# ONAP DCAE Kubernetes Plugin for Cloudify
-This directory contains a Cloudify plugin used to orchestrate the deployment of containerized DCAE platform and service components into a Kubernetes ("k8s")
+This directory contains a Cloudify plugin used to orchestrate the deployment of containerized DCAE service components into a Kubernetes ("k8s")
environment. This work is based on the [ONAP DCAE Docker plugin] (../docker).
This plugin is *not* a generic Kubernetes plugin that exposes the full set of Kubernetes features.
In fact, the plugin largely hides the fact that we're using Kubernetes from both component developers and blueprint authors.
The Cloudify node type definitions are very similar to the Cloudify type definitions used in the ONAP DCAE Docker plugin.
-For the node types `ContainerizedPlatformComponent`, `ContainerizedServiceComponent`, and `ContainerizedServiceComponentUsingDmaap`, this plugin
+For the node types `ContainerizedServiceComponent` and `ContainerizedServiceComponentUsingDmaap`, this plugin
creates the following Kubernetes entities:
- A Kubernetes `Deployment` containing information about what containers to run and what volume to mount.
- If the blueprint specifies that the component uses TLS (HTTPS) via the `tls_info` property, the `Deployment` includes an init container,
a volume that holds TLS certificate artifacts, and volume mounts on the init container and the component's container. The init container
populates the TLS certificate artifacts volume with certificates, keys, keystores, etc.
+ - If the blueprint specifies that the component uses external TLS via the `external_cert` property, the `Deployment` includes an additional init container
+ and the component's container. The init container populates the external TLS certificate artifacts in mounted volume. The container requires CMPv2 CertService to work properly.
- If the blueprint indicates that the component exposes any ports, the plugin will create a Kubernetes `Service` that allocates an address
in the Kubernetes network address space that will route traffic to a container that's running the component. This `Service` provides a
fixed "virtual IP" for the component.
- `tls`: object containing configuration for setting up TLS init container
- `cert_path`: mount point for the TLS certificate artifact volume in the init container
- `image`: Docker image to use for the TLS init container
-
+ - `external_cert`: object containing configuration for setting up external TLS init container
+ - `image_tag`: CertService client image name and version
+ - `request_url`: URL to Cert Service API
+ - `timeout`: Request timeout
+ - `country`: Country name in ISO 3166-1 alpha-2 format, for which certificate will be created
+ - `organization`: Organization name, for which certificate will be created
+ - `state`: State name, for which certificate will be created
+ - `organizational_unit`: Organizational unit name, for which certificate will be created
+ - `location`: Location name, for which certificate will be created
+ - `truststore_merger`: object containing configuration for setting up truststore-merger init container
+ - `image_tag`: truststore-merger image name and version
#### Kubernetes access information
The plugin accesses a Kubernetes cluster. The information and credentials for accessing a cluster are stored in a "kubeconfig"
#### `ports`
-List of strings - Used to bind container ports to host ports. Each item is of the format: `<container port>:<host port>` or
+List of strings - Used to bind container ports to host ports. Each item is of the format: `<container port>:<host port>` or
<container port>/<protocol>:<host port>, where <protocol> can be "TCP", "tcp", "UDP", or "udp". If the first format is used, the
protocol defaults to TCP.
-Note that `ContainerizedPlatformComponent` has the property pair `host_port` and `container_port`. This pair will be merged with the input parameters ports.
-
```yaml
ports:
- '8000:31000'
ports on the Kubernetes host's external interface. Setting `<host port>` to a non-zero value will expose that port on the external interfaces
of every Kubernetes host in the cluster. (This uses the Kubernetes `NodePort` service type.)
+In dualstack Kubernetes environment, adding parameter ipv6 or ipv4, specify which ip family will be used.
+If ipv6 will be set in only ipv4 Kubernetes cluster, service will use ipv4 instead of declared ipv6.
+
+```yaml
+ports:
+ - concat: ['8000:31000']
+ ipv6: false
+ - concat: ['8000:31001']
+ ipv6: true
+```
+
#### `max_wait`
Integer - seconds to wait for component to become ready before throwing a `NonRecoverableError`. For example:
This also applies to data router feeds.
## Additional Operations Supported by the Plugin
-In addition to supporting the Cloudify `install` and `uninstall` workflows, the plugin provides two standalone operations that can be invoked using the Cloudify [`execute_operation` workflow](https://docs.cloudify.co/4.3.0/working_with/workflows/built-in-workflows/). The `dcae.nodes.ContainerizedApplication`, `dcae.nodes.ContainerizedPlatformComponent`, `dcae.nodes.ContainerizedServiceComponent`, and `dcae.nodes.ContainerizedServiceComponentUsingDmaap` node types support these operations.
+In addition to supporting the Cloudify `install` and `uninstall` workflows, the plugin provides two standalone operations that can be invoked using the Cloudify [`execute_operation` workflow](https://docs.cloudify.co/4.3.0/working_with/workflows/built-in-workflows/). The `dcae.nodes.ContainerizedApplication`, `dcae.nodes.ContainerizedServiceComponent`, and `dcae.nodes.ContainerizedServiceComponentUsingDmaap` node types support these operations.
Currently, there's no convenient high-level interface to trigger these operations, but they could potentially be exposed through some kind of dashboard.
```
Note that the `node_ids` list is required by the `execute_operation` workflow. The list contains all of the nodes that are being targeted by the workflow. For an `update_image` operation, the list typically has only one element.
-Note also that the `update_image` operation targets the container running the application code (i.e., the container running the image specified in the `image` node property). This plugin may deploy "sidecar" containers running supporting code--for example, the "filebeat" container that relays logs to the central log server. The `update_image` operation does not touch any "sidecar" containers.
\ No newline at end of file
+Note also that the `update_image` operation targets the container running the application code (i.e., the container running the image specified in the `image` node property). This plugin may deploy "sidecar" containers running supporting code--for example, the "filebeat" container that relays logs to the central log server. The `update_image` operation does not touch any "sidecar" containers.
Code Review / dcaegen2 / platform / plugins.git / blobdiff