diff options
-rw-r--r-- | src/examples/elevate2018.yml | 26 | ||||
-rwxr-xr-x | src/flufigut.py | 14 | ||||
-rw-r--r-- | templates/default/flumotion/planet.xml.j2 | 14 | ||||
-rw-r--r-- | templates/default/kubernetes/flumotion-manager-deploy.yml.j2 | 15 | ||||
-rw-r--r-- | templates/default/kubernetes/flumotion-manager-secret.yml.j2 | 11 | ||||
-rw-r--r-- | templates/default/kubernetes/flumotion-manager-svc.yml.j2 | 8 | ||||
-rw-r--r-- | templates/default/kubernetes/flumotion-worker-deploy.yml.j2 | 15 |
7 files changed, 72 insertions, 31 deletions
diff --git a/src/examples/elevate2018.yml b/src/examples/elevate2018.yml index da750d1..bfa43ca 100644 --- a/src/examples/elevate2018.yml +++ b/src/examples/elevate2018.yml @@ -44,6 +44,10 @@ globals: emc-02: "http-public2*" emc-03: "http-public3*" emc-04: "http-public4*" + deployment: + type: kubernetes + parameter: + image_version: 12 inputs: sdi-orig: type: decklink @@ -91,14 +95,14 @@ streams: burst-on-connect: 5 hostname: "elevate-live%i.spreadspace.org" repeater: True -records: - av: - muxes: - avr: { format: rec, profile: rec } - directory: /srv/elevate2017/ - filename: "av-orig %Y-%m-%d %H-%M-%S" - audio: - muxes: - audio-orig: { format: ogg, profile: high } - directory: /srv/elevate2017/ - filename: "audio-orig %Y-%m-%d %H-%M-%S" +# records: +# av: +# muxes: +# avr: { format: rec, profile: rec } +# directory: /srv/elevate2017/ +# filename: "av-orig %Y-%m-%d %H-%M-%S" +# audio: +# muxes: +# audio-orig: { format: ogg, profile: high } +# directory: /srv/elevate2017/ +# filename: "audio-orig %Y-%m-%d %H-%M-%S" diff --git a/src/flufigut.py b/src/flufigut.py index 2e2923d..0f8ae4a 100755 --- a/src/flufigut.py +++ b/src/flufigut.py @@ -33,8 +33,10 @@ import os import sys import yaml import jinja2 +import crypt import kubernetes import time +import base64 # helper functions ############################################ # @@ -564,6 +566,14 @@ class Planet: planet_xml = template.render(globals=self._desc.globals, atmosphere=self.atmosphere, flow=self.flow) return planet_xml + "\n" + def htpasswd(self): + salt = rand_string(6) + out = "%s:%s\n" % (self._desc.globals['admin']['username'], crypt.crypt(self._desc.globals['admin']['password'], salt)) + for _, worker in self.workers.items(): + salt = rand_string(6) + out += "%s:%s\n" % (worker['name'], crypt.crypt(worker['password'], salt)) + return out.encode('utf-8') + # kubernetes handling ############################# # @@ -608,6 +618,10 @@ class K8sDeployment: cm['data']['planet.xml'] = self._planet.toXML(template_dir) v1.create_namespaced_config_map(self._namespace, cm) + secret = self.__generate_object(tmpl_env, 'flumotion-manager-secret.yml') + secret['data']['htpasswd'] = base64.b64encode(self._planet.htpasswd()).decode('ascii') + v1.create_namespaced_secret(self._namespace, secret) + deploy = self.__generate_object(tmpl_env, 'flumotion-manager-deploy.yml') appsV1.create_namespaced_deployment(self._namespace, deploy) diff --git a/templates/default/flumotion/planet.xml.j2 b/templates/default/flumotion/planet.xml.j2 index 0a86b30..cac9fc0 100644 --- a/templates/default/flumotion/planet.xml.j2 +++ b/templates/default/flumotion/planet.xml.j2 @@ -2,15 +2,19 @@ <planet name="{{ globals.name }}"> <manager name="{{ globals.name }}"> -<!-- <host>{{ globals.manager.host }}</host> --> +{%- if globals.deployment.type == "kubernetes" %} <host>0.0.0.0</host> +{%- else %} + <host>{{ globals.manager.host }}</host> +{%- endif %} <port>{{ globals.manager.port }}</port> <transport>{{ globals.manager.transport }}</transport> <component name="manager-bouncer" type="htpasswdcrypt-bouncer"> -<!-- <property name="filename">/etc/flumotion/{{ globals.name }}.passwd</property> --> - <property name="data"> - user:PSfNpHTkpTx1M - </property> +{%- if globals.deployment.type == "kubernetes" %} + <property name="filename">/srv/secret/htpasswd</property> +{%- else %} + <property name="filename">/etc/flumotion/{{ globals.name }}.passwd</property> +{%- endif %} </component> </manager> diff --git a/templates/default/kubernetes/flumotion-manager-deploy.yml.j2 b/templates/default/kubernetes/flumotion-manager-deploy.yml.j2 index 04b36e4..b48b719 100644 --- a/templates/default/kubernetes/flumotion-manager-deploy.yml.j2 +++ b/templates/default/kubernetes/flumotion-manager-deploy.yml.j2 @@ -22,18 +22,23 @@ spec: type: manager spec: nodeName: {{ desc.globals.manager.machine }} + securityContext: + runAsUser: 998 + fsGroup: 998 containers: - name: flumotion - image: spreadspace/flumotion:manager + image: spreadspace/flumotion:manager-{{ desc.globals.deployment.parameter.image_version }} imagePullPolicy: Always args: - --verbose - - /etc/flumotion/planet.xml + - /srv/config/planet.xml volumeMounts: - name: home mountPath: /srv - name: planet-config - mountPath: /etc/flumotion + mountPath: /srv/config + - name: secret + mountPath: /srv/secret volumes: - name: home emptyDir: @@ -41,3 +46,7 @@ spec: - name: planet-config configMap: name: flumotion-manager + - name: secret + secret: + secretName: flumotion-manager + defaultMode: 0400 diff --git a/templates/default/kubernetes/flumotion-manager-secret.yml.j2 b/templates/default/kubernetes/flumotion-manager-secret.yml.j2 new file mode 100644 index 0000000..0b64372 --- /dev/null +++ b/templates/default/kubernetes/flumotion-manager-secret.yml.j2 @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + namespace: {{ namespace }} + name: flumotion-manager + labels: + app: flumotion + type: manager +type: Opaque +data: + htpasswd: dXNlcjpQU2ZOcEhUa3BUeDFNCg== diff --git a/templates/default/kubernetes/flumotion-manager-svc.yml.j2 b/templates/default/kubernetes/flumotion-manager-svc.yml.j2 index 5d0dac7..e7787bf 100644 --- a/templates/default/kubernetes/flumotion-manager-svc.yml.j2 +++ b/templates/default/kubernetes/flumotion-manager-svc.yml.j2 @@ -12,9 +12,5 @@ spec: type: manager clusterIP: {{ desc.globals.manager.host }} ports: - - name: ssl - port: 7531 - protocol: TCP - - name: plain - port: 8642 - protocol: TCP + - name: {{ desc.globals.manager.transport }} + port: {{ desc.globals.manager.port }} diff --git a/templates/default/kubernetes/flumotion-worker-deploy.yml.j2 b/templates/default/kubernetes/flumotion-worker-deploy.yml.j2 index d184661..60a8ebe 100644 --- a/templates/default/kubernetes/flumotion-worker-deploy.yml.j2 +++ b/templates/default/kubernetes/flumotion-worker-deploy.yml.j2 @@ -22,19 +22,22 @@ spec: type: worker spec: nodeName: {{ worker.name }} + securityContext: + runAsUser: 998 + fsGroup: 998 containers: {% for subname, sub in worker.subs.items() %} - name: {{ subname }} - image: spreadspace/flumotion:worker + image: spreadspace/flumotion:worker-{{ desc.globals.deployment.parameter.image_version }} imagePullPolicy: Always args: - --verbose - - -H flumotion-manager - - -P 8642 - - -T tcp + - -H {{ desc.globals.manager.host }} + - -P {{ desc.globals.manager.port }} + - -T {{ desc.globals.manager.transport }} - -n {{ sub.fullname }} - - -u user - - -p test + - -u {{ worker.name }} + - -p {{ worker.password }} - -F {{ 8000 + loop.index0 * 10 }}-{{ 8001 + loop.index0 * 10 }} volumeMounts: - name: home |