From: Konrad Bańka <k.banka@samsung.com>
Date: Wed, 28 Oct 2020 15:49:19 +0000 (+0100)
Subject: [CCSDK] Make a1policymanagement react on ConfigMap updates
X-Git-Tag: 7.0.0~15
X-Git-Url: https://gerrit.onap.org/r/gitweb?p=oom.git;a=commitdiff_plain;h=32d44e977649f3a4085a565adfbede964a029657

[CCSDK] Make a1policymanagement react on ConfigMap updates

Updated Deployment spec to template ConfigMap files in runtime allowing
live reaction of application to config changes.
Provided Configmaps with scripts to handle monitoring configmap-provided
files.
Updated envsubst to explicitly point to downloaded version.

Issue-ID: CCSDK-2958
Signed-off-by: Konrad Bańka <k.banka@samsung.com>
Change-Id: I22e18f2838c0956f899cb9fa96d9fd862e6c6942
(cherry picked from commit 52c38b98b8410de74e545f5cd7f79c2d959bc81a)
---

diff --git a/kubernetes/a1policymanagement/resources/envsubst/daemon.sh b/kubernetes/a1policymanagement/resources/envsubst/daemon.sh
new file mode 100644
index 0000000000..6d239f1ec8
--- /dev/null
+++ b/kubernetes/a1policymanagement/resources/envsubst/daemon.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+terminate() {
+  echo "$(date) | INFO | Terminating child processes"
+  pids="$(jobs -p)"
+  if [ "$pids" != "" ]; then
+    kill -TERM $pids >/dev/null 2>/dev/null
+  fi
+  wait
+}
+
+trap terminate TERM
+echo "$(date) | INFO | Started monitoring /config-input/ directory"
+inotifyd /tmp/scripts/update_files /config-input/ &
+wait
diff --git a/kubernetes/a1policymanagement/resources/envsubst/update_files b/kubernetes/a1policymanagement/resources/envsubst/update_files
new file mode 100644
index 0000000000..754bb55432
--- /dev/null
+++ b/kubernetes/a1policymanagement/resources/envsubst/update_files
@@ -0,0 +1,27 @@
+#!/bin/sh
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+if [ "$1" == "y" ] && [ "$3" == "..data" ]; then
+  echo "$(date) | INFO | Configmap has been reloaded"
+  cd /config-input
+  for file in $(ls -1); do
+    if [ "$file" -nt "/config/$file" ]; then
+      echo "$(date) | INFO | Templating /config/$file"
+      envsubst <$file >/config/$file
+    fi
+  done
+fi
diff --git a/kubernetes/a1policymanagement/templates/deployment.yaml b/kubernetes/a1policymanagement/templates/deployment.yaml
index 6987bd41c5..1a2866b981 100644
--- a/kubernetes/a1policymanagement/templates/deployment.yaml
+++ b/kubernetes/a1policymanagement/templates/deployment.yaml
@@ -1,6 +1,7 @@
 {{/*
 ################################################################################
 #   Copyright (c) 2020 Nordix Foundation.                                      #
+#   Copyright © 2020 Samsung Electronics, Modifications                        #
 #                                                                              #
 #   Licensed under the Apache License, Version 2.0 (the "License");            #
 #   you may not use this file except in compliance with the License.           #
@@ -27,14 +28,14 @@ spec:
       labels: {{- include "common.labels" . | nindent 8 }}
     spec:
       initContainers:
-      - name: {{ include "common.name" . }}-update-config
+      - name: {{ include "common.name" . }}-bootstrap-config
         image: "{{ .Values.global.envsubstImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
         - sh
         args:
         - -c
-        - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+        - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; chmod o+w /config/${PFILE}; done"
         env:
         - name: A1CONTROLLER_USER
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
@@ -46,6 +47,29 @@ spec:
         - mountPath: /config
           name: config
       containers:
+      - name: {{ include "common.name" . }}-update-config
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        securityContext:
+          runAsGroup: {{ .Values.groupID }}
+          runAsUser: {{ .Values.userID }}
+          runAsNonRoot: true
+        command:
+        - sh
+        args:
+        - /tmp/scripts/daemon.sh
+        env:
+        - name: A1CONTROLLER_USER
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
+        - name: A1CONTROLLER_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }}
+        volumeMounts:
+        - mountPath: /tmp/scripts
+          name: {{ include "common.fullname" . }}-envsubst-scripts
+        - mountPath: /config-input
+          name: {{ include "common.fullname" . }}-policy-conf-input
+        - mountPath: /config
+          name: config
       - name: {{ include "common.name" . }}
         image: {{ include "common.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -70,6 +94,10 @@ spec:
         - name: {{ include "common.fullname" . }}-policy-conf-input
           configMap:
             name: {{ include "common.fullname" . }}-policy-conf
+            defaultMode: 0555
+        - name: {{ include "common.fullname" . }}-envsubst-scripts
+          configMap:
+            name: {{ include "common.fullname" . }}-envsubst-scripts
         - name: config
           emptyDir:
             medium: Memory
diff --git a/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml b/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml
new file mode 100644
index 0000000000..99449638f4
--- /dev/null
+++ b/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml
@@ -0,0 +1,23 @@
+{{/*
+################################################################################
+#   Copyright © 2020 Samsung Electronics                                       #
+#                                                                              #
+#   Licensed under the Apache License, Version 2.0 (the "License");            #
+#   you may not use this file except in compliance with the License.           #
+#   You may obtain a copy of the License at                                    #
+#                                                                              #
+#       http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                              #
+#   Unless required by applicable law or agreed to in writing, software        #
+#   distributed under the License is distributed on an "AS IS" BASIS,          #
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+#   See the License for the specific language governing permissions and        #
+#   limitations under the License.                                             #
+################################################################################
+*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+  name: {{ include "common.fullname" . }}-envsubst-scripts
+data:
+{{ tpl (.Files.Glob "resources/envsubst/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml
index 21a86a0fe1..2f45e41648 100644
--- a/kubernetes/a1policymanagement/values.yaml
+++ b/kubernetes/a1policymanagement/values.yaml
@@ -1,5 +1,6 @@
 ################################################################################
 #   Copyright (c) 2020 Nordix Foundation.                                      #
+#   Copyright © 2020 Samsung Electronics, Modifications                        #
 #                                                                              #
 #   Licensed under the Apache License, Version 2.0 (the "License");            #
 #   you may not use this file except in compliance with the License.           #
@@ -19,7 +20,7 @@
 
 global:
   nodePortPrefix: 300
-  envsubstImage: dibi/envsubst
+  envsubstImage: dibi/envsubst:1
 
 secrets:
   - uid: controller-secret
@@ -31,6 +32,8 @@ secrets:
 
 repository: nexus3.onap.org:10001
 image: onap/ccsdk-oran-a1policymanagementservice:1.0.1
+userID: 1000 #Should match with image-defined user ID
+groupID: 999 #Should match with image-defined group ID
 pullPolicy: IfNotPresent
 replicaCount: 1