diff options
author | Kiran Kamineni <kiran.k.kamineni@intel.com> | 2018-04-09 10:14:32 -0700 |
---|---|---|
committer | Kiran Kamineni <kiran.k.kamineni@intel.com> | 2018-04-25 11:39:17 -0700 |
commit | e4e81e7362308164e032f6b932dc326ad44178fb (patch) | |
tree | 7f86e11c38baa9d40ef270fdc496fb4aaf9b70bc | |
parent | c48356040529d981eb1f4bb78e68e0687a68afb4 (diff) |
Adding Quorum client sub chart for sms
SMS uses vault for its backend which needs
an unseal operation to proceed.
Quorumclient provides the unseal operation
via 3 replicas that store each unseal shard
and provide it during unseal.
Issue-ID: AAF-255
Change-Id: I62db7a450e1e81aa6bfb2cc5b9da29ce99efd24b
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
20 files changed, 387 insertions, 7 deletions
diff --git a/kubernetes/aaf/charts/sms/Chart.yaml b/kubernetes/aaf/charts/aaf-sms/Chart.yaml index 962ef38650..71418759fb 100644 --- a/kubernetes/aaf/charts/sms/Chart.yaml +++ b/kubernetes/aaf/charts/aaf-sms/Chart.yaml @@ -14,5 +14,5 @@ apiVersion: v1 description: ONAP Secret Management Service -name: sms +name: aaf-sms version: 2.0.0 diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml new file mode 100644 index 0000000000..4e279e7ced --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Secret Management Service Quorum Client +name: aaf-sms-quorumclient +version: 2.0.0 diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml new file mode 100644 index 0000000000..cacc368df1 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml @@ -0,0 +1,27 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + config.json: | + {{ .Values.config | toJson }} diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml new file mode 100644 index 0000000000..da0949816e --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml @@ -0,0 +1,37 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} +{{- end -}} diff --git a/kubernetes/aaf/charts/sms/charts/vault/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/pvc.yaml index e6aacd1b96..e6aacd1b96 100644 --- a/kubernetes/aaf/charts/sms/charts/vault/templates/pvc.yaml +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/pvc.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml new file mode 100644 index 0000000000..483d6c5f17 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml @@ -0,0 +1,70 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + serviceName: + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + name: {{ include "common.name" . }} + imagePullPolicy: {{ .Values.pullPolicy }} + command: ["/quorumclient/bin/quorumclient"] + workingDir: /quorumclient/ + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /quorumclient/config.json + name: {{ include "common.name" .}} + subPath: config.json + - mountPath: /quorumclient/auth + name: {{ include "common.fullname" . }}-auth + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name : {{ include "common.name" . }} + configMap: + name: {{ include "common.fullname" . }} + - name: {{ include "common.fullname" . }}-auth + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml new file mode 100644 index 0000000000..d09d492137 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml @@ -0,0 +1,83 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== + readinessRepository: oomk8s + readinessImage: readiness-check:1.1.1 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + persistence: {} + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/aaf/smsquorumclient +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +# Example: +config: + url: "http://aaf-sms:10443" + cafile: "selfsignedca.pem" + clientcert: "server.cert" + clientkey: "server.key" + timeout: "60s" + disable_tls: true + +# default number of instances +replicaCount: 3 + +nodeSelector: {} + +affinity: {} + +persistence: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 10Mi + mountPath: /dockerdata-nfs + mountSubPath: sms/quorum/data + +ingress: + enabled: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +#resources: +# limits: +# cpu: 2 +# memory: 4Gi +# requests: +# cpu: 2 +# memory: 4Gi diff --git a/kubernetes/aaf/charts/sms/charts/vault/Chart.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/Chart.yaml index bf1af999d4..3f0b93ea0e 100644 --- a/kubernetes/aaf/charts/sms/charts/vault/Chart.yaml +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/Chart.yaml @@ -14,6 +14,6 @@ apiVersion: v1 description: Chart to launch Vault as SMS backend -name: vault +name: aaf-sms-vault appVersion: 0.9.5 version: 2.0.0 diff --git a/kubernetes/aaf/charts/sms/charts/vault/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml index daf8cadc46..daf8cadc46 100644 --- a/kubernetes/aaf/charts/sms/charts/vault/templates/configmap.yaml +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml new file mode 100644 index 0000000000..da0949816e --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml @@ -0,0 +1,37 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} +{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/pvc.yaml new file mode 100644 index 0000000000..e6aacd1b96 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/pvc.yaml @@ -0,0 +1,48 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + name: {{ include "common.fullname" . }} + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/kubernetes/aaf/charts/sms/templates/service.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/service.yaml index 04e9a5a92f..04e9a5a92f 100644 --- a/kubernetes/aaf/charts/sms/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/service.yaml diff --git a/kubernetes/aaf/charts/sms/charts/vault/templates/statefulset.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml index 26f03044ac..26f03044ac 100644 --- a/kubernetes/aaf/charts/sms/charts/vault/templates/statefulset.yaml +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml diff --git a/kubernetes/aaf/charts/sms/charts/vault/values.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml index 2bce18106f..07b8c33226 100644 --- a/kubernetes/aaf/charts/sms/charts/vault/values.yaml +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml @@ -24,7 +24,7 @@ global: repository: docker.io image: consul: consul:1.0.6 - vault: vault:0.9.6 + vault: vault:0.10.0 pullPolicy: Always # flag to enable debugging - application support required @@ -75,10 +75,8 @@ readiness: persistence: enabled: true - volumeReclaimPolicy: Retain - - accessMode: ReadWriteMany + accessMode: ReadWriteOnce size: 2Gi mountPath: /dockerdata-nfs mountSubPath: sms/consul/data diff --git a/kubernetes/aaf/charts/sms/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sms/templates/configmap.yaml index 72ce6fbadb..72ce6fbadb 100644 --- a/kubernetes/aaf/charts/sms/templates/configmap.yaml +++ b/kubernetes/aaf/charts/aaf-sms/templates/configmap.yaml diff --git a/kubernetes/aaf/charts/sms/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml index e5381a0f0c..4235ad01af 100644 --- a/kubernetes/aaf/charts/sms/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml @@ -31,7 +31,7 @@ spec: release: {{ .Release.Name }} spec: containers: - - image: "{{ .Values.repository }}/{{ .Values.image }}" + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" name: {{ include "common.name" . }} imagePullPolicy: {{ .Values.pullPolicy }} command: ["/sms/bin/sms"] @@ -57,6 +57,8 @@ spec: - mountPath: /sms/smsconfig.json name: {{ include "common.name" .}} subPath: smsconfig.json + - mountPath: /sms/auth + name: {{ include "common.fullname" . }}-auth resources: {{ toYaml .Values.resources | indent 12 }} {{- if .Values.nodeSelector }} @@ -74,5 +76,8 @@ spec: - name : {{ include "common.name" . }} configMap: name: {{ include "common.fullname" . }} + - name: {{ include "common.fullname" . }}-auth + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/sms/charts/vault/templates/pv.yaml b/kubernetes/aaf/charts/aaf-sms/templates/pv.yaml index 37ed28ee9d..37ed28ee9d 100644 --- a/kubernetes/aaf/charts/sms/charts/vault/templates/pv.yaml +++ b/kubernetes/aaf/charts/aaf-sms/templates/pv.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-sms/templates/pvc.yaml new file mode 100644 index 0000000000..e6aacd1b96 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sms/templates/pvc.yaml @@ -0,0 +1,48 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + name: {{ include "common.fullname" . }} + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/kubernetes/aaf/charts/sms/charts/vault/templates/service.yaml b/kubernetes/aaf/charts/aaf-sms/templates/service.yaml index 18334a301c..18334a301c 100644 --- a/kubernetes/aaf/charts/sms/charts/vault/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-sms/templates/service.yaml diff --git a/kubernetes/aaf/charts/sms/values.yaml b/kubernetes/aaf/charts/aaf-sms/values.yaml index 05d4e79e6b..cd3253941d 100644 --- a/kubernetes/aaf/charts/sms/values.yaml +++ b/kubernetes/aaf/charts/aaf-sms/values.yaml @@ -22,6 +22,7 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + persistence: {} ################################################################# # Application configuration defaults. @@ -73,6 +74,14 @@ service: internalPort: 10443 nodePort: 43 +persistence: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 1Gi + mountPath: /dockerdata-nfs + mountSubPath: sms/auth + ingress: enabled: false |