summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kubernetes/.gitignore2
-rwxr-xr-xkubernetes/policy/Chart.yaml7
-rw-r--r--kubernetes/policy/resources/config/db-pg.sh29
-rw-r--r--kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh21
-rwxr-xr-xkubernetes/policy/templates/configmap.yaml2
-rwxr-xr-xkubernetes/policy/templates/job.yaml71
-rwxr-xr-xkubernetes/policy/values.yaml46
7 files changed, 174 insertions, 4 deletions
diff --git a/kubernetes/.gitignore b/kubernetes/.gitignore
index bc3a4f1ee0..f2b64de479 100644
--- a/kubernetes/.gitignore
+++ b/kubernetes/.gitignore
@@ -1 +1,3 @@
chartstorage/
+**/charts/*.tgz
+helm/plugins/deploy/cache/
diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml
index 677271c241..d3b3c7b245 100755
--- a/kubernetes/policy/Chart.yaml
+++ b/kubernetes/policy/Chart.yaml
@@ -85,3 +85,10 @@ dependencies:
- name: serviceAccount
version: ~10.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~10.x-0
+ repository: '@local'
+ - name: postgres
+ version: ~10.x-0
+ repository: '@local'
+ condition: global.postgres.localCluster
diff --git a/kubernetes/policy/resources/config/db-pg.sh b/kubernetes/policy/resources/config/db-pg.sh
new file mode 100644
index 0000000000..f26a80fad7
--- /dev/null
+++ b/kubernetes/policy/resources/config/db-pg.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+#
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021-2022 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+
+#psql() { /usr/bin/psql -h ${PG_HOST} -p ${PG_PORT} "$@"; };
+
+export PGPASSWORD=${PG_ADMIN_PASSWORD};
+
+psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE USER ${PG_USER} WITH PASSWORD '${PG_USER_PASSWORD}'"
+
+for db in migration pooling policyadmin policyclamp operationshistory clampacm
+do
+ psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE DATABASE ${db};"
+ psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "GRANT ALL PRIVILEGES ON DATABASE ${db} TO ${PG_USER};"
+done
diff --git a/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh b/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh
new file mode 100644
index 0000000000..53921ab751
--- /dev/null
+++ b/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+{{/*
+# Copyright (C) 2022 Nordix Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB}
+/opt/app/policy/bin/db-migrator-pg -s ${SQL_DB} -o upgrade
+rc=$?
+/opt/app/policy/bin/db-migrator-pg -s ${SQL_DB} -o report
+exit $rc
diff --git a/kubernetes/policy/templates/configmap.yaml b/kubernetes/policy/templates/configmap.yaml
index 17558f86ea..c8b01ccb81 100755
--- a/kubernetes/policy/templates/configmap.yaml
+++ b/kubernetes/policy/templates/configmap.yaml
@@ -1,7 +1,7 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2021-2022 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml
index d59b5fe770..9fea669c37 100755
--- a/kubernetes/policy/templates/job.yaml
+++ b/kubernetes/policy/templates/job.yaml
@@ -1,7 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada
# Modifications Copyright © 2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2022 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -33,9 +33,9 @@ spec:
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers:
+ initContainers: {{ if .Values.global.postgres.localCluster }}{{ include "common.readinessCheck.waitFor" . | nindent 6 }}{{ end }}
#This container checks that all galera instances are up before initializing it.
- - name: {{ include "common.name" . }}-readiness
+ - name: {{ include "common.name" . }}-mariadb-readiness
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
@@ -71,6 +71,33 @@ spec:
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
resources:
{{ include "common.resources" . }}
+ {{ if .Values.global.postgres.localCluster }}
+ - name: {{ include "common.release" . }}-policy-pg-config
+ image: {{ .Values.repository }}/{{ .Values.postgresImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /docker-entrypoint-initdb.d/db-pg.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: db-pg.sh
+ command:
+ - /bin/sh
+ args:
+ - -x
+ - /docker-entrypoint-initdb.d/db-pg.sh
+ env:
+ - name: PG_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-root-pass" "key" "password") | indent 12 }}
+ - name: PG_HOST
+ value: "{{ .Values.postgres.service.name2 }}"
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+ - name: PG_USER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+ - name: PG_PORT
+ value: "{{ .Values.postgres.service.internalPort }}"
+ resources:
+{{ include "common.resources" . }}
+ {{ end }}
containers:
- name: {{ include "common.release" . }}-policy-galera-db-migrator
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
@@ -95,8 +122,41 @@ spec:
value: {{ .Values.dbmigrator.schema }}
- name: POLICY_HOME
value: {{ .Values.dbmigrator.policy_home }}
+ - name: SCRIPT_DIRECTORY
+ value: "sql"
resources:
{{ include "common.resources" . }}
+ {{ if .Values.global.postgres.localCluster }}
+ - name: {{ include "common.release" . }}-policy-pg-db-migrator
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: db_migrator_pg_policy_init.sh
+ command:
+ - /bin/sh
+ args:
+ - -x
+ - /dbcmd-config/db_migrator_pg_policy_init.sh
+ env:
+ - name: SQL_HOST
+ value: "{{ .Values.postgres.service.name2 }}"
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ - name: SQL_DB
+ value: {{ .Values.dbmigrator.schema }}
+ - name: POLICY_HOME
+ value: {{ .Values.dbmigrator.policy_home }}
+ - name: SCRIPT_DIRECTORY
+ value: "postgres"
+ - name: PGPASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ resources:
+{{ include "common.resources" . }}
+ {{ end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
@@ -108,3 +168,8 @@ spec:
path: db.sh
- key: db_migrator_policy_init.sh
path: db_migrator_policy_init.sh
+ - key: db-pg.sh
+ path: db-pg.sh
+ - key: db_migrator_pg_policy_init.sh
+ path: db_migrator_pg_policy_init.sh
+
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 6ef71c1e2b..a315bc251c 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -28,6 +28,14 @@ global:
name: &policy-mariadb policy-mariadb
internalPort: 3306
prometheusEnabled: false
+ postgres:
+ localCluster: false
+ service:
+ name: pgset
+ name2: tcp-pgset-primary
+ name3: tcp-pgset-replica
+ container:
+ name: postgres
#################################################################
# Secrets metaconfig
@@ -67,6 +75,19 @@ secrets:
login: '{{ .Values.restServer.policyApiUserName }}'
password: '{{ .Values.restServer.policyApiUserPassword }}'
passwordPolicy: required
+ - uid: pg-root-pass
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-policy-pg-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "policy-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ password: '{{ .Values.postgres.config.pgRootpassword }}'
+ policy: generate
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-policy-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "policy-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
db: &dbSecretsHook
credsExternalSecret: *dbSecretName
@@ -181,6 +202,31 @@ mariadb-galera:
serviceAccount:
nameOverride: *policy-mariadb
+postgresImage: library/postgres:latest
+# application configuration override for postgres
+postgres:
+ nameOverride: &postgresName policy-postgres
+ service:
+ name: *postgresName
+ name2: policy-pg-primary
+ name3: policy-pg-replica
+ container:
+ name:
+ primary: policy-pg-primary
+ replica: policy-pg-replica
+ persistence:
+ mountSubPath: policy/postgres/data
+ mountInitPath: policy
+ config:
+ pgUserName: policy_user
+ pgDatabase: policyadmin
+ pgUserExternalSecret: *pgUserCredsSecretName
+ pgRootPasswordExternalSecret: *pgRootPassSecretName
+
+readinessCheck:
+ wait_for:
+ - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
+
restServer:
policyPapUserName: policyadmin
policyPapUserPassword: zb!XztG34