summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lucas <jflucas@research.att.com>2019-08-13 09:51:16 -0400
committerJack Lucas <jflucas@research.att.com>2019-08-15 14:46:38 -0400
commita1647b2d90cbfd3fc4ccedddf876fba2cf031a8a (patch)
tree79b7d62dd59f4b742af33f434a4f9ec6c0a20e0a
parentef4ae30a2c4348e18354761f56672df22bf98142 (diff)
Add DCAE cleanup container
Issue-ID: DCAEGEN2-1317 Change-Id: I1c834346d99c62f036e14724674a447966032ec8 Signed-off-by: Jack Lucas <jflucas@research.att.com>
-rw-r--r--.gitignore1
-rw-r--r--dcae-k8s-cleanup-container/Dockerfile25
-rw-r--r--dcae-k8s-cleanup-container/README.md28
-rw-r--r--dcae-k8s-cleanup-container/dcae-cleanup.sh68
-rw-r--r--dcae-k8s-cleanup-container/pom.xml172
-rwxr-xr-xmvn-phase-script.sh2
-rw-r--r--pom.xml1
7 files changed, 296 insertions, 1 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1d74e21
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.vscode/
diff --git a/dcae-k8s-cleanup-container/Dockerfile b/dcae-k8s-cleanup-container/Dockerfile
new file mode 100644
index 0000000..7d5187b
--- /dev/null
+++ b/dcae-k8s-cleanup-container/Dockerfile
@@ -0,0 +1,25 @@
+# ============LICENSE_START=======================================================
+# org.onap.dcae
+# ================================================================================
+# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+# Alpine-based container with curl and jq, needed to access the k8s API
+FROM alpine:3.10
+COPY dcae-cleanup.sh /
+RUN apk add --no-cache curl && \
+ wget -O /jq https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 && \
+ chmod 755 /jq && \
+ chmod 755 /dcae-cleanup.sh
+ENTRYPOINT ["/dcae-cleanup.sh"]
diff --git a/dcae-k8s-cleanup-container/README.md b/dcae-k8s-cleanup-container/README.md
new file mode 100644
index 0000000..8506885
--- /dev/null
+++ b/dcae-k8s-cleanup-container/README.md
@@ -0,0 +1,28 @@
+# DCAE Cleanup Container
+## Purpose
+DCAE platform components (inventory, deployment handler, policy handler, etc.) are
+deployed and undeployed using Helm. DCAE service components--data collectors and
+data analytics modules--are deployed using Cloudify, with the DCAE k8s plugin.
+When DCAE is undeployed, Helm
+has no way to undeploy the service components. The artifacts in this directory
+build a Docker image that can be run as a Kubernetes Job, using a Helm pre-delete hook.
+The image runs a script that deletes the Kubernetes Services and Kubernetes Deployments
+(and all of the ReplicaSets and Pods created as children of the Deployments) that were
+created by the k8s plugin.
+
+The script relies on the fact that Services and Deployments created by the k8s
+plugin have a unique label ("cfydeployment"). The script finds Services and
+Deployments with that label and deletes them.
+
+## Running the container
+The image is intended to be run as Kubernetes Job in a Helm pre-delete hook associated
+with the OOM dcaegen2 charts. A Helm template in the OOM dcaegen2 tree defines the Job.
+The Job will start a container. The container will execute the `dcae-cleanup.sh` script
+and then exit. The intent is that using a `helm undeploy` command will automatically
+delete all of the DCAE service components, so that no additional cleanup is needed.
+
+The container can be run manually using the `kubectl run` command. For example:
+```
+kubectl -n onap run --restart='OnFailure' --image dcae-cleanup:0.0.0 cleanup
+```
+The `--restart='OnFailure'` parameter causes kubectl to create a Job. \ No newline at end of file
diff --git a/dcae-k8s-cleanup-container/dcae-cleanup.sh b/dcae-k8s-cleanup-container/dcae-cleanup.sh
new file mode 100644
index 0000000..f453135
--- /dev/null
+++ b/dcae-k8s-cleanup-container/dcae-cleanup.sh
@@ -0,0 +1,68 @@
+#!/bin/sh
+# ============LICENSE_START=======================================================
+# org.onap.dcae
+# ================================================================================
+# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+# Clean up k8s Services and Deployments created by the DCAE k8s plugin
+
+# Cleanup ontainer has access to the Kubernetes CA cert and
+# an access token for the API -- need these to make API calls
+CREDDIR=/var/run/secrets/kubernetes.io/serviceaccount
+TOKEN=$(cat ${CREDDIR}/token)
+AUTH="Authorization: Bearer $TOKEN"
+CACERT=${CREDDIR}/ca.crt
+
+# Namespace is also available
+NS=$(cat ${CREDDIR}/namespace)
+
+# The k8s plugin labels all of the k8s it deploys
+# with a label called "cfydeployment". The value
+# of the label is the name of Cloudify deployment
+# that caused the entity to be deployed.
+# For cleanup purposes, the value of the label doesn't
+# matter. The existence of the label on an entity
+# marks the entity as having been deployed by the
+# k8s plugin and therefore in need of cleanup.
+SELECTOR="labelSelector=cfydeployment"
+
+# Set up the API endpoints
+API="https://kubernetes.default"
+SVC=${API}/api/v1/namespaces/${NS}/services
+DEP=${API}/apis/apps/v1beta1/namespaces/${NS}/deployments
+
+# Find all of the k8s Services labeled with the Cloudify label
+SERVICES=$(curl -Ss --cacert ${CACERT} -H "${AUTH}" ${SVC}?${SELECTOR} | /jq .items[].metadata.name | tr -d '"')
+
+# Find all of the k8s Deployments labeled with the Cloudify label
+DEPLOYS=$(curl -Ss --cacert ${CACERT} -H "${AUTH}" ${DEP}?${SELECTOR} | /jq .items[].metadata.name | tr -d '"')
+
+# Delete all of the k8s Services with the Cloudify label
+for s in ${SERVICES}
+do
+ echo Deleting service $s
+ curl -Ss --cacert ${CACERT} -H "${AUTH}" -X DELETE ${SVC}/$s
+done
+
+# Delete all of the k8s Deployments with the Cloudify label
+# "propagationPolicy=Foreground" tells k8s to delete any children
+# of the Deployment (ReplicaSets, Pods) and to hold off on deleting
+# the Deployment itself until the children have been deleted
+for d in ${DEPLOYS}
+do
+ echo Deleting deployment $d
+ curl -Ss --cacert ${CACERT} -H "${AUTH}" -X DELETE ${DEP}/$d?propagationPolicy=Foreground
+done
diff --git a/dcae-k8s-cleanup-container/pom.xml b/dcae-k8s-cleanup-container/pom.xml
new file mode 100644
index 0000000..3822ac7
--- /dev/null
+++ b/dcae-k8s-cleanup-container/pom.xml
@@ -0,0 +1,172 @@
+<?xml version="1.0"?>
+<!--
+================================================================================
+Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+================================================================================
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+============LICENSE_END=========================================================
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.onap.dcaegen2.deployments</groupId>
+ <artifactId>deployments</artifactId>
+ <version>1.2.0-SNAPSHOT</version>
+ </parent>
+ <groupId>org.onap.dcaegen2.deployments</groupId>
+ <artifactId>dcae-k8s-cleanup-container</artifactId>
+ <name>dcaegen2-deployments-dcae-k8s-cleanup-container</name>
+ <version>1.0.0</version>
+ <url>http://maven.apache.org</url>
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <sonar.skip>true</sonar.skip>
+ <sonar.sources>.</sonar.sources>
+ <!-- customize the SONARQUBE URL -->
+ <!-- sonar.host.url>http://localhost:9000</sonar.host.url -->
+ <!-- below are language dependent -->
+ <!-- for Python -->
+ <sonar.language>py</sonar.language>
+ <sonar.pluginName>Python</sonar.pluginName>
+ <sonar.inclusions>**/*.py</sonar.inclusions>
+ <!-- for JavaScaript -->
+ <!--
+ <sonar.language>js</sonar.language>
+ <sonar.pluginName>JS</sonar.pluginName>
+ <sonar.inclusions>**/*.js</sonar.inclusions>
+ -->
+ </properties>
+ <build>
+ <finalName>${project.artifactId}-${project.version}</finalName>
+ <plugins>
+ <!-- plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <version>2.4.1</version>
+ <configuration>
+ <descriptors>
+ <descriptor>assembly/dep.xml</descriptor>
+ </descriptors>
+ </configuration>
+ <executions>
+ <execution>
+ <id>make-assembly</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin -->
+ <!-- now we configure custom action (calling a script) at various lifecycle phases -->
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>exec-maven-plugin</artifactId>
+ <version>1.2.1</version>
+ <executions>
+ <execution>
+ <id>clean phase script</id>
+ <phase>clean</phase>
+ <goals>
+ <goal>exec</goal>
+ </goals>
+ <configuration>
+ <arguments>
+ <argument>${project.artifactId}</argument>
+ <argument>clean</argument>
+ </arguments>
+ </configuration>
+ </execution>
+ <execution>
+ <id>generate-sources script</id>
+ <phase>generate-sources</phase>
+ <goals>
+ <goal>exec</goal>
+ </goals>
+ <configuration>
+ <arguments>
+ <argument>${project.artifactId}</argument>
+ <argument>generate-sources</argument>
+ </arguments>
+ </configuration>
+ </execution>
+ <execution>
+ <id>compile script</id>
+ <phase>compile</phase>
+ <goals>
+ <goal>exec</goal>
+ </goals>
+ <configuration>
+ <arguments>
+ <argument>${project.artifactId}</argument>
+ <argument>compile</argument>
+ </arguments>
+ </configuration>
+ </execution>
+ <execution>
+ <id>package script</id>
+ <phase>package</phase>
+ <goals>
+ <goal>exec</goal>
+ </goals>
+ <configuration>
+ <arguments>
+ <argument>${project.artifactId}</argument>
+ <argument>package</argument>
+ </arguments>
+ </configuration>
+ </execution>
+ <execution>
+ <id>test script</id>
+ <phase>test</phase>
+ <goals>
+ <goal>exec</goal>
+ </goals>
+ <configuration>
+ <arguments>
+ <argument>${project.artifactId}</argument>
+ <argument>test</argument>
+ </arguments>
+ </configuration>
+ </execution>
+ <execution>
+ <id>install script</id>
+ <phase>install</phase>
+ <goals>
+ <goal>exec</goal>
+ </goals>
+ <configuration>
+ <arguments>
+ <argument>${project.artifactId}</argument>
+ <argument>install</argument>
+ </arguments>
+ </configuration>
+ </execution>
+ <execution>
+ <id>deploy script</id>
+ <phase>deploy</phase>
+ <goals>
+ <goal>exec</goal>
+ </goals>
+ <configuration>
+ <arguments>
+ <argument>${project.artifactId}</argument>
+ <argument>deploy</argument>
+ </arguments>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git a/mvn-phase-script.sh b/mvn-phase-script.sh
index 6e18c0d..67b25e0 100755
--- a/mvn-phase-script.sh
+++ b/mvn-phase-script.sh
@@ -83,7 +83,7 @@ deploy)
upload_files_of_extension sh
build_and_push_docker
;;
- k8s-bootstrap-container|tca-cdap-container|cm-container|redis-cluster-container|healthcheck-container|pnda-mirror-container|pnda-bootstrap-container|tls-init-container|consul-loader-container|multisite-init-container)
+ k8s-bootstrap-container|tca-cdap-container|cm-container|redis-cluster-container|healthcheck-container|pnda-mirror-container|pnda-bootstrap-container|tls-init-container|consul-loader-container|multisite-init-container|dcae-k8s-cleanup-container)
build_and_push_docker
;;
scripts|cloud_init|heat)
diff --git a/pom.xml b/pom.xml
index e0489ba..674593b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -44,6 +44,7 @@ limitations under the License.
<module>tls-init-container</module>
<module>consul-loader-container</module>
<module>multisite-init-container</module>
+ <module>dcae-k8s-cleanup-container</module>
</modules>
<!-- <profiles>
<profile>