diff options
45 files changed, 3614 insertions, 0 deletions
diff --git a/deployments/helm/README.txt b/deployments/helm/README.txt new file mode 100644 index 00000000..857b0a0b --- /dev/null +++ b/deployments/helm/README.txt @@ -0,0 +1,26 @@ +# Copyright ? 2019 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Installation of ONAP4K8S helm chart +################################################################# + +1. Create a helm repo (onap4k8s) from Makefile +$ make repo + +1. Run "Makefile" in ONAP4K8S repo +$ make all + +2. Deploy the generated Chart +$ helm install dist/packages/multicloud-k8s-5.0.0.tgz diff --git a/deployments/helm/onap4k8s/.helmignore b/deployments/helm/onap4k8s/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/deployments/helm/onap4k8s/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/deployments/helm/onap4k8s/Chart.yaml b/deployments/helm/onap4k8s/Chart.yaml new file mode 100644 index 00000000..6998dcaa --- /dev/null +++ b/deployments/helm/onap4k8s/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: onap4k8s +version: 0.1.0 diff --git a/deployments/helm/onap4k8s/Makefile b/deployments/helm/onap4k8s/Makefile new file mode 100644 index 00000000..20470878 --- /dev/null +++ b/deployments/helm/onap4k8s/Makefile @@ -0,0 +1,69 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +PARENT_CHART := onap4k8s +COMMON_CHARTS_DIR := charts/common +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := config oneclick readiness test dist helm $(PARENT_CHART) dcae +HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) $(PARENT_CHART) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(COMMON_CHARTS_DIR) $(HELM_CHARTS) plugins + +$(COMMON_CHARTS): + @echo "\n[$@]" + @make package-$@ + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @find . -type f -name '*.tgz' -delete + @rm -rf $(PACKAGE_DIR)/* + @rm -rf $(OUTPUT_DIR) + +# start up a local helm repo to serve up helm chart packages +repo: + @mkdir -p $(PACKAGE_DIR) + @helm serve --repo-path $(PACKAGE_DIR) & + @helm repo index $(PACKAGE_DIR) + @helm repo add onap4k8s http://127.0.0.1:8879 + +# stop local helm repo +repo-stop: + @pkill helm + @helm repo remove onap4k8s +%: + @: diff --git a/deployments/helm/onap4k8s/charts/Makefile b/deployments/helm/onap4k8s/charts/Makefile new file mode 100644 index 00000000..a6e4f379 --- /dev/null +++ b/deployments/helm/onap4k8s/charts/Makefile @@ -0,0 +1,52 @@ +# Copyright ? 2019 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_CHARTS := common mongo etcd multicloud-k8s + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) + @rm -rf $(OUTPUT_DIR) +%: + @: diff --git a/deployments/helm/onap4k8s/charts/common/Chart.yaml b/deployments/helm/onap4k8s/charts/common/Chart.yaml new file mode 100644 index 00000000..f4cca48e --- /dev/null +++ b/deployments/helm/onap4k8s/charts/common/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Common templates for inclusion in other charts +name: common +version: 5.0.0 diff --git a/deployments/helm/onap4k8s/charts/common/templates/_ingress.tpl b/deployments/helm/onap4k8s/charts/common/templates/_ingress.tpl new file mode 100644 index 00000000..9b274ad1 --- /dev/null +++ b/deployments/helm/onap4k8s/charts/common/templates/_ingress.tpl @@ -0,0 +1,55 @@ +{{- define "ingress.config.port" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.service -}} +{{- range .Values.ingress.service }} + - path: {{ .path }} + backend: + serviceName: {{ .name }} + servicePort: {{ .port }} +{{- end }} +{{- else -}} + - path: {{ printf "/%s" .Chart.Name }} + backend: + serviceName: {{ .Chart.Name }} + servicePort: {{ .Values.service.externalPort }} +{{- end -}} +{{- end -}} +{{- end -}} + + +{{- define "ingress.config.annotations" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.annotations -}} +{{ toYaml .Values.ingress.annotations | indent 4 | trim }} +{{- end -}} +{{- end -}} +{{- end -}} + + +{{- define "common.ingress" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.enabled -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "common.fullname" . }}-ingress + annotations: + {{ include "ingress.config.annotations" . }} + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + rules: + - http: + paths: + {{- include "ingress.config.port" . }} +{{- if .Values.ingress.tls }} + tls: +{{ toYaml .Values.ingress.tls | indent 4 }} + {{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + diff --git a/deployments/helm/onap4k8s/charts/common/templates/_name.tpl b/deployments/helm/onap4k8s/charts/common/templates/_name.tpl new file mode 100644 index 00000000..42999846 --- /dev/null +++ b/deployments/helm/onap4k8s/charts/common/templates/_name.tpl @@ -0,0 +1,31 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + Expand the name of a chart. +*/}} +{{- define "common.name" -}} + {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + Create a default fully qualified application name. + Truncated at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "common.fullname" -}} + {{- $name := default .Chart.Name .Values.nameOverride -}} + {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}}
\ No newline at end of file diff --git a/deployments/helm/onap4k8s/charts/common/templates/_namespace.tpl b/deployments/helm/onap4k8s/charts/common/templates/_namespace.tpl new file mode 100644 index 00000000..94c9ee72 --- /dev/null +++ b/deployments/helm/onap4k8s/charts/common/templates/_namespace.tpl @@ -0,0 +1,26 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + Resolve the namespace to apply to a chart. The default namespace suffix + is the name of the chart. This can be overridden if necessary (eg. for subcharts) + using the following value: + + - .Values.nsPrefix : override namespace prefix +*/}} +{{- define "common.namespace" -}} + {{- default .Release.Namespace .Values.nsPrefix -}} +{{- end -}} diff --git a/deployments/helm/onap4k8s/charts/common/templates/_repository.tpl b/deployments/helm/onap4k8s/charts/common/templates/_repository.tpl new file mode 100644 index 00000000..272db421 --- /dev/null +++ b/deployments/helm/onap4k8s/charts/common/templates/_repository.tpl @@ -0,0 +1,49 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + Resolve the name of the common image repository. + The value for .Values.repository is used by default, + unless either override mechanism is used. + + - .Values.global.repository : override default image repository for all images + - .Values.repositoryOverride : override global and default image repository on a per image basis +*/}} +{{- define "common.repository" -}} + {{if .Values.repositoryOverride }} + {{- printf "%s" .Values.repositoryOverride -}} + {{else}} + {{- default .Values.repository .Values.global.repository -}} + {{end}} +{{- end -}} + + +{{/* + Resolve the image repository secret token. + The value for .Values.global.repositoryCred is used: + repositoryCred: + user: user + password: password + mail: email (optional) +*/}} +{{- define "common.repository.secret" -}} + {{- $repo := include "common.repository" . }} + {{- $repo := default "nexus3.onap.org:10001" $repo }} + {{- $cred := .Values.global.repositoryCred }} + {{- $mail := default "@" $cred.mail }} + {{- $auth := printf "%s:%s" $cred.user $cred.password | b64enc }} + {{- printf "{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}" $repo $cred.user $cred.password $mail $auth | b64enc -}} +{{- end -}} diff --git a/deployments/helm/onap4k8s/charts/common/templates/_resources.tpl b/deployments/helm/onap4k8s/charts/common/templates/_resources.tpl new file mode 100644 index 00000000..fae77435 --- /dev/null +++ b/deployments/helm/onap4k8s/charts/common/templates/_resources.tpl @@ -0,0 +1,59 @@ +{{- /* +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/ -}} + +{{- /* + Resolve the name of the common resource limit/request flavor. + The value for .Values.flavor is used by default, + unless either override mechanism is used. + + - .Values.global.flavor : override default flavor for all charts + - .Values.flavorOverride : override global and default flavor on a per chart basis +*/ -}} +{{- define "common.flavor" -}} + {{if .Values.flavorOverride }} + {{- printf "%s" .Values.flavorOverride -}} + {{else}} + {{- default .Values.flavor .Values.global.flavor -}} + {{end}} +{{- end -}} + +{{- /* + Resolve the resource limit/request flavor using the desired flavor value. + + - .Values.resources : YAML definition of resource limits. The flavor key + is computed based on the common.flavor template and + is used as the selected resource limit through the pluck + e.g: resources: + small: + limits: + cpu: 200m + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 400m + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} +*/ -}} +{{- define "common.resources" -}} +{{- $flavor := include "common.flavor" . -}} +{{- toYaml (pluck $flavor .Values.resources | first) | indent 12 -}} +{{- end -}} diff --git a/deployments/helm/onap4k8s/charts/common/templates/_service.tpl b/deployments/helm/onap4k8s/charts/common/templates/_service.tpl new file mode 100644 index 00000000..77b77d05 --- /dev/null +++ b/deployments/helm/onap4k8s/charts/common/templates/_service.tpl @@ -0,0 +1,31 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + Resolve the name of a chart's service. + + The default will be the chart name (or .Values.nameOverride if set). + And the use of .Values.service.name overrides all. + + - .Values.service.name : override default service (ie. chart) name +*/}} +{{/* + Expand the service name for a chart. +*/}} +{{- define "common.servicename" -}} + {{- $name := default .Chart.Name .Values.nameOverride -}} + {{- default $name .Values.service.name | trunc 63 | trimSuffix "-" -}} +{{- end -}}
\ No newline at end of file diff --git a/deployments/helm/onap4k8s/charts/common/values.yaml b/deployments/helm/onap4k8s/charts/common/values.yaml new file mode 100644 index 00000000..852f15c8 --- /dev/null +++ b/deployments/helm/onap4k8s/charts/common/values.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration default values that can be inherited by +# all subcharts. +################################################################# diff --git a/deployments/helm/onap4k8s/charts/etcd/.helmignore b/deployments/helm/onap4k8s/charts/etcd/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/deployments/helm/onap4k8s/charts/etcd/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/deployments/helm/onap4k8s/charts/etcd/Chart.yaml b/deployments/helm/onap4k8s/charts/etcd/Chart.yaml new file mode 100644 index 00000000..7da825ac --- /dev/null +++ b/deployments/helm/onap4k8s/charts/etcd/Chart.yaml @@ -0,0 +1,23 @@ +# Copyright © 2019 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: etcd +home: https://github.com/coreos/etcd +version: 5.0.0 +appVersion: 2.2.5 +description: Distributed reliable key-value store for the most critical data of a + distributed system. +-icon: https://raw.githubusercontent.com/coreos/etcd/master/logos/etcd-horizontal-color.png +sources: +- https://github.com/coreos/etcd diff --git a/deployments/helm/onap4k8s/charts/etcd/requirements.yaml b/deployments/helm/onap4k8s/charts/etcd/requirements.yaml new file mode 100644 index 00000000..ff2221f6 --- /dev/null +++ b/deployments/helm/onap4k8s/charts/etcd/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License +dependencies: + - name: common + version: ~5.x-0 + repository: '@onap4k8s' diff --git a/deployments/helm/onap4k8s/charts/etcd/templates/pv.yaml b/deployments/helm/onap4k8s/charts/etcd/templates/pv.yaml new file mode 100644 index 00000000..65993e5f --- /dev/null +++ b/deployments/helm/onap4k8s/charts/etcd/templates/pv.yaml @@ -0,0 +1,41 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ if .Values.persistence.enabled }} +{{- $root := . -}} +{{ range $i, $e := until (int $root.Values.replicaCount) }} +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ include "common.fullname" $root }}-data-{{ $i }} + namespace: {{ $root.Release.Namespace }} + labels: + type: {{ $root.Values.persistence.storageType }} + app: {{ include "common.fullname" $root }} + chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }} + release: {{ $root.Release.Name }} + heritage: {{ $root.Release.Service }} +spec: + capacity: + storage: {{ $root.Values.persistence.storage }} + accessModes: + - {{ $root.Values.persistence.accessMode }} + storageClassName: "{{ include "common.fullname" $root }}-data" + hostPath: + path: {{ $root.Values.persistence.mountPath }}/{{ $root.Release.Name }}/{{ $root.Values.persistence.mountSubPath }}-{{ $i }} + persistentVolumeReclaimPolicy: {{ $root.Values.persistence.volumeReclaimPolicy }} +{{ end }} +{{ end }} + diff --git a/deployments/helm/onap4k8s/charts/etcd/templates/service.yaml b/deployments/helm/onap4k8s/charts/etcd/templates/service.yaml new file mode 100644 index 00000000..692faa9f --- /dev/null +++ b/deployments/helm/onap4k8s/charts/etcd/templates/service.yaml @@ -0,0 +1,37 @@ +# Copyright 2019 Intel Corporation Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" +metadata: + name: {{ include "common.servicename" . }} + labels: + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app: {{ include "common.name" . }} +spec: + ports: + - name: {{ .Values.service.peerPortName }} + port: {{ .Values.service.peerInternalPort }} + - name: {{ .Values.service.clientPortName }} + port: {{ .Values.service.clientInternalPort }} + clusterIP: None + selector: + app: {{ include "common.name" . }} + release: "{{ .Release.Name }}" + diff --git a/deployments/helm/onap4k8s/charts/etcd/templates/statefulset.yaml b/deployments/helm/onap4k8s/charts/etcd/templates/statefulset.yaml new file mode 100644 index 00000000..7190c5bc --- /dev/null +++ b/deployments/helm/onap4k8s/charts/etcd/templates/statefulset.yaml @@ -0,0 +1,234 @@ +# Copyright © 2019 Intel Corporation Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: {{ include "common.fullname" . }} + labels: + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app: {{ include "common.name" . }} +spec: + serviceName: {{ include "common.servicename" .}} + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app: {{ include "common.name" . }} + spec: +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} +{{- end }} +{{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} + containers: + - name: {{ include "common.fullname" . }} + image: "{{ .Values.repository }}/{{ .Values.image }}" + imagePullPolicy: "{{ .Values.pullPolicy }}" + ports: + - containerPort: {{ .Values.service.peerInternalPort }} + name: {{ .Values.service.peerPortName }} + - containerPort: {{ .Values.service.clientInternalPort }} + name: {{ .Values.service.clientPortName }} + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.clientInternalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + {{ end -}} + resources: +{{ include "common.resources" . | indent 10 }} + env: + - name: INITIAL_CLUSTER_SIZE + value: {{ .Values.replicaCount | quote }} + - name: SET_NAME + value: {{ include "common.fullname" . }} + - name: SERVICE_NAME + value: {{ include "common.servicename" . }} +{{- if .Values.extraEnv }} +{{ toYaml .Values.extraEnv | indent 8 }} +{{- end }} + lifecycle: + preStop: + exec: + command: + - "/bin/sh" + - "-ec" + - | + EPS="" + for i in $(seq 0 $((${INITIAL_CLUSTER_SIZE} - 1))); do + EPS="${EPS}${EPS:+,}http://${SET_NAME}-${i}.${SERVICE_NAME}:2379" + done + + HOSTNAME=$(hostname) + + member_hash() { + etcdctl member list | grep http://${HOSTNAME}.${SERVICE_NAME}:2380 | cut -d':' -f1 | cut -d'[' -f1 + } + + SET_ID=${HOSTNAME##*[^0-9]} + + if [ "${SET_ID}" -ge ${INITIAL_CLUSTER_SIZE} ]; then + echo "Removing ${HOSTNAME} from etcd cluster" + ETCDCTL_ENDPOINT=${EPS} etcdctl member remove $(member_hash) + if [ $? -eq 0 ]; then + # Remove everything otherwise the cluster will no longer scale-up + rm -rf /var/run/etcd/* + fi + fi + command: + - "/bin/sh" + - "-ec" + - | + HOSTNAME=$(hostname) + + # store member id into PVC for later member replacement + collect_member() { + while ! etcdctl member list &>/dev/null; do sleep 1; done + etcdctl member list | grep http://${HOSTNAME}.${SERVICE_NAME}:2380 | cut -d':' -f1 | cut -d'[' -f1 > /var/run/etcd/member_id + exit 0 + } + + eps() { + EPS="" + for i in $(seq 0 $((${INITIAL_CLUSTER_SIZE} - 1))); do + EPS="${EPS}${EPS:+,}http://${SET_NAME}-${i}.${SERVICE_NAME}:2379" + done + echo ${EPS} + } + + member_hash() { + etcdctl member list | grep http://${HOSTNAME}.${SERVICE_NAME}:2380 | cut -d':' -f1 | cut -d'[' -f1 + } + + # we should wait for other pods to be up before trying to join + # otherwise we got "no such host" errors when trying to resolve other members + for i in $(seq 0 $((${INITIAL_CLUSTER_SIZE} - 1))); do + while true; do + echo "Waiting for ${SET_NAME}-${i}.${SERVICE_NAME} to come up" + ping -W 1 -c 1 ${SET_NAME}-${i}.${SERVICE_NAME} > /dev/null && break + sleep 1s + done + done + + # re-joining after failure? + if [[ -e /var/run/etcd/default.etcd && -f /var/run/etcd/member_id ]]; then + echo "Re-joining etcd member" + member_id=$(cat /var/run/etcd/member_id) + + # re-join member + ETCDCTL_ENDPOINT=$(eps) etcdctl member update ${member_id} http://${HOSTNAME}.${SERVICE_NAME}:2380 | true + exec etcd --name ${HOSTNAME} \ + --listen-peer-urls http://0.0.0.0:2380 \ + --listen-client-urls http://0.0.0.0:2379\ + --advertise-client-urls http://${HOSTNAME}.${SERVICE_NAME}:2379 \ + --data-dir /var/run/etcd/default.etcd + fi + + # etcd-SET_ID + SET_ID=${HOSTNAME##*[^0-9]} + + # adding a new member to existing cluster (assuming all initial pods are available) + if [ "${SET_ID}" -ge ${INITIAL_CLUSTER_SIZE} ]; then + export ETCDCTL_ENDPOINT=$(eps) + + # member already added? + MEMBER_HASH=$(member_hash) + if [ -n "${MEMBER_HASH}" ]; then + # the member hash exists but for some reason etcd failed + # as the datadir has not be created, we can remove the member + # and retrieve new hash + etcdctl member remove ${MEMBER_HASH} + fi + + echo "Adding new member" + etcdctl member add ${HOSTNAME} http://${HOSTNAME}.${SERVICE_NAME}:2380 | grep "^ETCD_" > /var/run/etcd/new_member_envs + + if [ $? -ne 0 ]; then + echo "Exiting" + rm -f /var/run/etcd/new_member_envs + exit 1 + fi + + cat /var/run/etcd/new_member_envs + source /var/run/etcd/new_member_envs + + collect_member & + + exec etcd --name ${HOSTNAME} \ + --listen-peer-urls http://0.0.0.0:2380 \ + --listen-client-urls http://0.0.0.0:2379 \ + --advertise-client-urls http://${HOSTNAME}.${SERVICE_NAME}:2379 \ + --data-dir /var/run/etcd/default.etcd \ + --initial-advertise-peer-urls http://${HOSTNAME}.${SERVICE_NAME}:2380 \ + --initial-cluster ${ETCD_INITIAL_CLUSTER} \ + --initial-cluster-state ${ETCD_INITIAL_CLUSTER_STATE} + fi + + PEERS="" + for i in $(seq 0 $((${INITIAL_CLUSTER_SIZE} - 1))); do + PEERS="${PEERS}${PEERS:+,}${SET_NAME}-${i}=http://${SET_NAME}-${i}.${SERVICE_NAME}:2380" + done + + collect_member & + + # join member + exec etcd --name ${HOSTNAME} \ + --initial-advertise-peer-urls http://${HOSTNAME}.${SERVICE_NAME}:2380 \ + --listen-peer-urls http://0.0.0.0:2380 \ + --listen-client-urls http://0.0.0.0:2379 \ + --advertise-client-urls http://${HOSTNAME}.${SERVICE_NAME}:2379 \ + --initial-cluster-token etcd-cluster-1 \ + --initial-cluster ${PEERS} \ + --initial-cluster-state new \ + --data-dir /var/run/etcd/default.etcd + volumeMounts: + - name: {{ include "common.fullname" . }}-data + mountPath: /var/run/etcd + {{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: {{ include "common.fullname" . }}-data + spec: + accessModes: + - "{{ .Values.persistence.accessMode }}" + resources: + requests: + # upstream recommended max is 700M + storage: "{{ .Values.persistence.storage }}" + storageClassName: {{ include "common.fullname" . }}-data + {{- else }} + volumes: + - name: {{ include "common.fullname" . }}-data + {{- if .Values.memoryMode }} + emptyDir: + medium: Memory + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + diff --git a/deployments/helm/onap4k8s/charts/etcd/values.yaml b/deployments/helm/onap4k8s/charts/etcd/values.yaml new file mode 100644 index 00000000..7f53d222 --- /dev/null +++ b/deployments/helm/onap4k8s/charts/etcd/values.yaml @@ -0,0 +1,82 @@ +# Copyright © 2019 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + persistence: {} + +################################################################# +# Application configuration defaults. +################################################################# + +#repository: etcd +repository: "k8s.gcr.io" +image: "etcd-amd64:3.2.24" +pullPolicy: Always + +# default number of instances in the StatefulSet +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 90 + periodSeconds: 30 + timeoutSeconds: 5 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +persistence: + enabled: false + ## etcd data Persistent Volume Storage Class + ## If defined, storageClassName: <storageClass> + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + #storageClass: "-" + accessMode: "ReadWriteOnce" + storage: "1Gi" + mountPath: /dockerdata-nfs + mountSubPath: k8s-etcd + +## This is only available when persistentVolume is false: +## If persistentVolume is not enabled, one can choose to use memory mode for ETCD by setting memoryMode to "true". +## The system will create a volume with "medium: Memory" +memoryMode: false + +service: + name: k8s-etcd + peerInternalPort: 2380 + peerPortName: etcd-server + clientInternalPort : 2379 + clientPortName: etcd-client + +## Node labels and tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature +nodeSelector: {} +tolerations: [] +affinity: {} +extraEnv: [] +resources: {} + diff --git a/deployments/helm/onap4k8s/charts/mongo/.helmignore b/deployments/helm/onap4k8s/charts/mongo/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/deployments/helm/onap4k8s/charts/mongo/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/deployments/helm/onap4k8s/charts/mongo/Chart.yaml b/deployments/helm/onap4k8s/charts/mongo/Chart.yaml new file mode 100644 index 00000000..f08a53bd --- /dev/null +++ b/deployments/helm/onap4k8s/charts/mongo/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: MongoDB Server +name: mongo +version: 5.0.0 diff --git a/deployments/helm/onap4k8s/charts/mongo/requirements.yaml b/deployments/helm/onap4k8s/charts/mongo/requirements.yaml new file mode 100644 index 00000000..0693dd3f --- /dev/null +++ b/deployments/helm/onap4k8s/charts/mongo/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright ? 2019 Intel Corporation +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. + +dependencies: + - name: common + version: ~5.x-0 + repository: '@onap4k8s' diff --git a/deployments/helm/onap4k8s/charts/mongo/templates/nfs-provisoner.yaml b/deployments/helm/onap4k8s/charts/mongo/templates/nfs-provisoner.yaml new file mode 100644 index 00000000..355ad382 --- /dev/null +++ b/deployments/helm/onap4k8s/charts/mongo/templates/nfs-provisoner.yaml @@ -0,0 +1,78 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ if not .Values.disableNfsProvisioner }} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + #replicas: {{ .Values.replicaCount }} + strategy: + type: Recreate + template: + metadata: + labels: + app: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner + release: {{ .Release.Name }} + spec: + containers: + - name: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner + image: "{{ .Values.global.nfsprovisionerRepository | default .Values.nfsprovisionerRepository }}/{{ .Values.nfsprovisionerImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - name: nfs + containerPort: {{ .Values.service.nfsPort }} + - name: mountd + containerPort: {{ .Values.service.mountdPort }} + - name: rpcbind + containerPort: {{ .Values.service.rpcbindPort }} + - name: rpcbind-udp + containerPort: {{ .Values.service.rpcbindUdpPort }} + protocol: UDP + securityContext: + capabilities: + add: + - DAC_READ_SEARCH + - SYS_RESOURCE + args: + - "-provisioner={{ include "common.fullname" . }}/nfs" + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_NAME + value: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: export-volume + mountPath: /export + volumes: + - name: export-volume + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} +{{ end }} diff --git a/deployments/helm/onap4k8s/charts/mongo/templates/pv.yaml b/deployments/helm/onap4k8s/charts/mongo/templates/pv.yaml new file mode 100644 index 00000000..824dcbb8 --- /dev/null +++ b/deployments/helm/onap4k8s/charts/mongo/templates/pv.yaml @@ -0,0 +1,38 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if (and (and (.Values.persistence.enabled) (not .Values.persistence.existingClaim)) ( .Values.disableNfsProvisioner)) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-data + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: "{{ include "common.fullname" . }}-data" + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} +{{- end -}} diff --git a/deployments/helm/onap4k8s/charts/mongo/templates/pvc.yaml b/deployments/helm/onap4k8s/charts/mongo/templates/pvc.yaml new file mode 100644 index 00000000..372c1068 --- /dev/null +++ b/deployments/helm/onap4k8s/charts/mongo/templates/pvc.yaml @@ -0,0 +1,43 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-data + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} + selector: + matchLabels: + name: {{ include "common.fullname" . }} + storageClassName: "{{ include "common.fullname" . }}-data" +{{- end -}} diff --git a/deployments/helm/onap4k8s/charts/mongo/templates/service.yaml b/deployments/helm/onap4k8s/charts/mongo/templates/service.yaml new file mode 100644 index 00000000..df55854e --- /dev/null +++ b/deployments/helm/onap4k8s/charts/mongo/templates/service.yaml @@ -0,0 +1,97 @@ +{{/* +# Copyright © 2018 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + ports: + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + clusterIP: None +#{{ if not .Values.disableNfsProvisioner }} +--- +kind: Service +apiVersion: v1 +metadata: + name: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner + namespace: {{ include "common.namespace" . }} + labels: + app: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner +spec: + ports: + - name: nfs + port: {{ .Values.service.nfsPort }} + - name: mountd + port: {{ .Values.service.mountdPort }} + - name: rpcbind + port: {{ .Values.service.rpcbindPort }} + - name: rpcbind-udp + port: {{ .Values.service.rpcbindUdpPort }} + protocol: UDP + selector: + app: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner +#{{ end }} +--- +# Client service for connecting to any Mongo instance for reads. +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }}-read + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} +spec: + ports: + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} +--- +{{ if .Values.geoEnabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }}-nodeport + namespace: {{ include "common.namespace" . }} + labels: + statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-0 +spec: + ports: + - name: {{ .Values.service.internalPort }} + port: {{ .Values.service.internalPort }} + targetPort: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.externalPort1 }} + - name: {{ .Values.xtrabackup.internalPort }} + port: {{ .Values.xtrabackup.internalPort }} + targetPort: {{ .Values.xtrabackup.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.externalPort2 }} + type: NodePort + selector: + statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-0 + release: {{ .Release.Name }} +{{ end }} diff --git a/deployments/helm/onap4k8s/charts/mongo/templates/statefulset.yaml b/deployments/helm/onap4k8s/charts/mongo/templates/statefulset.yaml new file mode 100644 index 00000000..c79739f5 --- /dev/null +++ b/deployments/helm/onap4k8s/charts/mongo/templates/statefulset.yaml @@ -0,0 +1,104 @@ +{{/* +# Copyright © 2018 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + serviceName: {{ .Values.service.name }} + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + initContainers: +#{{ if not .Values.disableNfsProvisioner }} + - name: {{ include "common.name" . }}-readiness + command: + - /root/ready.py + args: + - --container-name + - {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +#{{ end }} + + containers: + - name: {{ include "common.name" . }} + image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: MONGO_INITDB_DATABASE + value: "{{ .Values.config.dbName }}" + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + exec: + command: + - mongo + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + {{end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /var/lib/mongo + name: {{ include "common.fullname" . }}-data + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-data +#{{ if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-data +#{{ else }} + emptyDir: {} +#{{ end }} diff --git a/deployments/helm/onap4k8s/charts/mongo/templates/storageclass.yaml b/deployments/helm/onap4k8s/charts/mongo/templates/storageclass.yaml new file mode 100644 index 00000000..3cd502ea --- /dev/null +++ b/deployments/helm/onap4k8s/charts/mongo/templates/storageclass.yaml @@ -0,0 +1,24 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ if not .Values.disableNfsProvisioner }} +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: "{{ include "common.fullname" . }}-data" + namespace: {{ include "common.namespace" . }} +provisioner: {{ include "common.fullname" . }}/nfs +{{ end }} diff --git a/deployments/helm/onap4k8s/charts/mongo/values.yaml b/deployments/helm/onap4k8s/charts/mongo/values.yaml new file mode 100644 index 00000000..d6938c1e --- /dev/null +++ b/deployments/helm/onap4k8s/charts/mongo/values.yaml @@ -0,0 +1,119 @@ +# Copyright © 2018 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + persistence: {} + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + + +################################################################# +# Application configuration defaults. +################################################################# + +dockerHubRepository: registry.hub.docker.com +image: library/mongo:4.0.8 +pullPolicy: Always + +# application configuration +config: + dbName: mongo +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +disableNfsProvisioner: true + +# probe configuration parameters +liveness: + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 5 + periodSeconds: 10 + +## Persist data to a persitent volume +persistence: + enabled: false + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + volumeReclaimPolicy: Retain + + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: <storageClass> + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + accessMode: ReadWriteMany + size: 1Gi + mountPath: /dockerdata-nfs + mountSubPath: "mongo/data" + +service: + name: mongo + portName: mongo + internalPort: 27017 + # nfs provisioner ports + nfsPort: 2049 + mountdPort: 20048 + rpcbindPort: 111 + rpcbindUdpPort: 111 + +ingress: + enabled: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +#resources: +# limits: +# cpu: 2 +# memory: 4Gi +# requests: +# cpu: 2 +# memory: 4Gi + + +nfsprovisionerRepository: quay.io +nfsprovisionerImage: kubernetes_incubator/nfs-provisioner:v1.0.8 +nfsprovisionerPrefix: mongo + +sdnctlPrefix: mongo + +geoEnabled: false +geoSiteId: 1 diff --git a/deployments/helm/onap4k8s/charts/multicloud-k8s/Chart.yaml b/deployments/helm/onap4k8s/charts/multicloud-k8s/Chart.yaml new file mode 100644 index 00000000..3c61d81d --- /dev/null +++ b/deployments/helm/onap4k8s/charts/multicloud-k8s/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2019 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Multicloud Kubernetes Plugin +name: multicloud-k8s +version: 5.0.0 diff --git a/deployments/helm/onap4k8s/charts/multicloud-k8s/requirements.yaml b/deployments/helm/onap4k8s/charts/multicloud-k8s/requirements.yaml new file mode 100644 index 00000000..c5102e49 --- /dev/null +++ b/deployments/helm/onap4k8s/charts/multicloud-k8s/requirements.yaml @@ -0,0 +1,27 @@ +# Copyright 2019 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~5.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@onap4k8s' + - name: mongo + version: ~5.x-0 + repository: '@onap4k8s' + - name: etcd + version: ~5.x-0 + repository: '@onap4k8s' diff --git a/deployments/helm/onap4k8s/charts/multicloud-k8s/resources/config/k8sconfig.json b/deployments/helm/onap4k8s/charts/multicloud-k8s/resources/config/k8sconfig.json new file mode 100644 index 00000000..d6fa40d4 --- /dev/null +++ b/deployments/helm/onap4k8s/charts/multicloud-k8s/resources/config/k8sconfig.json @@ -0,0 +1,11 @@ +{ + "ca-file": "/opt/multicloud/k8splugin/certs/root_ca.cer", + "server-cert": "/opt/multicloud/k8splugin/certs/multicloud-k8s.pub", + "server-key": "/opt/multicloud/k8splugin/certs/multicloud-k8s.pr", + "password": "c2VjcmV0bWFuYWdlbWVudHNlcnZpY2VzZWNyZXRwYXNzd29yZA==", + + "database-type": "mongo", + "database-address": "multicloud-k8s-mongo", + "etcd-ip": "multicloud-k8s-etcd", + "plugin-dir": "/opt/multicloud/k8splugin/plugins" +}
\ No newline at end of file diff --git a/deployments/helm/onap4k8s/charts/multicloud-k8s/templates/configmap.yaml b/deployments/helm/onap4k8s/charts/multicloud-k8s/templates/configmap.yaml new file mode 100644 index 00000000..c9d55fed --- /dev/null +++ b/deployments/helm/onap4k8s/charts/multicloud-k8s/templates/configmap.yaml @@ -0,0 +1,28 @@ +{{/* +# Copyright 2019 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/deployments/helm/onap4k8s/charts/multicloud-k8s/templates/deployment.yaml b/deployments/helm/onap4k8s/charts/multicloud-k8s/templates/deployment.yaml new file mode 100644 index 00000000..846a7513 --- /dev/null +++ b/deployments/helm/onap4k8s/charts/multicloud-k8s/templates/deployment.yaml @@ -0,0 +1,80 @@ +{{/* +# Copyright 2019 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }} + command: ["/opt/multicloud/k8splugin/k8plugin"] + workingDir: /opt/multicloud/k8splugin + ports: + - containerPort: {{ .Values.service.internalPort }} + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/multicloud/k8splugin/k8sconfig.json + name: {{ include "common.name" .}} + subPath: k8sconfig.json + resources: +{{ include "common.resources" . | indent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name : {{ include "common.name" . }} + configMap: + name: {{ include "common.fullname" . }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/deployments/helm/onap4k8s/charts/multicloud-k8s/templates/service.yaml b/deployments/helm/onap4k8s/charts/multicloud-k8s/templates/service.yaml new file mode 100644 index 00000000..9e98bede --- /dev/null +++ b/deployments/helm/onap4k8s/charts/multicloud-k8s/templates/service.yaml @@ -0,0 +1,41 @@ +{{/* +# Copyright 2019 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.PortName }} + {{if eq .Values.service.type "NodePort" -}} + port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefixExt | default "302" }}{{ .Values.service.nodePort }} + {{- else -}} + port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + {{- end}} + protocol: TCP + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} diff --git a/deployments/helm/onap4k8s/charts/multicloud-k8s/values.yaml b/deployments/helm/onap4k8s/charts/multicloud-k8s/values.yaml new file mode 100644 index 00000000..4b279e04 --- /dev/null +++ b/deployments/helm/onap4k8s/charts/multicloud-k8s/values.yaml @@ -0,0 +1,116 @@ +# Copyright 2019 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefixExt: 304 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + persistence: {} +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/multicloud/k8s:0.4.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration is via config files + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 30 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 30 + +service: + type: ClusterIP + name: multicloud-k8s + portName: multicloud-k8s + internalPort: 9015 + externalPort: 9015 + nodePort: 98 + +#Mongo chart overrides for k8splugin +mongo: + nameOverride: multicloud-k8s-mongo + service: + name: multicloud-k8s-mongo + internalPort: 27017 + nfsprovisionerPrefix: multicloud-k8s + sdnctlPrefix: multicloud-k8s + persistence: + mountSubPath: multicloud-k8s/mongo/data + enabled: true + disableNfsProvisioner: true + +#etcd chart overrides for k8splugin +etcd: + nameOverride: multicloud-k8s-etcd + service: + name: multicloud-k8s-etcd + persistence: + mountSubPath: multicloud-k8s/etcd/data + enabled: true + +# No persistence right now as we rely on Mongo to handle that +persistence: + enabled: false + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 1Gi + mountPath: /dockerdata-nfs + mountSubPath: multicloud-k8s/data + +ingress: + enabled: false + +# Configure resource requests and limits +flavor: large +resources: + small: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 10m + memory: 100Mi + unlimited: {} diff --git a/deployments/helm/onap4k8s/values.yaml b/deployments/helm/onap4k8s/values.yaml new file mode 100644 index 00000000..3d482148 --- /dev/null +++ b/deployments/helm/onap4k8s/values.yaml @@ -0,0 +1,25 @@ +# Copyright 2019 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +multicloud-ks: + enabled: true + +mongo: + enabled: true + +etcd: + enabled: true + +common: + enabled: true diff --git a/deployments/helm/servicemesh/keycloak/.helmignore b/deployments/helm/servicemesh/keycloak/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/deployments/helm/servicemesh/keycloak/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/deployments/helm/servicemesh/keycloak/Chart.yaml b/deployments/helm/servicemesh/keycloak/Chart.yaml new file mode 100644 index 00000000..e4b3463d --- /dev/null +++ b/deployments/helm/servicemesh/keycloak/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: keycloak +version: 0.1.0 diff --git a/deployments/helm/servicemesh/keycloak/README.md b/deployments/helm/servicemesh/keycloak/README.md new file mode 100644 index 00000000..31fe78e8 --- /dev/null +++ b/deployments/helm/servicemesh/keycloak/README.md @@ -0,0 +1,32 @@ +# Copyright (c) 2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +Installation +============ + +Installing the Chart +-------------------- + +NOTE : Do not install this chart in the namespace 'default' +---------------------------------------------------------- +NOTE : Do not install this chart with istio injection(or in a namespace that has istio-injection enabled), +---------------------------------------------------------------------------------------------------------- +Since this service needs to be run as a standalone for Authentication and Authorization purpose +----------------------------------------------------------------------------------------------- + +Install the helm Chart for ISTIO Keycloak + +```bash +$ helm install keycloak --namespace keycloak +``` diff --git a/deployments/helm/servicemesh/keycloak/istio-realm.json b/deployments/helm/servicemesh/keycloak/istio-realm.json new file mode 100644 index 00000000..b3802f49 --- /dev/null +++ b/deployments/helm/servicemesh/keycloak/istio-realm.json @@ -0,0 +1,1593 @@ +{ + "id": "istio", + "realm": "istio", + "notBefore": 0, + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "220670e5-85ab-4b1d-89e3-98880064e29f", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "istio" + }, + { + "id": "80b567e4-46f1-482a-8f77-01d958fa3f5f", + "name": "user", + "composite": false, + "clientRole": false, + "containerId": "istio" + }, + { + "id": "c3be31a1-2d15-4adf-ac16-bc5b962874cf", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "istio" + } + ], + "client": { + "realm-management": [ + { + "id": "8e0d765e-2026-4acc-8e60-7d19bb163d18", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "06151631-874c-4b4c-b6bf-7bdb17aa92f3", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "view-identity-providers", + "manage-authorization", + "view-authorization", + "view-users", + "query-groups", + "impersonation", + "view-events", + "manage-realm", + "manage-clients", + "view-clients", + "create-client", + "manage-identity-providers", + "manage-users", + "manage-events", + "query-realms", + "query-users", + "query-clients", + "view-realm" + ] + } + }, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "a1f1f3d7-85b9-4630-a8e9-c7c329412ab4", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "2742e71b-86de-4d2f-a964-0d783b3513f0", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "04c72794-a353-4f6e-a789-f65e74f137c6", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-groups", + "query-users" + ] + } + }, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "405fd875-7a6f-43e0-b4c2-17c587aa7d3a", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "b8ca521d-b36e-4ab6-9002-55a88853bfa1", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "b2bbaf09-2258-439e-9cc5-a31b229257f7", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "1b64abc3-e087-4caf-8892-e47c2330545c", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "e2322bb3-5a9b-4f6a-965a-6c6962ded1f3", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "26ba951e-730f-4176-8f6a-dfea46d4d780", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "0dc8d82c-d8db-4d5f-bc81-f9e381fb488b", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "f58c12dc-f06b-4b92-b41d-06abcc11d9dd", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "91172277-28d1-4ac2-96dd-129422aae1e1", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "f2283924-0ba6-42f2-9c2e-daa1e93cab5d", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "64c3f416-c7c8-4bc1-9369-4bbd9c430f82", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "7546c6c3-6768-439c-8362-7875c800315f", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "290e8014-36f8-4f78-8c9b-810a054d25c9", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "c9e02693-3aa7-415f-b54f-905596a63860", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + } + ], + "security-admin-console": [], + "customer-tutorial": [], + "admin-cli": [], + "broker": [ + { + "id": "c15558e5-4812-4d14-825c-9b56c0fc4b43", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "b60bdd17-7469-4eca-8740-043fec9df949" + } + ], + "account": [ + { + "id": "b0e1a0bc-7fe0-43ed-81e3-57c9bd8b2466", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "451d5f38-0a1e-4dcf-a25b-39ef9148a027" + }, + { + "id": "6290f39b-8dc8-47b9-be67-0d42af794d90", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] + } + }, + "clientRole": true, + "containerId": "451d5f38-0a1e-4dcf-a25b-39ef9148a027" + }, + { + "id": "134efa5f-fb4a-437c-8aaa-ed98204822bf", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "451d5f38-0a1e-4dcf-a25b-39ef9148a027" + } + ] + } + }, + "groups": [], + "defaultRoles": [ + "offline_access", + "uma_authorization" + ], + "requiredCredentials": [ + "password" + ], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpSupportedApplications": [ + "FreeOTP", + "Google Authenticator" + ], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": [ + "offline_access" + ] + } + ], + "clients": [ + { + "id": "290038f3-c4b5-4dea-a6fc-4c603edd94a3", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "role_list", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access" + ] + }, + { + "id": "b60bdd17-7469-4eca-8740-043fec9df949", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "role_list", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access" + ] + }, + { + "id": "23359cc5-f7be-4e46-9032-22888c729056", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "role_list", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access" + ] + }, + { + "id": "cb5bafdc-b739-4dde-8eb1-9094f64a784e", + "clientId": "customer-tutorial", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "role_list", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access" + ] + }, + { + "id": "451d5f38-0a1e-4dcf-a25b-39ef9148a027", + "clientId": "account", + "name": "${client_account}", + "baseUrl": "/auth/realms/istio/account", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "defaultRoles": [ + "view-profile", + "manage-account" + ], + "redirectUris": [ + "/auth/realms/istio/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "role_list", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access" + ] + }, + { + "id": "b0d3ef29-d76d-4dd4-b017-92c41410c174", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "baseUrl": "/auth/admin/istio/console/index.html", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "/auth/admin/istio/console/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "75302c7e-aed4-40d3-9875-d7d3f652d470", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "role_list", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access" + ] + } + ], + "clientScopes": [ + { + "id": "b221cc0e-2c78-4de7-bb2e-56e9349cb66d", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${addressScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "db8987ff-c258-48c9-8c2e-4e1f2f283515", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "f430e3c4-48d8-4b48-824c-58fa950e3162", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${emailScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "4d1852a7-0735-4ea7-9e2b-eb62775975e9", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "2be3ecee-f2ba-45c6-9c03-ecbcd57ef892", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "2dc9a314-a8a2-4158-ae13-44b524a106cf", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "264fb76f-3460-48df-95ce-2484c8e5b5c9", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${phoneScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "e5cdd2ff-09d2-4c46-b3aa-1dbe269f9c84", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + }, + { + "id": "d4577eed-c8ef-4472-ba67-701362d87075", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "0710ab2c-f207-40a6-9b48-357b5e613ecc", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${profileScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "446fa5ee-ec5f-4686-8ee3-1774894dfa67", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "637d89c1-d01c-4342-aef2-cf998bc6debb", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "7467cf05-040a-414d-9dce-7e12017b4877", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "9788ba7e-ac2c-44d2-b359-38715a20cda0", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "2b825105-1344-49c1-b8e9-c650e5cf1466", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "f087ddac-3587-42d0-9f0a-156eacc2c8a3", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "e1523265-8464-4894-85c3-e2e33318132e", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "abd30893-032c-4ff4-91ff-e0f487b52c7d", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "1df211c9-7681-4f26-94b4-ff1f13070299", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "e3916ca8-f442-4dce-8632-a44ca0d12f78", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "8f7057ba-effb-4d2a-9343-5b6dceeb1df0", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "String" + } + }, + { + "id": "ada6d8cf-2a80-488d-bff0-6713c88b7733", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "167fb08e-6804-4452-b054-d494ce6e1aec", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "e121d0f2-9af8-440a-a2ac-6ab7bed1959e", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "67565c69-b19a-46d1-a4d2-e168cf8f1ff2", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "7b8b9b4f-2dc5-4991-88ba-363789ef4273", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + } + ], + "defaultDefaultClientScopes": [ + "profile", + "role_list", + "email" + ], + "defaultOptionalClientScopes": [ + "phone", + "offline_access", + "address" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "xXSSProtection": "1; mode=block", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "eventsEnabled": false, + "eventsListeners": [ + "jboss-logging" + ], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "a9df5509-a3e6-4298-b0dd-89283e43c98d", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-role-list-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-address-mapper", + "saml-user-attribute-mapper" + ] + } + }, + { + "id": "716cb8ab-1e27-4119-b78f-5356858dcb41", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "ff4f5c61-6d74-49c4-add0-0cb5b403adbb", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "0eea0e90-fed9-4ad7-af33-7ee14f45417f", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "f5f9be1b-4248-462e-987a-c49080dc89d5", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "87b3d39d-27b5-45e9-8793-ca1e90633d5e", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-full-name-mapper", + "oidc-usermodel-property-mapper", + "oidc-address-mapper" + ] + } + }, + { + "id": "cf0206b9-af54-4b1d-842d-35709b9b2416", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "bf450bd0-16d3-48b1-8120-01ffeae36009", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "abeebe85-48d0-4c48-906e-e01b21f414e6", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + }, + { + "id": "8edb83d9-2775-4f31-a04e-b2b044df9d4a", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] + } + }, + { + "id": "6c011a27-dae1-43f7-8928-a99c7d83fcca", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + } + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "5fbafc16-55b5-41ad-9777-0295a824950c", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "idp-email-verification", + "requirement": "ALTERNATIVE", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "ALTERNATIVE", + "priority": 30, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "12b28e4f-478f-4abe-b24d-b0a7a3b69deb", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-otp-form", + "requirement": "OPTIONAL", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "e97de13b-04ce-4f35-9ac6-0ab7f987ea33", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-spnego", + "requirement": "DISABLED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "identity-provider-redirector", + "requirement": "ALTERNATIVE", + "priority": 25, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "ALTERNATIVE", + "priority": 30, + "flowAlias": "forms", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "e6bb84d1-dd99-42bb-8d4e-76b76bb744ff", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-jwt", + "requirement": "ALTERNATIVE", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-secret-jwt", + "requirement": "ALTERNATIVE", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-x509", + "requirement": "ALTERNATIVE", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "f4adf75a-f348-46f1-90aa-ba5ba332a9a8", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "direct-grant-validate-password", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "direct-grant-validate-otp", + "requirement": "OPTIONAL", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "117a5b7c-ed16-4a1a-a0a7-8fd1ff5429be", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "40991ed8-f811-4144-811c-3ef6934e33bb", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "requirement": "ALTERNATIVE", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "ALTERNATIVE", + "priority": 30, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "63ea9d89-9e59-48e0-a672-be7485df2a6e", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-otp-form", + "requirement": "OPTIONAL", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "4d9a5e12-eba2-4fdd-9089-d2ec5cf38b51", + "alias": "http challenge", + "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "no-cookie-redirect", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "basic-auth", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "basic-auth-otp", + "requirement": "DISABLED", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-spnego", + "requirement": "DISABLED", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "f7bccba1-7e29-4471-8ffc-010a8f40cce3", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "requirement": "REQUIRED", + "priority": 10, + "flowAlias": "registration form", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "482106b4-12ad-4a0b-aa61-2c2586662cb4", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-profile-action", + "requirement": "REQUIRED", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-password-action", + "requirement": "REQUIRED", + "priority": 50, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-recaptcha-action", + "requirement": "DISABLED", + "priority": 60, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "54f5e4d1-fc88-4d74-bbc8-5356c0049534", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-credential-email", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-password", + "requirement": "REQUIRED", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-otp", + "requirement": "OPTIONAL", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "2c719ec1-2377-4314-83de-e3269d1a03a9", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "18dec793-b93a-425d-88f1-f0f8adef894b", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "5d968a5d-c719-41f4-9e54-4d59c165dc41", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "terms_and_conditions", + "name": "Terms and Conditions", + "providerId": "terms_and_conditions", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "attributes": { + "_browser_header.xXSSProtection": "1; mode=block", + "_browser_header.xFrameOptions": "SAMEORIGIN", + "_browser_header.strictTransportSecurity": "max-age=31536000; includeSubDomains", + "permanentLockout": "false", + "quickLoginCheckMilliSeconds": "1000", + "_browser_header.xRobotsTag": "none", + "maxFailureWaitSeconds": "900", + "minimumQuickLoginWaitSeconds": "60", + "failureFactor": "30", + "actionTokenGeneratedByUserLifespan": "300", + "maxDeltaTimeSeconds": "43200", + "_browser_header.xContentTypeOptions": "nosniff", + "offlineSessionMaxLifespan": "5184000", + "actionTokenGeneratedByAdminLifespan": "43200", + "_browser_header.contentSecurityPolicyReportOnly": "", + "bruteForceProtected": "false", + "_browser_header.contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "waitIncrementSeconds": "60", + "offlineSessionMaxLifespanEnabled": "false" + }, + "keycloakVersion": "4.5.0.Final", + "userManagedAccessAllowed": false +}
\ No newline at end of file diff --git a/deployments/helm/servicemesh/keycloak/templates/Deployment.yaml b/deployments/helm/servicemesh/keycloak/templates/Deployment.yaml new file mode 100644 index 00000000..ed581e10 --- /dev/null +++ b/deployments/helm/servicemesh/keycloak/templates/Deployment.yaml @@ -0,0 +1,41 @@ +{{/* +# Copyright 2019 Intel Corporation, Inc +# + # Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.metadata.name }} + namespace: {{ .Values.metadata.namespace }} +spec: + replicas: {{ .Values.spec.replicas }} + selector: + matchLabels: + app: {{ .Values.spec.selector.matchLabels.app }} + template: + metadata: + labels: + app: {{ .Values.spec.template.metadata.labels.app }} + spec: + containers: + - name: keycloak + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: +{{ toYaml .Values.env | indent 8 }} + ports: +{{ toYaml .Values.ports | indent 8 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 10 }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 10 }} diff --git a/deployments/helm/servicemesh/keycloak/templates/Service.yaml b/deployments/helm/servicemesh/keycloak/templates/Service.yaml new file mode 100644 index 00000000..cdf8acc2 --- /dev/null +++ b/deployments/helm/servicemesh/keycloak/templates/Service.yaml @@ -0,0 +1,27 @@ +{{/* +# Copyright 2019 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.Service.metadata.name }} + labels: + app: {{ .Values.Service.metadata.labels.app }} +spec: + type: {{ .Values.Service.spec.type }} + ports: +{{ toYaml .Values.Service.spec.ports | indent 2 }} + selector: + app: {{ .Values.Service.spec.selector.app }} diff --git a/deployments/helm/servicemesh/keycloak/values.yaml b/deployments/helm/servicemesh/keycloak/values.yaml new file mode 100644 index 00000000..2915afc3 --- /dev/null +++ b/deployments/helm/servicemesh/keycloak/values.yaml @@ -0,0 +1,71 @@ +#{{/* +# Copyright 2019 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +#*/}} +metadata: + name: keycloak + namespace: keycloak +image: + repository: jboss/keycloak + tag: 6.0.1 + pullPolicy: IfNotPresent +spec: + replicas: 1 + selector: + matchLabels: + app: keycloak + template: + metadata: + labels: + app: keycloak + spec: + containers: + - name: keycloak +resources: {} +env: +- name: KEYCLOAK_USER + value: "admin" +- name: KEYCLOAK_PASSWORD + value: "admin" +- name: PROXY_ADDRESS_FORWARDING + value: "true" +readinessProbe: + httpGet: + path: /auth/realms/master + port: 8080 + failureThreshold: 10 + initialDelaySeconds: 30 +livenessProbe: + httpGet: + path: /auth/realms/master + port: 8080 + initialDelaySeconds: 60 +ports: +- name: http + containerPort: 8080 +- name: https + containerPort: 8443 + +Service: + metadata: + name: keycloak + labels: + app: keycloak + spec: + type: LoadBalancer + ports: + - name: http + port: 8080 + selector: + app: keycloak |