vexxhost/openstack-operator
Code Issues Proposed changes

Merge "Use daemonset instead of hpa+deployment for keystone"

Browse Source
This commit is contained in:
Zuul 2020-07-09 00:22:22 +00:00 committed by Gerrit Code Review
commit 4a8afe5443
4 changed files with 182 additions and 7 deletions
devstack/lib
keystone
images/keystone
Dockerfile
openstack_operator
keystone.py
templates/keystone
daemonset.yml.j2

4
devstack/lib/keystone

@ -38,8 +38,8 @@ export -f init_keystone
function start_keystone {
# rollout keystone
kubernetes_rollout_restart deploy/keystone
kubernetes_rollout_status deploy/keystone
kubernetes_rollout_restart daemonset/keystone
kubernetes_rollout_status daemonset/keystone
# Get right service port for testing
local service_port=$KEYSTONE_SERVICE_PORT

1
images/keystone/Dockerfile

@ -30,3 +30,4 @@ RUN apt update && apt -y install git && \
EXPOSE 5000
ENV UWSGI_HTTP_SOCKET=:5000 \
UWSGI_WSGI_FILE=/usr/local/bin/keystone-wsgi-public
CMD ["/usr/local/bin/uwsgi","--ini","/etc/uwsgi/uwsgi.ini"]

19
openstack_operator/keystone.py

@ -72,7 +72,7 @@ def create_or_rotate_fernet_repository(name):
keys=keys, adopt=True)
@kopf.timer('apps', 'v1', 'deployments',
@kopf.timer('apps', 'v1', 'daemonsets',
when=kopf.all_([filters.managed, _is_keystone_deployment]),
interval=FERNET_ROTATION_INTERVAL)
def create_or_rotate_fernet(**_):
@ -107,22 +107,31 @@ def create_or_resume(name, spec, **_):
region_name=region_name,
username=username)
# (TODO)Replace the current admin url
utils.create_or_update('keystone/deployment.yml.j2',
utils.create_or_update('keystone/daemonset.yml.j2',
name=name, spec=spec,
config_hash=config_hash)
utils.create_or_update('keystone/service.yml.j2',
name=name, spec=spec)
utils.create_or_update('keystone/horizontalpodautoscaler.yml.j2',
name=name)
if "ingress" in spec:
utils.create_or_update('keystone/ingress.yml.j2',
spec=spec)
# NOTE(Alex): We should remove this once all deployments are no longer
# using Deployment.
utils.ensure_absent('keystone/deployment.yml.j2',
name=name, spec=spec,
config_hash=config_hash)
# NOTE(Alex): We should remove this once all deployments are no longer
# using HPA.
utils.create_or_update('keystone/horizontalpodautoscaler.yml.j2',
name=name)
def update(spec, **_):
"""Update a keystone
This function updates the deployment for horizon if there are any
This function updates the deployment for keystone if there are any
changes that happen within it.
"""
if "ingress" in spec:

165
openstack_operator/templates/keystone/daemonset.yml.j2 Normal file

@ -0,0 +1,165 @@
---
# Copyright 2020 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: keystone
namespace: openstack
labels:
{{ labels("keystone", name) | indent(4) }}
spec:
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
selector:
matchLabels:
{{ labels("keystone", name) | indent(6) }}
template:
metadata:
labels:
{{ labels("keystone", name) | indent(8) }}
annotations:
checksum/config: "{{ config_hash }}"
spec:
initContainers:
- name: db-sync
image: vexxhost/keystone:latest
imagePullPolicy: Always
command:
- keystone-manage
- db_sync
volumeMounts:
- mountPath: /etc/keystone
name: config
- name: bootstrap
image: vexxhost/keystone:latest
imagePullPolicy: Always
env:
- name: OS_BOOTSTRAP_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: keystone-init
- name: OS_BOOTSTRAP_REGION_ID
valueFrom:
secretKeyRef:
key: region_name
name: keystone-init
- name: OS_BOOTSTRAP_ADMIN_URL
valueFrom:
secretKeyRef:
key: auth_url
name: keystone-init
- name: OS_BOOTSTRAP_PUBLIC_URL
valueFrom:
secretKeyRef:
key: auth_url
name: keystone-init
- name: OS_BOOTSTRAP_USERNAME
valueFrom:
secretKeyRef:
key: username
name: keystone-init
- name: OS_BOOTSTRAP_PROJECT_NAME
valueFrom:
secretKeyRef:
key: project_name
name: keystone-init
- name: OS_BOOTSTRAP_SERVICE_NAME
value: keystone
- name: OS_BOOTSTRAP_INTERNAL_URL
value: http://keystone.openstack.svc.cluster.local
command:
- keystone-manage
- bootstrap
volumeMounts:
- mountPath: /etc/keystone
name: config
- name: fernet-keys
mountPath: /etc/keystone/fernet-keys
- name: credential-keys
mountPath: /etc/keystone/credential-keys
- name: uwsgi-config
mountPath: /etc/uwsgi
containers:
- name: keystone
image: vexxhost/keystone:latest
imagePullPolicy: Always
env:
{% for v in env %}
- name: "{{ v.name }}"
value: "{{ v.value }}"
{% endfor %}
ports:
- name: keystone
protocol: TCP
containerPort: 5000
livenessProbe:
httpGet:
path: /v3
port: keystone
readinessProbe:
httpGet:
path: /v3
port: keystone
lifecycle:
preStop:
exec:
command: ["/bin/sleep", "5"]
resources:
requests:
cpu: 200m
ephemeral-storage: 500M
memory: 512M
securityContext:
runAsUser: 65534
runAsGroup: 65534
volumeMounts:
- mountPath: /etc/keystone/
name: config
- name: fernet-keys
mountPath: /etc/keystone/fernet-keys
- name: credential-keys
mountPath: /etc/keystone/credential-keys
- name: uwsgi-config
mountPath: /etc/uwsgi
volumes:
- name: config
secret:
secretName: keystone-config
- name: fernet-keys
secret:
secretName: keystone-fernet
- name: credential-keys
secret:
secretName: keystone-credential
- name: uwsgi-config
configMap:
defaultMode: 420
name: uwsgi-default
{% if 'nodeSelector' in spec %}
nodeSelector:
{{ spec.nodeSelector | to_yaml | indent(8) }}
{% endif %}
{% if 'tolerations' in spec %}
tolerations:
{{ spec.tolerations | to_yaml | indent(8) }}
{% endif %}
{% if 'hostAliases' in spec %}
hostAliases:
{{ spec.hostAliases | to_yaml | indent(8) }}
{% endif %}