diff options
Diffstat (limited to 'kubernetes/aai')
29 files changed, 386 insertions, 22 deletions
diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml index 38a4e484c3..e52ac7a6d1 100644 --- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml @@ -31,6 +31,13 @@ spec: matchLabels: app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} + strategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }} + rollingUpdate: + maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ .Values.updateStrategy.maxSurge }} + {{- end }} template: metadata: labels: diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index 3cfc8189df..ca23bc96c1 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -67,6 +67,11 @@ flavorOverride: small # default number of instances replicaCount: 1 +updateStrategy: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 1 + nodeSelector: {} affinity: {} diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties index 27606021ef..6e64fd8400 100644 --- a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties @@ -122,3 +122,8 @@ aperture.service.ssl.key-store-password=password(${KEYSTORE_JKS_PASSWORD}) aperture.service.ssl.trust-store-password=password(${TRUSTSTORE_PASSWORD}) {{ end }} aperture.service.timeout-in-milliseconds=300000 + +#To Expose the Prometheus scraping endpoint +management.port=8448 +endpoints.enabled=false +management.security.enabled=false
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml index 5241c6edf2..3e1479e335 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml @@ -143,6 +143,8 @@ spec: value: {{ .Values.service.internalPort | quote }} - name: INTERNAL_PORT_2 value: {{ .Values.service.internalPort2 | quote }} + - name: INTERNAL_PORT_3 + value: {{ .Values.service.internalPort3 | quote }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime @@ -173,6 +175,7 @@ spec: ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} + - containerPort: {{ .Values.service.internalPort3 }} lifecycle: # wait for active requests (long-running tasks) to be finished # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod. diff --git a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml index cf4655361d..6350f858f1 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml @@ -40,11 +40,16 @@ spec: - port: {{ .Values.service.internalPort2 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} name: {{ .Values.service.portName2 }} + - port: {{ .Values.service.internalPort3 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} + name: {{ .Values.service.portName3 }} {{- else -}} - port: {{ .Values.service.internalPort }} name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - port: {{ .Values.service.internalPort2 }} name: {{ .Values.service.portName2 }} + - port: {{ .Values.service.internalPort3 }} + name: {{ .Values.service.portName3 }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/servicemonitor.yaml b/kubernetes/aai/components/aai-graphadmin/templates/servicemonitor.yaml new file mode 100644 index 0000000000..c0d9f212b4 --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/templates/servicemonitor.yaml @@ -0,0 +1,3 @@ +{{- if .Values.metrics.serviceMonitor.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml index deaf26a5ab..2ac55459bb 100644 --- a/kubernetes/aai/components/aai-graphadmin/values.yaml +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -96,7 +96,7 @@ global: # global defaults # Specifies which clients should always default to realtime graph connection realtime: - clients: SDNC,MSO,SO,robot-ete + clients: SDNC,-1|MSO,-1|SO,-1|robot-ete,-1 ################################################################# # Certificate configuration @@ -240,6 +240,8 @@ service: internalPort: 8449 portName2: tcp-5005 internalPort2: 5005 + portName3: aai-graphadmin-8448 + internalPort3: 8448 terminationGracePeriodSeconds: 120 ingress: @@ -296,6 +298,24 @@ resources: memory: 2Gi unlimited: {} +metrics: + serviceMonitor: + enabled: false + targetPort: 8448 + path: /prometheus + basicAuth: + enabled: false + + selector: + app: '{{ include "common.name" . }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + release: '{{ include "common.release" . }}' + heritage: '{{ .Release.Service }}' + + relabelings: [] + + metricRelabelings: [] + # Not fully used for now securityContext: user_id: *user_id diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml index 47c13af86e..8e481b9656 100644 --- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml @@ -28,6 +28,13 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + strategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }} + rollingUpdate: + maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ .Values.updateStrategy.maxSurge }} + {{- end }} selector: matchLabels: app: {{ include "common.name" . }} diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml index 7857f6bc92..1188f9b645 100644 --- a/kubernetes/aai/components/aai-modelloader/values.yaml +++ b/kubernetes/aai/components/aai-modelloader/values.yaml @@ -67,6 +67,11 @@ config: {} # default number of instances replicaCount: 1 +updateStrategy: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 1 + nodeSelector: {} affinity: {} diff --git a/kubernetes/aai/components/aai-resources/resources/config/application.properties b/kubernetes/aai/components/aai-resources/resources/config/application.properties index 7258b7bef8..b5b64bec4b 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/application.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/application.properties @@ -106,5 +106,17 @@ schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} {{ end }} #to expose the Prometheus scraping endpoint +management.port=8448 +management.endpoints.enabled-by-default=false +management.security.enabled=false +endpoints.enabled=false +endpoints.info.enabled=false +endpoints.prometheus.enabled=false +endpoints.health.enabled=false +management.metrics.web.server.auto-time-requests=false management.metrics.distribution.percentiles-histogram[http.server.requests]=true -management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms, 60ms, 70ms, 80ms, 90ms, 100ms, 500ms, 1000ms, 5000ms, 7000ms
\ No newline at end of file +management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms, 60ms, 70ms, 80ms, 90ms, 100ms, 500ms, 1000ms, 5000ms, 7000ms +#Add common tag for grouping all aai related metrics +management.metrics.tags.group_id=aai +#It is not advisable to use labels to store dimensions with high cardinality. Enable this option only for debug purposes. For more information: https://github.com/micrometer-metrics/micrometer/issues/1584 +scrape.uri.metrics=false
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index 74c58ff2d3..33aa97179e 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -136,6 +136,8 @@ spec: value: {{ .Values.service.internalPort | quote }} - name: INTERNAL_PORT_2 value: {{ .Values.service.internalPort2 | quote }} + - name: INTERNAL_PORT_3 + value: {{ .Values.service.internalPort3 | quote }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime @@ -184,6 +186,7 @@ spec: ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} + - containerPort: {{ .Values.service.internalPort3 }} lifecycle: # wait for active requests (long-running tasks) to be finished # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod. diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml index 46118461d1..8feb071bc6 100644 --- a/kubernetes/aai/components/aai-resources/templates/service.yaml +++ b/kubernetes/aai/components/aai-resources/templates/service.yaml @@ -34,12 +34,19 @@ spec: - port: {{ .Values.service.internalPort2 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} name: {{ .Values.service.portName2 }} + - port: {{ .Values.service.internalPort3 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} + name: {{ .Values.service.portName3 }} {{- else -}} - port: {{ .Values.service.internalPort }} name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - port: {{ .Values.service.internalPort2 }} name: {{ .Values.service.portName2 }} + - port: {{ .Values.service.internalPort3 }} + name: {{ .Values.service.portName3 }} {{- end }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} + clusterIP: None + sessionAffinity: {{ .Values.service.sessionAffinity }} diff --git a/kubernetes/aai/components/aai-resources/templates/servicemonitor.yaml b/kubernetes/aai/components/aai-resources/templates/servicemonitor.yaml new file mode 100644 index 0000000000..c0d9f212b4 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/templates/servicemonitor.yaml @@ -0,0 +1,3 @@ +{{- if .Values.metrics.serviceMonitor.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index 2dfbfeebe5..de7bf2dd84 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -231,7 +231,10 @@ service: internalPort: 8447 portName2: tcp-5005 internalPort2: 5005 + portName3: aai-resources-8448 + internalPort3: 8448 terminationGracePeriodSeconds: 120 + sessionAffinity: None ingress: enabled: false @@ -270,6 +273,58 @@ resources: memory: 4Gi unlimited: {} +metrics: + serviceMonitor: + enabled: false + targetPort: 8448 + path: /prometheus + basicAuth: + enabled: false + externalSecretName: mysecretname + externalSecretUserKey: login + externalSecretPasswordKey: password + + ## Namespace in which Prometheus is running + ## + # namespace: monitoring + + ## Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + #interval: 30s + + ## Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + # scrapeTimeout: 10s + + ## ServiceMonitor selector labels + ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration + ## + selector: + app: '{{ include "common.name" . }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + release: '{{ include "common.release" . }}' + heritage: '{{ .Release.Service }}' + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## Value is evalued as a template + ## + relabelings: [] + + ## MetricRelabelConfigs to apply to samples before ingestion + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## Value is evalued as a template + ## + metricRelabelings: [] + # - sourceLabels: + # - "__name__" + # targetLabel: "__name__" + # action: replace + # regex: '(.*)' + # replacement: 'example_prefix_$1' + #Pods Service Account serviceAccount: nameOverride: aai-resources diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml index cd58b959ad..8a7c43f0b9 100644 --- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml @@ -28,6 +28,13 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + strategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }} + rollingUpdate: + maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ .Values.updateStrategy.maxSurge }} + {{- end }} selector: matchLabels: app: {{ include "common.name" . }} diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml index a72b1d9ec1..50e12e8e4d 100644 --- a/kubernetes/aai/components/aai-schema-service/values.yaml +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -101,6 +101,11 @@ flavorOverride: small # default number of instances replicaCount: 1 +updateStrategy: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 1 + nodeSelector: {} affinity: {} diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml index bb0b9bbdcf..31ea946d9b 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -28,6 +28,13 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + strategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }} + rollingUpdate: + maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ .Values.updateStrategy.maxSurge }} + {{- end }} selector: matchLabels: app: {{ include "common.name" . }} diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml index a8896e031f..29953b4b66 100644 --- a/kubernetes/aai/components/aai-sparky-be/values.yaml +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -95,6 +95,11 @@ nsSuffix: aai # default number of instances replicaCount: 1 +updateStrategy: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 1 + nodeSelector: {} affinity: {} diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application.properties b/kubernetes/aai/components/aai-traversal/resources/config/application.properties index 24a5241fe2..3022b17f97 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/application.properties +++ b/kubernetes/aai/components/aai-traversal/resources/config/application.properties @@ -106,3 +106,19 @@ schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Value schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD} schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} {{ end }} + +#to expose the Prometheus scraping endpoint +management.port=8448 +management.endpoints.enabled-by-default=false +management.security.enabled=false +endpoints.enabled=false +endpoints.info.enabled=false +endpoints.prometheus.enabled=false +endpoints.health.enabled=false +management.metrics.web.server.auto-time-requests=false +management.metrics.distribution.percentiles-histogram[http.server.requests]=true +management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms, 60ms, 70ms, 80ms, 90ms, 100ms, 500ms, 1000ms, 5000ms, 7000ms +#Add common tag for grouping all aai related metrics +management.metrics.tags.group_id=aai +#It is not advisable to use labels to store dimensions with high cardinality. Enable this option only for debug purposes. For more information: https://github.com/micrometer-metrics/micrometer/issues/1584 +scrape.uri.metrics=false
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml index b9f2a802f2..093277169a 100644 --- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml @@ -155,6 +155,8 @@ spec: value: {{ .Values.service.internalPort | quote }} - name: INTERNAL_PORT_2 value: {{ .Values.service.internalPort2 | quote }} + - name: INTERNAL_PORT_3 + value: {{ .Values.service.internalPort3 | quote }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime @@ -205,6 +207,7 @@ spec: ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} + - containerPort: {{ .Values.service.internalPort3 }} lifecycle: # wait for active requests (long-running tasks) to be finished # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod. diff --git a/kubernetes/aai/components/aai-traversal/templates/service.yaml b/kubernetes/aai/components/aai-traversal/templates/service.yaml index b54b6be644..daf1758890 100644 --- a/kubernetes/aai/components/aai-traversal/templates/service.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/service.yaml @@ -34,12 +34,19 @@ spec: - port: {{ .Values.service.internalPort2 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} name: {{ .Values.service.portName2 }} + - port: {{ .Values.service.internalPort3 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} + name: {{ .Values.service.portName3 }} {{- else -}} - port: {{ .Values.service.internalPort }} name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - port: {{ .Values.service.internalPort2 }} name: {{ .Values.service.portName2 }} + - port: {{ .Values.service.internalPort3 }} + name: {{ .Values.service.portName3 }} {{- end }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} + clusterIP: None + sessionAffinity: {{ .Values.service.sessionAffinity }} diff --git a/kubernetes/aai/components/aai-traversal/templates/servicemonitor.yaml b/kubernetes/aai/components/aai-traversal/templates/servicemonitor.yaml new file mode 100644 index 0000000000..c0d9f212b4 --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/templates/servicemonitor.yaml @@ -0,0 +1,3 @@ +{{- if .Values.metrics.serviceMonitor.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index 105b962c64..b5d99fdbda 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -231,6 +231,12 @@ persistence: # default number of instances replicaCount: 1 +minReadySeconds: 10 +updateStrategy: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 1 + nodeSelector: {} affinity: {} @@ -253,7 +259,10 @@ service: internalPort: 8446 portName2: tcp-5005 internalPort2: 5005 + portName3: aai-traversal-8448 + internalPort3: 8448 terminationGracePeriodSeconds: 120 + sessionAffinity: None ingress: enabled: false @@ -289,6 +298,58 @@ resources: memory: 4Gi unlimited: {} +metrics: + serviceMonitor: + enabled: false + targetPort: 8448 + path: /prometheus + basicAuth: + enabled: false + externalSecretName: mysecretname + externalSecretUserKey: login + externalSecretPasswordKey: password + + ## Namespace in which Prometheus is running + ## + # namespace: monitoring + + ## Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + #interval: 30s + + ## Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + # scrapeTimeout: 10s + + ## ServiceMonitor selector labels + ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration + ## + selector: + app: '{{ include "common.name" . }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + release: '{{ include "common.release" . }}' + heritage: '{{ .Release.Service }}' + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## Value is evalued as a template + ## + relabelings: [] + + ## MetricRelabelConfigs to apply to samples before ingestion + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## Value is evalued as a template + ## + metricRelabelings: [] + # - sourceLabels: + # - "__name__" + # targetLabel: "__name__" + # action: replace + # regex: '(.*)' + # replacement: 'example_prefix_$1' + #Pods Service Account serviceAccount: nameOverride: aai-traversal diff --git a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg index 6e7acef17f..03212b9f2d 100644 --- a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg +++ b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg @@ -17,8 +17,10 @@ global log /dev/log local0 stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin stats timeout 30s - user root - group root + # it is required else pod will not come up + maxconn 50000 + user haproxy + group haproxy daemon ################################# # Default SSL material locations# @@ -38,7 +40,8 @@ defaults mode http option httplog option ssl-hello-chk - option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ== + option httpchk + http-check send meth GET uri /aai/util/echo ver HTTP/1.1 hdr Host aai hdr X-TransactionId haproxy-0111 hdr X-FromAppId haproxy hdr Accept application/json hdr Authorization 'Basic QUFJOkFBSQ==' default-server init-addr none # option dontlognull # errorfile 400 /etc/haproxy/errors/400.http @@ -59,6 +62,12 @@ defaults timeout server 480000 timeout http-keep-alive 30000 +frontend stats + bind *:8448 + http-request use-service prometheus-exporter if { path /metrics } + stats enable + stats uri /stats + stats refresh 10s frontend IST_8443 mode http @@ -73,6 +82,10 @@ frontend IST_8443 capture response header Host len 100 option log-separate-errors option forwardfor + + http-request set-header X-Forwarded-Proto https + http-request add-header X-Forwarded-Port 8443 + http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used } http-request set-header X-AAI-SSL %[ssl_fc] @@ -97,9 +110,6 @@ frontend IST_8443 {{- end }} {{- end }} - reqadd X-Forwarded-Proto:\ https - reqadd X-Forwarded-Port:\ 8443 - ####################### #ACLS FOR PORT 8446#### ####################### @@ -107,9 +117,10 @@ frontend IST_8443 acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$ acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$ acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$ + acl is_dsl path_reg -i ^/aai/v[0-9]+/dsl$ acl is_named-query path_beg -i /aai/search/named-query acl is_search-model path_beg -i /aai/search/model - use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model + use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model or is_dsl default_backend IST_Default_8447 @@ -120,9 +131,11 @@ frontend IST_8443 backend IST_Default_8447 balance roundrobin + stick-table type string len 100 size 200k expire 2m + stick on path http-request set-header X-Forwarded-Port %[src_port] http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; - server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none + server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none ####################### @@ -131,9 +144,11 @@ backend IST_Default_8447 backend IST_AAI_8446 balance roundrobin + stick-table type string len 100 size 200k expire 2m + stick on path http-request set-header X-Forwarded-Port %[src_port] http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; - server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none + server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none listen IST_AAI_STATS mode http diff --git a/kubernetes/aai/resources/config/haproxy/haproxy.cfg b/kubernetes/aai/resources/config/haproxy/haproxy.cfg index 1accff9935..8c2554efea 100644 --- a/kubernetes/aai/resources/config/haproxy/haproxy.cfg +++ b/kubernetes/aai/resources/config/haproxy/haproxy.cfg @@ -17,6 +17,10 @@ global log /dev/log local0 stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin stats timeout 30s + # it is required else pod will not come up + maxconn 50000 + user haproxy + group haproxy daemon ################################# # Default SSL material locations# @@ -38,7 +42,8 @@ defaults {{- if ( include "common.needTLS" .) }} option ssl-hello-chk {{- end }} - option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ QUFJOkFBSQ== + option httpchk + http-check send meth GET uri /aai/util/echo ver HTTP/1.1 hdr Host aai hdr X-TransactionId haproxy-0111 hdr X-FromAppId haproxy hdr Accept application/json hdr Authorization 'Basic QUFJOkFBSQ==' default-server init-addr none # option dontlognull # errorfile 400 /etc/haproxy/errors/400.http @@ -59,6 +64,12 @@ defaults timeout server 480000 timeout http-keep-alive 30000 +frontend stats + bind *:8448 + http-request use-service prometheus-exporter if { path /metrics } + stats enable + stats uri /stats + stats refresh 10s frontend IST_8080 mode http @@ -73,8 +84,8 @@ frontend IST_8080 option log-separate-errors option forwardfor http-request set-header X-Forwarded-Proto http - reqadd X-Forwarded-Proto:\ http - reqadd X-Forwarded-Port:\ 8080 + http-request set-header X-Forwarded-Proto http + http-request add-header X-Forwarded-Port 8080 ####################### #ACLS FOR PORT 8446#### @@ -104,6 +115,10 @@ frontend IST_8443 capture response header Host len 100 option log-separate-errors option forwardfor + + http-request set-header X-Forwarded-Proto https + http-request add-header X-Forwarded-Port 8443 + http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used } http-request set-header X-AAI-SSL %[ssl_fc] @@ -128,8 +143,6 @@ frontend IST_8443 {{- end }} {{- end }} - reqadd X-Forwarded-Proto:\ https - reqadd X-Forwarded-Port:\ 8443 {{- end }} ####################### @@ -152,12 +165,14 @@ frontend IST_8443 backend IST_Default_8447 balance roundrobin + stick-table type string len 100 size 200k expire 2m + stick on path http-request set-header X-Forwarded-Port %[src_port] http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; {{- if ( include "common.needTLS" .) }} - server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none + server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none {{- else }} - server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check port 8447 + server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check port 8447 {{- end }} ####################### @@ -166,10 +181,12 @@ backend IST_Default_8447 backend IST_AAI_8446 balance roundrobin + stick-table type string len 100 size 200k expire 2m + stick on path http-request set-header X-Forwarded-Port %[src_port] http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; {{- if ( include "common.needTLS" .) }} - server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none + server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none {{- else }} - server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check port 8446 + server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check port 8446 {{- end }} diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml index 80fcebbef7..f1d10e2c81 100644 --- a/kubernetes/aai/templates/deployment.yaml +++ b/kubernetes/aai/templates/deployment.yaml @@ -30,6 +30,13 @@ spec: matchLabels: app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} + strategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }} + rollingUpdate: + maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ .Values.updateStrategy.maxSurge }} + {{- end }} template: metadata: labels: @@ -39,6 +46,7 @@ spec: annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} spec: + terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - command: - /app/ready.py @@ -58,6 +66,13 @@ spec: image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + resources: + requests: + memory: {{ .Values.haproxy.initContainers.resources.memory }} + cpu: {{ .Values.haproxy.initContainers.resources.cpu }} + limits: + memory: {{ .Values.haproxy.initContainers.resources.memory }} + cpu: {{ .Values.haproxy.initContainers.resources.cpu }} containers: - name: {{ include "common.name" . }} image: "{{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}" @@ -79,6 +94,7 @@ spec: ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPlainPort }} + - containerPort: {{ .Values.metricsService.internalPort }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} diff --git a/kubernetes/aai/templates/service.yaml b/kubernetes/aai/templates/service.yaml index 4a6dc8e497..a8c3c3957e 100644 --- a/kubernetes/aai/templates/service.yaml +++ b/kubernetes/aai/templates/service.yaml @@ -35,6 +35,8 @@ spec: type: {{ .Values.service.type }} selector: app: {{ include "common.name" . }} + clusterIP: {{ .Values.service.aaiServiceClusterIp }} + sessionAffinity: {{ .Values.service.sessionAffinity }} --- apiVersion: v1 kind: Service @@ -54,4 +56,23 @@ spec: type: ClusterIP selector: app: {{ include "common.name" . }} - +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }}-metrics + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-metrics + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + ports: + - port: {{ .Values.metricsService.externalPort }} + targetPort: {{ .Values.metricsService.internalPort }} + name: {{ .Values.metricsService.portName }} + type: {{ .Values.metricsService.type }} + selector: + app: {{ include "common.name" . }} + clusterIP: None
\ No newline at end of file diff --git a/kubernetes/aai/templates/servicemonitor.yaml b/kubernetes/aai/templates/servicemonitor.yaml new file mode 100644 index 0000000000..c0d9f212b4 --- /dev/null +++ b/kubernetes/aai/templates/servicemonitor.yaml @@ -0,0 +1,3 @@ +{{- if .Values.metrics.serviceMonitor.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index 247c58be2b..0ba461c4c7 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -328,7 +328,7 @@ certInitializer: # application image dockerhubRepository: registry.hub.docker.com -image: aaionap/haproxy:1.4.2 +image: onap/aai-haproxy:1.9.5 pullPolicy: Always flavor: small @@ -345,15 +345,27 @@ config: # default number of instances replicaCount: 1 +updateStrategy: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 1 + nodeSelector: {} affinity: {} # HAProxy configuration to block HTTP requests to AAI based on configurable URL patterns haproxy: + initContainers: + resources: + memory: 100Mi + cpu: 50m requestBlocking: enabled: false customConfigs: [] + replicas: + aaiResources: 1 + aaiTraversal: 1 # probe configuration parameters liveness: @@ -392,6 +404,32 @@ service: externalPlainPort: 80 internalPlainPort: 8080 nodeport: 33 + aaiServiceClusterIp: + sessionAffinity: None + +metricsService: + type: ClusterIP + portName: prometheus + externalPort: 8448 + internalPort: 8448 + +metrics: + serviceMonitor: + enabled: false + targetPort: 8448 + path: /metrics + basicAuth: + enabled: false + + selector: + app: '{{ include "common.name" . }}-metrics' + chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + release: '{{ include "common.release" . }}' + heritage: '{{ .Release.Service }}' + + relabelings: [] + + metricRelabelings: [] ingress: enabled: false |