From 8d87db21a4ba5e42076c0a7f11110dbec2afd608 Mon Sep 17 00:00:00 2001 From: Andreas Geissler Date: Thu, 15 Sep 2022 21:14:00 +0200 Subject: [PATCH] [MSB] Make MSB ServiceMesh compatible Use the Service templates and update the deployment definitions Issue-ID: OOM-3016 Signed-off-by: Andreas Geissler Change-Id: I9ed22f03ea803aef0dce52c825011a2246e859db --- .../components/msb-eag/templates/deployment.yaml | 34 +++++++--------------- .../msb/components/msb-eag/templates/service.yaml | 30 +------------------ kubernetes/msb/components/msb-eag/values.yaml | 16 ++++++---- .../components/msb-iag/templates/deployment.yaml | 34 +++++++--------------- .../msb/components/msb-iag/templates/service.yaml | 30 +------------------ kubernetes/msb/components/msb-iag/values.yaml | 17 +++++++---- 6 files changed, 44 insertions(+), 117 deletions(-) diff --git a/kubernetes/msb/components/msb-eag/templates/deployment.yaml b/kubernetes/msb/components/msb-eag/templates/deployment.yaml index db24152026..c6cf2d150d 100644 --- a/kubernetes/msb/components/msb-eag/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-eag/templates/deployment.yaml @@ -16,26 +16,12 @@ */}} apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - annotations: - sidecar.istio.io/inject: "{{.Values.istioSidecar}}" + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: {{ include "common.certInitializer.initContainer" . | indent 6 | trim }} @@ -57,23 +43,19 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} - - containerPort: {{ .Values.service.internalPortHttps }} - name: {{ .Values.service.name }}-https + ports: {{- include "common.containerPorts" . | indent 10 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: @@ -90,9 +72,11 @@ spec: readOnly: true - mountPath: /usr/local/apiroute-works/logs name: {{ include "common.fullname" . }}-logs + {{- if (include "common.needTLS" .) }} - mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf name: {{ include "common.fullname" . }}-nginx-conf subPath: msbhttps.conf + {{- end }} resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -111,9 +95,11 @@ spec: - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log + {{- if (include "common.needTLS" .) }} - name: {{ include "common.fullname" . }}-nginx-conf configMap: name: {{ include "common.fullname" . }}-nginx + {{- end }} {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }} - name: {{ include "common.fullname" . }}-logs emptyDir: {} diff --git a/kubernetes/msb/components/msb-eag/templates/service.yaml b/kubernetes/msb/components/msb-eag/templates/service.yaml index e8e3a8a947..eeeafc15fc 100644 --- a/kubernetes/msb/components/msb-eag/templates/service.yaml +++ b/kubernetes/msb/components/msb-eag/templates/service.yaml @@ -13,32 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPortHttps }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePortHttps }} - name: https-{{ .Values.service.name }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: http-{{ .Values.service.name }} - - port: {{ .Values.service.externalPortHttps }} - targetPort: {{ .Values.service.internalPortHttps }} - name: https-{{ .Values.service.name }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }} \ No newline at end of file diff --git a/kubernetes/msb/components/msb-eag/values.yaml b/kubernetes/msb/components/msb-eag/values.yaml index dcd4aed13f..45f93ed63d 100644 --- a/kubernetes/msb/components/msb-eag/values.yaml +++ b/kubernetes/msb/components/msb-eag/values.yaml @@ -82,11 +82,17 @@ readiness: service: type: NodePort name: msb-eag - externalPort: 80 - internalPort: 80 - externalPortHttps: 443 - internalPortHttps: 443 - nodePortHttps: 84 + both_tls_and_plain: true + # for liveness and readiness probe only + # internalPort: + internalPort: 443 + internalPlainPort: 80 + ports: + - name: msb-eag + port: 443 + plain_port: 80 + port_protocol: http + nodePort: '84' ingress: enabled: false diff --git a/kubernetes/msb/components/msb-iag/templates/deployment.yaml b/kubernetes/msb/components/msb-iag/templates/deployment.yaml index db24152026..c6cf2d150d 100644 --- a/kubernetes/msb/components/msb-iag/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-iag/templates/deployment.yaml @@ -16,26 +16,12 @@ */}} apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - annotations: - sidecar.istio.io/inject: "{{.Values.istioSidecar}}" + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: {{ include "common.certInitializer.initContainer" . | indent 6 | trim }} @@ -57,23 +43,19 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} - - containerPort: {{ .Values.service.internalPortHttps }} - name: {{ .Values.service.name }}-https + ports: {{- include "common.containerPorts" . | indent 10 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: @@ -90,9 +72,11 @@ spec: readOnly: true - mountPath: /usr/local/apiroute-works/logs name: {{ include "common.fullname" . }}-logs + {{- if (include "common.needTLS" .) }} - mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf name: {{ include "common.fullname" . }}-nginx-conf subPath: msbhttps.conf + {{- end }} resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -111,9 +95,11 @@ spec: - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log + {{- if (include "common.needTLS" .) }} - name: {{ include "common.fullname" . }}-nginx-conf configMap: name: {{ include "common.fullname" . }}-nginx + {{- end }} {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }} - name: {{ include "common.fullname" . }}-logs emptyDir: {} diff --git a/kubernetes/msb/components/msb-iag/templates/service.yaml b/kubernetes/msb/components/msb-iag/templates/service.yaml index e8e3a8a947..eeeafc15fc 100644 --- a/kubernetes/msb/components/msb-iag/templates/service.yaml +++ b/kubernetes/msb/components/msb-iag/templates/service.yaml @@ -13,32 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPortHttps }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePortHttps }} - name: https-{{ .Values.service.name }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: http-{{ .Values.service.name }} - - port: {{ .Values.service.externalPortHttps }} - targetPort: {{ .Values.service.internalPortHttps }} - name: https-{{ .Values.service.name }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }} \ No newline at end of file diff --git a/kubernetes/msb/components/msb-iag/values.yaml b/kubernetes/msb/components/msb-iag/values.yaml index bbf4d83f9d..602177b479 100644 --- a/kubernetes/msb/components/msb-iag/values.yaml +++ b/kubernetes/msb/components/msb-iag/values.yaml @@ -82,12 +82,17 @@ readiness: service: type: NodePort name: msb-iag - externalPort: 80 - internalPort: 80 - nodePort: 80 - externalPortHttps: 443 - internalPortHttps: 443 - nodePortHttps: 83 + both_tls_and_plain: true + # for liveness and readiness probe only + # internalPort: + internalPort: 443 + internalPlainPort: 80 + ports: + - name: msb-iag + port: 443 + plain_port: 80 + port_protocol: http + nodePort: '83' ingress: enabled: false -- 2.16.6