diff options
16 files changed, 66 insertions, 22 deletions
diff --git a/kubernetes/aaf/components/Makefile b/kubernetes/aaf/components/Makefile index f4c9784bc4..4a15d0251b 100644 --- a/kubernetes/aaf/components/Makefile +++ b/kubernetes/aaf/components/Makefile @@ -19,7 +19,10 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := HELM_BIN := helm -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +PROCESSED_FIRST := aaf-templates +TO_FILTER := $(PROCESSED_FIRST) $(EXCLUDES) + +HELM_CHARTS := $(PROCESSED_FIRST) $(filter-out $(TO_FILTER), $(sort $(patsubst %/.,%,$(wildcard */.)))) .PHONY: $(EXCLUDES) $(HELM_CHARTS) diff --git a/kubernetes/aaf/components/aaf-sms/templates/job.yaml b/kubernetes/aaf/components/aaf-sms/templates/job.yaml index 8dbe276d97..2370cf60de 100644 --- a/kubernetes/aaf/components/aaf-sms/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/job.yaml @@ -201,6 +201,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + {{ include "common.waitForJobContainer" . | indent 6 | trim }} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: diff --git a/kubernetes/aaf/components/aaf-sms/values.yaml b/kubernetes/aaf/components/aaf-sms/values.yaml index da268ccf06..114ad23672 100644 --- a/kubernetes/aaf/components/aaf-sms/values.yaml +++ b/kubernetes/aaf/components/aaf-sms/values.yaml @@ -276,3 +276,8 @@ resources: cpu: 25m memory: 100Mi unlimited: {} + +wait_for_job_container: + containers: + - '{{ include "common.name" . }}-preload' + diff --git a/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl index 50da519a89..c0614b255e 100644 --- a/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl +++ b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl @@ -23,6 +23,10 @@ spec: replicas: {{ .Values.replicaCount }} template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} + {{- if (include "common.onServiceMesh" .) }} + annotations: + sidecar.istio.io/inject: "false" + {{- end }} spec: {{ include "aaf.initContainers" . | nindent 6 }} containers: - name: {{ include "common.name" . }} diff --git a/kubernetes/common/common/templates/_serviceMonitor.tpl b/kubernetes/common/common/templates/_serviceMonitor.tpl index 81d7a74578..907d9c6a9c 100644 --- a/kubernetes/common/common/templates/_serviceMonitor.tpl +++ b/kubernetes/common/common/templates/_serviceMonitor.tpl @@ -135,7 +135,7 @@ spec: {{- else if $dot.Values.metrics.serviceMonitor.targetPort }} targetPort: {{ $dot.Values.metrics.serviceMonitor.targetPort }} {{- else }} - port: metrics + port: tcp-metrics {{- end }} {{- if $dot.Values.metrics.serviceMonitor.isHttps }} scheme: https diff --git a/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml b/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml index e71351e9cb..841aab3e17 100644 --- a/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml +++ b/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml @@ -27,8 +27,8 @@ metadata: spec: type: {{ .Values.metrics.service.type }} ports: - - name: metrics + - name: tcp-metrics port: {{ .Values.metrics.service.port }} - targetPort: metrics + targetPort: tcp-metrics selector: {{- include "common.matchLabels" . | nindent 4 }} {{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/service.yaml b/kubernetes/common/mariadb-galera/templates/service.yaml index 75aff985e5..880bc55612 100644 --- a/kubernetes/common/mariadb-galera/templates/service.yaml +++ b/kubernetes/common/mariadb-galera/templates/service.yaml @@ -18,3 +18,20 @@ {{ include "common.service" . }} --- {{ include "common.headlessService" . }} +{{- if (include "common.onServiceMesh" .) }} +{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }} +--- +apiVersion: security.istio.io/v1beta1 +kind: PeerAuthentication +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} +spec: + selector: + matchLabels: + app: {{ include "common.servicename" . }} + portLevelMtls: + {{ .Values.service.internalPort }}: + mode: DISABLE +{{- end}} +{{- end}} diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml index 22832c936d..c95b572465 100644 --- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml +++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml @@ -197,12 +197,12 @@ spec: - | DATA_SOURCE_NAME="$MARIADB_ROOT_USER:$MARIADB_ROOT_PASSWORD@(localhost:3306)/" /bin/mysqld_exporter $MARIADB_METRICS_EXTRA_FLAGS ports: - - name: metrics + - name: tcp-metrics containerPort: 9104 livenessProbe: httpGet: path: /metrics - port: metrics + port: tcp-metrics initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} @@ -211,7 +211,7 @@ spec: readinessProbe: httpGet: path: /metrics - port: metrics + port: tcp-metrics initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index 38f3e6e423..d719fb30bd 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -89,14 +89,14 @@ service: headless: {} internalPort: &dbPort 3306 ports: - - name: mysql + - name: tcp-mysql port: *dbPort headlessPorts: - - name: galera + - name: tcp-galera port: 4567 - - name: ist + - name: tcp-ist port: 4568 - - name: sst + - name: tcp-sst port: 4444 @@ -380,8 +380,12 @@ updateStrategy: ## Additional pod annotations for MariaDB Galera pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## -> here required to enable mariadb-galera in istio ## -podAnnotations: {} +podAnnotations: + # sidecar.istio.io/inject: "false" + traffic.sidecar.istio.io/excludeInboundPorts: "4568" + traffic.sidecar.istio.io/includeInboundPorts: '*' ## Pod affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity @@ -504,14 +508,14 @@ livenessProbe: enabled: true initialDelaySeconds: 1 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 180 successThreshold: 1 failureThreshold: 3 readinessProbe: enabled: true initialDelaySeconds: 1 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 180 successThreshold: 1 failureThreshold: 3 startupProbe: @@ -520,7 +524,7 @@ startupProbe: enabled: true initialDelaySeconds: 10 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 180 successThreshold: 1 # will wait up for initialDelaySeconds + failureThreshold*periodSeconds before # stating startup wasn't good (910s per default) @@ -644,7 +648,7 @@ metrics: release: prometheus ## Rules as a map. - rules: {} + rules: [] # - alert: MariaDB-Down # annotations: # message: 'MariaDB instance {{ $labels.instance }} is down' diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml index 96d1dc54a4..e911d46d12 100644 --- a/kubernetes/common/mariadb-init/templates/job.yaml +++ b/kubernetes/common/mariadb-init/templates/job.yaml @@ -59,6 +59,8 @@ spec: - /bin/sh - -c - | + {{- if include "common.onServiceMesh" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} /db_init/db_init.sh {{ if or .Values.dbScriptConfigMap .Values.dbScript }} && /db_config/db_cmd.sh{{ end }} env: @@ -91,6 +93,7 @@ spec: {{- end }} resources: {{ include "common.resources" . | indent 12 }} + {{ include "common.waitForJobContainer" . | indent 6 | trim }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml index b2c0a05e46..9104dd84d6 100644 --- a/kubernetes/common/mariadb-init/values.yaml +++ b/kubernetes/common/mariadb-init/values.yaml @@ -117,3 +117,7 @@ resources: cpu: 20m memory: 20Mi unlimited: {} + +wait_for_job_container: + containers: + - '{{ include "common.name" . }}' diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml index 5781dabb85..29e50d6523 100644 --- a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml +++ b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml @@ -28,7 +28,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/holmes/engine-management:10.0.3 +image: onap/holmes/engine-management:10.0.4 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 ################################################################# diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml index fbe873b184..85ed5a8dde 100644 --- a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml +++ b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml @@ -28,7 +28,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/holmes/rule-management:10.0.3 +image: onap/holmes/rule-management:10.0.4 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 ################################################################# diff --git a/kubernetes/onap/resources/overrides/environment.yaml b/kubernetes/onap/resources/overrides/environment.yaml index 50703fbf4a..c9ae94a136 100644 --- a/kubernetes/onap/resources/overrides/environment.yaml +++ b/kubernetes/onap/resources/overrides/environment.yaml @@ -136,7 +136,7 @@ dmaap: initialDelaySeconds: 120 mariadb-galera: liveness: - initialDelaySeconds: 180 + initialDelaySeconds: 30 periodSeconds: 60 mariadb-galera-server: liveness: diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh index 099103ca79..d92a1049e3 100755 --- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh {{/* # Copyright © 2018 Amdocs @@ -33,8 +33,8 @@ failover(){ debugLog "Currently running sdnc and dns failover" return fi - trap "rm -f ${lockFile}" INT TERM RETURN - echo $BASHPID > ${lockFile} + trap "rm -f ${lockFile}" INT TERM EXIT + echo $$ > ${lockFile} # perform takeover debugLog "Started executing sdnc.failover for $SITE_NAME" diff --git a/kubernetes/strimzi/templates/strimzi-kafka.yaml b/kubernetes/strimzi/templates/strimzi-kafka.yaml index 5f1e7303d9..06802da968 100644 --- a/kubernetes/strimzi/templates/strimzi-kafka.yaml +++ b/kubernetes/strimzi/templates/strimzi-kafka.yaml @@ -89,6 +89,9 @@ spec: replicas: {{ .Values.replicaCount }} config: ssl.hostnameVerification: false + {{- if (include "common.onServiceMesh" .) }} + sslQuorum: false + {{- end }} storage: type: persistent-claim size: {{ .Values.persistenceZk.size }} |