From 8c46517152352be675a79865edec27f9959602b6 Mon Sep 17 00:00:00 2001 From: Vijay Venkatesh Kumar Date: Thu, 3 Jun 2021 16:51:33 -0400 Subject: [PATCH] [OOM][DCAE] Chartmuseum deployment support Introduction of chartmuseum as internal repo for ONAP components to push/pull charts post instantiation + Script to preload charts to this repo Change-Id: I4880900548dfe1d3e47a67b3822f82a15314b5b7 Signed-off-by: Vijay Venkatesh Kumar Issue-ID: DCAEGEN2-2630 Issue-ID: OOM-2734 Issue-ID: INT-1895 Issue-ID: DCAEGEN2-2694 Signed-off-by: Vijay Venkatesh Kumar Signed-off-by: vv770d --- .../repositoryGenerator/templates/_repository.tpl | 21 ++++ kubernetes/common/repositoryGenerator/values.yaml | 1 + kubernetes/contrib/tools/registry-initialize.sh | 118 +++++++++++++++++++++ .../components/dcae-tcagen2/values.yaml | 3 +- kubernetes/onap/values.yaml | 2 +- .../platform/components/chartmuseum/Chart.yaml | 21 ++++ .../components/chartmuseum/requirements.yaml | 29 +++++ .../chartmuseum/templates/deployment.yaml | 83 +++++++++++++++ .../components/chartmuseum/templates/pv.yaml | 20 ++++ .../components/chartmuseum/templates/pvc.yaml | 19 ++++ .../components/chartmuseum/templates/secret.yaml | 21 ++++ .../components/chartmuseum/templates/service.yaml | 20 ++++ .../platform/components/chartmuseum/values.yaml | 97 +++++++++++++++++ kubernetes/platform/requirements.yaml | 3 + 14 files changed, 455 insertions(+), 3 deletions(-) create mode 100755 kubernetes/contrib/tools/registry-initialize.sh create mode 100644 kubernetes/platform/components/chartmuseum/Chart.yaml create mode 100644 kubernetes/platform/components/chartmuseum/requirements.yaml create mode 100644 kubernetes/platform/components/chartmuseum/templates/deployment.yaml create mode 100644 kubernetes/platform/components/chartmuseum/templates/pv.yaml create mode 100644 kubernetes/platform/components/chartmuseum/templates/pvc.yaml create mode 100644 kubernetes/platform/components/chartmuseum/templates/secret.yaml create mode 100644 kubernetes/platform/components/chartmuseum/templates/service.yaml create mode 100644 kubernetes/platform/components/chartmuseum/values.yaml diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl index 91f21ab0c9..95cbd20a4b 100644 --- a/kubernetes/common/repositoryGenerator/templates/_repository.tpl +++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl @@ -67,6 +67,15 @@ {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "googleK8sRepository") .) }} {{- end -}} +{{/* + Resolve the name of the GithubContainer registry + - .Values.global.githubContainerRegistry : default image githubContainerRegistry for all dockerHub images + - .Values.githubContainerRegistryOverride : override global githubContainerRegistry on a per chart basis +*/}} +{{- define "repositoryGenerator.githubContainerRegistry" -}} + {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "githubContainerRegistry") .) }} +{{- end -}} + {{- define "repositoryGenerator.image._helper" -}} {{- $dot := default . .dot -}} {{- $initRoot := default $dot.Values.repositoryGenerator .initRoot -}} @@ -186,5 +195,17 @@ {{- $repoCreds = printf "%s, %s" $repoCreds $gcrRepoCreds }} {{- end }} {{- end }} + {{- if $subchartDot.Values.global.githubContainerRegistryCred }} + {{- $ghcrRepo := $subchartDot.Values.global.githubContainerRegistry }} + {{- $ghcrCred := $subchartDot.Values.global.githubContainerRegistryCred }} + {{- $ghcrMail := default "@" $ghcrCred.mail }} + {{- $ghcrAuth := printf "%s:%s" $ghcrCred.user $ghcrCred.password | b64enc }} + {{- $ghcrRepoCreds := printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $ghcrRepo $ghcrCred.user $ghcrCred.password $ghcrMail $ghcrAuth }} + {{- if eq "" $repoCreds }} + {{- $repoCreds = $ghcrRepoCreds }} + {{- else }} + {{- $repoCreds = printf "%s, %s" $repoCreds $ghcrRepoCreds }} + {{- end }} + {{- end }} {{- printf "{%s}" $repoCreds | b64enc -}} {{- end -}} diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml index 8a68f6dd9c..3fdf76d8af 100644 --- a/kubernetes/common/repositoryGenerator/values.yaml +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -19,6 +19,7 @@ global: dockerHubRepository: docker.io elasticRepository: docker.elastic.co googleK8sRepository: k8s.gcr.io + githubContainerRegistry: ghcr.io # common global images busyboxImage: busybox:1.32 diff --git a/kubernetes/contrib/tools/registry-initialize.sh b/kubernetes/contrib/tools/registry-initialize.sh new file mode 100755 index 0000000000..75b36bbc52 --- /dev/null +++ b/kubernetes/contrib/tools/registry-initialize.sh @@ -0,0 +1,118 @@ +#!/bin/sh -x + +# Copyright (c) 2021 AT&T. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Pre-requisite +# 1. Chart packages available under local directory provided as input/argument +# 2. helm client installed with push plugin +# 3. ONAP chartmuseum service deployed + +usage() +{ + echo "Chart Base directory must be provided as input!!" + echo "Usage: registry-initialize.sh -d chartdirectory \ +<-n namespace override> <-r helmrelease override>" + exit 1 +} + +if [ $# -eq 0 ]; then + usage +fi + +# defaults +NAMESPACE=onap +RLS_NAME=onap +LOGIN="" +PASSWORD="" + +while getopts ":d:n:r:" opt; do + case $opt in + d) BASEDIR="$OPTARG" + ;; + n) NAMESPACE="$OPTARG" + ;; + r) RLS_NAME="$OPTARG" + ;; + \?) echo "Invalid option -$OPTARG" >&2 + usage + ;; + esac +done + +if [ -z "$BASEDIR" ]; then + exit "Chart base directory provided $BASEDIR is empty" +fi + +if [ "$(find $BASEDIR -maxdepth 1 -name '*tgz' -print -quit)" ]; then + echo "$BASEDIR valid" +else + exit "No chart package on $BASEDIR provided" +fi + +LOGIN=$(kubectl -n "$NAMESPACE" get secret \ + "${RLS_NAME}-chartmuseum-registrycred" \ + -o jsonpath='{.data.login}' | base64 -d) + +PASSWORD=$(kubectl -n "$NAMESPACE" get secret \ + "${RLS_NAME}-chartmuseum-registrycred" \ + -o jsonpath='{.data.password}' | base64 -d) + +if [ -z "$LOGIN" ] || [ -z "$PASSWORD" ]; then + echo "Login/Password credential for target registry cannot be retrieved" + exit 1 +fi + +# Expose cluster port via port-forwarding +kubectl -n $NAMESPACE port-forward service/chart-museum 27017:80 & +if [ $? -ne 0 ]; then + echo "Error in portforwarding; registry cannot be added!!" + exit 1 +fi + +sleep 5 + +# Add chartmuseum repo as helm repo +# Credentials should match config defined in +# oom\kubernetes\platform\components\chartmuseum\values.yaml +helm repo add k8s-registry http://127.0.0.1:27017 --username "$LOGIN" \ + --password "$PASSWORD" +if [ $? -ne 0 ]; then + echo "registry cannot be added!!" + pkill -f "port-forward service/chart-museum" + exit 1 +fi + +# Initial scope is pushing only dcae charts +# can be expanded to include all onap charts if required +for file in $BASEDIR/dcae*tgz; do + # use helm plugin to push charts + helm push $file k8s-registry + if [ $? -eq 0 ]; then + echo "$file uploaded to registry successfully" + else + echo "registry upload failed!!" + pkill -f "port-forward service/chart-museum" + helm repo remove k8s-registry + exit 1 + fi +done + +echo "All Helm charts successfully uploaded into internal repository" + +# Remove the port-forwarding process +pkill -f "port-forward service/chart-museum" + +# Remove helm registry from local +helm repo remove k8s-registry diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml index f4516ed7e8..a26c66366b 100644 --- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml @@ -87,8 +87,7 @@ service: name: http # Policy configuraiton properties -# if present, policy-sync side car will be deployed - +# if enabled, policy-sync side car will be deployed #dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 #policies: # duration: 300 diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index d91284a6c3..a3d67c2891 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -47,7 +47,7 @@ global: dockerHubRepository: &dockerHubRepository docker.io elasticRepository: &elasticRepository docker.elastic.co googleK8sRepository: k8s.gcr.io - + githubContainerRegistry: ghcr.io #/!\ DEPRECATED /!\ # Legacy repositories which will be removed at the end of migration. diff --git a/kubernetes/platform/components/chartmuseum/Chart.yaml b/kubernetes/platform/components/chartmuseum/Chart.yaml new file mode 100644 index 0000000000..1aa8d929d5 --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/Chart.yaml @@ -0,0 +1,21 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP Chart Museum +name: chartmuseum +version: 8.0.0 diff --git a/kubernetes/platform/components/chartmuseum/requirements.yaml b/kubernetes/platform/components/chartmuseum/requirements.yaml new file mode 100644 index 0000000000..07ac4b4224 --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/requirements.yaml @@ -0,0 +1,29 @@ +#============LICENSE_START======================================================== +# Copyright (c) 2021 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~8.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~8.x-0 + repository: '@local' + - name: readinessCheck + version: ~8.x-0 + repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/platform/components/chartmuseum/templates/deployment.yaml b/kubernetes/platform/components/chartmuseum/templates/deployment.yaml new file mode 100644 index 0000000000..cc07f27bb1 --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/templates/deployment.yaml @@ -0,0 +1,83 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: 1 + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + {{ include "common.podSecurityContext" . | indent 7 | trim}} + initContainers: + - name: volume-permissions + image: {{ include "repositoryGenerator.image.busybox" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - "-c" + - | + chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} //chartmuseum-persist + securityContext: + runAsUser: 0 + volumeMounts: + - name: chart-persistent + mountPath: "/chartmuseum-persist" + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 12 | trim }} + resources: {{ include "common.resources" . | nindent 12 }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + httpGet: + path: {{ .Values.liveness.path }} + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + env: + - name: STORAGE + value: local + - name: STORAGE_LOCAL_ROOTDIR + value: "/chartmuseum-persist" + - name: BASIC_AUTH_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "registrycred" "key" "login") | indent 14 }} + - name: BASIC_AUTH_PASS + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "registrycred" "key" "password") | indent 14 }} + volumeMounts: + - mountPath: /chartmuseum-persist + name: chart-persistent + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: + - name: chart-persistent + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }} + {{- else }} + emptyDir: {} + {{- end }} + + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file diff --git a/kubernetes/platform/components/chartmuseum/templates/pv.yaml b/kubernetes/platform/components/chartmuseum/templates/pv.yaml new file mode 100644 index 0000000000..a05ebfb207 --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/templates/pv.yaml @@ -0,0 +1,20 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.PV" . }} \ No newline at end of file diff --git a/kubernetes/platform/components/chartmuseum/templates/pvc.yaml b/kubernetes/platform/components/chartmuseum/templates/pvc.yaml new file mode 100644 index 0000000000..2bd21dde5c --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/templates/pvc.yaml @@ -0,0 +1,19 @@ +{{/* +################################################################################ +# Copyright (c) 2021 AT&T # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +{{ include "common.PVC" . }} \ No newline at end of file diff --git a/kubernetes/platform/components/chartmuseum/templates/secret.yaml b/kubernetes/platform/components/chartmuseum/templates/secret.yaml new file mode 100644 index 0000000000..c8fbd04150 --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/templates/secret.yaml @@ -0,0 +1,21 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/platform/components/chartmuseum/templates/service.yaml b/kubernetes/platform/components/chartmuseum/templates/service.yaml new file mode 100644 index 0000000000..40aaa735e2 --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/templates/service.yaml @@ -0,0 +1,20 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/platform/components/chartmuseum/values.yaml b/kubernetes/platform/components/chartmuseum/values.yaml new file mode 100644 index 0000000000..05a8b1537b --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/values.yaml @@ -0,0 +1,97 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2021 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +# Global values +global: + pullPolicy: Always + persistence: {} + githubContainerRegistry: ghcr.io +image: helm/chartmuseum:v0.13.1 +containerPort: &cont_port 8080 + + +# Secrets Configuration. +secrets: + - uid: registrycred + type: basicAuth + login: '{{ .Values.registryCred.username }}' + password: '{{ .Values.registryCred.password }}' + passwordPolicy: required + + +# service configuration +service: + type: ClusterIP + name: chart-museum + ports: + - port: 80 + internal_port: *cont_port + name: &port http + +chartsMap: + directory: "/charts/components/" + +liveness: + initialDelaySeconds: 30 + periodSeconds: 30 + path: /health + port: *port + enabled: true + +# Below parameter should match setting in all clients +# including contrib\tools\registry-initialize.sh +# which does preload +registryCred: + username: onapinitializer + password: demo123456! + +# Parameters for persistent storage +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 4Gi + mountPath: /dockerdata-nfs + mountSubPath: chartmuseum/data + volumeReclaimPolicy: Retain + + +serviceAccount: + nameOverride: chartmuseum + roles: + - read + +securityContext: + user_id: 2000 + group_id: 3000 + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 0.5 + memory: 512Mi + large: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + unlimited: {} \ No newline at end of file diff --git a/kubernetes/platform/requirements.yaml b/kubernetes/platform/requirements.yaml index 84ad7f8699..ce3310151f 100644 --- a/kubernetes/platform/requirements.yaml +++ b/kubernetes/platform/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: cmpv2-cert-provider version: ~8.x-0 repository: 'file://components/cmpv2-cert-provider' + - name: chartmuseum + version: ~8.x-0 + repository: 'file://components/chartmuseum' \ No newline at end of file -- 2.16.6