Add Drivetrain services on k8s
Change-Id: I6312f513257dbee60eb90a80f90627bae55928ce
Related-prod: PROD:27352 PROD-27350
diff --git a/kubernetes/control/services/drivetrain/gerrit.yml b/kubernetes/control/services/drivetrain/gerrit.yml
new file mode 100644
index 0000000..724ffc2
--- /dev/null
+++ b/kubernetes/control/services/drivetrain/gerrit.yml
@@ -0,0 +1,157 @@
+parameters:
+ _param:
+ gerrit_ldap_user_pattern: 'uid={username}'
+ gerrit_ldap_server: "ldap://openldap"
+ gerrit_ldap_bind_user: ""
+ gerrit_ldap_bind_password: ""
+ gerrit_ldap_account_base: ""
+ gerrit_ldap_group_base: ""
+ gerrit_http_listen_url: proxy-http://*:8080/gerrit/
+ gerrit_public_host: 127.0.0.1
+ gerrit_extra_opts: ""
+ kubernetes:
+ common:
+ addons:
+ ingress-nginx:
+ tcp_data:
+ 3306: drivetrain/gerrit-db:3306
+ 29418: drivetrain/gerrit:29418
+ tcp_ports:
+ - 3306
+ - 29418
+ control:
+ ingress:
+ gerrit:
+ annotations:
+ - name: kubernetes.io/ingress.class
+ value: nginx
+ - name: nginx.ingress.kubernetes.io/ssl-redirect
+ value: false
+ - name: nginx.ingress.kubernetes.io/add-base-url
+ value: true
+ apiVersion: extensions/v1beta1
+ cluster: drivetrain
+ enabled: true
+ create: true
+ namespace: drivetrain
+ rules:
+ hosts:
+ - paths:
+ /gerrit:
+ service: gerrit
+ port: 8080
+ service:
+ gerrit-db:
+ enabled: true
+ cluster: drivetrain
+ service: gerrit-db
+ create: true
+ namespace: drivetrain
+ ports:
+ - port: 3306
+ name: db
+ type: ClusterIP
+ apiVersion: extensions/v1beta1
+ kind: Deployment
+ replicas: 1
+ container:
+ db:
+ image: ${_param:docker_image_mysql}
+ image_pull_policy: IfNotPresent
+ variables:
+ - name: MYSQL_USER
+ value: gerrit
+ - name: MYSQL_PASSWORD
+ value: ${_param:mysql_gerrit_password}
+ - name: MYSQL_DATABASE
+ value: gerrit
+ - name: MYSQL_ROOT_PASSWORD
+ value: ${_param:mysql_admin_password}
+ - name: MYSQL_START_TIMEOUT
+ value: "'300'"
+ ports:
+ - port: 3306
+ name: db
+ volumes:
+ - name: mysql-home
+ mount: /var/lib/mysql
+ read_only: false
+ volume:
+ mysql-home:
+ type: glusterfs
+ endpoints: glusterfs
+ path: mysql
+ read_only: false
+ gerrit:
+ enabled: true
+ cluster: drivetrain
+ service: gerrit
+ create: true
+ namespace: drivetrain
+ ports:
+ - port: 8080
+ name: ui
+ - port: 29418
+ name: ssh
+ type: ClusterIP
+ apiVersion: extensions/v1beta1
+ kind: Deployment
+ replicas: 1
+ container:
+ gerrit:
+ image: ${_param:docker_image_gerrit}
+ image_pull_policy: IfNotPresent
+ variables:
+ - name: DATABASE_TYPE
+ value: mysql
+ - name: DB_PORT_3306_TCP_ADDR
+ value: ${_param:kdt_metallb_address}
+ - name: DB_ENV_MYSQL_USER
+ value: gerrit
+ - name: DB_ENV_MYSQL_PASSWORD
+ value: ${_param:mysql_gerrit_password}
+ - name: DB_ENV_MYSQL_DB
+ value: gerrit
+ - name: AUTH_TYPE
+ value: ${_param:gerrit_auth_type}
+ - name: LDAP_SERVER
+ value: ${_param:gerrit_ldap_server}
+ - name: LDAP_ACCOUNTPATTERN
+ value: ${_param:gerrit_ldap_user_pattern}
+ - name: LDAP_ACCOUNTBASE
+ value: ${_param:gerrit_ldap_account_base}
+ - name: LDAP_GROUPBASE
+ value: ${_param:gerrit_ldap_group_base}
+ - name: LDAP_USERNAME
+ value: ${_param:gerrit_ldap_bind_user}
+ - name: LDAP_PASSWORD
+ value: ${_param:gerrit_ldap_bind_password}
+ - name: WEBURL
+ value: ${_param:gerrit_public_host}
+ - name: HTTPD_LISTENURL
+ value: ${_param:gerrit_http_listen_url}
+ - name: GERRIT_ADMIN_SSH_PUBLIC
+ value: ${_param:gerrit_admin_public_key}
+ - name: GERRIT_ADMIN_PWD
+ value: ${_param:gerrit_admin_password}
+ - name: GERRIT_ADMIN_EMAIL
+ value: ${_param:gerrit_admin_email}
+ - name: CANLOADINIFRAME
+ value: "'true'"
+ - name: JAVA_OPTIONS
+ value: ${_param:gerrit_extra_opts}
+ ports:
+ - port: 8080
+ name: ui
+ - port: 29418
+ name: ssh
+ volumes:
+ - name: gerrit-home
+ mount: /var/gerrit/review_site
+ read_only: false
+ volume:
+ gerrit-home:
+ type: glusterfs
+ endpoints: glusterfs
+ path: gerrit
+ read_only: false
diff --git a/kubernetes/control/services/drivetrain/glusterfs_cluster.yml b/kubernetes/control/services/drivetrain/glusterfs_cluster.yml
new file mode 100644
index 0000000..cdf462a
--- /dev/null
+++ b/kubernetes/control/services/drivetrain/glusterfs_cluster.yml
@@ -0,0 +1,28 @@
+parameters:
+ _param:
+ glusterfs_node01_address: ${_param:cluster_node01_address}
+ glusterfs_node02_address: ${_param:cluster_node02_address}
+ glusterfs_node03_address: ${_param:cluster_node03_address}
+ kubernetes:
+ control:
+ endpoints:
+ glusterfs:
+ service_enabled: true
+ create: true
+ service: glusterfs
+ cluster: drivetrain
+ namespace: drivetrain
+ ports:
+ - port: 1
+ name: endpoint
+ type: ClusterIP
+ subsets:
+ - ip: ${_param:glusterfs_node01_address}
+ port:
+ number: 1
+ - ip: ${_param:glusterfs_node02_address}
+ port:
+ number: 1
+ - ip: ${_param:glusterfs_node03_address}
+ port:
+ number: 1
diff --git a/kubernetes/control/services/drivetrain/init.yml b/kubernetes/control/services/drivetrain/init.yml
new file mode 100644
index 0000000..b0c51fc
--- /dev/null
+++ b/kubernetes/control/services/drivetrain/init.yml
@@ -0,0 +1,19 @@
+classes:
+- system.kubernetes.control.services.drivetrain.gerrit
+- system.kubernetes.control.services.drivetrain.glusterfs_cluster
+- system.kubernetes.control.services.drivetrain.jenkins_master
+- system.kubernetes.control.services.drivetrain.jenkins_slave_multi
+parameters:
+ _param:
+ kdt_http_proxy: ""
+ kdt_https_proxy: "${_param:kdt_http_proxy}"
+ kdt_no_proxy: ""
+ kubernetes:
+ control:
+ images:
+ - ${_param:docker_image_phpldapadmin}
+ - ${_param:docker_image_openldap}
+ - ${_param:docker_image_mysql}
+ - ${_param:docker_image_gerrit}
+ - ${_param:docker_image_jenkins}
+ - ${_param:docker_image_jenkins_slave}
diff --git a/kubernetes/control/services/drivetrain/jenkins_master.yml b/kubernetes/control/services/drivetrain/jenkins_master.yml
new file mode 100644
index 0000000..a198dff
--- /dev/null
+++ b/kubernetes/control/services/drivetrain/jenkins_master.yml
@@ -0,0 +1,79 @@
+parameters:
+ _param:
+ jenkins_master_extra_opts: ""
+ jenkins_master_executors_num: 4
+ jenkins_master_max_concurent_requests: 40
+ jenkins_home_dir_path: /var/jenkins_home
+ kubernetes:
+ control:
+ ingress:
+ jenkins:
+ annotations:
+ - name: kubernetes.io/ingress.class
+ value: nginx
+ - name: nginx.ingress.kubernetes.io/ssl-redirect
+ value: false
+ - name: nginx.ingress.kubernetes.io/add-base-url
+ value: true
+ apiVersion: extensions/v1beta1
+ cluster: drivetrain
+ enabled: true
+ create: true
+ namespace: drivetrain
+ rules:
+ hosts:
+ - paths:
+ /jenkins:
+ service: jenkins
+ port: 8080
+ service:
+ jenkins_master:
+ enabled: true
+ cluster: drivetrain
+ service: jenkins
+ create: true
+ namespace: drivetrain
+ ports:
+ - port: 8080
+ name: ui
+ - port: 50000
+ name: jnlp
+ type: ClusterIP
+ apiVersion: extensions/v1beta1
+ kind: Deployment
+ replicas: 1
+ container:
+ jenkins-master:
+ image: ${_param:docker_image_jenkins}
+ image_pull_policy: IfNotPresent
+ variables:
+ - name: JENKINS_HOME
+ value: ${_param:jenkins_home_dir_path}
+ - name: JAVA_OPTS
+ value: " -server -XX:+AlwaysPreTouch -Xloggc:${_param:jenkins_home_dir_path}/gc-%t.log -XX:NumberOfGCLogFiles=5 -XX:+UseGCLogFileRotation -XX:GCLogFileSize=20m -XX:+PrintGC -XX:+PrintGCDateStamps -XX:+PrintGCDetails -XX:+PrintHeapAtGC -XX:+PrintGCCause -XX:+PrintTenuringDistribution -XX:+PrintReferenceGC -XX:+PrintAdaptiveSizePolicy -XX:+UseG1GC -XX:+ExplicitGCInvokesConcurrent -XX:+ParallelRefProcEnabled -XX:+UseStringDeduplication -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=20 -XX:+UseCGroupMemoryLimitForHeap -XX:+UnlockDiagnosticVMOptions -XX:G1SummarizeRSetStatsPeriod=1 -Djenkins.install.runSetupWizard=false -Dhudson.DNSMultiCast.disabled=true -Dhudson.udp=-1 -Dhudson.footerURL=https://www.mirantis.com ${_param:jenkins_master_extra_opts}"
+ - name: JENKINS_NUM_EXECUTORS
+ # Number should be pasted with '' into template
+ value: "'${_param:jenkins_master_executors_num}'"
+ - name: JENKINS_OPTS
+ value: "--prefix=/jenkins --handlerCountMax=${_param:jenkins_master_max_concurent_requests}"
+ - name: https_proxy
+ value: ${_param:kdt_https_proxy}
+ - name: http_proxy
+ value: ${_param:kdt_http_proxy}
+ - name: no_proxy
+ value: ${_param:kdt_no_proxy}
+ ports:
+ - port: 8080
+ name: ui
+ - port: 50000
+ name: jnlp
+ volumes:
+ - name: jenkins-home
+ mount: ${_param:jenkins_home_dir_path}
+ read_only: false
+ volume:
+ jenkins-home:
+ type: glusterfs
+ endpoints: glusterfs
+ path: jenkins
+ read_only: false
diff --git a/kubernetes/control/services/drivetrain/jenkins_slave_multi.yml b/kubernetes/control/services/drivetrain/jenkins_slave_multi.yml
new file mode 100644
index 0000000..f0db6cf
--- /dev/null
+++ b/kubernetes/control/services/drivetrain/jenkins_slave_multi.yml
@@ -0,0 +1,66 @@
+classes:
+- system.kubernetes.control.services.drivetrain.jenkins_slave_single
+parameters:
+ kubernetes:
+ control:
+ service:
+ jenkins_slave02:
+ create: true
+ service: slave02
+ namespace: drivetrain
+ apiVersion: extensions/v1beta1
+ kind: Deployment
+ replicas: 1
+ container:
+ jenkins-slave:
+ image: ${_param:docker_image_jenkins_slave}
+ image_pull_policy: IfNotPresent
+ variables:
+ - name: JENKINS_URL
+ value: ${_param:jenkins_master_url}
+ - name: JENKINS_AGENT_NAME
+ value: slave02
+ - name: JENKINS_UPDATE_SLAVE
+ value: "'true'"
+ - name: JENKINS_LOGIN
+ value: ${_param:jenkins_client_user}
+ - name: JENKINS_PASSWORD
+ value: ${_param:jenkins_client_password}
+ - name: JAVA_OPTS
+ value: "-Dhttp.proxyHost=${_param:kdt_http_proxy} -Dhttp.nonProxyHosts=|jenkins ${_param:jenkins_slave_extra_opts}"
+ - name: https_proxy
+ value: ${_param:kdt_https_proxy}
+ - name: http_proxy
+ value: ${_param:kdt_http_proxy}
+ - name: no_proxy
+ value: ${_param:kdt_no_proxy}
+ jenkins_slave03:
+ create: true
+ service: slave03
+ namespace: drivetrain
+ apiVersion: extensions/v1beta1
+ kind: Deployment
+ replicas: 1
+ container:
+ jenkins-slave:
+ image: ${_param:docker_image_jenkins_slave}
+ image_pull_policy: IfNotPresent
+ variables:
+ - name: JENKINS_URL
+ value: ${_param:jenkins_master_url}
+ - name: JENKINS_AGENT_NAME
+ value: slave03
+ - name: JENKINS_UPDATE_SLAVE
+ value: "'true'"
+ - name: JENKINS_LOGIN
+ value: ${_param:jenkins_client_user}
+ - name: JENKINS_PASSWORD
+ value: ${_param:jenkins_client_password}
+ - name: JAVA_OPTS
+ value: "-Dhttp.proxyHost=${_param:kdt_http_proxy} -Dhttp.nonProxyHosts=|jenkins ${_param:jenkins_slave_extra_opts}"
+ - name: https_proxy
+ value: ${_param:kdt_https_proxy}
+ - name: http_proxy
+ value: ${_param:kdt_http_proxy}
+ - name: no_proxy
+ value: ${_param:kdt_no_proxy}
diff --git a/kubernetes/control/services/drivetrain/jenkins_slave_single.yml b/kubernetes/control/services/drivetrain/jenkins_slave_single.yml
new file mode 100644
index 0000000..3659689
--- /dev/null
+++ b/kubernetes/control/services/drivetrain/jenkins_slave_single.yml
@@ -0,0 +1,37 @@
+parameters:
+ _param:
+ jenkins_slave_extra_opts: ""
+ jenkins_master_url: http://jenkins:8080/jenkins
+ kubernetes:
+ control:
+ service:
+ jenkins_slave01:
+ create: true
+ service: slave01
+ namespace: drivetrain
+ apiVersion: extensions/v1beta1
+ kind: Deployment
+ replicas: 1
+ container:
+ jenkins-slave:
+ image: ${_param:docker_image_jenkins_slave}
+ image_pull_policy: IfNotPresent
+ variables:
+ - name: JENKINS_URL
+ value: ${_param:jenkins_master_url}
+ - name: JENKINS_AGENT_NAME
+ value: slave01
+ - name: JENKINS_UPDATE_SLAVE
+ value: "'true'"
+ - name: JENKINS_LOGIN
+ value: ${_param:jenkins_client_user}
+ - name: JENKINS_PASSWORD
+ value: ${_param:jenkins_client_password}
+ - name: JAVA_OPTS
+ value: "-Dhttp.proxyHost=${_param:kdt_http_proxy} -Dhttp.nonProxyHosts=|jenkins ${_param:jenkins_slave_extra_opts}"
+ - name: https_proxy
+ value: ${_param:kdt_https_proxy}
+ - name: http_proxy
+ value: ${_param:kdt_http_proxy}
+ - name: no_proxy
+ value: ${_param:kdt_no_proxy}
diff --git a/kubernetes/control/services/drivetrain/ldap.yml b/kubernetes/control/services/drivetrain/ldap.yml
new file mode 100644
index 0000000..35a361d
--- /dev/null
+++ b/kubernetes/control/services/drivetrain/ldap.yml
@@ -0,0 +1,107 @@
+parameters:
+ kubernetes:
+ common:
+ addons:
+ ingress-nginx:
+ tcp_data:
+ 389: drivetrain/openldap:389
+ tcp_ports:
+ - 389
+ control:
+ ingress:
+ ldap:
+ annotations:
+ - name: kubernetes.io/ingress.class
+ value: nginx
+ - name: nginx.ingress.kubernetes.io/ssl-redirect
+ value: false
+ - name: nginx.ingress.kubernetes.io/add-base-url
+ value: false
+ - name: nginx.ingress.kubernetes.io/rewrite-target
+ value: /
+ apiVersion: extensions/v1beta1
+ cluster: drivetrain
+ enabled: true
+ create: true
+ namespace: drivetrain
+ rules:
+ hosts:
+ - paths:
+ /ldap:
+ service: openldap
+ port: 80
+ service:
+ openldap:
+ enabled: true
+ cluster: drivetrain
+ service: openldap
+ create: true
+ namespace: drivetrain
+ ports:
+ - port: 389
+ name: nonssl
+ - port: 636
+ name: ssl
+ - port: 80
+ name: admin
+ type: ClusterIP
+ apiVersion: extensions/v1beta1
+ kind: Deployment
+ replicas: 1
+ container:
+ ldap-server:
+ image: ${_param:docker_image_openldap}
+ image_pull_policy: IfNotPresent
+ variables:
+ - name: HOSTNAME
+ value: ldap01.${_param:openldap_domain}
+ - name: LDAP_ORGANISATION
+ value: ${_param:openldap_organisation}
+ - name: LDAP_DOMAIN
+ value: ${_param:openldap_domain}
+ - name: LDAP_ADMIN_PASSWORD
+ value: ${_param:openldap_admin_password}
+ - name: LDAP_CONFIG_PASSWORD
+ value: ${_param:openldap_config_password}
+ - name: LDAP_TLS
+ value: "'false'"
+ ports:
+ - port: 389
+ name: nonssl
+ - port: 636
+ name: ssl
+ volumes:
+ - name: data
+ mount: /var/lib/ldap
+ read_only: false
+ - name: config
+ mount: /etc/ldap/slapd.d
+ read_only: false
+ ldap-admin:
+ image: ${_param:docker_image_phpldapadmin}
+ image_pull_policy: IfNotPresent
+ variables:
+ - name: PHPLDAPADMIN_LDAP_HOSTS
+ value: "#PYTHON2BASH:[{'server': [{'server': [{'tls': False}]},{'login': [{'bind_id': 'cn=admin,${_param:openldap_dn}'},{'bind_pass': '${_param:openldap_admin_password}'}]}]}]"
+ - name: PHPLDAPADMIN_HTTPS
+ value: "'false'"
+ - name: PHPLDAPADMIN_TRUST_PROXY_SSL
+ value: "'true'"
+ - name: PHPLDAPADMIN_SERVER_ADMIN
+ value: ${_param:admin_email}
+ - name: PHPLDAPADMIN_THEME
+ value: mirantis
+ ports:
+ - port: 80
+ name: admin
+ volume:
+ config:
+ type: glusterfs
+ endpoints: glusterfs
+ path: openldap-config
+ read_only: false
+ data:
+ type: glusterfs
+ endpoints: glusterfs
+ path: openldap-data
+ read_only: false
\ No newline at end of file