From 608d75ec8db678cb69b7fad6f66b17a37442cb41 Mon Sep 17 00:00:00 2001 From: Steve Wilkerson Date: Fri, 13 Sep 2019 11:17:11 -0500 Subject: [PATCH] Add zookeeper chart to osh-infra This proposes adding a zookeeper chart to osh-infra that aligns with the design patterns laid out by the other charts in osh-infra and osh. Change-Id: I25edc58fc951e7f81f7275ade6cf9c97e0afae02 Signed-off-by: Steve Wilkerson Co-Authored-By: Steven Fitzpatrick --- tools/deployment/common/zookeeper.sh | 44 ++++ tools/deployment/multinode/160-zookeeper.sh | 1 + zookeeper/Chart.yaml | 24 ++ zookeeper/requirements.yaml | 18 ++ zookeeper/templates/bin/_generate-myid.sh.tpl | 30 +++ .../templates/bin/_zookeeper-probe.sh.tpl | 21 ++ zookeeper/templates/bin/_zookeeper.sh.tpl | 25 ++ zookeeper/templates/configmap-bin.yaml | 35 +++ zookeeper/templates/configmap-etc.yaml | 28 ++ zookeeper/templates/ingress-zookeeper.yaml | 20 ++ zookeeper/templates/job-image-repo-sync.yaml | 20 ++ zookeeper/templates/network_policy.yaml | 19 ++ zookeeper/templates/secret-ingress-tls.yaml | 19 ++ zookeeper/templates/secret-zookeeper.yaml | 29 ++ zookeeper/templates/service-discovery.yaml | 40 +++ .../templates/service-ingress-zookeeper.yaml | 20 ++ zookeeper/templates/service.yaml | 46 ++++ zookeeper/templates/statefulset.yaml | 225 ++++++++++++++++ zookeeper/values.yaml | 247 ++++++++++++++++++ zuul.d/jobs.yaml | 1 + zuul.d/project.yaml | 11 +- 21 files changed, 918 insertions(+), 5 deletions(-) create mode 100755 tools/deployment/common/zookeeper.sh create mode 120000 tools/deployment/multinode/160-zookeeper.sh create mode 100644 zookeeper/Chart.yaml create mode 100644 zookeeper/requirements.yaml create mode 100644 zookeeper/templates/bin/_generate-myid.sh.tpl create mode 100644 zookeeper/templates/bin/_zookeeper-probe.sh.tpl create mode 100644 zookeeper/templates/bin/_zookeeper.sh.tpl create mode 100644 zookeeper/templates/configmap-bin.yaml create mode 100644 zookeeper/templates/configmap-etc.yaml create mode 100644 zookeeper/templates/ingress-zookeeper.yaml create mode 100644 zookeeper/templates/job-image-repo-sync.yaml create mode 100644 zookeeper/templates/network_policy.yaml create mode 100644 zookeeper/templates/secret-ingress-tls.yaml create mode 100644 zookeeper/templates/secret-zookeeper.yaml create mode 100644 zookeeper/templates/service-discovery.yaml create mode 100644 zookeeper/templates/service-ingress-zookeeper.yaml create mode 100644 zookeeper/templates/service.yaml create mode 100644 zookeeper/templates/statefulset.yaml create mode 100644 zookeeper/values.yaml diff --git a/tools/deployment/common/zookeeper.sh b/tools/deployment/common/zookeeper.sh new file mode 100755 index 000000000..2c03710c1 --- /dev/null +++ b/tools/deployment/common/zookeeper.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +#NOTE: Lint and package chart +make zookeeper + +#NOTE: Deploy command +helm upgrade --install zookeeper ./zookeeper \ + --namespace=osh-infra + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh osh-infra + +#NOTE: Validate Deployment info +helm status zookeeper + +#NOTE: Sleep for 60 seconds to allow leader election to complete +sleep 60 + +#NOTE: Create arbitrary znode +ZOO_POD=$(kubectl -n osh-infra get pods -l='application=zookeeper,component=server' --output=jsonpath='{.items[0].metadata.name}') +kubectl exec $ZOO_POD -n osh-infra -- bash bin/zkCli.sh -server localhost:2181 create /OSHZnode “osh-infra_is_awesome” + +#NOTE: Sleep for 10 seconds to ensure replication across members +sleep 10 + +#NOTE: Query separate zookeeper instance for presence of znode +ZOO_POD=$(kubectl -n osh-infra get pods -l='application=zookeeper,component=server' --output=jsonpath='{.items[2].metadata.name}') +kubectl exec $ZOO_POD -n osh-infra -- bash bin/zkCli.sh -server localhost:2181 stat /OSHZnode diff --git a/tools/deployment/multinode/160-zookeeper.sh b/tools/deployment/multinode/160-zookeeper.sh new file mode 120000 index 000000000..69bcd4139 --- /dev/null +++ b/tools/deployment/multinode/160-zookeeper.sh @@ -0,0 +1 @@ +../common/zookeeper.sh \ No newline at end of file diff --git a/zookeeper/Chart.yaml b/zookeeper/Chart.yaml new file mode 100644 index 000000000..384ee80aa --- /dev/null +++ b/zookeeper/Chart.yaml @@ -0,0 +1,24 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: OpenStack-Helm Zookeeper +name: zookeeper +version: 0.1.0 +home: https://zookeeper.apache.org/ +sources: + - https://github.com/apache/zookeeper + - https://opendev.org/openstack/openstack-helm-infra +maintainers: + - name: OpenStack-Helm Authors diff --git a/zookeeper/requirements.yaml b/zookeeper/requirements.yaml new file mode 100644 index 000000000..e69c985d8 --- /dev/null +++ b/zookeeper/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/zookeeper/templates/bin/_generate-myid.sh.tpl b/zookeeper/templates/bin/_generate-myid.sh.tpl new file mode 100644 index 000000000..37ccb57a8 --- /dev/null +++ b/zookeeper/templates/bin/_generate-myid.sh.tpl @@ -0,0 +1,30 @@ +#!/bin/bash + +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +HOST=$(hostname) +ID_FILE="$ZOO_DATA_DIR/myid" + +if [[ $HOST =~ (.*)-([0-9]+)$ ]]; then + NAME=${BASH_REMATCH[1]} + ORD=${BASH_REMATCH[2]} + MY_ID=$((ORD+1)) + echo $MY_ID > $ID_FILE +else + echo "Failed to extract ordinal from hostname $HOST" + exit 1 +fi diff --git a/zookeeper/templates/bin/_zookeeper-probe.sh.tpl b/zookeeper/templates/bin/_zookeeper-probe.sh.tpl new file mode 100644 index 000000000..776a4e95f --- /dev/null +++ b/zookeeper/templates/bin/_zookeeper-probe.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/sh + +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +echo ruok | nc 127.0.0.1 ${ZOO_CLIENT_PORT} diff --git a/zookeeper/templates/bin/_zookeeper.sh.tpl b/zookeeper/templates/bin/_zookeeper.sh.tpl new file mode 100644 index 000000000..ec86cb7aa --- /dev/null +++ b/zookeeper/templates/bin/_zookeeper.sh.tpl @@ -0,0 +1,25 @@ +#!/bin/bash + +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +COMMAND="${@:-start}" + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/zookeeper/templates/configmap-bin.yaml b/zookeeper/templates/configmap-bin.yaml new file mode 100644 index 000000000..4a9869047 --- /dev/null +++ b/zookeeper/templates/configmap-bin.yaml @@ -0,0 +1,35 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: zookeeper-bin +data: + zookeeper.sh: | +{{ tuple "bin/_zookeeper.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + generate-myid.sh: | +{{ tuple "bin/_generate-myid.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + zookeeper-liveness.sh: | +{{ tuple "bin/_zookeeper-probe.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + zookeeper-readiness.sh: | +{{ tuple "bin/_zookeeper-probe.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + image-repo-sync.sh: | +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} diff --git a/zookeeper/templates/configmap-etc.yaml b/zookeeper/templates/configmap-etc.yaml new file mode 100644 index 000000000..84a7ae907 --- /dev/null +++ b/zookeeper/templates/configmap-etc.yaml @@ -0,0 +1,28 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_etc }} +{{- $envAll := . }} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: zookeeper-etc +type: Opaque +data: +{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.zookeeper.template "key" "zoo.cfg" "format" "Secret") | indent 2 }} +{{- end }} diff --git a/zookeeper/templates/ingress-zookeeper.yaml b/zookeeper/templates/ingress-zookeeper.yaml new file mode 100644 index 000000000..1ba8cfd66 --- /dev/null +++ b/zookeeper/templates/ingress-zookeeper.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.ingress .Values.network.zookeeper.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendService" "zookeeper" "backendServiceType" "zookeeper" "backendPort" "client" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} diff --git a/zookeeper/templates/job-image-repo-sync.yaml b/zookeeper/templates/job-image-repo-sync.yaml new file mode 100644 index 000000000..a9472f9ef --- /dev/null +++ b/zookeeper/templates/job-image-repo-sync.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} +{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "zookeeper" -}} +{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} +{{- end }} diff --git a/zookeeper/templates/network_policy.yaml b/zookeeper/templates/network_policy.yaml new file mode 100644 index 000000000..9d1439941 --- /dev/null +++ b/zookeeper/templates/network_policy.yaml @@ -0,0 +1,19 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. */}} + +{{- if .Values.manifests.network_policy -}} +{{- $netpol_opts := dict "envAll" . "name" "application" "label" "zookeeper" -}} +{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }} +{{- end -}} diff --git a/zookeeper/templates/secret-ingress-tls.yaml b/zookeeper/templates/secret-ingress-tls.yaml new file mode 100644 index 000000000..84d785283 --- /dev/null +++ b/zookeeper/templates/secret-ingress-tls.yaml @@ -0,0 +1,19 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_ingress_tls }} +{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "zookeeper" "backendService" "zookeeper" ) }} +{{- end }} diff --git a/zookeeper/templates/secret-zookeeper.yaml b/zookeeper/templates/secret-zookeeper.yaml new file mode 100644 index 000000000..b1d9d7931 --- /dev/null +++ b/zookeeper/templates/secret-zookeeper.yaml @@ -0,0 +1,29 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_zookeeper }} +{{- $envAll := . }} +{{- $secretName := index $envAll.Values.secrets.zookeeper.admin }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + ZOOKEEPER_ADMIN_USERNAME: {{ .Values.endpoints.zookeeper.auth.admin.username | b64enc }} + ZOOKEEPER_ADMIN_PASSWORD: {{ .Values.endpoints.zookeeper.auth.admin.password | b64enc }} +{{- end }} diff --git a/zookeeper/templates/service-discovery.yaml b/zookeeper/templates/service-discovery.yaml new file mode 100644 index 000000000..6dfddfb7b --- /dev/null +++ b/zookeeper/templates/service-discovery.yaml @@ -0,0 +1,40 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_discovery }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "zookeeper" "discovery" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + labels: +{{ tuple $envAll "zookeeper" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + ports: + - name: client + targetPort: client + port: {{ tuple "zookeeper" "internal" "client" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + - name: election + targetPort: election + port: {{ tuple "zookeeper" "internal" "election" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + - name: server + targetPort: server + port: {{ tuple "zookeeper" "internal" "server" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + clusterIP: None + selector: +{{ tuple $envAll "zookeeper" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- end }} diff --git a/zookeeper/templates/service-ingress-zookeeper.yaml b/zookeeper/templates/service-ingress-zookeeper.yaml new file mode 100644 index 000000000..28253ebe6 --- /dev/null +++ b/zookeeper/templates/service-ingress-zookeeper.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.service_ingress .Values.network.zookeeper.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "zookeeper" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} +{{- end }} diff --git a/zookeeper/templates/service.yaml b/zookeeper/templates/service.yaml new file mode 100644 index 000000000..2da890769 --- /dev/null +++ b/zookeeper/templates/service.yaml @@ -0,0 +1,46 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "zookeeper" "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + labels: +{{ tuple $envAll "zookeeper" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + ports: + - name: client + port: {{ tuple "zookeeper" "internal" "client" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{ if .Values.network.zookeeper.node_port.enabled }} + nodePort: {{ .Values.network.zookeeper.node_port.port }} + {{ end }} +{{- if .Values.monitoring.prometheus.zookeeper.scrape }} + - name: zoo-exporter + port: {{ tuple "zookeeper" "internal" "zookeeper_exporter" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- end }} +{{- if .Values.monitoring.prometheus.jmx.scrape }} + - name: jmx-exporter + port: {{ tuple "zookeeper" "internal" "jmx_exporter" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- end }} + selector: +{{ tuple $envAll "zookeeper" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.zookeeper.node_port.enabled }} + type: NodePort + {{ end }} +{{- end }} diff --git a/zookeeper/templates/statefulset.yaml b/zookeeper/templates/statefulset.yaml new file mode 100644 index 000000000..c39ff7f08 --- /dev/null +++ b/zookeeper/templates/statefulset.yaml @@ -0,0 +1,225 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.statefulset }} +{{- $envAll := . }} + +{{- $mounts_zookeeper := .Values.pod.mounts.zookeeper.zookeeper }} +{{- $mounts_zookeeper_init := .Values.pod.mounts.zookeeper.init_container }} +{{- $zookeeperUserSecret := .Values.secrets.zookeeper.admin }} + +{{- $serviceAccountName := printf "%s-%s" .Release.Name "zookeeper" }} +{{ tuple $envAll "zookeeper" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: {{ $serviceAccountName }} +rules: + - apiGroups: + - "" + resources: + - nodes + - nodes/proxy + - services + - endpoints + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - nonResourceURLs: + - "/metrics" + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ $serviceAccountName }} +subjects: + - kind: ServiceAccount + name: {{ $serviceAccountName }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ $serviceAccountName }} + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: zookeeper + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "zookeeper" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + serviceName: {{ tuple "zookeeper" "discovery" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + replicas: {{ .Values.pod.replicas.zookeeper }} + podManagementPolicy: Parallel + selector: + matchLabels: +{{ tuple $envAll "zookeeper" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} + template: + metadata: + labels: +{{ tuple $envAll "zookeeper" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: +{{ dict "envAll" $envAll "application" "zookeeper" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "zookeeper" "zookeeper" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.zookeeper.node_selector_key }}: {{ .Values.labels.zookeeper.node_selector_value | quote }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.zookeeper.timeout | default "30" }} + initContainers: +{{ tuple $envAll "zookeeper" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + - name: zookeeper-perms +{{ tuple $envAll "zookeeper" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.zookeeper | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "zookeeper" "container" "zookeeper_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - chown + - -R + - "zookeeper:" + - {{ .Values.conf.zookeeper.config.data_directory }} + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: data + mountPath: {{ .Values.conf.zookeeper.config.data_directory }} + - name: zookeeper-id +{{ tuple $envAll "zookeeper" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.zookeeper | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "zookeeper" "container" "zookeeper_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/generate-myid.sh + env: + - name: ZOO_DATA_DIR + value: "{{ .Values.conf.zookeeper.config.data_directory }}" + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: zookeeper-bin + mountPath: /tmp/generate-myid.sh + subPath: generate-myid.sh + readOnly: true + - name: data + mountPath: {{ .Values.conf.zookeeper.config.data_directory }} + containers: + - name: zookeeper +{{ tuple $envAll "zookeeper" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.zookeeper | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "zookeeper" "container" "zookeeper" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + lifecycle: + preStop: + exec: + command: + - /tmp/zookeeper.sh + - stop + ports: + - name: client + containerPort: {{ tuple "zookeeper" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + - name: election + containerPort: {{ tuple "zookeeper" "internal" "election" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + - name: server + containerPort: {{ tuple "zookeeper" "internal" "server" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + env: + - name: ZOO_DATA_DIR + value: "{{ .Values.conf.zookeeper.config.data_directory }}" + - name: ZOO_CLIENT_PORT + value: "{{ tuple "zookeeper" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}" + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 2 + successThreshold: 1 + exec: + command: + - /tmp/zookeeper-readiness.sh + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 2 + successThreshold: 1 + exec: + command: + - /tmp/zookeeper-liveness.sh + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: etczookeeper + mountPath: /etc/zookeeper + - name: zookeeper-etc + mountPath: /conf/zoo.cfg + subPath: zoo.cfg + - name: zookeeper-bin + mountPath: /tmp/zookeeper.sh + subPath: zookeeper.sh + readOnly: true + - name: zookeeper-bin + mountPath: /tmp/zookeeper-liveness.sh + subPath: zookeeper-liveness.sh + readOnly: true + - name: zookeeper-bin + mountPath: /tmp/zookeeper-readiness.sh + subPath: zookeeper-readiness.sh + readOnly: true + - name: data + mountPath: {{ .Values.conf.zookeeper.config.data_directory }} +{{ if $mounts_zookeeper.volumeMounts }}{{ toYaml $mounts_zookeeper.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: etczookeeper + emptyDir: {} + - name: zookeeper-etc + secret: + secretName: zookeeper-etc + defaultMode: 0444 + - name: zookeeper-bin + configMap: + name: zookeeper-bin + defaultMode: 0555 +{{ if $mounts_zookeeper.volumes }}{{ toYaml $mounts_zookeeper.volumes | indent 8 }}{{ end }} +{{- if not .Values.storage.enabled }} + - name: data + emptyDir: {} +{{- else }} + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: {{ .Values.storage.pvc.access_mode }} + resources: + requests: + storage: {{ .Values.storage.requests.storage }} + storageClassName: {{ .Values.storage.storage_class }} +{{- end }} +{{- end }} diff --git a/zookeeper/values.yaml b/zookeeper/values.yaml new file mode 100644 index 000000000..ac527cc8c --- /dev/null +++ b/zookeeper/values.yaml @@ -0,0 +1,247 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for zookeeper. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +images: + tags: + zookeeper: docker.io/zookeeper:3.5.5 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 + image_repo_sync: docker.io/docker:17.07.0 + pull_policy: IfNotPresent + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +labels: + zookeeper: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +pod: + security_context: + zookeeper: + pod: + runAsUser: 1000 + fsGroup: 1000 + container: + zookeeper_perms: + runAsUser: 0 + fsGroup: 1000 + readOnlyRootFilesystem: false + zookeeper: + runAsUser: 1000 + fsGroup: 1000 + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + weight: + default: 10 + mounts: + zookeeper: + zookeeper: + init_container: null + replicas: + zookeeper: 3 + lifecycle: + upgrades: + statefulsets: + pod_replacement_strategy: RollingUpdate + termination_grace_period: + zookeeper: + timeout: 30 + resources: + enabled: false + zookeeper: + limits: + memory: "1024Mi" + cpu: "2000m" + requests: + memory: "128Mi" + cpu: "500m" + jobs: + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + zookeeper: + name: zookeeper + namespace: null + auth: + admin: + username: admin + password: changeme + hosts: + default: zookeeper-int + discovery: zookeeper-discovery + public: zookeeper + host_fqdn_override: + default: null + # NOTE(srwilkers): this chart supports TLS for fqdn over-ridden public + # endpoints using the following format: + # public: + # host: null + # tls: + # crt: null + # key: null + path: + default: null + scheme: + default: 'http' + port: + client: + default: 2181 + election: + default: 3888 + server: + default: 2888 + jmx_exporter: + default: 9404 + zookeeper_exporter: + default: 9141 + +dependencies: + dynamic: + common: + local_image_registry: + jobs: + - zookeeper-image-repo-sync + services: + - endpoint: node + service: local_image_registry + static: + image_repo_sync: + services: + - endpoint: internal + service: local_image_registry + zookeeper: + services: null + +monitoring: + prometheus: + enabled: true + zookeeper: + scrape: true + jmx: + scrape: true + +network: + zookeeper: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/session-cookie-name: kube-ingress-session-zookeeper + nginx.ingress.kubernetes.io/session-cookie-hash: sha1 + nginx.ingress.kubernetes.io/session-cookie-expires: "600" + nginx.ingress.kubernetes.io/session-cookie-max-age: "600" + node_port: + enabled: false + port: 30981 + +network_policy: + zookeeper: + ingress: + - {} + egress: + - {} + +secrets: + tls: + zookeeper: + zookeeper: + public: zookeeper-tls-public + zookeeper: + admin: zookeeper-admin-creds + +storage: + enabled: true + pvc: + name: zookeeper-pvc + access_mode: [ "ReadWriteOnce" ] + requests: + storage: 5Gi + storage_class: general + +manifests: + configmap_bin: true + configmap_etc: true + ingress: true + job_image_repo_sync: true + network_policy: false + secret_ingress_tls: true + secret_kafka: true + secret_zookeeper: true + service_discovery: true + service_ingress: true + service: true + statefulset: true + +conf: + zookeeper: + config: + data_directory: /var/lib/zookeeper/data + data_log_directory: /var/lib/zookeeper/data/datalog + log_directory: /var/lib/zookeeper/data/logs + template: | + {{- $domain := tuple "zookeeper" "discovery" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} + {{- $electionPort := tuple "zookeeper" "internal" "election" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- $clientPort := tuple "zookeeper" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- $serverPort := tuple "zookeeper" "internal" "server" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + tickTime=2000 + dataDir={{ .Values.conf.zookeeper.config.data_directory }} + dataLogDir={{ .Values.conf.zookeeper.config.data_log_directory }} + logDir={{ .Values.conf.zookeeper.config.log_directory }} + electionPort={{ $electionPort }} + serverPort={{ $serverPort }} + maxClientCnxns=10 + initLimit=15 + syncLimit=5 + {{- range $podInt := until ( atoi (print .Values.pod.replicas.zookeeper ) ) }} + {{- $ensembleCount := add $podInt 1 }} + server.{{$ensembleCount}}=zookeeper-{{$podInt}}.{{$domain}}:{{$serverPort}}:{{$electionPort}}:participant;{{$clientPort}} + {{- end }} diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 4b49ffd63..208204746 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -66,6 +66,7 @@ - ./tools/deployment/multinode/130-fluentd-daemonset.sh - ./tools/deployment/multinode/135-fluentd-deployment.sh - ./tools/deployment/multinode/140-kibana.sh + - ./tools/deployment/multinode/160-zookeeper.sh - ./tools/deployment/multinode/600-grafana-selenium.sh || true - ./tools/deployment/multinode/610-nagios-selenium.sh || true - ./tools/deployment/multinode/620-prometheus-selenium.sh || true diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 978fac719..2d76ace30 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -53,8 +53,9 @@ #- openstack-helm-infra-five-fedora # NOTE(srwilkers): Disable centos experimental jobs until issues resolved #- openstack-helm-infra-five-centos - - openstack-helm-infra-tenant-ceph - - openstack-helm-infra-elastic-beats - - openstack-helm-infra-armada-deploy - - openstack-helm-infra-armada-update-uuid - - openstack-helm-infra-armada-update-passwords + - openstack-helm-infra-five-ubuntu + # - openstack-helm-infra-tenant-ceph + # - openstack-helm-infra-elastic-beats + # - openstack-helm-infra-armada-deploy + # - openstack-helm-infra-armada-update-uuid + # - openstack-helm-infra-armada-update-passwords