aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates
diff options
context:
space:
mode:
authorJack Lucas <jflos@sonoris.net>2021-02-16 11:07:28 -0500
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-03-21 16:50:16 +0000
commitd41dbdb69fc20e6a0c2130b05aa201ff1ef6117a (patch)
tree0355226eab9754a71520cbb62fc5764cf9e2236d /kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates
parentfde94076e689727e8a2c3c5147ce1242dc225f87 (diff)
[DCAEGEN2] Deploy DCAE microservices via Helm
Deploy DCAE microservices using Helm instead of having the DCAE bootstrap container deploy them using Cloudify. Charts for the microservices are found under oom/kubernetes/dcaegen2-services. Issue-ID: DCAEGEN2-2615 Issue-ID: DCAEGEN2-2617 Signed-off-by: Jack Lucas <jflos@sonoris.net> Change-Id: I22d88987ae8e21b3c08f31f13ffda98967d13297 [Use common secret template for secrets] Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Diffstat (limited to 'kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates')
-rw-r--r--kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl65
-rw-r--r--kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl239
-rw-r--r--kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_filebeat-config.tpl86
-rw-r--r--kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_job.tpl61
4 files changed, 451 insertions, 0 deletions
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl
new file mode 100644
index 0000000000..46f52b805e
--- /dev/null
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl
@@ -0,0 +1,65 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2019 AT&T
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+dcaegen2-services-common.configMap:
+This template produces Kubernetes configMap(s) needed by a
+DCAE microservice.
+
+The template expects the full chart context as input. A chart for a
+DCAE microservice references this template using:
+{{ include "dcaegen2-services-common.configMap" . }}
+The template directly references data in .Values, and indirectly (through its
+use of templates from the ONAP "common" collection) references data in
+.Release.
+
+The template always produces a configMap containing the microservice's
+initial configuration data. This configMap is used by an initContainer
+that loads the configuration into Consul. (See the documentation for
+dcaegen2-services-common.microserviceDeployment for more details.)
+
+If the microservice is using a logging sidecar (again, see the documentation
+for dcaegen2-services-common.microserviceDeployment for more details), the
+template generates an additiona configMap that supplies configuration
+information for the logging sidecar.
+*/}}
+
+{{- define "dcaegen2-services-common.configMap" -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-application-config-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels: {{ include "common.labels" . | nindent 6 }}
+data:
+ application_config.yaml: |
+{{ .Values.applicationConfig | toYaml | indent 4 }}
+
+{{- if .Values.logDirectory }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-filebeat-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels: {{ include "common.labels" . | nindent 6 }}
+data:
+ filebeat.yml: |-
+{{ include "dcaegen2-services-common.filebeatConfiguration" . | indent 4 }}
+{{- end }}
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
new file mode 100644
index 0000000000..c03be83264
--- /dev/null
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -0,0 +1,239 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{/*
+dcaegen2-services-common.microserviceDeployment:
+This template produces a Kubernetes Deployment for a DCAE microservice.
+
+All DCAE microservices currently use very similar Deployments. Having a
+common template eliminates a lot of repetition in the individual charts
+for each microservice.
+
+The template expects the full chart context as input. A chart for a
+DCAE microservice references this template using:
+{{ include "dcaegen2-services-common.microserviceDeployment" . }}
+The template directly references data in .Values, and indirectly (through its
+use of templates from the ONAP "common" collection) references data in
+.Release.
+
+The exact content of the Deployment generated from this template
+depends on the content of .Values.
+
+The Deployment always includes a single Pod, with a container that uses
+the DCAE microservice image.
+
+The Deployment Pod may also include a logging sidecar container.
+The sidecar is included if .Values.logDirectory is set. The
+logging sidecar and the DCAE microservice container share a
+volume where the microservice logs are written.
+
+The Deployment includes an initContainer that pushes the
+microservice's initial configuration (from .Values.applicationConfig)
+into Consul. All DCAE microservices retrieve their initial
+configurations by making an API call to a DCAE platform component called
+the config-binding-service. The config-binding-service currently
+retrieves configuration information from Consul.
+
+The Deployment also includes an initContainer that checks for the
+readiness of other components that the microservice relies on.
+This container is generated by the "common.readinessCheck.waitfor"
+template.
+
+If the microservice acts as a TLS client or server, the Deployment will
+include an initContainer that retrieves certificate information from
+the AAF certificate manager. The information is mounted at the
+mount point specified in .Values.certDirectory. If the microservice is
+a TLS server (indicated by setting .Values.tlsServer to true), the
+certificate information will include a server cert and key, in various
+formats. It will also include the AAF CA cert. If the microservice is
+a TLS client only (indicated by setting .Values.tlsServer to false), the
+certificate information includes only the AAF CA cert.
+*/}}
+
+{{- define "dcaegen2-services-common.microserviceDeployment" -}}
+{{- $logDir := default "" .Values.logDirectory -}}
+{{- $certDir := default "" .Values.certDirectory . -}}
+{{- $tlsServer := default "" .Values.tlsServer -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - |
+ {{- range $var := .Values.customEnvVars }}
+ export {{ $var.name }}="{{ $var.value }}";
+ {{- end }}
+ cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done
+ env:
+ {{- range $cred := .Values.credentials }}
+ - name: {{ $cred.name }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $ "uid" $cred.uid "key" $cred.key) | indent 10 }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: app-config-input
+ - mountPath: /config
+ name: app-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
+ - name: init-consul
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - --key-yaml
+ - "{{ include "common.name" . }}|/app-config/application_config.yaml"
+ resources: {{ include "common.resources" . | nindent 2 }}
+ volumeMounts:
+ - mountPath: /app-config
+ name: app-config
+ {{- if $certDir }}
+ - name: init-tls
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.tlsImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: TLS_SERVER
+ value: {{ $tlsServer | quote }}
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.podIP
+ resources: {{ include "common.resources" . | nindent 2 }}
+ volumeMounts:
+ - mountPath: /opt/app/osaaf
+ name: tls-info
+ {{- end }}
+ containers:
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}
+ env:
+ {{- if $certDir }}
+ - name: DCAE_CA_CERTPATH
+ value: {{ $certDir}}/cacert.pem
+ {{- end }}
+ - name: CONSUL_HOST
+ value: consul-server.onap
+ - name: CONFIG_BINDING_SERVICE
+ value: config-binding-service
+ - name: CBS_CONFIG_URL
+ value: https://config-binding-service:10443/service_component_all/{{ include "common.name" . }}
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.podIP
+ {{- if .Values.applicationEnv }}
+ {{- range $envName, $envValue := .Values.applicationEnv }}
+ - name: {{ $envName }}
+ value: {{ $envValue | quote }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.service }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ {{- end }}
+ {{- if .Values.readiness }}
+ readinessProbe:
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds | default 5 }}
+ periodSeconds: {{ .Values.readiness.periodSeconds | default 15 }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds | default 1 }}
+ {{- $probeType := .Values.readiness.type | default "httpGet" -}}
+ {{- if eq $probeType "httpGet" }}
+ httpGet:
+ scheme: {{ .Values.readiness.scheme }}
+ path: {{ .Values.readiness.path }}
+ port: {{ .Values.readiness.port }}
+ {{- end }}
+ {{- if eq $probeType "exec" }}
+ exec:
+ command:
+ {{- range $cmd := .Values.readiness.command }}
+ - {{ $cmd }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ resources: {{ include "common.resources" . | nindent 2 }}
+ {{- if or $logDir $certDir }}
+ volumeMounts:
+ {{- if $logDir }}
+ - mountPath: {{ $logDir}}
+ name: component-log
+ {{- end }}
+ {{- if $certDir }}
+ - mountPath: {{ $certDir }}
+ name: tls-info
+ {{- end }}
+ {{- end }}
+ {{- if $logDir }}
+ - image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: filebeat
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.podIP
+ resources: {{ include "common.resources" . | nindent 2 }}
+ volumeMounts:
+ - mountPath: /var/log/onap/{{ include "common.name" . }}
+ name: component-log
+ - mountPath: /usr/share/filebeat/data
+ name: filebeat-data
+ - mountPath: /usr/share/filebeat/filebeat.yml
+ name: filebeat-conf
+ subPath: filebeat.yml
+ {{- end }}
+ hostname: {{ include "common.name" . }}
+ volumes:
+ - configMap:
+ defaultMode: 420
+ name: {{ include "common.fullname" . }}-application-config-configmap
+ name: app-config-input
+ - emptyDir:
+ medium: Memory
+ name: app-config
+ {{- if $logDir }}
+ - emptyDir: {}
+ name: component-log
+ - emptyDir: {}
+ name: filebeat-data
+ - configMap:
+ defaultMode: 420
+ name: {{ include "common.fullname" . }}-filebeat-configmap
+ name: filebeat-conf
+ {{- end }}
+ {{- if $certDir }}
+ - emptyDir: {}
+ name: tls-info
+ {{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ end -}}
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_filebeat-config.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_filebeat-config.tpl
new file mode 100644
index 0000000000..a402517068
--- /dev/null
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_filebeat-config.tpl
@@ -0,0 +1,86 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{/*
+dcaegen2-services-common.filebeatConfiguration:
+This template generates configuration data for filebeat (log file aggregation).
+
+The template is used to create a configMap mounted by a filebeat sidecar pod
+running alongside a DCAE microservice pod.
+
+See dcaegen2-services-common.configMap for more information.
+*/}}
+{{- define "dcaegen2-services-common.filebeatConfiguration" -}}
+filebeat.prospectors:
+#it is mandatory, in our case it's log
+- input_type: log
+ #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
+ paths:
+ - /var/log/onap/*/*/*/*.log
+ - /var/log/onap/*/*/*.log
+ - /var/log/onap/*/*.log
+ #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
+ ignore_older: 48h
+ # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
+ clean_inactive: 96h
+
+
+# Name of the registry file. If a relative path is used, it is considered relative to the
+# data path. Else full qualified file name.
+#filebeat.registry_file: ${path.data}/registry
+
+
+output.logstash:
+ #List of logstash server ip addresses with port number.
+ #But, in our case, this will be the loadbalancer IP address.
+ #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
+ hosts: ["{{.Values.filebeatConfig.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.filebeatConfig.logstashPort}}"]
+ #If enable will do load balancing among availabe Logstash, automatically.
+ loadbalance: true
+
+ #The list of root certificates for server verifications.
+ #If certificate_authorities is empty or not set, the trusted
+ #certificate authorities of the host system are used.
+ #ssl.certificate_authorities: $ssl.certificate_authorities
+
+ #The path to the certificate for SSL client authentication. If the certificate is not specified,
+ #client authentication is not available.
+ #ssl.certificate: $ssl.certificate
+
+ #The client certificate key used for client authentication.
+ #ssl.key: $ssl.key
+
+ #The passphrase used to decrypt an encrypted key stored in the configured key file
+ #ssl.key_passphrase: $ssl.key_passphrase
+
+logging:
+ level: debug
+
+ # enable file rotation with default configuration
+ to_files: true
+
+ # do not log to syslog
+ to_syslog: false
+
+ files:
+ path: /usr/share/filebeat/logs
+ name: mybeat.log
+ keepfiles: 7
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_job.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_job.tpl
new file mode 100644
index 0000000000..6d52b2a087
--- /dev/null
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_job.tpl
@@ -0,0 +1,61 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{/*
+dcaegen2-services-common.consulDeleteJob:
+This template generates a Kubernetes Job that runs when a
+DCAE microservice is deleted. The Job deletes the Consul
+entry that contains the microservice's configuration.
+
+The template expects the full chart context as input. A chart for a
+DCAE microservice references this template using:
+{{ include "dcaegen2-services-common.consulDeleteJob" . }}
+The template directly references data in .Values, and indirectly (through its
+use of templates from the ONAP "common" collection) references data in
+.Release.
+
+The microservice configuration data is loaded into Consul by an
+initContainer that is part of the Kubernetes Deployment for the microservice.
+See the documentation for dcaegen2-services-common.microserviceDeployment
+for more information.
+*/}}
+{{- define "dcaegen2-services-common.consulDeleteJob" -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-delete-config
+ namespace: {{ include "common.namespace" . }}
+ labels: {{ include "common.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": pre-delete
+ "helm.sh/hook-delete-policy": hook-succeeded,hook-failed
+spec:
+ template:
+ metadata:
+ name: {{ include "common.fullname" . }}-delete-config
+ labels: {{ include "common.labels" . | nindent 8 }}
+ spec:
+ restartPolicy: Never
+ containers:
+ - name: dcae-config-delete
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - --delete-key
+ - {{ include "common.name" . }}
+{{ end -}}