summaryrefslogtreecommitdiffstats
path: root/cm-container/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'cm-container/README.md')
-rw-r--r--cm-container/README.md22
1 files changed, 12 insertions, 10 deletions
diff --git a/cm-container/README.md b/cm-container/README.md
index 03b9634..b929e21 100644
--- a/cm-container/README.md
+++ b/cm-container/README.md
@@ -1,13 +1,17 @@
-# Cloudify Manager Container Builder
+# Cloudify Manager Image Builder
## Purpose
The artifacts in this directory build a Docker image based on the
-public image from Cloudify (`cloudifyplatform/community`). The
-image has the Cloudify Manager software from the base image
-and adds our types files. It configures
-the import resolver to use our local type files instead
-of fetching them over the Internet. It sets up the `/opt/onap` mount point
-for our config files. It also sets up the certificate, key and other
-configuration for using TLS.
+public image from Cloudify (`cloudifyplatform/community`). The image
+build process, driven by the Dockerfile:
+ - retrieves the Cloudify plugins and type files needed to deploy DCAE components.
+ - edits the Cloudify configuration file (`/etc/cloudify/config.yaml`) to
+set up Cloudify Manager to use TLS on its HTTP interfaces.
+ - sets up the `/opt/onap` mount point for configuration file.
+ - installs scripts that run when the container is started. These scripts:
+ - set up persistent storage for the container
+ - make the credentials for accessing the Kubernetes API available to Cloudify Manager
+ - set the administrative password to a value generated during the Helm deployment process
+ - upload the plugins and type files to the Cloudify Manager once it is running
## Running the Container
The container is intended to be launched via a Helm chart as part
@@ -60,8 +64,6 @@ which then brings up the many other processes needed for a working instance of C
## The `setup-secret.sh` script
When Kubernetes starts a container, it mounts a directory containing the credentials that the container needs to access the Kubernetes API on the local Kubernetes cluster. The mountpoint is `/var/run/secrets/kubernetes.io/serviceaccount`. Something about the way that Cloudify Manager is started (possibly because `/sbin/init` is run) causes this mountpoint to be hidden. `setup-secret.sh` will recreate the directory if it's not present and symbolically link it to a copy of the credentials mounted at `/secret` in the container file system. This gives Cloudify Manager the credentials that the Kubernetes plugin needs to deploy Kubernetes-based DCAE components.
-`setup-secret.sh` needs to run after '/sbin/init'. The Dockerfile installs it in the `rc.local` script that runs at startup.
-
## Cleaning up Kubernetes components deployed by Cloudify Manager
Using the `helm undeploy` (or `helm delete`) command will destroy the Kubernetes components deployed via helm. In an ONAP deployment
driven by OOM, this includes destroying Cloudify Manager. helm will *not* delete Kubernetes components deployed by Cloudify Manager.