
+    if resp.status_code != 200:
+        LOG.error(resp.text)
+        LOG.error("Update configmap failed!")
+        return False
+    LOG.info("Update configmap success!")
+    return True
+
+
+def main():
+    read_kube_config()
+    rook_cm = get_rook_configmap(ROOK_CEPH_MON_ENDPOINTS_CONFIGMAP)
+
+    self_cm = get_self_configmap(OS_CEPH_MON_CONFIGMAP)
+    self_cm['data'] = rook_cm['data']
+
+    if not update_configmap(self_cm):
+        sys.exit(1)
+
+
+if __name__ == "__main__":
+    main()
diff --git a/charts/openstack-dep/templates/configmap.yaml b/charts/openstack-dep/templates/configmap.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.ceph.enabled -}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "ceph-monitor-endpoints"
+  namespace: {{ .Release.Namespace }}
+data:
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "sync-ceph-endpoint-cm"
+  namespace: {{ .Release.Namespace }}
+data:
+  sync-ceph-endpoint.py: |
+{{ tuple "bin/_sync-ceph-endpoint.py.tpl" . | include "common.template" | indent 4 }}
+{{- end }}
diff --git a/charts/openstack-dep/templates/job-sync-rook-ceph-endpoint.yaml b/charts/openstack-dep/templates/job-sync-rook-ceph-endpoint.yaml
@@ -0,0 +1,44 @@
+{{- if .Values.ceph.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: sync-rook-ceph-endpoint
+  namespace: {{ .Release.Namespace }}
+spec:
+  template:
+    spec:
+      activeDeadlineSeconds: 100
+      containers:
+        - name: sync-rook-ceph-endpoint
+          image: {{ template "sync.endpoint.image" . }}
+          imagePullPolicy: IfNotPresent
+          command:
+            - /bin/sh
+            - -c
+            - python /tmp/sync-ceph-endpoint.py
+          env:
+            - name: KUBERNETES_NAMESPACE
+              value: {{ .Release.Namespace }}
+            - name: ROOK_CEPH_CLUSTER_NAMESPACE
+              value: {{ .Values.ceph.cephClusterNamespace }}
+            - name: ROOK_CEPH_MON_ENDPOINTS_CONFIGMAP
+              value:  {{ printf "%s-mon-endpoints" .Values.ceph.cephClusterName }}
+            - name: OS_CEPH_MON_CONFIGMAP
+              value: "ceph-monitor-endpoints"
+          volumeMounts:
+          - mountPath: /tmp
+            name: pod-tmp
+          - mountPath: /tmp/sync-ceph-endpoint.py
+            name: sync-ceph-endpoint-cm
+            subPath: sync-ceph-endpoint.py
+      restartPolicy: OnFailure
+      serviceAccount: {{ .Values.serviceAccountName }}
+      serviceAccountName: {{ .Values.serviceAccountName }}
+      volumes:
+        - emptyDir: {}
+          name: pod-tmp
+        - name: sync-ceph-endpoint-cm
+          configMap:
+            defaultMode: 0755
+            name: sync-ceph-endpoint-cm
+{{- end }}
diff --git a/charts/openstack-dep/templates/rbac.yaml b/charts/openstack-dep/templates/rbac.yaml
@@ -0,0 +1,75 @@
+
+{{- if .Values.ceph.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccountName }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Values.serviceAccountName }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+rules:
+- apiGroups:
+  - ""
+  - extensions
+  - batch
+  - apps
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - create
+  - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Values.serviceAccountName }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ .Values.serviceAccountName }}
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccountName }}
+  namespace: {{ .Release.Namespace | quote }}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.serviceAccountName }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - ""
+      - apps
+      - extensions
+    resources:
+      - configmaps
+    verbs:
+      - get
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.serviceAccountName }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.serviceAccountName }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccountName }}
+    namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/charts/openstack-dep/values.yaml b/charts/openstack-dep/values.yaml
@@ -14,6 +14,20 @@
 ## @param clusterDomainSuffix [t#Cluser domain suffix] The domain suffix of of the current k8s cluser
 clusterDomainSuffix: cluster.local
 
+## @section Deployment Parameters
+## @param serviceAccountName ServiceAccount name
+serviceAccountName: openstack-dep
+
+## @section Image Parameters
+## @param imageRegistry [t#Image Registry] The registry address of openstack kolla image
+imageRegistry: "registry.aliyuncs.com"
+## @param imageNamespace [t#Image Namespace] The registry namespace of openstack kolla image
+imageNamespace: "kolla-helm"
+## @param openstackTag [t#Openstack version] The openstack version
+openstackTag: "yoga"
+## @param pullPolicy [t#Pull Policy] The image pull policy
+pullPolicy: "IfNotPresent"
+
 ## @section Ingress parameters
 ## nginx-ingress-controller chart configuration
 ## ref: https://github.com/bitnami/charts/blob/master/bitnami/nginx-ingress-controller/values.yaml
@@ -125,3 +139,12 @@ memcached:
   service:
     ## @param memcached.service.port Memcached service port
     port: 11211
+
+## Ceph configuration
+ceph:
+  ## @param ceph.enabled [t#Enable Ceph] Whether or not enable ceph backend
+  enabled: true
+  ## @param ceph.cephClusterNamespace [t#Rook Ceph Cluster Namespace] The k8s namespace of rook cephcluster
+  cephClusterNamespace: rook-ceph
+  ## @param ceph.cephClusterName [t#Rook Ceph Cluster Name] The rook cephcluster name
+  cephClusterName: rook-ceph