diff options
Diffstat (limited to 'kubernetes/common')
120 files changed, 1374 insertions, 464 deletions
diff --git a/kubernetes/common/Makefile b/kubernetes/common/Makefile index 941c2f84df..43d62f1a82 100644 --- a/kubernetes/common/Makefile +++ b/kubernetes/common/Makefile @@ -20,9 +20,15 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets COMMON_CHARTS_DIR := common EXCLUDES := -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +PROCESSED_LAST := cert-wrapper repository-wrapper +PROCESSED_FIRST := repositoryGenerator certInitializer +TO_FILTER := $(PROCESSED_FIRST) $(EXCLUDES) $(PROCESSED_LAST) -.PHONY: $(EXCLUDES) $(HELM_CHARTS) +HELM_BIN := helm +HELM_CHARTS := $(PROCESSED_FIRST) $(filter-out $(TO_FILTER), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(PROCESSED_LAST) +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") + +.PHONY: $(HELM_CHARTS) $(TO_FILTER) all: $(COMMON_CHARTS_DIR) $(HELM_CHARTS) @@ -34,15 +40,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi - @helm repo index $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi +endif + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/common/cassandra/requirements.yaml b/kubernetes/common/cassandra/requirements.yaml index 90e6621aa3..62e1158c12 100644 --- a/kubernetes/common/cassandra/requirements.yaml +++ b/kubernetes/common/cassandra/requirements.yaml @@ -17,3 +17,6 @@ dependencies: - name: common version: ~6.x-0 repository: 'file://../common' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../repositoryGenerator' diff --git a/kubernetes/common/cassandra/resources/exec.py b/kubernetes/common/cassandra/resources/exec.py index 5b3ae33371..a7f297399e 100644 --- a/kubernetes/common/cassandra/resources/exec.py +++ b/kubernetes/common/cassandra/resources/exec.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python import getopt import logging import os @@ -7,7 +7,7 @@ import time from kubernetes import config from kubernetes.client import Configuration -from kubernetes.client.apis import core_v1_api +from kubernetes.client.api import core_v1_api from kubernetes.client.rest import ApiException from kubernetes.stream import stream diff --git a/kubernetes/common/cassandra/resources/restore.sh b/kubernetes/common/cassandra/resources/restore.sh index b9deb32316..798ab6c53c 100644 --- a/kubernetes/common/cassandra/resources/restore.sh +++ b/kubernetes/common/cassandra/resources/restore.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # Initialize variables ss_dir="" diff --git a/kubernetes/common/cassandra/templates/backup/cronjob.yaml b/kubernetes/common/cassandra/templates/backup/cronjob.yaml index e4f2aabfa0..27f3cc690d 100644 --- a/kubernetes/common/cassandra/templates/backup/cronjob.yaml +++ b/kubernetes/common/cassandra/templates/backup/cronjob.yaml @@ -35,7 +35,7 @@ spec: restartPolicy: Never initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ include "common.name" . }} @@ -45,11 +45,11 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - name: "cassandra-backup-init" - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/bash @@ -59,7 +59,7 @@ spec: curr_time=$1 echo "Clearing snapshots!!!" command="nodetool clearsnapshot -t $curr_time" - /root/exec.py -p "cassandra" -c "$command" + /app/exec.py -p "{{ include "common.name" . }}" -c "$command" } {{ $root := . }} curr_time=`date +%s` @@ -75,11 +75,11 @@ spec: echo "Executing cleanup!!" command="nodetool cleanup" - /root/exec.py -p "cassandra" -c "$command" + /app/exec.py -p "{{ include "common.name" . }}" -c "$command" echo "Cleaned Node!! Backing up database now!!!" command="nodetool snapshot -t $curr_time" - /root/exec.py -p "cassandra" -c "$command" + /app/exec.py -p "{{ include "common.name" . }}" -c "$command" retCode=$? if [ $retCode -ne 0 ]; then echo "Backup Failed!!!" @@ -95,7 +95,7 @@ spec: d=$(echo $d | sed 's:/*$::') keyspace_name=$(echo "$d" | awk -F/ '{ print $NF }') if [ 1 ] {{- range $t, $keyspace := $root.Values.backup.keyspacesToSkip }} && [ "{{ $keyspace.name }}" != "$keyspace_name" ] {{- end }}; then - /root/restore.sh -b $backup_dir/cassandra-{{ $i }}/data -s /onap-data/cassandra-{{ $i }}/data/$keyspace_name -k $keyspace_name -t $curr_time & + /app/restore.sh -b $backup_dir/cassandra-{{ $i }}/data -s /onap-data/cassandra-{{ $i }}/data/$keyspace_name -k $keyspace_name -t $curr_time & pids="$pids $!" fi done @@ -142,14 +142,14 @@ spec: - mountPath: /backup name: backup-dir - name: scripts - mountPath: /root/restore.sh + mountPath: /app/restore.sh subPath: restore.sh - name: scripts - mountPath: /root/exec.py + mountPath: /app/exec.py subPath: exec.py containers: - name: cassandra-backup-validate - image: "{{ .Values.image }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/bash diff --git a/kubernetes/common/cassandra/templates/pv.yaml b/kubernetes/common/cassandra/templates/pv.yaml index 76a224ab5f..a0d998cd07 100644 --- a/kubernetes/common/cassandra/templates/pv.yaml +++ b/kubernetes/common/cassandra/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.replicaPV" . }} diff --git a/kubernetes/common/cassandra/templates/service.yaml b/kubernetes/common/cassandra/templates/service.yaml index 0b91076f82..8934d41c33 100644 --- a/kubernetes/common/cassandra/templates/service.yaml +++ b/kubernetes/common/cassandra/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.headlessService" . }} diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index 96139ce988..471f88f735 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet @@ -28,7 +30,7 @@ spec: hostNetwork: {{ .Values.hostNetwork }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 8 }} volumeMounts: @@ -48,7 +50,7 @@ spec: {{- if eq .Values.liveness.enabled true }} livenessProbe: exec: - command: + command: - /bin/bash - -c - nodetool status | grep $POD_IP | awk '$1!="UN" { exit 1; }' @@ -110,15 +112,12 @@ spec: {{- else }} command: ["/bin/sh", "-c", "PID=$(pidof java) && kill $PID && while ps -p $PID > /dev/null; do sleep 1; done"] {{- end }} - resources: -{{ toYaml .Values.resources | indent 10 }} + resources: {{ toYaml .Values.resources | nindent 10 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} volumes: - name: localtime diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml index 090dbcc2a2..fbdf8e3e19 100644 --- a/kubernetes/common/cassandra/values.yaml +++ b/kubernetes/common/cassandra/values.yaml @@ -21,13 +21,9 @@ global: # global defaults mountPath: /dockerdata-nfs backup: mountPath: /dockerdata-nfs/backup - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 # application image -repository: nexus3.onap.org:10001 -image: library/cassandra:3.11.4 +image: cassandra:3.11.4 pullPolicy: Always # flag to enable debugging - application support required @@ -132,7 +128,7 @@ persistence: configOverrides: {} -resources: {} +# resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -143,13 +139,13 @@ resources: {} # ref: http://kubernetes.io/docs/user-guide/compute-resources/ # Minimum memory for development is 2 CPU cores and 4GB memory # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi +resources: + limits: + cpu: 0.8 + memory: 4Gi + requests: + cpu: 0.2 + memory: 2.5Gi backup: enabled: false cron: "00 00 * * *" diff --git a/kubernetes/common/cert-wrapper/Chart.yaml b/kubernetes/common/cert-wrapper/Chart.yaml new file mode 100644 index 0000000000..68d5400743 --- /dev/null +++ b/kubernetes/common/cert-wrapper/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Wrapper chart to allow truststore to be shared among cert-initializer instances +name: cert-wrapper +version: 6.0.0 diff --git a/kubernetes/common/cert-wrapper/requirements.yaml b/kubernetes/common/cert-wrapper/requirements.yaml new file mode 100644 index 0000000000..b6a667e448 --- /dev/null +++ b/kubernetes/common/cert-wrapper/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: 'file://../certInitializer' diff --git a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh new file mode 100755 index 0000000000..7e2fa91363 --- /dev/null +++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh @@ -0,0 +1,63 @@ +#!/bin/bash +{{/* + +# Copyright © 2020 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +CERTS_DIR=${CERTS_DIR:-/certs} +WORK_DIR=${WORK_DIR:-/updatedTruststore} +ONAP_TRUSTSTORE=${ONAP_TRUSTSTORE:-truststoreONAPall.jks} +JRE_TRUSTSTORE=${JRE_TRUSTSTORE:-$JAVA_HOME/lib/security/cacerts} +TRUSTSTORE_OUTPUT_FILENAME=${TRUSTSTORE_OUTPUT_FILENAME:-truststore.jks} + +mkdir -p $WORK_DIR + +# Decrypt and move relevant files to WORK_DIR +for f in $CERTS_DIR/*; do + if [[ $AAF_ENABLED == false ]] && [[ $f == *$ONAP_TRUSTSTORE* ]]; then + # Dont use onap truststore when aaf is disabled + continue + fi + if [[ $f == *.sh ]]; then + continue + fi + if [[ $f == *.b64 ]] + then + base64 -d $f > $WORK_DIR/`basename $f .b64` + else + cp $f $WORK_DIR/. + fi +done + +# Prepare truststore output file +if [[ $AAF_ENABLED == true ]] + then + mv $WORK_DIR/$ONAP_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME + else + echo "AAF is disabled, using JRE truststore" + cp $JRE_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME +fi + +# Import Custom Certificates +for f in $WORK_DIR/*; do + if [[ $f == *.pem ]]; then + echo "importing certificate: $f" + keytool -import -file $f -alias `basename $f` -keystore $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME -storepass $TRUSTSTORE_PASSWORD -noprompt + if [[ $? != 0 ]]; then + echo "failed importing certificate: $f" + exit 1 + fi + fi +done diff --git a/kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64 b/kubernetes/common/cert-wrapper/resources/truststoreONAP.p12.b64 index 71b6782c58..71b6782c58 100644 --- a/kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64 +++ b/kubernetes/common/cert-wrapper/resources/truststoreONAP.p12.b64 diff --git a/kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64 b/kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64 index 17b051268f..17b051268f 100644 --- a/kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64 +++ b/kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64 diff --git a/kubernetes/common/cert-wrapper/templates/configmap.yaml b/kubernetes/common/cert-wrapper/templates/configmap.yaml new file mode 100644 index 0000000000..117a4ab718 --- /dev/null +++ b/kubernetes/common/cert-wrapper/templates/configmap.yaml @@ -0,0 +1,22 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +{{- $suffix := "certs" }} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }} +data: +{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/cert-wrapper/values.yaml b/kubernetes/common/cert-wrapper/values.yaml new file mode 100644 index 0000000000..fcece0e3f5 --- /dev/null +++ b/kubernetes/common/cert-wrapper/values.yaml @@ -0,0 +1,17 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +certInitializer: + nameOverride: cert-initializer + createCertsCM: true diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml index 1250c1225e..800364f1a2 100644 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2020 Samsung Electronics +# Copyright © 2020 Bell Canada, Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -96,13 +96,73 @@ value: "{{ $initRoot.public_fqdn | default "" }}" {{- end -}} +{{/* + This init container will import custom .pem certificates to truststoreONAPall.jks + Custom certificates must be placed in common/certInitializer/resources directory. + + The feature is enabled by setting Values.global.importCustomCertsEnabled = true + It can be used independently of aafEnabled, however it requires the same includes + as describe above for _initContainer. + + When AAF is enabled the truststoreONAPAll.jks (which contains AAF CA) will be used + to import custom certificates, otherwise the default java keystore will be used. + + The updated truststore file will be placed in /updatedTruststore and can be mounted per component + to a specific path by defining Values.certInitializer.truststoreMountpath (see _trustStoreVolumeMount) + The truststore file will be available to mount even if no custom certificates were imported. +*/}} +{{- define "common.certInitializer._initImportCustomCertsContainer" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} +- name: {{ include "common.name" $dot }}-import-custom-certs + image: {{ $subchartDot.Values.global.jreImage }} + imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} + securityContext: + runAsUser: 0 + command: + - /bin/bash + - -c + - /root/import-custom-certs.sh + env: + - name: AAF_ENABLED + value: "{{ $subchartDot.Values.global.aafEnabled }}" + - name: TRUSTSTORE_OUTPUT_FILENAME + value: "{{ $initRoot.truststoreOutputFileName }}" + - name: TRUSTSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "truststore-creds" "key" "password") | indent 6 }} + volumeMounts: + - mountPath: /certs + name: aaf-agent-certs + - mountPath: /root/import-custom-certs.sh + name: aaf-agent-certs + subPath: import-custom-certs.sh + - mountPath: /updatedTruststore + name: updated-truststore +{{- end -}} + {{- define "common.certInitializer._volumeMount" -}} {{- $dot := default . .dot -}} {{- $initRoot := default $dot.Values.certInitializer .initRoot -}} -- mountPath: {{ $initRoot.mountPath }} +- mountPath: {{ $initRoot.appMountPath }} name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} {{- end -}} +{{/* + This is used together with _initImportCustomCertsContainer + It mounts the updated truststore (with imported custom certificates) to the + truststoreMountpath defined in the values file for the component. +*/}} +{{- define "common.certInitializer._trustStoreVolumeMount" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} +{{- if gt (len $initRoot.truststoreMountpath) 0 }} +- mountPath: {{ $initRoot.truststoreMountpath }}/{{ $initRoot.truststoreOutputFileName }} + name: updated-truststore + subPath: {{ $initRoot.truststoreOutputFileName }} +{{- end -}} +{{- end -}} + {{- define "common.certInitializer._volumes" -}} {{- $dot := default . .dot -}} {{- $initRoot := default $dot.Values.certInitializer .initRoot -}} @@ -112,7 +172,7 @@ medium: Memory - name: aaf-agent-certs configMap: - name: {{ include "common.fullname" $subchartDot }}-certs + name: {{ tpl $subchartDot.Values.certsCMName $subchartDot }} defaultMode: 0700 {{- if $initRoot.aaf_add_config }} @@ -121,10 +181,17 @@ name: {{ include "common.fullname" $subchartDot }}-add-config defaultMode: 0700 {{- end -}} +{{- if $dot.Values.global.importCustomCertsEnabled }} +- name: updated-truststore + emptyDir: {} +{{- end -}} {{- end -}} {{- define "common.certInitializer.initContainer" -}} {{- $dot := default . .dot -}} + {{- if $dot.Values.global.importCustomCertsEnabled }} + {{ include "common.certInitializer._initImportCustomCertsContainer" . }} + {{- end -}} {{- if $dot.Values.global.aafEnabled }} {{ include "common.certInitializer._initContainer" . }} {{- end -}} @@ -135,11 +202,14 @@ {{- if $dot.Values.global.aafEnabled }} {{- include "common.certInitializer._volumeMount" . }} {{- end -}} + {{- if $dot.Values.global.importCustomCertsEnabled }} + {{- include "common.certInitializer._trustStoreVolumeMount" . }} + {{- end -}} {{- end -}} {{- define "common.certInitializer.volumes" -}} {{- $dot := default . .dot -}} - {{- if $dot.Values.global.aafEnabled }} + {{- if or ($dot.Values.global.aafEnabled ) ($dot.Values.global.importCustomCertsEnabled) }} {{- include "common.certInitializer._volumes" . }} {{- end -}} {{- end -}} diff --git a/kubernetes/common/certInitializer/templates/configmap.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml index a89a33152b..7eae899cc1 100644 --- a/kubernetes/common/certInitializer/templates/configmap.yaml +++ b/kubernetes/common/certInitializer/templates/configmap.yaml @@ -21,12 +21,5 @@ kind: ConfigMap metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} data: aaf-add-config.sh: | - {{ tpl .Values.aaf_add_config . | indent 4 }} + {{ tpl .Values.aaf_add_config . | indent 4 | trim }} {{- end }} ---- -apiVersion: v1 -kind: ConfigMap -{{- $suffix := "certs" }} -metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }} -data: -{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml index 416282f72a..66251fa29a 100644 --- a/kubernetes/common/certInitializer/values.yaml +++ b/kubernetes/common/certInitializer/values.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020 Samsung Electronics +# Copyright © 2020 Bell Canada, Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ global: repository: nexus3.onap.org:10001 aafAgentImage: onap/aaf/aaf_agent:2.1.20 aafEnabled: true + jreImage: registry.gitlab.com/onap-integration/docker/onap-java pullPolicy: Always @@ -26,6 +27,11 @@ secrets: login: '{{ .Values.aafDeployFqi }}' password: '{{ .Values.aafDeployPass }}' passwordPolicy: required + - uid: truststore-creds + type: password + externalSecret: '{{ tpl (default "" .Values.truststoreCredsExternalSecret) . }}' + password: '{{ .Values.truststorePassword }}' + passwordPolicy: required readinessCheck: wait_for: @@ -45,3 +51,14 @@ cadi_latitude: "38.0" cadi_longitude: "-72.0" aaf_add_config: "" mountPath: "/opt/app/osaaf" +appMountPath: "/opt/app/osaaf" +importCustomCertsEnabled: false +truststoreMountpath: "" +truststoreOutputFileName: truststore.jks +truststorePassword: changeit + +# This introduces implicit dependency on cert-wrapper +# if you are using cert initializer cert-wrapper has to be also deployed. +# We had to move this CM to a separate chart to reduce the total size of our charts +# as it exceeds the default helm limits. +certsCMName: '{{ include "common.release" . }}-cert-wrapper-certs' diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml index cf866571c7..f6feee6e06 100644 --- a/kubernetes/common/cmpv2Config/values.yaml +++ b/kubernetes/common/cmpv2Config/values.yaml @@ -12,9 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. global: - aaf: + platform: certServiceClient: - image: onap/org.onap.aaf.certservice.aaf-certservice-client:1.2.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 + secretName: oom-cert-service-client-tls-secret envVariables: # Certificate related cmpv2Organization: "Linux-Foundation" @@ -23,7 +24,10 @@ global: cmpv2State: "California" cmpv2Country: "US" # Client configuration related - requestURL: "https://aaf-cert-service:8443/v1/certificate/" + requestURL: "https://oom-cert-service:8443/v1/certificate/" requestTimeout: "30000" keystorePassword: "secret" truststorePassword: "secret" + certPostProcessor: + image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0 + diff --git a/kubernetes/common/common/documentation.rst b/kubernetes/common/common/documentation.rst index d982ab09c6..fd416c0cc8 100644 --- a/kubernetes/common/common/documentation.rst +++ b/kubernetes/common/common/documentation.rst @@ -77,8 +77,6 @@ only give an overview. +----------------------------------------------------+-----------------------+ | `common.repository` | `_repository.tpl` | +----------------------------------------------------+-----------------------+ - | `common.repository.secret` | `_repository.tpl` | - +----------------------------------------------------+-----------------------+ | `common.flavor` | `_resources.tpl` | +----------------------------------------------------+-----------------------+ | `common.resources` | `_resources.tpl` | @@ -289,7 +287,7 @@ taken on mariadb-galera): ... containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} ... Namespace diff --git a/kubernetes/common/common/templates/_aafconfig.tpl b/kubernetes/common/common/templates/_aafconfig.tpl index e90f8aea5d..b1021ab9d7 100644 --- a/kubernetes/common/common/templates/_aafconfig.tpl +++ b/kubernetes/common/common/templates/_aafconfig.tpl @@ -59,10 +59,10 @@ {{- $aafRoot := default $dot.Values.aafConfig .aafRoot -}} {{- if $dot.Values.global.aafEnabled -}} - name: {{ include "common.name" $dot }}-aaf-readiness - image: "{{ $dot.Values.global.readinessRepository }}/{{ $dot.Values.global.readinessImage }}" + image: "{{ include "common.repository" $dot }}/{{ $dot.Values.global.readinessImage }}" imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - aaf-locate @@ -117,9 +117,9 @@ - name: aaf_locator_app_ns value: "{{ $aafRoot.app_ns }}" - name: DEPLOY_FQI - {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "login") | indent 6 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "login") | indent 6 }} - name: DEPLOY_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "password") | indent 6 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "password") | indent 6 }} #Note: want to put this on Nodes, eventually - name: cadi_longitude value: "{{ default "52.3" $aafRoot.cadi_longitude }}" diff --git a/kubernetes/common/common/templates/_createPassword.tpl b/kubernetes/common/common/templates/_createPassword.tpl index 8b2f1e274d..bfd0999e16 100644 --- a/kubernetes/common/common/templates/_createPassword.tpl +++ b/kubernetes/common/common/templates/_createPassword.tpl @@ -32,11 +32,26 @@ {{ else if eq "testRelease" (include "common.release" .) }} {{/* Special case for chart liniting. DON"T NAME YOUR PRODUCTION RELEASE testRelease */}} {{- printf "testRelease" -}} + {{ else if eq "test-release" .Release.Name }} + {{/* Special case for chart linting in helm3. DON"T NAME YOUR PRODUCTION RELEASE test-release */}} + {{- printf "testRelease" -}} {{ else }} {{ fail "masterPassword not provided" }} {{ end }} {{- end -}} +{{- define "common._defaultPasswordStrength" -}} + {{ if .Values.passwordStrengthOverride }} + {{- printf "%s" .Values.passwordStrengthOverride -}} + {{ else if .Values.global.passwordStrength }} + {{- printf "%s" .Values.global.passwordStrength -}} + {{ else if .Values.passwordStrength }} + {{- printf "%s" .Values.passwordStrength -}} + {{ else }} + {{- printf "long" }} + {{ end }} +{{- end -}} + {{/* Generate a new password based on masterPassword. The new password is not random, it is derived from masterPassword, fully qualified chart name and @@ -59,7 +74,8 @@ {{- define "common.createPassword" -}} {{- $dot := default . .dot -}} {{- $uid := default "onap" .uid -}} - {{- $strength := default "long" .strength -}} + {{- $defaultStrength := include "common._defaultPasswordStrength" $dot | trim -}} + {{- $strength := default $defaultStrength .strength -}} {{- $mp := include "common.masterPassword" $dot -}} {{- derivePassword 1 $strength $mp (include "common.fullname" $dot) $uid -}} {{- end -}} diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index 6b4f0ed36e..e57d4bedaa 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -1,19 +1,28 @@ +{{- define "ingress.config.host" -}} +{{- $dot := default . .dot -}} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}} +{{ printf "%s.%s" $baseaddr $burl }} +{{- end -}} + {{- define "ingress.config.port" -}} +{{- $dot := default . .dot -}} {{- if .Values.ingress -}} {{- if .Values.global.ingress -}} {{- if or (not .Values.global.ingress.virtualhost) (not .Values.global.ingress.virtualhost.enabled) -}} - http: paths: {{- range .Values.ingress.service }} - - path: {{ printf "/%s" (required "baseaddr" .baseaddr) }} +{{ $baseaddr := required "baseaddr" .baseaddr }} + - path: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} backend: serviceName: {{ .name }} servicePort: {{ .port }} {{- end -}} {{- else if .Values.ingress.service -}} -{{- $burl := (required "baseurl" .Values.global.ingress.virtualhost.baseurl) -}} {{ range .Values.ingress.service }} - - host: {{ printf "%s.%s" (required "baseaddr" .baseaddr) $burl }} +{{ $baseaddr := required "baseaddr" .baseaddr }} + - host: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} http: paths: - backend: @@ -95,7 +104,18 @@ spec: {{- if .Values.ingress.tls }} tls: {{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} +{{- end -}} +{{- if .Values.ingress.config -}} +{{- if .Values.ingress.config.tls -}} +{{- $dot := default . .dot -}} + tls: + - hosts: + {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} + - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} + {{- end }} + secretName: {{ required "secret" (tpl (default "" .Values.ingress.config.tls.secret) $dot) }} +{{- end -}} +{{- end -}} {{- end -}} {{- end -}} {{- end -}} diff --git a/kubernetes/common/common/templates/_name.tpl b/kubernetes/common/common/templates/_name.tpl index e918cc1dd8..793fb3e07b 100644 --- a/kubernetes/common/common/templates/_name.tpl +++ b/kubernetes/common/common/templates/_name.tpl @@ -51,6 +51,11 @@ {{- $dot := default . .dot -}} {{- $suffix := default "" .suffix -}} {{- $name := default $dot.Chart.Name $dot.Values.nameOverride -}} + {{/* when linted, the name must be lower cased. When used from a component, + name should be overriden in order to avoid collision so no need to do it */}} + {{- if eq (printf "%s/templates" $name) $dot.Template.BasePath -}} + {{- $name = lower $name -}} + {{- end -}} {{- include "common.fullnameExplicit" (dict "dot" $dot "chartName" $name "suffix" $suffix) }} {{- end -}} diff --git a/kubernetes/common/common/templates/_repository.tpl b/kubernetes/common/common/templates/_repository.tpl index 272db42125..0316ae7050 100644 --- a/kubernetes/common/common/templates/_repository.tpl +++ b/kubernetes/common/common/templates/_repository.tpl @@ -15,6 +15,8 @@ */}} {{/* + /!\ DEPRECATED /!\ + Will be removed when transition to "repositoryGenerator" is finished. Resolve the name of the common image repository. The value for .Values.repository is used by default, unless either override mechanism is used. @@ -29,21 +31,3 @@ {{- default .Values.repository .Values.global.repository -}} {{end}} {{- end -}} - - -{{/* - Resolve the image repository secret token. - The value for .Values.global.repositoryCred is used: - repositoryCred: - user: user - password: password - mail: email (optional) -*/}} -{{- define "common.repository.secret" -}} - {{- $repo := include "common.repository" . }} - {{- $repo := default "nexus3.onap.org:10001" $repo }} - {{- $cred := .Values.global.repositoryCred }} - {{- $mail := default "@" $cred.mail }} - {{- $auth := printf "%s:%s" $cred.user $cred.password | b64enc }} - {{- printf "{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}" $repo $cred.user $cred.password $mail $auth | b64enc -}} -{{- end -}} diff --git a/kubernetes/common/common/templates/_secret.tpl b/kubernetes/common/common/templates/_secret.tpl index 990c476f29..2490debffb 100644 --- a/kubernetes/common/common/templates/_secret.tpl +++ b/kubernetes/common/common/templates/_secret.tpl @@ -137,6 +137,10 @@ type: Opaque {{- $uid := (default "" .uid) }} {{- $name := (default "" .name) }} {{- $fullname := ne (default "" .chartName) "" | ternary (include "common.fullnameExplicit" (dict "dot" $global "chartName" .chartName)) (include "common.fullname" $global) }} + {{- if eq "test-release" $global.Release.Name -}} + {{/* Special case for chart liniting in helm3. DON"T NAME YOUR PRODUCTION RELEASE test-release */}} + {{- $uid = lower $uid -}} + {{- end -}} {{- default (printf "%s-%s" $fullname $uid) $name }} {{- end -}} diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index 3d745ed819..dddd63491d 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -94,6 +94,7 @@ annotations: "version": "{{ default "v1" $msb_information.version }}", "url": "{{ default "/" $msb_information.url }}", "protocol": "{{ default "REST" $msb_information.protocol }}", + "enable_ssl": {{ default false $msb_information.enable_ssl }}, "port": "{{ $msb_information.port }}", "visualRange":"{{ default "1" $msb_information.visualRange }}" } diff --git a/kubernetes/common/dgbuilder/requirements.yaml b/kubernetes/common/dgbuilder/requirements.yaml index 4735901dfa..8b7390802f 100644 --- a/kubernetes/common/dgbuilder/requirements.yaml +++ b/kubernetes/common/dgbuilder/requirements.yaml @@ -16,3 +16,9 @@ dependencies: - name: common version: ~6.x-0 repository: 'file://../common' + - name: certInitializer + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../repositoryGenerator'
\ No newline at end of file diff --git a/kubernetes/common/dgbuilder/resources/config/customSettings.js b/kubernetes/common/dgbuilder/resources/config/customSettings.js index 42c2e5728b..b6a1a8636a 100644 --- a/kubernetes/common/dgbuilder/resources/config/customSettings.js +++ b/kubernetes/common/dgbuilder/resources/config/customSettings.js @@ -54,6 +54,8 @@ module.exports={ }, "uiHost": "0.0.0.0", "version": "0.9.1", - "performGitPull": "N", - "enableHttps" : true + {{ if .Values.global.aafEnabled }} + "enableHttps" : true, + {{ end }} + "performGitPull": "N" } diff --git a/kubernetes/common/dgbuilder/resources/config/svclogic.properties b/kubernetes/common/dgbuilder/resources/config/svclogic.properties index 28612a270b..01edb4d411 100644 --- a/kubernetes/common/dgbuilder/resources/config/svclogic.properties +++ b/kubernetes/common/dgbuilder/resources/config/svclogic.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} org.onap.ccsdk.sli.dbtype=jdbc org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/{{.Values.config.db.dbName}} diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml index d0e298b7b6..ad3e4cf128 100644 --- a/kubernetes/common/dgbuilder/templates/deployment.yaml +++ b/kubernetes/common/dgbuilder/templates/deployment.yaml @@ -67,11 +67,12 @@ spec: name: config-input - mountPath: /config name: config - image: "{{ .Values.global.envsubstImage }}" + image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} - command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ .Values.config.dbPodName }} @@ -81,15 +82,15 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/bin/bash"] - args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && ./start.sh sdnc1.0 && wait"] + args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && {{ if .Values.global.aafEnabled}} cp /opt/app/osaaf/local/node-*.pem certs && {{end}}./start.sh sdnc1.0 && wait"] ports: - containerPort: {{ .Values.service.internalPort }} readinessProbe: @@ -101,6 +102,7 @@ spec: - name: SDNC_CONFIG_DIR value: /opt/onap/sdnc/data/properties volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -127,6 +129,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: +{{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/common/dgbuilder/templates/ingress.yaml b/kubernetes/common/dgbuilder/templates/ingress.yaml index 0cd8cfbd36..4392308e38 100644 --- a/kubernetes/common/dgbuilder/templates/ingress.yaml +++ b/kubernetes/common/dgbuilder/templates/ingress.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +*/}} {{ include "common.ingress" . }} diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index a1f637b199..28880646fb 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -20,20 +20,6 @@ global: # with other instances running within the same k8s cluster nodePortPrefix: 302 - # image repositories - repository: nexus3.onap.org:10001 - - # readiness check - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - - # logging agent - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - - # envsusbt - envsubstImage: dibi/envsubst - # image pull policy pullPolicy: Always @@ -83,8 +69,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/ccsdk-dgbuilder-image:0.7.4 +image: onap/ccsdk-dgbuilder-image:1.0.2 pullPolicy: Always # flag to enable debugging - application support required @@ -159,21 +144,45 @@ ingress: config: ssl: "redirect" -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi + # dependency / sub-chart configuration +certInitializer: + nameOverride: dgbuilder-cert-initializer + truststoreMountpath: /opt/onap/ccsdk/dgbuilder/certs + fqdn: "sdnc" + app_ns: "org.osaaf.aaf" + fqi: "sdnc@sdnc.onap.org" + fqi_namespace: org.onap.sdnc + public_fqdn: "dgbuilder.onap.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "38.0" + cadi_longitude: "-72.0" + credsPath: /opt/app/osaaf/local + aaf_add_config: > + cd /opt/app/osaaf/local; + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1 ; + cp {{ .Values.fqi_namespace }}.crt node-cert.pem; + cp {{ .Values.fqi_namespace }}.key node-key.pem; + chmod go+r node-*.pem + +#Resource Limit flavor -By Default using small +flavor: small +#segregation for different envionment (Small and Large) + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} + diff --git a/kubernetes/common/elasticsearch/.helmignore b/kubernetes/common/elasticsearch/.helmignore new file mode 100644 index 0000000000..68ffb32406 --- /dev/null +++ b/kubernetes/common/elasticsearch/.helmignore @@ -0,0 +1 @@ +components/ diff --git a/kubernetes/common/elasticsearch/Makefile b/kubernetes/common/elasticsearch/Makefile new file mode 100644 index 0000000000..4c79718d02 --- /dev/null +++ b/kubernetes/common/elasticsearch/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/common/elasticsearch/components/Makefile b/kubernetes/common/elasticsearch/components/Makefile new file mode 100644 index 0000000000..f2e7a1fb82 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := soHelpers +HELM_BIN := helm +HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml index 7e73420e13..e1d6cbabbb 100644 --- a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml +++ b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.enabled }} {{- range $kind, $enabled := .Values.hooks }} {{- if $enabled }} @@ -45,7 +47,7 @@ spec: {{- end }} containers: - name: {{ template "common.fullname" . }}-curator - image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + image: {{printf "%s/%s" (include "repositoryGenerator.repository" .) .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: config-volume diff --git a/kubernetes/common/elasticsearch/components/curator/requirements.yaml b/kubernetes/common/elasticsearch/components/curator/requirements.yaml index e9a5a5f61a..fbdf7b8489 100644 --- a/kubernetes/common/elasticsearch/components/curator/requirements.yaml +++ b/kubernetes/common/elasticsearch/components/curator/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: 'file://../../../common' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../../../repositoryGenerator' diff --git a/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml index dc2a430922..2af57aae77 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.enabled }} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml index 901c0a5c06..ff63cf00b1 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.enabled }} {{ $role := "curator" -}} {{ $suffix := $role -}} @@ -74,7 +76,7 @@ spec: {{- end }} containers: - name: {{ template "common.fullname" . }}-curator - image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + image: {{printf "%s/%s" (include "repositoryGenerator.repository" .) .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: config-volume diff --git a/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml index 6fe032d818..628cdd1d73 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.psp.create }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy diff --git a/kubernetes/common/elasticsearch/components/curator/templates/role.yaml b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml index 0d189f448b..f124a44c85 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/role.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.rbac.enabled }} kind: Role apiVersion: rbac.authorization.k8s.io/v1 diff --git a/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml index b112468dc3..f10b14231f 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.rbac.enabled }} kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml index 0bd4ae0999..a1732cfedc 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.serviceAccount.create .Values.rbac.enabled }} apiVersion: v1 kind: ServiceAccount diff --git a/kubernetes/common/elasticsearch/components/curator/values.yaml b/kubernetes/common/elasticsearch/components/curator/values.yaml index 5e0d9668d3..62964ff973 100644 --- a/kubernetes/common/elasticsearch/components/curator/values.yaml +++ b/kubernetes/common/elasticsearch/components/curator/values.yaml @@ -22,7 +22,7 @@ global: mountPath: /dockerdata-nfs/backup storageClass: clusterName: cluster.local -repositoryOverride: docker.io + ################################################################# # Application configuration defaults. ################################################################# @@ -31,16 +31,14 @@ repositoryOverride: docker.io ## enabled: false name: curator -image: - imageName: bitnami/elasticsearch-curator - tag: 5.8.1-debian-9-r74 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName +image: bitnami/elasticsearch-curator:5.8.1-debian-9-r74 +pullPolicy: IfNotPresent +## Optionally specify an array of imagePullSecrets. +## Secrets must be manually created in the namespace. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +## +# pullSecrets: +# - myRegistryKeySecretName service: port: 9200 cronjob: diff --git a/kubernetes/common/elasticsearch/components/data/requirements.yaml b/kubernetes/common/elasticsearch/components/data/requirements.yaml index a1f72ffc60..ba64f9630e 100644 --- a/kubernetes/common/elasticsearch/components/data/requirements.yaml +++ b/kubernetes/common/elasticsearch/components/data/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: 'file://../../../common' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../../../repositoryGenerator' diff --git a/kubernetes/common/elasticsearch/components/data/templates/pv.yaml b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml index c713ec81ac..133984c800 100644 --- a/kubernetes/common/elasticsearch/components/data/templates/pv.yaml +++ b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}} diff --git a/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml index 2ac3880886..4a8ef08946 100644 --- a/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount diff --git a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml index 994b458e33..ea805c1813 100644 --- a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml +++ b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,11 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet {{ $role := "data" -}} {{ $suffix := $role -}} -{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}} +{{ $labels := (dict "role" $role "discovery" .Values.cluster_name) -}} metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} spec: updateStrategy: @@ -32,7 +34,8 @@ spec: template: metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }} spec: -{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" {{- if .Values.affinity }} affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }} {{- end }} @@ -42,7 +45,6 @@ spec: {{- if .Values.tolerations }} tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }} {{- end }} - serviceAccountName: {{ template "elasticsearch.data.serviceAccountName" . }} {{- if .Values.securityContext.enabled }} securityContext: fsGroup: {{ .Values.securityContext.fsGroup }} @@ -52,7 +54,7 @@ spec: {{- if .Values.sysctlImage.enabled }} ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors) - name: sysctl - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/sh @@ -67,7 +69,7 @@ spec: {{- end }} {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - name: volume-permissions - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/sh @@ -85,8 +87,8 @@ spec: {{- end }} {{- end }} containers: - - name: {{ include "common.name" . }}-elasticsearch - image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + - name: {{ include "common.name" . }}-data + image: {{ printf "%s/%s" (include "repositoryGenerator.dockerHubRepository" .) .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} {{- if .Values.securityContext.enabled }} securityContext: @@ -94,9 +96,9 @@ spec: {{- end }} env: - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} + value: {{ ternary "true" "false" .Values.debug | quote }} - name: ELASTICSEARCH_CLUSTER_NAME - value: {{include "elasticsearch.clustername" .}} + value: {{ .Values.cluster_name }} - name: ELASTICSEARCH_CLUSTER_HOSTS value: {{ include "common.name" . }}-discovery {{- if .Values.plugins }} diff --git a/kubernetes/common/elasticsearch/components/data/values.yaml b/kubernetes/common/elasticsearch/components/data/values.yaml index cfb7f51da3..1328a20439 100644 --- a/kubernetes/common/elasticsearch/components/data/values.yaml +++ b/kubernetes/common/elasticsearch/components/data/values.yaml @@ -1,4 +1,5 @@ -# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# Copyright (c) 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# Modification Copyright (c) 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,10 +22,13 @@ global: backup: mountPath: /dockerdata-nfs/backup storageClass: -repositoryOverride: docker.io + ################################################################# # Application configuration defaults. ################################################################# + +cluster_name: onap + ## Init containers parameters: sysctlImage: enabled: true @@ -46,24 +50,22 @@ service: - name: http-transport port: 9300 -image: - imageName: bitnami/elasticsearch - tag: 6.8.6-debian-9-r23 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Set to true if you would like to see extra information on logs - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - ## - debug: false +image: bitnami/elasticsearch:7.9.3 +## Specify a imagePullPolicy +## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' +## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images +## +pullPolicy: IfNotPresent +## Optionally specify an array of imagePullSecrets. +## Secrets must be manually created in the namespace. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +## +# pullSecrets: +# - myRegistryKeySecretName +## Set to true if you would like to see extra information on logs +## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging +## +debug: false ## updateStrategy for ElasticSearch Data statefulset diff --git a/kubernetes/common/elasticsearch/components/master/requirements.yaml b/kubernetes/common/elasticsearch/components/master/requirements.yaml index a1f72ffc60..ba64f9630e 100644 --- a/kubernetes/common/elasticsearch/components/master/requirements.yaml +++ b/kubernetes/common/elasticsearch/components/master/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: 'file://../../../common' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../../../repositoryGenerator' diff --git a/kubernetes/common/elasticsearch/components/master/templates/pv.yaml b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml index c713ec81ac..133984c800 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/pv.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}} diff --git a/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml index 05a3af37f2..323b9fc318 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.serviceAccount.create }} diff --git a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml index dfa3ccbacc..a35b4bf741 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,12 +12,13 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet {{ $role := "master" -}} {{ $suffix := $role -}} -{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}} +{{ $labels := (dict "role" $role "discovery" .Values.cluster_name) -}} metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} spec: updateStrategy: @@ -30,7 +32,8 @@ spec: template: metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }} spec: -{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" {{- if .Values.affinity }} affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }} {{- end }} @@ -40,7 +43,6 @@ spec: {{- if .Values.tolerations }} tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }} {{- end }} - serviceAccountName: {{ template "elasticsearch.serviceAccountName" . }} {{- if .Values.securityContext.enabled }} securityContext: fsGroup: {{ .Values.securityContext.fsGroup }} @@ -50,7 +52,7 @@ spec: {{- if .Values.sysctlImage.enabled }} ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors) - name: sysctl - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/sh @@ -65,7 +67,7 @@ spec: {{- end }} {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - name: volume-permissions - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/sh @@ -83,8 +85,8 @@ spec: {{- end }} {{- end }} containers: - - name: {{ include "common.name" . }}-elasticsearch - image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + - name: {{ include "common.name" . }}-master + image: {{ printf "%s/%s" (include "repositoryGenerator.dockerHubRepository" .) .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} {{- if .Values.securityContext.enabled }} securityContext: @@ -92,9 +94,9 @@ spec: {{- end }} env: - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} + value: {{ ternary "true" "false" .Values.debug | quote }} - name: ELASTICSEARCH_CLUSTER_NAME - value: {{ include "elasticsearch.clustername" . }} + value: {{ .Values.cluster_name }} - name: ELASTICSEARCH_CLUSTER_HOSTS value: {{ include "common.name" . }}-discovery - name: ELASTICSEARCH_CLUSTER_MASTER_HOSTS diff --git a/kubernetes/common/elasticsearch/components/master/templates/svc.yaml b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml index 8d66ef082e..ca94e242a4 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/svc.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,9 +12,10 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ $role := "master" -}} {{ $labels := (dict "role" $role) -}} {{ $matchLabels := (dict "role" $role) }} -{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }}
\ No newline at end of file +{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }} diff --git a/kubernetes/common/elasticsearch/components/master/values.yaml b/kubernetes/common/elasticsearch/components/master/values.yaml index 2862692eef..33804494e9 100644 --- a/kubernetes/common/elasticsearch/components/master/values.yaml +++ b/kubernetes/common/elasticsearch/components/master/values.yaml @@ -1,4 +1,5 @@ -# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# Copyright (c) 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# Modification Copyright (c) 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,7 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. - ################################################################# # Global configuration defaults. ################################################################# @@ -22,10 +22,13 @@ global: backup: mountPath: /dockerdata-nfs/backup storageClass: -repositoryOverride: docker.io + ################################################################# # Application configuration defaults. ################################################################# + +cluster_name: onap + ## Init containers parameters: sysctlImage: enabled: true @@ -41,26 +44,24 @@ name: master ## replicaCount: 3 ## master acts as master only node, choose 'no' if no further data nodes are deployed) -dedicatednode: "yes" +dedicatednode: 'yes' ## dedicatednode: "no" -image: - imageName: bitnami/elasticsearch - tag: 6.8.6-debian-9-r23 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Set to true if you would like to see extra information on logs - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - ## - debug: false +image: bitnami/elasticsearch:7.9.3 +## Specify a imagePullPolicy +## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' +## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images +## +pullPolicy: IfNotPresent +## Optionally specify an array of imagePullSecrets. +## Secrets must be manually created in the namespace. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +## +# pullSecrets: +# - myRegistryKeySecretName +## Set to true if you would like to see extra information on logs +## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging +## +debug: false ## String to partially override common.fullname template (will maintain the release name) ## @@ -104,12 +105,14 @@ resources: ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. - limits: {} + limits: + cpu: 250m + memory: 1536Mi # cpu: 100m # memory: 128Mi requests: - cpu: 25m - memory: 256Mi + cpu: 5m + memory: 310Mi ## Elasticsearch master-eligible container's liveness and readiness probes ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @@ -162,13 +165,13 @@ persistence: ## Service parameters for master-eligible node(s) ## service: - suffix: "service" - name: "" + suffix: 'service' + name: '' ## list of ports for "common.containerPorts" ## Elasticsearch transport port ports: - - name: http-transport - port: 9300 + - name: http-transport + port: 9300 ## master-eligible service type ## type: ClusterIP @@ -194,10 +197,6 @@ serviceAccount: ## If not set and create is true, a name is generated using the fullname template # name: - ## Elasticsearch cluster name ## clusterName: elastic-cluster - - - diff --git a/kubernetes/common/elasticsearch/requirements.yaml b/kubernetes/common/elasticsearch/requirements.yaml index 5900f412a1..4b7e88f51e 100644 --- a/kubernetes/common/elasticsearch/requirements.yaml +++ b/kubernetes/common/elasticsearch/requirements.yaml @@ -30,3 +30,6 @@ dependencies: - name: certInitializer version: ~6.x-0 repository: 'file://../certInitializer' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../repositoryGenerator' diff --git a/kubernetes/common/elasticsearch/templates/_helpers.tpl b/kubernetes/common/elasticsearch/templates/_helpers.tpl index fdbe82f855..1de2599af9 100644 --- a/kubernetes/common/elasticsearch/templates/_helpers.tpl +++ b/kubernetes/common/elasticsearch/templates/_helpers.tpl @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. @@ -69,35 +71,3 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- end -}} -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "elasticsearch.imagePullSecrets" -}} -{{- if .Values.global }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -{{- else }} -{{- $imagePullSecrets := coalesce .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.curator.image.pullSecrets .Values.sysctlImage.pullSecrets .Values.volumePermissions.image.pullSecrets -}} -{{- if $imagePullSecrets }} -imagePullSecrets: -{{- range $imagePullSecrets }} - - name: {{ . }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "elasticsearch.curator.serviceAccountName" -}} -{{- if .Values.curator.serviceAccount.create -}} - {{ default (include "common.fullname" (dict "suffix" "currator" "dot" .)) .Values.curator.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.curator.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/kubernetes/common/elasticsearch/templates/configmap-es.yaml b/kubernetes/common/elasticsearch/templates/configmap-es.yaml index 38234da0cf..7138e4e094 100644 --- a/kubernetes/common/elasticsearch/templates/configmap-es.yaml +++ b/kubernetes/common/elasticsearch/templates/configmap-es.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.config }} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml index 1ab5b59855..22de4dbf37 100644 --- a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml +++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment {{ $role := "coordinating-only" -}} @@ -28,7 +30,8 @@ spec: template: metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }} spec: -{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" {{- if .Values.affinity }} affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }} {{- end }} @@ -48,7 +51,7 @@ spec: initContainers: {{- if .Values.sysctlImage.enabled }} - name: sysctl - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/sh @@ -65,7 +68,7 @@ spec: containers: - name: {{ include "common.name" . }}-nginx - image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.nginx.imageName .Values.nginx.tag }} + image: {{ include "repositoryGenerator.image.nginx" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.nginx.pullPolicy | quote }} ports: {{- include "common.containerPorts" . | indent 12 -}} {{- if .Values.nginx.livenessProbe }} @@ -85,7 +88,7 @@ spec: {{- include "common.certInitializer.volumeMount" . | nindent 10 }} - name: {{ include "common.name" . }}-elasticsearch - image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} {{- if .Values.securityContext.enabled }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} securityContext: @@ -93,7 +96,7 @@ spec: {{- end }} env: - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} + value: {{ ternary "true" "false" .Values.debug | quote }} - name: ELASTICSEARCH_CLUSTER_NAME value: {{ include "elasticsearch.clustername" .}} - name: ELASTICSEARCH_CLUSTER_HOSTS diff --git a/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml index 610c7d68c1..d7fd447846 100644 --- a/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml +++ b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ $role := "coordinating-only" -}} {{ $labels := (dict "role" $role) -}} diff --git a/kubernetes/common/elasticsearch/templates/discovery-svc.yaml b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml index fa79c29eca..9750be7b80 100644 --- a/kubernetes/common/elasticsearch/templates/discovery-svc.yaml +++ b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- $matchLabels := (dict "discovery" (include "elasticsearch.clustername" .) "nameNoMatch" "useDiscoveryService") }} {{ include "common.headlessService" (dict "matchLabels" $matchLabels "dot" .) }} diff --git a/kubernetes/common/elasticsearch/templates/secrets.yaml b/kubernetes/common/elasticsearch/templates/secrets.yaml index 359e8975e1..b8cd0686c4 100644 --- a/kubernetes/common/elasticsearch/templates/secrets.yaml +++ b/kubernetes/common/elasticsearch/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada # Copyright © 2019 Samsung Electronics # @@ -12,4 +13,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/common/elasticsearch/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml index 49ad504da6..a9b54882f1 100644 --- a/kubernetes/common/elasticsearch/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml index b1289431a5..b91ac76056 100644 --- a/kubernetes/common/elasticsearch/values.yaml +++ b/kubernetes/common/elasticsearch/values.yaml @@ -1,4 +1,5 @@ -# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# Copyright (c) 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# Modification Copyright (c) 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,12 +19,6 @@ global: aafEnabled: true nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - busyboxRepository: registry.hub.docker.com - busyboxImage: library/busybox:latest clusterName: cluster.local persistence: @@ -31,7 +26,6 @@ persistence: backup: mountPath: /dockerdata-nfs/backup storageClass: -repositoryOverride: docker.io ################################################################# # Application configuration defaults. @@ -41,24 +35,22 @@ sysctlImage: enabled: true # application image -image: - imageName: bitnami/elasticsearch - tag: 6.8.6-debian-9-r23 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Set to true if you would like to see extra information on logs - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - ## - debug: false +image: bitnami/elasticsearch:7.9.3 +## Specify a imagePullPolicy +## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' +## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images +## +pullPolicy: IfNotPresent +## Optionally specify an array of imagePullSecrets. +## Secrets must be manually created in the namespace. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +## +# pullSecrets: +# - myRegistryKeySecretName +## Set to true if you would like to see extra information on logs +## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging +## +debug: false ## String to partially override common.fullname template (will maintain the release name) ## @@ -136,13 +128,8 @@ serviceAccount: ## # name: -## Bitnami Minideb image version -## ref: https://hub.docker.com/r/bitnami/minideb/tags/ -## sysctlImage: enabled: true - imageName: bitnami/minideb - tag: stretch ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -157,8 +144,6 @@ sysctlImage: # nginx image nginx: - imageName: bitnami/nginx - tag: 1.16-debian-9 pullPolicy: IfNotPresent service: name: nginx @@ -320,7 +305,9 @@ master: # dedicatednode: "no" # handles master and data node functionality dedicatednode: "no" + cluster_name: elasticsearch data: enabled: false + cluster_name: elasticsearch curator: enabled: false diff --git a/kubernetes/common/etcd/requirements.yaml b/kubernetes/common/etcd/requirements.yaml index e90e615d73..733bc449cb 100644 --- a/kubernetes/common/etcd/requirements.yaml +++ b/kubernetes/common/etcd/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: 'file://../common' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../repositoryGenerator' diff --git a/kubernetes/common/etcd/templates/pv.yaml b/kubernetes/common/etcd/templates/pv.yaml index ed1344d4c1..ac5b7b975d 100644 --- a/kubernetes/common/etcd/templates/pv.yaml +++ b/kubernetes/common/etcd/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- $global := . }} {{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} diff --git a/kubernetes/common/etcd/templates/service.yaml b/kubernetes/common/etcd/templates/service.yaml index 4268dd6d2c..04fc93af00 100644 --- a/kubernetes/common/etcd/templates/service.yaml +++ b/kubernetes/common/etcd/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright 2019 Intel Corporation Inc # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index fcab51cb59..f5592bd252 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Intel Corporation Inc # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet metadata: @@ -48,7 +50,7 @@ spec: {{- end }} containers: - name: {{ include "common.fullname" . }} - image: "{{ .Values.repository }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.googleK8sRepository" . }}/{{ .Values.image }} imagePullPolicy: "{{ .Values.pullPolicy }}" ports: - containerPort: {{ .Values.service.peerInternalPort }} diff --git a/kubernetes/common/etcd/values.yaml b/kubernetes/common/etcd/values.yaml index d994f87ea4..3cfd4535f1 100644 --- a/kubernetes/common/etcd/values.yaml +++ b/kubernetes/common/etcd/values.yaml @@ -24,8 +24,7 @@ global: ################################################################# #repository: etcd -repository: "k8s.gcr.io" -image: "etcd-amd64:3.2.24" +image: etcd-amd64:3.2.24 pullPolicy: Always # default number of instances in the StatefulSet diff --git a/kubernetes/common/logConfiguration/Chart.yaml b/kubernetes/common/logConfiguration/Chart.yaml new file mode 100644 index 0000000000..1d13dcbd56 --- /dev/null +++ b/kubernetes/common/logConfiguration/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Template used to create same STDOUT log configuration +name: logConfiguration +version: 6.0.0 diff --git a/kubernetes/common/logConfiguration/requirements.yaml b/kubernetes/common/logConfiguration/requirements.yaml new file mode 100644 index 0000000000..237f1d1354 --- /dev/null +++ b/kubernetes/common/logConfiguration/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: 'file://../common' diff --git a/kubernetes/common/logConfiguration/templates/_log.tpl b/kubernetes/common/logConfiguration/templates/_log.tpl new file mode 100644 index 0000000000..bf19f210e4 --- /dev/null +++ b/kubernetes/common/logConfiguration/templates/_log.tpl @@ -0,0 +1,41 @@ +{{/* +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + Resolve the level of the logs. + The value for .Values.logLevel is used by default, + unless either override mechanism is used. + + - .Values.global.logLevel : override default log level for all components + - .Values.logLevelOverride : override global and default log level on a per + component basis + + The function can takes below arguments (inside a dictionary): + - .dot : environment (.) + - .initRoot : the root dictionary of logConfiguration submodule + (default to .Values.logConfiguration) +*/}} +{{- define "common.log.level" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.logConfiguration .initRoot -}} +{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} + {{- if $subchartDot.Values.logLevelOverride }} + {{- printf "%s" $subchartDot.Values.logLevelOverride -}} + {{- else }} + {{- default $subchartDot.Values.logLevel $subchartDot.Values.global.logLevel -}} + {{- end }} +{{- end -}} diff --git a/kubernetes/common/logConfiguration/values.yaml b/kubernetes/common/logConfiguration/values.yaml new file mode 100644 index 0000000000..7ebb0ff84e --- /dev/null +++ b/kubernetes/common/logConfiguration/values.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +logLevel: INFO diff --git a/kubernetes/common/mariadb-galera/requirements.yaml b/kubernetes/common/mariadb-galera/requirements.yaml index 4fbecbfab2..2509f7fcff 100644 --- a/kubernetes/common/mariadb-galera/requirements.yaml +++ b/kubernetes/common/mariadb-galera/requirements.yaml @@ -15,4 +15,7 @@ dependencies: - name: common version: ~6.x-0 - repository: 'file://../common'
\ No newline at end of file + repository: 'file://../common' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../repositoryGenerator'
\ No newline at end of file diff --git a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh index 42c5c89726..b354efe86c 100755 --- a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh +++ b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh @@ -1,8 +1,10 @@ #!/bin/bash +{{/* # # Adfinis SyGroup AG # openshift-mariadb-galera: mysql setup script # +*/}} set -eox pipefail @@ -32,8 +34,9 @@ if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql fi -function prepare_password { - echo -n $1 | sed -e "s/'/''/g" +prepare_password() +{ + echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" } mysql_root_password=`prepare_password $MYSQL_ROOT_PASSWORD` diff --git a/kubernetes/common/mariadb-galera/resources/create-deployment.yml b/kubernetes/common/mariadb-galera/resources/create-deployment.yml index d81d640b0d..0f6bb5929e 100644 --- a/kubernetes/common/mariadb-galera/resources/create-deployment.yml +++ b/kubernetes/common/mariadb-galera/resources/create-deployment.yml @@ -13,7 +13,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} ports: - containerPort: {{ .Values.service.internalPort }} name: {{ .Values.service.portName }} diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml index 29d96748a3..1c780179be 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml @@ -35,7 +35,7 @@ spec: restartPolicy: Never initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ include "common.name" . }} @@ -45,11 +45,11 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - name: mariadb-galera-backup-init - image: "{{ include "common.repository" . }}/{{ .Values.backupImage }}" + image: {{ include "repositoryGenerator.image.mariadb" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/bash @@ -90,9 +90,11 @@ spec: volumeMounts: - name: backup-dir mountPath: /backup + - name: db-data + mountPath: /var/lib/mysql containers: - name: mariadb-backup-validate - image: "{{ include "common.repository" . }}/{{ .Values.backupImage }}" + image: {{ include "repositoryGenerator.image.mariadb" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: MYSQL_ROOT_PASSWORD @@ -164,4 +166,7 @@ spec: - name: backup-dir persistentVolumeClaim: claimName: {{ include "common.fullname" . }}-backup-data + - name: db-data + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-data-{{ include "common.fullname" . }}-{{ sub .Values.replicaCount 1 }} {{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/job.yaml b/kubernetes/common/mariadb-galera/templates/job.yaml index db56f3e046..250279ace2 100644 --- a/kubernetes/common/mariadb-galera/templates/job.yaml +++ b/kubernetes/common/mariadb-galera/templates/job.yaml @@ -14,7 +14,7 @@ spec: runAsUser: 1001 containers: - name: mariadb-job-pre-upgrade - image: {{ .Values.global.kubectlImage}} + image: {{ include "repositoryGenerator.image.kubectl" . }} imagePullPolicy: IfNotPresent env: - name: NAMESPACE_ENV @@ -49,7 +49,7 @@ spec: fsGroup: 1001 runAsUser: 0 initContainers: - - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + - image: {{ include "repositoryGenerator.image.readiness" . }} name: mariadb-galera-upgrade-readiness env: - name: NAMESPACE @@ -58,13 +58,13 @@ spec: apiVersion: v1 fieldPath: metadata.namespace command: - - /root/ready.py + - /app/ready.py args: - --container-name - mariadb-galera containers: - name: mariadb-job-post-upgrade - image: {{ .Values.global.kubectlImage}} + image: {{ include "repositoryGenerator.image.kubectl" . }} imagePullPolicy: IfNotPresent env: - name: NAMESPACE_ENV @@ -99,7 +99,7 @@ spec: spec: containers: - name: mariadb-job-post-delete - image: {{ .Values.global.kubectlImage}} + image: {{ include "repositoryGenerator.image.kubectl" . }} imagePullPolicy: IfNotPresent command: ["/bin/bash", "-c", "--"] args: diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml index 47d1e0ef3d..eb21fe3182 100644 --- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml +++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml @@ -61,7 +61,7 @@ spec: - name: {{ include "common.namespace" . }}-docker-registry-key containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy | quote}} env: - name: POD_NAMESPACE @@ -119,7 +119,7 @@ spec: name: {{ include "common.fullname" . }}-data initContainers: - name: {{ include "common.name" . }}-prepare - image: "{{ include "common.repository" . }}/{{ .Values.imageInit }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy | quote}} command: ["sh", "-c", "chown -R 27:27 /var/lib/mysql"] volumeMounts: diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index 4ccb0e5c6e..6b1676fba7 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -38,24 +38,12 @@ global: backup: mountPath: /dockerdata-nfs/backup - repository: nexus3.onap.org:10001 - - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - busyboxImage: busybox:1.30 - busyboxRepository: docker.io - # kubeclt image - kubectlImage: "bitnami/kubectl:1.15" - ################################################################# # Application configuration defaults. ################################################################# #repository: mysql -repository: nexus3.onap.org:10001 image: adfinissygroup/k8s-mariadb-galera-centos:v002 -backupImage: library/mariadb:10.1.38 -imageInit: busybox pullPolicy: IfNotPresent # application configuration @@ -132,10 +120,10 @@ ingress: ## Configure MariaDB-Galera with a custom my.cnf file ## ref: https://mariadb.com/kb/en/mariadb/configuring-mariadb-with-mycnf/#example-of-configuration-file ## -externalConfig: "" -# externalConfig: |- - # [mysqld] - # innodb_buffer_pool_size=2G +#externalConfig: "" +externalConfig: |- + [mysqld] + lower_case_table_names = 1 #resources: {} # We usually recommend not to specify default resources and to leave this as a conscious @@ -151,11 +139,11 @@ externalConfig: "" resources: small: limits: - cpu: 2 - memory: 4Gi + cpu: 500m + memory: 1.5Gi requests: - cpu: 1 - memory: 2Gi + cpu: 100m + memory: 750Mi large: limits: cpu: 2 diff --git a/kubernetes/common/mariadb-init/requirements.yaml b/kubernetes/common/mariadb-init/requirements.yaml index 4fbecbfab2..2509f7fcff 100644 --- a/kubernetes/common/mariadb-init/requirements.yaml +++ b/kubernetes/common/mariadb-init/requirements.yaml @@ -15,4 +15,7 @@ dependencies: - name: common version: ~6.x-0 - repository: 'file://../common'
\ No newline at end of file + repository: 'file://../common' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../repositoryGenerator'
\ No newline at end of file diff --git a/kubernetes/common/mariadb-init/resources/config/db_init.sh b/kubernetes/common/mariadb-init/resources/config/db_init.sh index 40254d469b..fa4b007a5a 100755 --- a/kubernetes/common/mariadb-init/resources/config/db_init.sh +++ b/kubernetes/common/mariadb-init/resources/config/db_init.sh @@ -1,4 +1,5 @@ #!/bin/bash +{{/* # Copyright © 2019 Orange # Copyright © 2020 Samsung Electronics # @@ -13,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} # make sure the script fails if any of commands failed set -e diff --git a/kubernetes/common/mariadb-init/templates/_mariadb.tpl b/kubernetes/common/mariadb-init/templates/_mariadb.tpl index af9a4f5f02..5563fe714d 100644 --- a/kubernetes/common/mariadb-init/templates/_mariadb.tpl +++ b/kubernetes/common/mariadb-init/templates/_mariadb.tpl @@ -1,5 +1,6 @@ {{/* # Copyright © 2019 Orange +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,3 +21,15 @@ {{- define "mariadbInit.mariadbClusterSecret" -}} {{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride)) -}} {{- end -}} + +{{- define "mariadbInit._updateSecrets" -}} + {{- if not .Values.secretsUpdated }} + {{- $global := . }} + {{- range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }} + {{- $item := dict "uid" $db "type" "basicAuth" "externalSecret" (default "" $dbInfos.externalSecret) "login" (default "" $dbInfos.user) "password" (default "" $dbInfos.password) "passwordPolicy" "required" }} + {{- $newList := append $global.Values.secrets $item }} + {{- $_ := set $global.Values "secrets" $newList }} + {{- end -}} + {{ $_ := set $global.Values "secretsUpdated" true }} + {{- end -}} +{{- end -}} diff --git a/kubernetes/common/mariadb-init/templates/configmap.yaml b/kubernetes/common/mariadb-init/templates/configmap.yaml index 0144ec1907..6708efdb60 100644 --- a/kubernetes/common/mariadb-init/templates/configmap.yaml +++ b/kubernetes/common/mariadb-init/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Orange # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap @@ -25,3 +27,19 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +{{ if .Values.dbScript }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-dbscript + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: + db_cmd.sh: | + {{ tpl .Values.dbScript . | indent 4 }} +{{- end }} diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml index 5202d572a2..ad97cd4ed6 100644 --- a/kubernetes/common/mariadb-init/templates/job.yaml +++ b/kubernetes/common/mariadb-init/templates/job.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Orange # Copyright © 2020 Samsung Electronics # @@ -12,6 +13,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} + +{{ include "mariadbInit._updateSecrets" . -}} apiVersion: batch/v1 kind: Job @@ -35,42 +39,45 @@ spec: initContainers: - name: {{ include "common.name" . }}-readiness command: - - /root/ready.py + - /app/ready.py args: - --container-name - - {{ .Values.global.mariadbGalera.nameOverride }} + - {{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.containerName }} env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.image.mariadb" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - bash - - /db_init/db_init.sh + - /bin/sh + - -c + - | + /db_init/db_init.sh {{ if or .Values.dbScriptConfigMap .Values.dbScript }} && + /db_config/db_cmd.sh{{ end }} env: - name: DB_HOST - value: "{{ .Values.global.mariadbGalera.nameOverride }}" + value: "{{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.serviceName }}" - name: DB_PORT - value: "{{ .Values.global.mariadbGalera.servicePort }}" + value: "{{ default .Values.global.mariadbGalera.servicePort .Values.mariadbGalera.servicePort }}" - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }} - name: {{ printf "MYSQL_USER_%s" .Values.config.mysqlDatabase | upper }} - {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }} - name: {{ printf "MYSQL_PASSWORD_%s" .Values.config.mysqlDatabase | upper }} - {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }} {{- $root := . }} {{ range $db, $_values := .Values.config.mysqlAdditionalDatabases }} - name: {{ printf "MYSQL_USER_%s" $db | upper }} - {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "login") | indent 10 }} - name: {{ printf "MYSQL_PASSWORD_%s" $db | upper }} - {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "password") | indent 10 }} {{ end }} volumeMounts: - mountPath: /etc/localtime @@ -78,7 +85,10 @@ spec: readOnly: true - name: mariadb-conf mountPath: /db_init/ - readOnly: true +{{- if or .Values.dbScriptConfigMap .Values.dbScript }} + - name: mariadb-init + mountPath: /db_config/ +{{- end }} resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -90,12 +100,23 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: - - name: mariadb-conf - configMap: - name: {{ include "mariadbInit.configMap" . }} - name: localtime hostPath: path: /etc/localtime +{{- if or .Values.dbScriptConfigMap .Values.dbScript }} + - name: mariadb-init + configMap: +{{- if .Values.dbScriptConfigMap }} + name: {{ tpl .Values.dbScriptConfigMap . }} +{{- else -}} + name: {{ include "common.fullname" . }}-dbscript +{{- end }} + defaultMode: 0755 +{{- end }} + - name: mariadb-conf + configMap: + name: {{ include "mariadbInit.configMap" . }} + defaultMode: 0755 restartPolicy: Never imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/mariadb-init/templates/secret.yaml b/kubernetes/common/mariadb-init/templates/secret.yaml index 71a89d019b..a9d9e0b704 100644 --- a/kubernetes/common/mariadb-init/templates/secret.yaml +++ b/kubernetes/common/mariadb-init/templates/secret.yaml @@ -1,4 +1,6 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada, Orange +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,27 +13,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -{{- define "mariadb-init._update-secrets" -}} - {{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }} -{{ printf "- uid: %s" $db }} -{{ printf " type: basicAuth" }} - {{- if $dbInfos.externalSecret }} -{{ printf " externalSecret: %s" $dbInfos.externalSecret }} - {{- end }} -{{ printf " login: %s" $dbInfos.user }} -{{ printf " password: %s" $dbInfos.password }} -{{ printf " passwordPolicy: required" }} - {{- end -}} -{{- end -}} +{{ include "mariadbInit._updateSecrets" . -}} -{{ $global := . }} -{{ $secretsString := .Values.secrets | toYaml | indent 2 }} -{{ $additionalSecretsString := (include "mariadb-init._update-secrets" .) | indent 2 }} -{{ $finalSecretsString := (cat "\nsecrets:\n" $secretsString $additionalSecretsString) | replace " -" " -" }} -{{ $finalSecrets := ($finalSecretsString | fromYaml).secrets }} - -{{ $newValues := set $global.Values "secrets" $finalSecrets }} -{{ $tmpGlobal := set $global "Values" $newValues }} - -{{ include "common.secret" $tmpGlobal }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/mariadb-init/tests/job_test.yaml b/kubernetes/common/mariadb-init/tests/job_test.yaml index 7523ee1c6e..170eaf3c96 100644 --- a/kubernetes/common/mariadb-init/tests/job_test.yaml +++ b/kubernetes/common/mariadb-init/tests/job_test.yaml @@ -36,7 +36,7 @@ tests: content: mariadb-galera - equal: path: spec.template.spec.initContainers[0].image - value: oomk8s/readiness-check:2.0.2 + value: nexus3.onap.org:10001/onap/oom/readiness:3.0.1 - equal: path: spec.template.spec.initContainers[0].imagePullPolicy value: IfNotPresent diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml index f6ce95a65f..b2c0a05e46 100644 --- a/kubernetes/common/mariadb-init/values.yaml +++ b/kubernetes/common/mariadb-init/values.yaml @@ -16,9 +16,6 @@ # Global configuration defaults. ################################################################# global: - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 mariadbGalera: nameOverride: mariadb-galera servicePort: 3306 @@ -33,8 +30,8 @@ global: secrets: - uid: root-password type: password - externalSecret: '{{ tpl (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) . }}' - password: '{{ tpl (default "" .global.mariadbGalera.userRootPassword) . }}' + externalSecret: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootSecret) (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}' + password: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootPassword) (default "" .Values.global.mariadbGalera.userRootPassword) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}' - uid: '{{ .Values.config.mysqlDatabase }}' type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}' @@ -46,12 +43,27 @@ secrets: # Application configuration defaults. ################################################################# -image: mariadb:10.1.38 pullPolicy: IfNotPresent +# These two values are used to supply commands that are run after the DB is created. +# Components using the shared DB can either pass a string which has a set of commands +# or a config map that contains a shell script. If both are specified only the config +# map will be executed. For reference, please see the VID components for config map +dbScript: "" +dbScriptConfigMap: "" + # Set it if you want to change the name of the different components # nameOverride: +mariadbGalera: {} +# serviceName: some-name +# containerName: some-name +# servicePort: 3306 +# userRootPassword: some-password +# userRootSecret: some-secret-name +# userRootSecretKey: password + + config: userPassword: Ci@shsOd3pky1Vji userName: u5WZ1GMSIS1wHZF diff --git a/kubernetes/common/mongo/requirements.yaml b/kubernetes/common/mongo/requirements.yaml index 6ba617e990..09c09d698b 100644 --- a/kubernetes/common/mongo/requirements.yaml +++ b/kubernetes/common/mongo/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: 'file://../common' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../repositoryGenerator' diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml index 111bc80586..73186b392d 100644 --- a/kubernetes/common/mongo/templates/statefulset.yaml +++ b/kubernetes/common/mongo/templates/statefulset.yaml @@ -36,10 +36,15 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: +{{ include "common.podSecurityContext" . | indent 6 }} containers: - name: {{ include "common.name" . }} - image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - docker-entrypoint.sh + args: + - --nounixsocket env: - name: MONGO_INITDB_DATABASE value: "{{ .Values.config.dbName }}" @@ -66,8 +71,8 @@ spec: volumeMounts: - name: {{ include "common.fullname" . }}-data mountPath: /var/lib/mongo - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} +{{ include "common.containerSecurityContext" . | indent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} diff --git a/kubernetes/common/mongo/values.yaml b/kubernetes/common/mongo/values.yaml index 3c04b429cd..ee1d8c72fa 100644 --- a/kubernetes/common/mongo/values.yaml +++ b/kubernetes/common/mongo/values.yaml @@ -18,15 +18,12 @@ global: nodePortPrefix: 302 persistence: {} - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 ################################################################# # Application configuration defaults. ################################################################# -dockerHubRepository: registry.hub.docker.com image: library/mongo:4.0.8 pullPolicy: Always @@ -84,10 +81,13 @@ service: rpcbindPort: 111 rpcbindUdpPort: 111 +securityContext: + user_id: 999 + group_id: 999 + ingress: enabled: false -resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -98,13 +98,22 @@ resources: {} # ref: http://kubernetes.io/docs/user-guide/compute-resources/ # Minimum memory for development is 2 CPU cores and 4GB memory # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi +resources: + small: + limits: + cpu: 100m + memory: 200Mi + requests: + cpu: 10m + memory: 50Mi + large: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi + unlimited: {} sdnctlPrefix: mongo diff --git a/kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml b/kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml index 46310fb0fb..2c6c3379c2 100644 --- a/kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml +++ b/kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml @@ -34,10 +34,10 @@ spec: restartPolicy: Never initContainers: - name: {{ include "common.name" . }}-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --timeout - "{{ .Values.global.readinessTimeout }}" diff --git a/kubernetes/common/music/charts/music-cassandra-job/values.yaml b/kubernetes/common/music/charts/music-cassandra-job/values.yaml index ac18195939..eee1a3a522 100644 --- a/kubernetes/common/music/charts/music-cassandra-job/values.yaml +++ b/kubernetes/common/music/charts/music-cassandra-job/values.yaml @@ -20,9 +20,8 @@ global: repository: nexus3.onap.org:10001 # readiness check - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - # Set default to 4 hrs. + readinessImage: onap/oom/readiness:3.0.1 + # Set default to 4 hrs. # On slow environments dealys this long have been seen. readinessTimeout: 240 # logging agent @@ -34,9 +33,9 @@ global: job: host: music-cassandra port: 9042 - busybox: + busybox: image: library/busybox:latest - cassandra: + cassandra: image: onap/music/cassandra_job:3.0.24 timeout: 30 delay: 120 @@ -45,10 +44,10 @@ cql: replicationClass: "SimpleStrategy" replicationFactor: 3 adminUser: - username: nelson24 - password: nelson24 + username: nelson24 + password: nelson24 passwordReplace: A2C4E6G8I0J2L4O6Q8S0U2W4Y6 - + podManagementPolicy: OrderedReady updateStrategy: type: OnDelete diff --git a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml b/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml index fbdac61a9e..5ae944a568 100644 --- a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml +++ b/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml @@ -26,17 +26,6 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - {{ .Chart.Name }} - topologyKey: kubernetes.io/hostname serviceName: {{ include "common.servicename" . }} replicas: {{ .Values.replicaCount }} selector: @@ -133,5 +122,3 @@ spec: requests: storage: {{ .Values.persistence.size | quote }} {{- end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/music/charts/music-cassandra/values.yaml b/kubernetes/common/music/charts/music-cassandra/values.yaml index 460671d839..0402a3207c 100644 --- a/kubernetes/common/music/charts/music-cassandra/values.yaml +++ b/kubernetes/common/music/charts/music-cassandra/values.yaml @@ -21,8 +21,7 @@ global: repository: nexus3.onap.org:10001 # readiness check - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 # logging agent loggingRepository: docker.elastic.co diff --git a/kubernetes/common/music/charts/music/resources/config/startup.sh b/kubernetes/common/music/charts/music/resources/config/startup.sh index 7ab32558b4..37bb84de8b 100755 --- a/kubernetes/common/music/charts/music/resources/config/startup.sh +++ b/kubernetes/common/music/charts/music/resources/config/startup.sh @@ -1,4 +1,5 @@ #!/bin/bash +{{/* # # ============LICENSE_START========================================== # org.onap.music @@ -19,6 +20,7 @@ # # ============LICENSE_END============================================= # ==================================================================== +*/}} echo "Running startup script to get password from certman" PWFILE=/opt/app/aafcertman/.password diff --git a/kubernetes/common/music/charts/music/templates/configmap.yaml b/kubernetes/common/music/charts/music/templates/configmap.yaml index 4023f343df..d42cf2e7e0 100644 --- a/kubernetes/common/music/charts/music/templates/configmap.yaml +++ b/kubernetes/common/music/charts/music/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017-2020 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/music/charts/music/templates/deployment.yaml b/kubernetes/common/music/charts/music/templates/deployment.yaml index c3b30b22b7..63b5ab0974 100644 --- a/kubernetes/common/music/charts/music/templates/deployment.yaml +++ b/kubernetes/common/music/charts/music/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017-2020 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -23,10 +25,10 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-cassandra-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/job_complete.py + - /app/ready.py args: - -j - "{{ include "common.release" . }}-music-cassandra-job-config" @@ -77,7 +79,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: -{{ toYaml .Values.resources | indent 12 }} +{{ include "common.resources" . | indent 12 }} env: - name: SPRING_OPTS value: "{{ .Values.springOpts }}" diff --git a/kubernetes/common/music/charts/music/templates/secrets.yaml b/kubernetes/common/music/charts/music/templates/secrets.yaml index 5d5f5bb397..15791a85d7 100644 --- a/kubernetes/common/music/charts/music/templates/secrets.yaml +++ b/kubernetes/common/music/charts/music/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/common/music/charts/music/templates/service.yaml b/kubernetes/common/music/charts/music/templates/service.yaml index ca774c9b5b..3bd32a9419 100644 --- a/kubernetes/common/music/charts/music/templates/service.yaml +++ b/kubernetes/common/music/charts/music/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017-2020 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }} diff --git a/kubernetes/common/music/charts/music/values.yaml b/kubernetes/common/music/charts/music/values.yaml index faa5a6223d..bf3ad2279c 100644 --- a/kubernetes/common/music/charts/music/values.yaml +++ b/kubernetes/common/music/charts/music/values.yaml @@ -23,8 +23,7 @@ global: envsubstImage: dibi/envsubst # readiness check - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 # logging agent loggingRepository: docker.elastic.co diff --git a/kubernetes/common/music/values.yaml b/kubernetes/common/music/values.yaml index fe4cbaee9c..7e89b02e02 100644 --- a/kubernetes/common/music/values.yaml +++ b/kubernetes/common/music/values.yaml @@ -19,8 +19,7 @@ global: nodePortPrefix: 302 repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml index 87dd622c35..c97c0488ac 100644 --- a/kubernetes/common/network-name-gen/templates/deployment.yaml +++ b/kubernetes/common/network-name-gen/templates/deployment.yaml @@ -36,16 +36,14 @@ spec: release: {{ include "common.release" . }} spec: initContainers: -{{- if .Values.global.mariadbGalera.localCluster }} - - command: - - /root/ready.py + - name: {{ include "common.name" . }}-readiness + command: + - /app/ready.py args: +{{- if .Values.global.mariadbGalera.localCluster }} - --container-name - {{ index .Values "mariadb-galera" "nameOverride" }} {{- else }} - - command: - - /root/job_complete.py - args: - --job-name - {{ include "common.release" . }}-{{ index .Values "mariadb-init" "nameOverride" }}-config-job {{- end }} @@ -55,9 +53,8 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} command: diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml index 81c596c6c9..ade8a20df6 100644 --- a/kubernetes/common/network-name-gen/values.yaml +++ b/kubernetes/common/network-name-gen/values.yaml @@ -26,8 +26,7 @@ global: # readiness check - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 # image pull policy pullPolicy: IfNotPresent @@ -79,7 +78,7 @@ mariadb-init: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-apps-ms-neng:0.7.1 +image: onap/ccsdk-apps-ms-neng:1.0.2 pullPolicy: IfNotPresent # application configuration diff --git a/kubernetes/common/postgres/requirements.yaml b/kubernetes/common/postgres/requirements.yaml index 6f898b6171..19a4513f52 100644 --- a/kubernetes/common/postgres/requirements.yaml +++ b/kubernetes/common/postgres/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: 'file://../common' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../repositoryGenerator' diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index 456aa32bc0..6142baa63f 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -30,7 +30,6 @@ metadata: heritage: {{ $dot.Release.Service }} name: "{{ index $dot.Values "container" "name" $pgMode }}" spec: - serviceName: {{ $dot.Values.service.name }} replicas: 1 selector: matchLabels: @@ -74,7 +73,7 @@ spec: subPath: setup.sql - mountPath: /config name: pgconf - image: "{{ $dot.Values.global.envsubstImage }}" + image: {{ include "repositoryGenerator.image.envsubst" $dot }} imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} name: {{ include "common.name" $dot }}-update-config @@ -85,14 +84,14 @@ spec: - | chown 26:26 /podroot/; chmod 700 /podroot/; - image: {{ $dot.Values.global.busyboxRepository | default $dot.Values.busyboxRepository }}/{{ $dot.Values.busyboxImage }} + image: {{ include "repositoryGenerator.image.busybox" $dot }} imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" $dot }}-data mountPath: /podroot/ containers: - name: {{ include "common.name" $dot }} - image: "{{ $dot.Values.postgresRepository }}/{{ $dot.Values.image }}" + image: {{ include "repositoryGenerator.image.postgres" $dot }} imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} ports: - containerPort: {{ $dot.Values.service.internalPort }} @@ -147,8 +146,7 @@ spec: - mountPath: /backup name: {{ include "common.fullname" $dot }}-backup readOnly: true - resources: -{{ include "common.resources" $dot | indent 12 }} + resources: {{ include "common.resources" $dot | nindent 12 }} {{- if $dot.Values.nodeSelector }} nodeSelector: {{ toYaml $dot.Values.nodeSelector | indent 10 }} diff --git a/kubernetes/common/postgres/templates/configmap.yaml b/kubernetes/common/postgres/templates/configmap.yaml index 26ba390040..e8bfd1194a 100644 --- a/kubernetes/common/postgres/templates/configmap.yaml +++ b/kubernetes/common/postgres/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml index a5a416329b..f815847f06 100644 --- a/kubernetes/common/postgres/values.yaml +++ b/kubernetes/common/postgres/values.yaml @@ -18,11 +18,6 @@ global: nodePortPrefix: 302 persistence: {} - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - - # envsusbt - envsubstImage: dibi/envsubst ################################################################# # Secrets metaconfig @@ -46,12 +41,6 @@ secrets: # Application configuration defaults. ################################################################# -# BusyBox image -busyboxRepository: registry.hub.docker.com -busyboxImage: library/busybox:latest - -postgresRepository: crunchydata -image: crunchy-postgres:centos7-10.11-4.2.1 pullPolicy: Always # application configuration @@ -126,21 +115,32 @@ service: ingress: enabled: false -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi +flavor: small + +#resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# +# Example: +# Configure resource requests and limits +# ref: http://kubernetes.io/docs/user-guide/compute-resources/ +# Minimum memory for development is 2 CPU cores and 4GB memory +# Minimum memory for production is 4 CPU cores and 8GB memory +resources: + small: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 10m + memory: 90Mi + large: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi + unlimited: {} diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl index 3cdf13a362..6a1a1eb82a 100644 --- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl +++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl @@ -56,10 +56,10 @@ {{- $containers := index (ternary (dict "containers" $wait_for) $wait_for (kindIs "slice" $wait_for)) "containers" -}} {{- $namePart := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "name" -}} - name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $namePart) (empty $namePart) }}-readiness - image: "{{ $subchartDot.Values.global.readinessRepository }}/{{ $subchartDot.Values.global.readinessImage }}" + image: "{{ include "common.repository" $subchartDot }}/{{ $subchartDot.Values.global.readinessImage }}" imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: {{- range $container := $containers }} - --container-name diff --git a/kubernetes/common/readinessCheck/values.yaml b/kubernetes/common/readinessCheck/values.yaml index 8417407a99..7bd0c3d679 100644 --- a/kubernetes/common/readinessCheck/values.yaml +++ b/kubernetes/common/readinessCheck/values.yaml @@ -13,8 +13,7 @@ # limitations under the License. global: - readinessRepository: oomk8s - readinessImage: readiness-check:2.2.1 + readinessImage: onap/oom/readiness:3.0.1 pullPolicy: Always limits: diff --git a/kubernetes/common/repository-wrapper/Chart.yaml b/kubernetes/common/repository-wrapper/Chart.yaml new file mode 100644 index 0000000000..7f48d16877 --- /dev/null +++ b/kubernetes/common/repository-wrapper/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Wrapper chart to allow docker secret to be shared all instances +name: repository-wrapper +version: 6.0.0 diff --git a/kubernetes/common/repository-wrapper/requirements.yaml b/kubernetes/common/repository-wrapper/requirements.yaml new file mode 100644 index 0000000000..02d40a57d9 --- /dev/null +++ b/kubernetes/common/repository-wrapper/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: 'file://../common' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../repositoryGenerator' diff --git a/kubernetes/common/repository-wrapper/templates/secrets.yaml b/kubernetes/common/repository-wrapper/templates/secrets.yaml new file mode 100644 index 0000000000..21b56fadcd --- /dev/null +++ b/kubernetes/common/repository-wrapper/templates/secrets.yaml @@ -0,0 +1,29 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.namespace" . }}-docker-registry-key + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: + .dockercfg: {{ include "repositoryGenerator.secret" . }} +type: kubernetes.io/dockercfg diff --git a/kubernetes/common/repository-wrapper/values.yaml b/kubernetes/common/repository-wrapper/values.yaml new file mode 100644 index 0000000000..66f679c830 --- /dev/null +++ b/kubernetes/common/repository-wrapper/values.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: {}
\ No newline at end of file diff --git a/kubernetes/common/repositoryGenerator/Chart.yaml b/kubernetes/common/repositoryGenerator/Chart.yaml new file mode 100644 index 0000000000..5ff53fa3d4 --- /dev/null +++ b/kubernetes/common/repositoryGenerator/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Template used to generate the right repository link +name: repositoryGenerator +version: 6.0.0 diff --git a/kubernetes/common/repositoryGenerator/requirements.yaml b/kubernetes/common/repositoryGenerator/requirements.yaml new file mode 100644 index 0000000000..70ab2ecce6 --- /dev/null +++ b/kubernetes/common/repositoryGenerator/requirements.yaml @@ -0,0 +1,14 @@ +# Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl new file mode 100644 index 0000000000..c351db1ba0 --- /dev/null +++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl @@ -0,0 +1,177 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- define "repositoryGenerator._repositoryHelper" -}} + {{- $dot := default . .dot -}} + {{- $initRoot := default $dot.Values.repositoryGenerator .initRoot -}} + {{- $repoName := .repoName }} + {{- $overrideName := printf "%s%s" $repoName "Override" }} + {{- if (hasKey $dot.Values $overrideName) -}} + {{- printf "%s" (first (pluck $overrideName $dot.Values)) -}} + {{- else -}} + {{- first (pluck $repoName $dot.Values.global $initRoot.global) -}} + {{- end }} +{{- end -}} + +{{/* + Resolve the name of the common image repository. + + - .Values.global.repository : default image repository for all ONAP images + - .Values.repositoryOverride : override global repository on a per chart basis +*/}} +{{- define "repositoryGenerator.repository" -}} + {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "repository") .) }} +{{- end -}} + +{{/* + Resolve the name of the dockerHub image repository. + + - .Values.global.dockerHubRepository : default image dockerHubRepository for all dockerHub images + - .Values.dockerHubRepositoryOverride : override global dockerHub repository on a per chart basis +*/}} +{{- define "repositoryGenerator.dockerHubRepository" -}} + {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "dockerHubRepository") .) }} +{{- end -}} + +{{/* + Resolve the name of the elasticRepository image repository. + + - .Values.global.elasticRepository : default image elasticRepository for all images using elastic repository + - .Values.elasticRepositoryOverride : override global elasticRepository repository on a per chart basis +*/}} +{{- define "repositoryGenerator.elasticRepository" -}} + {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "elasticRepository") .) }} +{{- end -}} + +{{/* + Resolve the name of the googleK8sRepository image repository. + + - .Values.global.googleK8sRepository : default image dockerHubRepository for all dockerHub images + - .Values.googleK8sRepositoryOverride : override global dockerHub repository on a per chart basis +*/}} +{{- define "repositoryGenerator.googleK8sRepository" -}} + {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "googleK8sRepository") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image._helper" -}} + {{- $dot := default . .dot -}} + {{- $initRoot := default $dot.Values.repositoryGenerator .initRoot -}} + {{- $image := .image }} + {{- $repoName := first (pluck $image $initRoot.imageRepoMapping) }} + {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" $repoName ) .) }}/{{- first (pluck $image $dot.Values.global $initRoot.global) -}} +{{- end -}} + +{{- define "repositoryGenerator.image.busybox" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "busyboxImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.curl" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "curlImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.envsubst" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "envsubstImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.htpasswd" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "htpasswdImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.kubectl" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "kubectlImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.logging" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "loggingImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.mariadb" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "mariadbImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.nginx" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "nginxImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.postgres" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "postgresImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.readiness" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "readinessImage") .) }} +{{- end -}} + +{{/* + Resolve the image repository secret token. + The value for .Values.global.repositoryCred is used if provided: + repositoryCred: + user: user + password: password + mail: email (optional) + You can also set the same things for dockerHub, elastic and googleK8s if + needed. +*/}} +{{- define "repositoryGenerator.secret" -}} + {{- $dot := default . .dot -}} + {{- $initRoot := default $dot.Values.repositoryGenerator .initRoot -}} + {{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}} + {{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} + {{- $repoCreds := "" }} + {{- if $subchartDot.Values.global.dockerHubRepositoryCred }} + {{- $repo := $subchartDot.Values.global.repository }} + {{- $cred := $subchartDot.Values.global.repositoryCred }} + {{- $mail := default "@" $cred.mail }} + {{- $auth := printf "%s:%s" $cred.user $cred.password | b64enc }} + {{- $repoCreds = printf "\"%s\": {\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $repo $cred.user $cred.password $mail $auth }} + {{- end }} + {{- if $subchartDot.Values.global.dockerHubRepositoryCred }} + {{- $dhRepo := $subchartDot.Values.global.dockerHubRepository }} + {{- $dhCred := $subchartDot.Values.global.dockerHubRepositoryCred }} + {{- $dhMail := default "@" $dhCred.mail }} + {{- $dhAuth := printf "%s:%s" $dhCred.user $dhCred.password | b64enc }} + {{- $dhRepoCreds := printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $dhRepo $dhCred.user $dhCred.password $dhMail $dhAuth }} + {{- if eq "" $repoCreds }} + {{- $repoCreds = $dhRepoCreds }} + {{- else }} + {{- $repoCreds = printf "%s, %s" $repoCreds $dhRepoCreds }} + {{- end }} + {{- end }} + {{- if $subchartDot.Values.global.elasticRepositoryCred }} + {{- $eRepo := $subchartDot.Values.global.elasticRepository }} + {{- $eCred := $subchartDot.Values.global.elasticRepositoryCred }} + {{- $eMail := default "@" $eCred.mail }} + {{- $eAuth := printf "%s:%s" $eCred.user $eCred.password | b64enc }} + {{- $eRepoCreds := printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $eRepo $eCred.user $eCred.password $eMail $eAuth }} + {{- if eq "" $repoCreds }} + {{- $repoCreds = $eRepoCreds }} + {{- else }} + {{- $repoCreds = printf "%s, %s" $repoCreds $eRepoCreds }} + {{- end }} + {{- end }} + {{- if $subchartDot.Values.global.googleK8sRepositoryCred }} + {{- $gcrRepo := $subchartDot.Values.global.googleK8sRepository }} + {{- $gcrCred := $subchartDot.Values.global.googleK8sRepositoryCred }} + {{- $gcrMail := default "@" $gcrCred.mail }} + {{- $gcrAuth := printf "%s:%s" $gcrCred.user $gcrCred.password | b64enc }} + {{- $gcrRepoCreds := printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $gcrRepo $gcrCred.user $gcrCred.password $gcrMail $gcrAuth }} + {{- if eq "" $repoCreds }} + {{- $repoCreds = $gcrRepoCreds }} + {{- else }} + {{- $repoCreds = printf "%s, %s" $repoCreds $gcrRepoCreds }} + {{- end }} + {{- end }} + {{- printf "{%s}" $repoCreds | b64enc -}} +{{- end -}} diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml new file mode 100644 index 0000000000..1ec3a35bd9 --- /dev/null +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -0,0 +1,62 @@ +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + # Repositories used + repository: nexus3.onap.org:10001 + dockerHubRepository: docker.io + elasticRepository: docker.elastic.co + googleK8sRepository: k8s.gcr.io + + # common global images + busyboxImage: busybox:1.32 + curlImage: curlimages/curl:7.69.1 + envsubstImage: dibi/envsubst:1 + # there's only latest image for htpasswd + htpasswdImage: xmartlabs/htpasswd:latest + kubectlImage: bitnami/kubectl:1.19 + loggingImage: beats/filebeat:5.5.0 + mariadbImage: mariadb:10.1.48 + nginxImage: bitnami/nginx:1.18-debian-10 + postgresImage: crunchydata/crunchy-postgres:centos7-10.11-4.2.1 + readinessImage: onap/oom/readiness:3.0.1 + + # Default credentials + # they're optional. If the target repository doesn't need them, comment them + repositoryCred: + user: docker + password: docker + # If you want / need authentication on the repositories, please set + # Don't set them if the target repo is the same than others + # dockerHubCred: + # user: myuser + # password: mypassord + # elasticCred: + # user: myuser + # password: mypassord + # googleK8sCred: + # user: myuser + # password: mypassord + +imageRepoMapping: + busyboxImage: dockerHubRepository + curlImage: dockerHubRepository + envsubstImage: dockerHubRepository + htpasswdImage: dockerHubRepository + kubectlImage: dockerHubRepository + loggingImage: elasticRepository + mariadbImage: dockerHubRepository + nginxImage: dockerHubRepository + postgresImage: dockerHubRepository + readinessImage: repository |