diff options
author | Konrad Bańka <k.banka@samsung.com> | 2020-10-28 16:49:19 +0100 |
---|---|---|
committer | Konrad Ba?ka <k.banka@samsung.com> | 2020-11-23 00:32:15 +0000 |
commit | 32d44e977649f3a4085a565adfbede964a029657 (patch) | |
tree | d635d9c0d989305be8a29c62e576bd5eac85a8e3 /kubernetes | |
parent | 8c3f7856d4e6e9df0a35f090bfcbef8586937cf5 (diff) |
[CCSDK] Make a1policymanagement react on ConfigMap updates
Updated Deployment spec to template ConfigMap files in runtime allowing
live reaction of application to config changes.
Provided Configmaps with scripts to handle monitoring configmap-provided
files.
Updated envsubst to explicitly point to downloaded version.
Issue-ID: CCSDK-2958
Signed-off-by: Konrad Bańka <k.banka@samsung.com>
Change-Id: I22e18f2838c0956f899cb9fa96d9fd862e6c6942
(cherry picked from commit 52c38b98b8410de74e545f5cd7f79c2d959bc81a)
Diffstat (limited to 'kubernetes')
5 files changed, 114 insertions, 3 deletions
diff --git a/kubernetes/a1policymanagement/resources/envsubst/daemon.sh b/kubernetes/a1policymanagement/resources/envsubst/daemon.sh new file mode 100644 index 0000000000..6d239f1ec8 --- /dev/null +++ b/kubernetes/a1policymanagement/resources/envsubst/daemon.sh @@ -0,0 +1,30 @@ +#!/bin/sh +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +terminate() { + echo "$(date) | INFO | Terminating child processes" + pids="$(jobs -p)" + if [ "$pids" != "" ]; then + kill -TERM $pids >/dev/null 2>/dev/null + fi + wait +} + +trap terminate TERM +echo "$(date) | INFO | Started monitoring /config-input/ directory" +inotifyd /tmp/scripts/update_files /config-input/ & +wait diff --git a/kubernetes/a1policymanagement/resources/envsubst/update_files b/kubernetes/a1policymanagement/resources/envsubst/update_files new file mode 100644 index 0000000000..754bb55432 --- /dev/null +++ b/kubernetes/a1policymanagement/resources/envsubst/update_files @@ -0,0 +1,27 @@ +#!/bin/sh +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +if [ "$1" == "y" ] && [ "$3" == "..data" ]; then + echo "$(date) | INFO | Configmap has been reloaded" + cd /config-input + for file in $(ls -1); do + if [ "$file" -nt "/config/$file" ]; then + echo "$(date) | INFO | Templating /config/$file" + envsubst <$file >/config/$file + fi + done +fi diff --git a/kubernetes/a1policymanagement/templates/deployment.yaml b/kubernetes/a1policymanagement/templates/deployment.yaml index 6987bd41c5..1a2866b981 100644 --- a/kubernetes/a1policymanagement/templates/deployment.yaml +++ b/kubernetes/a1policymanagement/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* ################################################################################ # Copyright (c) 2020 Nordix Foundation. # +# Copyright © 2020 Samsung Electronics, Modifications # # # # Licensed under the Apache License, Version 2.0 (the "License"); # # you may not use this file except in compliance with the License. # @@ -27,14 +28,14 @@ spec: labels: {{- include "common.labels" . | nindent 8 }} spec: initContainers: - - name: {{ include "common.name" . }}-update-config + - name: {{ include "common.name" . }}-bootstrap-config image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - sh args: - -c - - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; chmod o+w /config/${PFILE}; done" env: - name: A1CONTROLLER_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }} @@ -46,6 +47,29 @@ spec: - mountPath: /config name: config containers: + - name: {{ include "common.name" . }}-update-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + runAsGroup: {{ .Values.groupID }} + runAsUser: {{ .Values.userID }} + runAsNonRoot: true + command: + - sh + args: + - /tmp/scripts/daemon.sh + env: + - name: A1CONTROLLER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }} + - name: A1CONTROLLER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /tmp/scripts + name: {{ include "common.fullname" . }}-envsubst-scripts + - mountPath: /config-input + name: {{ include "common.fullname" . }}-policy-conf-input + - mountPath: /config + name: config - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -70,6 +94,10 @@ spec: - name: {{ include "common.fullname" . }}-policy-conf-input configMap: name: {{ include "common.fullname" . }}-policy-conf + defaultMode: 0555 + - name: {{ include "common.fullname" . }}-envsubst-scripts + configMap: + name: {{ include "common.fullname" . }}-envsubst-scripts - name: config emptyDir: medium: Memory diff --git a/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml b/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml new file mode 100644 index 0000000000..99449638f4 --- /dev/null +++ b/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml @@ -0,0 +1,23 @@ +{{/* +################################################################################ +# Copyright © 2020 Samsung Electronics # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} + name: {{ include "common.fullname" . }}-envsubst-scripts +data: +{{ tpl (.Files.Glob "resources/envsubst/*").AsConfig . | indent 2 }} diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml index 21a86a0fe1..2f45e41648 100644 --- a/kubernetes/a1policymanagement/values.yaml +++ b/kubernetes/a1policymanagement/values.yaml @@ -1,5 +1,6 @@ ################################################################################ # Copyright (c) 2020 Nordix Foundation. # +# Copyright © 2020 Samsung Electronics, Modifications # # # # Licensed under the Apache License, Version 2.0 (the "License"); # # you may not use this file except in compliance with the License. # @@ -19,7 +20,7 @@ global: nodePortPrefix: 300 - envsubstImage: dibi/envsubst + envsubstImage: dibi/envsubst:1 secrets: - uid: controller-secret @@ -31,6 +32,8 @@ secrets: repository: nexus3.onap.org:10001 image: onap/ccsdk-oran-a1policymanagementservice:1.0.1 +userID: 1000 #Should match with image-defined user ID +groupID: 999 #Should match with image-defined group ID pullPolicy: IfNotPresent replicaCount: 1 |