Add Cloudkitty Rating Service to Genestack

Author: zhmarvi

.github/workflows/helm-cloudkitty.yaml

@@ -0,0 +1,50 @@
+name: Helm GitHub Actions for Cloudkitty
+
+on:
+  pull_request:
+    paths:
+      - base-helm-configs/cloudkitty/**
+      - base-kustomize/cloudkitty/**
+      - .github/workflows/helm-cloudkitty.yaml
+jobs:
+  helm:
+    strategy:
+      matrix:
+        overlays:
+          - base
+          - aio
+    name: Helm
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - uses: azure/setup-helm@v3
+        with:
+          version: latest
+          token: "${{ secrets.GITHUB_TOKEN }}"
+        id: helm
+      - name: Kubectl Install
+        working-directory: /usr/local/bin/
+        run: |
+            if [ ! -f /usr/local/bin/kubectl ]; then
+              curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+              chmod +x ./kubectl
+            fi
+      - name: Pull OSH repositories
+        run: |
+          helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm
+          helm repo update
+      - name: Run Helm Template
+        run: |
+          ${{ steps.helm.outputs.helm-path }} template cloudkitty openstack-helm/cloudkitty \
+            --namespace=openstack \
+            --wait \
+            --timeout 120m \
+            -f ${{ github.workspace }}/base-helm-configs/cloudkitty/cloudkitty-helm-overrides.yaml \
+            --post-renderer ${{ github.workspace }}/base-kustomize/kustomize.sh \
+            --post-renderer-args cloudkitty/${{ matrix.overlays }} > /tmp/rendered.yaml
+      - name: Return helm Build
+        uses: actions/upload-artifact@v4
+        with:
+          name: helm-cloudkitty-artifact-${{ matrix.overlays }}
+          path: /tmp/rendered.yaml

base-helm-configs/cloudkitty/cloudkitty-helm-overrides.yaml

@@ -0,0 +1,142 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+images:
+  tags:
+    db_init: ghcr.io/rackerlabs/genestack-images/heat:2024.1-latest
+    db_drop: ghcr.io/rackerlabs/genestack-images/heat:2024.1-latest
+    ks_endpoints: ghcr.io/rackerlabs/genestack-images/heat:2024.1-latest
+    ks_service: ghcr.io/rackerlabs/genestack-images/heat:2024.1-latest
+    ks_user: ghcr.io/rackerlabs/genestack-images/heat:2024.1-latest
+    cloudkitty_api: quay.io/airshipit/cloudkitty:2025.1-ubuntu_noble
+    cloudkitty_db_sync: quay.io/airshipit/cloudkitty:2025.1-ubuntu_noble
+    cloudkitty_processor: quay.io/airshipit/cloudkitty:2025.1-ubuntu_noble
+    cloudkitty_storage_init: quay.io/airshipit/cloudkitty:2025.1-ubuntu_noble
+    rabbit_init: docker.io/rabbitmq:3.13-management
+    dep_check: ghcr.io/rackerlabs/genestack-images/kubernetes-entrypoint:latest
+  pull_policy: "IfNotPresent"
+
+endpoints:
+  oslo_db:
+    hosts:
+      default: mariadb-cluster-primary
+    host_fqdn_override:
+      default: mariadb-cluster-primary.openstack.svc.cluster.local
+  oslo_messaging:
+    hosts:
+      default: rabbitmq-nodes
+    host_fqdn_override:
+      default: rabbitmq.openstack.svc.cluster.local
+  oslo_cache:
+    hosts:
+      default: memcached
+    host_fqdn_override:
+      default: memcached.openstack.svc.cluster.local
+
+dependencies:
+  static:
+    db_sync:
+      jobs: null
+
+# NOTE: (brew) requests cpu/mem values based on a three node
+# hyperconverged lab (/scripts/hyperconverged-lab.sh).
+# limit values based on defaults from the openstack-helm charts unless defined
+pod:
+  lifecycle:
+    upgrades:
+      deployments:
+        revision_history: 3
+        pod_replacement_strategy: RollingUpdate
+        rolling_update:
+          max_unavailable: 20%
+          max_surge: 3
+  resources:
+    enabled: true
+    cloudkitty_api:
+      requests:
+        memory: "128Mi"
+        cpu: "100m"
+      limits:
+        memory: "1024Mi"
+        cpu: "2000m"
+    cloudkitty_processor:
+      requests:
+        memory: "128Mi"
+        cpu: "100m"
+      limits:
+        memory: "1024Mi"
+        cpu: "2000m"
+conf:
+  cloudkitty:
+    DEFAULT:
+      log_config_append: /etc/cloudkitty/logging.conf
+      api_paste_config: /etc/cloudkitty/api-paste.ini
+      auth_strategy: keystone
+      debug: false
+    keystone_authtoken:
+      auth_type: password
+      username: cloudkitty
+      service_token_roles_required: true
+      service_token_roles: admin,rating,service
+      service_type: rating
+    database:
+      max_retries: -1
+    collect:
+      collector: gnocchi
+    collector_gnocchi:
+      auth_section: keystone_authtoken
+    fetcher:
+      backend: gnocchi
+    fetcher_gnocchi:
+      auth_section: keystone_authtoken
+    output:
+      pipeline: osrf
+      basepath: /var/cloudkitty/reports
+      backend: cloudkitty.backend.file.FileBackend
+    storage:
+      backend: sqlalchemy
+      version: 1
+  logging:
+    logger_root:
+      level: WARNING
+      handlers:
+        - stdout
+    logger_cloudkitty:
+      level: WARNING
+      handlers:
+        - stdout
+      qualname: cloudkitty
+
+manifests:
+  configmap_bin: true
+  configmap_etc: true
+  deployment_api: true
+  deployment_processor: true
+  ingress_api: false
+  job_bootstrap: false
+  job_ks_user: true
+  job_db_sync: true
+  job_db_init: false
+  job_db_drop: false
+  job_ks_endpoints: true
+  job_ks_service: true
+  job_rabbit_init: false
+  job_storage_init: true
+  pdb_api: true
+  network_policy: false
+  secret_db: true
+  secret_rabbitmq: true
+  secret_keystone: true
+  secret_registry: true
+  service_api: true
+  secret_ks_etc: true

base-kustomize/cloudkitty/aio/kustomization.yaml

@@ -0,0 +1,17 @@
+---
+sortOptions:
+  order: fifo
+resources:
+  - ../base
+
+patches:
+  - target:
+      kind: HorizontalPodAutoscaler
+      name: cloudkitty-api
+    patch: |-
+      - op: replace
+        path: /spec/minReplicas
+        value: 1
+      - op: replace
+        path: /spec/maxReplicas
+        value: 1

base-kustomize/cloudkitty/base/cloudkitty-mariadb-database.yaml

@@ -0,0 +1,67 @@
+---
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Database
+metadata:
+  name: cloudkitty
+  namespace: openstack
+  labels:
+    app.kubernetes.io/managed-by: "Helm"
+  annotations:
+    helm.sh/resource-policy: keep
+    meta.helm.sh/release-name: "cloudkitty"
+    meta.helm.sh/release-namespace: "openstack"
+spec:
+  # If you want the database to be created with a different name than the resource name
+  # name: data-custom
+  mariaDbRef:
+    name: mariadb-cluster
+  characterSet: utf8
+  collate: utf8_general_ci
+  retryInterval: 5s
+---
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: User
+metadata:
+  name: cloudkitty
+  namespace: openstack
+  labels:
+    app.kubernetes.io/managed-by: "Helm"
+  annotations:
+    helm.sh/resource-policy: keep
+    meta.helm.sh/release-name: "cloudkitty"
+    meta.helm.sh/release-namespace: "openstack"
+spec:
+  # If you want the user to be created with a different name than the resource name
+  # name: user-custom
+  mariaDbRef:
+    name: mariadb-cluster
+  passwordSecretKeyRef:
+    name: cloudkitty-db-password
+    key: password
+  # This field is immutable and defaults to 10, 0 means unlimited.
+  maxUserConnections: 0
+  host: "%"
+  retryInterval: 5s
+---
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Grant
+metadata:
+  name: cloudkitty-grant
+  namespace: openstack
+  labels:
+    app.kubernetes.io/managed-by: "Helm"
+  annotations:
+    helm.sh/resource-policy: keep
+    meta.helm.sh/release-name: "cloudkitty"
+    meta.helm.sh/release-namespace: "openstack"
+spec:
+  mariaDbRef:
+    name: mariadb-cluster
+  privileges:
+    - "ALL"
+  database: "cloudkitty"
+  table: "*"
+  username: cloudkitty
+  grantOption: true
+  host: "%"
+  retryInterval: 5s

base-kustomize/cloudkitty/base/cloudkitty-rabbitmq-queue.yaml

@@ -0,0 +1,76 @@
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: User
+metadata:
+  name: cloudkitty
+  namespace: openstack
+  annotations:
+    helm.sh/resource-policy: keep
+    app.kubernetes.io/managed-by: "Helm"
+    meta.helm.sh/release-name: "cloudkitty"
+    meta.helm.sh/release-namespace: "openstack"
+spec:
+  tags:
+    - management # available tags are 'management', 'policymaker', 'monitoring' and 'administrator'
+    - policymaker
+  rabbitmqClusterReference:
+    name: rabbitmq # rabbitmqCluster must exist in the same namespace as this resource
+    namespace: openstack
+  importCredentialsSecret:
+    name: cloudkitty-rabbitmq-password
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: Vhost
+metadata:
+  name: cloudkitty-vhost
+  namespace: openstack
+  annotations:
+    helm.sh/resource-policy: keep
+    meta.helm.sh/release-name: "cloudkitty"
+    meta.helm.sh/release-namespace: "openstack"
+spec:
+  name: "cloudkitty" # vhost name; required and cannot be updated
+  defaultQueueType: quorum # default queue type for this vhost; require RabbitMQ version 3.11.12 or above
+  rabbitmqClusterReference:
+    name: rabbitmq # rabbitmqCluster must exist in the same namespace as this resource
+    namespace: openstack
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: Queue
+metadata:
+  name: cloudkitty-queue
+  namespace: openstack
+  annotations:
+    helm.sh/resource-policy: keep
+    meta.helm.sh/release-name: "cloudkitty"
+    meta.helm.sh/release-namespace: "openstack"
+spec:
+  name: cloudkitty-qq # name of the queue
+  vhost: "cloudkitty" # default to '/' if not provided
+  type: quorum # without providing a queue type, rabbitmq creates a classic queue
+  autoDelete: false
+  durable: true # seting 'durable' to false means this queue won't survive a server restart
+  rabbitmqClusterReference:
+    name: rabbitmq # rabbitmqCluster must exist in the same namespace as this resource
+    namespace: openstack
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: Permission
+metadata:
+  name: cloudkitty-permission
+  namespace: openstack
+  annotations:
+    helm.sh/resource-policy: keep
+    meta.helm.sh/release-name: "cloudkitty"
+    meta.helm.sh/release-namespace: "openstack"
+spec:
+  vhost: "cloudkitty" # name of a vhost
+  userReference:
+    name: "cloudkitty" # name of a user.rabbitmq.com in the same namespace; must specify either spec.userReference or spec.user
+  permissions:
+    write: ".*"
+    configure: ".*"
+    read: ".*"
+  rabbitmqClusterReference:
+    name: rabbitmq # rabbitmqCluster must exist in the same namespace as this resource
+    namespace: openstack

base-kustomize/cloudkitty/base/hpa-cloudkitty-api.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: cloudkitty-api
+  namespace: openstack
+spec:
+  maxReplicas: 9
+  minReplicas: 2
+  metrics:
+    - resource:
+        name: cpu
+        target:
+          averageUtilization: 80
+          type: Utilization
+      type: Resource
+    - resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: 80
+      type: Resource
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: cloudkitty-api

base-kustomize/cloudkitty/base/kustomization.yaml

@@ -0,0 +1,8 @@
+---
+sortOptions:
+  order: fifo
+resources:
+  - cloudkitty-mariadb-database.yaml
+  - cloudkitty-rabbitmq-queue.yaml
+  - all.yaml
+  - hpa-cloudkitty-api.yaml