diff options
| -rw-r--r-- | kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks | bin | 4087 -> 4067 bytes | |||
| -rw-r--r-- | kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks | bin | 4126 -> 4110 bytes | |||
| -rw-r--r-- | kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 | bin | 4691 -> 4683 bytes | |||
| -rw-r--r-- | kubernetes/aaf/components/aaf-cert-service/resources/root.crt | 61 | ||||
| -rw-r--r-- | kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks | bin | 1722 -> 1730 bytes | |||
| -rw-r--r-- | kubernetes/common/mariadb-galera/resources/post-upgrade-script.sh | 120 | ||||
| -rw-r--r-- | kubernetes/common/mariadb-galera/templates/job.yaml | 2 | ||||
| -rw-r--r-- | kubernetes/common/network-name-gen/templates/deployment.yaml | 5 |
8 files changed, 155 insertions, 33 deletions
diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks Binary files differindex f24908c55d..d32eb887e5 100644 --- a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks +++ b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks Binary files differindex 89605b6b7a..c8f4e9cfaf 100644 --- a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks +++ b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 Binary files differindex 2106c817ef..f6cf008c24 100644 --- a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 +++ b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/root.crt b/kubernetes/aaf/components/aaf-cert-service/resources/root.crt index faeee81357..41c34cd18c 100644 --- a/kubernetes/aaf/components/aaf-cert-service/resources/root.crt +++ b/kubernetes/aaf/components/aaf-cert-service/resources/root.crt @@ -1,32 +1,33 @@ -----BEGIN CERTIFICATE----- -MIIFlDCCA3ygAwIBAgIETsAy8jANBgkqhkiG9w0BAQwFADByMQswCQYDVQQGEwJQ
-TDEUMBIGA1UECBMLRG9sbnkgU2xhc2sxEDAOBgNVBAcTB1dyb2NsYXcxFTATBgNV
-BAoTDFJvb3QgQ29tcGFueTERMA8GA1UECxMIUm9vdCBPcmcxETAPBgNVBAMTCHJv
-b3QuY29tMB4XDTIwMDQwMzA5MTYxNloXDTMwMDQwMTA5MTYxNlowcjELMAkGA1UE
-BhMCUEwxFDASBgNVBAgTC0RvbG55IFNsYXNrMRAwDgYDVQQHEwdXcm9jbGF3MRUw
-EwYDVQQKEwxSb290IENvbXBhbnkxETAPBgNVBAsTCFJvb3QgT3JnMREwDwYDVQQD
-Ewhyb290LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAImm68wu
-rtdkVrC5JI2y53+DoVE4al7NxC2yHeVW0PRD3CgW1xba6dlSQoDQQKkDkxtuNhlU
-IQxU1bbKR6syqJgpJXwSDx4sl4J5lQGWN+iuNA72C1IyXATOgowGq6PbOVVTkApy
-3+ZZGBCmweTjhvddAO7k5p8v+ePt17VvBTxSt6rSvrkGMbpCxBGAPfGpL9xykm9Z
-okVSlA42gGhbra499QTT0Yc/WPPFotKkDKFGaDrLW3NYX1Lio11myYNvLOMwfSEV
-Xy9vkwxcdqFJpHjx+EVLLQXwkudZP+D53N4bk8nP3SacbZSQ/A85mZpWNtw+r9QL
-fZGecY1YIR0udLj66CIG3ybl3gSXX7TSRERTIMR6Um1lt+039FSa18mRBpQTCDXV
-tSL58Qs5BHFkCe0sGpY+XiSEypc6oYPf/7YjiTvMT/mHhDffrvFjhK+wP/oCIg8u
-vuPRoPWuyw41bBeFGitJgDn7E8p9B4K/1DCO/ZcjXiYMgn5Hwb3ojablYUeiXs99
-2AAV8gCceUCdgcP8d6wdAydOVljavkgHPG0IMbiVG1WT57oM3HQpejgpujlKDDsI
-bi9/lbcC/U0JoN9yAaJZFr7CXJrxRv8DWeTwzMTo203KHNu9roQiERd38P8Dp6AQ
-ivmqf0+0VZM3IpjWBYKM68tclHJcG+7wyFjvAgMBAAGjMjAwMB0GA1UdDgQWBBSN
-lFyR56zh67mnvYTmmgJQVxEJrjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
-DAUAA4ICAQBczmFY0kmr1FK50glkT282ur0vukNtwXQNJONof3rYRqP2W98jID6D
-ayma0B4/H1EqCa0d66wRBxFdwW+MqOc4uWD3uUwgazrYD/Bv+V3aumaw8yX6vbyL
-hLNfpd4pViAEGtzYxYfMfFR6uzInF3NMpvt8OXCSGKiQjDMnMs0ekvUZLJm7yxwT
-Qr9aAEFYQYM/GstUC6qFfuUa4MaGvmyKWhZ10JoKXYbGGeFU4wI7Kzifh3VvawTg
-r314ZvQ3zpEwzNJpdvT5ZKuPvyN+drAKFpSPfOTFmmb3uF95FgYq33OFPpo7SR43
-tnw5u5YqKnsHmqCIRMctWiYZc8rBJ3+eBGmke6z/AN6FraG6Ejc8e4WPclrB8STb
-+oB3a4Cvri1VHyodkm50Sb/d1FAMDXvzEPBfu2D0dVvOwOcISSN/MQUom8NN4YeI
-aEATdAPNkokgehOzZ1OPRv47FKYEVPCXjaZEWAC7NNmNiRn4RQOti0DlNrLL7Nx9
-vK09G0EnW01MO2ARRkZ3dog+Ph7orJQV3sd7TO4EEortqWtbegSH75ylyYw6rt/j
-uBzYtMOnEtnQKhxj4Wj7PO+StCgspoOByn0d+iSgDd2TlpWm4naP2pfFZT0R+TOH
-wzSH0F47TSfRd0++uEz/QhViybrvQK7yMt1G1YwZp2im+imuWwUC8Q== +MIIFnjCCA4agAwIBAgIEME0OlzANBgkqhkiG9w0BAQwFADB3MQswCQYDVQQGEwJV
+UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZyYW5jaXNjbzEZ
+MBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05BUDERMA8GA1UE
+AxMIb25hcC5vcmcwHhcNMjAwNzA4MTIzMjM4WhcNMjEwNzA4MTIzMjM4WjB3MQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZy
+YW5jaXNjbzEZMBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05B
+UDERMA8GA1UEAxMIb25hcC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQCSOtWaxbK6xUflOCynK93ukBJ00PwxJ4MuuXUuJNr9bnf2gsHnGrfwTftW
+ktqutTC0DquXxVM6WsoxQZQ0fBcxOFFeptWzMOwgZLmVu0AwyY6uu26s8GEYDQh+
+artB9ojCSe5m/4r6vaUB69/wt33rIY0qykkXOZ88sIoRrFBbdRGO7XmIeTOayg4N
+LmtvsbRh5QZpxYYcdjzkabZOhcO68KEVvbTWiDA4s67wircH+KrImPfsx1LZ1IHB
+y7LM/p8fb5ELQCaOT+F+cqUsXrRih2s4paVJuNbxyRsEMG8H0L/8/jWLzfS+Vf19
+SjATd54wTOvzpIYlOePtkuTNaZS+5k+FSWMkLTc/I6Fu/qp1mQfQBZoiWtlth8Wr
+695B3mdJke1Up++HByz5OyVq5rkAO8TbqqsMqnyZxPfg2x+SXu2BghugB+A+uWum
+hciSiSMjMEyrGy8Fc8gkKm3zwpEufQ+GijP0JyC3Cl5A36JsFBugsy1DZqUXAqZ1
+LEHuDvJ08HgXcdZA9m8NmRsahYkfAIuSaTxo7NCmpbEJ91VmZsQXxM0pQSbBMXUJ
+I51inIDeScdyooamQWKDoFqeMfnLo0g53xbdS14jNj3aNC1zAoMIxvx9eoEwEqvQ
+Cb2LhAyOqbbwYXvwolDw5C2lgiMF2n9GhtOxVB+oXO/+6FC4sQIDAQABozIwMDAd
+BgNVHQ4EFgQUZnohC3x+LwsiB8Qwx2wssx7qNxgwDwYDVR0TAQH/BAUwAwEB/zAN
+BgkqhkiG9w0BAQwFAAOCAgEAUDcyvn1EcR6gULjX10sjYbnBej/dcyQy9sMgs9bz
+7ypJ6RTUOujBHBx7OIuIpLLVSow4pCJiM9Qxn/DSlWA/G1YK1g3/BdtNDhiOy+Bw
+SkofSJ+HY8ljDWXlONHvSH0gXEqm4MBoV1nOSHNXyYA4ITtX98UsN0xx4T531o06
+X8IPagCz2DHPMYVxyjJdWhl9VEWo9BmOmxkXXjAEn93ege/WJ/23GAyEyrAlWgiC
+glrvGWQy90PNMS+Z7JfMcHEn76d0Am9goIkhg+jGQwUlPCUxFzaWdH5903S6qQqI
+B1X1YGCKWcM5h9DetUdNqS4sv/msVzG3h5Z3UzXDNIKibH04B0ibeybrq+OHIxbS
+GAXYIScGEqrldG2FTC/C0ybg9juOxrrThrjas2rmvXpLRbbhoYl0LZS7+ZSXT3+a
+pFC1FXJyy45Uf0ulBB4vEeO8CQbSrPKus+H65+dJsrvi3yX7SuCLr6Ob7aLvJmQk
+h1fiXGeHnD5oMtGksC9cXdym62ec7VRvX+KiD6BBNOfuo/3bi7Dz3xzsjQc8O4bz
+hb7oLHHUwRkzT9DmQT9l3+vohnzlxf+G+/8FXwjZh+/2PzbDfRrmAIp8sZYWv1Q1
+OMh02nlLk2xq9fAgER0xKWnIsPdjQo3tP3fREmOYtHNvlZzyBswZ6PfOLC/fW3BH
+WO8= -----END CERTIFICATE----- diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks Binary files differindex c32d37fd9d..4dd41f287a 100644 --- a/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks +++ b/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks diff --git a/kubernetes/common/mariadb-galera/resources/post-upgrade-script.sh b/kubernetes/common/mariadb-galera/resources/post-upgrade-script.sh index 132ac27ea2..ec09df3a86 100644 --- a/kubernetes/common/mariadb-galera/resources/post-upgrade-script.sh +++ b/kubernetes/common/mariadb-galera/resources/post-upgrade-script.sh @@ -20,7 +20,123 @@ kubectl patch secret $FLAG_EX_ROOT_SEC -p \ kubectl patch secret $FLAG_EX_SEC -p \ '{"data":{"password":"'"$tmp_MYSQL_PASSWORD"'"}}' -kubectl delete pod -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 --now +MYSQL_USER=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- printenv MYSQL_USER) + +MYSQL_PASSWORD=$(echo -n $(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- printenv MYSQL_PASSWORD)) + +MYSQL_ROOT_PASSWORD=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- printenv MYSQL_ROOT_PASSWORD) + +CURRENT_STS_REPLICA=$(kubectl get statefulsets -n $NAMESPACE_ENV \ + {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}') + +DEPLOYMENT_REPLICA=$(kubectl get deployment -n $NAMESPACE_ENV \ + {{ include "common.fullname" . }}-upgrade-deployment -o \ + jsonpath='{.status.replicas}') + +if [[ $CURRENT_STS_REPLICA == "0" ]] +then + echo "Seems there was no upgrade of cluster and we will scale up cluster replicas back to $REPLICA_COUNT now" + kubectl scale statefulsets {{ include "common.fullname" . }} --replicas=$REPLICA_COUNT +fi + +MY_REPLICA_NUMBER=$(kubectl get statefulsets -n $NAMESPACE_ENV \ + {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}') + +while [[ ! $MY_REPLICA_NUMBER == $REPLICA_COUNT ]] +do + echo "The cluster is not scaled up to $REPLICA_COUNT yet. Please wait ..." + MY_REPLICA_NUMBER=$(kubectl get statefulsets -n $NAMESPACE_ENV \ + {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}') + echo "The current status of the cluster is $MY_REPLICA_NUMBER" + sleep 2 + if [[ $MY_REPLICA_NUMBER == $REPLICA_COUNT ]] + then + break + fi +done + +CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- \ + mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" | \ + awk '{print $2}') + +CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- \ + mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \ + | awk '{print $2}') + +while [[ ! $CLUSTER_NO == $((REPLICA_COUNT+DEPLOYMENT_REPLICA)) ]] \ + || [[ ! $CLUSTER_STATE == "Synced" ]] +do + echo "$CLUSTER_NO and $CLUSTER_STATE" + CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysql \ + --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" \ + | awk '{print $2}') + CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysql \ + --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \ + | awk '{print $2}') + sleep 2 + if [[ $CLUSTER_NO == $((REPLICA_COUNT+DEPLOYMENT_REPLICA)) ]] \ + && [[ $CLUSTER_STATE == "Synced" ]] + then + echo "The cluster has $CLUSTER_NO members and $CLUSTER_STATE state." + break + fi +done + +MYSQL_STATUS=$(kubectl exec -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 -- mysqladmin \ + -uroot -p$MYSQL_ROOT_PASSWORD ping) + +while [[ ! $MYSQL_STATUS == "mysqld is alive" ]] +do + echo "Mariadb deployment is not ready yet." + sleep 2 + MYSQL_STATUS=$(kubectl exec -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 -- mysqladmin \ + -uroot -p$MYSQL_ROOT_PASSWORD ping) + if [[ $MYSQL_STATUS == "mysqld is alive" ]] + then + echo "Mariadb deployment is ready and cluster size is $CLUSTER_NO" + break + fi +done + +echo "Deleting upgrade deployment now" + kubectl delete deployment -n $NAMESPACE_ENV {{ include "common.fullname" . }}-upgrade-deployment kubectl delete secret -n $NAMESPACE_ENV {{ include "common.fullname" . }}-temp-upgrade-root -kubectl delete secret -n $NAMESPACE_ENV {{ include "common.fullname" . }}-temp-upgrade-usercred
\ No newline at end of file +kubectl delete secret -n $NAMESPACE_ENV {{ include "common.fullname" . }}-temp-upgrade-usercred + +CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 -- \ + mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" | \ + awk '{print $2}') + +CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 -- \ + mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \ + | awk '{print $2}') + +while [[ ! $CLUSTER_NO == $REPLICA_COUNT ]] \ + || [[ ! $CLUSTER_STATE == "Synced" ]] +do + echo "$CLUSTER_NO and $CLUSTER_STATE" + CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 -- mysql \ + --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" \ + | awk '{print $2}') + CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 -- mysql \ + --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \ + | awk '{print $2}') + sleep 2 + if [[ $CLUSTER_NO == $REPLICA_COUNT ]] \ + && [[ $CLUSTER_STATE == "Synced" ]] + then + echo "The cluster has $CLUSTER_NO members and $CLUSTER_STATE state." + break + fi +done + +echo "The cluster upgrade is finished now" diff --git a/kubernetes/common/mariadb-galera/templates/job.yaml b/kubernetes/common/mariadb-galera/templates/job.yaml index cc71bb855c..db56f3e046 100644 --- a/kubernetes/common/mariadb-galera/templates/job.yaml +++ b/kubernetes/common/mariadb-galera/templates/job.yaml @@ -72,6 +72,8 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: REPLICA_COUNT + value: "{{ .Values.replicaCount }}" command: ["/bin/bash", "-c", "--"] args: ["/upgrade/post-upgrade-script.sh"] volumeMounts: diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml index b9550c7666..87dd622c35 100644 --- a/kubernetes/common/network-name-gen/templates/deployment.yaml +++ b/kubernetes/common/network-name-gen/templates/deployment.yaml @@ -14,7 +14,7 @@ # limitations under the License. */}} -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -26,6 +26,9 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} template: metadata: labels: |