diff options
author | Jack Lucas <jflos@sonoris.net> | 2021-02-16 11:07:28 -0500 |
---|---|---|
committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-03-21 16:50:16 +0000 |
commit | d41dbdb69fc20e6a0c2130b05aa201ff1ef6117a (patch) | |
tree | 0355226eab9754a71520cbb62fc5764cf9e2236d /kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl | |
parent | fde94076e689727e8a2c3c5147ce1242dc225f87 (diff) |
[DCAEGEN2] Deploy DCAE microservices via Helm
Deploy DCAE microservices using Helm instead of having
the DCAE bootstrap container deploy them using Cloudify.
Charts for the microservices are found under
oom/kubernetes/dcaegen2-services.
Issue-ID: DCAEGEN2-2615
Issue-ID: DCAEGEN2-2617
Signed-off-by: Jack Lucas <jflos@sonoris.net>
Change-Id: I22d88987ae8e21b3c08f31f13ffda98967d13297
[Use common secret template for secrets]
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Diffstat (limited to 'kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl')
-rw-r--r-- | kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl | 239 |
1 files changed, 239 insertions, 0 deletions
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl new file mode 100644 index 0000000000..c03be83264 --- /dev/null +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -0,0 +1,239 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{/* +dcaegen2-services-common.microserviceDeployment: +This template produces a Kubernetes Deployment for a DCAE microservice. + +All DCAE microservices currently use very similar Deployments. Having a +common template eliminates a lot of repetition in the individual charts +for each microservice. + +The template expects the full chart context as input. A chart for a +DCAE microservice references this template using: +{{ include "dcaegen2-services-common.microserviceDeployment" . }} +The template directly references data in .Values, and indirectly (through its +use of templates from the ONAP "common" collection) references data in +.Release. + +The exact content of the Deployment generated from this template +depends on the content of .Values. + +The Deployment always includes a single Pod, with a container that uses +the DCAE microservice image. + +The Deployment Pod may also include a logging sidecar container. +The sidecar is included if .Values.logDirectory is set. The +logging sidecar and the DCAE microservice container share a +volume where the microservice logs are written. + +The Deployment includes an initContainer that pushes the +microservice's initial configuration (from .Values.applicationConfig) +into Consul. All DCAE microservices retrieve their initial +configurations by making an API call to a DCAE platform component called +the config-binding-service. The config-binding-service currently +retrieves configuration information from Consul. + +The Deployment also includes an initContainer that checks for the +readiness of other components that the microservice relies on. +This container is generated by the "common.readinessCheck.waitfor" +template. + +If the microservice acts as a TLS client or server, the Deployment will +include an initContainer that retrieves certificate information from +the AAF certificate manager. The information is mounted at the +mount point specified in .Values.certDirectory. If the microservice is +a TLS server (indicated by setting .Values.tlsServer to true), the +certificate information will include a server cert and key, in various +formats. It will also include the AAF CA cert. If the microservice is +a TLS client only (indicated by setting .Values.tlsServer to false), the +certificate information includes only the AAF CA cert. +*/}} + +{{- define "dcaegen2-services-common.microserviceDeployment" -}} +{{- $logDir := default "" .Values.logDirectory -}} +{{- $certDir := default "" .Values.certDirectory . -}} +{{- $tlsServer := default "" .Values.tlsServer -}} +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: 1 + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - command: + - sh + args: + - -c + - | + {{- range $var := .Values.customEnvVars }} + export {{ $var.name }}="{{ $var.value }}"; + {{- end }} + cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done + env: + {{- range $cred := .Values.credentials }} + - name: {{ $cred.name }} + {{- include "common.secret.envFromSecretFast" (dict "global" $ "uid" $cred.uid "key" $cred.key) | indent 10 }} + {{- end }} + volumeMounts: + - mountPath: /config-input + name: app-config-input + - mountPath: /config + name: app-config + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} + - name: init-consul + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + args: + - --key-yaml + - "{{ include "common.name" . }}|/app-config/application_config.yaml" + resources: {{ include "common.resources" . | nindent 2 }} + volumeMounts: + - mountPath: /app-config + name: app-config + {{- if $certDir }} + - name: init-tls + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.tlsImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: TLS_SERVER + value: {{ $tlsServer | quote }} + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + resources: {{ include "common.resources" . | nindent 2 }} + volumeMounts: + - mountPath: /opt/app/osaaf + name: tls-info + {{- end }} + containers: + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }} + env: + {{- if $certDir }} + - name: DCAE_CA_CERTPATH + value: {{ $certDir}}/cacert.pem + {{- end }} + - name: CONSUL_HOST + value: consul-server.onap + - name: CONFIG_BINDING_SERVICE + value: config-binding-service + - name: CBS_CONFIG_URL + value: https://config-binding-service:10443/service_component_all/{{ include "common.name" . }} + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + {{- if .Values.applicationEnv }} + {{- range $envName, $envValue := .Values.applicationEnv }} + - name: {{ $envName }} + value: {{ $envValue | quote }} + {{- end }} + {{- end }} + {{- if .Values.service }} + ports: {{ include "common.containerPorts" . | nindent 10 }} + {{- end }} + {{- if .Values.readiness }} + readinessProbe: + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds | default 5 }} + periodSeconds: {{ .Values.readiness.periodSeconds | default 15 }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds | default 1 }} + {{- $probeType := .Values.readiness.type | default "httpGet" -}} + {{- if eq $probeType "httpGet" }} + httpGet: + scheme: {{ .Values.readiness.scheme }} + path: {{ .Values.readiness.path }} + port: {{ .Values.readiness.port }} + {{- end }} + {{- if eq $probeType "exec" }} + exec: + command: + {{- range $cmd := .Values.readiness.command }} + - {{ $cmd }} + {{- end }} + {{- end }} + {{- end }} + resources: {{ include "common.resources" . | nindent 2 }} + {{- if or $logDir $certDir }} + volumeMounts: + {{- if $logDir }} + - mountPath: {{ $logDir}} + name: component-log + {{- end }} + {{- if $certDir }} + - mountPath: {{ $certDir }} + name: tls-info + {{- end }} + {{- end }} + {{- if $logDir }} + - image: {{ include "repositoryGenerator.image.logging" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: filebeat + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + resources: {{ include "common.resources" . | nindent 2 }} + volumeMounts: + - mountPath: /var/log/onap/{{ include "common.name" . }} + name: component-log + - mountPath: /usr/share/filebeat/data + name: filebeat-data + - mountPath: /usr/share/filebeat/filebeat.yml + name: filebeat-conf + subPath: filebeat.yml + {{- end }} + hostname: {{ include "common.name" . }} + volumes: + - configMap: + defaultMode: 420 + name: {{ include "common.fullname" . }}-application-config-configmap + name: app-config-input + - emptyDir: + medium: Memory + name: app-config + {{- if $logDir }} + - emptyDir: {} + name: component-log + - emptyDir: {} + name: filebeat-data + - configMap: + defaultMode: 420 + name: {{ include "common.fullname" . }}-filebeat-configmap + name: filebeat-conf + {{- end }} + {{- if $certDir }} + - emptyDir: {} + name: tls-info + {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ end -}} |