summaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-06-02 08:07:51 +0000
committerGerrit Code Review <gerrit@onap.org>2021-06-02 08:07:51 +0000
commit22dabf14ef253de251ababe12d26a70c47d531f3 (patch)
treedad557f58c987e56f821dbc82c48f3cf84743887 /kubernetes
parent84b962398213641e656e8d1750b83f480f531563 (diff)
parent20552e7bebb63393f850886a1a8844c9c0bbe8cc (diff)
Merge changes I44c8b60c,I0cb6d383
* changes: [OOF] Update HAS charts to use etcd [COMMON][ETCD-INIT] Add etcd-init chart
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/common/etcd-init/.helmignore21
-rw-r--r--kubernetes/common/etcd-init/Chart.yaml18
-rw-r--r--kubernetes/common/etcd-init/requirements.yaml21
-rw-r--r--kubernetes/common/etcd-init/templates/job.yaml104
-rw-r--r--kubernetes/common/etcd-init/templates/secret.yaml17
-rw-r--r--kubernetes/common/etcd-init/values.yaml74
-rw-r--r--kubernetes/common/etcd/templates/statefulset.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml19
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-api/values.yaml14
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml21
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml14
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml36
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-data/values.yaml14
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml36
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml14
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml36
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml14
-rwxr-xr-xkubernetes/oof/components/oof-has/requirements.yaml9
-rwxr-xr-xkubernetes/oof/components/oof-has/resources/config/conductor.conf24
-rwxr-xr-xkubernetes/oof/components/oof-has/resources/config/healthcheck.json18
-rwxr-xr-xkubernetes/oof/components/oof-has/resources/config/onboard.json6
-rwxr-xr-xkubernetes/oof/components/oof-has/templates/job-healthcheck.yaml100
-rwxr-xr-xkubernetes/oof/components/oof-has/templates/job-onboard.yaml105
-rwxr-xr-xkubernetes/oof/components/oof-has/values.yaml86
-rw-r--r--kubernetes/oof/components/oof-templates/templates/_secret.tpl6
25 files changed, 447 insertions, 382 deletions
diff --git a/kubernetes/common/etcd-init/.helmignore b/kubernetes/common/etcd-init/.helmignore
new file mode 100644
index 0000000000..f0c1319444
--- /dev/null
+++ b/kubernetes/common/etcd-init/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/common/etcd-init/Chart.yaml b/kubernetes/common/etcd-init/Chart.yaml
new file mode 100644
index 0000000000..20f5ac40cc
--- /dev/null
+++ b/kubernetes/common/etcd-init/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright (C) 2021 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Chart for etcd init job
+name: etcd-init
+version: 8.0.0
diff --git a/kubernetes/common/etcd-init/requirements.yaml b/kubernetes/common/etcd-init/requirements.yaml
new file mode 100644
index 0000000000..008789b822
--- /dev/null
+++ b/kubernetes/common/etcd-init/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright (C) 2021 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: 'file://../common'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: 'file://../repositoryGenerator'
diff --git a/kubernetes/common/etcd-init/templates/job.yaml b/kubernetes/common/etcd-init/templates/job.yaml
new file mode 100644
index 0000000000..69bcfaaf99
--- /dev/null
+++ b/kubernetes/common/etcd-init/templates/job.yaml
@@ -0,0 +1,104 @@
+{{/*
+# Copyright (C) 2021 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-job
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ backoffLimit: {{ .Values.backoffLimit }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - {{ .Values.etcd.containerName }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - -ec
+ - |
+ # Create users
+ export ETCDCTL_ENDPOINTS=http://${ETCD_HOST}:${ETCD_PORT}
+ export ETCDCTL_API=3
+ echo "${ROOT_PASSWORD}" | etcdctl user add root --interactive=false
+ echo "${APP_PASSWORD}" | etcdctl user add ${APP_USER} --interactive=false
+
+ # Create roles
+ etcdctl role add ${APP_ROLE}
+ etcdctl role grant-permission ${APP_ROLE} --prefix=true readwrite ${KEY_PREFIX}
+
+ etcdctl user grant-role ${APP_USER} ${APP_ROLE}
+ etcdctl auth enable
+ env:
+ - name: ALLOW_NONE_AUTHENTICATION
+ value: "yes"
+ - name: ETCD_HOST
+ value: "{{ .Values.etcd.serviceName }}.{{ include "common.namespace" . }}"
+ - name: ETCD_PORT
+ value: "{{ .Values.etcd.port }}"
+ - name: ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" "password" ) | indent 10 }}
+ - name: APP_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-creds" "key" "login") | indent 10 }}
+ - name: APP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-creds" "key" "password") | indent 10 }}
+ - name: APP_ROLE
+ value: "{{ .Values.config.appRole }}"
+ - name: KEY_PREFIX
+ value: "{{ .Values.config.keyPrefix }}"
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ restartPolicy: Never
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/common/etcd-init/templates/secret.yaml b/kubernetes/common/etcd-init/templates/secret.yaml
new file mode 100644
index 0000000000..e874185693
--- /dev/null
+++ b/kubernetes/common/etcd-init/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright (C) 2021 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/common/etcd-init/values.yaml b/kubernetes/common/etcd-init/values.yaml
new file mode 100644
index 0000000000..c99c9f1e5b
--- /dev/null
+++ b/kubernetes/common/etcd-init/values.yaml
@@ -0,0 +1,74 @@
+# Copyright (C) 2021 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global: {}
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: root-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.userRootSecret) . }}'
+ password: '{{ .Values.config.userRootPassword }}'
+ - uid: app-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.appUser }}'
+ password: '{{ .Values.config.appPassword }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+image: bitnami/etcd:3.3.15
+pullPolicy: Always
+backoffLimit: 20
+
+nodeSelector: {}
+
+affinity: {}
+
+etcd:
+ serviceName: k8s-etcd
+ port : 2379
+ containerName: k8s-etcd
+
+config:
+ userRootSecret: root
+# userCredentialsExternalSecret:
+ appUser: user
+ appRole: role
+ keyPrefix: key
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 100m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
+ large:
+ limits:
+ cpu: 200m
+ memory: 500Mi
+ requests:
+ cpu: 20m
+ memory: 20Mi
+ unlimited: {}
diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml
index a343d4fce5..48c8b6d0cc 100644
--- a/kubernetes/common/etcd/templates/statefulset.yaml
+++ b/kubernetes/common/etcd/templates/statefulset.yaml
@@ -49,7 +49,7 @@ spec:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
containers:
- - name: {{ include "common.fullname" . }}
+ - name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.googleK8sRepository" . }}/{{ .Values.image }}
imagePullPolicy: "{{ .Values.pullPolicy }}"
ports:
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
index 491250c72a..ba4a657c1a 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
@@ -55,21 +55,6 @@ spec:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- - name: {{ include "common.name" . }}-onboard-readiness
- command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-onboard"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- name: {{ include "common.name" . }}-has-sms-readiness
command:
- sh
@@ -94,7 +79,7 @@ spec:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/bin/bash","-c"]
+ command: ["/bin/sh","-c"]
args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"]
ports:
- containerPort: {{ .Values.uwsgi.internalPort }}
@@ -112,7 +97,7 @@ spec:
port: {{ .Values.uwsgi.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
+ env: {{ include "oof.etcd.env" . | nindent 10 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
index d6743cdfda..63461d9c83 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
@@ -16,7 +16,7 @@
global: # global defaults
nodePortPrefix: 302
image:
- optf_has: onap/optf-has:2.1.5
+ optf_has: onap/optf-has:2.2.0
#################################################################
# secrets metaconfig
@@ -26,6 +26,18 @@ secrets:
externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
type: generic
filePaths: '{{ .Values.secretsFilePaths }}'
+ - uid: oof-has-etcd-secret
+ name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.etcd.appUser }}'
+ password: '{{ .Values.config.etcd.appPassword }}'
+ passwordPolicy: required
+
+config:
+ etcd:
+ appUser: user
+ appPassword: pass
service:
type: NodePort
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml
index 8e0ff1aeb5..895a305b53 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml
@@ -41,8 +41,8 @@ spec:
command:
- /app/ready.py
args:
- - --container-name
- - music-springboot
+ - --job-name
+ - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
- --container-name
- aaf-sms
env:
@@ -54,21 +54,6 @@ spec:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- - name: {{ include "common.name" . }}-onboard-readiness
- command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-onboard"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- name: {{ include "common.name" . }}-cont-sms-readiness
command:
- sh
@@ -114,7 +99,7 @@ spec:
- /usr/local/bin/healthy.sh
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
+ env: {{ include "oof.etcd.env" . | nindent 10 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
index 3cbf96adc1..9e799e1045 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
@@ -14,7 +14,7 @@
global:
image:
- optf_has: onap/optf-has:2.1.5
+ optf_has: onap/optf-has:2.2.0
#################################################################
# Secrets metaconfig
@@ -24,6 +24,18 @@ secrets:
externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
type: generic
filePaths: '{{ .Values.secretsFilePaths }}'
+ - uid: oof-has-etcd-secret
+ name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.etcd.appUser }}'
+ password: '{{ .Values.config.etcd.appPassword }}'
+ passwordPolicy: required
+
+config:
+ etcd:
+ appUser: user
+ appPassword: pass
ingress:
enabled: false
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml
index f4ccd57773..cc4eaf08b9 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml
@@ -41,38 +41,8 @@ spec:
command:
- /app/ready.py
args:
- - --container-name
- - music-springboot
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-onboard-readiness
- command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-onboard"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-health-readiness
- command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-healthcheck"
+ - --job-name
+ - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
env:
- name: NAMESPACE
valueFrom:
@@ -128,7 +98,7 @@ spec:
- /usr/local/bin/healthy.sh
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
+ env: {{ include "oof.etcd.env" . | nindent 10 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
index 0940a9db39..915ffc019f 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
@@ -14,7 +14,7 @@
global:
image:
- optf_has: onap/optf-has:2.1.5
+ optf_has: onap/optf-has:2.2.0
#################################################################
# secrets metaconfig
@@ -24,6 +24,18 @@ secrets:
externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
type: generic
filePaths: '{{ .Values.secretsFilePaths }}'
+ - uid: oof-has-etcd-secret
+ name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.etcd.appUser }}'
+ password: '{{ .Values.config.etcd.appPassword }}'
+ passwordPolicy: required
+
+config:
+ etcd:
+ appUser: user
+ appPassword: pass
ingress:
enabled: false
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml
index 4d04b6fe76..095162bea2 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml
@@ -41,38 +41,8 @@ spec:
command:
- /app/ready.py
args:
- - --container-name
- - music-springboot
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-onboard-readiness
- command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-onboard"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-health-readiness
- command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-healthcheck"
+ - --job-name
+ - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
env:
- name: NAMESPACE
valueFrom:
@@ -128,7 +98,7 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
{{ end -}}
- env:
+ env: {{ include "oof.etcd.env" . | nindent 10 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
index 0940a9db39..915ffc019f 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
@@ -14,7 +14,7 @@
global:
image:
- optf_has: onap/optf-has:2.1.5
+ optf_has: onap/optf-has:2.2.0
#################################################################
# secrets metaconfig
@@ -24,6 +24,18 @@ secrets:
externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
type: generic
filePaths: '{{ .Values.secretsFilePaths }}'
+ - uid: oof-has-etcd-secret
+ name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.etcd.appUser }}'
+ password: '{{ .Values.config.etcd.appPassword }}'
+ passwordPolicy: required
+
+config:
+ etcd:
+ appUser: user
+ appPassword: pass
ingress:
enabled: false
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml
index 6079dcfd6e..d664ca0875 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml
@@ -41,38 +41,8 @@ spec:
command:
- /app/ready.py
args:
- - --container-name
- - music-springboot
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-onboard-readiness
- command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-onboard"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-health-readiness
- command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-healthcheck"
+ - --job-name
+ - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
env:
- name: NAMESPACE
valueFrom:
@@ -128,7 +98,7 @@ spec:
- /usr/local/bin/healthy.sh
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
+ env: {{ include "oof.etcd.env" . | nindent 10 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
index 0940a9db39..915ffc019f 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
@@ -14,7 +14,7 @@
global:
image:
- optf_has: onap/optf-has:2.1.5
+ optf_has: onap/optf-has:2.2.0
#################################################################
# secrets metaconfig
@@ -24,6 +24,18 @@ secrets:
externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
type: generic
filePaths: '{{ .Values.secretsFilePaths }}'
+ - uid: oof-has-etcd-secret
+ name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.etcd.appUser }}'
+ password: '{{ .Values.config.etcd.appPassword }}'
+ passwordPolicy: required
+
+config:
+ etcd:
+ appUser: user
+ appPassword: pass
ingress:
enabled: false
diff --git a/kubernetes/oof/components/oof-has/requirements.yaml b/kubernetes/oof/components/oof-has/requirements.yaml
index 851211a1fb..7310aac8d0 100755
--- a/kubernetes/oof/components/oof-has/requirements.yaml
+++ b/kubernetes/oof/components/oof-has/requirements.yaml
@@ -20,6 +20,15 @@ dependencies:
- name: music
version: ~8.x-0
repository: '@local'
+ condition: music.enabled
+ - name: etcd
+ version: ~8.x-0
+ repository: '@local'
+ condition: etcd.enabled
+ - name: etcd-init
+ version: ~8.x-0
+ repository: '@local'
+ condition: etcd-init.enabled
- name: oof-has-api
version: ~8.x-0
repository: 'file://components/oof-has-api'
diff --git a/kubernetes/oof/components/oof-has/resources/config/conductor.conf b/kubernetes/oof/components/oof-has/resources/config/conductor.conf
index ded979c4fc..18b60bba4a 100755
--- a/kubernetes/oof/components/oof-has/resources/config/conductor.conf
+++ b/kubernetes/oof/components/oof-has/resources/config/conductor.conf
@@ -424,6 +424,30 @@ server_url = http://{{.Values.config.msb.serviceName}}.{{ include "common.namesp
#server_url_version = v0
+[db_options]
+
+# db_backend to use
+db_backend = {{.Values.config.dbBackend}}
+
+# Use music mock api
+music_mock = False
+
+
+[etcd_api]
+
+# host/ip address of etcd server
+host = {{.Values.config.etcd.serviceName}}.{{ include "common.namespace" . }}
+
+# port of etcd server
+port = {{.Values.config.etcd.port}}
+
+# username for etcd authentication
+username =
+
+# password for etcd authentication
+password =
+
+
[music_api]
#
diff --git a/kubernetes/oof/components/oof-has/resources/config/healthcheck.json b/kubernetes/oof/components/oof-has/resources/config/healthcheck.json
deleted file mode 100755
index 833fa0f5d9..0000000000
--- a/kubernetes/oof/components/oof-has/resources/config/healthcheck.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
- "consistencyInfo": {
- "type": "eventual"
- },
- "values": {
- "id": "healthcheck",
- "created": 1479482603641,
- "message": "",
- "name": "foo",
- "recommend_max": 1,
- "solution": "{\"healthcheck\": \" healthcheck\"}",
- "status": "solved",
- "template": "{\"healthcheck\": \"healthcheck\"}",
- "timeout": 3600,
- "translation": "{\"healthcheck\": \" healthcheck\"}",
- "updated": 1484324150629
- }
-}
diff --git a/kubernetes/oof/components/oof-has/resources/config/onboard.json b/kubernetes/oof/components/oof-has/resources/config/onboard.json
deleted file mode 100755
index 2c3d69be8d..0000000000
--- a/kubernetes/oof/components/oof-has/resources/config/onboard.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- "appname": "conductor",
- "userId": "conductor",
- "isAAF": "false",
- "password": "c0nduct0r"
-}
diff --git a/kubernetes/oof/components/oof-has/templates/job-healthcheck.yaml b/kubernetes/oof/components/oof-has/templates/job-healthcheck.yaml
deleted file mode 100755
index 49406ba423..0000000000
--- a/kubernetes/oof/components/oof-has/templates/job-healthcheck.yaml
+++ /dev/null
@@ -1,100 +0,0 @@
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-healthcheck
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --container-name
- - oof-has-api
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-healthcheck
- command:
- - "/bin/sh"
- - "-c"
- - |
- echo "INSERT HEALTHCHECK PLAN";
- sleep 15;
- resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -k -s -o /dev/null --write-out %{http_code} -X POST https://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/keyspaces/conductor/tables/plans/rows?id=healthcheck \
- -H "Content-Type: application/json" \
- -H "ns: conductor" \
- -H "Authorization: Basic Y29uZHVjdG9yOmMwbmR1Y3Qwcg==" \
- --data @healthcheck.json);
- echo $resp;
- sleep 2;
- done;
- workingDir: /has
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /has/healthcheck.json
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: healthcheck.json
- resources:
-{{ include "common.resources" . | indent 10 }}
- nodeSelector:
- {{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ .Values.global.commonConfigPrefix }}-config
- configMap:
- name: {{ .Values.global.commonConfigPrefix }}-configmap
- items:
- - key: healthcheck.json
- path: healthcheck.json
- restartPolicy: OnFailure
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/templates/job-onboard.yaml b/kubernetes/oof/components/oof-has/templates/job-onboard.yaml
deleted file mode 100755
index e63aeb369a..0000000000
--- a/kubernetes/oof/components/oof-has/templates/job-onboard.yaml
+++ /dev/null
@@ -1,105 +0,0 @@
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-onboard
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --container-name
- - "music-springboot"
- - --container-name
- - "music-cassandra"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-music-cassandra-config"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-music-db-readiness
- containers:
- - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard
- command:
- - "/bin/sh"
- - "-c"
- - |
- echo "job-onboard"
- workingDir: /has
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /has/onboard.json
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: onboard.json
- resources:
-{{ include "common.resources" . | indent 10 }}
- nodeSelector:
- {{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ .Values.global.commonConfigPrefix }}-config
- configMap:
- name: {{ .Values.global.commonConfigPrefix }}-configmap
- items:
- - key: onboard.json
- path: onboard.json
- restartPolicy: OnFailure
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml
index 3615a3bd33..9a8b60574e 100755
--- a/kubernetes/oof/components/oof-has/values.yaml
+++ b/kubernetes/oof/components/oof-has/values.yaml
@@ -19,7 +19,7 @@
global:
commonConfigPrefix: onap-oof-has
image:
- optf_has: onap/optf-has:2.1.5
+ optf_has: onap/optf-has:2.2.0
persistence:
enabled: true
@@ -32,11 +32,24 @@ secrets:
externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
type: generic
filePaths: '{{ .Values.secretsFilePaths }}'
+ - uid: oof-has-etcd-root-password
+ name: &root-password '{{ include "common.release" . }}-has-etcd-root-password'
+ type: password
+ password: '{{ .Values.config.etcd.rootPassword }}'
+ policy: generate
+ - uid: oof-has-etcd-secret
+ name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.etcd.appUser }}'
+ password: '{{ .Values.config.etcd.appPassword }}'
+ passwordPolicy: generate
pullPolicy: Always
nodePortPrefix: 302
dataRootDir: /dockerdata-nfs
config:
+ dbBackend: etcd
aaf:
serviceName: aaf-service
port: 8100
@@ -58,6 +71,13 @@ config:
cps:
service: cps-tbdmt
port: 8080
+ etcd:
+ serviceName: &etcd-service oof-has-etcd
+ port: 2379
+ appUser: conductor
+# rootPassword:
+# appPassword:
+# userCredentialsExternalSecret:
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
@@ -79,19 +99,59 @@ resources:
unlimited: {}
#component overrides
-oof-has-api:
+oof-has-api: &has-config
enabled: true
certSecret: *oof-certs
-oof-has-controller:
- enabled: true
- certSecret: *oof-certs
-oof-has-data:
- enabled: true
- certSecret: *oof-certs
-oof-has-reservation:
- enabled: true
- certSecret: *oof-certs
-oof-has-solver:
+ config:
+ etcd:
+ userCredentialsExternalSecret: *user-creds
+ configJobNameOverride: &job-name oof-has-etcd-config
+oof-has-controller: *has-config
+oof-has-data: *has-config
+oof-has-reservation: *has-config
+oof-has-solver: *has-config
+music:
+ enabled: false
+
+#etcd subchart configurations
+etcd:
enabled: true
- certSecret: *oof-certs
+ replicaCount: 3
+ nameOverride: &etcd-container oof-has-etcd
+ service:
+ name: *etcd-service
+ persistence:
+ mountSubPath: oof/etcd/data
+ enabled: true
+ flavor: &etcd-flavor large
+ resources: &etcd-resources
+ small:
+ limits:
+ cpu: 100m
+ memory: 300Mi
+ requests:
+ cpu: 10m
+ memory: 75Mi
+ large:
+ limits:
+ cpu: 200m
+ memory: 1Gi
+ requests:
+ cpu: 50m
+ memory: 300Mi
+ unlimited: {}
+etcd-init:
+ enabled: true
+ nameOverride: *job-name
+ etcd:
+ serviceName: *etcd-service
+ port : 2379
+ containerName: *etcd-container
+ config:
+ userRootSecret: *root-password
+ userCredentialsExternalSecret: *user-creds
+ appRole: conductor
+ keyPrefix: conductor
+ flavor: *etcd-flavor
+ resources: *etcd-resources
diff --git a/kubernetes/oof/components/oof-templates/templates/_secret.tpl b/kubernetes/oof/components/oof-templates/templates/_secret.tpl
new file mode 100644
index 0000000000..0b04f7120b
--- /dev/null
+++ b/kubernetes/oof/components/oof-templates/templates/_secret.tpl
@@ -0,0 +1,6 @@
+{{- define "oof.etcd.env" -}}
+- name: OS_ETCD_API__USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-has-etcd-secret" "key" "login") | indent 2 }}
+- name: OS_ETCD_API__PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-has-etcd-secret" "key" "password") | indent 2 }}
+{{- end -}} \ No newline at end of file