diff options
50 files changed, 2054 insertions, 33 deletions
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml index 8272597f0b..201d456fec 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml @@ -31,9 +31,6 @@ metadata: {{ toYaml .Values.persistence.annotations | indent 4 }} {{- end }} spec: - selector: - matchLabels: - name: {{ include "common.fullname" . }} accessModes: - {{ .Values.persistence.accessMode }} resources: diff --git a/kubernetes/aai b/kubernetes/aai -Subproject d801a6ee395220b11bfac773c3111489282e735 +Subproject f636b1cc2bf7d391dc76956e906a6f497ef1b09 diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties index 2a67aa58d4..b102b7c365 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties +++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties @@ -94,6 +94,9 @@ blueprintsprocessor.restclient.aai-data.type=basic-auth blueprintsprocessor.restclient.aai-data.url=https://aai:8443 blueprintsprocessor.restclient.aai-data.username=aai@aai.onap.org blueprintsprocessor.restclient.aai-data.password=demo123456! +blueprintsprocessor.restclient.aai-data.additionalHeaders.X-TransactionId=cds-transaction-id +blueprintsprocessor.restclient.aai-data.additionalHeaders.X-FromAppId=cds-app-id +blueprintsprocessor.restclient.aai-data.additionalHeaders.Accept=application/json # Self Service Request Kafka Message Consumer blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable=false diff --git a/kubernetes/common/mariadb-init/resources/config/db_init.sh b/kubernetes/common/mariadb-init/resources/config/db_init.sh index 304835bdd5..b2fdb14b12 100755 --- a/kubernetes/common/mariadb-init/resources/config/db_init.sh +++ b/kubernetes/common/mariadb-init/resources/config/db_init.sh @@ -1,5 +1,6 @@ -#!/bin/sh +#!/bin/bash # Copyright © 2019 Orange +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,20 +14,23 @@ # See the License for the specific language governing permissions and # limitations under the License. -echo "Creating database {{ .Values.config.mysqlDatabase }} and user {{ .Values.config.userName }}..." +while read DB ; do + USER_VAR="MYSQL_USER_${DB^^}" + PASS_VAR="MYSQL_PASSWORD_${DB^^}" + USER=${!USER_VAR} + PASS=${!PASS_VAR} + MYSQL_OPTS=( -h ${DB_HOST} -P ${DB_PORT} -uroot -p${MYSQL_ROOT_PASSWORD} ) -mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE OR REPLACE USER '{{ .Values.config.userName }}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'" -mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE DATABASE IF NOT EXISTS {{ .Values.config.mysqlDatabase }}" -mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "GRANT ALL PRIVILEGES ON {{ .Values.config.mysqlDatabase }}.* TO '{{ .Values.config.userName }}'@'%'" + echo "Creating database ${DB} and user ${USER}..." -echo "Created database {{ .Values.config.mysqlDatabase }} and user {{ .Values.config.userName }}." + mysql "${MYSQL_OPTS[@]}" -e "CREATE OR REPLACE USER '${USER}'@'%' IDENTIFIED BY '${PASS}'" + mysql "${MYSQL_OPTS[@]}" -e "CREATE DATABASE IF NOT EXISTS ${DB}" + mysql "${MYSQL_OPTS[@]}" -e "GRANT ALL PRIVILEGES ON ${DB}.* TO '${USER}'@'%'" -{{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases -}} -echo "Creating database {{ $db }} and user {{ $dbInfos.user }}..." - -mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE OR REPLACE USER '{{ $dbInfos.user }}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD_{{ $db | upper }}}'" -mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE DATABASE IF NOT EXISTS {{ $db }}" -mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "GRANT ALL PRIVILEGES ON {{ $db }}.* TO '{{ $dbInfos.user }}'@'%'" - -echo "Created database {{ $db }} and user {{ $dbInfos.user }}." -{{ end }} + echo "Created database ${DB} and user ${USER}." +done <<EOF +{{ .Values.config.mysqlDatabase }} +{{- range $db, $_value := .Values.config.mysqlAdditionalDatabases }} +{{ $db }} +{{- end }} +EOF diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml index 679c10c9a3..f3ff9934ab 100644 --- a/kubernetes/common/mariadb-init/templates/job.yaml +++ b/kubernetes/common/mariadb-init/templates/job.yaml @@ -1,4 +1,5 @@ # Copyright © 2019 Orange +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -63,13 +64,17 @@ spec: secretKeyRef: name: {{ include "mariadbInit.mariadbClusterSecret" . }} key: {{ .Values.global.mariadbGalera.userRootSecretKey }} - - name: MYSQL_PASSWORD + - name: {{ printf "MYSQL_USER_%s" .Values.config.mysqlDatabase | upper }} + value: "{{ .Values.config.userName }}" + - name: {{ printf "MYSQL_PASSWORD_%s" .Values.config.mysqlDatabase | upper }} valueFrom: secretKeyRef: name: {{ template "common.fullname" . }} key: db-user-password {{- $root := . }} -{{ range $db, $_value := .Values.config.mysqlAdditionalDatabases }} +{{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }} + - name: {{ printf "MYSQL_USER_%s" $db | upper }} + value: {{ $dbInfos.user }} - name: {{ printf "MYSQL_PASSWORD_%s" $db | upper }} valueFrom: secretKeyRef: diff --git a/kubernetes/common/postgres-legacy/.helmignore b/kubernetes/common/postgres-legacy/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/common/postgres-legacy/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/common/postgres-legacy/Chart.yaml b/kubernetes/common/postgres-legacy/Chart.yaml new file mode 100644 index 0000000000..eff8e36eba --- /dev/null +++ b/kubernetes/common/postgres-legacy/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Postgres Server +name: postgres-legacy +version: 5.0.0 diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/Chart.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/Chart.yaml new file mode 100644 index 0000000000..e2818139fa --- /dev/null +++ b/kubernetes/common/postgres-legacy/charts/pgpool/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Postgres Server +name: pgpool +version: 5.0.0 diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/configs/pgpool.conf b/kubernetes/common/postgres-legacy/charts/pgpool/configs/pgpool.conf new file mode 100644 index 0000000000..f335174f40 --- /dev/null +++ b/kubernetes/common/postgres-legacy/charts/pgpool/configs/pgpool.conf @@ -0,0 +1,677 @@ +# ---------------------------- +# pgPool-II configuration file a custom version +# ---------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# Whitespace may be used. Comments are introduced with "#" anywhere on a line. +# The complete list of parameter names and allowed values can be found in the +# pgPool-II documentation. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, or use "pgpool reload". Some +# parameters, which are marked below, require a server shutdown and restart to +# take effect. +# + + +#------------------------------------------------------------------------------ +# CONNECTIONS +#------------------------------------------------------------------------------ + +# - pgpool Connection Settings - + +listen_addresses = '*' + # Host name or IP address to listen on: + # '*' for all, '' for no TCP/IP connections + # (change requires restart) +#port = 9999 +port = 5432 + # Port number + # (change requires restart) +socket_dir = '/tmp' + # Unix domain socket path + # The Debian package defaults to + # /var/run/postgresql + # (change requires restart) + + +# - pgpool Communication Manager Connection Settings - + +pcp_port = 9898 + # Port number for pcp + # (change requires restart) +pcp_socket_dir = '/tmp' + # Unix domain socket path for pcp + # The Debian package defaults to + # /var/run/postgresql + # (change requires restart) + +# - Backend Connection Settings - + +backend_hostname0 = '{{.Values.container.name.primary}}' +backend_port0 = 5432 +backend_weight0= 1 +backend_flag0= 'DISALLOW_TO_FAILOVER' + +backend_hostname1 = '{{.Values.container.name.replica}}' +backend_port1 = 5432 +backend_weight1= 1 +backend_flag1= 'DISALLOW_TO_FAILOVER' + +#backend_hostname0 = 'master' + # Host name or IP address to connect to for backend 0 +#backend_port0 = 5432 + # Port number for backend 0 +#backend_weight0 = 1 + # Weight for backend 0 (only in load balancing mode) +#backend_data_directory0 = '/data' + # Data directory for backend 0 +#backend_flag0 = 'ALLOW_TO_FAILOVER' + # Controls various backend behavior + # ALLOW_TO_FAILOVER or DISALLOW_TO_FAILOVER +#backend_hostname1 = 'standby' +#backend_port1 = 5432 +#backend_weight1 = 1 +#backend_data_directory1 = '/data1' +#backend_flag1 = 'ALLOW_TO_FAILOVER' + +# - Authentication - + +enable_pool_hba = on + # Use pool_hba.conf for client authentication +pool_passwd = 'pool_passwd' + # File name of pool_passwd for md5 authentication. + # "" disables pool_passwd. + # (change requires restart) +authentication_timeout = 60 + # Delay in seconds to complete client authentication + # 0 means no timeout. + +# - SSL Connections - + +ssl = off + # Enable SSL support + # (change requires restart) +#ssl_key = './server.key' + # Path to the SSL private key file + # (change requires restart) +#ssl_cert = './server.cert' + # Path to the SSL public certificate file + # (change requires restart) +#ssl_ca_cert = '' + # Path to a single PEM format file + # containing CA root certificate(s) + # (change requires restart) +#ssl_ca_cert_dir = '' + # Directory containing CA root certificate(s) + # (change requires restart) + + +#------------------------------------------------------------------------------ +# POOLS +#------------------------------------------------------------------------------ + +# - Pool size - + +num_init_children = 5 + # Number of pools + # (change requires restart) +max_pool = 1 + # Number of connections per pool + # (change requires restart) + +# - Life time - + +child_life_time = 300 + # Pool exits after being idle for this many seconds +child_max_connections = 0 + # Pool exits after receiving that many connections + # 0 means no exit +connection_life_time = 0 + # Connection to backend closes after being idle for this many seconds + # 0 means no close +client_idle_limit = 0 + # Client is disconnected after being idle for that many seconds + # (even inside an explicit transactions!) + # 0 means no disconnection + + +#------------------------------------------------------------------------------ +# LOGS +#------------------------------------------------------------------------------ + +# - Where to log - + +log_destination = 'stderr' + # Where to log + # Valid values are combinations of stderr, + # and syslog. Default to stderr. + +# - What to log - + +print_timestamp = on + # Print timestamp on each line + # (change requires restart) + +log_connections = on + # Log connections +log_hostname = on + # Hostname will be shown in ps status + # and in logs if connections are logged +log_statement = on + # Log all statements +log_per_node_statement = off + # Log all statements + # with node and backend informations +log_standby_delay = 'if_over_threshold' + # Log standby delay + # Valid values are combinations of always, + # if_over_threshold, none + +# - Syslog specific - + +syslog_facility = 'LOCAL0' + # Syslog local facility. Default to LOCAL0 +syslog_ident = 'pgpool' + # Syslog program identification string + # Default to 'pgpool' + +# - Debug - + +debug_level = 1 + # Debug message verbosity level + # 0 means no message, 1 or more mean verbose + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +pid_file_name = '/tmp/pgpool.pid' + # PID file name + # (change requires restart) +logdir = '/tmp' + # Directory of pgPool status file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTION POOLING +#------------------------------------------------------------------------------ + +connection_cache = off + # Activate connection pools + # (change requires restart) + + # Semicolon separated list of queries + # to be issued at the end of a session + # The default is for 8.3 and later +reset_query_list = 'ABORT; DISCARD ALL' + # The following one is for 8.2 and before +#reset_query_list = 'ABORT; RESET ALL; SET SESSION AUTHORIZATION DEFAULT' + + +#------------------------------------------------------------------------------ +# REPLICATION MODE +#------------------------------------------------------------------------------ + +replication_mode = off + # Activate replication mode + # (change requires restart) +replicate_select = off + # Replicate SELECT statements + # when in replication or parallel mode + # replicate_select is higher priority than + # load_balance_mode. + +insert_lock = off + # Automatically locks a dummy row or a table + # with INSERT statements to keep SERIAL data + # consistency + # Without SERIAL, no lock will be issued +lobj_lock_table = '' + # When rewriting lo_creat command in + # replication mode, specify table name to + # lock + +# - Degenerate handling - + +replication_stop_on_mismatch = off + # On disagreement with the packet kind + # sent from backend, degenerate the node + # which is most likely "minority" + # If off, just force to exit this session + +failover_if_affected_tuples_mismatch = off + # On disagreement with the number of affected + # tuples in UPDATE/DELETE queries, then + # degenerate the node which is most likely + # "minority". + # If off, just abort the transaction to + # keep the consistency + + +#------------------------------------------------------------------------------ +# LOAD BALANCING MODE +#------------------------------------------------------------------------------ + +load_balance_mode = on + # Activate load balancing mode + # (change requires restart) +ignore_leading_white_space = on + # Ignore leading white spaces of each query +white_function_list = '' + # Comma separated list of function names + # that don't write to database + # Regexp are accepted +black_function_list = 'currval,lastval,nextval,setval' + # Comma separated list of function names + # that write to database + # Regexp are accepted + + +#------------------------------------------------------------------------------ +# MASTER/SLAVE MODE +#------------------------------------------------------------------------------ + +master_slave_mode = on + # Activate master/slave mode + # (change requires restart) +master_slave_sub_mode = 'stream' + # Master/slave sub mode + # Valid values are combinations slony or + # stream. Default is slony. + # (change requires restart) + +# - Streaming - + +sr_check_period = 10 + # Streaming replication check period + # Disabled (0) by default +sr_check_user = '{{.Values.credentials.pgusername}}' + # Streaming replication check user + # This is neccessary even if you disable streaming + # replication delay check by sr_check_period = 0 +sr_check_password = '{{.Values.credentials.pgpassword}}' + # Password for streaming replication check user +delay_threshold = 10000000 + # Threshold before not dispatching query to standby node + # Unit is in bytes + # Disabled (0) by default + +# - Special commands - + +follow_master_command = '' + # Executes this command after master failover + # Special values: + # %d = node id + # %h = host name + # %p = port number + # %D = database cluster path + # %m = new master node id + # %H = hostname of the new master node + # %M = old master node id + # %P = old primary node id + # %r = new master port number + # %R = new master database cluster path + # %% = '%' character + + +#------------------------------------------------------------------------------ +# PARALLEL MODE +#------------------------------------------------------------------------------ + +parallel_mode = off + # Activates parallel query mode + # (change requires restart) +pgpool2_hostname = '' + # Set pgpool2 hostname + # (change requires restart) + +# - System DB info - + +#system_db_hostname = 'localhost' + # (change requires restart) +#system_db_port = 5432 + # (change requires restart) +#system_db_dbname = 'pgpool' + # (change requires restart) +#system_db_schema = 'pgpool_catalog' + # (change requires restart) +#system_db_user = 'pgpool' + # (change requires restart) +#system_db_password = '' + # (change requires restart) + + +#------------------------------------------------------------------------------ +# HEALTH CHECK +#------------------------------------------------------------------------------ + +health_check_period = 20 + # Health check period + # Disabled (0) by default +health_check_timeout = 10 + # Health check timeout + # 0 means no timeout +health_check_user = '{{.Values.credentials.pgusername}}' + # Health check user +health_check_password = '{{.Values.credentials.pgpassword}}' + # Password for health check user +health_check_max_retries = 3 +connect_timeout = 10000 # Timeout value in milliseconds before giving up to connect to backend. + + # Maximum number of times to retry a failed health check before giving up. +health_check_retry_delay = 1 + # Amount of time to wait (in seconds) between retries. + + +#------------------------------------------------------------------------------ +# FAILOVER AND FAILBACK +#------------------------------------------------------------------------------ + +failover_command = '' + # Executes this command at failover + # Special values: + # %d = node id + # %h = host name + # %p = port number + # %D = database cluster path + # %m = new master node id + # %H = hostname of the new master node + # %M = old master node id + # %P = old primary node id + # %r = new master port number + # %R = new master database cluster path + # %% = '%' character +failback_command = '' + # Executes this command at failback. + # Special values: + # %d = node id + # %h = host name + # %p = port number + # %D = database cluster path + # %m = new master node id + # %H = hostname of the new master node + # %M = old master node id + # %P = old primary node id + # %r = new master port number + # %R = new master database cluster path + # %% = '%' character + +fail_over_on_backend_error = off + # Initiates failover when reading/writing to the + # backend communication socket fails + # If set to off, pgpool will report an + # error and disconnect the session. + +search_primary_node_timeout = 10 + # Timeout in seconds to search for the + # primary node when a failover occurs. + # 0 means no timeout, keep searching + # for a primary node forever. + +#------------------------------------------------------------------------------ +# ONLINE RECOVERY +#------------------------------------------------------------------------------ + +recovery_user = '{{.Values.credentials.pgusername}}' + # Online recovery user +recovery_password = '{{.Values.credentials.pgpassword}}' + # Online recovery password +recovery_1st_stage_command = '' + # Executes a command in first stage +recovery_2nd_stage_command = '' + # Executes a command in second stage +recovery_timeout = 90 + # Timeout in seconds to wait for the + # recovering node's postmaster to start up + # 0 means no wait +client_idle_limit_in_recovery = 0 + # Client is disconnected after being idle + # for that many seconds in the second stage + # of online recovery + # 0 means no disconnection + # -1 means immediate disconnection + + +#------------------------------------------------------------------------------ +# WATCHDOG +#------------------------------------------------------------------------------ + +# - Enabling - + +use_watchdog = off + # Activates watchdog + # (change requires restart) + +# -Connection to up stream servers - + +trusted_servers = '' + # trusted server list which are used + # to confirm network connection + # (hostA,hostB,hostC,...) + # (change requires restart) +ping_path = '/bin' + # ping command path + # (change requires restart) + +# - Watchdog communication Settings - + +wd_hostname = '' + # Host name or IP address of this watchdog + # (change requires restart) +wd_port = 9000 + # port number for watchdog service + # (change requires restart) +wd_authkey = '' + # Authentication key for watchdog communication + # (change requires restart) + +# - Virtual IP control Setting - + +delegate_IP = '' + # delegate IP address + # If this is empty, virtual IP never bring up. + # (change requires restart) +ifconfig_path = '/sbin' + # ifconfig command path + # (change requires restart) +if_up_cmd = 'ifconfig eth0:0 inet $_IP_$ netmask 255.255.255.0' + # startup delegate IP command + # (change requires restart) +if_down_cmd = 'ifconfig eth0:0 down' + # shutdown delegate IP command + # (change requires restart) + +arping_path = '/usr/sbin' # arping command path + # (change requires restart) + +arping_cmd = 'arping -U $_IP_$ -w 1' + # arping command + # (change requires restart) + +# - Behaivor on escalation Setting - + +clear_memqcache_on_escalation = on + # Clear all the query cache on shared memory + # when standby pgpool escalate to active pgpool + # (= virtual IP holder). + # This should be off if client connects to pgpool + # not using virtual IP. + # (change requires restart) +wd_escalation_command = '' + # Executes this command at escalation on new active pgpool. + # (change requires restart) + +# - Lifecheck Setting - + +# -- common -- + +wd_lifecheck_method = 'heartbeat' + # Method of watchdog lifecheck ('heartbeat' or 'query') + # (change requires restart) +wd_interval = 10 + # lifecheck interval (sec) > 0 + # (change requires restart) + +# -- heartbeat mode -- + +wd_heartbeat_port = 9694 + # Port number for receiving heartbeat signal + # (change requires restart) +wd_heartbeat_keepalive = 2 + # Interval time of sending heartbeat signal (sec) + # (change requires restart) +wd_heartbeat_deadtime = 30 + # Deadtime interval for heartbeat signal (sec) + # (change requires restart) +heartbeat_destination0 = 'host0_ip1' + # Host name or IP address of destination 0 + # for sending heartbeat signal. + # (change requires restart) +heartbeat_destination_port0 = 9694 + # Port number of destination 0 for sending + # heartbeat signal. Usually this is the + # same as wd_heartbeat_port. + # (change requires restart) +heartbeat_device0 = '' + # Name of NIC device (such like 'eth0') + # used for sending/receiving heartbeat + # signal to/from destination 0. + # This works only when this is not empty + # and pgpool has root privilege. + # (change requires restart) + +#heartbeat_destination1 = 'host0_ip2' +#heartbeat_destination_port1 = 9694 +#heartbeat_device1 = '' + +# -- query mode -- + +wd_life_point = 3 + # lifecheck retry times + # (change requires restart) +wd_lifecheck_query = 'SELECT 1' + # lifecheck query to pgpool from watchdog + # (change requires restart) +wd_lifecheck_dbname = 'template1' + # Database name connected for lifecheck + # (change requires restart) +wd_lifecheck_user = 'nobody' + # watchdog user monitoring pgpools in lifecheck + # (change requires restart) +wd_lifecheck_password = '' + # Password for watchdog user in lifecheck + # (change requires restart) + +# - Other pgpool Connection Settings - + +#other_pgpool_hostname0 = 'host0' + # Host name or IP address to connect to for other pgpool 0 + # (change requires restart) +#other_pgpool_port0 = 5432 + # Port number for othet pgpool 0 + # (change requires restart) +#other_wd_port0 = 9000 + # Port number for othet watchdog 0 + # (change requires restart) +#other_pgpool_hostname1 = 'host1' +#other_pgpool_port1 = 5432 +#other_wd_port1 = 9000 + + +#------------------------------------------------------------------------------ +# OTHERS +#------------------------------------------------------------------------------ +relcache_expire = 0 + # Life time of relation cache in seconds. + # 0 means no cache expiration(the default). + # The relation cache is used for cache the + # query result against PostgreSQL system + # catalog to obtain various information + # including table structures or if it's a + # temporary table or not. The cache is + # maintained in a pgpool child local memory + # and being kept as long as it survives. + # If someone modify the table by using + # ALTER TABLE or some such, the relcache is + # not consistent anymore. + # For this purpose, cache_expiration + # controls the life time of the cache. +relcache_size = 256 + # Number of relation cache + # entry. If you see frequently: + # "pool_search_relcache: cache replacement happend" + # in the pgpool log, you might want to increate this number. + +check_temp_table = on + # If on, enable temporary table check in SELECT statements. + # This initiates queries against system catalog of primary/master + # thus increases load of master. + # If you are absolutely sure that your system never uses temporary tables + # and you want to save access to primary/master, you could turn this off. + # Default is on. + + +#------------------------------------------------------------------------------ +# ON MEMORY QUERY MEMORY CACHE +#------------------------------------------------------------------------------ +memory_cache_enabled = off + # If on, use the memory cache functionality, off by default +memqcache_method = 'shmem' + # Cache storage method. either 'shmem'(shared memory) or + # 'memcached'. 'shmem' by default + # (change requires restart) +memqcache_memcached_host = 'localhost' + # Memcached host name or IP address. Mandatory if + # memqcache_method = 'memcached'. + # Defaults to localhost. + # (change requires restart) +memqcache_memcached_port = 11211 + # Memcached port number. Mondatory if memqcache_method = 'memcached'. + # Defaults to 11211. + # (change requires restart) +memqcache_total_size = 67108864 + # Total memory size in bytes for storing memory cache. + # Mandatory if memqcache_method = 'shmem'. + # Defaults to 64MB. + # (change requires restart) +memqcache_max_num_cache = 1000000 + # Total number of cache entries. Mandatory + # if memqcache_method = 'shmem'. + # Each cache entry consumes 48 bytes on shared memory. + # Defaults to 1,000,000(45.8MB). + # (change requires restart) +memqcache_expire = 0 + # Memory cache entry life time specified in seconds. + # 0 means infinite life time. 0 by default. + # (change requires restart) +memqcache_auto_cache_invalidation = on + # If on, invalidation of query cache is triggered by corresponding + # DDL/DML/DCL(and memqcache_expire). If off, it is only triggered + # by memqcache_expire. on by default. + # (change requires restart) +memqcache_maxcache = 409600 + # Maximum SELECT result size in bytes. + # Must be smaller than memqcache_cache_block_size. Defaults to 400KB. + # (change requires restart) +memqcache_cache_block_size = 1048576 + # Cache block size in bytes. Mandatory if memqcache_method = 'shmem'. + # Defaults to 1MB. + # (change requires restart) +memqcache_oiddir = '/var/log/pgpool/oiddir' + # Temporary work directory to record table oids + # (change requires restart) +white_memqcache_table_list = '' + # Comma separated list of table names to memcache + # that don't write to database + # Regexp are accepted +black_memqcache_table_list = '' + # Comma separated list of table names not to memcache + # that don't write to database + # Regexp are accepted diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_hba.conf b/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_hba.conf new file mode 100644 index 0000000000..d8918409e8 --- /dev/null +++ b/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_hba.conf @@ -0,0 +1,67 @@ +# pgpool Client Authentication Configuration File a custom version +# =============================================== +# +# The format rule in this file follows the rules in the PostgreSQL +# Administrator's Guide. Refer to chapter "Client Authentication" for a +# complete description. A short synopsis follows. +# +# This file controls: which hosts are allowed to connect, how clients +# are authenticated, which user names they can use, which databases they +# can access. Records take one of these forms: +# +# local DATABASE USER METHOD [OPTION] +# host DATABASE USER CIDR-ADDRESS METHOD [OPTION] +# +# (The uppercase items must be replaced by actual values.) +# +# The first field is the connection type: "local" is a Unix-domain +# socket, "host" is either a plain or SSL-encrypted TCP/IP socket. +# +# DATABASE can be "all", "sameuser", a database name, or a comma-separated +# list thereof. Note that "samegroup" like in PostgreSQL's pg_hba.conf +# file is not supported, since pgpool does not know which group a user +# belongs to. Also note that the database specified here may not exist in +# the backend PostgreSQL. pgpool will authenticate based on the database's +# name, not based on whether it exists or not. +# +# USER can be "all", a user name, or a comma-separated list thereof. In +# both the DATABASE and USER fields you can also write a file name prefixed +# with "@" to include names from a separate file. Note that a group name +# prefixed with "+" like in PostgreSQL's pg_hba.conf file is not supported +# because of the same reason as "samegroup" token. Also note that a user +# name specified here may not exist in the backend PostgreSQL. pgpool will +# authenticate based on the user's name, not based on whether he/she exists. +# +# CIDR-ADDRESS specifies the set of hosts the record matches. +# It is made up of an IP address and a CIDR mask that is an integer +# (between 0 and 32 (IPv4) that specifies the number of significant bits in +# the mask. Alternatively, you can write an IP address and netmask in +# separate columns to specify the set of hosts. +# +# METHOD can be "trust", "reject", "md5" or "pam". Note that "pam" sends passwords +# in clear text. +# +# OPTION is the name of the PAM service. Default service name is "pgpool" +# +# Database and user names containing spaces, commas, quotes and other special +# characters must be quoted. Quoting one of the keywords "all" or "sameuser" +# makes the name lose its special character, and just match a database or +# username with that name. +# +# This file is read on pgpool startup. If you edit the file on a running +# system, you have to restart the pgpool for the changes to take effect. + +# Put your actual configuration here +# ---------------------------------- +# +# If you want to allow non-local connections, you need to add more +# "host" records. In that case you will also need to make pgpool listen +# on a non-local interface via the listen_addresses configuration parameter. +# + +# TYPE DATABASE USER CIDR-ADDRESS METHOD + +# "local" is for Unix domain socket connections only +#local all all trust +# IPv4 local connections: +host all all 0.0.0.0/0 md5 diff --git a/kubernetes/common/postgres/charts/pgpool/configs/pool_passwd b/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_passwd index 3636d1de74..3636d1de74 100644 --- a/kubernetes/common/postgres/charts/pgpool/configs/pool_passwd +++ b/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_passwd diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/requirements.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/requirements.yaml new file mode 100644 index 0000000000..5b097f3ab7 --- /dev/null +++ b/kubernetes/common/postgres-legacy/charts/pgpool/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~5.x-0 + repository: '@local' diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/templates/configmap.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/templates/configmap.yaml new file mode 100755 index 0000000000..e2c77ff910 --- /dev/null +++ b/kubernetes/common/postgres-legacy/charts/pgpool/templates/configmap.yaml @@ -0,0 +1,26 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-pgpool-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/templates/deployment.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/templates/deployment.yaml new file mode 100644 index 0000000000..15fa18d81d --- /dev/null +++ b/kubernetes/common/postgres-legacy/charts/pgpool/templates/deployment.yaml @@ -0,0 +1,68 @@ +{{/* +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: 2 + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + containers: + - image: "{{.Values.repository}}/{{.Values.image}}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }} + env: + - name: PG_PRIMARY_SERVICE_NAME + value: {{.Values.container.name.primary}} + - name: PG_REPLICA_SERVICE_NAME + value: {{.Values.container.name.replica}} + - name: PG_USERNAME + value: {{.Values.credentials.pgusername}} + - name: PG_PASSWORD + value: {{.Values.credentials.pgpassword}} + ports: + - containerPort: 5432 + name: pgpool + protocol: TCP + readinessProbe: + tcpSocket: + port: 5432 + initialDelaySeconds: 20 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: 5432 + initialDelaySeconds: 15 + periodSeconds: 20 + volumeMounts: + - name: pgpool-pgconf + mountPath: /pgconf/pgpoolconfigdir + readOnly: false + volumes: + - name: pgpool-pgconf + configMap: + name: {{ include "common.fullname" . }}-pgpool-configmap diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/templates/service.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/templates/service.yaml new file mode 100644 index 0000000000..86442a2740 --- /dev/null +++ b/kubernetes/common/postgres-legacy/charts/pgpool/templates/service.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.name }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.name }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.name }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/values.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/values.yaml new file mode 100644 index 0000000000..cb732b7cd7 --- /dev/null +++ b/kubernetes/common/postgres-legacy/charts/pgpool/values.yaml @@ -0,0 +1,44 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + persistence: {} + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: crunchydata +image: crunchy-pgpool:centos7-10.4-2.0.0 +pullPolicy: Always + +container: + port: 5432 + name: + primary: pgset-primary + replica: pgset-replica +credentials: + pgusername: testuser + pgpassword: password +service: + name: pgpool + type: ClusterIP + externalPort: 5432 + internalPort: 5432 diff --git a/kubernetes/common/postgres-legacy/requirements.yaml b/kubernetes/common/postgres-legacy/requirements.yaml new file mode 100644 index 0000000000..5b097f3ab7 --- /dev/null +++ b/kubernetes/common/postgres-legacy/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~5.x-0 + repository: '@local' diff --git a/kubernetes/common/postgres/templates/pv.yaml b/kubernetes/common/postgres-legacy/templates/pv.yaml index bcd67d79cb..bcd67d79cb 100644 --- a/kubernetes/common/postgres/templates/pv.yaml +++ b/kubernetes/common/postgres-legacy/templates/pv.yaml diff --git a/kubernetes/common/postgres-legacy/templates/secrets.yaml b/kubernetes/common/postgres-legacy/templates/secrets.yaml new file mode 100644 index 0000000000..29de3af260 --- /dev/null +++ b/kubernetes/common/postgres-legacy/templates/secrets.yaml @@ -0,0 +1,31 @@ +{{/* +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + pg-primary-password: {{ .Values.config.pgPrimaryPassword | b64enc | quote }} + pg-user-password: {{ .Values.config.pgUserPassword | b64enc | quote }} + pg-root-password: {{ .Values.config.pgRootPassword | b64enc | quote }} + diff --git a/kubernetes/common/postgres/templates/service.yaml b/kubernetes/common/postgres-legacy/templates/service.yaml index 2a4e369ef4..2a4e369ef4 100644 --- a/kubernetes/common/postgres/templates/service.yaml +++ b/kubernetes/common/postgres-legacy/templates/service.yaml diff --git a/kubernetes/common/postgres/templates/statefulset.yaml b/kubernetes/common/postgres-legacy/templates/statefulset.yaml index 7c38d1d9d7..7c38d1d9d7 100644 --- a/kubernetes/common/postgres/templates/statefulset.yaml +++ b/kubernetes/common/postgres-legacy/templates/statefulset.yaml diff --git a/kubernetes/common/postgres-legacy/values.yaml b/kubernetes/common/postgres-legacy/values.yaml new file mode 100644 index 0000000000..8dd5d0aaac --- /dev/null +++ b/kubernetes/common/postgres-legacy/values.yaml @@ -0,0 +1,139 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + persistence: {} + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + +################################################################# +# Application configuration defaults. +################################################################# + +# BusyBox image +busyboxRepository: registry.hub.docker.com +busyboxImage: library/busybox:latest + +postgresRepository: crunchydata +image: crunchy-postgres:centos7-10.4-2.0.0 +pullPolicy: Always + +# application configuration +config: + pgUserName: testuser + pgDatabase: userdb + pgPrimaryPassword: password + pgUserPassword: password + pgRootPassword: password + +container: + name: + primary: pgset-primary + replica: pgset-replica + +pgpool: + container: + port: 5432 + name: + primary: pgset-primary + replica: pgset-replica + credentials: + pgusername: testuser + pgpassword: password + service: + name: pgpool + + +# default number of instances +replicaCount: 2 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 300 + periodSeconds: 10 + timeoutSeconds: 5 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +## Persist data to a persitent volume +persistence: + enabled: true + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + volumeReclaimPolicy: Retain + + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: <storageClass> + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + accessMode: ReadWriteOnce + size: 1Gi + mountPath: /dockerdata-nfs + mountSubPath: postgres/data + mountInitPath: postgres + +service: + type: ClusterIP + name: pgset + externalPort: 5432 + internalPort: 5432 + type2: ClusterIP + name2: pgset-primary + externalPort2: 5432 + internalPort2: 5432 + type3: ClusterIP + name3: pgset-replica + externalPort3: 5432 + internalPort3: 5432 + +ingress: + enabled: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +#resources: +# limits: +# cpu: 2 +# memory: 4Gi +# requests: +# cpu: 2 +# memory: 4Gi + diff --git a/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf b/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf index d8918409e8..580185c6f0 100644 --- a/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf +++ b/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf @@ -65,3 +65,4 @@ #local all all trust # IPv4 local connections: host all all 0.0.0.0/0 md5 + diff --git a/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml b/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml index 15fa18d81d..a4b0ca8657 100644 --- a/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml +++ b/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml @@ -31,6 +31,33 @@ spec: app: {{ include "common.name" . }} release: {{ .Release.Name }} spec: + initContainers: + - name: {{ include "common.name" . }}-job + image: "{{.Values.repository}}/{{.Values.image}}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: pgpool-pgconf + mountPath: /pgconf/pgpoolconfigdir + readOnly: false + - name: pgpool-pgconf-static + mountPath: /configdir/ + readOnly: false + command: + - /bin/sh + args: + - -c + - | + cp /configdir/pgpool.conf /pgconf/pgpoolconfigdir/ + cp /configdir/pool_hba.conf /pgconf/pgpoolconfigdir/ + pg_md5 -f /pgconf/pgpoolconfigdir/pgpool.conf --md5auth --username=${PG_USER} ${PG_PASSWORD} + env: + - name: PG_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: db-user-password + - name: PG_USER + value: {{ index .Values.credentials.pgusername }} containers: - image: "{{.Values.repository}}/{{.Values.image}}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -43,7 +70,10 @@ spec: - name: PG_USERNAME value: {{.Values.credentials.pgusername}} - name: PG_PASSWORD - value: {{.Values.credentials.pgpassword}} + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: db-user-password ports: - containerPort: 5432 name: pgpool @@ -64,5 +94,7 @@ spec: readOnly: false volumes: - name: pgpool-pgconf + emptyDir: {} + - name: pgpool-pgconf-static configMap: name: {{ include "common.fullname" . }}-pgpool-configmap diff --git a/kubernetes/common/postgres/charts/pgpool/templates/secrets.yaml b/kubernetes/common/postgres/charts/pgpool/templates/secrets.yaml new file mode 100644 index 0000000000..b449faca92 --- /dev/null +++ b/kubernetes/common/postgres/charts/pgpool/templates/secrets.yaml @@ -0,0 +1,28 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +type: Opaque +data: + db-user-password: {{ default "" .Values.credentials.pgpassword | b64enc | quote }} + diff --git a/kubernetes/common/postgres/charts/pgpool/templates/service.yaml b/kubernetes/common/postgres/charts/pgpool/templates/service.yaml index 86442a2740..4306b264b2 100644 --- a/kubernetes/common/postgres/charts/pgpool/templates/service.yaml +++ b/kubernetes/common/postgres/charts/pgpool/templates/service.yaml @@ -15,11 +15,11 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.externalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.name }} + name: {{ .Values.service.portName }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} + name: {{ .Values.service.portName }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/common/postgres/charts/pgpool/values.yaml b/kubernetes/common/postgres/charts/pgpool/values.yaml index cb732b7cd7..8ceff8f964 100644 --- a/kubernetes/common/postgres/charts/pgpool/values.yaml +++ b/kubernetes/common/postgres/charts/pgpool/values.yaml @@ -38,7 +38,8 @@ credentials: pgusername: testuser pgpassword: password service: - name: pgpool + name: pgpool + portName: tcp-postgres type: ClusterIP externalPort: 5432 internalPort: 5432 diff --git a/kubernetes/common/postgres/configs/pg_hba.conf b/kubernetes/common/postgres/configs/pg_hba.conf new file mode 100644 index 0000000000..580185c6f0 --- /dev/null +++ b/kubernetes/common/postgres/configs/pg_hba.conf @@ -0,0 +1,68 @@ +# pgpool Client Authentication Configuration File a custom version +# =============================================== +# +# The format rule in this file follows the rules in the PostgreSQL +# Administrator's Guide. Refer to chapter "Client Authentication" for a +# complete description. A short synopsis follows. +# +# This file controls: which hosts are allowed to connect, how clients +# are authenticated, which user names they can use, which databases they +# can access. Records take one of these forms: +# +# local DATABASE USER METHOD [OPTION] +# host DATABASE USER CIDR-ADDRESS METHOD [OPTION] +# +# (The uppercase items must be replaced by actual values.) +# +# The first field is the connection type: "local" is a Unix-domain +# socket, "host" is either a plain or SSL-encrypted TCP/IP socket. +# +# DATABASE can be "all", "sameuser", a database name, or a comma-separated +# list thereof. Note that "samegroup" like in PostgreSQL's pg_hba.conf +# file is not supported, since pgpool does not know which group a user +# belongs to. Also note that the database specified here may not exist in +# the backend PostgreSQL. pgpool will authenticate based on the database's +# name, not based on whether it exists or not. +# +# USER can be "all", a user name, or a comma-separated list thereof. In +# both the DATABASE and USER fields you can also write a file name prefixed +# with "@" to include names from a separate file. Note that a group name +# prefixed with "+" like in PostgreSQL's pg_hba.conf file is not supported +# because of the same reason as "samegroup" token. Also note that a user +# name specified here may not exist in the backend PostgreSQL. pgpool will +# authenticate based on the user's name, not based on whether he/she exists. +# +# CIDR-ADDRESS specifies the set of hosts the record matches. +# It is made up of an IP address and a CIDR mask that is an integer +# (between 0 and 32 (IPv4) that specifies the number of significant bits in +# the mask. Alternatively, you can write an IP address and netmask in +# separate columns to specify the set of hosts. +# +# METHOD can be "trust", "reject", "md5" or "pam". Note that "pam" sends passwords +# in clear text. +# +# OPTION is the name of the PAM service. Default service name is "pgpool" +# +# Database and user names containing spaces, commas, quotes and other special +# characters must be quoted. Quoting one of the keywords "all" or "sameuser" +# makes the name lose its special character, and just match a database or +# username with that name. +# +# This file is read on pgpool startup. If you edit the file on a running +# system, you have to restart the pgpool for the changes to take effect. + +# Put your actual configuration here +# ---------------------------------- +# +# If you want to allow non-local connections, you need to add more +# "host" records. In that case you will also need to make pgpool listen +# on a non-local interface via the listen_addresses configuration parameter. +# + +# TYPE DATABASE USER CIDR-ADDRESS METHOD + +# "local" is for Unix domain socket connections only +#local all all trust +# IPv4 local connections: +host all all 0.0.0.0/0 md5 + diff --git a/kubernetes/common/postgres/templates/configmap.yaml b/kubernetes/common/postgres/templates/configmap.yaml new file mode 100644 index 0000000000..7abd39b9b9 --- /dev/null +++ b/kubernetes/common/postgres/templates/configmap.yaml @@ -0,0 +1,27 @@ +# Copyright © 2019 Amdocs, Bell Canada, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} + diff --git a/kubernetes/common/postgres/templates/deployment-primary.yaml b/kubernetes/common/postgres/templates/deployment-primary.yaml new file mode 100644 index 0000000000..9cb3007400 --- /dev/null +++ b/kubernetes/common/postgres/templates/deployment-primary.yaml @@ -0,0 +1,138 @@ +{{/* +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }}-primary + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-primary + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: "{{ .Values.container.name.primary }}" +spec: + serviceName: {{ .Values.service.name }} + replicas: 1 + template: + metadata: + labels: + app: {{ include "common.name" . }}-primary + release: {{ .Release.Name }} + name: "{{ .Values.container.name.primary }}" + spec: + initContainers: + - name: init-sysctl + command: + - /bin/sh + - -c + - | + chown 26:26 /podroot/; + chmod 700 /podroot/; + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-data + mountPath: /podroot/ + containers: + - name: {{ include "common.name" . }} + image: "{{ .Values.postgresRepository }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + {{- end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: PGHOST + value: /tmp + - name: PG_PRIMARY_USER + value: primaryuser + - name: PG_MODE + value: primary + - name: PG_PRIMARY_HOST + value: "{{ .Values.container.name.primary }}" + - name: PG_REPLICA_HOST + value: "{{ .Values.container.name.replica }}" + - name: PG_PRIMARY_PORT + value: "{{ .Values.service.internalPort }}" + - name: PG_PRIMARY_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: pg-primary-password + - name: PG_USER + value: "{{ .Values.config.pgUserName }}" + - name: PG_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: pg-user-password + - name: PG_DATABASE + value: "{{ .Values.config.pgDatabase }}" + - name: PG_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: pg-root-password + volumeMounts: + - name: pool-hba-conf + mountPath: /pgconf/pool_hba.conf + subPath: pool_hba.conf + - mountPath: /pgdata + name: {{ include "common.fullname" . }}-data + - mountPath: /backup + name: {{ include "common.fullname" . }}-backup + readOnly: true + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-backup + emptyDir: {} + - name: {{ include "common.fullname" . }}-data +{{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-primary +{{- else }} + emptyDir: {} +{{ end }} + - name: pool-hba-conf + configMap: + name: {{ include "common.fullname" . }} diff --git a/kubernetes/common/postgres/templates/deployment-replica.yaml b/kubernetes/common/postgres/templates/deployment-replica.yaml new file mode 100644 index 0000000000..8f09a2f48f --- /dev/null +++ b/kubernetes/common/postgres/templates/deployment-replica.yaml @@ -0,0 +1,138 @@ +{{/* +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }}-replica + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-replica + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: "{{ .Values.container.name.replica }}" +spec: + serviceName: {{ .Values.service.name }} + replicas: 1 + template: + metadata: + labels: + app: {{ include "common.name" . }}-replica + release: {{ .Release.Name }} + name: "{{ .Values.container.name.replica }}" + spec: + initContainers: + - name: init-sysctl + command: + - /bin/sh + - -c + - | + chown 26:26 /podroot/; + chmod 700 /podroot/; + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-data + mountPath: /podroot/ + containers: + - name: {{ include "common.name" . }} + image: "{{ .Values.postgresRepository }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + {{end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: PGHOST + value: /tmp + - name: PG_PRIMARY_USER + value: primaryuser + - name: PG_MODE + value: replica + - name: PG_PRIMARY_HOST + value: "{{.Values.container.name.primary}}" + - name: PG_REPLICA_HOST + value: "{{.Values.container.name.replica}}" + - name: PG_PRIMARY_PORT + value: "{{.Values.service.internalPort}}" + - name: PG_PRIMARY_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: pg-primary-password + - name: PG_USER + value: "{{.Values.config.pgUserName}}" + - name: PG_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: pg-user-password + - name: PG_DATABASE + value: "{{.Values.config.pgDatabase}}" + - name: PG_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: pg-root-password + volumeMounts: + - name: pool-hba-conf + mountPath: /pgconf/pool_hba.conf + subPath: pool_hba.conf + - mountPath: /pgdata + name: {{ include "common.fullname" . }}-data + - mountPath: /backup + name: {{ include "common.fullname" . }}-backup + readOnly: true + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-backup + emptyDir: {} + - name: {{ include "common.fullname" . }}-data +{{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-replica +{{- else }} + emptyDir: {} +{{ end }} + - name: pool-hba-conf + configMap: + name: {{ include "common.fullname" . }} diff --git a/kubernetes/common/postgres/templates/pv-primary.yaml b/kubernetes/common/postgres/templates/pv-primary.yaml new file mode 100644 index 0000000000..1764868ffc --- /dev/null +++ b/kubernetes/common/postgres/templates/pv-primary.yaml @@ -0,0 +1,39 @@ +{{/* +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if include "common.needPV" . -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-primary + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: "{{ include "common.fullname" . }}-primary" + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}/primary +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/postgres/templates/pv-replica.yaml b/kubernetes/common/postgres/templates/pv-replica.yaml new file mode 100644 index 0000000000..b67cac0c26 --- /dev/null +++ b/kubernetes/common/postgres/templates/pv-replica.yaml @@ -0,0 +1,39 @@ +{{/* +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if include "common.needPV" . -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-replica + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: "{{ include "common.fullname" . }}-replica" + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}/replica +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/postgres/templates/pvc-primary.yaml b/kubernetes/common/postgres/templates/pvc-primary.yaml new file mode 100644 index 0000000000..e529da1bd5 --- /dev/null +++ b/kubernetes/common/postgres/templates/pvc-primary.yaml @@ -0,0 +1,45 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-primary + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- if include "common.needPV" . }} + storageClassName: "{{ include "common.fullname" . }}-primary" +{{- else }} + storageClassName: {{ include "common.storageClass" . }} +{{- end }} + storageClassName: "{{ include "common.fullname" . }}-primary" +{{- end -}} diff --git a/kubernetes/common/postgres/templates/pvc-replica.yaml b/kubernetes/common/postgres/templates/pvc-replica.yaml new file mode 100644 index 0000000000..41199b6861 --- /dev/null +++ b/kubernetes/common/postgres/templates/pvc-replica.yaml @@ -0,0 +1,44 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-replica + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- if include "common.needPV" . }} + storageClassName: "{{ include "common.fullname" . }}-replica" +{{- else }} + storageClassName: {{ include "common.storageClass" . }} +{{- end }} +{{- end -}} diff --git a/kubernetes/common/postgres/templates/service-common.yaml b/kubernetes/common/postgres/templates/service-common.yaml new file mode 100644 index 0000000000..da0505cfa6 --- /dev/null +++ b/kubernetes/common/postgres/templates/service-common.yaml @@ -0,0 +1,41 @@ +{{/* +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.name }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} diff --git a/kubernetes/common/postgres/templates/service-primary.yaml b/kubernetes/common/postgres/templates/service-primary.yaml new file mode 100644 index 0000000000..501c01ecfe --- /dev/null +++ b/kubernetes/common/postgres/templates/service-primary.yaml @@ -0,0 +1,41 @@ +{{/* +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.name2 }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-primary + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: +spec: + type: {{ .Values.service.type2 }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort2 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} + name: {{ .Values.service.portName2 }} + {{- else -}} + - port: {{ .Values.service.externalPort2 }} + targetPort: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 }} + {{- end}} + selector: + name: "{{.Values.container.name.primary}}" + release: {{ .Release.Name }} diff --git a/kubernetes/common/postgres/templates/service-replica.yaml b/kubernetes/common/postgres/templates/service-replica.yaml new file mode 100644 index 0000000000..34f76d125e --- /dev/null +++ b/kubernetes/common/postgres/templates/service-replica.yaml @@ -0,0 +1,41 @@ +{{/* +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.name3 }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-replica + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: +spec: + type: {{ .Values.service.type3 }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort3 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} + name: {{ .Values.service.portName3 }} + {{- else -}} + - port: {{ .Values.service.externalPort3 }} + targetPort: {{ .Values.service.internalPort3 }} + name: {{ .Values.service.portName3 }} + {{- end}} + selector: + name: "{{.Values.container.name.replica}}" + release: {{ .Release.Name }} diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml index 8dd5d0aaac..3104ee79d2 100644 --- a/kubernetes/common/postgres/values.yaml +++ b/kubernetes/common/postgres/values.yaml @@ -104,14 +104,17 @@ persistence: service: type: ClusterIP name: pgset + portName: tcp-postgres externalPort: 5432 internalPort: 5432 type2: ClusterIP - name2: pgset-primary + name2: tcp-pgset-primary + portName2: tcp-postgres externalPort2: 5432 internalPort2: 5432 type3: ClusterIP - name3: pgset-replica + name3: tcp-pgset-replica + portName3: tcp-postgres externalPort3: 5432 internalPort3: 5432 @@ -136,4 +139,3 @@ resources: {} # requests: # cpu: 2 # memory: 4Gi - diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml index 4b650c06dd..6b90aa3144 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml @@ -20,6 +20,7 @@ dependencies: - name: common version: ~5.x-0 repository: '@local' - - name: postgres + - name: postgres-legacy version: ~5.x-0 repository: '@local' + alias: postgres diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml index 9136278557..3e79830cc1 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml @@ -17,6 +17,7 @@ dependencies: - name: common version: ~5.x-0 repository: '@local' - - name: postgres + - name: postgres-legacy version: ~5.x-0 repository: '@local' + alias: postgres diff --git a/kubernetes/robot b/kubernetes/robot -Subproject ff678657c0fa534840d063131432e1994829f66 +Subproject 4bd799e5dbcbf2131a685bf73319e962ace86f5 diff --git a/kubernetes/sdnc/resources/config/bin/startODL.sh b/kubernetes/sdnc/resources/config/bin/startODL.sh index 5586ebbca6..5f5f811fd0 100755 --- a/kubernetes/sdnc/resources/config/bin/startODL.sh +++ b/kubernetes/sdnc/resources/config/bin/startODL.sh @@ -120,6 +120,7 @@ SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin} CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk} ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false} GEO_ENABLED=${GEO_ENABLED:-false} +SDNC_AAF_ENABLED=${SDNC_AAF_ENABLED:-false} SDNRWT=${SDNRWT:-false} SDNRWT_BOOTFEATURES=${SDNRWT_BOOTFEATURES:-sdnr-wt-feature-aggregator} export ODL_ADMIN_PASSWORD ODL_ADMIN_USERNAME @@ -128,8 +129,24 @@ echo "Settings:" echo " ENABLE_ODL_CLUSTER=$ENABLE_ODL_CLUSTER" echo " SDNC_REPLICAS=$SDNC_REPLICAS" echo " SDNRWT=$SDNRWT" - - +echo " AAF_ENABLED=$SDNC_AAF_ENABLED" + + +if $SDNC_AAF_ENABLED; then + export SDNC_STORE_DIR=/opt/app/osaaf/local + export SDNC_CONFIG_DIR=/opt/app/osaaf/local + export SDNC_KEYPASS=`cat /opt/app/osaaf/local/.pass` + export SDNC_KEYSTORE=org.onap.sdnc.p12 + sed -i '/cadi_prop_files/d' $ODL_HOME/etc/system.properties + echo "cadi_prop_files=$SDNC_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties + + sed -i '/org.ops4j.pax.web.ssl.keystore/d' $ODL_HOME/etc/custom.properties + sed -i '/org.ops4j.pax.web.ssl.password/d' $ODL_HOME/etc/custom.properties + sed -i '/org.ops4j.pax.web.ssl.keypassword/d' $ODL_HOME/etc/custom.properties + echo org.ops4j.pax.web.ssl.keystore=$SDNC_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties + echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties + echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties +fi if [ ! -f ${SDNC_HOME}/.installed ] then diff --git a/kubernetes/sdnc/resources/env.yaml b/kubernetes/sdnc/resources/env.yaml index 2ad42f79a6..6e38ae99d6 100644 --- a/kubernetes/sdnc/resources/env.yaml +++ b/kubernetes/sdnc/resources/env.yaml @@ -12,6 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +SDNC_AAF_ENABLED: "{{ .Values.global.aafEnabled }}" SDNC_GEO_ENABLED: "{{ .Values.config.geoEnabled }}" SDNC_IS_PRIMARY_CLUSTER: "{{ .Values.config.isPrimaryCluster }}" SDNC_ODL_COUNT: "{{ .Values.replicaCount }}" diff --git a/kubernetes/sdnc/templates/secret-aaf.yaml b/kubernetes/sdnc/templates/secret-aaf.yaml new file mode 100644 index 0000000000..cd2e539b28 --- /dev/null +++ b/kubernetes/sdnc/templates/secret-aaf.yaml @@ -0,0 +1,15 @@ +{{ if .Values.global.aafEnabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-aaf + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + aaf-password: {{ .Values.aaf_init.deploy_pass | b64enc | quote }} +{{ end }} diff --git a/kubernetes/sdnc/templates/service.yaml b/kubernetes/sdnc/templates/service.yaml index db6d73a3c5..d2136ccb0b 100644 --- a/kubernetes/sdnc/templates/service.yaml +++ b/kubernetes/sdnc/templates/service.yaml @@ -40,6 +40,9 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} + {{ if not .Values.global.aafEnabled }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }} + {{ end }} name: "{{ .Values.service.portName }}-8282" - port: {{ .Values.service.externalPort2 }} targetPort: {{ .Values.service.internalPort2 }} @@ -50,7 +53,9 @@ spec: name: "{{ .Values.service.portName }}-8280" - port: {{ .Values.service.externalPort4 }} targetPort: {{ .Values.service.internalPort4 }} + {{ if .Values.global.aafEnabled }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }} + {{ end }} name: "{{ .Values.service.portName }}-8443" {{- else -}} - port: {{ .Values.service.externalPort }} diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 4ab8d1ccfe..536eaaf552 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -47,6 +47,59 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + {{ if .Values.global.aafEnabled }} + - name: {{ include "common.name" . }}-aaf-readiness + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - aaf-locate + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-aaf + image: {{ .Values.global.repository }}/{{ .Values.aaf_init.agentImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: {{ .Values.certpersistence.certPath }} + name: {{ include "common.fullname" . }}-certs + command: + - bash + - -c + - | + /opt/app/aaf_config/bin/agent.sh && + cd /opt/app/osaaf/local && + /opt/app/aaf_config/bin/agent.sh local showpass | grep cadi_keystore_password= | cut -d= -f 2 > /opt/app/osaaf/local/.pass 2>&1 + env: + - name: APP_FQI + value: "{{ .Values.aaf_init.fqi }}" + - name: aaf_locate_url + value: "https://aaf-locate.{{ .Release.Namespace}}:8095" + - name: aaf_locator_container + value: "oom" + - name: aaf_locator_container_ns + value: "{{ .Release.Namespace }}" + - name: aaf_locator_fqdn + value: "{{ .Values.aaf_init.fqdn }}" + - name: aaf_locator_app_ns + value: "{{ .Values.aaf_init.app_ns }}" + - name: DEPLOY_FQI + value: "{{ .Values.aaf_init.deploy_fqi }}" + - name: DEPLOY_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" .}}-aaf + key: aaf-password + - name: cadi_longitude + value: "{{ .Values.aaf_init.cadi_longitude }}" + - name: cadi_latitude + value: "{{ .Values.aaf_init.cadi_latitude }}" + {{ end }} - name: {{ include "common.name" . }}-chown image: "busybox" command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} ; chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certpersistence.certPath }}"] @@ -99,6 +152,8 @@ spec: value: "{{ .Values.config.isPrimaryCluster }}" - name: GEO_ENABLED value: "{{ .Values.config.geoEnabled}}" + - name: SDNC_AAF_ENABLED + value: "{{ .Values.global.aafEnabled}}" - name: SDNC_REPLICAS value: "{{ .Values.replicaCount }}" - name: MYSQL_HOST diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 555409f747..4447a7dfaa 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -25,6 +25,7 @@ global: loggingImage: beats/filebeat:5.5.0 persistence: mountPath: /dockerdata-nfs + aafEnabled: true ################################################################# # Application configuration defaults. @@ -102,6 +103,17 @@ config: internalPort: 3306 # dependency / sub-chart configuration +aaf_init: + agentImage: onap/aaf/aaf_agent:2.1.15 + app_ns: "org.osaaf.aaf" + fqi: "sdnc@sdnc.onap.org" + fqdn: "sdnc" + public_fqdn: "sdnc.onap.org" + deploy_fqi: "deployer@people.osaaf.org" + deploy_pass: "demo123456!" + cadi_latitude: "38.0" + cadi_longitude: "-72.0" + cds: enabled: false @@ -250,7 +262,7 @@ certpersistence: size: 50Mi mountPath: /dockerdata-nfs mountSubPath: sdnc/certs - certPath: /opt/opendaylight/current/certs + certPath: /opt/app/osaaf ##storageClass: "manual" ingress: diff --git a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml index 760fa16e75..5213700df0 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml @@ -49,3 +49,11 @@ sdc: endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443 vnfmadapter: endpoint: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092 +etsi-catalog-manager: + vnfpkgm: + {{- if .Values.global.msbEnabled }} + endpoint: http://msb-iag.{{ include "common.namespace" . }}:80/api/vnfpkgm/v1 + {{- else }} + endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api/vnfpkgm/v1 + {{- end }} + diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 9d5ff4283e..9af34af88e 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -38,6 +38,7 @@ global: dbPort: 3306 dbUser: root dbPassword: secretpassword + msbEnabled: true ################################################################# # Application configuration defaults. @@ -113,4 +114,4 @@ ingress: name: "so" port: 8080 config: - ssl: "none"
\ No newline at end of file + ssl: "none" |