diff options
25 files changed, 447 insertions, 382 deletions
diff --git a/kubernetes/common/etcd-init/.helmignore b/kubernetes/common/etcd-init/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/common/etcd-init/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/common/etcd-init/Chart.yaml b/kubernetes/common/etcd-init/Chart.yaml new file mode 100644 index 0000000000..20f5ac40cc --- /dev/null +++ b/kubernetes/common/etcd-init/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright (C) 2021 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Chart for etcd init job +name: etcd-init +version: 8.0.0 diff --git a/kubernetes/common/etcd-init/requirements.yaml b/kubernetes/common/etcd-init/requirements.yaml new file mode 100644 index 0000000000..008789b822 --- /dev/null +++ b/kubernetes/common/etcd-init/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright (C) 2021 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~8.x-0 + repository: 'file://../common' + - name: repositoryGenerator + version: ~8.x-0 + repository: 'file://../repositoryGenerator' diff --git a/kubernetes/common/etcd-init/templates/job.yaml b/kubernetes/common/etcd-init/templates/job.yaml new file mode 100644 index 0000000000..69bcfaaf99 --- /dev/null +++ b/kubernetes/common/etcd-init/templates/job.yaml @@ -0,0 +1,104 @@ +{{/* +# Copyright (C) 2021 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-job + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + backoffLimit: {{ .Values.backoffLimit }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + spec: + initContainers: + - name: {{ include "common.name" . }}-readiness + command: + - /app/ready.py + args: + - --container-name + - {{ .Values.etcd.containerName }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + - -ec + - | + # Create users + export ETCDCTL_ENDPOINTS=http://${ETCD_HOST}:${ETCD_PORT} + export ETCDCTL_API=3 + echo "${ROOT_PASSWORD}" | etcdctl user add root --interactive=false + echo "${APP_PASSWORD}" | etcdctl user add ${APP_USER} --interactive=false + + # Create roles + etcdctl role add ${APP_ROLE} + etcdctl role grant-permission ${APP_ROLE} --prefix=true readwrite ${KEY_PREFIX} + + etcdctl user grant-role ${APP_USER} ${APP_ROLE} + etcdctl auth enable + env: + - name: ALLOW_NONE_AUTHENTICATION + value: "yes" + - name: ETCD_HOST + value: "{{ .Values.etcd.serviceName }}.{{ include "common.namespace" . }}" + - name: ETCD_PORT + value: "{{ .Values.etcd.port }}" + - name: ROOT_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" "password" ) | indent 10 }} + - name: APP_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-creds" "key" "login") | indent 10 }} + - name: APP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-creds" "key" "password") | indent 10 }} + - name: APP_ROLE + value: "{{ .Values.config.appRole }}" + - name: KEY_PREFIX + value: "{{ .Values.config.keyPrefix }}" + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + restartPolicy: Never + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/etcd-init/templates/secret.yaml b/kubernetes/common/etcd-init/templates/secret.yaml new file mode 100644 index 0000000000..e874185693 --- /dev/null +++ b/kubernetes/common/etcd-init/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright (C) 2021 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/etcd-init/values.yaml b/kubernetes/common/etcd-init/values.yaml new file mode 100644 index 0000000000..c99c9f1e5b --- /dev/null +++ b/kubernetes/common/etcd-init/values.yaml @@ -0,0 +1,74 @@ +# Copyright (C) 2021 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: {} + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: root-password + type: password + externalSecret: '{{ tpl (default "" .Values.config.userRootSecret) . }}' + password: '{{ .Values.config.userRootPassword }}' + - uid: app-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.appUser }}' + password: '{{ .Values.config.appPassword }}' + +################################################################# +# Application configuration defaults. +################################################################# + +image: bitnami/etcd:3.3.15 +pullPolicy: Always +backoffLimit: 20 + +nodeSelector: {} + +affinity: {} + +etcd: + serviceName: k8s-etcd + port : 2379 + containerName: k8s-etcd + +config: + userRootSecret: root +# userCredentialsExternalSecret: + appUser: user + appRole: role + keyPrefix: key + +flavor: small +resources: + small: + limits: + cpu: 100m + memory: 500Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 20m + memory: 20Mi + unlimited: {} diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index a343d4fce5..48c8b6d0cc 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -49,7 +49,7 @@ spec: {{ toYaml .Values.tolerations | indent 8 }} {{- end }} containers: - - name: {{ include "common.fullname" . }} + - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.googleK8sRepository" . }}/{{ .Values.image }} imagePullPolicy: "{{ .Values.pullPolicy }}" ports: diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml index 491250c72a..ba4a657c1a 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml @@ -55,21 +55,6 @@ spec: image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - name: {{ include "common.name" . }}-onboard-readiness - command: - - /app/ready.py - args: - - -j - - "{{ include "common.release" . }}-oof-has-onboard" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - name: {{ include "common.name" . }}-has-sms-readiness command: - sh @@ -94,7 +79,7 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/bin/bash","-c"] + command: ["/bin/sh","-c"] args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"] ports: - containerPort: {{ .Values.uwsgi.internalPort }} @@ -112,7 +97,7 @@ spec: port: {{ .Values.uwsgi.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - env: + env: {{ include "oof.etcd.env" . | nindent 10 }} volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml index d6743cdfda..63461d9c83 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml @@ -16,7 +16,7 @@ global: # global defaults nodePortPrefix: 302 image: - optf_has: onap/optf-has:2.1.5 + optf_has: onap/optf-has:2.2.0 ################################################################# # secrets metaconfig @@ -26,6 +26,18 @@ secrets: externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' type: generic filePaths: '{{ .Values.secretsFilePaths }}' + - uid: oof-has-etcd-secret + name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.etcd.appUser }}' + password: '{{ .Values.config.etcd.appPassword }}' + passwordPolicy: required + +config: + etcd: + appUser: user + appPassword: pass service: type: NodePort diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml index 8e0ff1aeb5..895a305b53 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml @@ -41,8 +41,8 @@ spec: command: - /app/ready.py args: - - --container-name - - music-springboot + - --job-name + - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job - --container-name - aaf-sms env: @@ -54,21 +54,6 @@ spec: image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - name: {{ include "common.name" . }}-onboard-readiness - command: - - /app/ready.py - args: - - -j - - "{{ include "common.release" . }}-oof-has-onboard" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - name: {{ include "common.name" . }}-cont-sms-readiness command: - sh @@ -114,7 +99,7 @@ spec: - /usr/local/bin/healthy.sh initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - env: + env: {{ include "oof.etcd.env" . | nindent 10 }} volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml index 3cbf96adc1..9e799e1045 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.5 + optf_has: onap/optf-has:2.2.0 ################################################################# # Secrets metaconfig @@ -24,6 +24,18 @@ secrets: externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' type: generic filePaths: '{{ .Values.secretsFilePaths }}' + - uid: oof-has-etcd-secret + name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.etcd.appUser }}' + password: '{{ .Values.config.etcd.appPassword }}' + passwordPolicy: required + +config: + etcd: + appUser: user + appPassword: pass ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml index f4ccd57773..cc4eaf08b9 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml @@ -41,38 +41,8 @@ spec: command: - /app/ready.py args: - - --container-name - - music-springboot - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - - name: {{ include "common.name" . }}-onboard-readiness - command: - - /app/ready.py - args: - - -j - - "{{ include "common.release" . }}-oof-has-onboard" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - - name: {{ include "common.name" . }}-health-readiness - command: - - /app/ready.py - args: - - -j - - "{{ include "common.release" . }}-oof-has-healthcheck" + - --job-name + - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job env: - name: NAMESPACE valueFrom: @@ -128,7 +98,7 @@ spec: - /usr/local/bin/healthy.sh initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - env: + env: {{ include "oof.etcd.env" . | nindent 10 }} volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml index 0940a9db39..915ffc019f 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.5 + optf_has: onap/optf-has:2.2.0 ################################################################# # secrets metaconfig @@ -24,6 +24,18 @@ secrets: externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' type: generic filePaths: '{{ .Values.secretsFilePaths }}' + - uid: oof-has-etcd-secret + name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.etcd.appUser }}' + password: '{{ .Values.config.etcd.appPassword }}' + passwordPolicy: required + +config: + etcd: + appUser: user + appPassword: pass ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml index 4d04b6fe76..095162bea2 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml @@ -41,38 +41,8 @@ spec: command: - /app/ready.py args: - - --container-name - - music-springboot - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - - name: {{ include "common.name" . }}-onboard-readiness - command: - - /app/ready.py - args: - - -j - - "{{ include "common.release" . }}-oof-has-onboard" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - - name: {{ include "common.name" . }}-health-readiness - command: - - /app/ready.py - args: - - -j - - "{{ include "common.release" . }}-oof-has-healthcheck" + - --job-name + - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job env: - name: NAMESPACE valueFrom: @@ -128,7 +98,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} {{ end -}} - env: + env: {{ include "oof.etcd.env" . | nindent 10 }} volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml index 0940a9db39..915ffc019f 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.5 + optf_has: onap/optf-has:2.2.0 ################################################################# # secrets metaconfig @@ -24,6 +24,18 @@ secrets: externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' type: generic filePaths: '{{ .Values.secretsFilePaths }}' + - uid: oof-has-etcd-secret + name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.etcd.appUser }}' + password: '{{ .Values.config.etcd.appPassword }}' + passwordPolicy: required + +config: + etcd: + appUser: user + appPassword: pass ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml index 6079dcfd6e..d664ca0875 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml @@ -41,38 +41,8 @@ spec: command: - /app/ready.py args: - - --container-name - - music-springboot - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - - name: {{ include "common.name" . }}-onboard-readiness - command: - - /app/ready.py - args: - - -j - - "{{ include "common.release" . }}-oof-has-onboard" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - - name: {{ include "common.name" . }}-health-readiness - command: - - /app/ready.py - args: - - -j - - "{{ include "common.release" . }}-oof-has-healthcheck" + - --job-name + - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job env: - name: NAMESPACE valueFrom: @@ -128,7 +98,7 @@ spec: - /usr/local/bin/healthy.sh initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - env: + env: {{ include "oof.etcd.env" . | nindent 10 }} volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml index 0940a9db39..915ffc019f 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.5 + optf_has: onap/optf-has:2.2.0 ################################################################# # secrets metaconfig @@ -24,6 +24,18 @@ secrets: externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' type: generic filePaths: '{{ .Values.secretsFilePaths }}' + - uid: oof-has-etcd-secret + name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.etcd.appUser }}' + password: '{{ .Values.config.etcd.appPassword }}' + passwordPolicy: required + +config: + etcd: + appUser: user + appPassword: pass ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/requirements.yaml b/kubernetes/oof/components/oof-has/requirements.yaml index 851211a1fb..7310aac8d0 100755 --- a/kubernetes/oof/components/oof-has/requirements.yaml +++ b/kubernetes/oof/components/oof-has/requirements.yaml @@ -20,6 +20,15 @@ dependencies: - name: music version: ~8.x-0 repository: '@local' + condition: music.enabled + - name: etcd + version: ~8.x-0 + repository: '@local' + condition: etcd.enabled + - name: etcd-init + version: ~8.x-0 + repository: '@local' + condition: etcd-init.enabled - name: oof-has-api version: ~8.x-0 repository: 'file://components/oof-has-api' diff --git a/kubernetes/oof/components/oof-has/resources/config/conductor.conf b/kubernetes/oof/components/oof-has/resources/config/conductor.conf index ded979c4fc..18b60bba4a 100755 --- a/kubernetes/oof/components/oof-has/resources/config/conductor.conf +++ b/kubernetes/oof/components/oof-has/resources/config/conductor.conf @@ -424,6 +424,30 @@ server_url = http://{{.Values.config.msb.serviceName}}.{{ include "common.namesp #server_url_version = v0 +[db_options] + +# db_backend to use +db_backend = {{.Values.config.dbBackend}} + +# Use music mock api +music_mock = False + + +[etcd_api] + +# host/ip address of etcd server +host = {{.Values.config.etcd.serviceName}}.{{ include "common.namespace" . }} + +# port of etcd server +port = {{.Values.config.etcd.port}} + +# username for etcd authentication +username = + +# password for etcd authentication +password = + + [music_api] # diff --git a/kubernetes/oof/components/oof-has/resources/config/healthcheck.json b/kubernetes/oof/components/oof-has/resources/config/healthcheck.json deleted file mode 100755 index 833fa0f5d9..0000000000 --- a/kubernetes/oof/components/oof-has/resources/config/healthcheck.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "consistencyInfo": { - "type": "eventual" - }, - "values": { - "id": "healthcheck", - "created": 1479482603641, - "message": "", - "name": "foo", - "recommend_max": 1, - "solution": "{\"healthcheck\": \" healthcheck\"}", - "status": "solved", - "template": "{\"healthcheck\": \"healthcheck\"}", - "timeout": 3600, - "translation": "{\"healthcheck\": \" healthcheck\"}", - "updated": 1484324150629 - } -} diff --git a/kubernetes/oof/components/oof-has/resources/config/onboard.json b/kubernetes/oof/components/oof-has/resources/config/onboard.json deleted file mode 100755 index 2c3d69be8d..0000000000 --- a/kubernetes/oof/components/oof-has/resources/config/onboard.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "appname": "conductor", - "userId": "conductor", - "isAAF": "false", - "password": "c0nduct0r" -} diff --git a/kubernetes/oof/components/oof-has/templates/job-healthcheck.yaml b/kubernetes/oof/components/oof-has/templates/job-healthcheck.yaml deleted file mode 100755 index 49406ba423..0000000000 --- a/kubernetes/oof/components/oof-has/templates/job-healthcheck.yaml +++ /dev/null @@ -1,100 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.fullname" . }}-healthcheck - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - --container-name - - oof-has-api - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - containers: - - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-healthcheck - command: - - "/bin/sh" - - "-c" - - | - echo "INSERT HEALTHCHECK PLAN"; - sleep 15; - resp="FAILURE"; - until [ $resp = "200" ]; do - resp=$(curl -k -s -o /dev/null --write-out %{http_code} -X POST https://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/keyspaces/conductor/tables/plans/rows?id=healthcheck \ - -H "Content-Type: application/json" \ - -H "ns: conductor" \ - -H "Authorization: Basic Y29uZHVjdG9yOmMwbmR1Y3Qwcg==" \ - --data @healthcheck.json); - echo $resp; - sleep 2; - done; - workingDir: /has - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /has/healthcheck.json - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: healthcheck.json - resources: -{{ include "common.resources" . | indent 10 }} - nodeSelector: - {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ .Values.global.commonConfigPrefix }}-config - configMap: - name: {{ .Values.global.commonConfigPrefix }}-configmap - items: - - key: healthcheck.json - path: healthcheck.json - restartPolicy: OnFailure - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/templates/job-onboard.yaml b/kubernetes/oof/components/oof-has/templates/job-onboard.yaml deleted file mode 100755 index e63aeb369a..0000000000 --- a/kubernetes/oof/components/oof-has/templates/job-onboard.yaml +++ /dev/null @@ -1,105 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.fullname" . }}-onboard - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - --container-name - - "music-springboot" - - --container-name - - "music-cassandra" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - command: - - /app/ready.py - args: - - -j - - "{{ include "common.release" . }}-music-cassandra-config" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-music-db-readiness - containers: - - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-onboard - command: - - "/bin/sh" - - "-c" - - | - echo "job-onboard" - workingDir: /has - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /has/onboard.json - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: onboard.json - resources: -{{ include "common.resources" . | indent 10 }} - nodeSelector: - {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ .Values.global.commonConfigPrefix }}-config - configMap: - name: {{ .Values.global.commonConfigPrefix }}-configmap - items: - - key: onboard.json - path: onboard.json - restartPolicy: OnFailure - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml index 3615a3bd33..9a8b60574e 100755 --- a/kubernetes/oof/components/oof-has/values.yaml +++ b/kubernetes/oof/components/oof-has/values.yaml @@ -19,7 +19,7 @@ global: commonConfigPrefix: onap-oof-has image: - optf_has: onap/optf-has:2.1.5 + optf_has: onap/optf-has:2.2.0 persistence: enabled: true @@ -32,11 +32,24 @@ secrets: externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' type: generic filePaths: '{{ .Values.secretsFilePaths }}' + - uid: oof-has-etcd-root-password + name: &root-password '{{ include "common.release" . }}-has-etcd-root-password' + type: password + password: '{{ .Values.config.etcd.rootPassword }}' + policy: generate + - uid: oof-has-etcd-secret + name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.etcd.appUser }}' + password: '{{ .Values.config.etcd.appPassword }}' + passwordPolicy: generate pullPolicy: Always nodePortPrefix: 302 dataRootDir: /dockerdata-nfs config: + dbBackend: etcd aaf: serviceName: aaf-service port: 8100 @@ -58,6 +71,13 @@ config: cps: service: cps-tbdmt port: 8080 + etcd: + serviceName: &etcd-service oof-has-etcd + port: 2379 + appUser: conductor +# rootPassword: +# appPassword: +# userCredentialsExternalSecret: # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) @@ -79,19 +99,59 @@ resources: unlimited: {} #component overrides -oof-has-api: +oof-has-api: &has-config enabled: true certSecret: *oof-certs -oof-has-controller: - enabled: true - certSecret: *oof-certs -oof-has-data: - enabled: true - certSecret: *oof-certs -oof-has-reservation: - enabled: true - certSecret: *oof-certs -oof-has-solver: + config: + etcd: + userCredentialsExternalSecret: *user-creds + configJobNameOverride: &job-name oof-has-etcd-config +oof-has-controller: *has-config +oof-has-data: *has-config +oof-has-reservation: *has-config +oof-has-solver: *has-config +music: + enabled: false + +#etcd subchart configurations +etcd: enabled: true - certSecret: *oof-certs + replicaCount: 3 + nameOverride: &etcd-container oof-has-etcd + service: + name: *etcd-service + persistence: + mountSubPath: oof/etcd/data + enabled: true + flavor: &etcd-flavor large + resources: &etcd-resources + small: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 10m + memory: 75Mi + large: + limits: + cpu: 200m + memory: 1Gi + requests: + cpu: 50m + memory: 300Mi + unlimited: {} +etcd-init: + enabled: true + nameOverride: *job-name + etcd: + serviceName: *etcd-service + port : 2379 + containerName: *etcd-container + config: + userRootSecret: *root-password + userCredentialsExternalSecret: *user-creds + appRole: conductor + keyPrefix: conductor + flavor: *etcd-flavor + resources: *etcd-resources diff --git a/kubernetes/oof/components/oof-templates/templates/_secret.tpl b/kubernetes/oof/components/oof-templates/templates/_secret.tpl new file mode 100644 index 0000000000..0b04f7120b --- /dev/null +++ b/kubernetes/oof/components/oof-templates/templates/_secret.tpl @@ -0,0 +1,6 @@ +{{- define "oof.etcd.env" -}} +- name: OS_ETCD_API__USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-has-etcd-secret" "key" "login") | indent 2 }} +- name: OS_ETCD_API__PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-has-etcd-secret" "key" "password") | indent 2 }} +{{- end -}}
\ No newline at end of file |