From 44cc1ac1943c68174efb44e4b60fb9c8fbe33903 Mon Sep 17 00:00:00 2001 From: Rahul Tyagi Date: Sat, 2 Mar 2019 06:15:35 +0000 Subject: [PATCH] SDNC-660: Helm integration for Netconf over TLS This commit introduces a persistent volume for "NETCONF over TLS" usecase in SDNC, so that certificates can be fetched from persistence at deployment time of SDNC/ODL. This functionality can be enbaled/disabled using flag oom/kubernetes/sdnc/values.yaml values.certpersistence.enabled true/false. By default this is enabled (.i.e. true). Mounted paths are Host path : /dockerdata-nfs/sdnc/certs Container path : /opt/opendaylight/current/certs Issue-ID: SDNC-660 Change-Id: Iab2ecdfcb890b6dc779de12655f0fb7bd869fb0f Signed-off-by: Rahul Tyagi --- kubernetes/sdnc/templates/pv.yaml | 32 ++++++++++++++++++++++++++++++ kubernetes/sdnc/templates/pvc.yaml | 32 ++++++++++++++++++++++++++++++ kubernetes/sdnc/templates/statefulset.yaml | 11 +++++++++- kubernetes/sdnc/values.yaml | 16 +++++++++++++++ 4 files changed, 90 insertions(+), 1 deletion(-) create mode 100644 kubernetes/sdnc/templates/pvc.yaml diff --git a/kubernetes/sdnc/templates/pv.yaml b/kubernetes/sdnc/templates/pv.yaml index f10d67ad68..5a6566a80b 100644 --- a/kubernetes/sdnc/templates/pv.yaml +++ b/kubernetes/sdnc/templates/pv.yaml @@ -82,3 +82,35 @@ spec: path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}2 {{ end }} {{- end -}} +{{ if .Values.certpersistence.enabled }} +--- +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-pv-certs + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-pv-certs + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }}-certs +spec: + capacity: + storage: {{ .Values.certpersistence.size }} + accessModes: + - {{ .Values.certpersistence.accessMode }} +{{- if .Values.certpersistence.storageClass }} +{{- if (eq "-" .Values.certpersistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.certpersistence.storageClass }}" +{{- end }} +{{- end }} + persistentVolumeReclaimPolicy: {{ .Values.certpersistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.certpersistence.mountPath }}/{{ .Values.certpersistence.mountSubPath }} +{{ end }} + + + diff --git a/kubernetes/sdnc/templates/pvc.yaml b/kubernetes/sdnc/templates/pvc.yaml new file mode 100644 index 0000000000..aa9515b6b5 --- /dev/null +++ b/kubernetes/sdnc/templates/pvc.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.certpersistence.enabled (not .Values.certpersistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" .}}-pvc-certs + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-pvc-certs + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.certpersistence.annotations }} + annotations: +{{ toYaml .Values.certpersistence.annotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }}-pv-certs + accessModes: + - {{ .Values.certpersistence.accessMode }} + resources: + requests: + storage: {{ .Values.certpersistence.size }} +{{- if .Values.certpersistence.storageClass }} +{{- if (eq "-" .Values.certpersistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.certpersistence.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} \ No newline at end of file diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 70713cc311..24ca832d24 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -135,6 +135,8 @@ spec: name: {{ include "common.fullname" . }}-mdsal - mountPath: /var/log/onap name: logs + - mountPath: {{ .Values.certpersistence.certPath }} + name: {{ include "common.fullname" . }}-certs resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -182,6 +184,13 @@ spec: configMap: name: {{ include "common.fullname" . }}-properties defaultMode: 0644 + - name: {{ include "common.fullname" . }}-certs + {{ if .Values.certpersistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-pvc-certs + {{ else }} + emptyDir: {} + {{ end }} {{ if not .Values.persistence.enabled }} - name: {{ include "common.fullname" . }}-mdsal emptyDir: {} @@ -200,4 +209,4 @@ spec: selector: matchLabels: name: {{ include "common.fullname" . }} - {{ end }} + {{ end }} \ No newline at end of file diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 7faba15a57..95bc31a96b 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -198,6 +198,22 @@ persistence: mountSubPath: sdnc/mdsal mdsalPath: /opt/opendaylight/current/daexim +certpersistence: + enabled: true + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 50Mi + mountPath: /dockerdata-nfs + mountSubPath: sdnc/certs + certPath: /opt/opendaylight/current/certs + ##storageClass: "manual" + ingress: enabled: false -- 2.16.6