openstack/openstack-helm
Code Issues Proposed changes

feature: Add Blazar Chart

Browse Source 
This patch set adds blazar chart to OpenStack-Helm.

Change-Id: If83a0af53426b95bb144fc3d5764a5c177567881
Signed-off-by: Nitin Gupta <nitin291989@gmail.com>
This commit is contained in:
Nitin Gupta
2025-08-06 08:36:10 -06:00
parent 41fa9496ac
commit e1bd0b20d3
38 changed files with 2456 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
blazar/Chart.yaml Normal file
View File

@@ -0,0 +1,35 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
apiVersion: v2
appVersion: v1.0.0
description: OpenStack Resource Reservation Service
name: blazar
type: application
version: 2025.1.0
home: https://docs.openstack.org/blazar/
icon: https://openmetal.io/wp-content/uploads/2024/10/OpenStack_Project_Blazar-300x300.jpg
sources:
- https://opendev.org/openstack/blazar
keywords:
- openstack
- reservation
- helm
maintainers:
- name: OpenStack Helm Team
email: openstack-helm@lists.openstack.org
dependencies:
- name: helm-toolkit
repository: file://../helm-toolkit
version: ">= 0.1.0"
...

29
blazar/templates/bin/_blazar_api.sh.tpl Normal file
View File

@@ -0,0 +1,29 @@
#!/bin/bash
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
COMMAND="${@:-start}"
function start () {
exec blazar-api \
--config-file /etc/blazar/blazar.conf
}
function stop () {
kill -TERM 1
}
$COMMAND

20
blazar/templates/bin/_blazar_manager.sh.tpl Normal file
View File

@@ -0,0 +1,20 @@
#!/bin/bash
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
exec blazar-manager \
--config-file /etc/blazar/blazar.conf

21
blazar/templates/bin/_db-sync.sh.tpl Normal file
View File

@@ -0,0 +1,21 @@
#!/bin/bash
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
blazar-db-manage \
--config-file /etc/blazar/blazar.conf \
upgrade head

50
blazar/templates/configmap-bin.yaml Normal file
View File

@@ -0,0 +1,50 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_bin }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: blazar-bin
data:
{{- if .Values.images.local_registry.active }}
image-repo-sync.sh: |
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
{{- end }}
rally-test.sh: |
{{ tuple .Values.conf.rally_tests | include "helm-toolkit.scripts.rally_test" | indent 4 }}
db-init.py: |
{{- include "helm-toolkit.scripts.db_init" . | indent 4 }}
db-sync.sh: |
{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
db-drop.py: |
{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }}
blazar-api.sh: |
{{ tuple "bin/_blazar_api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
blazar-manager.sh: |
{{ tuple "bin/_blazar_manager.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ks-service.sh: |
{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }}
ks-endpoints.sh: |
{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
ks-user.sh: |
{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
{{- if .Values.manifests.job_rabbit_init }}
rabbit-init.sh: |
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
{{- end }}
{{- end }}
...

109
blazar/templates/configmap-etc.yaml Normal file
View File

@@ -0,0 +1,109 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if (.Values.global).subchart_release_name }}
{{- $_ := set . "deployment_name" .Chart.Name }}
{{- else }}
{{- $_ := set . "deployment_name" .Release.Name }}
{{- end }}
{{- define "blazar.configmap.etc" }}
{{- $configMapName := index . 0 }}
{{- $envAll := index . 1 }}
{{- with $envAll }}
{{- if empty .Values.conf.blazar.keystone_authtoken.auth_uri -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.blazar.keystone_authtoken "auth_uri" -}}
{{- end -}}
{{- if empty .Values.conf.blazar.keystone_authtoken.auth_url -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.blazar.keystone_authtoken "auth_url" -}}
{{- end -}}
{{- if empty .Values.conf.blazar.keystone_authtoken.memcached_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.blazar.keystone_authtoken "memcached_servers" -}}
{{- end -}}
{{- if empty .Values.conf.blazar.keystone_authtoken.memcache_secret_key -}}
{{- $_ := set .Values.conf.blazar.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if empty .Values.conf.blazar.database.connection -}}
{{- $_ := tuple "oslo_db" "internal" "blazar" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.blazar.database "connection" -}}
{{- end -}}
{{- if empty .Values.conf.blazar.DEFAULT.transport_url -}}
{{- $_ := tuple "oslo_messaging" "internal" "blazar" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.blazar.DEFAULT "transport_url" -}}
{{- end -}}
{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .Release.Name $fluentd_host $fluentd_port }}
{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}}
{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}}
{{- end -}}
{{- if and (empty .Values.conf.logging.formatter_fluent) (has "fluent" .Values.conf.logging.formatters.keys) -}}
{{- $formatter_fluent := dict "class" "oslo_log.formatters.FluentFormatter" -}}
{{- $_ := set .Values.conf.logging "formatter_fluent" $formatter_fluent -}}
{{- end -}}
{{- if empty .Values.conf.blazar.oslo_messaging_notifications.transport_url -}}
{{- $_ := tuple "oslo_messaging" "internal" "blazar" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.blazar.oslo_messaging_notifications "transport_url" -}}
{{- end -}}
{{/*
Openstack auth
*/}}
{{- if empty .Values.conf.blazar.DEFAULT.os_auth_host -}}
{{- $_ := tuple "identity" "internal" . | include "helm-toolkit.endpoints.endpoint_host_lookup" | set .Values.conf.blazar.DEFAULT "os_auth_host" -}}
{{- end -}}
{{- if empty .Values.conf.blazar.DEFAULT.os_auth_port -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.blazar.DEFAULT "os_auth_port" -}}
{{- end -}}
{{- if empty .Values.conf.blazar.DEFAULT.os_auth_protocol -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | set .Values.conf.blazar.DEFAULT "os_auth_protocol" -}}
{{- end -}}
{{- if empty .Values.conf.blazar.DEFAULT.os_region_name -}}
{{- $_ := set .Values.conf.blazar.DEFAULT "os_region_name" .Values.endpoints.identity.auth.admin.region_name -}}
{{- end -}}
{{- if empty .Values.conf.blazar.DEFAULT.os_admin_project_name -}}
{{- $_ := set .Values.conf.blazar.DEFAULT "os_admin_project_name" .Values.endpoints.identity.auth.admin.project_name -}}
{{- end -}}
{{- if empty .Values.conf.blazar.DEFAULT.os_admin_project_domain_name -}}
{{- $_ := set .Values.conf.blazar.DEFAULT "os_admin_project_domain_name" .Values.endpoints.identity.auth.admin.project_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.blazar.DEFAULT.os_admin_user_domain_name -}}
{{- $_ := set .Values.conf.blazar.DEFAULT "os_admin_user_domain_name" .Values.endpoints.identity.auth.admin.user_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.blazar.DEFAULT.os_admin_username -}}
{{- $_ := set .Values.conf.blazar.DEFAULT "os_admin_username" .Values.endpoints.identity.auth.admin.username -}}
{{- end -}}
{{- if empty .Values.conf.blazar.DEFAULT.os_admin_password -}}
{{- $_ := set .Values.conf.blazar.DEFAULT "os_admin_password" .Values.endpoints.identity.auth.admin.password -}}
{{- end -}}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $configMapName }}
type: Opaque
data:
rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }}
blazar.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.blazar | b64enc }}
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.api_paste | b64enc }}
policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
{{- end }}
{{- end }}
{{- if .Values.manifests.configmap_etc }}
{{- list "blazar-etc" . | include "blazar.configmap.etc" }}
{{- end }}
...

154
blazar/templates/deployment-api.yaml Normal file
View File

@@ -0,0 +1,154 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "blazarApiLivenessProbeTemplate" }}
tcpSocket:
port: {{ tuple "reservation" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
{{- define "blazarApiReadinessProbeTemplate" }}
tcpSocket:
port: {{ tuple "reservation" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
{{- if .Values.manifests.deployment_api }}
{{- $envAll := . }}
{{- $mounts_blazar_api := .Values.pod.mounts.blazar_api.blazar_api }}
{{- $mounts_blazar_api_init := .Values.pod.mounts.blazar_api.init_container }}
{{- $serviceAccountName := "blazar-api" }}
{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: blazar-api
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "blazar" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
replicas: {{ .Values.pod.replicas.api }}
selector:
matchLabels:
{{ tuple $envAll "blazar" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "blazar" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ tuple "blazar_api" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "blazar-api" "containerNames" (list "blazar-api" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ tuple "blazar_api" . | include "helm-toolkit.snippets.kubernetes_pod_priority_class" | indent 6 }}
{{ tuple "blazar_api" . | include "helm-toolkit.snippets.kubernetes_pod_runtime_class" | indent 6 }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "blazar" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
{{ tuple $envAll "blazar" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }}
{{ if $envAll.Values.pod.tolerations.blazar.enabled }}
{{ tuple $envAll "blazar" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }}
initContainers:
{{ tuple $envAll "api" $mounts_blazar_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: blazar-api
{{ tuple $envAll "blazar_api" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "blazar" "container" "blazar_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
{{- if or .Values.manifests.certificates .Values.tls.identity }}
env:
- name: REQUESTS_CA_BUNDLE
value: "/etc/blazar/certs/ca.crt"
{{- end }}
command:
- /tmp/blazar-api.sh
- start
lifecycle:
preStop:
exec:
command:
- /tmp/blazar-api.sh
- stop
ports:
- name: b-api
containerPort: {{ tuple "reservation" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ dict "envAll" $envAll "component" "api" "container" "default" "type" "liveness" "probeTemplate" (include "blazarApiLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
{{ dict "envAll" $envAll "component" "api" "container" "default" "type" "readiness" "probeTemplate" (include "blazarApiReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: pod-etc-blazar
mountPath: /etc/blazar
- name: blazar-bin
mountPath: /tmp/blazar-api.sh
subPath: blazar-api.sh
readOnly: true
- name: blazar-etc
mountPath: /etc/blazar/blazar.conf
subPath: blazar.conf
readOnly: true
- name: blazar-etc-snippets
mountPath: /etc/blazar/blazar.conf.d/
readOnly: true
{{- if .Values.conf.blazar.DEFAULT.log_config_append }}
- name: blazar-etc
mountPath: {{ .Values.conf.blazar.DEFAULT.log_config_append }}
subPath: {{ base .Values.conf.blazar.DEFAULT.log_config_append }}
readOnly: true
{{- end }}
- name: blazar-etc
mountPath: /etc/blazar/api-paste.ini
subPath: api-paste.ini
readOnly: true
- name: blazar-etc
mountPath: /etc/blazar/policy.yaml
subPath: policy.yaml
readOnly: true
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.reservation.api.internal "path" "/etc/blazar/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_blazar_api.volumeMounts }}{{ toYaml $mounts_blazar_api.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
emptyDir: {}
- name: pod-etc-blazar
emptyDir: {}
- name: blazar-bin
configMap:
name: blazar-bin
defaultMode: 0555
- name: blazar-etc
secret:
secretName: blazar-etc
defaultMode: 0444
- name: blazar-etc-snippets
projected:
sources:
- secret:
name: blazar-ks-etc
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.reservation.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_blazar_api.volumes }}{{ toYaml $mounts_blazar_api.volumes | indent 8 }}{{ end }}
{{- end }}
...

111
blazar/templates/deployment-manager.yaml Normal file
View File

@@ -0,0 +1,111 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.deployment_manager }}
{{- $envAll := . }}
{{- $mounts := .Values.pod.mounts.blazar_manager.blazar_manager }}
{{- $mounts_init := .Values.pod.mounts.blazar_manager.init_container }}
{{- $serviceAccountName := "blazar-manager" }}
{{ tuple $envAll "manager" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: blazar-manager
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "blazar" "manager" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
replicas: {{ .Values.pod.replicas.manager }}
selector:
matchLabels:
{{ tuple $envAll "blazar" "manager" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "blazar" "manager" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "blazar-manager" "containerNames" (list "blazar-manager" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "blazar" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
{{ tuple $envAll "blazar" "manager" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.manager.node_selector_key }}: {{ .Values.labels.manager.node_selector_value | quote }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.manager.timeout | default "30" }}
initContainers:
{{ tuple $envAll "manager" $mounts_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: blazar-manager
{{ tuple $envAll "blazar_manager" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.manager | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "blazar" "container" "blazar_manager" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
- /tmp/blazar-manager.sh
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.blazar }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: pod-etc-blazar
mountPath: /etc/blazar
- name: blazar-bin
mountPath: /tmp/blazar-manager.sh
subPath: blazar-manager.sh
readOnly: true
- name: blazar-etc
mountPath: /etc/blazar/blazar.conf
subPath: blazar.conf
readOnly: true
{{- if .Values.conf.blazar.DEFAULT.log_config_append }}
- name: blazar-etc
mountPath: {{ .Values.conf.blazar.DEFAULT.log_config_append }}
subPath: {{ base .Values.conf.blazar.DEFAULT.log_config_append }}
readOnly: true
{{- end }}
- name: blazar-etc
mountPath: /etc/blazar/policy.yaml
subPath: policy.yaml
readOnly: true
{{- if $mounts.volumeMounts }}
{{ toYaml $mounts.volumeMounts | indent 12 }}
{{- end }}
volumes:
- name: pod-tmp
emptyDir: {}
- name: pod-etc-blazar
emptyDir: {}
- name: blazar-bin
configMap:
name: blazar-bin
defaultMode: 0555
- name: blazar-etc
secret:
secretName: blazar-etc
defaultMode: 0444
{{- if $mounts.volumes }}
{{ toYaml $mounts.volumes | indent 8 }}
{{- end }}
{{- end }}
...

26
blazar/templates/ingress-api.yaml Normal file
View File

@@ -0,0 +1,26 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }}
{{- $envAll := . }}
{{- $ingressOpts := dict "envAll" $envAll "backendService" "api" "backendServiceType" "reservation" "backendPort" "b-api" -}}
{{- $secretName := index $envAll.Values.secrets.tls.reservation.api ($envAll.Values.network.api.ingress.classes.namespace | replace "-" "_") -}}
{{- if $envAll.Values.tls.identity -}}
{{- $_ := set $ingressOpts "certIssuer" $envAll.Values.endpoints.identity.auth.blazar.tls.ca -}}
{{- end -}}
{{- if hasKey $envAll.Values.secrets.tls.reservation.api $envAll.Values.network.api.ingress.classes.namespace -}}
{{- $_ := set $ingressOpts "tlsSecret" $secretName -}}
{{- end -}}
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
{{- end }}

21
blazar/templates/job-bootstrap.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }}
{{- $bootstrapJob := dict "envAll" . "serviceName" "blazar" "keystoneUser" .Values.bootstrap.ks_user -}}
{{- if .Values.pod.tolerations.blazar.enabled -}}
{{- $_ := set $bootstrapJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $bootstrapJob | include "helm-toolkit.manifests.job_bootstrap" }}
{{- end }}

24
blazar/templates/job-db-drop.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_db_drop }}
{{- $dbDropJob := dict "envAll" . "serviceName" "blazar" -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $dbDropJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
{{- end -}}
{{- if .Values.pod.tolerations.blazar.enabled -}}
{{- $_ := set $dbDropJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }}
{{- end }}

32
blazar/templates/job-db-init.yaml Normal file
View File

@@ -0,0 +1,32 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "metadata.annotations.job.db_init" }}
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "-5"
{{- end }}
{{- if .Values.manifests.job_db_init }}
{{- $dbInitJob := dict "envAll" . "serviceName" "blazar" -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $dbInitJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }}
{{- end }}
{{- if .Values.pod.tolerations.blazar.enabled -}}
{{- $_ := set $dbInitJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }}
{{- end }}

32
blazar/templates/job-db-sync.yaml Normal file
View File

@@ -0,0 +1,32 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "metadata.annotations.job.db_sync" }}
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "-4"
{{- end }}
{{- if .Values.manifests.job_db_sync }}
{{- $dbSyncJob := dict "envAll" . "serviceName" "blazar" "podVolMounts" .Values.pod.mounts.blazar_db_sync.blazar_db_sync.volumeMounts "podVols" .Values.pod.mounts.blazar_db_sync.blazar_db_sync.volumes -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $dbSyncJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $dbSyncJob "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) }}
{{- end }}
{{- if .Values.pod.tolerations.blazar.enabled -}}
{{- $_ := set $dbSyncJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }}
{{- end }}

32
blazar/templates/job-ks-endpoints.yaml Normal file
View File

@@ -0,0 +1,32 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "metadata.annotations.job.ks_endpoints" }}
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "-2"
{{- end }}
{{- if .Values.manifests.job_ks_endpoints }}
{{- $ksEndpointsJob := dict "envAll" . "serviceName" "blazar" "serviceTypes" ( tuple "reservation" ) -}}
{{- if or .Values.manifests.certificates .Values.tls.identity -}}
{{- $_ := set $ksEndpointsJob "tlsSecret" .Values.secrets.tls.reservation.api.internal -}}
{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $ksEndpointsJob "jobAnnotations" (include "metadata.annotations.job.ks_endpoints" . | fromYaml) }}
{{- end }}
{{- if .Values.pod.tolerations.blazar.enabled -}}
{{- $_ := set $ksEndpointsJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $ksEndpointsJob | include "helm-toolkit.manifests.job_ks_endpoints" }}
{{- end }}

32
blazar/templates/job-ks-service.yaml Normal file
View File

@@ -0,0 +1,32 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "metadata.annotations.job.ks_service" }}
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "-3"
{{- end }}
{{- if .Values.manifests.job_ks_service }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "blazar" "serviceTypes" ( tuple "reservation" ) -}}
{{- if or .Values.manifests.certificates .Values.tls.identity -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.reservation.api.internal -}}
{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_service" . | fromYaml) }}
{{- end }}
{{- if .Values.pod.tolerations.blazar.enabled -}}
{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }}
{{- end }}

32
blazar/templates/job-ks-user.yaml Normal file
View File

@@ -0,0 +1,32 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "metadata.annotations.job.ks_user" }}
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "-1"
{{- end }}
{{- if .Values.manifests.job_ks_user }}
{{- $ksUserJob := dict "envAll" . "serviceName" "blazar" -}}
{{- if or .Values.manifests.certificates .Values.tls.identity -}}
{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.reservation.api.internal -}}
{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $ksUserJob "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) -}}
{{- end }}
{{- if .Values.pod.tolerations.blazar.enabled -}}
{{- $_ := set $ksUserJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}

32
blazar/templates/job-rabbit-init.yaml Normal file
View File

@@ -0,0 +1,32 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "metadata.annotations.job.rabbit_init" }}
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "-4"
{{- end }}
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "blazar" -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $rmqUserJob "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) }}
{{- end }}
{{- if .Values.pod.tolerations.blazar.enabled -}}
{{- $_ := set $rmqUserJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
{{- end }}

34
blazar/templates/pdb-api.yaml Normal file
View File

@@ -0,0 +1,34 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.pdb_api }}
{{- $envAll := . }}
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: blazar-api
labels:
{{ tuple $envAll "blazar" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
{{- if .Values.pod.lifecycle.disruption_budget.api.min_available }}
minAvailable: {{ .Values.pod.lifecycle.disruption_budget.api.min_available }}
{{- else }}
maxUnavailable: {{ .Values.pod.lifecycle.disruption_budget.api.max_unavailable | default 1 }}
{{- end }}
selector:
matchLabels:
{{ tuple $envAll "blazar" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{- end }}
...

34
blazar/templates/pdb-manager.yaml Normal file
View File

@@ -0,0 +1,34 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.pdb_manager }}
{{- $envAll := . }}
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: blazar-manager
labels:
{{ tuple $envAll "blazar" "manager" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
{{- if .Values.pod.lifecycle.disruption_budget.manager.min_available }}
minAvailable: {{ .Values.pod.lifecycle.disruption_budget.manager.min_available }}
{{- else }}
maxUnavailable: {{ .Values.pod.lifecycle.disruption_budget.manager.max_unavailable | default 1 }}
{{- end }}
selector:
matchLabels:
{{ tuple $envAll "blazar" "manager" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{- end }}
...

134
blazar/templates/pod-rally-test.yaml Normal file
View File

@@ -0,0 +1,134 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if (.Values.global).subchart_release_name }}
{{- $_ := set . "deployment_name" .Chart.Name }}
{{- else }}
{{- $_ := set . "deployment_name" .Release.Name }}
{{- end }}
{{- if .Values.manifests.pod_rally_test }}
{{- $envAll := . }}
{{- $mounts_blazar_tests := .Values.pod.mounts.blazar_tests.blazar_tests }}
{{- $mounts_blazar_tests_init := .Values.pod.mounts.blazar_tests.init_container }}
{{- $serviceAccountName := print $envAll.deployment_name "-test" }}
{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: v1
kind: Pod
metadata:
name: {{ print $envAll.Chart.Name "-test" }}
labels:
{{ tuple $envAll "blazar" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
annotations:
"helm.sh/hook": test-success
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
{{ dict "envAll" $envAll "podName" "blazar-test" "containerNames" (list "init" "blazar-test" "blazar-test-ks-user") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec:
{{ if $envAll.Values.pod.tolerations.blazar.enabled }}
{{ tuple $envAll "blazar" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }}
{{ end }}
nodeSelector:
{{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
{{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
restartPolicy: Never
{{ tuple "blazar_tests" . | include "helm-toolkit.snippets.kubernetes_pod_priority_class" | indent 2 }}
{{ tuple "blazar_tests" . | include "helm-toolkit.snippets.kubernetes_pod_runtime_class" | indent 2 }}
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "tests" $mounts_blazar_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
- name: blazar-test-ks-user
{{ tuple $envAll "ks_user" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
{{ dict "envAll" $envAll "application" "test" "container" "blazar_test_ks_user" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: blazar-bin
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
{{ dict "enabled" .Values.manifests.certificates "name" $envAll.Values.secrets.tls.reservation.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 8 }}
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" .Values.manifests.certificates }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "test"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.test.role | quote }}
containers:
- name: blazar-test
{{ tuple $envAll "test" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
{{ dict "envAll" $envAll "application" "test" "container" "blazar_test" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }}
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" .Values.manifests.certificates }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
- name: RALLY_ENV_NAME
value: {{.Chart.Name}}
command:
- /tmp/rally-test.sh
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: blazar-etc
mountPath: /etc/rally/rally_tests.yaml
subPath: rally_tests.yaml
readOnly: true
- name: blazar-bin
mountPath: /tmp/rally-test.sh
subPath: rally-test.sh
readOnly: true
- name: rally-db
mountPath: /var/lib/rally
{{- range $key, $value := $envAll.Values.conf.rally_tests.templates }}
- name: blazar-etc
mountPath: {{ $value.name }}
subPath: {{ printf "test_template_%d" $key }}
readOnly: true
{{- end }}
- name: rally-work
mountPath: /home/rally/.rally
{{ dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.reservation.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 8 }}
{{ if $mounts_blazar_tests.volumeMounts }}{{ toYaml $mounts_blazar_tests.volumeMounts | indent 8 }}{{ end }}
volumes:
- name: pod-tmp
emptyDir: {}
- name: blazar-etc
secret:
secretName: blazar-etc
defaultMode: 0444
- name: blazar-bin
configMap:
name: blazar-bin
defaultMode: 0555
- name: rally-db
emptyDir: {}
- name: rally-work
emptyDir: {}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.reservation.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 4 }}
{{ if $mounts_blazar_tests.volumes }}{{ toYaml $mounts_blazar_tests.volumes | indent 4 }}{{ end }}
{{- end }}

36
blazar/templates/secret-db.yaml Normal file
View File

@@ -0,0 +1,36 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "blazar" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
{{- $connection := tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
annotations:
{{ tuple "oslo_db" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
{{- if $envAll.Values.manifests.certificates }}
DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}}
{{- else }}
DB_CONNECTION: {{ $connection | b64enc -}}
{{- end }}
{{- end }}
{{- end }}
...

31
blazar/templates/secret-keystone.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $userClass, $val := $envAll.Values.endpoints.identity.auth }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
annotations:
{{ tuple "identity" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
{{- end }}
{{- end }}
...

27
blazar/templates/secret-ks-etc.yaml Normal file
View File

@@ -0,0 +1,27 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_ks_etc }}
{{- $envAll := . -}}
{{/* the endpoints.identity.auth sections with the oslo conf sections they get rendered to */}}
{{- $ksUsers := dict
"blazar" "keystone_authtoken"
-}}
{{ dict
"envAll" $envAll
"serviceName" "blazar"
"serviceUserSections" $ksUsers
| include "helm-toolkit.manifests.secret_ks_etc"
}}
{{- end }}

35
blazar/templates/secret-rabbitmq.yaml Normal file
View File

@@ -0,0 +1,35 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- $rabbitmqProtocol := "http" }}
{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal }}
{{- $rabbitmqProtocol = "https" }}
{{- end }}
{{- range $key1, $userClass := tuple "admin" "blazar" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
annotations:
{{ tuple "oslo_messaging" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }}
{{- end }}
...

38
blazar/templates/service-api.yaml Normal file
View File

@@ -0,0 +1,38 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_api }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "reservation" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: b-api
port: {{ tuple "reservation" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.network.api.node_port.enabled }}
nodePort: {{ .Values.network.api.node_port.port }}
{{- end }}
selector:
{{ tuple $envAll "blazar" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- if .Values.network.api.node_port.enabled }}
type: NodePort
{{- if .Values.network.api.external_policy_local }}
externalTrafficPolicy: Local
{{- end }}
{{- end }}
{{- end }}
...

18
blazar/templates/service-ingress-api.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }}
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "reservation" -}}
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
{{- end }}

791
blazar/values.yaml Normal file
View File

@@ -0,0 +1,791 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
release_group: null
labels:
api:
node_selector_key: openstack-control-plane
node_selector_value: enabled
manager:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
test:
node_selector_key: openstack-control-plane
node_selector_value: enabled
images:
tags:
test: docker.io/xrally/xrally-openstack:2.0.0
bootstrap: quay.io/airshipit/heat:2025.1-ubuntu_jammy
db_init: quay.io/airshipit/heat:2025.1-ubuntu_jammy
db_drop: quay.io/airshipit/heat:2025.1-ubuntu_jammy
ks_user: quay.io/airshipit/heat:2025.1-ubuntu_jammy
ks_service: quay.io/airshipit/heat:2025.1-ubuntu_jammy
ks_endpoints: quay.io/airshipit/heat:2025.1-ubuntu_jammy
rabbit_init: docker.io/rabbitmq:3.13-management
blazar_db_sync: quay.io/airshipit/blazar:2025.1-ubuntu_jammy
blazar_api: quay.io/airshipit/blazar:2025.1-ubuntu_jammy
blazar_manager: quay.io/airshipit/blazar:2025.1-ubuntu_jammy
dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy
image_repo_sync: docker.io/docker:17.07.0
pull_policy: "IfNotPresent"
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
network:
api:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: true
port: 30778
manager:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: true
port: 30779
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- blazar-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
api:
jobs:
- blazar-db-sync
- blazar-ks-user
- blazar-ks-endpoints
- blazar-rabbit-init
services:
- endpoint: internal
service: oslo_db
- endpoint: internal
service: identity
- endpoint: internal
service: oslo_messaging
manager:
jobs:
- blazar-db-sync
- blazar-ks-user
- blazar-ks-endpoints
- blazar-rabbit-init
services:
- endpoint: internal
service: oslo_db
- endpoint: internal
service: identity
- endpoint: internal
service: oslo_messaging
bootstrap:
services:
- endpoint: internal
service: identity
- endpoint: internal
service: reservation
db_init:
services:
- endpoint: internal
service: oslo_db
db_drop:
services:
- endpoint: internal
service: oslo_db
db_sync:
jobs:
- blazar-db-init
services:
- endpoint: internal
service: oslo_db
ks_endpoints:
jobs:
- blazar-ks-service
services:
- endpoint: internal
service: identity
ks_service:
services:
- endpoint: internal
service: identity
ks_user:
services:
- endpoint: internal
service: identity
rabbit_init:
services:
- endpoint: internal
service: oslo_messaging
tests:
jobs:
- blazar-db-sync
services:
- endpoint: internal
service: oslo_db
- endpoint: internal
service: identity
- endpoint: internal
service: reservation
- endpoint: internal
service: compute
image_repo_sync:
services:
- endpoint: internal
service: local_image_registry
secrets:
identity:
admin: blazar-keystone-admin
blazar: blazar-keystone-user
service: blazar-keystone-service
test: blazar-keystone-test
oslo_db:
admin: blazar-db-admin
blazar: blazar-db-user
oslo_messaging:
admin: blazar-rabbitmq-admin
blazar: blazar-rabbitmq-user
tls:
reservation:
api:
public: blazar-tls-public
internal: blazar-tls-internal
nginx: blazar-tls-nginx
nginx_cluster: blazar-tls-nginx-cluster
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
identity:
name: keystone
auth:
admin:
region_name: RegionOne
username: admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
blazar:
role: admin,service
region_name: RegionOne
username: blazar
password: password
project_name: service
user_domain_name: service
project_domain_name: service
service:
role: admin,service
region_name: RegionOne
username: blazar_service_user
password: password
project_name: service
user_domain_name: service
project_domain_name: service
test:
role: admin
region_name: RegionOne
username: blazar-test
password: password
project_name: test
user_domain_name: service
project_domain_name: service
hosts:
default: keystone
internal: keystone-api
host_fqdn_override:
default: null
path:
default: /v3
scheme:
default: http
port:
api:
default: 80
internal: 5000
reservation:
name: blazar
hosts:
default: blazar-api
public: blazar
host_fqdn_override:
default: null
path:
default: /v1
scheme:
default: 'http'
service: 'http'
port:
api:
default: 1234
public: 80
service: 1234
oslo_db:
auth:
admin:
username: root
password: password
secret:
tls:
internal: mariadb-tls-direct
blazar:
username: blazar
password: password
hosts:
default: mariadb
host_fqdn_override:
default: null
path: /blazar
scheme: mysql+pymysql
port:
mysql:
default: 3306
oslo_messaging:
auth:
admin:
username: rabbitmq
password: password
secret:
tls:
internal: rabbitmq-tls-direct
blazar:
username: blazar
password: password
statefulset:
replicas: 2
name: rabbitmq-rabbitmq
hosts:
default: rabbitmq
host_fqdn_override:
default: null
path: /blazar
scheme: rabbit
port:
amqp:
default: 5672
http:
default: 15672
oslo_cache:
auth:
memcache_secret_key: null
hosts:
default: memcached
host_fqdn_override:
default: null
port:
memcache:
default: 11211
fluentd:
namespace: null
name: fluentd
hosts:
default: fluentd-logging
host_fqdn_override:
default: null
path:
default: null
scheme: 'http'
port:
service:
default: 24224
metrics:
default: 24220
compute:
name: nova
hosts:
default: nova-api
internal: nova-api
host_fqdn_override:
default: null
path:
default: "/v2.1"
scheme:
default: http
port:
api:
default: 80
internal: 8774
public: 80
network:
public_network_id: "public"
floating_network_id: "public"
pod:
probes:
rpc_timeout: 60
rpc_retries: 2
api:
default:
liveness:
enabled: True
params:
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
readiness:
enabled: True
params:
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
security_context:
blazar:
pod:
runAsUser: 42424
container:
blazar_api:
runAsUser: 0
blazar_manager:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
test:
pod:
runAsUser: 42424
container:
blazar_test_ks_user:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
blazar_test:
runAsUser: 65500
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
weight:
default: 10
tolerations:
blazar:
enabled: false
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
mounts:
blazar_api:
init_container: null
blazar_api:
volumeMounts:
volumes:
blazar_manager:
init_container: null
blazar_manager:
volumeMounts:
volumes:
blazar_bootstrap:
init_container: null
blazar_bootstrap:
volumeMounts:
volumes:
blazar_db_sync:
blazar_db_sync:
volumeMounts:
volumes:
blazar_tests:
init_container: null
blazar_tests:
volumeMounts:
volumes:
replicas:
api: 1
manager: 1
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
disruption_budget:
api:
min_available: 0
manager:
min_available: 0
termination_grace_period:
api:
timeout: 30
manager:
timeout: 30
resources:
enabled: false
api:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
manager:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
bootstrap:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_drop:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_endpoints:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_service:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_user:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
rabbit_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
tests:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
image_repo_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
bootstrap:
backoffLimit: 5
activeDeadlineSeconds: 600
db_init:
backoffLimit: 5
activeDeadlineSeconds: 600
db_drop:
backoffLimit: 5
activeDeadlineSeconds: 600
db_sync:
backoffLimit: 5
activeDeadlineSeconds: 600
ks_endpoints:
backoffLimit: 5
activeDeadlineSeconds: 600
ks_service:
backoffLimit: 5
activeDeadlineSeconds: 600
ks_user:
backoffLimit: 5
activeDeadlineSeconds: 600
rabbit_init:
backoffLimit: 5
activeDeadlineSeconds: 600
conf:
blazar:
DEFAULT:
debug: false
log_config_append: /etc/blazar/logging.conf
api_paste_config: /etc/blazar/api-paste.ini
os_auth_protocol:
os_auth_host:
os_auth_port:
os_region_name:
os_admin_username:
os_admin_password:
os_admin_project_name:
os_admin_user_domain_name:
os_admin_project_domain_name:
database:
max_retries: -1
keystone_authtoken:
service_token_roles: service
service_token_roles_required: true
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
service_type: reservation
oslo_messaging_notifications:
driver: messagingv2
oslo_messaging_rabbit:
rabbit_ha_queues: true
manager:
plugins: physical.host.plugin,virtual.instance.plugin,virtual.floatingip.plugin
enforcement:
enabled_filters:
- MaxLeaseDurationFilter
max_lease_duration: 86400
physical_host_plugin:
aggregate_freepool_name: freepool
blazar_username: blazar
blazar_password: password
blazar_project_name: service
blazar_user_domain_name: service
blazar_project_domain_name: service
nova_client_timeout: 30
enable_host_reservation: true
logging:
loggers:
keys:
- root
- blazar
handlers:
keys:
- stdout
- stderr
- "null"
formatters:
keys:
- context
- default
logger_root:
level: WARNING
handlers: "null"
logger_blazar:
level: INFO
handlers:
- stdout
qualname: blazar
logger_amqp:
level: WARNING
handlers: stderr
qualname: amqp
logger_amqplib:
level: WARNING
handlers: stderr
qualname: amqplib
logger_eventletwsgi:
level: WARNING
handlers: stderr
qualname: eventlet.wsgi.server
logger_sqlalchemy:
level: WARNING
handlers: stderr
qualname: sqlalchemy
logger_boto:
level: WARNING
handlers: stderr
qualname: boto
handler_null:
class: logging.NullHandler
formatter: default
args: ()
handler_stdout:
class: StreamHandler
args: (sys.stdout,)
formatter: context
handler_stderr:
class: StreamHandler
args: (sys.stderr,)
formatter: context
formatter_context:
class: oslo_log.formatters.ContextFormatter
datefmt: "%Y-%m-%d %H:%M:%S"
formatter_default:
format: "%(message)s"
datefmt: "%Y-%m-%d %H:%M:%S"
api_paste:
composite:reservation:
use: "egg:Paste#urlmap"
"/": blazarversions
"/v1": blazarapi_v1
"/v2": blazarapi_v2
composite:blazarapi_v1:
use: "call:blazar.api.middleware:pipeline_factory"
noauth: "request_id faultwrap sizelimit noauth blazarapi_v1"
keystone: "request_id faultwrap sizelimit authtoken keystonecontext blazarapi_v1"
composite:blazarapi_v2:
use: "call:blazar.api.middleware:pipeline_factory"
noauth: "request_id faultwrap sizelimit noauth blazarapi_v2"
keystone: "request_id faultwrap sizelimit authtoken keystonecontext blazarapi_v2"
app:blazarversions:
paste.app_factory: "blazar.api.versions:Versions.factory"
app:blazarapi_v1:
paste.app_factory: "blazar.api.v1.app:make_app"
app:blazarapi_v2:
paste.app_factory: "blazar.api.v2.app:make_app"
filter:request_id:
paste.filter_factory: "oslo_middleware:RequestId.factory"
filter:faultwrap:
paste.filter_factory: "blazar.api.middleware:FaultWrapper.factory"
filter:noauth:
paste.filter_factory: "blazar.api.middleware:NoAuthMiddleware.factory"
filter:sizelimit:
paste.filter_factory: "oslo_middleware:RequestBodySizeLimiter.factory"
filter:authtoken:
paste.filter_factory: "keystonemiddleware.auth_token:filter_factory"
filter:keystonecontext:
paste.filter_factory: "blazar.api.middleware:KeystoneContextMiddleware.factory"
policy: {}
rabbitmq:
policies:
- vhost: "blazar"
name: "ha_ttl_blazar"
pattern: '^(?!(amq\.|reply_)).*'
definition:
ha-mode: "all"
ha-sync-mode: "automatic"
message-ttl: 70000
priority: 0
apply-to: all
rally_tests:
run_tempest: false
tests:
# NOTE:This is a dummy test added as a placeholder and currently, Rally does not support Blazar scenarios.
Dummy.dummy:
-
args:
sleep: 5
runner:
type: "constant"
times: 20
concurrency: 5
sla:
failure_rate:
max: 0
templates: []
bootstrap:
enabled: false
ks_user: blazar
script: |
openstack token issue
# NOTE(helm_hook): helm_hook might break for helm2 binary.
# set helm3_hook: false when using the helm2 binary.
helm3_hook: true
manifests:
certificates: false
configmap_bin: true
configmap_etc: true
deployment_api: true
deployment_manager: true
ingress_api: true
job_bootstrap: true
job_db_init: true
job_db_drop: false
job_db_sync: true
job_image_repo_sync: true
job_ks_endpoints: true
job_ks_service: true
job_ks_user: true
job_rabbit_init: true
pdb_api: true
pdb_manager: true
pod_rally_test: true
secret_db: true
secret_keystone: true
secret_ks_etc: true
secret_rabbitmq: true
service_api: true
service_ingress_api: true
network_policy:
blazar:
ingress:
- {}
egress:
- {}
tls:
identity: false
oslo_messaging: false
oslo_db: false
reservation:
api:
public: false
...

1
doc/source/chart/openstack_charts.rst
View File

@@ -6,6 +6,7 @@ OpenStack charts options
aodh
barbican
blazar
ceilometer
cinder
cyborg

16
doc/source/install/openstack.rst
View File

@@ -460,3 +460,19 @@ For comprehensive instructions on installing Tacker using Openstack Helm,
please refer `Install Tacker via Openstack Helm`_.
.. _Install Tacker via Openstack Helm: https://docs.openstack.org/tacker/latest/install/openstack_helm.html
Blazar
~~~~~~
Blazar is the resource reservation service for OpenStack. It provides a way to reserve
resources such as compute hosts, servers and floating IPs for future use.
To deploy the Blazar service run the following:
.. code-block:: bash
helm upgrade --install blazar openstack-helm/blazar \
--namespace=openstack
$(helm osh get-values-overrides -p ${OVERRIDES_DIR} -c blazar ${FEATURES})
helm osh wait-for-pods openstack

1
releasenotes/config.yaml
View File

@@ -10,6 +10,7 @@ stop_at_branch_base: true
sections:
- [aodh, aodh Chart]
- [barbican, barbican Chart]
- [blazar, blazar Chart]
- [ca-issuer, ca-issuer Chart]
- [calico, calico Chart]
- [ceilometer, ceilometer Chart]

13
releasenotes/notes/blazar-73cedded47699964.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
blazar:
- |
Added initial support for OpenStack Blazar reservation service deployment
in Kubernetes environments through Helm charts. This enables users to
deploy and manage Blazar services alongside other OpenStack components.
features:
- |
Introduced Blazar Helm chart with support for:
- Blazar API and Manager service deployment and configuration
- Integration with existing OpenStack identity services
- Support for custom Blazar configuration through values.yaml
...

44
tools/deployment/component/blazar/blazar.sh Executable file
View File

@@ -0,0 +1,44 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Define variables
: ${OSH_HELM_REPO:="../openstack-helm"}
: ${OSH_VALUES_OVERRIDES_PATH:="../openstack-helm/values_overrides"}
: ${OSH_EXTRA_HELM_ARGS_BLAZAR:="$(helm osh get-values-overrides ${DOWNLOAD_OVERRIDES:-} -p ${OSH_VALUES_OVERRIDES_PATH} -c blazar ${FEATURES})"}
: ${BLAZAR_RELEASE_NAME:="blazar"}
: ${BLAZAR_NAMESPACE:="openstack"}
#NOTE: Wait for deploy
echo "Deploying OpenStack Blazar"
helm upgrade --install ${BLAZAR_RELEASE_NAME} ${OSH_HELM_REPO}/blazar \
--namespace ${BLAZAR_NAMESPACE} \
${OSH_EXTRA_HELM_ARGS:=} \
${OSH_EXTRA_HELM_ARGS_BLAZAR}
#NOTE: Wait for deploy
helm osh wait-for-pods ${BLAZAR_NAMESPACE}
echo "OpenStack Blazar deployment complete."
#NOTE: Validate Deployment info
export OS_CLOUD=openstack_helm
openstack service list
# Run helm test
if [ "x${RUN_HELM_TESTS}" != "xno" ]; then
./tools/deployment/common/run-helm-tests.sh blazar
fi

351
tools/deployment/component/blazar/blazar_smoke_test.sh Executable file
View File

@@ -0,0 +1,351 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -ex
export OS_CLOUD=openstack_helm
BLAZAR_DIR="$(readlink -f ./tools/deployment/component/blazar)"
SSH_DIR="${HOME}/.ssh"
OPENSTACK_CLIENT_CONTAINER_EXTRA_ARGS="${OPENSTACK_CLIENT_CONTAINER_EXTRA_ARGS} -v ${BLAZAR_DIR}:${BLAZAR_DIR} -v ${SSH_DIR}:${SSH_DIR}"
export OPENSTACK_CLIENT_CONTAINER_EXTRA_ARGS
echo "Test: Starting the process to delete all existing Blazar leases, if any"
lease_ids=$(openstack reservation lease list -c id -f value)
sleep 2
# Check if the list of leases is empty.
if [ -z "$lease_ids" ]; then
echo "Test: No leases found to delete"
else
echo "Test: The following lease IDs will be deleted:"
echo "$lease_ids"
echo "-------------------------------------"
while IFS= read -r lease_id; do
echo "Test: Deleting lease with ID: $lease_id"
openstack reservation lease delete "$lease_id"
sleep 2
echo "Test: Lease $lease_id deleted."
done <<< "$lease_ids"
echo "-------------------------------------"
echo "Test: All Blazar leases have been successfully deleted"
fi
echo "Test: Starting the process to delete all existing Blazar hosts, if any"
openstack host list
sleep 2
openstack reservation host list
sleep 2
host_ids=$(openstack reservation host list -c id -f value)
sleep 2
# Check if the list of hosts is empty.
if [ -z "$host_ids" ]; then
echo "Test: No hosts found to delete"
else
echo "Test: The following host IDs will be deleted:"
echo "$host_ids"
echo "-------------------------------------"
while IFS= read -r host_id; do
# Get the list of servers on the specified host
SERVER_LIST=$(openstack server list --host "$host_id" -f value -c id)
sleep 2
# Check if any servers were found
if [ -z "$SERVER_LIST" ]; then
echo "No servers found on host '$host_id'"
else
# Delete all servers on the host
echo "Deleting servers on host '$host_id'"
for SERVER_ID in $SERVER_LIST; do
echo "Deleting server $SERVER_ID"
openstack server delete "$SERVER_ID"
done
echo "All servers on host '$host_id' have been deleted"
fi
echo "Test: Deleting host with ID: $host_id"
openstack reservation host delete "$host_id"
sleep 2
echo "Test: Host $host_id deleted"
done <<< "$host_ids"
echo "-------------------------------------"
echo "Test: All Blazar hosts have been successfully deleted"
fi
echo "Test: list all the services"
openstack service list
sleep 2
echo "Test: list all the endpoints"
openstack endpoint list
sleep 2
echo "Test: list all the hypervisors"
openstack hypervisor list
sleep 2
echo "Extract the first available compute host name from the list of hosts"
FIRST_COMPUTE_HOST=$(openstack host list | grep 'compute' | awk '{print $2}' | head -n 1)
sleep 2
# A simple check to see if a host name was successfully found.
if [ -z "$FIRST_COMPUTE_HOST" ]; then
echo "Error: No compute host found in the list"
exit 1
else
echo "The first compute host found is: $FIRST_COMPUTE_HOST"
fi
sleep 2
# Set a variable for the aggregate name
AGGREGATE_NAME="freepool"
echo "Test: Checking if aggregate '${AGGREGATE_NAME}' already exists"
AGGREGATE_FOUND=$(openstack aggregate list | grep " ${AGGREGATE_NAME} " | cut -d '|' -f 3 | tr -d ' ' 2>/dev/null || true)
sleep 2
# Check if the AGGREGATE_FOUND variable is empty.
if [ -z "$AGGREGATE_FOUND" ]; then
echo "Test: Aggregate '${AGGREGATE_NAME}' not found, Creating it now"
openstack aggregate create "${AGGREGATE_NAME}"
sleep 5
# Check the exit status of the previous command.
if [ $? -eq 0 ]; then
echo "Test: Aggregate '${AGGREGATE_NAME}' created successfully"
else
echo "Test: Failed to create aggregate '${AGGREGATE_NAME}'"
fi
else
echo "Test: Aggregate '${AGGREGATE_NAME}' already exists"
fi
sleep 2
echo "Test: list all the aggregates after creating/checking freepool aggregate"
openstack aggregate list
sleep 2
echo "Test: Add host into the Blazar freepool"
openstack reservation host create $FIRST_COMPUTE_HOST
sleep 5
echo "Test: Add extra capabilities to host to add other properties"
openstack reservation host set --extra gpu=True $FIRST_COMPUTE_HOST
sleep 2
echo "Test: list hosts in the blazar freepool after adding a host"
openstack reservation host list
sleep 2
# Get the current date in YYYY-MM-DD format, generate start and end dates
current_date=$(date +%Y-%m-%d)
start_date=$(date -d "$current_date + 1 day" +%Y-%m-%d\ 12:00)
end_date=$(date -d "$current_date + 2 day" +%Y-%m-%d\ 12:00)
echo "Test: Create a lease (compute host reservation)"
openstack reservation lease create \
--reservation resource_type=physical:host,min=1,max=1,hypervisor_properties='[">=", "$vcpus", "2"]' \
--start-date "$start_date" \
--end-date "$end_date" \
lease-test-comp-host-res
sleep 5
echo "Test: list leases after creating a lease"
openstack reservation lease list
sleep 2
echo "Test: list projects"
openstack project list
sleep 2
echo "Test: list flavors"
openstack flavor list
sleep 2
echo "Test: list images"
openstack image list
sleep 2
echo "Test: list networks"
openstack network list
sleep 2
# Get the flavor ID for m1.tiny
FLAVOR_ID=$(openstack flavor show m1.tiny -f value -c id)
sleep 2
# Get the image ID for Cirros 0.6.2 64-bit
IMAGE_ID=$(openstack image show "Cirros 0.6.2 64-bit" -f value -c id)
sleep 2
# --- Network ---
# Check if a network named "net1" exists
if ! openstack network show net1 &> /dev/null; then
echo "Network 'net1' not found. Creating now"
sleep 2
openstack network create net1
sleep 2
else
echo "Network 'net1' already exists."
fi
NETWORK_ID=$(openstack network show net1 -f value -c id)
sleep 2
# --- Subnet ---
# Check if a subnet named "subnet1" exists
if ! openstack subnet show subnet1 &> /dev/null; then
echo "Subnet 'subnet1' not found. Creating now"
sleep 2
openstack subnet create \
--network "$NETWORK_ID" \
--subnet-range 10.0.0.0/24 \
--allocation-pool start=10.0.0.2,end=10.0.0.254 \
--gateway 10.0.0.1 \
subnet1
sleep 2
else
echo "Subnet 'subnet1' already exists."
fi
SUBNET_ID=$(openstack subnet show subnet1 -f value -c id)
sleep 2
# --- Router ---
# Check if a router named "router1" exists
if ! openstack router show router1 &> /dev/null; then
sleep 2
echo "Router 'router1' not found. Creating now"
openstack router create router1
sleep 2
ROUTER_ID=$(openstack router show router1 -f value -c id)
sleep 2
openstack router add subnet "$ROUTER_ID" "$SUBNET_ID"
sleep 2
else
echo "Router 'router1' already exists."
fi
echo "Test: get the lease ID"
LEASE_ID=$(openstack reservation lease list | grep "lease-test-comp-host-res" | awk '{print $2}')
sleep 2
echo "Test: get the reservation ID"
# Check if the lease ID was found
if [ -z "$LEASE_ID" ]; then
echo "Error: Lease 'lease-test-comp-host-res' not found."
else
RESERVATION_ID=$(openstack reservation lease show "$LEASE_ID" | grep -A 100 'reservations' | sed -n 's/.*"id": "\([^"]*\)".*/\1/p')
sleep 2
echo "Test: RESERVATION ID: $RESERVATION_ID"
fi
echo "Test: list servers"
openstack server list
sleep 2
if [ -n "$RESERVATION_ID" ]; then
echo "Test: Create a server with the reservation hint"
openstack server create \
--flavor "$FLAVOR_ID" \
--image "$IMAGE_ID" \
--network "$NETWORK_ID" \
--hint reservation="$RESERVATION_ID" \
server_test_blazar_with_reservation
sleep 60
echo "Test: list servers after creating a server with reservation"
openstack server list
sleep 2
fi
echo "Test: delete the created servers"
# Get the list of servers and delete them
SERVER_LIST=$(openstack server list -f value -c id)
sleep 2
# Check if any servers were found
if [ -z "$SERVER_LIST" ]; then
echo "No servers found"
else
# Delete the servers
for SERVER_ID in $SERVER_LIST; do
echo "Deleting server: $SERVER_ID"
openstack server delete "$SERVER_ID"
sleep 5
done
echo "All servers on host '$host_id' have been deleted"
fi
echo "Test: list servers after deleting"
openstack server list
sleep 2
echo "Test: Starting the process to delete all Blazar leases"
lease_ids=$(openstack reservation lease list -c id -f value)
sleep 2
# Check if the list of leases is empty.
if [ -z "$lease_ids" ]; then
echo "Test: No leases found to delete"
else
echo "Test: The following lease IDs will be deleted:"
echo "$lease_ids"
echo "-------------------------------------"
while IFS= read -r lease_id; do
echo "Test: Deleting lease with ID: $lease_id"
openstack reservation lease delete "$lease_id"
sleep 2
echo "Test: Lease $lease_id deleted."
done <<< "$lease_ids"
echo "-------------------------------------"
echo "Test: All Blazar leases have been successfully deleted"
fi
echo "Test: Starting the process to delete all Blazar hosts"
host_ids=$(openstack reservation host list -c id -f value)
sleep 2
# Check if the list of hosts is empty.
if [ -z "$host_ids" ]; then
echo "Test: No hosts found to delete"
else
echo "Test: The following host IDs will be deleted:"
echo "$host_ids"
echo "-------------------------------------"
while IFS= read -r host_id; do
echo "Test: Deleting host with ID: $host_id"
openstack reservation host delete "$host_id"
sleep 2
echo "Test: Host $host_id deleted"
done <<< "$host_ids"
echo "-------------------------------------"
echo "Test: All Blazar hosts have been successfully deleted"
fi
exit 0

13
values_overrides/blazar/2025.1-ubuntu_jammy.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
images:
tags:
bootstrap: quay.io/airshipit/heat:2025.1-ubuntu_jammy
db_init: quay.io/airshipit/heat:2025.1-ubuntu_jammy
db_drop: quay.io/airshipit/heat:2025.1-ubuntu_jammy
ks_user: quay.io/airshipit/heat:2025.1-ubuntu_jammy
ks_service: quay.io/airshipit/heat:2025.1-ubuntu_jammy
ks_endpoints: quay.io/airshipit/heat:2025.1-ubuntu_jammy
blazar_api: quay.io/airshipit/blazar:2025.1-ubuntu_jammy
blazar_manager: quay.io/airshipit/blazar:2025.1-ubuntu_jammy
blazar_db_sync: quay.io/airshipit/blazar:2025.1-ubuntu_jammy
...

13
values_overrides/blazar/2025.1-ubuntu_noble.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
images:
tags:
bootstrap: quay.io/airshipit/heat:2025.1-ubuntu_noble
db_init: quay.io/airshipit/heat:2025.1-ubuntu_noble
db_drop: quay.io/airshipit/heat:2025.1-ubuntu_noble
ks_user: quay.io/airshipit/heat:2025.1-ubuntu_noble
ks_service: quay.io/airshipit/heat:2025.1-ubuntu_noble
ks_endpoints: quay.io/airshipit/heat:2025.1-ubuntu_noble
blazar_api: quay.io/airshipit/blazar:2025.1-ubuntu_noble
blazar_manager: quay.io/airshipit/blazar:2025.1-ubuntu_noble
blazar_db_sync: quay.io/airshipit/blazar:2025.1-ubuntu_noble
...

11
zuul.d/2025.1.yaml
View File

@@ -85,4 +85,15 @@
openstack_release: "2025.1"
container_distro_name: ubuntu
container_distro_version: jammy
- job:
name: openstack-helm-blazar-2025-1-ubuntu_jammy
parent: openstack-helm-blazar
nodeset: openstack-helm-3nodes-ubuntu_jammy
timeout: 10800
vars:
osh_params:
openstack_release: "2025.1"
container_distro_name: ubuntu
container_distro_version: jammy
...

22
zuul.d/base.yaml
View File

@@ -535,4 +535,26 @@
- ./tools/deployment/component/compute-kit/libvirt.sh
- ./tools/deployment/component/compute-kit/compute-kit.sh
- ./tools/deployment/component/watcher/watcher.sh
- job:
name: openstack-helm-blazar
parent: openstack-helm-deploy
timeout: 7200
vars:
gate_scripts:
- ./tools/deployment/common/prepare-bashrc.sh
- ./tools/deployment/common/prepare-k8s.sh
- ./tools/deployment/common/prepare-charts.sh
- ./tools/deployment/common/setup-client.sh
- ./tools/deployment/component/common/rabbitmq.sh
- ./tools/deployment/db/mariadb.sh
- ./tools/deployment/component/common/memcached.sh
- ./tools/deployment/component/keystone/keystone.sh
- export GLANCE_BACKEND=local; ./tools/deployment/component/glance/glance.sh
- ./tools/deployment/component/compute-kit/openvswitch.sh
- ./tools/deployment/component/compute-kit/libvirt.sh
- ./tools/deployment/component/compute-kit/compute-kit.sh
- ./tools/deployment/component/blazar/blazar.sh
- ./tools/deployment/component/blazar/blazar_smoke_test.sh
- ./tools/deployment/common/run-helm-tests.sh blazar
...

1
zuul.d/project.yaml
View File

@@ -63,4 +63,5 @@
jobs:
- openstack-helm-compute-kit-helm-repo-public-2024-1-ubuntu_jammy # 1 node + 3 nodes
- openstack-helm-watcher-2025-1-ubuntu_jammy # 3 nodes
- openstack-helm-blazar-2025-1-ubuntu_jammy # 3 nodes
...