summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKonrad Bańka <k.banka@samsung.com>2020-10-28 16:49:19 +0100
committerKonrad Bańka <k.banka@samsung.com>2020-11-05 15:31:17 +0100
commit52c38b98b8410de74e545f5cd7f79c2d959bc81a (patch)
tree0f7abe0a272cb16c30eecd9339179446d08cc33a
parent2627db3364c949c6e45b55a7b8f408bb4da56948 (diff)
[CCSDK] Make a1policymanagement react on ConfigMap updates
Updated Deployment spec to template ConfigMap files in runtime allowing live reaction of application to config changes. Provided Configmaps with scripts to handle monitoring configmap-provided files. Updated envsubst to explicitly point to downloaded version. Issue-ID: CCSDK-2958 Signed-off-by: Konrad Bańka <k.banka@samsung.com> Change-Id: I22e18f2838c0956f899cb9fa96d9fd862e6c6942
-rw-r--r--kubernetes/a1policymanagement/resources/envsubst/daemon.sh30
-rw-r--r--kubernetes/a1policymanagement/resources/envsubst/update_files27
-rw-r--r--kubernetes/a1policymanagement/templates/deployment.yaml32
-rw-r--r--kubernetes/a1policymanagement/templates/envsubst-configmap.yaml23
-rw-r--r--kubernetes/a1policymanagement/values.yaml5
5 files changed, 114 insertions, 3 deletions
diff --git a/kubernetes/a1policymanagement/resources/envsubst/daemon.sh b/kubernetes/a1policymanagement/resources/envsubst/daemon.sh
new file mode 100644
index 0000000000..6d239f1ec8
--- /dev/null
+++ b/kubernetes/a1policymanagement/resources/envsubst/daemon.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+terminate() {
+ echo "$(date) | INFO | Terminating child processes"
+ pids="$(jobs -p)"
+ if [ "$pids" != "" ]; then
+ kill -TERM $pids >/dev/null 2>/dev/null
+ fi
+ wait
+}
+
+trap terminate TERM
+echo "$(date) | INFO | Started monitoring /config-input/ directory"
+inotifyd /tmp/scripts/update_files /config-input/ &
+wait
diff --git a/kubernetes/a1policymanagement/resources/envsubst/update_files b/kubernetes/a1policymanagement/resources/envsubst/update_files
new file mode 100644
index 0000000000..754bb55432
--- /dev/null
+++ b/kubernetes/a1policymanagement/resources/envsubst/update_files
@@ -0,0 +1,27 @@
+#!/bin/sh
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+if [ "$1" == "y" ] && [ "$3" == "..data" ]; then
+ echo "$(date) | INFO | Configmap has been reloaded"
+ cd /config-input
+ for file in $(ls -1); do
+ if [ "$file" -nt "/config/$file" ]; then
+ echo "$(date) | INFO | Templating /config/$file"
+ envsubst <$file >/config/$file
+ fi
+ done
+fi
diff --git a/kubernetes/a1policymanagement/templates/deployment.yaml b/kubernetes/a1policymanagement/templates/deployment.yaml
index 6987bd41c5..1a2866b981 100644
--- a/kubernetes/a1policymanagement/templates/deployment.yaml
+++ b/kubernetes/a1policymanagement/templates/deployment.yaml
@@ -1,6 +1,7 @@
{{/*
################################################################################
# Copyright (c) 2020 Nordix Foundation. #
+# Copyright © 2020 Samsung Electronics, Modifications #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
@@ -27,14 +28,14 @@ spec:
labels: {{- include "common.labels" . | nindent 8 }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-update-config
+ - name: {{ include "common.name" . }}-bootstrap-config
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- sh
args:
- -c
- - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; chmod o+w /config/${PFILE}; done"
env:
- name: A1CONTROLLER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
@@ -46,6 +47,29 @@ spec:
- mountPath: /config
name: config
containers:
+ - name: {{ include "common.name" . }}-update-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ runAsGroup: {{ .Values.groupID }}
+ runAsUser: {{ .Values.userID }}
+ runAsNonRoot: true
+ command:
+ - sh
+ args:
+ - /tmp/scripts/daemon.sh
+ env:
+ - name: A1CONTROLLER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
+ - name: A1CONTROLLER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /tmp/scripts
+ name: {{ include "common.fullname" . }}-envsubst-scripts
+ - mountPath: /config-input
+ name: {{ include "common.fullname" . }}-policy-conf-input
+ - mountPath: /config
+ name: config
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -70,6 +94,10 @@ spec:
- name: {{ include "common.fullname" . }}-policy-conf-input
configMap:
name: {{ include "common.fullname" . }}-policy-conf
+ defaultMode: 0555
+ - name: {{ include "common.fullname" . }}-envsubst-scripts
+ configMap:
+ name: {{ include "common.fullname" . }}-envsubst-scripts
- name: config
emptyDir:
medium: Memory
diff --git a/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml b/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml
new file mode 100644
index 0000000000..99449638f4
--- /dev/null
+++ b/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml
@@ -0,0 +1,23 @@
+{{/*
+################################################################################
+# Copyright © 2020 Samsung Electronics #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+ name: {{ include "common.fullname" . }}-envsubst-scripts
+data:
+{{ tpl (.Files.Glob "resources/envsubst/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml
index 21a86a0fe1..2f45e41648 100644
--- a/kubernetes/a1policymanagement/values.yaml
+++ b/kubernetes/a1policymanagement/values.yaml
@@ -1,5 +1,6 @@
################################################################################
# Copyright (c) 2020 Nordix Foundation. #
+# Copyright © 2020 Samsung Electronics, Modifications #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
@@ -19,7 +20,7 @@
global:
nodePortPrefix: 300
- envsubstImage: dibi/envsubst
+ envsubstImage: dibi/envsubst:1
secrets:
- uid: controller-secret
@@ -31,6 +32,8 @@ secrets:
repository: nexus3.onap.org:10001
image: onap/ccsdk-oran-a1policymanagementservice:1.0.1
+userID: 1000 #Should match with image-defined user ID
+groupID: 999 #Should match with image-defined group ID
pullPolicy: IfNotPresent
replicaCount: 1