From: Sylvain Desbureaux Date: Tue, 12 May 2020 06:46:13 +0000 (+0000) Subject: Merge "[COMMON] Override truststore in aaf_agent image" X-Git-Tag: 7.0.0~454 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=af6a61e9b6ea2722e750c307fb6ffa5d3921b0c7;hp=95a5f84069703c583e49028b37003c73c03cc07d;p=oom.git Merge "[COMMON] Override truststore in aaf_agent image" --- diff --git a/.gitmodules b/.gitmodules index 08d7aea901..ddad6f6c9a 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,11 +1,11 @@ [submodule "kubernetes/aai"] - path = kubernetes/aai - url = ../aai/oom - branch = master - ignore = dirty + path = kubernetes/aai + url = ../aai/oom + branch = frankfurt + ignore = dirty [submodule "kubernetes/robot"] - path = kubernetes/robot - url = ../testsuite/oom - branch = . - ignore = dirty - \ No newline at end of file + path = kubernetes/robot + url = ../testsuite/oom + branch = frankfurt + ignore = dirty + diff --git a/docs/index.rst b/docs/index.rst index c8048d142e..c933a726fb 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -16,3 +16,4 @@ OOM Documentation Repository oom_cloud_setup_guide.rst release-notes.rst oom_setup_kubernetes_rancher.rst + oom_setup_ingress_controller.rst diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst index 565c43f467..364f14e923 100644 --- a/docs/oom_quickstart_guide.rst +++ b/docs/oom_quickstart_guide.rst @@ -193,6 +193,10 @@ All override files may be customized (or replaced by other overrides) as per nee `onap-all.yaml` Enables the modules in the ONAP deployment. As ONAP is very modular, it is possible to customize ONAP and disable some components through this configuration file. +`onap-all-ingress-nginx-vhost.yaml` + Alternative version of the `onap-all.yaml` but with global ingress controller enabled. It requires the cluster configured with the nginx ingress controller and load balancer. + Please use this file instad `onap-all.yaml` if you want to use experimental ingress controller feature. + `environment.yaml` Includes configuration values specific to the deployment environment. diff --git a/docs/oom_setup_ingress_controller.rst b/docs/oom_setup_ingress_controller.rst new file mode 100644 index 0000000000..a4abc2b390 --- /dev/null +++ b/docs/oom_setup_ingress_controller.rst @@ -0,0 +1,159 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. Copyright 2020, Samsung Electronics + +.. Links +.. _HELM Best Practices Guide: https://docs.helm.sh/chart_best_practices/#requirements +.. _kubectl Cheat Sheet: https://kubernetes.io/docs/reference/kubectl/cheatsheet/ +.. _Kubernetes documentation for emptyDir: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir +.. _metallb Metal Load Balancer installation: https://metallb.universe.tf/installation/ +.. _http://cd.onap.info:30223/mso/logging/debug: http://cd.onap.info:30223/mso/logging/debug +.. _Onboarding and Distributing a Vendor Software Product: https://wiki.onap.org/pages/viewpage.action?pageId=1018474 +.. _README.md: https://gerrit.onap.org/r/gitweb?p=oom.git;a=blob;f=kubernetes/README.md + +.. figure:: oomLogoV2-medium.png + :align: right + +.. _onap-on-kubernetes-with-rancher: + + +Ingress controller setup on HA Kubernetes Cluster +################################################# + +This guide provides instruction how to setup experimental ingress controller feature. +For this, we are hosting our cluster on OpenStack VMs and using the Rancher Kubernetes Engine (RKE) +to deploy and manage our Kubernetes Cluster and ingress controller + +.. contents:: + :depth: 1 + :local: +.. + +The result at the end of this tutorial will be: + +#. Customization of the cluster.yaml file for ingress controller support + +#. Installation and configuration test DNS server for ingress host resolution on testing machines + +#. Instalation and configuration MLB (Metal Load Balancer) required for exposing ingress service + +#. Instalation and configuration NGINX ingress controller + +#. Additional info howto deploy onap with services exposed via Ingress controller + +Customize cluster.yml file +=========================== +Before setup cluster for ingress purposes DNS cluster IP and ingress provider should be configured and follwing: + +.. code-block:: yaml + <...> + restore: + restore: false + snapshot_name: "" + ingress: + provider: none + dns: + provider: coredns + upstreamnameservers: + - :31555 + +Where the should be set to the same IP as the CONTROLPANE node. + +For external load balacer purposes minimum one of the worker node should be configured with external IP +address accessible outside the cluster. It can be done using the following example node configuration: + +.. code-block:: yaml + <...> + - address: + internal_address: + port: "22" + role: + - worker + hostname_override: "onap-worker-0" + user: ubuntu + ssh_key_path: "~/.ssh/id_rsa" + <...> + +Where the is external worker node IP address, and is internal node IP address if it is required + + + +DNS server configuration and instalation +======================== +DNS server deployed on the Kubernetes cluster makes it easy to use services exposed through ingress controller because it +resolves all subdomain related to the onap cluster to the load balancer IP. +Testing ONAP cluster requires a lot of entries on the target machines in the /etc/hosts. +Adding many entries into the configuration files on testing machines is quite problematic and error prone. +The better wait is to create central DNS server with entries for all virtual host pointed to simpledemo.onap.org and add custom DNS server as a target DNS server for testing machines and/or as external DNS for kubernetes cluster. + +DNS server has automatic instalation and configuration script, so instalation is quite easy:: + + > cd kubernetes/contrib/dns-server-for-vhost-ingress-testing + + > ./deploy\_dns.sh + +After DNS deploy you need to setup DNS entry on the target testing machine. +Because DNS listen on non standard port configuration require iptables rules +on the target machine. Please follow the configuation proposed by the deploy scripts +Example output depends on the IP address and example output looks like bellow:: + + + DNS server already deployed: + 1. You can add the DNS server to the target machine using following commands: + sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555 + sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555 + sudo sysctl -w net.ipv4.conf.all.route_localnet=1 + sudo sysctl -w net.ipv4.ip_forward=1 + 2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine + + +MetalLB Load Balancer instalation and configuration +==================================================== + +By default pure Kubernetes cluster requires external load balancer if we want to expose +external port using LoadBalancer settings. For this purpose MetalLB can be used. +Before installing the MetalLB you need to ensure that at least one worker has assigned IP acessible outside the cluster. + +MetalLB Load balanancer can be easily installed using automatic install script:: + + > cd kubernetes/contrib/metallb-loadbalancer-inst + + > ./install-metallb-on-cluster.sh + + +Configuration NGINX ingress controller +======================================= + +After installation DNS server and ingress controller we can install and configure ingress controller. +It can be done using the following commands:: + + > cd kubernetes/contrib/ingress-nginx-post-inst + + > kubectl apply -f nginx_ingress_cluster_config.yaml + + > kubectl apply -f nginx_ingress_enable_optional_load_balacer_service.yaml + +After deploy NGINX ingress controller you can ensure that the ingress port is exposed as load balancer service +with external IP address:: + + > kubectl get svc -n ingress-nginx + NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE + default-http-backend ClusterIP 10.10.10.10 80/TCP 25h + ingress-nginx LoadBalancer 10.10.10.11 10.12.13.14 80:31308/TCP,443:30314/TCP 24h + + +ONAP with ingress exposed services +===================================== +If you want to deploy onap with services exposed through ingress controller you can use full onap deploy script:: + > onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml + +Ingress also can be enabled on any onap setup override using following code: + +.. code-block:: yaml + <...> + #ingress virtualhost based configuration + global: + <...> + ingress: + enabled: true + diff --git a/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml index eb785e2d9b..309a9f38c6 100644 --- a/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,23 +13,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - replicas: {{ .Values.global.aaf.cass.replicas }} + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - name: fix-permission @@ -37,47 +29,38 @@ spec: args: - -c - | - chmod -R 775 /opt/app/aaf/status chown -R 1000:1000 /opt/app/aaf/status - chmod -R 775 /var/lib/cassandra chown -R 1000:1000 /var/lib/cassandra image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - - mountPath: /opt/app/aaf/status - name: aaf-status-vol - mountPath: /var/lib/cassandra name: aaf-cass-vol + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 30m + memory: 100Mi containers: - name: {{ include "common.name" . }} - image: {{ .Values.global.repository }}/{{.Values.global.aaf.cass.image}} + image: {{ include "common.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} # installing with cmd "onap" will not only initialize the DB, but add ONAP bootstrap data as well command: ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh","onap"] - lifecycle: - preStop: - exec: - command: ["/bin/sh","-c","rm /opt/app/aaf/status/aaf-cass"] - ports: - - name: storage - containerPort: {{.Values.global.aaf.cass.storage_port}} - - name: ssl-storage - containerPort: {{.Values.global.aaf.cass.ssl_storage_port}} - - name: native-trans - containerPort: {{.Values.global.aaf.cass.native_trans_port}} - - name: rpc - containerPort: {{.Values.global.aaf.cass.rpc_port}} + ports: {{ include "common.containerPorts" . | nindent 10 }} env: - name: CASSANDRA_CLUSTER_NAME - value: {{.Values.global.aaf.cass.cluster_name}} + value: {{ .Values.config.cluster_name }} - name: CASSANDRA_DC - value: {{.Values.global.aaf.cass.dc}} + value: {{ .Values.config.dc }} - name: CQLSH value: "/opt/cassandra/bin/cqlsh" - name: HEAP_NEWSIZE - value: {{.Values.global.aaf.cass.heap_new_size}} + value: {{ .Values.config.heap_new_size }} - name: MAX_HEAP_SIZE - value: {{.Values.global.aaf.cass.max_heap_size}} + value: {{ .Values.config.max_heap_size }} - name: MY_POD_NAME valueFrom: fieldRef: @@ -93,44 +76,36 @@ spec: volumeMounts: - mountPath: /var/lib/cassandra name: aaf-cass-vol - - mountPath: /opt/app/aaf/status - name: aaf-status-vol - mountPath: /etc/localtime name: localtime readOnly: true {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{.Values.global.aaf.cass.native_trans_port}} + port: tcp-cql initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{.Values.global.aaf.cass.native_trans_port}} + port: tcp-cql initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . | indent 10 }} + resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} volumes: - name: localtime hostPath: path: /etc/localtime - - name: aaf-status-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-status - name: aaf-cass-vol {{- if .Values.persistence.enabled }} persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-data + claimName: {{ include "common.fullname" . }} {{- else }} emptyDir: {} {{- end }} diff --git a/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml b/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml index 0f0a30585b..187e9b75de 100644 --- a/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml +++ b/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,27 +15,4 @@ # limitations under the License. */}} -{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) }} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-data - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ include "common.release" . }} - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} - storageClassName: "{{ include "common.fullname" . }}-data" -{{- end -}} -{{- end -}} +{{ include "common.PV" . }} diff --git a/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml index 3cc43560e4..e56c98751c 100644 --- a/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml +++ b/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,26 +15,4 @@ # limitations under the License. */}} -{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" .}}-data - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.size }} - storageClassName: {{ include "common.storageClass" . }} -{{- end -}} +{{ include "common.PVC" . }} diff --git a/kubernetes/aaf/charts/aaf-cass/templates/service.yaml b/kubernetes/aaf/charts/aaf-cass/templates/service.yaml index d5c615f55d..8f80ee12a2 100644 --- a/kubernetes/aaf/charts/aaf-cass/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-cass/templates/service.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,38 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -# annotations: -# service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" -spec: - type: {{ .Values.service.type }} - ports: - - name: storage - protocol: TCP - port: {{.Values.global.aaf.cass.storage_port}} - containerPort: {{.Values.global.aaf.cass.storage_port}} - - name: ssl-storage - protocol: TCP - port: {{.Values.global.aaf.cass.ssl_storage_port}} - containerPort: {{.Values.global.aaf.cass.ssl_storage_port}} - - name: native-trans - protocol: TCP - port: {{.Values.global.aaf.cass.native_trans_port}} - containerPort: {{.Values.global.aaf.cass.native_trans_port}} - - name: rpc - protocol: TCP - port: {{.Values.global.aaf.cass.rpc_port}} - containerPort: {{.Values.global.aaf.cass.rpc_port}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - clusterIP: None +{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-cass/values.yaml b/kubernetes/aaf/charts/aaf-cass/values.yaml index 9f6ec565f4..3d9f21e297 100644 --- a/kubernetes/aaf/charts/aaf-cass/values.yaml +++ b/kubernetes/aaf/charts/aaf-cass/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 AT&T +# Modifications © 2020 AT&T, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,7 +19,7 @@ flavor: small # Application configuration defaults. ################################################################# # application configuration -config: {} +replicaCount: 1 nodeSelector: {} @@ -32,6 +32,15 @@ liveness: # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + port: tcp-cql + +image: onap/aaf/aaf_cass:2.1.20 + +config: + cluster_name: osaaf + heap_new_size: 512M + max_heap_size: 1024M + dc: dc1 readiness: initialDelaySeconds: 5 @@ -40,39 +49,36 @@ readiness: service: name: aaf-cass type: ClusterIP - portName: aaf-cass - #targetPort - internalPort: 7000 - #port - externalPort: 7000 - - internalPort2: 7001 - externalPort2: 7001 - internalPort3: 9042 - externalPort3: 9042 - internalPort4: 9160 - externalPort4: 9160 + ports: + - name: tcp-intra + port: 7000 + - name: tls + port: 7001 + - name: tcp-cql + port: 9042 + - name: tcp-thrift + port: 9160 ingress: enabled: false # Configure resource requests and limits resources: - small: - limits: - cpu: 2100m - memory: 1792Mi - requests: - cpu: 30m - memory: 1280Mi - large: - limits: - cpu: 4 - memory: 12000Mi - requests: - cpu: 40m - memory: 9000Mi - unlimited: {} + small: + limits: + cpu: 2100m + memory: 1792Mi + requests: + cpu: 30m + memory: 1280Mi + large: + limits: + cpu: 4 + memory: 12000Mi + requests: + cpu: 40m + memory: 9000Mi + unlimited: {} persistence: enabled: true diff --git a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml index b823acd3d5..5074c8bc08 100644 --- a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,128 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} -spec: - replicas: {{ .Values.global.aaf.cm.replicas }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: fix-permission - command: - - /bin/sh - args: - - -c - - | - chmod -R 775 /opt/app/aaf/status - chown -R 1000:1000 /opt/app/aaf/status - chmod -R 775 /opt/app/osaaf - chown -R 1000:1000 /opt/app/osaaf - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /opt/app/aaf/status - name: aaf-status-vol - - mountPath: /opt/app/osaaf - name: aaf-config-vol - - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service aaf-locate remove && bin/agent.sh"] - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - env: - - name: aaf_env - value: "{{ .Values.global.aaf.aaf_env }}" - - name: cadi_latitude - value: "{{ .Values.global.aaf.cadi_latitude }}" - - name: cadi_longitude - value: "{{ .Values.global.aaf.cadi_longitude }}" - - name: cadi_x509_issuers - value: "{{ .Values.global.aaf.cadi_x509_issuers }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}" - - name: aaf_locator_container - value: "oom" - - name: aaf_release - value: "{{ .Values.global.aaf.aaf_release }}" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_public_fqdn - value: "{{.Values.global.aaf.public_fqdn}}" - - name: aaf_locator_name - value: "{{.Values.global.aaf.aaf_locator_name}}" - - name: aaf_locator_name_oom - value: "{{.Values.global.aaf.aaf_locator_name_oom}}" - - name: cm_always_ignore_ips - value: "true" - - name: CASSANDRA_CLUSTER - value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" -# - name: CASSANDRA_USER -# value: "" -# - name: CASSANDRA_PASSWORD -# value: "" -# - name: CASSANDRA_PORT -# value: "" - containers: - - name: {{ include "common.name" . }} - command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-cm aaf-locate && exec bin/cm"] - image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - - mountPath: /etc/localtime - name: localtime - readOnly: true - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.global.aaf.cm.internal_port }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.global.aaf.cm.internal_port }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: aaf-status-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-status - - name: aaf-config-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-config - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/charts/aaf-cm/templates/service.yaml b/kubernetes/aaf/charts/aaf-cm/templates/service.yaml index 28462f2edf..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-cm/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-cm/templates/service.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,22 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.global.aaf.cm.internal_port }} - nodePort: {{ .Values.global.aaf.cm.public_port }} - name: aaf-cm - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - type: "NodePort" +{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-cm/values.yaml b/kubernetes/aaf/charts/aaf-cm/values.yaml index 37d6c5e2c5..c391369db6 100644 --- a/kubernetes/aaf/charts/aaf-cm/values.yaml +++ b/kubernetes/aaf/charts/aaf-cm/values.yaml @@ -19,6 +19,13 @@ flavor: small # Application configuration defaults. ################################################################# # application image +replicaCount: 1 + +binary: cm + +sequence_order: + - service + - locate nodeSelector: {} @@ -26,24 +33,25 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 120 + initialDelaySeconds: 30 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + port: api readiness: initialDelaySeconds: 5 periodSeconds: 10 + port: api service: name: aaf-cm type: ClusterIP - portName: aaf-cm - #targetPort - internalPort: 8150 - #port - externalPort: 8150 + ports: + - name: api + protocol: http + port: 8150 ingress: enabled: false @@ -56,18 +64,18 @@ ingress: # Configure resource requests and limits resources: - small: - limits: - cpu: 400m - memory: 300Mi - requests: - cpu: 1m - memory: 200Mi - large: - limits: - cpu: 400m - memory: 1Gi - requests: - cpu: 40m - memory: 600Mi - unlimited: {} + small: + limits: + cpu: 400m + memory: 300Mi + requests: + cpu: 1m + memory: 200Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 40m + memory: 600Mi + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml index 2e8e41e637..c36750809c 100644 --- a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,128 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} -spec: - replicas: {{ .Values.global.aaf.fs.replicas }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: fix-permission - command: - - /bin/sh - args: - - -c - - | - chmod -R 775 /opt/app/aaf/status - chown -R 1000:1000 /opt/app/aaf/status - chmod -R 775 /opt/app/osaaf - chown -R 1000:1000 /opt/app/osaaf - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /opt/app/osaaf - name: aaf-config-vol - - mountPath: /opt/app/aaf/status - name: aaf-status-vol - - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service aaf-locate remove && bin/agent.sh"] - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - env: - - name: aaf_env - value: "{{ .Values.global.aaf.aaf_env }}" - - name: cadi_latitude - value: "{{ .Values.global.aaf.cadi_latitude }}" - - name: cadi_longitude - value: "{{ .Values.global.aaf.cadi_longitude }}" - - name: cadi_x509_issuers - value: "{{ .Values.global.aaf.cadi_x509_issuers }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}" - - name: aaf_locator_container - value: "oom" - - name: aaf_release - value: "{{ .Values.global.aaf.aaf_release }}" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_public_fqdn - value: "{{.Values.global.aaf.public_fqdn}}" - - name: aaf_locator_name - value: "{{.Values.global.aaf.aaf_locator_name}}" - - name: aaf_locator_name_oom - value: "{{.Values.global.aaf.aaf_locator_name_oom}}" - - name: cm_always_ignore_ips - value: "true" - - name: CASSANDRA_CLUSTER - value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" -# - name: CASSANDRA_USER -# value: "" -# - name: CASSANDRA_PASSWORD -# value: "" -# - name: CASSANDRA_PORT -# value: "" - containers: - - name: {{ include "common.name" . }} - command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-fs aaf-locate && exec bin/fs"] - image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - - mountPath: /etc/localtime - name: localtime - readOnly: true - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: aaf-status-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-status - - name: aaf-config-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-config - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/charts/aaf-fs/templates/service.yaml b/kubernetes/aaf/charts/aaf-fs/templates/service.yaml index b81635f74d..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-fs/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-fs/templates/service.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,22 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.global.aaf.fs.internal_port }} - nodePort: {{ .Values.global.aaf.fs.public_port }} - name: aaf-hello - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - type: "NodePort" +{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-fs/values.yaml b/kubernetes/aaf/charts/aaf-fs/values.yaml index 4b12bd0deb..6ddc07278b 100644 --- a/kubernetes/aaf/charts/aaf-fs/values.yaml +++ b/kubernetes/aaf/charts/aaf-fs/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 AT&T +# Modifications © 2020 AT&T, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,6 +21,13 @@ flavor: small # application image pullPolicy: Always +replicaCount: 1 + +binary: fs + +sequence_order: + - service + - locate nodeSelector: {} @@ -33,19 +40,20 @@ liveness: # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + port: api readiness: initialDelaySeconds: 5 periodSeconds: 10 + port: api service: name: aaf-fs type: ClusterIP - portName: aaf-fs - #targetPort - internalPort: 8096 - #port - externalPort: 8096 + ports: + - name: api + port: 8096 + protocol: http ingress: enabled: false @@ -58,18 +66,18 @@ ingress: # Configure resource requests and limits resources: - small: - limits: - cpu: 200m - memory: 110Mi - requests: - cpu: 1m - memory: 80Mi - large: - limits: - cpu: 500m - memory: 700Mi - requests: - cpu: 100m - memory: 400Mi - unlimited: {} + small: + limits: + cpu: 200m + memory: 110Mi + requests: + cpu: 1m + memory: 80Mi + large: + limits: + cpu: 500m + memory: 700Mi + requests: + cpu: 100m + memory: 400Mi + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml index cbf68aad37..c36750809c 100644 --- a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,128 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} -spec: - replicas: {{ .Values.global.aaf.gui.replicas }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: fix-permission - command: - - /bin/sh - args: - - -c - - | - chmod -R 775 /opt/app/aaf/status - chown -R 1000:1000 /opt/app/aaf/status - chmod -R 775 /opt/app/osaaf - chown -R 1000:1000 /opt/app/osaaf - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /opt/app/osaaf - name: aaf-config-vol - - mountPath: /opt/app/aaf/status - name: aaf-status-vol - - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service aaf-locate remove && bin/agent.sh"] - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - env: - - name: aaf_env - value: "{{ .Values.global.aaf.aaf_env }}" - - name: cadi_latitude - value: "{{ .Values.global.aaf.cadi_latitude }}" - - name: cadi_longitude - value: "{{ .Values.global.aaf.cadi_longitude }}" - - name: cadi_x509_issuers - value: "{{ .Values.global.aaf.cadi_x509_issuers }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}" - - name: aaf_locator_container - value: "oom" - - name: aaf_release - value: "{{ .Values.global.aaf.aaf_release }}" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_public_fqdn - value: "{{.Values.global.aaf.public_fqdn}}" - - name: aaf_locator_name - value: "{{.Values.global.aaf.aaf_locator_name}}" - - name: aaf_locator_name_oom - value: "{{.Values.global.aaf.aaf_locator_name_oom}}" - - name: cm_always_ignore_ips - value: "true" - - name: CASSANDRA_CLUSTER - value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" -# - name: CASSANDRA_USER -# value: "" -# - name: CASSANDRA_PASSWORD -# value: "" -# - name: CASSANDRA_PORT -# value: "" - containers: - - name: {{ include "common.name" . }} - command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-gui aaf-locate && exec bin/gui"] - image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - - mountPath: /etc/localtime - name: localtime - readOnly: true - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.global.aaf.gui.internal_port }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.global.aaf.gui.internal_port }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: aaf-status-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-status - - name: aaf-config-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-config - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/charts/aaf-gui/templates/service.yaml b/kubernetes/aaf/charts/aaf-gui/templates/service.yaml index 7dc4468598..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-gui/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-gui/templates/service.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,22 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.global.aaf.gui.internal_port }} - nodePort: {{ .Values.global.aaf.gui.public_port }} - name: aaf-gui - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - type: "NodePort" +{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-gui/values.yaml b/kubernetes/aaf/charts/aaf-gui/values.yaml index 8811b3300a..f418fd5b41 100644 --- a/kubernetes/aaf/charts/aaf-gui/values.yaml +++ b/kubernetes/aaf/charts/aaf-gui/values.yaml @@ -20,6 +20,13 @@ flavor: small # application image pullPolicy: Always +replicaCount: 1 + +binary: gui + +sequence_order: + - service + - locate nodeSelector: {} @@ -27,25 +34,26 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 120 + initialDelaySeconds: 30 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + port: gui readiness: initialDelaySeconds: 5 periodSeconds: 10 + port: gui service: name: aaf-gui type: NodePort - portName: aaf-gui - #targetPort - internalPort: 8200 - #port - externalPort: 8200 - nodePort: 51 + ports: + - name: gui + protocol: http + port: 8200 + nodePort: 51 ingress: enabled: false @@ -58,18 +66,18 @@ ingress: # Configure resource requests and limits resources: - small: - limits: - cpu: 200m - memory: 280Mi - requests: - cpu: 1m - memory: 170Mi - large: - limits: - cpu: 200m - memory: 1Gi - requests: - cpu: 100m - memory: 500Mi - unlimited: {} + small: + limits: + cpu: 200m + memory: 280Mi + requests: + cpu: 1m + memory: 170Mi + large: + limits: + cpu: 200m + memory: 1Gi + requests: + cpu: 100m + memory: 500Mi + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pv.yaml b/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pv.yaml deleted file mode 100644 index d2b4f0c76f..0000000000 --- a/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pv.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if ne 0 (int .Values.global.aaf.hello.replicas) }} -{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) -}} -######### -## ============LICENSE_START==================================================== -## org.onap.aaf -## =========================================================================== -## Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. -## =========================================================================== -## Licensed under the Apache License, Version 2.0 (the "License"); -## you may not use this file except in compliance with the License. -## You may obtain a copy of the License at -## -## http://www.apache.org/licenses/LICENSE-2.0 -## -## Unless required by applicable law or agreed to in writing, software -## distributed under the License is distributed on an "AS IS" BASIS, -## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -## See the License for the specific language governing permissions and -## limitations under the License. -## ============LICENSE_END==================================================== -## - -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.release" . }}-aaf-hello-pv - namespace: {{ include "common.namespace" . }} - labels: - app: {{ .Chart.Name }}-hello - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ include "common.release" . }} - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} - storageClassName: "{{ include "common.fullname" . }}-data" -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pvc.yaml b/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pvc.yaml deleted file mode 100644 index fc148f63d6..0000000000 --- a/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pvc.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if ne 0 (int .Values.global.aaf.hello.replicas) }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -######### -## ============LICENSE_START==================================================== -## org.onap.aaf -## =========================================================================== -## Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. -## =========================================================================== -## Licensed under the Apache License, Version 2.0 (the "License"); -## you may not use this file except in compliance with the License. -## You may obtain a copy of the License at -## -## http://www.apache.org/licenses/LICENSE-2.0 -## -## Unless required by applicable law or agreed to in writing, software -## distributed under the License is distributed on an "AS IS" BASIS, -## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -## See the License for the specific language governing permissions and -## limitations under the License. -## ============LICENSE_END==================================================== -## -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.release" . }}-aaf-hello-pvc - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.config.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.config.size }} - storageClassName: {{ include "common.storageClass" . }} -{{- end -}} -{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml index 1e120bd0ad..891b829f43 100644 --- a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,112 +12,49 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment -metadata: - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - replicas: {{ .Values.global.aaf.hello.replicas }} + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: aaf-hello-vol - {{- if and .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-hello-pvc - {{- else }} - emptyDir: {} - {{- end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" - initContainers: - - name: fix-permission - command: ["/bin/sh","-c","chmod -R 775 /opt/app/osaaf/local && chown -R 1000:1000 /opt/app/osaaf"] - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: "/opt/app/osaaf/local" - name: aaf-hello-vol - - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/{{.Values.aaf_init.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["bash","-c","cd /opt/app/aaf_config && bin/agent.sh"] -# command: ["bash","-c","cd /opt/app/aaf_config && echo Sleeping && sleep 480"] -# command: ["bash","-c","chown 1000:1000 /opt/app/osaaf && cd /opt/app/aaf_config && sleep 480"] - volumeMounts: - - mountPath: "/opt/app/osaaf/local" - name: aaf-hello-vol - env: - - name: APP_FQI - value: "{{ .Values.aaf_init.fqi }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}" - - name: aaf_locator_container - value: "oom" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" -# This should the APP's FQDN to be put in Locator -# This MUST match what is entered for AAF Certificate Artifacts - - name: aaf_locator_fqdn - value: "{{.Values.aaf_init.fqdn}}" -# Hello specific. Clients don't don't need this, unless Registering with AAF Locator -# This should be the APP's PUBLIC FQDN, if applicable - - name: aaf_locator_public_fqdn - value: "{{.Values.aaf_init.locator_public_fqdn}}" - - name: LATITUDE - value: "{{ .Values.aaf_init.cadi_latitude }}" - - name: LONGITUDE - value: "{{ .Values.aaf_init.cadi_longitude }}" -# Note: We want to put this in Secrets or at LEAST ConfigMaps - - name: "DEPLOY_FQI" - value: "deployer@people.osaaf.org" -# Note: want to put this on Nodes, evenutally - - name: "DEPLOY_PASSWORD" - value: "demo123456!" + initContainers: {{ include "common.aaf-config" (dict "aafRoot" .Values.aaf_init "dot" .) | nindent 6 }} # CONTAINER Definition containers: - name: {{ include "common.name" . }} command: ["bash","-c","cd /opt/app/aaf && if [ ! -d /opt/app/osaaf/etc ]; then cp -Rf etc logs /opt/app/osaaf; fi && exec bin/hello"] - image: {{ .Values.global.repository }}/{{.Values.service.image }} + image: {{ .Values.global.repository }}/{{.Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: "/opt/app/osaaf/local" - name: aaf-hello-vol + ports: {{ include "common.containerPorts" . | nindent 10 }} + volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 8 }} - mountPath: /etc/localtime name: localtime readOnly: true {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ .Values.service.port }} + port: {{ .Values.liveness.port }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} + {{- end }} readinessProbe: tcpSocket: - port: {{ .Values.service.port }} + port: {{ .Values.readiness.port }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} + volumes: {{ include "common.aaf-config-volumes" (dict "aafRoot" .Values.aaf_init "dot" .) | nindent 6 }} + - name: localtime + hostPath: + path: /etc/localtime + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-hello/templates/secret.yaml b/kubernetes/aaf/charts/aaf-hello/templates/secret.yaml new file mode 100644 index 0000000000..f8c32e0670 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-hello/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/aaf/charts/aaf-hello/templates/service.yaml b/kubernetes/aaf/charts/aaf-hello/templates/service.yaml index 5ba4f68be9..8f80ee12a2 100644 --- a/kubernetes/aaf/charts/aaf-hello/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-hello/templates/service.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,22 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.service.port }} - nodePort: {{ .Values.service.public_port }} - name: aaf-hello - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - type: "NodePort" +{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-hello/values.yaml b/kubernetes/aaf/charts/aaf-hello/values.yaml index 0400dcc1fd..aeb659082d 100644 --- a/kubernetes/aaf/charts/aaf-hello/values.yaml +++ b/kubernetes/aaf/charts/aaf-hello/values.yaml @@ -12,6 +12,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +global: + aafEnabled: true flavor: small @@ -22,47 +24,58 @@ flavor: small aaf_init: # You might want this in your own app. For AAF, we store in global # replicas: 1 - image: onap/aaf/aaf_agent:2.1.20 - fqi: "aaf@aaf.osaaf.org" + fqi: aaf@aaf.osaaf.org # This MUST match what is put in AAF's "Artifact" for Certificates - fqdn: "aaf-hello" + fqdn: aaf-hello # What is put in Locator for External Access - locator_public_fqdn: "aaf.osaaf.org" - app_ns: "org.osaaf.aaf" - deploy_fqi: "deployer@people.osaaf.org" + public_fqdn: aaf.osaaf.org cadi_latitude: "38.0" cadi_longitude: "-72.0" + credsPath: /opt/app/osaaf/local + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + secret_uid: &aaf_secret_uid nbi-aaf-deploy-creds + permission_user: 1000 + permission_group: 999 -service: - image: onap/aaf/aaf_hello:2.1.20 - port: "8130" - public_port: "31119" +replicaCount: 0 -persistence: - enabled: false - #existingClaim: - # You will want "Reatan" in non-Hello Example. - volumeReclaimPolicy: Delete - accessMode: ReadWriteMany - size: 40M - mountPath: /dockerdata-nfs - mountSubPath: aaf/hello +image: onap/aaf/aaf_hello:2.1.20 + +service: + name: aaf-hello + type: ClusterIP + ports: + - name: api + protocol: http + port: 8130 nodeSelector: {} affinity: {} +secrets: + - uid: *aaf_secret_uid + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aaf_init.aafDeployFqi }}' + password: '{{ .Values.aaf_init.aafDeployPass }}' + passwordPolicy: required + # probe configuration parameters liveness: - initialDelaySeconds: 120 + initialDelaySeconds: 30 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + port: api readiness: initialDelaySeconds: 5 periodSeconds: 10 + port: api ingress: enabled: false @@ -75,18 +88,18 @@ ingress: # Configure resource requests and limits resources: - small: - limits: - cpu: 200m - memory: 500Mi - requests: - cpu: 10m - memory: 200Mi - large: - limits: - cpu: 400m - memory: 1Gi - requests: - cpu: 20m - memory: 500Mi - unlimited: {} + small: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 10m + memory: 200Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 20m + memory: 500Mi + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml index cc7f19176f..5074c8bc08 100644 --- a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,128 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} -spec: - replicas: {{ .Values.global.aaf.locate.replicas }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: fix-permission - command: - - /bin/sh - args: - - -c - - | - chmod -R 775 /opt/app/aaf/status - chown -R 1000:1000 /opt/app/aaf/status - chmod -R 775 /opt/app/osaaf - chown -R 1000:1000 /opt/app/osaaf - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /opt/app/aaf/status - name: aaf-status-vol - - mountPath: /opt/app/osaaf - name: aaf-config-vol - - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"] - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - env: - - name: aaf_env - value: "{{ .Values.global.aaf.aaf_env }}" - - name: cadi_latitude - value: "{{ .Values.global.aaf.cadi_latitude }}" - - name: cadi_longitude - value: "{{ .Values.global.aaf.cadi_longitude }}" - - name: cadi_x509_issuers - value: "{{ .Values.global.aaf.cadi_x509_issuers }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}" - - name: aaf_locator_container - value: "oom" - - name: aaf_release - value: "{{ .Values.global.aaf.aaf_release }}" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_public_fqdn - value: "{{.Values.global.aaf.public_fqdn}}" - - name: aaf_locator_name - value: "{{.Values.global.aaf.aaf_locator_name}}" - - name: aaf_locator_name_oom - value: "{{.Values.global.aaf.aaf_locator_name_oom}}" - - name: cm_always_ignore_ips - value: "true" - - name: CASSANDRA_CLUSTER - value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" -# - name: CASSANDRA_USER -# value: "" -# - name: CASSANDRA_PASSWORD -# value: "" -# - name: CASSANDRA_PORT -# value: "" - containers: - - name: {{ include "common.name" . }} - command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-locate aaf-service && exec bin/locate"] - image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - - mountPath: /etc/localtime - name: localtime - readOnly: true - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.global.aaf.locate.internal_port }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.global.aaf.locate.internal_port }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: aaf-status-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-status - - name: aaf-config-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-config - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/charts/aaf-locate/templates/service.yaml b/kubernetes/aaf/charts/aaf-locate/templates/service.yaml index 8aead90d29..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-locate/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-locate/templates/service.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,22 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.global.aaf.locate.internal_port }} - nodePort: {{ .Values.global.aaf.locate.public_port }} - name: aaf-locate - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - type: "NodePort" +{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-locate/values.yaml b/kubernetes/aaf/charts/aaf-locate/values.yaml index 9209b9d027..47b2f205e5 100644 --- a/kubernetes/aaf/charts/aaf-locate/values.yaml +++ b/kubernetes/aaf/charts/aaf-locate/values.yaml @@ -18,6 +18,12 @@ flavor: small # Application configuration defaults. ################################################################# # application image +replicaCount: 1 + +binary: locate + +sequence_order: + - service nodeSelector: {} @@ -25,24 +31,25 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 120 + initialDelaySeconds: 30 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + port: api readiness: initialDelaySeconds: 5 periodSeconds: 10 + port: api service: name: aaf-locate type: ClusterIP - portName: aaf-locate - #targetPort - internalPort: 8095 - #port - externalPort: 31111 + ports: + - name: api + protocol: http + port: 8095 ingress: enabled: false @@ -55,18 +62,18 @@ ingress: # Configure resource requests and limits resources: - small: - limits: - cpu: 100m - memory: 320Mi - requests: - cpu: 1m - memory: 210Mi - large: - limits: - cpu: 400m - memory: 1Gi - requests: - cpu: 40m - memory: 500Mi - unlimited: {} + small: + limits: + cpu: 100m + memory: 320Mi + requests: + cpu: 1m + memory: 210Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 40m + memory: 500Mi + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml index 6ce3abd241..5074c8bc08 100644 --- a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,128 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} -spec: - replicas: {{ .Values.global.aaf.oauth.replicas }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: fix-permission - command: - - /bin/sh - args: - - -c - - | - chmod -R 775 /opt/app/aaf/status - chown -R 1000:1000 /opt/app/aaf/status - chmod -R 775 /opt/app/osaaf - chown -R 1000:1000 /opt/app/osaaf - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /opt/app/aaf/status - name: aaf-status-vol - - mountPath: /opt/app/osaaf - name: aaf-config-vol - - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"] - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - env: - - name: aaf_env - value: "{{ .Values.global.aaf.aaf_env }}" - - name: cadi_latitude - value: "{{ .Values.global.aaf.cadi_latitude }}" - - name: cadi_longitude - value: "{{ .Values.global.aaf.cadi_longitude }}" - - name: cadi_x509_issuers - value: "{{ .Values.global.aaf.cadi_x509_issuers }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}" - - name: aaf_locator_container - value: "oom" - - name: aaf_release - value: "{{ .Values.global.aaf.aaf_release }}" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_public_fqdn - value: "{{.Values.global.aaf.public_fqdn}}" - - name: aaf_locator_name - value: "{{.Values.global.aaf.aaf_locator_name}}" - - name: aaf_locator_name_oom - value: "{{.Values.global.aaf.aaf_locator_name_oom}}" - - name: cm_always_ignore_ips - value: "true" - - name: CASSANDRA_CLUSTER - value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" -# - name: CASSANDRA_USER -# value: "" -# - name: CASSANDRA_PASSWORD -# value: "" -# - name: CASSANDRA_PORT -# value: "" - containers: - - name: {{ include "common.name" . }} - command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-oauth aaf-service && exec bin/oauth"] - image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - - mountPath: /etc/localtime - name: localtime - readOnly: true - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.global.aaf.oauth.internal_port }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.global.aaf.oauth.internal_port }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: aaf-status-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-status - - name: aaf-config-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-config - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml b/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml index 52c2d10568..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,22 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.global.aaf.oauth.internal_port }} - nodePort: {{ .Values.global.aaf.oauth.public_port }} - name: aaf-oauth - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - type: "NodePort" +{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-oauth/values.yaml b/kubernetes/aaf/charts/aaf-oauth/values.yaml index c25327ce03..7604b86393 100644 --- a/kubernetes/aaf/charts/aaf-oauth/values.yaml +++ b/kubernetes/aaf/charts/aaf-oauth/values.yaml @@ -19,30 +19,40 @@ flavor: small # Application configuration defaults. ################################################################# # application image + +replicaCount: 1 + +binary: oauth + +sequence_order: + - service + - locate + nodeSelector: {} affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 120 + initialDelaySeconds: 30 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + port: api readiness: initialDelaySeconds: 5 periodSeconds: 10 + port: api service: name: aaf-oauth type: ClusterIP - portName: aaf-oauth - #targetPort - internalPort: 8140 - #port - externalPort: 8140 + ports: + - name: api + protocol: http + port: 8140 ingress: enabled: false @@ -55,18 +65,18 @@ ingress: # Configure resource requests and limits resources: - small: - limits: - cpu: 40m - memory: 320Mi - requests: - cpu: 1m - memory: 210Mi - large: - limits: - cpu: 400m - memory: 600Mi - requests: - cpu: 40m - memory: 200Mi - unlimited: {} + small: + limits: + cpu: 40m + memory: 320Mi + requests: + cpu: 1m + memory: 210Mi + large: + limits: + cpu: 400m + memory: 600Mi + requests: + cpu: 40m + memory: 200Mi + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml index 555f4ac815..5074c8bc08 100644 --- a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,135 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} -spec: - replicas: {{ .Values.global.aaf.service.replicas }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: fix-permission - command: - - /bin/sh - args: - - -c - - | - chmod -R 775 /opt/app/aaf/status - chown -R 1000:1000 /opt/app/aaf/status - chmod -R 775 /opt/app/osaaf - chown -R 1000:1000 /opt/app/osaaf - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /opt/app/aaf/status - name: aaf-status-vol - - mountPath: /opt/app/osaaf - name: aaf-config-vol - - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config nc aaf-cass.{{ .Release.Namespace }} 9042 sleep 15 remove && bin/agent.sh"] - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - env: - - name: aaf_env - value: "{{ .Values.global.aaf.aaf_env }}" - - name: cadi_latitude - value: "{{ .Values.global.aaf.cadi_latitude }}" - - name: cadi_longitude - value: "{{ .Values.global.aaf.cadi_longitude }}" - - name: cadi_x509_issuers - value: "{{ .Values.global.aaf.cadi_x509_issuers }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}" - - name: aaf_locator_container - value: "oom" - - name: aaf_release - value: "{{ .Values.global.aaf.aaf_release }}" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_public_fqdn - value: "{{.Values.global.aaf.public_fqdn}}" - - name: aaf_locator_name - value: "{{.Values.global.aaf.aaf_locator_name}}" - - name: aaf_locator_name_oom - value: "{{.Values.global.aaf.aaf_locator_name_oom}}" - - name: cm_always_ignore_ips - value: "true" - - name: CASSANDRA_CLUSTER - value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}" -# - name: CASSANDRA_USER -# value: "" -# - name: CASSANDRA_PASSWORD -# value: "" -# - name: CASSANDRA_PORT -# value: "" - containers: - - name: {{ include "common.name" . }} - command: ["/bin/bash","-c","cd /opt/app/aaf && bin/pod_wait.sh aaf-service aaf-cass && exec bin/service"] - image: {{.Values.global.repository}}/{{.Values.global.aaf.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: cm_always_ignore_ips - value: "true" - lifecycle: - preStop: - exec: - command: ["/bin/sh","-c","rm /opt/app/aaf/status/aaf-service* && echo $HOSTNAME >> aaf-service.hosts"] - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: "/opt/app/aaf/status" - name: aaf-status-vol - - mountPath: /etc/localtime - name: localtime - readOnly: true - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.global.aaf.service.internal_port }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.global.aaf.service.internal_port }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: aaf-status-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-status - - name: aaf-config-vol - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-config - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/charts/aaf-service/templates/service.yaml b/kubernetes/aaf/charts/aaf-service/templates/service.yaml index e02c685549..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-service/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-service/templates/service.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,22 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.global.aaf.service.internal_port }} - nodePort: {{ .Values.global.aaf.service.public_port }} - name: aaf-service - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - type: "NodePort" +{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-service/values.yaml b/kubernetes/aaf/charts/aaf-service/values.yaml index 1eb5bb2523..c2d96032cc 100644 --- a/kubernetes/aaf/charts/aaf-service/values.yaml +++ b/kubernetes/aaf/charts/aaf-service/values.yaml @@ -20,30 +20,38 @@ flavor: small ################################################################# # application image +replicaCount: 1 + +binary: service + +sequence_order: + - cass + nodeSelector: {} affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 120 + initialDelaySeconds: 30 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + port: api readiness: initialDelaySeconds: 5 periodSeconds: 10 + port: api service: name: aaf-service - type: NodePort - portName: aaf-service - #targetPort - internalPort: 8100 - #port - externalPort: 31110 + type: ClusterIP + ports: + - name: api + port: 8100 + protocol: http ingress: enabled: false @@ -56,18 +64,18 @@ ingress: # Configure resource requests and limits resources: - small: - limits: - cpu: 250m - memory: 360Mi - requests: - cpu: 10m - memory: 250Mi - large: - limits: - cpu: 400m - memory: 1Gi - requests: - cpu: 40m - memory: 300Mi - unlimited: {} + small: + limits: + cpu: 250m + memory: 360Mi + requests: + cpu: 10m + memory: 250Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 40m + memory: 300Mi + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml index 5ade9a81d6..8d1faf7e32 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml @@ -18,15 +18,8 @@ apiVersion: v1 kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml index c816b16914..23fe79d716 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml @@ -18,21 +18,11 @@ apiVersion: batch/v1 kind: Job -metadata: - name: {{ include "common.fullname" . }}-init - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-job - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: backoffLimit: 2 template: - metadata: - labels: - app: {{ include "common.name" . }}-job - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: restartPolicy: Never containers: @@ -58,19 +48,17 @@ spec: - name: {{ include "common.fullname" . }}-tpmconfig mountPath: "/abrmd/cred/" readOnly: true - resources: -{{ toYaml .Values.resources | indent 10 }} - nodeSelector: - {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} + resources: {{ toYaml .Values.resources | nindent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} {{- end -}} {{- if .Values.global.tpm.enabled }} {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} + resources: {{ include "common.resources" . | nindent 10 }} volumes: - name: {{ include "common.fullname" . }}-data persistentVolumeClaim: diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml index 0beda0fefc..c624ccfc4d 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml @@ -16,24 +16,15 @@ {{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} -apiVersion: apps/v1beta1 +apiVersion: apps/v1 kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} serviceName: template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" @@ -50,6 +41,13 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi containers: - image: "{{ include "common.repository" . }}/{{ .Values.image }}" name: {{ include "common.name" . }} @@ -66,8 +64,7 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - resources: -{{ toYaml .Values.resources | indent 10 }} + resources: {{ include "common.resources" . | nindent 10 }} nodeSelector: {{- if .Values.nodeSelector }} {{ toYaml .Values.nodeSelector | indent 8 }} @@ -76,8 +73,7 @@ spec: {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} volumes: - name: localtime diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml index dc5176127a..99176fcdf6 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml @@ -18,15 +18,8 @@ apiVersion: v1 kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml index 3d248eef51..fb48c7df4a 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml @@ -18,22 +18,12 @@ apiVersion: batch/v1 kind: Job -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: replicas: {{ .Values.replicaCount }} serviceName: template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: restartPolicy: Never initContainers: @@ -52,6 +42,13 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{ else }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -69,6 +66,13 @@ spec: readOnly: true - name: {{ include "common.fullname" . }}-data mountPath: /distcenter/data + resources: + limits: + cpu: 1 + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{- end }} containers: - image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -82,15 +86,12 @@ spec: readOnly: true - name: {{ include "common.fullname" . }}-data mountPath: /distcenter/data - resources: -{{ toYaml .Values.resources | indent 10 }} + resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} volumes: - name: localtime @@ -98,7 +99,7 @@ spec: path: /etc/localtime - name: {{ include "common.fullname" . }}-data persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-sshsm-data + claimName: {{ include "common.release" . }}-aaf-sshsm imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml index 00005a58b1..bf0ef74be2 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml @@ -15,28 +15,5 @@ */}} {{- if .Values.global.distcenter.enabled -}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) }} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-data - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" . }}-data" - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} -{{- end -}} -{{- end -}} +{{ include "common.PV" . }} {{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml index ede08205b5..a13b7f353b 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml @@ -15,27 +15,5 @@ */}} {{- if .Values.global.distcenter.enabled -}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.size }} - storageClassName: {{ include "common.storageClass" . }} -{{- end -}} +{{ include "common.PVC" . }} {{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml index a67760c368..a64f483d74 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml @@ -18,22 +18,11 @@ apiVersion: batch/v1 kind: Job -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: replicas: {{ .Values.replicaCount }} - serviceName: template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: restartPolicy: Never initContainers: @@ -51,6 +40,13 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{- if .Values.global.tpm.enabled }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -66,6 +62,13 @@ spec: volumeMounts: - name: {{ include "common.fullname" . }}-dbus mountPath: /var/run/dbus + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{- end }} containers: - image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -98,8 +101,7 @@ spec: - name: {{ include "common.fullname" . }}-secrets mountPath: /testca/secrets readOnly: true - resources: -{{ toYaml .Values.resources | indent 10 }} + resources: {{ include "common.resources" . | nindent 10 }} nodeSelector: {{- if .Values.nodeSelector }} {{ toYaml .Values.nodeSelector | indent 8 }} @@ -108,8 +110,7 @@ spec: {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} volumes: - name: localtime @@ -117,7 +118,7 @@ spec: path: /etc/localtime - name: {{ include "common.fullname" . }}-data persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-sshsm-data + claimName: {{ include "common.release" . }}-aaf-sshsm - name: {{ include "common.fullname" . }}-dbus persistentVolumeClaim: claimName: {{ include "common.release" . }}-aaf-sshsm-dbus diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml index 3b50792473..b566b11458 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml @@ -14,27 +14,4 @@ # limitations under the License. */}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) }} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-data - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }}-data -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" . }}-data" - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.dataMountSubPath }} -{{- end -}} -{{- end -}} +{{ include "common.PV" (dict "dot" . "persistenceInfos" .Values.persistence.data) }} diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml index e76baa2d36..b3e7f9fabd 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml @@ -14,27 +14,4 @@ # limitations under the License. */}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) }} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-dbus - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }}-dbus -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" . }}-dbus" - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.dbusMountSubPath }} -{{- end -}} -{{- end -}} +{{ include "common.PV" (dict "dot" . "suffix" "dbus" "persistenceInfos" .Values.persistence.dbus) }} diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml index 2a5fc98bfa..b8971cc03c 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml @@ -14,26 +14,4 @@ # limitations under the License. */}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-data - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.size }} - storageClassName: {{ include "common.storageClass" . }} -{{- end -}} +{{ include "common.PVC" (dict "dot" . "persistenceInfos" .Values.persistence.data) }} diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml index cf223670b5..7297d6f81d 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml @@ -14,30 +14,4 @@ # limitations under the License. */}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-dbus - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- if eq "True" (include "common.needPV" .) }} - storageClassName: "{{ include "common.fullname" . }}-dbus" -{{- else }} - storageClassName: {{ include "common.storageClass" . }} -{{- end }} -{{- end -}} +{{ include "common.PVC" (dict "dot" . "suffix" "dbus" "persistenceInfos" .Values.persistence.dbus) }} diff --git a/kubernetes/aaf/charts/aaf-sshsm/values.yaml b/kubernetes/aaf/charts/aaf-sshsm/values.yaml index 55d38a094c..5600213e11 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/values.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/values.yaml @@ -32,12 +32,20 @@ global: persistence: enabled: true - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - size: 10Mi - mountPath: /dockerdata-nfs - dataMountSubPath: sshsm/data - dbusMountSubPath: sshsm/dbus + data: + enabled: true + size: 10Mi + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + mountSubPath: sshsm/data + dbus: + enabled: true + size: 10Mi + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + mountSubPath: sshsm/dbus + + # Configure resource requests and limits resources: diff --git a/kubernetes/aaf/templates/_deployment.tpl b/kubernetes/aaf/templates/_deployment.tpl new file mode 100644 index 0000000000..bf6931a8e3 --- /dev/null +++ b/kubernetes/aaf/templates/_deployment.tpl @@ -0,0 +1,67 @@ +{*/ +# Copyright © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/} + +{{- define "aaf.deployment" -}} +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: {{ include "aaf.initContainers" . | nindent 6 }} + containers: + - name: {{ include "common.name" . }} + workingDir: /opt/app/aaf + command: ["bin/{{ .Values.binary }}"] + image: {{ include "common.repository" . }}/{{.Values.global.aaf.image}} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 10 }} + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: aaf-config-vol + - mountPath: /etc/localtime + name: localtime + readOnly: true + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{.Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: aaf-config-vol + emptyDir: {} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{- end -}} diff --git a/kubernetes/aaf/templates/_initContainers.tpl b/kubernetes/aaf/templates/_initContainers.tpl new file mode 100644 index 0000000000..43c511fd6d --- /dev/null +++ b/kubernetes/aaf/templates/_initContainers.tpl @@ -0,0 +1,122 @@ +{*/ +# Copyright © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/} + +{{- define "aaf.permissionFixer" -}} +- name: fix-permission + command: + - /bin/sh + args: + - -c + - | + chown -R 1000:1000 /opt/app/aaf + chown -R 1000:1000 /opt/app/osaaf + image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /opt/app/osaaf + name: aaf-config-vol + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{- end -}} + +{{- define "aaf.podConfiguration" }} +- name: {{ include "common.name" . }}-config-container + image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/bash + args: + - -c + - | + cd /opt/app/aaf_config + bin/agent.sh + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: aaf-config-vol + env: + - name: aaf_env + value: "{{ .Values.global.aaf.aaf_env }}" + - name: cadi_latitude + value: "{{ .Values.global.aaf.cadi_latitude }}" + - name: cadi_longitude + value: "{{ .Values.global.aaf.cadi_longitude }}" + - name: cadi_x509_issuers + value: "{{ .Values.global.aaf.cadi_x509_issuers }}" + - name: aaf_locate_url + value: "https://aaf-locate.{{ .Release.Namespace}}:8095" + - name: aaf_locator_container + value: "oom" + - name: aaf_release + value: "{{ .Values.global.aaf.aaf_release }}" + - name: aaf_locator_container_ns + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: aaf_locator_public_fqdn + value: "{{.Values.global.aaf.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.global.aaf.aaf_locator_name}}" + - name: aaf_locator_name_oom + value: "{{.Values.global.aaf.aaf_locator_name_oom}}" + - name: cm_always_ignore_ips + value: "true" + - name: CASSANDRA_CLUSTER + value: "aaf-cass.{{ .Release.Namespace }}" + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{- end -}} + +{{- define "aaf.initContainers" -}} +initContainers: +{{ include "aaf.permissionFixer" . }} +{{- if .Values.sequence_order }} +- name: {{ include "common.name" . }}-aaf-readiness + command: + - /root/ready.py + args: + {{- range $container := .Values.sequence_order }} + - --container-name + - aaf-{{ $container}} + {{- end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{- end }} +{{ include "aaf.podConfiguration" . }} +{{- end }} diff --git a/kubernetes/aaf/templates/pv-config.yaml b/kubernetes/aaf/templates/pv-config.yaml deleted file mode 100644 index 5ed3e62aeb..0000000000 --- a/kubernetes/aaf/templates/pv-config.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) }} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }}-config - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.config.size}} - accessModes: - - {{ .Values.persistence.config.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.config.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.persistence.config.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.config.mountSubPath }} - storageClassName: "{{ include "common.fullname" . }}-config" -{{- end -}} -{{- end -}} diff --git a/kubernetes/aaf/templates/pv-status.yaml b/kubernetes/aaf/templates/pv-status.yaml deleted file mode 100644 index d8f5980b9b..0000000000 --- a/kubernetes/aaf/templates/pv-status.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) }} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-status - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }}-status - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.status.size}} - accessModes: - - {{ .Values.persistence.status.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.status.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.persistence.status.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.status.mountSubPath }} - storageClassName: "{{ include "common.fullname" . }}-status" -{{- end -}} -{{- end -}} diff --git a/kubernetes/aaf/templates/pvc-config.yaml b/kubernetes/aaf/templates/pvc-config.yaml deleted file mode 100644 index dc71dceff1..0000000000 --- a/kubernetes/aaf/templates/pvc-config.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.release" . }}-aaf-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.config.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.config.size }} -{{- if eq "True" (include "common.needPV" .) }} - storageClassName: "{{ include "common.fullname" . }}-config" -{{- else }} - storageClassName: {{ include "common.storageClass" . }} -{{- end }} -{{- end -}} diff --git a/kubernetes/aaf/templates/pvc-status.yaml b/kubernetes/aaf/templates/pvc-status.yaml deleted file mode 100644 index 3cda088fba..0000000000 --- a/kubernetes/aaf/templates/pvc-status.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.release" . }}-aaf-status - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.status.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.status.size }} -{{- if eq "True" (include "common.needPV" .) }} - storageClassName: "{{ include "common.fullname" . }}-status" -{{- else }} - storageClassName: {{ include "common.storageClass" . }} -{{- end }} -{{- end -}} diff --git a/kubernetes/aaf/values.yaml b/kubernetes/aaf/values.yaml index 5a1c5f2709..bedf243639 100644 --- a/kubernetes/aaf/values.yaml +++ b/kubernetes/aaf/values.yaml @@ -29,7 +29,7 @@ global: loggingImage: beats/filebeat:5.5.0 # BusyBox image busyboxRepository: registry.hub.docker.com - busyboxImage: library/busybox:latest + busyboxImage: library/busybox:1.31 persistence: enabled: true # Standard OOM @@ -58,50 +58,19 @@ global: config: image: onap/aaf/aaf_config:2.1.20 - cass: - replicas: 1 - image: onap/aaf/aaf_cass:2.1.20 - fqdn: "aaf-cass" - cluster_name: "osaaf" - heap_new_size: "512M" - max_heap_size: "1024M" - storage_port: 7000 - ssl_storage_port: 7001 - native_trans_port: 9042 - rpc_port: 9160 - dc: "dc1" + service: - replicas: 1 fqdn: "aaf-service" internal_port: 8100 public_port: 31110 locate: - replicas: 1 fqdn: "aaf-locate" internal_port: 8095 public_port: 31111 oauth: - replicas: 1 - fqdn: "aaf0oauth" + fqdn: "aaf-oauth" internal_port: 8140 public_port: 31112 - gui: - replicas: 1 - fqdn: "aaf-gui" - internal_port: 8200 - public_port: 31113 - cm: - replicas: 1 - fqdn: "aaf-cm" - internal_port: 8150 - public_port: 31114 - fs: - replicas: 1 - fqdn: "aaf-fs" - internal_port: 8096 - public_port: 31115 - hello: - replicas: 0 # Note: as hello is a sample app, find values in charts/aaf-hello/values.yaml @@ -138,35 +107,6 @@ ingress: config: ssl: "none" -## Persist data to a persitent volume -persistence: - enabled: true - config: - #existingClaim: - volumeReclaimPolicy: Delete - accessMode: ReadWriteMany - size: 2Gi - mountPath: /dockerdata-nfs - mountSubPath: "config" - logs: - #existingClaim: - volumeReclaimPolicy: Retain - accessMode: ReadWriteMany - size: 2Gi - mountPath: "/mnt/data/aaf/logs" - status: - volumeReclaimPolicy: Delete - accessMode: ReadWriteMany - size: 2M - mountPath: /dockerdata-nfs - mountSubPath: "status" - cass: - #existingClaim: - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - size: 10Gi - mountPath: /dockerdata-nfs - mountSubPath: "cass" - +persistence: {} resources: {} diff --git a/kubernetes/aai b/kubernetes/aai index 2d6141ab8b..d687fd0c9e 160000 --- a/kubernetes/aai +++ b/kubernetes/aai @@ -1 +1 @@ -Subproject commit 2d6141ab8bd7bfe58f5da0483e578032226e7ebb +Subproject commit d687fd0c9efe31e93287da11e3e390984a5fb6ce diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml index 6cd3c2b554..f120f12072 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml @@ -62,7 +62,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-blueprintsprocessor:0.7.1 +image: onap/ccsdk-blueprintsprocessor:0.7.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/cds/charts/cds-command-executor/values.yaml b/kubernetes/cds/charts/cds-command-executor/values.yaml index 3f9fb87e13..2bc84bd299 100755 --- a/kubernetes/cds/charts/cds-command-executor/values.yaml +++ b/kubernetes/cds/charts/cds-command-executor/values.yaml @@ -40,7 +40,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-commandexecutor:0.7.1 +image: onap/ccsdk-commandexecutor:0.7.2 pullPolicy: Always # application configuration diff --git a/kubernetes/cds/charts/cds-py-executor/Chart.yaml b/kubernetes/cds/charts/cds-py-executor/Chart.yaml new file mode 100755 index 0000000000..41b43c34a3 --- /dev/null +++ b/kubernetes/cds/charts/cds-py-executor/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright (c) 2020 Bell Canada, Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP CDS Py Executor +name: cds-py-executor +version: 6.0.0 \ No newline at end of file diff --git a/kubernetes/cds/charts/cds-py-executor/requirements.yaml b/kubernetes/cds/charts/cds-py-executor/requirements.yaml new file mode 100755 index 0000000000..676fe8f6b2 --- /dev/null +++ b/kubernetes/cds/charts/cds-py-executor/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright (c) 2020 Bell Canada, Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml b/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml new file mode 100755 index 0000000000..f9c3377dd8 --- /dev/null +++ b/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml @@ -0,0 +1,90 @@ +# Copyright (c) 2020 Bell Canada, Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + command: + - bash + args: + - '-c' + - 'AUTH_TOKEN=`echo -n $API_USERNAME:$API_PASSWORD | base64` /opt/app/onap/python/start.sh' + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{- include "common.containerPorts" . | nindent 12 }} + {{ if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} + env: + - name: APP_PORT + value: {{ .Values.config.appPort }} + - name: AUTH_TYPE + value: {{ .Values.config.authType }} + - name: API_USERNAME + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }} + - name: API_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }} + - name: LOG_FILE + value: {{ .Values.config.logFile }} + - name: ARTIFACT_MANAGER_PORT + value: {{ .Values.config.artifactManagerPort }} + - name: ARTIFACT_MANAGER_SERVER_LOG_FILE + value: {{ .Values.config.artifactManagerLogFile }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: {{ .Values.persistence.deployedBlueprint }} + name: {{ include "common.fullname" . }}-blueprints + resources: +{{ include "common.resources" . | nindent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | nindent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + # Py executor shares the blueprintsprocessor storage (for now) to + # share uploaded CBA files. In the future it will be deprecated + # when all parts of the CDS will make use of Artifact Manager + - name: {{ include "common.fullname" . }}-blueprints + persistentVolumeClaim: + claimName: {{ include "common.release" . }}-cds-blueprints + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml b/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml new file mode 100644 index 0000000000..c36607b172 --- /dev/null +++ b/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2020 Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} \ No newline at end of file diff --git a/kubernetes/cds/charts/cds-py-executor/templates/service.yaml b/kubernetes/cds/charts/cds-py-executor/templates/service.yaml new file mode 100755 index 0000000000..1267791b6c --- /dev/null +++ b/kubernetes/cds/charts/cds-py-executor/templates/service.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2020 Bell Canada, Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} \ No newline at end of file diff --git a/kubernetes/cds/charts/cds-py-executor/values.yaml b/kubernetes/cds/charts/cds-py-executor/values.yaml new file mode 100755 index 0000000000..206ae10a75 --- /dev/null +++ b/kubernetes/cds/charts/cds-py-executor/values.yaml @@ -0,0 +1,120 @@ +# Copyright (c) 2020 Bell Canada, Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific lan`guage governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + # Change to an unused port prefix range to prevent port conflicts + # with other instances running within the same k8s cluster + nodePortPrefix: 302 + + # image repositories + repository: nexus3.onap.org:10001 + + # readiness check + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + + # image pull policy + pullPolicy: Always + + persistence: + mountPath: /dockerdata-nfs + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/ccsdk-py-executor:0.7.2 +pullPolicy: Always + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + port: 50052 + initialDelaySeconds: 20 + periodSeconds: 20 + timeoutSeconds: 20 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + port: 50052 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 20 + +service: + type: ClusterIP + ports: + - port: 50052 + name: executor-grpc + - port: 50053 + name: manager-grpc + +secrets: + - uid: api-credentials + externalSecret: '{{ tpl (default "" .Values.config.authCredentialsExternalSecret) . }}' + type: basicAuth + login: '{{ .Values.config.apiUsername }}' + password: '{{ .Values.config.apiPassword }}' + passwordPolicy: required + +config: + # the api credentials below are used to authenticate communication with blueprint + # processor API. Py executor in this context is a client of the blueprint processor + apiUsername: ccsdkapps + apiPassword: ccsdkapps + env: + appPort: 50052 + authType: tls-auth + logFile: /dev/stdout + artifactManagerPort: 50053 + artifactManagerLogFile: /dev/stdout + +persistence: + enabled: true + mountSubPath: cds/blueprints/deploy + deployedBlueprint: /opt/app/onap/blueprints/deploy + +ingress: + enabled: false + +flavor: small + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} diff --git a/kubernetes/cds/charts/cds-sdc-listener/values.yaml b/kubernetes/cds/charts/cds-sdc-listener/values.yaml index b9c329a124..c784a82ba1 100644 --- a/kubernetes/cds/charts/cds-sdc-listener/values.yaml +++ b/kubernetes/cds/charts/cds-sdc-listener/values.yaml @@ -37,7 +37,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-sdclistener:0.7.1 +image: onap/ccsdk-sdclistener:0.7.2 name: sdc-listener pullPolicy: Always diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/charts/cds-ui/values.yaml index 0dcf7feefd..d084307bbb 100644 --- a/kubernetes/cds/charts/cds-ui/values.yaml +++ b/kubernetes/cds/charts/cds-ui/values.yaml @@ -28,7 +28,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-cds-ui-server:0.7.1 +image: onap/ccsdk-cds-ui-server:0.7.2 pullPolicy: Always # application configuration diff --git a/kubernetes/common/common/templates/_aafconfig.tpl b/kubernetes/common/common/templates/_aafconfig.tpl index 0c78cc11b9..e90f8aea5d 100644 --- a/kubernetes/common/common/templates/_aafconfig.tpl +++ b/kubernetes/common/common/templates/_aafconfig.tpl @@ -76,6 +76,13 @@ fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi - name: {{ include "common.name" $dot }}-aaf-config image: {{ (default $dot.Values.repository $dot.Values.global.repository) }}/{{ $dot.Values.global.aafAgentImage }} imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} @@ -121,6 +128,13 @@ #Hello specific. Clients don't don't need this, unless Registering with AAF Locator - name: aaf_locator_public_fqdn value: "{{ $aafRoot.public_fqdn | default "" }}" + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{- end -}} {{- end -}} diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml index 0defa97c26..a9f2a5bbd4 100644 --- a/kubernetes/common/network-name-gen/values.yaml +++ b/kubernetes/common/network-name-gen/values.yaml @@ -73,7 +73,7 @@ mariadb-init: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-apps-ms-neng:0.6.3 +image: onap/ccsdk-apps-ms-neng:0.7.1 pullPolicy: IfNotPresent # application configuration diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 5fcd916989..a9cac8beac 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -107,7 +107,7 @@ mongo: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.5 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.6 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties index 59f64bd99c..3f5b1b4336 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties +++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties @@ -69,10 +69,10 @@ DB.host: {{ .Values.postgres.service.name2 }} #DB.schema: {{ .Values.postgres.config.pgDatabase }} # postgres user name -#DB.user: {{ .Values.postgres.config.pgUserName }} +DB.user: ${PG_USER} # postgres user password -DB.cred: {{ .Values.postgres.config.pgUserPassword }} +DB.cred: ${PG_PASSWORD} ##################################################### diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml index ea2720f9ce..a957acee9e 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml @@ -23,6 +23,25 @@ spec: spec: {{- if or .Values.global.aafEnabled .Values.PG.enabled }} initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: PG_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }} + - name: PG_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: {{ include "common.name" . }}-config-input + - mountPath: /config + name: {{ include "common.name" . }}-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-aaf-readiness command: @@ -155,10 +174,13 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: {{ include "common.name" . }}-config + - name: {{ include "common.name" . }}-config-input configMap: name: {{ include "common.fullname" . }}-config - name: {{ include "common.name" . }}-aaf-config-vol emptyDir: {} + - name: {{ include "common.name" . }}-config + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml index e15a152a21..25f5e7ad60 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml @@ -28,3 +28,5 @@ type: Opaque data: aaf-deploy-password: {{ index .Values.aafConfig.aafDeployPass | b64enc | quote }} {{- end }} +--- +{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml index 3a18787826..d975dbaad2 100644 --- a/kubernetes/dmaap/components/dmaap-bc/values.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml @@ -22,6 +22,22 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + envsubstImage: dibi/envsubst + +secrets: + - uid: pg-root-pass + name: &pgRootPassSecretName '{{ include "common.release" . }}-dmaap-bc-pg-root-pass' + type: password + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dmaap-bc-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' + password: '{{ .Values.postgres.config.pgRootpassword }}' + policy: generate + - uid: pg-user-creds + name: &pgUserCredsSecretName '{{ include "common.release" . }}-dmaap-bc-pg-user-creds' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "dmaap-bc-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' + login: '{{ .Values.postgres.config.pgUserName }}' + password: '{{ .Values.postgres.config.pgUserPassword }}' + passwordPolicy: generate ################################################################# # Application configuration defaults. @@ -114,9 +130,8 @@ postgres: config: pgUserName: dmaap_admin pgDatabase: dmaap - pgPrimaryPassword: onapdemodb - pgUserPassword: onapdemodb - pgRootPassword: onapdemodb + pgUserExternalSecret: *pgUserCredsSecretName + pgRootPasswordExternalSecret: *pgRootPassSecretName persistence: mountSubPath: dbc/data mountInitPath: dbc diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index 5c32d9950d..8b44e160ba 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -144,6 +144,7 @@ service: type: NodePort name: dmaap-dr-node useNodePortExt: true + both_tls_and_plain: true annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" ports: diff --git a/kubernetes/multicloud/charts/multicloud-k8s/values.yaml b/kubernetes/multicloud/charts/multicloud-k8s/values.yaml index 3c7b1d3a65..f0bfedb43a 100644 --- a/kubernetes/multicloud/charts/multicloud-k8s/values.yaml +++ b/kubernetes/multicloud/charts/multicloud-k8s/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/multicloud/k8s:0.5.0 +image: onap/multicloud/k8s:0.6.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml index 0126c6e06b..3552b2e2f6 100644 --- a/kubernetes/policy/charts/drools/values.yaml +++ b/kubernetes/policy/charts/drools/values.yaml @@ -82,7 +82,7 @@ ingress: # Default installation values to be overridden server: - jvmOpts: -server -Xms1024m -Xmx2048m + jvmOpts: -server -XshowSettings:vm aaf: enabled: "false" diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties index f2c2cd7765..c7e4ad197e 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties +++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties @@ -50,4 +50,4 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory javax.persistence.jdbc.user=${SQL_USER} -javax.persistence.jdbc.password=${SQL_PASSWORD} +javax.persistence.jdbc.password=${SQL_PASSWORD_BASE64} diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml index 9ac5d68a89..bd126b810b 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml @@ -35,7 +35,7 @@ spec: - sh args: - -c - - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: RESTSERVER_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} @@ -45,6 +45,10 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "login") | indent 10 }} - name: API_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "password") | indent 10 }} + - name: SQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input name: pdpxconfig @@ -59,11 +63,6 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"] args: ["/opt/app/policy/pdpx/etc/mounted/config.json"] - env: - - name: SQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - - name: SQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger diff --git a/kubernetes/portal/charts/portal-app/values.yaml b/kubernetes/portal/charts/portal-app/values.yaml index 8d18fd0dbd..01bc0dab93 100644 --- a/kubernetes/portal/charts/portal-app/values.yaml +++ b/kubernetes/portal/charts/portal-app/values.yaml @@ -32,7 +32,7 @@ global: # application image repository: nexus3.onap.org:10001 -image: onap/portal-app:3.2.0 +image: onap/portal-app:3.2.1 pullPolicy: Always #AAF local config diff --git a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql index 13b319c76a..7502e9322a 100644 --- a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql +++ b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql @@ -78,7 +78,7 @@ update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7ML /* Replace spaces with underscores for role names to match AAF role names */ -UPDATE fn_role SET role_name= REPLACE(role_name, ' ', '_') WHERE active_yn= 'Y'; +UPDATE fn_role SET role_name= REPLACE(role_name, ' ', '_') WHERE active_yn= 'Y' AND role_id NOT IN (999); /* diff --git a/kubernetes/robot b/kubernetes/robot index c81062626b..1bc31c7d76 160000 --- a/kubernetes/robot +++ b/kubernetes/robot @@ -1 +1 @@ -Subproject commit c81062626b69160145baac5e6a5d670cb67211fa +Subproject commit 1bc31c7d76408bdf2267bf72bf3b1b1e18e2367f diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/charts/sdc-be/values.yaml index e0af28fd86..a0e9b539e6 100644 --- a/kubernetes/sdc/charts/sdc-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-backend:1.6.4 -backendInitImage: onap/sdc-backend-init:1.6.4 +image: onap/sdc-backend:1.6.5 +backendInitImage: onap/sdc-backend-init:1.6.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/charts/sdc-cs/values.yaml index 6c63927cf5..3cef2cf49e 100644 --- a/kubernetes/sdc/charts/sdc-cs/values.yaml +++ b/kubernetes/sdc/charts/sdc-cs/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.6.4 -cassandraInitImage: onap/sdc-cassandra-init:1.6.4 +image: onap/sdc-cassandra:1.6.5 +cassandraInitImage: onap/sdc-cassandra-init:1.6.5 pullPolicy: Always diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/charts/sdc-fe/values.yaml index e5d41eb897..8754d0fc87 100644 --- a/kubernetes/sdc/charts/sdc-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-fe/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-frontend:1.6.4 +image: onap/sdc-frontend:1.6.5 pullPolicy: Always config: diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml index 4cfebbf72f..0471c031a6 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-onboard-backend:1.6.4 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.4 +image: onap/sdc-onboard-backend:1.6.5 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml index 8bab2c84ea..05793d4f5b 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-backend:1.6.4 -configInitImage: onap/workflow-init:1.6.4 +image: onap/sdc-workflow-backend:1.7.0 +configInitImage: onap/sdc-workflow-init:1.7.0 pullPolicy: Always initJob: diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml index 359c33ab61..aaa7795709 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-frontend:1.6.4 +image: onap/sdc-workflow-frontend:1.7.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/dmaap-listener/values.yaml b/kubernetes/sdnc/charts/dmaap-listener/values.yaml index 51f7afeeb5..bcbad0d68e 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/charts/dmaap-listener/values.yaml @@ -56,7 +56,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-dmaap-listener-image:1.8.1 +image: onap/sdnc-dmaap-listener-image:1.8.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml index c08e53a84a..d0455d5647 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml @@ -56,7 +56,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ansible-server-image:1.8.1 +image: onap/sdnc-ansible-server-image:1.8.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml index 2fa7071827..71ebb69819 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/values.yaml @@ -73,7 +73,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/admportal-sdnc-image:1.8.1 +image: onap/admportal-sdnc-image:1.8.2 config: dbFabricDB: mysql dbFabricUser: admin diff --git a/kubernetes/sdnc/charts/ueb-listener/values.yaml b/kubernetes/sdnc/charts/ueb-listener/values.yaml index a02a38531c..7a19b12865 100644 --- a/kubernetes/sdnc/charts/ueb-listener/values.yaml +++ b/kubernetes/sdnc/charts/ueb-listener/values.yaml @@ -62,7 +62,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ueb-listener-image:1.8.1 +image: onap/sdnc-ueb-listener-image:1.8.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/templates/configmap.yaml b/kubernetes/sdnc/templates/configmap.yaml index 087ed30055..cd39425073 100644 --- a/kubernetes/sdnc/templates/configmap.yaml +++ b/kubernetes/sdnc/templates/configmap.yaml @@ -78,3 +78,16 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Get "resources/env.yaml") . | indent 2 }} + +{{ if .Values.global.aafEnabled }} +{{- if .Values.aafConfig.addconfig -}} +--- +apiVersion: v1 +kind: ConfigMap +{{- $suffix := "aaf-add-config" }} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} +data: + aaf-add-config.sh: |- + cd /opt/app/osaaf/local && /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.aafConfig.credsPath }}/.pass 2>&1 +{{- end -}} +{{- end -}} diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 4511ca9125..58ca866fca 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -92,54 +92,7 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness {{ if .Values.global.aafEnabled }} - - name: {{ include "common.name" . }}-aaf-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /root/ready.py - args: - - --container-name - - aaf-locate - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: {{ include "common.name" . }}-aaf - image: {{ .Values.global.repository }}/{{ .Values.aaf_init.agentImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: {{ .Values.certpersistence.certPath }} - name: {{ include "common.fullname" . }}-certs - command: - - bash - - -c - - | - /opt/app/aaf_config/bin/agent.sh && - cd /opt/app/osaaf/local && - /opt/app/aaf_config/bin/agent.sh local showpass | grep cadi_keystore_password= | cut -d= -f 2 > /opt/app/osaaf/local/.pass 2>&1 - env: - - name: APP_FQI - value: "{{ .Values.aaf_init.fqi }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace}}:8095" - - name: aaf_locator_container - value: "oom" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_fqdn - value: "{{ .Values.aaf_init.fqdn }}" - - name: aaf_locator_app_ns - value: "{{ .Values.aaf_init.app_ns }}" - - name: DEPLOY_FQI - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 12 }} - - name: DEPLOY_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 12 }} - - name: cadi_longitude - value: "{{ .Values.aaf_init.cadi_longitude }}" - - name: cadi_latitude - value: "{{ .Values.aaf_init.cadi_latitude }}" +{{ include "common.aaf-config" . | indent 6 }} {{ end }} - name: {{ include "common.name" . }}-chown image: "busybox" @@ -147,8 +100,9 @@ spec: volumeMounts: - mountPath: {{ .Values.persistence.mdsalPath }} name: {{ include "common.fullname" . }}-data - - mountPath: {{ .Values.certpersistence.certPath }} - name: {{ include "common.fullname" . }}-certs +{{- if .Values.global.aafEnabled }} +{{ include "common.aaf-config-volume-mountpath" . | indent 10 }} +{{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -197,6 +151,9 @@ spec: - name: JAVA_HOME value: "{{ .Values.config.javaHome}}" volumeMounts: + {{- if .Values.global.aafEnabled }} +{{ include "common.aaf-config-volume-mountpath" . | indent 10 }} + {{- end }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -237,8 +194,6 @@ spec: name: {{ include "common.fullname" . }}-data - mountPath: /var/log/onap name: logs - - mountPath: {{ .Values.certpersistence.certPath }} - name: {{ include "common.fullname" . }}-certs - mountPath: {{ .Values.config.odl.salConfigDir }}/{{ .Values.config.odl.salConfigVersion}}/sal-clustering-config-{{ .Values.config.odl.salConfigVersion}}-akkaconf.xml name: properties subPath: akka.conf @@ -298,17 +253,13 @@ spec: - name: properties emptyDir: medium: Memory - - name: {{ include "common.fullname" . }}-certs - {{ if .Values.certpersistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-certs - {{ else }} - emptyDir: {} - {{ end }} {{ if not .Values.persistence.enabled }} - name: {{ include "common.fullname" . }}-data emptyDir: {} {{ else }} + {{- if .Values.global.aafEnabled }} +{{ include "common.aaf-config-volumes" . | indent 8 }} + {{- end }} volumeClaimTemplates: - metadata: name: {{ include "common.fullname" . }}-data diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index f0d70e2c33..96ea6e33fd 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -24,6 +24,7 @@ global: readinessImage: readiness-check:2.0.2 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafAgentImage: onap/aaf/aaf_agent:2.1.15 persistence: mountPath: /dockerdata-nfs aafEnabled: true @@ -69,7 +70,7 @@ secrets: password: '{{ .Values.config.odlPassword }}' # For now this is left hardcoded but should be revisited in a future passwordPolicy: required - - uid: aaf-creds + - uid: &aaf_secret_uid aaf-creds type: basicAuth externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}' login: '{{ .Values.aaf_init.deploy_fqi }}' @@ -118,7 +119,7 @@ secrets: # application images repository: nexus3.onap.org:10001 pullPolicy: Always -image: onap/sdnc-image:1.8.1 +image: onap/sdnc-image:1.8.2 # flag to enable debugging - application support required @@ -194,6 +195,20 @@ config: numberGGLogFiles: 10 # dependency / sub-chart configuration +aafConfig: + addconfig: true + fqdn: "sdnc" + app_ns: "org.osaaf.aaf" + fqi: "sdnc@sdnc.onap.org" + fqi_namespace: org.onap.sdnc + public_fqdn: "sdnc.onap.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "38.0" + cadi_longitude: "-72.0" + secret_uid: *aaf_secret_uid + credsPath: /opt/app/osaaf/local + aaf_init: agentImage: onap/aaf/aaf_agent:2.1.15 app_ns: "org.osaaf.aaf" diff --git a/kubernetes/vnfsdk/resources/config/configuration.xml b/kubernetes/vnfsdk/resources/config/configuration.xml new file mode 100644 index 0000000000..6bd4e1c8eb --- /dev/null +++ b/kubernetes/vnfsdk/resources/config/configuration.xml @@ -0,0 +1,35 @@ + + + + + + + + + + + + + + + + + + + diff --git a/kubernetes/vnfsdk/templates/configmap.yaml b/kubernetes/vnfsdk/templates/configmap.yaml index 44d5f41f15..0c39e6e685 100644 --- a/kubernetes/vnfsdk/templates/configmap.yaml +++ b/kubernetes/vnfsdk/templates/configmap.yaml @@ -23,4 +23,4 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/marketplace_tables_postgres.sql").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/vnfsdk/templates/deployment.yaml b/kubernetes/vnfsdk/templates/deployment.yaml index bd187db286..3f4d6c43eb 100644 --- a/kubernetes/vnfsdk/templates/deployment.yaml +++ b/kubernetes/vnfsdk/templates/deployment.yaml @@ -34,6 +34,25 @@ spec: name: {{ include "common.name" . }} spec: initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: PG_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }} + - name: PG_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: init-data-input + - mountPath: /config + name: init-data + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - command: - /root/ready.py args: @@ -54,9 +73,10 @@ spec: name: {{ include "common.name" . }} resources: {{ include "common.resources" . | indent 12 }} - env: - - name: POSTGRES_SERVICE_HOST - value: "$(VNFSDK_DBSET_SERVICE_HOST)" + volumes: + - mountPath: /service/webapps/ROOT/WEB-INF/classes/mybatis/configuration/configuration.xml + name: init-data + subPath: configuration.xml readinessProbe: tcpSocket: port: {{ .Values.service.internalPort }} @@ -64,3 +84,10 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" + volumes: + - name: init-data-input + configMap: + name: {{ include "common.fullname" . }} + - name: init-data + emptyDir: + medium: Memory diff --git a/kubernetes/vnfsdk/templates/job.yaml b/kubernetes/vnfsdk/templates/job.yaml index 2ec7b95772..1d0dd29f59 100644 --- a/kubernetes/vnfsdk/templates/job.yaml +++ b/kubernetes/vnfsdk/templates/job.yaml @@ -51,13 +51,15 @@ spec: image: "{{ .Values.postgresRepository }}/{{ .Values.postgresImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: + - name: PGUSER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }} - name: PGPASSWORD - value: "{{ .Values.postgres.config.pgUserPassword }}" + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} command: - /bin/sh - -c - | - psql -U {{ .Values.postgres.config.pgUserName }} -h $(VNFSDK_DBPRI_SERVICE_HOST) -f /aaa/init/marketplace_tables_postgres.sql + psql -h $(VNFSDK_DBPRI_SERVICE_HOST) -f /aaa/init/marketplace_tables_postgres.sql volumeMounts: - name: init-data mountPath: /aaa/init/marketplace_tables_postgres.sql diff --git a/kubernetes/vnfsdk/templates/secrets.yaml b/kubernetes/vnfsdk/templates/secrets.yaml new file mode 100644 index 0000000000..b143034d8f --- /dev/null +++ b/kubernetes/vnfsdk/templates/secrets.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +{{ include "common.secretFast" . }} diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml index 28dea47cfc..82bef2d4eb 100644 --- a/kubernetes/vnfsdk/values.yaml +++ b/kubernetes/vnfsdk/values.yaml @@ -22,6 +22,22 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + envsubstImage: dibi/envsubst + +secrets: + - uid: pg-root-pass + name: &pgRootPassSecretName '{{ include "common.release" . }}-vnfsdk-pg-root-pass' + type: password + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "vnfsdk-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' + password: '{{ .Values.postgres.config.pgRootpassword }}' + policy: generate + - uid: pg-user-creds + name: &pgUserCredsSecretName '{{ include "common.release" . }}-vnfsdk-pg-user-creds' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "vnfsdk-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' + login: '{{ .Values.postgres.config.pgUserName }}' + password: '{{ .Values.postgres.config.pgUserPassword }}' + passwordPolicy: generate ################################################################# # Application configuration defaults. @@ -50,9 +66,8 @@ postgres: config: pgUserName: postgres pgDatabase: postgres - pgPrimaryPassword: postgres - pgUserPassword: postgres - pgRootPassword: postgres + pgUserExternalSecret: *pgUserCredsSecretName + pgRootPasswordExternalSecret: *pgRootPassSecretName # flag to enable debugging - application support required debugEnabled: false