diff options
12 files changed, 148 insertions, 42 deletions
diff --git a/kubernetes/a1policymanagement/resources/envsubst/daemon.sh b/kubernetes/a1policymanagement/resources/envsubst/daemon.sh new file mode 100644 index 0000000000..6d239f1ec8 --- /dev/null +++ b/kubernetes/a1policymanagement/resources/envsubst/daemon.sh @@ -0,0 +1,30 @@ +#!/bin/sh +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +terminate() { + echo "$(date) | INFO | Terminating child processes" + pids="$(jobs -p)" + if [ "$pids" != "" ]; then + kill -TERM $pids >/dev/null 2>/dev/null + fi + wait +} + +trap terminate TERM +echo "$(date) | INFO | Started monitoring /config-input/ directory" +inotifyd /tmp/scripts/update_files /config-input/ & +wait diff --git a/kubernetes/a1policymanagement/resources/envsubst/update_files b/kubernetes/a1policymanagement/resources/envsubst/update_files new file mode 100644 index 0000000000..754bb55432 --- /dev/null +++ b/kubernetes/a1policymanagement/resources/envsubst/update_files @@ -0,0 +1,27 @@ +#!/bin/sh +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +if [ "$1" == "y" ] && [ "$3" == "..data" ]; then + echo "$(date) | INFO | Configmap has been reloaded" + cd /config-input + for file in $(ls -1); do + if [ "$file" -nt "/config/$file" ]; then + echo "$(date) | INFO | Templating /config/$file" + envsubst <$file >/config/$file + fi + done +fi diff --git a/kubernetes/a1policymanagement/templates/deployment.yaml b/kubernetes/a1policymanagement/templates/deployment.yaml index 6987bd41c5..1a2866b981 100644 --- a/kubernetes/a1policymanagement/templates/deployment.yaml +++ b/kubernetes/a1policymanagement/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* ################################################################################ # Copyright (c) 2020 Nordix Foundation. # +# Copyright © 2020 Samsung Electronics, Modifications # # # # Licensed under the Apache License, Version 2.0 (the "License"); # # you may not use this file except in compliance with the License. # @@ -27,14 +28,14 @@ spec: labels: {{- include "common.labels" . | nindent 8 }} spec: initContainers: - - name: {{ include "common.name" . }}-update-config + - name: {{ include "common.name" . }}-bootstrap-config image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - sh args: - -c - - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; chmod o+w /config/${PFILE}; done" env: - name: A1CONTROLLER_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }} @@ -46,6 +47,29 @@ spec: - mountPath: /config name: config containers: + - name: {{ include "common.name" . }}-update-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + runAsGroup: {{ .Values.groupID }} + runAsUser: {{ .Values.userID }} + runAsNonRoot: true + command: + - sh + args: + - /tmp/scripts/daemon.sh + env: + - name: A1CONTROLLER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }} + - name: A1CONTROLLER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /tmp/scripts + name: {{ include "common.fullname" . }}-envsubst-scripts + - mountPath: /config-input + name: {{ include "common.fullname" . }}-policy-conf-input + - mountPath: /config + name: config - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -70,6 +94,10 @@ spec: - name: {{ include "common.fullname" . }}-policy-conf-input configMap: name: {{ include "common.fullname" . }}-policy-conf + defaultMode: 0555 + - name: {{ include "common.fullname" . }}-envsubst-scripts + configMap: + name: {{ include "common.fullname" . }}-envsubst-scripts - name: config emptyDir: medium: Memory diff --git a/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml b/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml new file mode 100644 index 0000000000..99449638f4 --- /dev/null +++ b/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml @@ -0,0 +1,23 @@ +{{/* +################################################################################ +# Copyright © 2020 Samsung Electronics # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} + name: {{ include "common.fullname" . }}-envsubst-scripts +data: +{{ tpl (.Files.Glob "resources/envsubst/*").AsConfig . | indent 2 }} diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml index 21a86a0fe1..2f45e41648 100644 --- a/kubernetes/a1policymanagement/values.yaml +++ b/kubernetes/a1policymanagement/values.yaml @@ -1,5 +1,6 @@ ################################################################################ # Copyright (c) 2020 Nordix Foundation. # +# Copyright © 2020 Samsung Electronics, Modifications # # # # Licensed under the Apache License, Version 2.0 (the "License"); # # you may not use this file except in compliance with the License. # @@ -19,7 +20,7 @@ global: nodePortPrefix: 300 - envsubstImage: dibi/envsubst + envsubstImage: dibi/envsubst:1 secrets: - uid: controller-secret @@ -31,6 +32,8 @@ secrets: repository: nexus3.onap.org:10001 image: onap/ccsdk-oran-a1policymanagementservice:1.0.1 +userID: 1000 #Should match with image-defined user ID +groupID: 999 #Should match with image-defined group ID pullPolicy: IfNotPresent replicaCount: 1 diff --git a/kubernetes/clamp/components/clamp-backend/values.yaml b/kubernetes/clamp/components/clamp-backend/values.yaml index 6478809cbc..5e3102e2b3 100644 --- a/kubernetes/clamp/components/clamp-backend/values.yaml +++ b/kubernetes/clamp/components/clamp-backend/values.yaml @@ -66,7 +66,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-backend:5.1.4 +image: onap/clamp-backend:5.1.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml index 9dcad58839..34ab79f73a 100644 --- a/kubernetes/clamp/values.yaml +++ b/kubernetes/clamp/values.yaml @@ -93,7 +93,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-frontend:5.1.4 +image: onap/clamp-frontend:5.1.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/consul/templates/deployment.yaml b/kubernetes/consul/templates/deployment.yaml index 6f1c57967f..51c6eb72d5 100644 --- a/kubernetes/consul/templates/deployment.yaml +++ b/kubernetes/consul/templates/deployment.yaml @@ -39,34 +39,15 @@ spec: spec: imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - initContainers: - - name: {{ include "common.name" . }}-chown - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} - command: - - sh - args: - - -c - - | - cp -r -L /tmp/consul/config/* /consul/config/ - chown -R {{ .Values.consulUID }}:{{ .Values.consulGID }} /consul/config - ls -la /consul/config - volumeMounts: - - mountPath: /tmp/consul/config - name: consul-agent-config - - mountPath: /consul/config - name: consul-agent-config-dir containers: - image: "{{ include "common.repository" . }}/{{ .Values.image }}" command: - - sh - args: - - /usr/local/bin/docker-entrypoint.sh - - agent - - -client - - 0.0.0.0 - - -enable-script-checks - - -retry-join - - {{ .Values.consulServer.nameOverride }} + - /bin/sh + - "-c" + - | + apk update && apk add jq + cp /tmp/consul/config/* /consul/config + /usr/local/bin/docker-entrypoint.sh agent -client 0.0.0.0 -enable-script-checks -retry-join {{ .Values.consulServer.nameOverride }} name: {{ include "common.name" . }} env: - name: SDNC_ODL_COUNT @@ -74,16 +55,14 @@ spec: - name: SDNC_IS_PRIMARY_CLUSTER value: "{{ .Values.sdnc.config.isPrimaryCluster }}" volumeMounts: - - mountPath: /consul/config - name: consul-agent-config-dir + - mountPath: /tmp/consul/config + name: consul-agent-config - mountPath: /consul/scripts name: consul-agent-scripts-config - mountPath: /consul/certs name: consul-agent-certs-config resources: {{ include "common.resources" . | nindent 10 }} volumes: - - name: consul-agent-config-dir - emptyDir: {} - configMap: name: {{ include "common.fullname" . }}-configmap name: consul-agent-config diff --git a/kubernetes/consul/values.yaml b/kubernetes/consul/values.yaml index 8f17dc637f..512c4c3dac 100644 --- a/kubernetes/consul/values.yaml +++ b/kubernetes/consul/values.yaml @@ -20,24 +20,19 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 - busyboxRepository: registry.hub.docker.com - busyboxImage: library/busybox:latest ################################################################# # Application configuration defaults. ################################################################# # application image repository: docker.io -image: oomk8s/consul:2.0.0 +image: oomk8s/consul:1.0.0 pullPolicy: Always #subchart name consulServer: nameOverride: consul-server -consulUID: 100 -consulGID: 1000 - # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml index 3034366b1a..55de54febf 100644 --- a/kubernetes/contrib/components/ejbca/templates/deployment.yaml +++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml @@ -89,6 +89,7 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} + resources: {{ include "common.resources" . | nindent 10 }} volumes: - configMap: name: "{{ include "common.fullname" . }}-config-script" diff --git a/kubernetes/contrib/components/ejbca/values.yaml b/kubernetes/contrib/components/ejbca/values.yaml index 1a9a34bcd1..35160e4b13 100644 --- a/kubernetes/contrib/components/ejbca/values.yaml +++ b/kubernetes/contrib/components/ejbca/values.yaml @@ -13,7 +13,7 @@ # limitations under the License. global: readinessImage: onap/oom/readiness:3.0.1 - mariadbGalera: &mariadbGalera + mariadbGalera: &mariadbGalera #This flag allows EJBCA to instantiate its own mariadb-galera cluster localCluster: false service: mariadb-galera @@ -104,3 +104,23 @@ service: port: 8443 plain_port: 8080 port_protocol: http + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 1500m + memory: 1536Mi + requests: + cpu: 10m + memory: 750Mi + large: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 20m + memory: 1Gi + unlimited: {} diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml index 9c910badfa..388c1abb88 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml @@ -101,7 +101,7 @@ config: flavor: small repository: nexus3.onap.org:10001 -image: onap/modeling/etsicatalog:1.0.8 +image: onap/modeling/etsicatalog:1.0.9 initImage: busybox:latest pullPolicy: Always |