Revert "Revert "oran-shell-release: release image for F""

[pti/rtp.git] / meta-starlingx / meta-stx-flock / stx-openstack-armada-app / openstack-helm / 0006-Add-Placement-Chart.patch

From 374b61d70c593694f850bd6f6a74842c12ecf5f8 Mon Sep 17 00:00:00 2001
From: zhipengl <zhipengs.liu@intel.com>
Date: Fri, 31 May 2019 06:49:51 +0800
Subject: [PATCH] Add placement chart

This commit adds a helm chart to deploy placement.

Related test pass on simplex and multi-node setup

Story: 2005799
Task: 33532

Change-Id: Ife908628c6379d2d39d15f72073da3018cc26950
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
---
 placement/Chart.yaml                          |   9 +
 placement/requirements.yaml                   |  10 +
 placement/templates/bin/_db-sync.sh.tpl       |  13 +
 placement/templates/bin/_placement-api.sh.tpl |  34 +++
 placement/templates/configmap-bin.yaml        |  31 ++
 placement/templates/configmap-etc.yaml        |  58 ++++
 placement/templates/deployment.yaml           | 116 ++++++++
 placement/templates/ingress.yaml              |  12 +
 placement/templates/job-db-drop.yaml          |  13 +
 placement/templates/job-db-init.yaml          |  15 +
 placement/templates/job-db-sync.yaml          |  12 +
 placement/templates/job-image-repo-sync.yaml  |  12 +
 placement/templates/job-ks-endpoints.yaml     |  12 +
 placement/templates/job-ks-service.yaml       |  12 +
 placement/templates/job-ks-user.yaml          |  12 +
 placement/templates/network_policy.yaml       |  12 +
 placement/templates/pdb.yaml                  |  21 ++
 placement/templates/secret-db.yaml            |  22 ++
 placement/templates/secret-ingress-tls.yaml   |  11 +
 placement/templates/secret-keystone.yaml      |  22 ++
 placement/templates/service-ingress.yaml      |  12 +
 placement/templates/service.yaml              |  26 ++
 placement/values.yaml                         | 413 ++++++++++++++++++++++++++
 23 files changed, 910 insertions(+)
 create mode 100644 placement/Chart.yaml
 create mode 100644 placement/requirements.yaml
 create mode 100644 placement/templates/bin/_db-sync.sh.tpl
 create mode 100644 placement/templates/bin/_placement-api.sh.tpl
 create mode 100644 placement/templates/configmap-bin.yaml
 create mode 100644 placement/templates/configmap-etc.yaml
 create mode 100644 placement/templates/deployment.yaml
 create mode 100644 placement/templates/ingress.yaml
 create mode 100644 placement/templates/job-db-drop.yaml
 create mode 100644 placement/templates/job-db-init.yaml
 create mode 100644 placement/templates/job-db-sync.yaml
 create mode 100644 placement/templates/job-image-repo-sync.yaml
 create mode 100644 placement/templates/job-ks-endpoints.yaml
 create mode 100644 placement/templates/job-ks-service.yaml
 create mode 100644 placement/templates/job-ks-user.yaml
 create mode 100644 placement/templates/network_policy.yaml
 create mode 100644 placement/templates/pdb.yaml
 create mode 100644 placement/templates/secret-db.yaml
 create mode 100644 placement/templates/secret-ingress-tls.yaml
 create mode 100644 placement/templates/secret-keystone.yaml
 create mode 100644 placement/templates/service-ingress.yaml
 create mode 100644 placement/templates/service.yaml
 create mode 100644 placement/values.yaml

diff --git a/placement/Chart.yaml b/placement/Chart.yaml
new file mode 100644
index 0000000..e8eb058
--- /dev/null
+++ b/placement/Chart.yaml
@@ -0,0 +1,9 @@
+#
+# Copyright (c) 2019 StarlingX.
+#
+
+apiVersion: v1
+appVersion: "1.0"
+description: OpenStack Placement Service
+name: placement
+version: 0.1.0
diff --git a/placement/requirements.yaml b/placement/requirements.yaml
new file mode 100644
index 0000000..3a162a6
--- /dev/null
+++ b/placement/requirements.yaml
@@ -0,0 +1,10 @@
+#
+# Copyright (c) 2019 StarlingX.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+dependencies:
+  - name: helm-toolkit
+    repository: http://localhost:8879/charts
+    version: 0.1.0
diff --git a/placement/templates/bin/_db-sync.sh.tpl b/placement/templates/bin/_db-sync.sh.tpl
new file mode 100644
index 0000000..4a36848
--- /dev/null
+++ b/placement/templates/bin/_db-sync.sh.tpl
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+{{/*
+#
+# Copyright (c) 2019 StarlingX.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+set -ex
+
+su -s /bin/sh -c "placement-manage db sync" placement
diff --git a/placement/templates/bin/_placement-api.sh.tpl b/placement/templates/bin/_placement-api.sh.tpl
new file mode 100644
index 0000000..4f82970
--- /dev/null
+++ b/placement/templates/bin/_placement-api.sh.tpl
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+{{/*
+#
+# Copyright (c) 2019 StarlingX.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+set -ex
+COMMAND="${@:-start}"
+
+function start () {
+
+  cp -a $(type -p placement-api) /var/www/cgi-bin/placement/
+
+  if [ -f /etc/apache2/envvars ]; then
+     # Loading Apache2 ENV variables
+     source /etc/apache2/envvars
+  fi
+
+  # Get rid of stale pid file if present.
+  rm -f /var/run/apache2/*.pid
+
+  # Start Apache2
+  exec apache2 -DFOREGROUND
+}
+
+function stop () {
+  apachectl -k graceful-stop
+}
+
+$COMMAND
diff --git a/placement/templates/configmap-bin.yaml b/placement/templates/configmap-bin.yaml
new file mode 100644
index 0000000..3e98ea9
--- /dev/null
+++ b/placement/templates/configmap-bin.yaml
@@ -0,0 +1,31 @@
+{{/*
+#
+# Copyright (c) 2019 StarlingX.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+{{- if .Values.manifests.configmap_bin }}
+{{- $envAll := . }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: placement-bin
+data:
+  placement-api.sh: |
+{{ tuple "bin/_placement-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  db-sync.sh: |
+{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  db-init.py: |
+{{- include "helm-toolkit.scripts.db_init" . | indent 4 }}
+  db-drop.py: |
+{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }}
+  ks-service.sh: |
+{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }}
+  ks-endpoints.sh: |
+{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
+  ks-user.sh: |
+{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
+{{- end }}
diff --git a/placement/templates/configmap-etc.yaml b/placement/templates/configmap-etc.yaml
new file mode 100644
index 0000000..62834cc
--- /dev/null
+++ b/placement/templates/configmap-etc.yaml
@@ -0,0 +1,58 @@
+{{/*
+#
+# Copyright (c) 2019 StarlingX.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+{{- if .Values.manifests.configmap_etc }}
+{{- $envAll := . }}
+
+{{- if empty .Values.conf.placement.placement_database.connection -}}
+{{- $_ := tuple "oslo_db" "internal" "placement" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.placement.placement_database "connection" -}}
+{{- end -}}
+
+{{- if empty .Values.conf.placement.keystone_authtoken.auth_uri -}}
+{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.placement.keystone_authtoken "auth_uri" -}}
+{{- end -}}
+{{- if empty .Values.conf.placement.keystone_authtoken.auth_url -}}
+{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.placement.keystone_authtoken "auth_url" -}}
+{{- end -}}
+
+{{- if empty .Values.conf.placement.keystone_authtoken.os_region_name -}}
+{{- $_ := set .Values.conf.placement.keystone_authtoken "os_region_name" .Values.endpoints.identity.auth.placement.region_name -}}
+{{- end -}}
+{{- if empty .Values.conf.placement.keystone_authtoken.project_name -}}
+{{- $_ := set .Values.conf.placement.keystone_authtoken "project_name" .Values.endpoints.identity.auth.placement.project_name -}}
+{{- end -}}
+{{- if empty .Values.conf.placement.keystone_authtoken.project_domain_name -}}
+{{- $_ := set .Values.conf.placement.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.placement.project_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.placement.keystone_authtoken.user_domain_name -}}
+{{- $_ := set .Values.conf.placement.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.placement.user_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.placement.keystone_authtoken.username -}}
+{{- $_ := set .Values.conf.placement.keystone_authtoken "username" .Values.endpoints.identity.auth.placement.username -}}
+{{- end -}}
+{{- if empty .Values.conf.placement.keystone_authtoken.password -}}
+{{- $_ := set .Values.conf.placement.keystone_authtoken "password" .Values.endpoints.identity.auth.placement.password -}}
+{{- end -}}
+{{- if empty .Values.conf.placement.keystone_authtoken.memcached_servers -}}
+{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.placement.keystone_authtoken "memcached_servers" -}}
+{{- end -}}
+{{- if empty .Values.conf.placement.keystone_authtoken.memcache_secret_key -}}
+{{- $_ := set .Values.conf.placement.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
+{{- end -}}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: placement-etc
+type: Opaque
+data:
+  policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
+  placement.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.placement | b64enc }}
+  logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_placement "key" "wsgi-placement.conf" "format" "Secret" ) | indent 2 }}
+{{- end }}
diff --git a/placement/templates/deployment.yaml b/placement/templates/deployment.yaml
new file mode 100644
index 0000000..922bbcf
--- /dev/null
+++ b/placement/templates/deployment.yaml
@@ -0,0 +1,116 @@
+{{/*
+#
+# Copyright (c) 2019 StarlingX.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+{{- if .Values.manifests.deployment }}
+{{- $envAll := . }}
+
+{{- $mounts_placement := .Values.pod.mounts.placement.placement }}
+{{- $mounts_placement_init := .Values.pod.mounts.placement.init_container }}
+
+{{- $serviceAccountName := "placement-api" }}
+{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: placement-api
+  annotations:
+    {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+  labels:
+{{ tuple $envAll "placement" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+spec:
+  replicas: {{ .Values.pod.replicas.api }}
+  selector:
+    matchLabels:
+{{ tuple $envAll "placement" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
+{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
+  template:
+    metadata:
+      labels:
+{{ tuple $envAll "placement" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+      annotations:
+{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+    spec:
+      serviceAccountName: {{ $serviceAccountName }}
+      affinity:
+{{ tuple $envAll "placement" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+      nodeSelector:
+        {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }}
+      terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }}
+      initContainers:
+{{ tuple $envAll "api" $mounts_placement_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+      containers:
+        - name: placement-api
+{{ tuple $envAll "placement" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+          command:
+            - /tmp/placement-api.sh
+            - start
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - /tmp/placement-api.sh
+                  - stop
+          ports:
+            - name: p-api
+              containerPort: {{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+          readinessProbe:
+            #NOTE(portdirect): use tcpSocket check as HTTP will return 401
+            tcpSocket:
+              port: {{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+            initialDelaySeconds: 15
+            periodSeconds: 10
+          livenessProbe:
+            tcpSocket:
+              port: {{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+            initialDelaySeconds: 50
+            periodSeconds: 10
+          volumeMounts:
+            - name: pod-tmp
+              mountPath: /tmp
+            - name: wsgi-placement
+              mountPath: /var/www/cgi-bin/placement
+            - name: placement-bin
+              mountPath: /tmp/placement-api.sh
+              subPath: placement-api.sh
+              readOnly: true
+            - name: placement-etc
+              mountPath: /etc/placement/placement.conf
+              subPath: placement.conf
+              readOnly: true
+            - name: placement-etc
+              mountPath: {{ .Values.conf.placement.DEFAULT.log_config_append }}
+              subPath: {{ base .Values.conf.placement.DEFAULT.log_config_append }}
+              readOnly: true
+            - name: placement-etc
+              mountPath: /etc/placement/policy.yaml
+              subPath: policy.yaml
+              readOnly: true
+            - name: placement-etc
+              mountPath: /etc/apache2/conf-enabled/wsgi-placement.conf
+              subPath: wsgi-placement.conf
+              readOnly: true
+{{ if $mounts_placement.volumeMounts }}{{ toYaml $mounts_placement.volumeMounts | indent 12 }}{{ end }}
+      volumes:
+        - name: pod-tmp
+          emptyDir: {}
+        - name: wsgi-placement
+          emptyDir: {}
+        - name: placement-bin
+          configMap:
+            name: placement-bin
+            defaultMode: 0555
+        - name: placement-etc
+          secret:
+            secretName: placement-etc
+            defaultMode: 0444
+{{ if $mounts_placement.volumes }}{{ toYaml $mounts_placement.volumes | indent 8 }}{{ end }}
+{{- end }}
diff --git a/placement/templates/ingress.yaml b/placement/templates/ingress.yaml
new file mode 100644
index 0000000..5dcced8
--- /dev/null
+++ b/placement/templates/ingress.yaml
@@ -0,0 +1,12 @@
+{{/*
+#
+# Copyright (c) 2019 StarlingX.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+{{- if and .Values.manifests.ingress .Values.network.api.ingress.public }}
+{{- $ingressOpts := dict "envAll" . "backendServiceType" "placement" "backendPort" "p-api" -}}
+{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
+{{- end }}
diff --git a/placement/templates/job-db-drop.yaml b/placement/templates/job-db-drop.yaml
new file mode 100644
index 0000000..1cdb753
--- /dev/null
+++ b/placement/templates/job-db-drop.yaml
@@ -0,0 +1,13 @@
+{{/*
+#
+# Copyright (c) 2019 StarlingX.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+{{- if .Values.manifests.job_db_drop }}
+{{- $serviceName := "placement" -}}
+{{- $dbDropJob := dict "envAll" . "serviceName" $serviceName -}}
+{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }}
+{{- end }}
diff --git a/placement/templates/job-db-init.yaml b/placement/templates/job-db-init.yaml
new file mode 100644
index 0000000..4c9d450
--- /dev/null
+++ b/placement/templates/job-db-init.yaml
@@ -0,0 +1,15 @@
+{{/*
+#
+# Copyright (c) 2019 StarlingX.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+{{- if .Values.manifests.job_db_init }}
+{{- $serviceName := "placement" -}}
+{{- $dbApi := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "placement_database" "configDbKey" "connection" -}}
+{{- $dbsToInit := list $dbApi }}
+{{- $dbInitJob := dict "envAll" . "serviceName" $serviceName "dbsToInit" $dbsToInit -}}
+{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }}
+{{- end }}
diff --git a/placement/templates/job-db-sync.yaml b/placement/templates/job-db-sync.yaml
new file mode 100644
index 0000000..5aeefba
--- /dev/null
+++ b/placement/templates/job-db-sync.yaml
@@ -0,0 +1,12 @@
+{{/*
+#
+# Copyright (c) 2019 StarlingX.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+{{- if .Values.manifests.job_db_sync }}
+{{- $dbSyncJob := dict "envAll" . "serviceName" "placement" -}}
+{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }}
+{{- end }}
diff --git a/placement/templates/job-image-repo-sync.yaml b/placement/templates/job-image-repo-sync.yaml
new file mode 100644
index 0000000..022b160
--- /dev/null
+++ b/placement/templates/job-image-repo-sync.yaml
@@ -0,0 +1,12 @@
+{{/*
+#
+# Copyright (c) 2019 StarlingX.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
+{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "placement" -}}
+{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
+{{- end }}
diff --git a/placement/templates/job-ks-endpoints.yaml b/placement/templates/job-ks-endpoints.yaml
new file mode 100644
index 0000000..d3a43fc
--- /dev/null
+++ b/placement/templates/job-ks-endpoints.yaml
@@ -0,0 +1,12 @@
+{{/*
+#
+# Copyright (c) 2018 StarlingX.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+{{- if .Values.manifests.job_ks_endpoints }}
+{{- $ksServiceJob := dict "envAll" . "serviceName" "placement" "serviceTypes" ( tuple "placement" ) -}}
+{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }}
+{{- end }}
diff --git a/placement/templates/job-ks-service.yaml b/placement/templates/job-ks-service.yaml
new file mode 100644
index 0000000..0dd6d6e
--- /dev/null
+++ b/placement/templates/job-ks-service.yaml
@@ -0,0 +1,12 @@
+{{/*
+#
+# Copyright (c) 2019 StarlingX.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+{{- if .Values.manifests.job_ks_service }}
+{{- $ksServiceJob := dict "envAll" . "serviceName" "placement" "serviceTypes" ( tuple "placement" ) -}}
+{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }}
+{{- end }}
diff --git a/placement/templates/job-ks-user.yaml b/placement/templates/job-ks-user.yaml
new file mode 100644
index 0000000..b0f7799
--- /dev/null
+++ b/placement/templates/job-ks-user.yaml
@@ -0,0 +1,12 @@
+{{/*
+#
+# Copyright (c) 2019 StarlingX.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+{{- if .Values.manifests.job_ks_user }}
+{{- $ksUserJob := dict "envAll" . "serviceName" "placement" -}}
+{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
+{{- end }}
diff --git a/placement/templates/network_policy.yaml b/placement/templates/network_policy.yaml
new file mode 100644
index 0000000..6355f90
--- /dev/null
+++ b/placement/templates/network_policy.yaml
@@ -0,0 +1,12 @@
+{{/*
+#
+# Copyright (c) 2019 StarlingX.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+{{- if .Values.manifests.network_policy -}}
+{{- $netpol_opts := dict "envAll" . "name" "application" "label" "placement" }}
+{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
+{{- end -}}
diff --git a/placement/templates/pdb.yaml b/placement/templates/pdb.yaml
new file mode 100644
index 0000000..a61fe58
--- /dev/null
+++ b/placement/templates/pdb.yaml
@@ -0,0 +1,21 @@
+{{/*
+#
+# Copyright (c) 2019 StarlingX.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+{{- if .Values.manifests.pdb }}
+{{- $envAll := . }}
+---
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  name: placement-api
+spec:
+  minAvailable: {{ .Values.pod.lifecycle.disruption_budget.api.min_available }}
+  selector:
+    matchLabels:
+{{ tuple $envAll "placement" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
+{{- end }}
diff --git a/placement/templates/secret-db.yaml b/placement/templates/secret-db.yaml
new file mode 100644
index 0000000..5c7321e
--- /dev/null
+++ b/placement/templates/secret-db.yaml
@@ -0,0 +1,22 @@
+{{/*
+#
+# Copyright (c) 2019 StarlingX.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+{{- if .Values.manifests.secret_db }}
+{{- $envAll := . }}
+{{- range $key1, $userClass := tuple "admin" "placement" }}
+{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secretName }}
+type: Opaque
+data:
+  DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
+{{- end }}
+{{- end }}
diff --git a/placement/templates/secret-ingress-tls.yaml b/placement/templates/secret-ingress-tls.yaml
new file mode 100644
index 0000000..3413b5b
--- /dev/null
+++ b/placement/templates/secret-ingress-tls.yaml
@@ -0,0 +1,11 @@
+{{/*
+#
+# Copyright (c) 2019 StarlingX.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+{{- if .Values.manifests.secret_ingress_tls }}
+{{ include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "placement" ) }}
+{{- end }}
diff --git a/placement/templates/secret-keystone.yaml b/placement/templates/secret-keystone.yaml
new file mode 100644
index 0000000..efc1a17
--- /dev/null
+++ b/placement/templates/secret-keystone.yaml
@@ -0,0 +1,22 @@
+{{/*
+#
+# Copyright (c) 2019 StarlingX.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+{{- if .Values.manifests.secret_keystone }}
+{{- $envAll := . }}
+{{- range $key1, $userClass := tuple "admin" "placement" }}
+{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secretName }}
+type: Opaque
+data:
+{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
+{{- end }}
+{{- end }}
diff --git a/placement/templates/service-ingress.yaml b/placement/templates/service-ingress.yaml
new file mode 100644
index 0000000..75fcd61
--- /dev/null
+++ b/placement/templates/service-ingress.yaml
@@ -0,0 +1,12 @@
+{{/*
+#
+# Copyright (c) 2019 StarlingX.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+{{- if and .Values.manifests.service_ingress .Values.network.api.ingress.public }}
+{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "placement" -}}
+{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
+{{- end }}
diff --git a/placement/templates/service.yaml b/placement/templates/service.yaml
new file mode 100644
index 0000000..0bda157
--- /dev/null
+++ b/placement/templates/service.yaml
@@ -0,0 +1,26 @@
+{{/*
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+*/}}
+
+{{- if .Values.manifests.service }}
+{{- $envAll := . }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ tuple "placement" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
+spec:
+  ports:
+  - name: p-api
+    port: {{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+    {{ if .Values.network.api.node_port.enabled }}
+    nodePort: {{ .Values.network.api.node_port.port }}
+    {{ end }}
+  selector:
+{{ tuple $envAll "placement" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+  {{ if .Values.network.api.node_port.enabled }}
+  type: NodePort
+  {{ end }}
+{{- end }}
diff --git a/placement/values.yaml b/placement/values.yaml
new file mode 100644
index 0000000..33139f0
--- /dev/null
+++ b/placement/values.yaml
@@ -0,0 +1,413 @@
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# Default values for openstack-placement.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+release_group: null
+
+labels:
+  api:
+    node_selector_key: openstack-control-plane
+    node_selector_value: enabled
+  job:
+    node_selector_key: openstack-control-plane
+    node_selector_value: enabled
+
+images:
+  pull_policy: IfNotPresent
+  tags:
+    placement: docker.io/openstackhelm/placement:ocata-ubuntu_xenial
+    ks_user: docker.io/openstackhelm/heat:ocata-ubuntu_xenial
+    ks_service: docker.io/openstackhelm/heat:ocata-ubuntu_xenial
+    ks_endpoints: docker.io/openstackhelm/heat:ocata-ubuntu_xenial
+    db_init: docker.io/openstackhelm/heat:ocata-ubuntu_xenial
+    db_drop: docker.io/openstackhelm/heat:ocata-ubuntu_xenial
+    placement_db_sync: docker.io/openstackhelm/placement:ocata-ubuntu_xenial
+    dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+    image_repo_sync: docker.io/docker:17.07.0
+  local_registry:
+    active: false
+    exclude:
+      - dep_check
+      - image_repo_sync
+
+network:
+  api:
+    port: 8778
+    ingress:
+      public: true
+      classes:
+        namespace: "nginx"
+        cluster: "nginx-cluster"
+      annotations:
+        nginx.ingress.kubernetes.io/rewrite-target: /
+    external_policy_local: false
+    node_port:
+      enabled: false
+      port: 30778
+
+conf:
+  policy:
+    context_is_admin: 'role:admin'
+    segregation: 'rule:context_is_admin'
+    admin_or_owner: 'rule:context_is_admin or project_id:%(project_id)s'
+    default: 'rule:admin_or_owner'
+  placement:
+    DEFAULT:
+      debug: false
+      use_syslog: false
+      log_config_append: /etc/placement/logging.conf
+    placement_database:
+      connection: null
+    keystone_authtoken:
+      auth_version: v3
+      auth_type: password
+      memcache_security_strategy: ENCRYPT
+  logging:
+    loggers:
+      keys:
+        - root
+        - placement
+    handlers:
+      keys:
+        - stdout
+        - stderr
+        - "null"
+    formatters:
+      keys:
+        - context
+        - default
+    logger_root:
+      level: WARNING
+      handlers: stdout
+    logger_placement:
+      level: INFO
+      handlers:
+        - stdout
+      qualname: placement
+    logger_amqp:
+      level: WARNING
+      handlers: stderr
+      qualname: amqp
+    logger_amqplib:
+      level: WARNING
+      handlers: stderr
+      qualname: amqplib
+    logger_eventletwsgi:
+      level: WARNING
+      handlers: stderr
+      qualname: eventlet.wsgi.server
+    logger_sqlalchemy:
+      level: WARNING
+      handlers: stderr
+      qualname: sqlalchemy
+    logger_boto:
+      level: WARNING
+      handlers: stderr
+      qualname: boto
+    handler_null:
+      class: logging.NullHandler
+      formatter: default
+      args: ()
+    handler_stdout:
+      class: StreamHandler
+      args: (sys.stdout,)
+      formatter: context
+    handler_stderr:
+      class: StreamHandler
+      args: (sys.stderr,)
+      formatter: context
+    formatter_context:
+      class: oslo_log.formatters.ContextFormatter
+      datefmt: "%Y-%m-%d %H:%M:%S"
+    formatter_default:
+      format: "%(message)s"
+      datefmt: "%Y-%m-%d %H:%M:%S"
+  wsgi_placement: |
+    Listen 0.0.0.0:{{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+    SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+    CustomLog /dev/stdout combined env=!forwarded
+    CustomLog /dev/stdout proxy env=forwarded
+    <VirtualHost *:{{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
+        WSGIDaemonProcess placement-api processes=1 threads=4 user=placement group=placement display-name=%{GROUP}
+        WSGIProcessGroup placement-api
+        WSGIScriptAlias / /var/www/cgi-bin/placement/placement-api
+        WSGIApplicationGroup %{GLOBAL}
+        WSGIPassAuthorization On
+        <IfVersion >= 2.4>
+          ErrorLogFormat "%{cu}t %M"
+        </IfVersion>
+        ErrorLog /dev/stdout
+        SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+        CustomLog /dev/stdout combined env=!forwarded
+        CustomLog /dev/stdout proxy env=forwarded
+    </VirtualHost>
+    Alias /placement /var/www/cgi-bin/placement/placement-api
+    <Location /placement>
+        SetHandler wsgi-script
+        Options +ExecCGI
+        WSGIProcessGroup placement-api
+        WSGIApplicationGroup %{GLOBAL}
+        WSGIPassAuthorization On
+    </Location>
+
+endpoints:
+  cluster_domain_suffix: cluster.local
+  local_image_registry:
+    name: docker-registry
+    namespace: docker-registry
+    hosts:
+      default: localhost
+      internal: docker-registry
+      node: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        node: 5000
+  oslo_db:
+    auth:
+      admin:
+        username: root
+        password: password
+      placement:
+        username: placement
+        password: password
+    hosts:
+      default: mariadb
+    host_fqdn_override:
+      default: null
+    path: /placement
+    scheme: mysql+pymysql
+    port:
+      mysql:
+        default: 3306
+  oslo_cache:
+    auth:
+      # NOTE(portdirect): this is used to define the value for keystone
+      # authtoken cache encryption key, if not set it will be populated
+      # automatically with a random value, but to take advantage of
+      # this feature all services should be set to use the same key,
+      # and memcache service.
+      memcache_secret_key: null
+    hosts:
+      default: memcached
+    host_fqdn_override:
+      default: null
+    port:
+      memcache:
+        default: 11211
+  identity:
+    name: keystone
+    auth:
+      admin:
+        region_name: RegionOne
+        username: admin
+        password: password
+        project_name: admin
+        user_domain_name: default
+        project_domain_name: default
+      placement:
+        role: admin
+        region_name: RegionOne
+        username: placement
+        password: password
+        project_name: service
+        user_domain_name: service
+        project_domain_name: service
+    hosts:
+      default: keystone
+      internal: keystone-api
+    host_fqdn_override:
+      default: null
+    path:
+      default: /v3
+    scheme:
+      default: http
+    port:
+      api:
+        default: 80
+        internal: 5000
+  placement:
+    name: placement
+    hosts:
+      default: placement-api
+      public: placement
+    host_fqdn_override:
+      default: null
+    path:
+      default: /
+    scheme:
+      default: 'http'
+    port:
+      api:
+        default: 8778
+        public: 80
+
+pod:
+  user:
+    placement:
+      uid: 42424
+  affinity:
+    anti:
+      type:
+        default: preferredDuringSchedulingIgnoredDuringExecution
+      topologyKey:
+        default: kubernetes.io/hostname
+  mounts:
+    placement:
+      init_container: null
+      placement:
+        volumeMounts:
+        volumes:
+  replicas:
+    api: 1
+  lifecycle:
+    upgrades:
+      deployments:
+        revision_history: 3
+        pod_replacement_strategy: RollingUpdate
+        rolling_update:
+          max_unavailable: 1
+          max_surge: 3
+    disruption_budget:
+      api:
+        min_available: 0
+    termination_grace_period:
+      api:
+        timeout: 30
+  resources:
+    enabled: false
+    api:
+      requests:
+        memory: "128Mi"
+        cpu: "100m"
+      limits:
+        memory: "1024Mi"
+        cpu: "2000m"
+    jobs:
+      db_init:
+        requests:
+          memory: "128Mi"
+          cpu: "100m"
+        limits:
+          memory: "1024Mi"
+          cpu: "2000m"
+      db_sync:
+        requests:
+          memory: "128Mi"
+          cpu: "100m"
+        limits:
+          memory: "1024Mi"
+          cpu: "2000m"
+      db_drop:
+        requests:
+          memory: "128Mi"
+          cpu: "100m"
+        limits:
+          memory: "1024Mi"
+          cpu: "2000m"
+      ks_endpoints:
+        requests:
+          memory: "128Mi"
+          cpu: "100m"
+        limits:
+          memory: "1024Mi"
+          cpu: "2000m"
+      ks_service:
+        requests:
+          memory: "128Mi"
+          cpu: "100m"
+        limits:
+          memory: "1024Mi"
+          cpu: "2000m"
+      ks_user:
+        requests:
+          memory: "128Mi"
+          cpu: "100m"
+        limits:
+          memory: "1024Mi"
+          cpu: "2000m"
+
+secrets:
+  identity:
+    admin: placement-keystone-admin
+    placement: placement-keystone-user
+  oslo_db:
+    admin: placement-db-admin
+    placement: placement-db-user
+  tls:
+    placement:
+      api:
+        public: placement-tls-public
+
+dependencies:
+  dynamic:
+    common:
+      local_image_registry:
+        jobs:
+          - image-repo-sync
+        services:
+          - endpoint: node
+            service: local_image_registry
+  static:
+    api:
+      jobs:
+        - placement-db-sync
+        - placement-ks-service
+        - placement-ks-user
+        - placement-ks-endpoints
+    ks_endpoints:
+      jobs:
+        - placement-ks-user
+        - placement-ks-service
+      services:
+        - endpoint: internal
+          service: identity
+    ks_service:
+      services:
+        - endpoint: internal
+          service: identity
+    ks_user:
+      services:
+        - endpoint: internal
+          service: identity
+    db_drop:
+      services:
+        - endpoint: internal
+          service: oslo_db
+    db_init:
+      services:
+        - endpoint: internal
+          service: oslo_db
+    db_sync:
+      jobs:
+        - placement-db-init
+      services:
+        - endpoint: internal
+          service: oslo_db
+
+manifests:
+  configmap_bin: true
+  configmap_etc: true
+  deployment: true
+  job_image_repo_sync: true
+  job_db_init: true
+  job_db_sync: true
+  job_db_drop: false
+  job_ks_endpoints: true
+  job_ks_service: true
+  job_ks_user: true
+  network_policy: false
+  secret_db: true
+  secret_ingress_tls: true
+  pdb: true
+  ingress: true
+  secret_keystone: true
+  service_ingress: true
+  service: true
-- 
2.7.4