diff options
author | Jack Lucas <jflos@sonoris.net> | 2021-02-16 11:07:28 -0500 |
---|---|---|
committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-03-21 16:50:16 +0000 |
commit | d41dbdb69fc20e6a0c2130b05aa201ff1ef6117a (patch) | |
tree | 0355226eab9754a71520cbb62fc5764cf9e2236d /kubernetes/dcaegen2-services/common | |
parent | fde94076e689727e8a2c3c5147ce1242dc225f87 (diff) |
[DCAEGEN2] Deploy DCAE microservices via Helm
Deploy DCAE microservices using Helm instead of having
the DCAE bootstrap container deploy them using Cloudify.
Charts for the microservices are found under
oom/kubernetes/dcaegen2-services.
Issue-ID: DCAEGEN2-2615
Issue-ID: DCAEGEN2-2617
Signed-off-by: Jack Lucas <jflos@sonoris.net>
Change-Id: I22d88987ae8e21b3c08f31f13ffda98967d13297
[Use common secret template for secrets]
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Diffstat (limited to 'kubernetes/dcaegen2-services/common')
8 files changed, 560 insertions, 0 deletions
diff --git a/kubernetes/dcaegen2-services/common/Makefile b/kubernetes/dcaegen2-services/common/Makefile new file mode 100644 index 0000000000..bf267b7720 --- /dev/null +++ b/kubernetes/dcaegen2-services/common/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/Chart.yaml b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/Chart.yaml new file mode 100644 index 0000000000..5a15ea9ce6 --- /dev/null +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/Chart.yaml @@ -0,0 +1,22 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2020 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +appVersion: "Honolulu" +description: DCAE Microservices Common templates +name: dcaegen2-services-common +version: 7.0.0 diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/requirements.yaml b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/requirements.yaml new file mode 100644 index 0000000000..bf6b86b3ca --- /dev/null +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~7.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl new file mode 100644 index 0000000000..46f52b805e --- /dev/null +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl @@ -0,0 +1,65 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2019 AT&T +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* +dcaegen2-services-common.configMap: +This template produces Kubernetes configMap(s) needed by a +DCAE microservice. + +The template expects the full chart context as input. A chart for a +DCAE microservice references this template using: +{{ include "dcaegen2-services-common.configMap" . }} +The template directly references data in .Values, and indirectly (through its +use of templates from the ONAP "common" collection) references data in +.Release. + +The template always produces a configMap containing the microservice's +initial configuration data. This configMap is used by an initContainer +that loads the configuration into Consul. (See the documentation for +dcaegen2-services-common.microserviceDeployment for more details.) + +If the microservice is using a logging sidecar (again, see the documentation +for dcaegen2-services-common.microserviceDeployment for more details), the +template generates an additiona configMap that supplies configuration +information for the logging sidecar. +*/}} + +{{- define "dcaegen2-services-common.configMap" -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-application-config-configmap + namespace: {{ include "common.namespace" . }} + labels: {{ include "common.labels" . | nindent 6 }} +data: + application_config.yaml: | +{{ .Values.applicationConfig | toYaml | indent 4 }} + +{{- if .Values.logDirectory }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-filebeat-configmap + namespace: {{ include "common.namespace" . }} + labels: {{ include "common.labels" . | nindent 6 }} +data: + filebeat.yml: |- +{{ include "dcaegen2-services-common.filebeatConfiguration" . | indent 4 }} +{{- end }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl new file mode 100644 index 0000000000..c03be83264 --- /dev/null +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -0,0 +1,239 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{/* +dcaegen2-services-common.microserviceDeployment: +This template produces a Kubernetes Deployment for a DCAE microservice. + +All DCAE microservices currently use very similar Deployments. Having a +common template eliminates a lot of repetition in the individual charts +for each microservice. + +The template expects the full chart context as input. A chart for a +DCAE microservice references this template using: +{{ include "dcaegen2-services-common.microserviceDeployment" . }} +The template directly references data in .Values, and indirectly (through its +use of templates from the ONAP "common" collection) references data in +.Release. + +The exact content of the Deployment generated from this template +depends on the content of .Values. + +The Deployment always includes a single Pod, with a container that uses +the DCAE microservice image. + +The Deployment Pod may also include a logging sidecar container. +The sidecar is included if .Values.logDirectory is set. The +logging sidecar and the DCAE microservice container share a +volume where the microservice logs are written. + +The Deployment includes an initContainer that pushes the +microservice's initial configuration (from .Values.applicationConfig) +into Consul. All DCAE microservices retrieve their initial +configurations by making an API call to a DCAE platform component called +the config-binding-service. The config-binding-service currently +retrieves configuration information from Consul. + +The Deployment also includes an initContainer that checks for the +readiness of other components that the microservice relies on. +This container is generated by the "common.readinessCheck.waitfor" +template. + +If the microservice acts as a TLS client or server, the Deployment will +include an initContainer that retrieves certificate information from +the AAF certificate manager. The information is mounted at the +mount point specified in .Values.certDirectory. If the microservice is +a TLS server (indicated by setting .Values.tlsServer to true), the +certificate information will include a server cert and key, in various +formats. It will also include the AAF CA cert. If the microservice is +a TLS client only (indicated by setting .Values.tlsServer to false), the +certificate information includes only the AAF CA cert. +*/}} + +{{- define "dcaegen2-services-common.microserviceDeployment" -}} +{{- $logDir := default "" .Values.logDirectory -}} +{{- $certDir := default "" .Values.certDirectory . -}} +{{- $tlsServer := default "" .Values.tlsServer -}} +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: 1 + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - command: + - sh + args: + - -c + - | + {{- range $var := .Values.customEnvVars }} + export {{ $var.name }}="{{ $var.value }}"; + {{- end }} + cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done + env: + {{- range $cred := .Values.credentials }} + - name: {{ $cred.name }} + {{- include "common.secret.envFromSecretFast" (dict "global" $ "uid" $cred.uid "key" $cred.key) | indent 10 }} + {{- end }} + volumeMounts: + - mountPath: /config-input + name: app-config-input + - mountPath: /config + name: app-config + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} + - name: init-consul + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + args: + - --key-yaml + - "{{ include "common.name" . }}|/app-config/application_config.yaml" + resources: {{ include "common.resources" . | nindent 2 }} + volumeMounts: + - mountPath: /app-config + name: app-config + {{- if $certDir }} + - name: init-tls + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.tlsImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: TLS_SERVER + value: {{ $tlsServer | quote }} + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + resources: {{ include "common.resources" . | nindent 2 }} + volumeMounts: + - mountPath: /opt/app/osaaf + name: tls-info + {{- end }} + containers: + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }} + env: + {{- if $certDir }} + - name: DCAE_CA_CERTPATH + value: {{ $certDir}}/cacert.pem + {{- end }} + - name: CONSUL_HOST + value: consul-server.onap + - name: CONFIG_BINDING_SERVICE + value: config-binding-service + - name: CBS_CONFIG_URL + value: https://config-binding-service:10443/service_component_all/{{ include "common.name" . }} + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + {{- if .Values.applicationEnv }} + {{- range $envName, $envValue := .Values.applicationEnv }} + - name: {{ $envName }} + value: {{ $envValue | quote }} + {{- end }} + {{- end }} + {{- if .Values.service }} + ports: {{ include "common.containerPorts" . | nindent 10 }} + {{- end }} + {{- if .Values.readiness }} + readinessProbe: + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds | default 5 }} + periodSeconds: {{ .Values.readiness.periodSeconds | default 15 }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds | default 1 }} + {{- $probeType := .Values.readiness.type | default "httpGet" -}} + {{- if eq $probeType "httpGet" }} + httpGet: + scheme: {{ .Values.readiness.scheme }} + path: {{ .Values.readiness.path }} + port: {{ .Values.readiness.port }} + {{- end }} + {{- if eq $probeType "exec" }} + exec: + command: + {{- range $cmd := .Values.readiness.command }} + - {{ $cmd }} + {{- end }} + {{- end }} + {{- end }} + resources: {{ include "common.resources" . | nindent 2 }} + {{- if or $logDir $certDir }} + volumeMounts: + {{- if $logDir }} + - mountPath: {{ $logDir}} + name: component-log + {{- end }} + {{- if $certDir }} + - mountPath: {{ $certDir }} + name: tls-info + {{- end }} + {{- end }} + {{- if $logDir }} + - image: {{ include "repositoryGenerator.image.logging" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: filebeat + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + resources: {{ include "common.resources" . | nindent 2 }} + volumeMounts: + - mountPath: /var/log/onap/{{ include "common.name" . }} + name: component-log + - mountPath: /usr/share/filebeat/data + name: filebeat-data + - mountPath: /usr/share/filebeat/filebeat.yml + name: filebeat-conf + subPath: filebeat.yml + {{- end }} + hostname: {{ include "common.name" . }} + volumes: + - configMap: + defaultMode: 420 + name: {{ include "common.fullname" . }}-application-config-configmap + name: app-config-input + - emptyDir: + medium: Memory + name: app-config + {{- if $logDir }} + - emptyDir: {} + name: component-log + - emptyDir: {} + name: filebeat-data + - configMap: + defaultMode: 420 + name: {{ include "common.fullname" . }}-filebeat-configmap + name: filebeat-conf + {{- end }} + {{- if $certDir }} + - emptyDir: {} + name: tls-info + {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ end -}} diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_filebeat-config.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_filebeat-config.tpl new file mode 100644 index 0000000000..a402517068 --- /dev/null +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_filebeat-config.tpl @@ -0,0 +1,86 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{/* +dcaegen2-services-common.filebeatConfiguration: +This template generates configuration data for filebeat (log file aggregation). + +The template is used to create a configMap mounted by a filebeat sidecar pod +running alongside a DCAE microservice pod. + +See dcaegen2-services-common.configMap for more information. +*/}} +{{- define "dcaegen2-services-common.filebeatConfiguration" -}} +filebeat.prospectors: +#it is mandatory, in our case it's log +- input_type: log + #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. + paths: + - /var/log/onap/*/*/*/*.log + - /var/log/onap/*/*/*.log + - /var/log/onap/*/*.log + #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive + ignore_older: 48h + # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit + clean_inactive: 96h + + +# Name of the registry file. If a relative path is used, it is considered relative to the +# data path. Else full qualified file name. +#filebeat.registry_file: ${path.data}/registry + + +output.logstash: + #List of logstash server ip addresses with port number. + #But, in our case, this will be the loadbalancer IP address. + #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. + hosts: ["{{.Values.filebeatConfig.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.filebeatConfig.logstashPort}}"] + #If enable will do load balancing among availabe Logstash, automatically. + loadbalance: true + + #The list of root certificates for server verifications. + #If certificate_authorities is empty or not set, the trusted + #certificate authorities of the host system are used. + #ssl.certificate_authorities: $ssl.certificate_authorities + + #The path to the certificate for SSL client authentication. If the certificate is not specified, + #client authentication is not available. + #ssl.certificate: $ssl.certificate + + #The client certificate key used for client authentication. + #ssl.key: $ssl.key + + #The passphrase used to decrypt an encrypted key stored in the configured key file + #ssl.key_passphrase: $ssl.key_passphrase + +logging: + level: debug + + # enable file rotation with default configuration + to_files: true + + # do not log to syslog + to_syslog: false + + files: + path: /usr/share/filebeat/logs + name: mybeat.log + keepfiles: 7 +{{- end -}}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_job.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_job.tpl new file mode 100644 index 0000000000..6d52b2a087 --- /dev/null +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_job.tpl @@ -0,0 +1,61 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{/* +dcaegen2-services-common.consulDeleteJob: +This template generates a Kubernetes Job that runs when a +DCAE microservice is deleted. The Job deletes the Consul +entry that contains the microservice's configuration. + +The template expects the full chart context as input. A chart for a +DCAE microservice references this template using: +{{ include "dcaegen2-services-common.consulDeleteJob" . }} +The template directly references data in .Values, and indirectly (through its +use of templates from the ONAP "common" collection) references data in +.Release. + +The microservice configuration data is loaded into Consul by an +initContainer that is part of the Kubernetes Deployment for the microservice. +See the documentation for dcaegen2-services-common.microserviceDeployment +for more information. +*/}} +{{- define "dcaegen2-services-common.consulDeleteJob" -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-delete-config + namespace: {{ include "common.namespace" . }} + labels: {{ include "common.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded,hook-failed +spec: + template: + metadata: + name: {{ include "common.fullname" . }}-delete-config + labels: {{ include "common.labels" . | nindent 8 }} + spec: + restartPolicy: Never + containers: + - name: dcae-config-delete + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + args: + - --delete-key + - {{ include "common.name" . }} +{{ end -}} diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/values.yaml b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/values.yaml new file mode 100644 index 0000000000..cd69da8346 --- /dev/null +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/values.yaml @@ -0,0 +1,18 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# dcaegen2-services-common templates get any values from the scope +# they are passed. There are no locally-defined values.
\ No newline at end of file |