From 1d061a4c38432c7d75c4adfa10b9a0786fa6ed5f Mon Sep 17 00:00:00 2001 From: Sylvain Desbureaux Date: Fri, 8 Nov 2019 15:27:20 +0100 Subject: [PATCH] [NBI] Use the common galera cluster of ONAP Instead of having our "own" galera cluster, use the common one already proposed by OOM. If a local cluster is needed, you just need to set global.mariadbGalera.localCluster to True. Also create a common chart that create the needed values for the database. Change-Id: I9ad551b76a40732b4ab3fc34ba7cde6ca90fe432 Issue-ID: EXTAPI-348 Signed-off-by: Sylvain Desbureaux --- .gitignore | 4 +- kubernetes/common/common/templates/_mariadb.tpl | 59 ++++ kubernetes/common/common/templates/_name.tpl | 12 +- kubernetes/common/mariadb-init/.helmignore | 23 ++ kubernetes/common/mariadb-init/Chart.yaml | 18 ++ kubernetes/common/mariadb-init/requirements.yaml | 18 ++ .../mariadb-init/resources/config/db_init.sh | 32 +++ .../common/mariadb-init/templates/_configmap.tpl | 26 ++ .../common/mariadb-init/templates/_mariadb.tpl | 26 ++ .../common/mariadb-init/templates/configmap.yaml | 27 ++ kubernetes/common/mariadb-init/templates/job.yaml | 105 +++++++ .../mariadb-init/templates/secret.yaml} | 8 +- .../common/mariadb-init/tests/configmap_test.yaml | 114 ++++++++ kubernetes/common/mariadb-init/tests/job_test.yaml | 307 +++++++++++++++++++++ .../common/mariadb-init/tests/secret_test.yaml | 49 ++++ kubernetes/common/mariadb-init/values.yaml | 87 ++++++ kubernetes/nbi/requirements.yaml | 5 + kubernetes/nbi/templates/deployment.yaml | 8 +- kubernetes/nbi/tests/deployment_test.yaml | 205 ++++++++++++++ kubernetes/nbi/values.yaml | 19 +- 20 files changed, 1140 insertions(+), 12 deletions(-) create mode 100644 kubernetes/common/common/templates/_mariadb.tpl create mode 100644 kubernetes/common/mariadb-init/.helmignore create mode 100644 kubernetes/common/mariadb-init/Chart.yaml create mode 100644 kubernetes/common/mariadb-init/requirements.yaml create mode 100755 kubernetes/common/mariadb-init/resources/config/db_init.sh create mode 100644 kubernetes/common/mariadb-init/templates/_configmap.tpl create mode 100644 kubernetes/common/mariadb-init/templates/_mariadb.tpl create mode 100644 kubernetes/common/mariadb-init/templates/configmap.yaml create mode 100644 kubernetes/common/mariadb-init/templates/job.yaml rename kubernetes/{nbi/templates/secrets.yaml => common/mariadb-init/templates/secret.yaml} (76%) create mode 100644 kubernetes/common/mariadb-init/tests/configmap_test.yaml create mode 100644 kubernetes/common/mariadb-init/tests/job_test.yaml create mode 100644 kubernetes/common/mariadb-init/tests/secret_test.yaml create mode 100644 kubernetes/common/mariadb-init/values.yaml create mode 100644 kubernetes/nbi/tests/deployment_test.yaml diff --git a/.gitignore b/.gitignore index 96e76c17fc..fcf3cdd96f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ +# Unit tests +__snapshot__ + # Application kubernetes/config/onap-parameters.yaml kubernetes/dist/* @@ -22,4 +25,3 @@ requirements.lock # Mac OS *DS_Store* - diff --git a/kubernetes/common/common/templates/_mariadb.tpl b/kubernetes/common/common/templates/_mariadb.tpl new file mode 100644 index 0000000000..cd7142fd73 --- /dev/null +++ b/kubernetes/common/common/templates/_mariadb.tpl @@ -0,0 +1,59 @@ +{{/* +# Copyright © 2019 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + Choose the name of the mariadb service to use. +*/}} +{{- define "common.mariadbService" -}} + {{- if .Values.global.mariadbGalera.localCluster -}} + {{- index .Values "mariadb-galera" "service" "name" -}} + {{- else -}} + {{- .Values.global.mariadbGalera.service -}} + {{- end -}} +{{- end -}} + +{{/* + Choose the value of mariadb port to use. +*/}} +{{- define "common.mariadbPort" -}} + {{- if .Values.global.mariadbGalera.localCluster -}} + {{- index .Values "mariadb-galera" "service" "internalPort" -}} + {{- else -}} + {{- .Values.global.mariadbGalera.internalPort -}} + {{- end -}} +{{- end -}} + +{{/* + Choose the value of secret to retrieve user value. +*/}} +{{- define "common.mariadbSecret" -}} + {{- if .Values.global.mariadbGalera.localCluster -}} + {{ printf "%s-%s" (include "common.fullname" .) (index .Values "mariadb-galera" "nameOverride") -}} + {{- else -}} + {{ printf "%s-%s" (.Release.Name) (index .Values "mariadb-init" "nameOverride") -}} + {{- end -}} +{{- end -}} + +{{/* + Choose the value of secret param to retrieve user value. +*/}} +{{- define "common.mariadbSecretParam" -}} + {{- if .Values.global.mariadbGalera.localCluster -}} + {{ printf "user-password" -}} + {{- else -}} + {{ printf "db-user-password" -}} + {{- end -}} +{{- end -}} diff --git a/kubernetes/common/common/templates/_name.tpl b/kubernetes/common/common/templates/_name.tpl index 4299984673..f84ca21f3a 100644 --- a/kubernetes/common/common/templates/_name.tpl +++ b/kubernetes/common/common/templates/_name.tpl @@ -28,4 +28,14 @@ {{- define "common.fullname" -}} {{- $name := default .Chart.Name .Values.nameOverride -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} \ No newline at end of file +{{- end -}} + +{{/* + Retrieve the "original" release from the component release: + if ONAP is deploy with "helm deploy --name toto", then cassandra components + will have "toto-cassandra" as release name. + this function would answer back "toto". +*/}} +{{- define "common.release" -}} + {{- regexReplaceAll "-[a-zA-Z0-9]*$" .Release.Name "" }} +{{- end -}} diff --git a/kubernetes/common/mariadb-init/.helmignore b/kubernetes/common/mariadb-init/.helmignore new file mode 100644 index 0000000000..dadf202953 --- /dev/null +++ b/kubernetes/common/mariadb-init/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj + +tests diff --git a/kubernetes/common/mariadb-init/Chart.yaml b/kubernetes/common/mariadb-init/Chart.yaml new file mode 100644 index 0000000000..47b8b8f11c --- /dev/null +++ b/kubernetes/common/mariadb-init/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Chart for MariaDB Galera init job +name: mariadb-init +version: 5.0.0 diff --git a/kubernetes/common/mariadb-init/requirements.yaml b/kubernetes/common/mariadb-init/requirements.yaml new file mode 100644 index 0000000000..d323ddaa2b --- /dev/null +++ b/kubernetes/common/mariadb-init/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~5.x-0 + repository: 'file://../common' \ No newline at end of file diff --git a/kubernetes/common/mariadb-init/resources/config/db_init.sh b/kubernetes/common/mariadb-init/resources/config/db_init.sh new file mode 100755 index 0000000000..304835bdd5 --- /dev/null +++ b/kubernetes/common/mariadb-init/resources/config/db_init.sh @@ -0,0 +1,32 @@ +#!/bin/sh +# Copyright © 2019 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +echo "Creating database {{ .Values.config.mysqlDatabase }} and user {{ .Values.config.userName }}..." + +mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE OR REPLACE USER '{{ .Values.config.userName }}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'" +mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE DATABASE IF NOT EXISTS {{ .Values.config.mysqlDatabase }}" +mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "GRANT ALL PRIVILEGES ON {{ .Values.config.mysqlDatabase }}.* TO '{{ .Values.config.userName }}'@'%'" + +echo "Created database {{ .Values.config.mysqlDatabase }} and user {{ .Values.config.userName }}." + +{{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases -}} +echo "Creating database {{ $db }} and user {{ $dbInfos.user }}..." + +mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE OR REPLACE USER '{{ $dbInfos.user }}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD_{{ $db | upper }}}'" +mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE DATABASE IF NOT EXISTS {{ $db }}" +mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "GRANT ALL PRIVILEGES ON {{ $db }}.* TO '{{ $dbInfos.user }}'@'%'" + +echo "Created database {{ $db }} and user {{ $dbInfos.user }}." +{{ end }} diff --git a/kubernetes/common/mariadb-init/templates/_configmap.tpl b/kubernetes/common/mariadb-init/templates/_configmap.tpl new file mode 100644 index 0000000000..ea612a078d --- /dev/null +++ b/kubernetes/common/mariadb-init/templates/_configmap.tpl @@ -0,0 +1,26 @@ +{{/* +# Copyright © 2019 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + Choose the name of the configmap to use. +*/}} +{{- define "mariadbInit.configMap" -}} + {{- if (eq "default" .Values.config.config_map) -}} + {{- include "common.fullname" . -}} + {{- else -}} + {{- printf "%s-%s" (include "common.release" .) .Values.config.config_map -}} + {{- end -}} +{{- end -}} diff --git a/kubernetes/common/mariadb-init/templates/_mariadb.tpl b/kubernetes/common/mariadb-init/templates/_mariadb.tpl new file mode 100644 index 0000000000..4f111a5f40 --- /dev/null +++ b/kubernetes/common/mariadb-init/templates/_mariadb.tpl @@ -0,0 +1,26 @@ +{{/* +# Copyright © 2019 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + Choose the name of the mariadb secret to use. +*/}} +{{- define "mariadbInit.mariadbClusterSecret" -}} + {{- if (eq "default" .Values.global.mariadbGalera.userRootSecret) -}} + {{- printf "%s-mariadb-galera-%s" (include "common.release" .) .Values.global.mariadbGalera.nameOverride -}} + {{- else -}} + {{- .Values.global.mariadbGalera.userRootSecret -}} + {{- end -}} +{{- end -}} diff --git a/kubernetes/common/mariadb-init/templates/configmap.yaml b/kubernetes/common/mariadb-init/templates/configmap.yaml new file mode 100644 index 0000000000..9da03668f5 --- /dev/null +++ b/kubernetes/common/mariadb-init/templates/configmap.yaml @@ -0,0 +1,27 @@ +# Copyright © 2019 Orange +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml new file mode 100644 index 0000000000..679c10c9a3 --- /dev/null +++ b/kubernetes/common/mariadb-init/templates/job.yaml @@ -0,0 +1,105 @@ +# Copyright © 2019 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-config-job + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + backoffLimit: 20 + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + name: {{ include "common.name" . }} + spec: + initContainers: + - name: {{ include "common.name" . }}-readiness + command: + - /root/ready.py + args: + - --container-name + - {{ .Values.global.mariadbGalera.nameOverride }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - bash + - /db_init/db_init.sh + env: + - name: DB_HOST + value: "{{ .Values.global.mariadbGalera.nameOverride }}" + - name: DB_PORT + value: "{{ .Values.global.mariadbGalera.servicePort }}" + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mariadbInit.mariadbClusterSecret" . }} + key: {{ .Values.global.mariadbGalera.userRootSecretKey }} + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: db-user-password +{{- $root := . }} +{{ range $db, $_value := .Values.config.mysqlAdditionalDatabases }} + - name: {{ printf "MYSQL_PASSWORD_%s" $db | upper }} + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" $root }}-secret + key: {{ printf "db-%s-user-password" $db }} +{{ end }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: mariadb-conf + mountPath: /db_init/ + readOnly: true + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: mariadb-conf + configMap: + name: {{ include "mariadbInit.configMap" . }} + - name: localtime + hostPath: + path: /etc/localtime + restartPolicy: Never + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/nbi/templates/secrets.yaml b/kubernetes/common/mariadb-init/templates/secret.yaml similarity index 76% rename from kubernetes/nbi/templates/secrets.yaml rename to kubernetes/common/mariadb-init/templates/secret.yaml index ea6ae8296e..f30d582110 100644 --- a/kubernetes/nbi/templates/secrets.yaml +++ b/kubernetes/common/mariadb-init/templates/secret.yaml @@ -15,7 +15,7 @@ apiVersion: v1 kind: Secret metadata: - name: {{ include "common.fullname" . }}-secret + name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -24,5 +24,7 @@ metadata: heritage: {{ .Release.Service }} type: Opaque data: - db-user-password: {{ index .Values "mariadb-galera" "config" "userPassword" | b64enc | quote }} - db-root-password: {{ index .Values "mariadb-galera" "config" "mariadbRootPassword" | b64enc | quote }} + db-user-password: {{ index .Values.config.userPassword | b64enc | quote }} +{{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }} + {{ printf "db-%s-user-password" $db}}: {{ $dbInfos.password | b64enc | quote }} +{{ end }} diff --git a/kubernetes/common/mariadb-init/tests/configmap_test.yaml b/kubernetes/common/mariadb-init/tests/configmap_test.yaml new file mode 100644 index 0000000000..34914cdb3e --- /dev/null +++ b/kubernetes/common/mariadb-init/tests/configmap_test.yaml @@ -0,0 +1,114 @@ +--- +suite: test configmap behavior +templates: + - configmap.yaml +tests: + - it: "should render with default value" + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: RELEASE-NAME-mariadb-init + - equal: + path: metadata.namespace + value: NAMESPACE + - matchRegex: + path: metadata.labels.app + pattern: mariadb-init + - equal: + path: data + value: + db_init.sh: | + #!/bin/sh + # Copyright © 2019 Orange + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + echo "Creating database ynsaUCru6mUNwGal and user u5WZ1GMSIS1wHZF..." + + mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 + CREATE OR REPLACE USER 'u5WZ1GMSIS1wHZF'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD}'; + CREATE OR REPLACE USER 'u5WZ1GMSIS1wHZF'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'; + CREATE DATABASE IF NOT EXISTS ynsaUCru6mUNwGal; + GRANT ALL PRIVILEGES ON ynsaUCru6mUNwGal.* TO 'u5WZ1GMSIS1wHZF'@'%'; + GRANT ALL PRIVILEGES ON ynsaUCru6mUNwGal.* TO 'u5WZ1GMSIS1wHZF'@'localhost'; + EOF + + echo "Created database ynsaUCru6mUNwGal and user u5WZ1GMSIS1wHZF." + - it: "shoud render with other databases" + set: + config: + userName: testUser + mysqlDatabase: testDB + mysqlAdditionalDatabases: + dbOne: + user: one + password: pwd1 + dbTwo: + user: two + password: pwd2 + asserts: + - equal: + path: data + value: + db_init.sh: | + #!/bin/sh + # Copyright © 2019 Orange + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + echo "Creating database testDB and user testUser..." + + mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 + CREATE OR REPLACE USER 'testUser'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD}'; + CREATE OR REPLACE USER 'testUser'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'; + CREATE DATABASE IF NOT EXISTS testDB; + GRANT ALL PRIVILEGES ON testDB.* TO 'testUser'@'%'; + GRANT ALL PRIVILEGES ON testDB.* TO 'testUser'@'localhost'; + EOF + + echo "Created database testDB and user testUser." + + echo "Creating database dbOne and user one..." + + mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 + CREATE OR REPLACE USER 'one'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD_DBONE}'; + CREATE OR REPLACE USER 'one'@'%' IDENTIFIED BY '${MYSQL_PASSWORD_DBONE}'; + CREATE DATABASE IF NOT EXISTS dbOne; + GRANT ALL PRIVILEGES ON dbOne.* TO 'one'@'%'; + GRANT ALL PRIVILEGES ON dbOne.* TO 'one'@'localhost'; + EOF + + echo "Created database dbOne and user one." + echo "Creating database dbTwo and user two..." + + mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 + CREATE OR REPLACE USER 'two'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD_DBTWO}'; + CREATE OR REPLACE USER 'two'@'%' IDENTIFIED BY '${MYSQL_PASSWORD_DBTWO}'; + CREATE DATABASE IF NOT EXISTS dbTwo; + GRANT ALL PRIVILEGES ON dbTwo.* TO 'two'@'%'; + GRANT ALL PRIVILEGES ON dbTwo.* TO 'two'@'localhost'; + EOF + + echo "Created database dbTwo and user two." diff --git a/kubernetes/common/mariadb-init/tests/job_test.yaml b/kubernetes/common/mariadb-init/tests/job_test.yaml new file mode 100644 index 0000000000..7523ee1c6e --- /dev/null +++ b/kubernetes/common/mariadb-init/tests/job_test.yaml @@ -0,0 +1,307 @@ +--- +suite: test job behavior +templates: + - job.yaml +tests: + - it: "should render with default value (global)" + asserts: + - isKind: + of: Job + - matchRegex: + path: metadata.name + pattern: -mariadb-init-config-job$ + - equal: + path: metadata.namespace + value: NAMESPACE + - matchRegex: + path: metadata.labels.app + pattern: mariadb-init + - matchRegex: + path: spec.template.metadata.labels.app + pattern: mariadb-init + - matchRegex: + path: spec.template.metadata.name + pattern: mariadb-init + - isNull: + path: spec.template.spec.nodeSelector + - isNull: + path: spec.template.spec.affinity + - it: "should render with default value (init container)" + asserts: + - matchRegex: + path: spec.template.spec.initContainers[0].name + pattern: mariadb-init-readiness + - contains: + path: spec.template.spec.initContainers[0].args + content: mariadb-galera + - equal: + path: spec.template.spec.initContainers[0].image + value: oomk8s/readiness-check:2.0.2 + - equal: + path: spec.template.spec.initContainers[0].imagePullPolicy + value: IfNotPresent + - it: "should render with default value (container)" + asserts: + - matchRegex: + path: spec.template.spec.containers[0].name + pattern: mariadb-init + - equal: + path: spec.template.spec.containers[0].image + value: nexus3.onap.org:10001/mariadb:10.1.38 + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: IfNotPresent + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_HOST + value: mariadb-galera + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_PORT + value: "3306" + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-galera-mariadb-galera + key: db-root-password + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-init-secret + key: db-user-password + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: mariadb-conf + mountPath: /db_init/ + readOnly: true + - equal: + path: spec.template.spec.containers[0].resources.limits.cpu + value: 100m + - equal: + path: spec.template.spec.containers[0].resources.limits.memory + value: 500Mbi + - equal: + path: spec.template.spec.containers[0].resources.requests.cpu + value: 10m + - equal: + path: spec.template.spec.containers[0].resources.requests.memory + value: 10Mbi + - it: "should render with default value (volumes)" + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: mariadb-conf + configMap: + name: RELEASE-NAME-mariadb-init + + - it: "should render with nameOverride set" + set: + nameOverride: myJob + asserts: + - matchRegex: + path: metadata.name + pattern: -myJob-config-job$ + - matchRegex: + path: metadata.labels.app + pattern: myJob + - matchRegex: + path: spec.template.metadata.labels.app + pattern: myJob + - matchRegex: + path: spec.template.metadata.name + pattern: myJob + - matchRegex: + path: spec.template.spec.initContainers[0].name + pattern: myJob-readiness + - matchRegex: + path: spec.template.spec.containers[0].name + pattern: myJob + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + # replicating name from mariadb galera cluster, kind of hardcoded... + name: RELEASE-NAME-myJob-secret + key: db-user-password + - contains: + path: spec.template.spec.volumes + content: + name: mariadb-conf + configMap: + name: RELEASE-NAME-myJob + + - it: "should render with configmap set" + set: + config: + config_map: myCM + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: mariadb-conf + configMap: + name: RELEASE-NAME-myCM + + - it: "should render with mariadbGalera changes" + set: + global: + mariadbGalera: + nameOverride: myMaria + servicePort: 545 + asserts: + - contains: + path: spec.template.spec.initContainers[0].args + content: myMaria + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_HOST + value: myMaria + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_PORT + value: "545" + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-galera-myMaria + key: db-root-password + + - it: "should render with full mariadbGalera changes" + set: + global: + mariadbGalera: + nameOverride: myMaria + servicePort: 545 + userRootSecret: galera-secret + userRootSecretKey: root-password + asserts: + - contains: + path: spec.template.spec.initContainers[0].args + content: myMaria + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_HOST + value: myMaria + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_PORT + value: "545" + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: galera-secret + key: root-password + + - it: "should set the right nodeSelector" + set: + nodeSelector: + disktype: ssd + asserts: + - equal: + path: spec.template.spec.nodeSelector.disktype + value: ssd + + - it: "should set the right affinity" + set: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/e2e-az-name + operator: In + values: + - e2e-az1 + - e2e-az2 + asserts: + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/e2e-az-name + operator: In + values: + - e2e-az1 + - e2e-az2 + - it: "should use large flavor" + set: + flavor: large + asserts: + - equal: + path: spec.template.spec.containers[0].resources.limits.cpu + value: 200m + - equal: + path: spec.template.spec.containers[0].resources.limits.memory + value: 500Mbi + - equal: + path: spec.template.spec.containers[0].resources.requests.cpu + value: 20m + - equal: + path: spec.template.spec.containers[0].resources.requests.memory + value: 20Mbi + - it: "should use unlimited flavor" + set: + flavor: unlimited + asserts: + - isEmpty: + path: spec.template.spec.containers[0].resources + - it: "shoud render with other databases" + set: + config: + mysqlAdditionalDatabases: + dbOne: + user: one + password: pwd1 + dbTwo: + user: two + password: pwd2 + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-init-secret + key: db-user-password + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PASSWORD_DBONE + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-init-secret + key: db-dbOne-user-password + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PASSWORD_DBTWO + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-init-secret + key: db-dbTwo-user-password diff --git a/kubernetes/common/mariadb-init/tests/secret_test.yaml b/kubernetes/common/mariadb-init/tests/secret_test.yaml new file mode 100644 index 0000000000..ef0565d6c0 --- /dev/null +++ b/kubernetes/common/mariadb-init/tests/secret_test.yaml @@ -0,0 +1,49 @@ +--- +suite: test secret behavior +templates: + - secret.yaml +tests: + - it: "should render with default values" + asserts: + - isKind: + of: Secret + - equal: + path: metadata.name + value: RELEASE-NAME-mariadb-init + - equal: + path: metadata.namespace + value: NAMESPACE + - matchRegex: + path: metadata.labels.app + pattern: mariadb-init-config-job + - equal: + path: data.db-user-password + value: Q2lAc2hzT2QzcGt5MVZqaQ== + - it: "should render specific password value base64 encoded" + set: + config: + userPassword: yolo + asserts: + - equal: + path: data.db-user-password + value: eW9sbw== + - it: "shoud render with other databases" + set: + config: + mysqlAdditionalDatabases: + dbOne: + user: one + password: pwd1 + dbTwo: + user: two + password: pwd2 + asserts: + - equal: + path: data.db-user-password + value: Q2lAc2hzT2QzcGt5MVZqaQ== + - equal: + path: data.db-dbOne-user-password + value: cHdkMQ== + - equal: + path: data.db-dbTwo-user-password + value: cHdkMg== diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml new file mode 100644 index 0000000000..095ff62ddf --- /dev/null +++ b/kubernetes/common/mariadb-init/values.yaml @@ -0,0 +1,87 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + mariadbGalera: + nameOverride: mariadb-galera + servicePort: 3306 + # set these two values if you want to access an 'out of ONAP' mariadb + userRootSecret: default + userRootSecretKey: db-root-password + +################################################################# +# Application configuration defaults. +################################################################# + +image: mariadb:10.1.38 +pullPolicy: IfNotPresent + +# Set it if you want to change the name of the different components +# nameOverride: + +config: + userPassword: Ci@shsOd3pky1Vji + userName: u5WZ1GMSIS1wHZF + mysqlDatabase: ynsaUCru6mUNwGal + mysqlAdditionalDatabases: {} + # add addtional dabases + # this is an dict + # Example: + # mysqlAdditionalDatabases: + # dbOne: + # user: one + # password: pwd1 + # dbTwo: + # user: two + # password: pwd2 + config_map: default + +nodeSelector: {} + +affinity: {} + +#resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +flavor: small +resources: + small: + limits: + cpu: 100m + memory: 500Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 20m + memory: 20Mi + unlimited: {} diff --git a/kubernetes/nbi/requirements.yaml b/kubernetes/nbi/requirements.yaml index c4d65a791d..f0c4b8e374 100644 --- a/kubernetes/nbi/requirements.yaml +++ b/kubernetes/nbi/requirements.yaml @@ -26,3 +26,8 @@ dependencies: - name: mariadb-galera version: ~5.x-0 repository: '@local' + condition: global.mariadbGalera.localCluster + - name: mariadb-init + version: ~5.x-0 + repository: '@local' + condition: not global.mariadbGalera.localCluster diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml index dc66319e7c..4ba28b0fc0 100644 --- a/kubernetes/nbi/templates/deployment.yaml +++ b/kubernetes/nbi/templates/deployment.yaml @@ -30,7 +30,7 @@ spec: labels: app: {{ include "common.name" . }} release: {{ .Release.Name }} - name: {{ include "common.fullname" . }} + name: {{ include "common.fullname" . }} spec: containers: - name: {{ include "common.name" . }} @@ -54,14 +54,14 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: SPRING_DATASOURCE_URL - value: jdbc:mariadb://{{ index .Values "mariadb-galera" "service" "name" }}.{{ include "common.namespace" . }}:3306/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }} + value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }} - name: SPRING_DATASOURCE_USERNAME value: {{ index .Values "mariadb-galera" "config" "userName" }} - name: SPRING_DATASOURCE_PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.fullname" . }}-secret - key: db-user-password + name: {{ include "common.mariadbSecret" . }} + key: {{ include "common.mariadbSecretParam" . }} - name: SPRING_DATA_MONGODB_HOST value: {{ .Values.mongo.service.name }}.{{ include "common.namespace" . }} - name: SPRING_DATA_MONGODB_PORT diff --git a/kubernetes/nbi/tests/deployment_test.yaml b/kubernetes/nbi/tests/deployment_test.yaml new file mode 100644 index 0000000000..7c8a1b0dbb --- /dev/null +++ b/kubernetes/nbi/tests/deployment_test.yaml @@ -0,0 +1,205 @@ +--- +suite: test deployment behavior +templates: + - deployment.yaml +tests: + - it: "should render with default values (global)" + asserts: + - isKind: + of: Deployment + - equal: + path: metadata.name + value: RELEASE-NAME-nbi + - equal: + path: metadata.namespace + value: NAMESPACE + - matchRegex: + path: metadata.labels.app + pattern: nbi + - matchRegex: + path: spec.template.metadata.labels.app + pattern: nbi + - equal: + path: spec.template.metadata.name + value: RELEASE-NAME-nbi + - equal: + path: spec.replicas + value: 1 + - isNull: + path: spec.template.spec.nodeSelector + - isNull: + path: spec.template.spec.affinity + + - it: "should render with default value (container)" + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: nbi + - equal: + path: spec.template.spec.containers[0].image + value: nexus3.onap.org:10001/onap/externalapi/nbi:5.0.1 + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: IfNotPresent + - contains: + path: spec.template.spec.containers[0].env + content: + name: SPRING_DATASOURCE_URL + value: jdbc:mariadb://mariadb-galera:3306/nbi + - contains: + path: spec.template.spec.containers[0].env + content: + name: SPRING_DATASOURCE_USERNAME + value: rene + - contains: + path: spec.template.spec.containers[0].env + content: + name: SPRING_DATASOURCE_PASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-nbi-config + key: db-user-password + - contains: + path: spec.template.spec.containers[0].env + content: + name: SPRING_DATA_MONGODB_HOST + value: nbi-mongohost.NAMESPACE + - contains: + path: spec.template.spec.containers[0].env + content: + name: SPRING_DATA_MONGODB_PORT + value: "27017" + - contains: + path: spec.template.spec.containers[0].env + content: + name: SPRING_DATA_MONGODB_DATABASE + value: ServiceOrderDB + - contains: + path: spec.template.spec.containers[0].env + content: + name: ONAP_LCPCLOUDREGIONID + value: RegionOne + - contains: + path: spec.template.spec.containers[0].env + content: + name: ONAP_TENANTID + value: 31047205ce114b60833b23e400d6a535 + - contains: + path: spec.template.spec.containers[0].env + content: + name: ONAP_CLOUDOWNER + value: CloudOwner + - contains: + path: spec.template.spec.containers[0].env + content: + name: NBI_URL + value: http://nbi.NAMESPACE:8080/nbi/api/v4 + - contains: + path: spec.template.spec.containers[0].env + content: + name: SDC_HOST + value: https://sdc-be.NAMESPACE:8443 + - contains: + path: spec.template.spec.containers[0].env + content: + name: SDC_HEADER_ECOMPINSTANCEID + value: OOM + - contains: + path: spec.template.spec.containers[0].env + content: + name: SDC_HEADER_AUTHORIZATION + value: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU= + - contains: + path: spec.template.spec.containers[0].env + content: + name: AAI_HOST + value: https://aai.NAMESPACE:8443 + - contains: + path: spec.template.spec.containers[0].env + content: + name: AAI_HEADER_AUTHORIZATION + value: Basic QUFJOkFBSQ== + - contains: + path: spec.template.spec.containers[0].env + content: + name: SO_HOST + value: http://so.NAMESPACE:8080 + - contains: + path: spec.template.spec.containers[0].env + content: + name: DMAAP_HOST + value: http://message-router.NAMESPACE:3904 + - contains: + path: spec.template.spec.containers[0].env + content: + name: LOGGING_LEVEL_ORG_ONAP_NBI + value: INFO + - contains: + path: spec.template.spec.containers[0].env + content: + name: MSB_ENABLED + value: "true" + - contains: + path: spec.template.spec.containers[0].env + content: + name: MSB_DISCOVERY_HOST + value: msb-discovery.NAMESPACE + - contains: + path: spec.template.spec.containers[0].env + content: + name: MSB_DISCOVERY_PORT + value: "10081" + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + initialDelaySeconds: 180 + periodSeconds: 30 + tcpSocket: + port: 8080 + - equal: + path: spec.template.spec.containers[0].readinessProbe + value: + initialDelaySeconds: 185 + periodSeconds: 30 + tcpSocket: + port: 8080 + - contains: + path: spec.template.spec.containers[0].ports + content: + containerPort: 8080 + - equal: + path: spec.template.spec.containers[0].resources.limits.cpu + value: 1 + - equal: + path: spec.template.spec.containers[0].resources.limits.memory + value: 2Gi + - equal: + path: spec.template.spec.containers[0].resources.requests.cpu + value: 100m + - equal: + path: spec.template.spec.containers[0].resources.requests.memory + value: 1Gi + - it: "should render when deciding to use local cluster (container)" + set: + global: + mariadbGalera: + localCluster: true + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: SPRING_DATASOURCE_URL + value: jdbc:mariadb://nbi-galera:3306/nbi + - contains: + path: spec.template.spec.containers[0].env + content: + name: SPRING_DATASOURCE_USERNAME + value: rene + - contains: + path: spec.template.spec.containers[0].env + content: + name: SPRING_DATASOURCE_PASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-nbi-nbi-galera + key: user-password diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index 28a5f8d17d..30f7d2d18e 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -19,9 +19,15 @@ global: nodePortPrefix: 302 readinessRepository: oomk8s - readinessImage: readiness-check:1.1.0 + readinessImage: readiness-check:2.0.2 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + mariadbGalera: &mariadbGalera + #This flag allows SO to instantiate its own mariadb-galera cluster + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera subChartsOnly: enabled: true @@ -29,7 +35,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 image: onap/externalapi/nbi:5.0.1 -pullPolicy: Always +pullPolicy: IfNotPresent sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU= aai_authorization: Basic QUFJOkFBSQ== so_authorization: @@ -45,7 +51,9 @@ config: openStackVNFTenantId: 31047205ce114b60833b23e400d6a535 mariadb-galera: - config: + # '&mariadbConfig' means we "store" the values for later use in the file + # with '*mariadbConfig' pointer. + config: &mariadbConfig userName: rene userPassword: lkjgklqsdareyhjujlnnbvfvdttuiukgpiokqbfsjdhfigquosegombvjfqhb mariadbRootPassword: dhqjdshjdsguryebvcnbvcvdsqghyjqgktgjjfhjfghbfs @@ -54,11 +62,16 @@ mariadb-galera: service: name: nbi-galera portName: nbi-galera + internalPort: 3306 replicaCount: 1 persistence: enabled: true mountSubPath: nbi/maria/data +mariadb-init: + config: *mariadbConfig + nameOverride: nbi-config + mongo: nameOverride: nbi-mongo config: -- 2.16.6