diff options
Diffstat (limited to 'kubernetes/common')
60 files changed, 1526 insertions, 1574 deletions
diff --git a/kubernetes/common/cassandra/templates/backup/cronjob.yaml b/kubernetes/common/cassandra/templates/backup/cronjob.yaml index 630ac43ba3..0d06318422 100644 --- a/kubernetes/common/cassandra/templates/backup/cronjob.yaml +++ b/kubernetes/common/cassandra/templates/backup/cronjob.yaml @@ -75,7 +75,7 @@ spec: echo "Executing cleanup!!" command="nodetool cleanup" - /root/exec.py -p "cassandra" -c "$command" + /root/exec.py -p "cassandra" -c "$command" echo "Cleaned Node!! Backing up database now!!!" command="nodetool snapshot -t $curr_time" @@ -97,7 +97,7 @@ spec: if [ 1 ] {{- range $t, $keyspace := $root.Values.backup.keyspacesToSkip }} && [ "{{ $keyspace.name }}" != "$keyspace_name" ] {{- end }}; then /root/restore.sh -b $backup_dir/cassandra-{{ $i }}/data -s /onap-data/cassandra-{{ $i }}/data/$keyspace_name -k $keyspace_name -t $curr_time & pids="$pids $!" - fi + fi done {{- end }} @@ -121,7 +121,7 @@ spec: echo "Failed" > /backup/backup.log exit 0 fi - + mv /backup/temp /backup/backup-${curr_time} echo "Success" > /backup/backup.log echo "Cassandra Backup Succeeded" @@ -135,8 +135,10 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /onap-data - name: data-dir + {{- range $i := until (int .Values.replicaCount)}} + - mountPath: /onap-data/cassandra-{{ $i }} + name: data-dir-{{ $i }} + {{- end }} - mountPath: /backup name: backup-dir - name: scripts @@ -144,7 +146,7 @@ spec: subPath: restore.sh - name: scripts mountPath: /root/exec.py - subPath: exec.py + subPath: exec.py containers: - name: cassandra-backup-validate image: "{{ .Values.image }}" @@ -200,7 +202,7 @@ spec: done kill -9 $CASS_PID {{- end }} - echo "Validation Successful!!!" + echo "Validation Successful!!!" cd /backup totalFiles=`ls -t | grep "backup-" | wc -l` if [ $totalFiles -gt {{ .Values.backup.retentionPeriod }} ]; then @@ -230,13 +232,14 @@ spec: path: /etc/localtime - name: scripts configMap: - name: {{ include "common.fullname" $ }}-configmap + name: {{ include "common.fullname" . }}-configmap defaultMode: 0755 - - name: data-dir + {{- range $i := until (int .Values.replicaCount)}} + - name: data-dir-{{ $i }} persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-db-data + claimName: {{ include "common.fullname" . }}-data-{{ $i }} + {{- end }} - name: backup-dir persistentVolumeClaim: claimName: {{ include "common.fullname" . }}-backup-data {{- end -}} - diff --git a/kubernetes/common/cassandra/templates/backup/pv.yaml b/kubernetes/common/cassandra/templates/backup/pv.yaml index 332dc95e05..10c310077b 100644 --- a/kubernetes/common/cassandra/templates/backup/pv.yaml +++ b/kubernetes/common/cassandra/templates/backup/pv.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2019 Amdocs, Bell Canada, AT&T +# Copyright © 2019 Amdocs, Bell Canada, AT&T, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,25 +14,8 @@ # limitations under the License. */}} {{- if .Values.backup.enabled }} -{{ if .Values.persistence.enabled }} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ include "common.fullname" . }}-db-data - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - heritage: {{ .Release.Service }} - name: {{ include "common.fullname" . }}-db-data -spec: - capacity: - storage: {{ .Values.persistence.size }} - accessModes: - - {{ .Values.persistence.accessMode }} - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if eq "True" (include "common.needPV" .) -}} --- apiVersion: v1 kind: PersistentVolume @@ -49,9 +32,10 @@ spec: storage: {{ .Values.persistence.size }} accessModes: - {{ .Values.persistence.accessMode }} - hostPath: - path: {{ .Values.global.persistence.backup.mountPath | default .Values.persistence.backup.mountPath }}/{{ include "common.namespace" $ }}/{{ include "common.fullname" $ }} persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} -{{ end }} + storageClassName: "{{ include "common.fullname" . }}-data" + hostPath: + path: {{ .Values.global.persistence.backup.mountPath | default .Values.persistence.backup.mountPath }}/{{ include "common.namespace" . }}/{{ include "common.fullname" . }} +{{- end -}} +{{- end -}} {{- end -}} - diff --git a/kubernetes/common/cassandra/templates/backup/pvc.yaml b/kubernetes/common/cassandra/templates/backup/pvc.yaml index 1f848c3315..dd7f3810a0 100644 --- a/kubernetes/common/cassandra/templates/backup/pvc.yaml +++ b/kubernetes/common/cassandra/templates/backup/pvc.yaml @@ -15,36 +15,6 @@ */}} {{- if .Values.backup.enabled }} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-db-data - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-backup - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - selector: - matchLabels: - name: {{ include "common.fullname" . }}-db-data - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end }} --- kind: PersistentVolumeClaim apiVersion: v1 @@ -61,20 +31,11 @@ metadata: {{ toYaml .Values.persistence.annotations | indent 4 }} {{- end }} spec: - selector: - matchLabels: - name: {{ include "common.fullname" . }}-backup-data accessModes: - {{ .Values.persistence.accessMode }} resources: requests: storage: {{ .Values.persistence.size }} -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end }} + storageClassName: {{ include "common.storageClass" . }} {{- end -}} {{- end -}} diff --git a/kubernetes/common/cassandra/templates/pv.yaml b/kubernetes/common/cassandra/templates/pv.yaml index 06f41e7683..fbbb5ba105 100644 --- a/kubernetes/common/cassandra/templates/pv.yaml +++ b/kubernetes/common/cassandra/templates/pv.yaml @@ -12,28 +12,35 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ if .Values.persistence.enabled }} -{{- $root := . -}} -{{ range $i, $e := until (int $root.Values.replicaCount) }} +{{- $global := . }} +{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} +{{- if eq "True" (include "common.needPV" .) -}} +{{- range $i := until (int $global.Values.replicaCount)}} --- apiVersion: v1 kind: PersistentVolume metadata: - name: {{ $root.Release.Name }}-{{ $root.Values.service.name }}-{{ $i }} - namespace: {{ $root.Release.Namespace }} + name: {{ $global.Release.Name }}-{{ $global.Values.service.name }}-{{ $i }} + namespace: {{ $global.Release.Namespace }} labels: - type: {{ $root.Values.persistence.storageType }} - app: {{ $root.Values.service.name }} - chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }} - release: {{ $root.Release.Name }} - heritage: {{ $root.Release.Service }} + type: {{ $global.Values.persistence.storageType }} + app: {{ $global.Values.service.name }} + chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }} + release: {{ $global.Release.Name }} + heritage: {{ $global.Release.Service }} spec: capacity: - storage: {{ $root.Values.persistence.size }} + storage: {{ $global.Values.persistence.size }} accessModes: - - {{ $root.Values.persistence.accessMode }} + {{- if $global.Values.backup.enabled }} + - ReadWriteMany + {{- else }} + - ReadWriteOnce + {{- end }} + persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" $global }}-data" hostPath: - path: {{ $root.Values.persistence.mountPath }}/{{ $root.Release.Name }}/{{ $root.Values.persistence.mountSubPath }}-{{ $i }} - persistentVolumeReclaimPolicy: {{ $root.Values.persistence.volumeReclaimPolicy }} -{{ end }} -{{ end }} + path: {{ $global.Values.persistence.mountPath }}/{{ $global.Release.Name }}/{{ $global.Values.persistence.mountSubPath }}-{{ $i }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index 4be3570851..72e886d4d1 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -49,7 +49,7 @@ spec: - containerPort: {{ $ports.port }} {{- end }} volumeMounts: - - name: cassandra-data + - name: {{ include "common.fullname" . }}-data mountPath: /var/lib/cassandra - name: localtime mountPath: /etc/localtime @@ -151,25 +151,26 @@ spec: name: {{ include "common.fullname" . }}-entrypoint defaultMode: 0755 {{- if not .Values.persistence.enabled }} - - name: cassandra-data + - name: {{ include "common.fullname" . }}-data emptyDir: {} {{- else }} volumeClaimTemplates: - metadata: - name: cassandra-data + name: {{ include "common.fullname" . }}-data labels: - app: {{ template "common.fullname" . }} + name: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" - annotations: - volume.beta.kubernetes.io/storage-class: {{ .Values.persistence.storageClass }} spec: accessModes: - - {{ .Values.persistence.accessMode | quote }} + {{- if .Values.backup.enabled }} + - ReadWriteMany + {{- else }} + - ReadWriteOnce + {{- end }} + storageClassName: {{ include "common.storageClass" . }} resources: requests: storage: {{ .Values.persistence.size | quote }} - selector: - matchLabels: - release: "{{ .Release.Name }}" {{- end }} diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml index e568996b15..c3af7e59b2 100644 --- a/kubernetes/common/cassandra/values.yaml +++ b/kubernetes/common/cassandra/values.yaml @@ -115,12 +115,12 @@ persistence: ## GKE, AWS & OpenStack) ## ## storageClass: "-" - accessMode: ReadWriteOnce + ## Not set as it depends of the backup enabledment or not. + #accessMode: ReadWriteOnce size: 2Gi mountPath: /dockerdata-nfs mountSubPath: cassandra storageType: local - storageClass: "" backup: mountPath: /dockerdata-nfs/backup diff --git a/kubernetes/common/common/templates/_createPassword.tpl b/kubernetes/common/common/templates/_createPassword.tpl new file mode 100644 index 0000000000..938b0ee514 --- /dev/null +++ b/kubernetes/common/common/templates/_createPassword.tpl @@ -0,0 +1,62 @@ +{{/* +# Copyright © 2019 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + Resolve the master password to be used to derive other passwords. The value of + .Values.masterPassword is used by default, unless either override mechanism is + used: + + - .Values.global.masterPassword : override default master password for all charts + - .Values.masterPasswordOverride : override global and default masterPassword on a per chart basis +*/}} +{{- define "common.masterPassword" -}} + {{ if .Values.masterPasswordOverride }} + {{- printf "%d" .Values.masterPasswordOverride -}} + {{ else if .Values.global.masterPassword }} + {{- printf "%d" .Values.global.masterPassword -}} + {{ else if .Values.masterPassword }} + {{- printf "%d" .Values.masterPassword -}} + {{ else }} + {{ fail "masterPassword not provided" }} + {{ end }} +{{- end -}} + +{{/* + Generate a new password based on masterPassword. The new password is not + random, it is derived from masterPassword, fully qualified chart name and + additional uid provided by the user. This ensures that every time when we + run this function from the same place, with the same password and uid we + get the same results. This allows to avoid password changes while you are + doing upgrade. + + The function can take from one to three arguments (inside a dictionary): + - .dot : environment (.) + - .uid : unique identifier of password to be generated within this particular chart. Use only when you create more than a single password within one chart + - .strength : complexity of derived password. See derivePassword documentation for more details + + Example calls: + + {{ include "common.createPassword" . }} + {{ include "common.createPassword" (dict "dot" . "uid" "mysqlRootPasswd") }} + +*/}} +{{- define "common.createPassword" -}} + {{- $dot := default . .dot -}} + {{- $uid := default "onap" .uid -}} + {{- $strength := default "long" .strength -}} + {{- $mp := include "common.masterPassword" $dot -}} + {{- derivePassword 1 $strength $mp (include "common.fullname" $dot) $uid -}} +{{- end -}} diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index 49d7eeb415..b4afe6309d 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -1,12 +1,24 @@ {{- define "ingress.config.port" -}} {{- if .Values.ingress -}} -{{- if .Values.ingress.service -}} +{{- if or (not .Values.global.ingress.virtualhost) (not .Values.global.ingress.virtualhost.enabled) -}} + - http: + paths: {{- range .Values.ingress.service }} - - path: {{ .path }} + - path: {{ printf "/%s" (required "baseaddr" .baseaddr) }} backend: serviceName: {{ .name }} servicePort: {{ .port }} {{- end -}} +{{- else if .Values.ingress.service -}} +{{- $burl := (required "baseurl" .Values.global.ingress.virtualhost.baseurl) -}} +{{ range .Values.ingress.service }} + - host: {{ printf "%s.%s" (required "baseaddr" .baseaddr) $burl }} + http: + paths: + - backend: + serviceName: {{ .name }} + servicePort: {{ .port }} +{{- end -}} {{- else -}} - path: {{ printf "/%s" .Chart.Name }} backend: @@ -17,18 +29,37 @@ {{- end -}} +{{- define "ingress.config.annotations.ssl" -}} +{{- if .Values.ingress.config -}} +{{- if .Values.ingress.config.ssl -}} +{{- if eq .Values.ingress.config.ssl "redirect" -}} +kubernetes.io/ingress.class: nginx +nginx.ingress.kubernetes.io/ssl-passthrough: "true" +nginx.ingress.kubernetes.io/ssl-redirect: "true" +{{- else if eq .Values.ingress.config.ssl "native" -}} +nginx.ingress.kubernetes.io/ssl-redirect: "true" +{{- else if eq .Values.ingress.config.ssl "none" -}} +nginx.ingress.kubernetes.io/ssl-redirect: "false" +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + + {{- define "ingress.config.annotations" -}} {{- if .Values.ingress -}} {{- if .Values.ingress.annotations -}} {{ toYaml .Values.ingress.annotations | indent 4 | trim }} {{- end -}} {{- end -}} +{{ include "ingress.config.annotations.ssl" . | indent 4 | trim }} {{- end -}} {{- define "common.ingress" -}} {{- if .Values.ingress -}} -{{- if .Values.ingress.enabled -}} +{{- if .Values.global.ingress -}} +{{- if and .Values.ingress.enabled .Values.global.ingress.enabled -}} apiVersion: extensions/v1beta1 kind: Ingress metadata: @@ -42,9 +73,7 @@ metadata: heritage: {{ .Release.Service }} spec: rules: - - http: - paths: - {{- include "ingress.config.port" . }} + {{ include "ingress.config.port" . | trim }} {{- if .Values.ingress.tls }} tls: {{ toYaml .Values.ingress.tls | indent 4 }} @@ -52,4 +81,4 @@ spec: {{- end -}} {{- end -}} {{- end -}} - +{{- end -}}
\ No newline at end of file diff --git a/kubernetes/common/common/templates/_mariadb.tpl b/kubernetes/common/common/templates/_mariadb.tpl new file mode 100644 index 0000000000..15fb5a4225 --- /dev/null +++ b/kubernetes/common/common/templates/_mariadb.tpl @@ -0,0 +1,59 @@ +{{/* +# Copyright © 2019 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + Choose the name of the mariadb service to use. +*/}} +{{- define "common.mariadbService" -}} + {{- if .Values.global.mariadbGalera.localCluster -}} + {{- index .Values "mariadb-galera" "service" "name" -}} + {{- else -}} + {{- .Values.global.mariadbGalera.service -}} + {{- end -}} +{{- end -}} + +{{/* + Choose the value of mariadb port to use. +*/}} +{{- define "common.mariadbPort" -}} + {{- if .Values.global.mariadbGalera.localCluster -}} + {{- index .Values "mariadb-galera" "service" "internalPort" -}} + {{- else -}} + {{- .Values.global.mariadbGalera.internalPort -}} + {{- end -}} +{{- end -}} + +{{/* + Choose the value of secret to retrieve user value. +*/}} +{{- define "common.mariadbSecret" -}} + {{- if .Values.global.mariadbGalera.localCluster -}} + {{ printf "%s-%s-db-user-credentials" (include "common.fullname" .) (index .Values "mariadb-galera" "nameOverride") -}} + {{- else -}} + {{ printf "%s-%s" (.Release.Name) (index .Values "mariadb-init" "nameOverride") -}} + {{- end -}} +{{- end -}} + +{{/* + Choose the value of secret param to retrieve user value. +*/}} +{{- define "common.mariadbSecretParam" -}} + {{- if .Values.global.mariadbGalera.localCluster -}} + {{ printf "password" -}} + {{- else -}} + {{ printf "db-user-password" -}} + {{- end -}} +{{- end -}} diff --git a/kubernetes/common/common/templates/_name.tpl b/kubernetes/common/common/templates/_name.tpl index 4299984673..f84ca21f3a 100644 --- a/kubernetes/common/common/templates/_name.tpl +++ b/kubernetes/common/common/templates/_name.tpl @@ -28,4 +28,14 @@ {{- define "common.fullname" -}} {{- $name := default .Chart.Name .Values.nameOverride -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}}
\ No newline at end of file +{{- end -}} + +{{/* + Retrieve the "original" release from the component release: + if ONAP is deploy with "helm deploy --name toto", then cassandra components + will have "toto-cassandra" as release name. + this function would answer back "toto". +*/}} +{{- define "common.release" -}} + {{- regexReplaceAll "-[a-zA-Z0-9]*$" .Release.Name "" }} +{{- end -}} diff --git a/kubernetes/common/common/templates/_secret.yaml b/kubernetes/common/common/templates/_secret.yaml new file mode 100644 index 0000000000..523d7880f0 --- /dev/null +++ b/kubernetes/common/common/templates/_secret.yaml @@ -0,0 +1,276 @@ +{{/* +# Copyright © 2019 AT&T, Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + For internal use only! + + Generates a secret header with given name and desired labels. + + The template takes two arguments: + - .global: environment (.) + - .name: name of the secret + + Example call: + {{ include "common.secret._header" (dict "global" . "name" "myFancyName") }} +*/}} +{{- define "common.secret._header" -}} +{{- $global := .global }} +{{- $name := .name }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $name }} + namespace: {{ include "common.namespace" $global }} + labels: + app: {{ include "common.name" $global }} + chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }} + release: {{ $global.Release.Name }} + heritage: {{ $global.Release.Service }} +type: Opaque +{{- end -}} + +{{/* + For internal use only! + + Pick a value based on "user input" and generation policy. + + The template takes below arguments: + - .global: environment (.) + - .secretName: name of the secret where the value will be placed + - .secretEnv: map of values which configures this secret. This can contain below keys: + - value: Value of secret key provided by user (can be a template inside a string) + - policy: What to do if value is missing or empty. Possible options are: + - generate: Generate a new password deriving it from master password + - required: Fail the deployment if value has not been provided + Defaults to generate. + - name: Name of the key to which this value should be assigned +*/}} +{{- define "common.secret._value" -}} + {{- $global := .global }} + {{- $name := .secretName }} + {{- $secretEnv := .secretEnv }} + {{- $value := tpl $secretEnv.value $global }} + {{- $policy := default "generate" $secretEnv.policy }} + + {{- if $value }} + {{- $value | quote }} + {{- else if eq $policy "generate" }} + {{- include "common.createPassword" (dict "dot" $global "uid" $name) | quote }} + {{- else }} + {{- fail (printf "Value for %s secret %s key not provided" $name $secretEnv.name) }} + {{- end }} +{{- end -}} + + +{{/* + For internal use only! + + Generate a secret name based on provided name or UID. + If UID is provided then the name is generated by appending this UID right after + the chart name. If name is provided, it overrides the name generation algorith + and is used right away. Both name and uid strings may contain a template to be + resolved. + + The template takes below arguments: + - .global: environment (.) + - .uid: string that uniquely identifies this secret within a helm chart + - .name: string that can be used to override default name generation algorithm + and provide a custom name for the secret +*/}} +{{- define "common.secret._genName" -}} + {{- $global := .global }} + {{- $uid := tpl (default "" .uid) $global }} + {{- $name := tpl (default "" .name) $global }} + {{- default (printf "%s-%s" (include "common.fullname" $global) $uid) $name }} +{{- end -}} + +{{/* + Get the real secret name by UID or name, based on the configuration provided by user. + User may decide to not create a new secret but reuse existing one for this deployment + (aka externalSecret). In this case the real name of secret to be used is different + than the one declared in secret definition. This easily retrieve current secret real + name based on declared name or UID even if it has been overrided by the user using + externalSecret option. You should use this template always when you need to reference + a secret created using common.secret template by name. + + The template takes below arguments: + - .global: environment (.) + - .uid: string that uniquely identifies this secret within a helm chart + (can be omitted if name has been provided) + - .name: name which was used to declare a secret + (can be omitted if uid has been provided) +*/}} +{{- define "common.secret.getSecretName" -}} + {{- $global := .global }} + {{- $targetName := include "common.secret._genName" (dict "global" $global "uid" .uid "name" .name) }} + {{- range $secret := $global.Values.secrets }} + {{- $currName := include "common.secret._genName" (dict "global" $global "uid" $secret.uid "name" $secret.name) }} + {{- if eq $currName $targetName }} + {{- $externalSecret := tpl (default "" $secret.externalSecret) $global }} + {{- default $currName $externalSecret }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* + Convenience template which can be used to easily set the value of environment variable + to the value of a key in a secret. + + It takes care of all name mangling, usage of external secrets etc. + + The template takes below arguments: + - .global: environment (.) + - .uid: string that uniquely identifies this secret within a helm chart + (can be omitted if name has been provided) + - .name: name which was used to declare a secret + (can be omitted if uid has been provided) + - .key: Key within this secret which value should be assigned to this variable + + Example usage: + env: + - name: SECRET_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "secret" "key" "password") | indent 8}} +*/}} +{{- define "common.secret.envFromSecret" -}} + {{- $key := .key }} +valueFrom: + secretKeyRef: + name: {{ include "common.secret.getSecretName" . }} + key: {{ $key }} +{{- end -}} + +{{/* + Define secrets to be used by chart. + Every secret has a type which is one of: + - generic: + Generic secret template that allows to input some raw data (from files). + File Input can be passed as list of files (filePaths) or as a single string + (filePath) + - genericKV: + Type of secret which allows you to define a list of key value pairs. + The list is assiged to envs value. Every item may define below items: + - name: + Identifier of this value within secret + - value: + String that defines a value associated with given key. + This can be a simple string or a template. + - policy: + Defines what to do if value is not provided by the user. + Available options are: + - generate: + Generate a value by derriving it from master password + - required: + Fail the deployment + - password: + Type of secret that holds only the password. + Only two items can be defined for this type: + - password: + Equivalent of value field from genericKV + - policy: + The same meaning as for genericKV policy field + - basicAuth: + Type of secret that holds both username and password. + Below fields are available: + - login: + The value for login key. + This can be a simple string or a template. + Providing a value for login is always required. + - password: + The value for password key. + This can be a simple string or a template. + - passwordPolicy: + The same meaning as the policy field in genericKV. + Only the policy for password can be set. + + Every secret can be identified using: + - uid: + A string to be appended to the chart fullname to generate a secret name. + - name: + Overrides default secret name generation and allows to set immutable + and globaly unique name + + To allow sharing a secret between the components and allow to pre-deploy secrets + before ONAP deployment it is possible to use already existing secret instead of + creating a new one. For this purpose externalSecret field can be used. If value of + this field is evaluated to true no new secret is created, only the name of the + secret is aliased to the external one. + + Example usage: + secrets.yaml: + {{ include "common.secret" . }} + + values.yaml: + mysqlLogin: "root" + + mysqlExternalSecret: "some-other-secret-name" + + secrets: + - uid: "mysql" + externalSecret: '{{ tpl .Values.passExternalSecret . }}' + type: basicAuth + login: '{{ .Values.mysqlLogin }}' + mysqlPassword: '{{ .Values.mysqlPassword }}' + passwordPolicy: generate + + In the above example new secret is not going to be created. + Already existing one (some-other-secret-name) is going to be used. + To force creating a new one, just make sure that mysqlExternalSecret + is not set. + +*/}} +{{- define "common.secret" -}} + {{- $global := . }} + {{- range $secret := .Values.secrets }} + {{- $name := include "common.secret._genName" (dict "global" $global "uid" $secret.uid "name" $secret.name) }} + {{- $type := default "generic" $secret.type }} + {{- $externalSecret := tpl (default "" $secret.externalSecret) $global }} + {{- if not $externalSecret }} +--- + {{ include "common.secret._header" (dict "global" $global "name" $name) }} + + {{- if eq $type "generic" }} +data: + {{- range $curFilePath := $secret.filePaths }} + {{ tpl ($global.Files.Glob $curFilePath).AsSecrets $global | indent 2 }} + {{- end }} + {{- if $secret.filePath }} + {{ tpl ($global.Files.Glob $secret.filePath).AsSecrets $global | indent 2 }} + {{- end }} + {{- else if eq $type "genericKV" }} +stringData: + {{- if $secret.envs }} + {{- range $secretEnv := $secret.envs }} + {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }} + {{ $secretEnv.name }}: {{ include "common.secret._value" $valueDesc }} + {{- end }} + {{- end }} + {{- else if eq $type "password" }} + {{- $secretEnv := (dict "policy" (default "generate" $secret.policy) "name" "password" "value" $secret.password) }} + {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }} +stringData: + password: {{ include "common.secret._value" $valueDesc }} + {{- else if eq $type "basicAuth" }} +stringData: + {{- $secretEnv := (dict "policy" "required" "name" "login" "value" $secret.login) }} + {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }} + login: {{ include "common.secret._value" $valueDesc }} + {{- $secretEnv := (dict "policy" (default "generate" $secret.passwordPolicy) "name" "password" "value" $secret.password) }} + {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }} + password: {{ include "common.secret._value" $valueDesc }} + {{- end }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/kubernetes/common/etcd/templates/pv.yaml b/kubernetes/common/etcd/templates/pv.yaml index 65993e5f2a..da8dfb8a22 100644 --- a/kubernetes/common/etcd/templates/pv.yaml +++ b/kubernetes/common/etcd/templates/pv.yaml @@ -12,30 +12,34 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ if .Values.persistence.enabled }} -{{- $root := . -}} -{{ range $i, $e := until (int $root.Values.replicaCount) }} +{{- $global := . }} +{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} +{{- if eq "True" (include "common.needPV" .) -}} +{{- range $i := until (int $global.Values.replicaCount)}} --- apiVersion: v1 kind: PersistentVolume metadata: - name: {{ include "common.fullname" $root }}-data-{{ $i }} - namespace: {{ $root.Release.Namespace }} + name: {{ include "common.fullname" $global }}-data-{{ $i }} + namespace: {{ include "common.namespace" $global }} labels: - type: {{ $root.Values.persistence.storageType }} - app: {{ include "common.fullname" $root }} - chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }} - release: {{ $root.Release.Name }} - heritage: {{ $root.Release.Service }} + app: {{ include "common.fullname" $global }} + chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" + release: "{{ $global.Release.Name }}" + heritage: "{{ $global.Release.Service }}" + name: {{ include "common.fullname" $global }} spec: capacity: - storage: {{ $root.Values.persistence.storage }} + storage: {{ $global.Values.persistence.storage }} accessModes: - - {{ $root.Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" $root }}-data" + - {{ $global.Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" $global }}-data" hostPath: - path: {{ $root.Values.persistence.mountPath }}/{{ $root.Release.Name }}/{{ $root.Values.persistence.mountSubPath }}-{{ $i }} - persistentVolumeReclaimPolicy: {{ $root.Values.persistence.volumeReclaimPolicy }} -{{ end }} -{{ end }} - + path: {{ $global.Values.persistence.mountPath }}/{{ $global.Release.Name }}/{{ $global.Values.persistence.mountSubPath }}-{{ $i }} +{{if ne $i (int $global.Values.replicaCount) }} +--- +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index 7190c5bca0..cef1a48c2a 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -213,14 +213,19 @@ spec: volumeClaimTemplates: - metadata: name: {{ include "common.fullname" . }}-data + labels: + name: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" spec: accessModes: - - "{{ .Values.persistence.accessMode }}" + - "{{ .Values.persistence.accessMode }}" + storageClassName: {{ include "common.storageClass" . }} resources: requests: # upstream recommended max is 700M storage: "{{ .Values.persistence.storage }}" - storageClassName: {{ include "common.fullname" . }}-data {{- else }} volumes: - name: {{ include "common.fullname" . }}-data @@ -231,4 +236,3 @@ spec: emptyDir: {} {{- end }} {{- end }} - diff --git a/kubernetes/common/etcd/values.yaml b/kubernetes/common/etcd/values.yaml index 7f53d22248..d994f87ea4 100644 --- a/kubernetes/common/etcd/values.yaml +++ b/kubernetes/common/etcd/values.yaml @@ -45,7 +45,7 @@ liveness: enabled: true persistence: - enabled: false + enabled: true ## etcd data Persistent Volume Storage Class ## If defined, storageClassName: <storageClass> ## If set to "-", storageClassName: "", which disables dynamic provisioning @@ -79,4 +79,3 @@ tolerations: [] affinity: {} extraEnv: [] resources: {} - diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml index 7d3ec75c00..408bd1814c 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2019 Amdocs, Bell Canada +# Copyright © 2019 Amdocs, Bell Canada, Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -86,25 +86,17 @@ spec: echo "Backup Successful!!!" env: - name: DB_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.fullname" . }} - key: db-root-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14}} volumeMounts: - - name: backup-data + - name: backup-dir mountPath: /backup - - name: db-data - mountPath: /var/lib/mysql containers: - name: mariadb-backup-validate image: "{{ include "common.repository" . }}/{{ .Values.backupImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.fullname" . }} - key: db-root-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14}} command: - /bin/bash - -c @@ -130,7 +122,7 @@ spec: remove_dir $target_dir exit 0 fi - + /docker-entrypoint.sh mysqld & count=0 @@ -163,16 +155,13 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - name: backup-data + - name: backup-dir mountPath: /backup volumes: - name: localtime hostPath: path: /etc/localtime - - name: db-data - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-db-data - - name: backup-data + - name: backup-dir persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-backup + claimName: {{ include "common.fullname" . }}-backup-data {{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/backup/pv.yaml b/kubernetes/common/mariadb-galera/templates/backup/pv.yaml index 2972191563..ec6f44d955 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/pv.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/pv.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2019 Amdocs, Bell Canada +# Copyright © 2019 Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,45 +15,27 @@ */}} {{- if .Values.backup.enabled }} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-backup - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }}-backup -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.global.persistence.backup.mountPath | default .Values.persistence.backup.mountPath }}/{{ include "common.namespace" . }}/{{include "common.name" . }} +{{- if eq "True" (include "common.needPV" .) -}} --- -kind: PersistentVolume apiVersion: v1 +kind: PersistentVolume metadata: - name: {{ include "common.fullname" . }}-db-data + name: {{ include "common.fullname" . }}-backup-data namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }}-db-data + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: {{ .Release.Service }} + name: {{ include "common.fullname" . }}-backup-data spec: capacity: - storage: {{ .Values.persistence.size}} + storage: {{ .Values.persistence.size }} accessModes: - {{ .Values.persistence.accessMode }} persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" . }}-data-backup" hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}{{ sub .Values.replicaCount 1 }} + path: {{ .Values.global.persistence.backup.mountPath | default .Values.persistence.backup.mountPath }}/{{ include "common.namespace" $ }}/{{ include "common.fullname" $ }} +{{- end -}} {{- end -}} {{- end -}} - diff --git a/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml b/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml index a983c8af98..06b590c7fd 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2019 Amdocs, Bell Canada +# Copyright © 2019 Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,44 +15,14 @@ */}} {{- if .Values.backup.enabled }} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-backup - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-backup - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - selector: - matchLabels: - name: {{ include "common.fullname" . }}-backup - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end }} --- kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: {{ include "common.fullname" . }}-db-data + name: {{ include "common.fullname" . }}-backup-data namespace: {{ include "common.namespace" . }} labels: - app: {{ include "common.name" . }}-db-data + app: {{ include "common.name" . }}-backup chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" @@ -61,21 +31,15 @@ metadata: {{ toYaml .Values.persistence.annotations | indent 4 }} {{- end }} spec: - selector: - matchLabels: - name: {{ include "common.fullname" . }}-db-data accessModes: - {{ .Values.persistence.accessMode }} resources: requests: storage: {{ .Values.persistence.size }} -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" +{{- if eq "True" (include "common.needPV" .) -}} + storageClassName: "{{ include "common.fullname" . }}-data-backup" {{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end }} + storageClassName: {{ include "common.storageClass" . }} +{{- end -}} {{- end -}} {{- end -}} - diff --git a/kubernetes/common/mariadb-galera/templates/pv.yaml b/kubernetes/common/mariadb-galera/templates/pv.yaml index 96bd94ee3a..795ad3188b 100644 --- a/kubernetes/common/mariadb-galera/templates/pv.yaml +++ b/kubernetes/common/mariadb-galera/templates/pv.yaml @@ -20,7 +20,7 @@ kind: PersistentVolume apiVersion: v1 metadata: - name: {{ include "common.fullname" $global }}-data-{{$i}} + name: {{ include "common.fullname" $global }}-data-{{ $i }} namespace: {{ include "common.namespace" $global }} labels: app: {{ include "common.fullname" $global }} diff --git a/kubernetes/common/mariadb-galera/templates/secrets.yaml b/kubernetes/common/mariadb-galera/templates/secrets.yaml index 233158f791..3f8eb0b6de 100644 --- a/kubernetes/common/mariadb-galera/templates/secrets.yaml +++ b/kubernetes/common/mariadb-galera/templates/secrets.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2019 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,18 +12,4 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -type: Opaque -data: - db-root-password: {{ .Values.config.mariadbRootPassword | b64enc | quote }} - user-password: {{ default "" .Values.config.userPassword | b64enc | quote }}
\ No newline at end of file +{{ include "common.secret" . }} diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml index 2e770367b3..a9f1fb37b7 100644 --- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml +++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2019 Amdocs, Bell Canada, Orange, Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -61,19 +61,13 @@ spec: apiVersion: v1 fieldPath: metadata.namespace - name: MYSQL_USER - value: {{ default "" .Values.config.userName | quote }} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-credentials" "key" "login") | indent 14}} - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: user-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-credentials" "key" "password") | indent 14}} - name: MYSQL_DATABASE value: {{ default "" .Values.config.mysqlDatabase | quote }} - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14}} ports: - containerPort: {{ .Values.service.internalPort }} name: {{ .Values.service.portName }} @@ -112,7 +106,7 @@ spec: - mountPath: /var/lib/mysql name: {{ include "common.fullname" . }}-data initContainers: - - name: mariadb-galera-prepare + - name: {{ include "common.name" . }}-prepare image: "{{ include "common.repository" . }}/{{ .Values.imageInit }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy | quote}} command: ["sh", "-c", "chown -R 27:27 /var/lib/mysql"] diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index 14215e46de..a6dd1ca359 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2019 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +14,21 @@ # limitations under the License. ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: "db-root-password" + type: password + externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' + password: '{{ .Values.config.mariadbRootPassword }}' + - uid: "db-user-credentials" + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.userName }}' + password: '{{ .Values.config.userPassword }}' + + +################################################################# # Global configuration defaults. ################################################################# global: @@ -41,7 +57,9 @@ pullPolicy: IfNotPresent # application configuration config: + # .mariadbRootPasswordExternalSecret: 'some-external-secret' mariadbRootPassword: secretpassword + # .userCredentialsExternalSecret: 'some-external-secret' userName: my-user userPassword: my-password mysqlDatabase: my-database diff --git a/kubernetes/common/mysql/.helmignore b/kubernetes/common/mariadb-init/.helmignore index f0c1319444..dadf202953 100644 --- a/kubernetes/common/mysql/.helmignore +++ b/kubernetes/common/mariadb-init/.helmignore @@ -19,3 +19,5 @@ .project .idea/ *.tmproj + +tests diff --git a/kubernetes/common/nfs-provisioner/Chart.yaml b/kubernetes/common/mariadb-init/Chart.yaml index ad16ed747b..47b8b8f11c 100644 --- a/kubernetes/common/nfs-provisioner/Chart.yaml +++ b/kubernetes/common/mariadb-init/Chart.yaml @@ -1,4 +1,4 @@ -# Copyright © 2019 Amdocs, Bell Canada +# Copyright © 2018 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +13,6 @@ # limitations under the License. apiVersion: v1 -description: NFS provisioner -name: nfs-provisioner +description: Chart for MariaDB Galera init job +name: mariadb-init version: 5.0.0 diff --git a/kubernetes/common/mysql/requirements.yaml b/kubernetes/common/mariadb-init/requirements.yaml index 79d7de4dd3..d323ddaa2b 100644 --- a/kubernetes/common/mysql/requirements.yaml +++ b/kubernetes/common/mariadb-init/requirements.yaml @@ -1,4 +1,4 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2018 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,4 +15,4 @@ dependencies: - name: common version: ~5.x-0 - repository: '@local' + repository: 'file://../common'
\ No newline at end of file diff --git a/kubernetes/common/mariadb-init/resources/config/db_init.sh b/kubernetes/common/mariadb-init/resources/config/db_init.sh new file mode 100755 index 0000000000..304835bdd5 --- /dev/null +++ b/kubernetes/common/mariadb-init/resources/config/db_init.sh @@ -0,0 +1,32 @@ +#!/bin/sh +# Copyright © 2019 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +echo "Creating database {{ .Values.config.mysqlDatabase }} and user {{ .Values.config.userName }}..." + +mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE OR REPLACE USER '{{ .Values.config.userName }}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'" +mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE DATABASE IF NOT EXISTS {{ .Values.config.mysqlDatabase }}" +mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "GRANT ALL PRIVILEGES ON {{ .Values.config.mysqlDatabase }}.* TO '{{ .Values.config.userName }}'@'%'" + +echo "Created database {{ .Values.config.mysqlDatabase }} and user {{ .Values.config.userName }}." + +{{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases -}} +echo "Creating database {{ $db }} and user {{ $dbInfos.user }}..." + +mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE OR REPLACE USER '{{ $dbInfos.user }}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD_{{ $db | upper }}}'" +mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE DATABASE IF NOT EXISTS {{ $db }}" +mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "GRANT ALL PRIVILEGES ON {{ $db }}.* TO '{{ $dbInfos.user }}'@'%'" + +echo "Created database {{ $db }} and user {{ $dbInfos.user }}." +{{ end }} diff --git a/kubernetes/common/mongo/templates/storageclass.yaml b/kubernetes/common/mariadb-init/templates/_configmap.tpl index 3cd502ea30..ea612a078d 100644 --- a/kubernetes/common/mongo/templates/storageclass.yaml +++ b/kubernetes/common/mariadb-init/templates/_configmap.tpl @@ -1,5 +1,5 @@ {{/* -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2019 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,11 +14,13 @@ # limitations under the License. */}} -{{ if not .Values.disableNfsProvisioner }} -kind: StorageClass -apiVersion: storage.k8s.io/v1 -metadata: - name: "{{ include "common.fullname" . }}-data" - namespace: {{ include "common.namespace" . }} -provisioner: {{ include "common.fullname" . }}/nfs -{{ end }} +{{/* + Choose the name of the configmap to use. +*/}} +{{- define "mariadbInit.configMap" -}} + {{- if (eq "default" .Values.config.config_map) -}} + {{- include "common.fullname" . -}} + {{- else -}} + {{- printf "%s-%s" (include "common.release" .) .Values.config.config_map -}} + {{- end -}} +{{- end -}} diff --git a/kubernetes/common/mysql/Chart.yaml b/kubernetes/common/mariadb-init/templates/_mariadb.tpl index 7f272295ff..fb3f7974b9 100644 --- a/kubernetes/common/mysql/Chart.yaml +++ b/kubernetes/common/mariadb-init/templates/_mariadb.tpl @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +{{/* +# Copyright © 2019 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,8 +12,15 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: v1 -description: MySQL Server -name: mysql -version: 5.0.0 +{{/* + Choose the name of the mariadb secret to use. +*/}} +{{- define "mariadbInit.mariadbClusterSecret" -}} + {{- if (eq "default" .Values.global.mariadbGalera.userRootSecret) -}} + {{- printf "%s-mariadb-galera-%s-db-root-password" (include "common.release" .) .Values.global.mariadbGalera.nameOverride -}} + {{- else -}} + {{- .Values.global.mariadbGalera.userRootSecret -}} + {{- end -}} +{{- end -}} diff --git a/kubernetes/common/mysql/templates/secrets.yaml b/kubernetes/common/mariadb-init/templates/configmap.yaml index 7f9b1230eb..9da03668f5 100644 --- a/kubernetes/common/mysql/templates/secrets.yaml +++ b/kubernetes/common/mariadb-init/templates/configmap.yaml @@ -1,5 +1,5 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2019 Orange +# Modifications Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,18 +12,16 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} apiVersion: v1 -kind: Secret +kind: ConfigMap metadata: name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: - app: {{ include "common.fullname" . }} + app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -type: Opaque data: - db-root-password: {{ .Values.config.dbRootPassword | b64enc | quote }} +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml new file mode 100644 index 0000000000..679c10c9a3 --- /dev/null +++ b/kubernetes/common/mariadb-init/templates/job.yaml @@ -0,0 +1,105 @@ +# Copyright © 2019 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-config-job + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + backoffLimit: 20 + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + name: {{ include "common.name" . }} + spec: + initContainers: + - name: {{ include "common.name" . }}-readiness + command: + - /root/ready.py + args: + - --container-name + - {{ .Values.global.mariadbGalera.nameOverride }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - bash + - /db_init/db_init.sh + env: + - name: DB_HOST + value: "{{ .Values.global.mariadbGalera.nameOverride }}" + - name: DB_PORT + value: "{{ .Values.global.mariadbGalera.servicePort }}" + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mariadbInit.mariadbClusterSecret" . }} + key: {{ .Values.global.mariadbGalera.userRootSecretKey }} + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: db-user-password +{{- $root := . }} +{{ range $db, $_value := .Values.config.mysqlAdditionalDatabases }} + - name: {{ printf "MYSQL_PASSWORD_%s" $db | upper }} + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" $root }}-secret + key: {{ printf "db-%s-user-password" $db }} +{{ end }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: mariadb-conf + mountPath: /db_init/ + readOnly: true + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: mariadb-conf + configMap: + name: {{ include "mariadbInit.configMap" . }} + - name: localtime + hostPath: + path: /etc/localtime + restartPolicy: Never + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/mysql/templates/storageclass.yaml b/kubernetes/common/mariadb-init/templates/secret.yaml index bbe4562d0a..f30d582110 100644 --- a/kubernetes/common/mysql/templates/storageclass.yaml +++ b/kubernetes/common/mariadb-init/templates/secret.yaml @@ -1,5 +1,4 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,18 +11,20 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} -{{ if not .Values.disableNfsProvisioner }} -kind: StorageClass -apiVersion: storage.k8s.io/v1 +apiVersion: v1 +kind: Secret metadata: - name: "{{ include "common.fullname" . }}-mysql" + name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -provisioner: {{ include "common.fullname" . }}/nfs +type: Opaque +data: + db-user-password: {{ index .Values.config.userPassword | b64enc | quote }} +{{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }} + {{ printf "db-%s-user-password" $db}}: {{ $dbInfos.password | b64enc | quote }} {{ end }} diff --git a/kubernetes/common/mariadb-init/tests/configmap_test.yaml b/kubernetes/common/mariadb-init/tests/configmap_test.yaml new file mode 100644 index 0000000000..34914cdb3e --- /dev/null +++ b/kubernetes/common/mariadb-init/tests/configmap_test.yaml @@ -0,0 +1,114 @@ +--- +suite: test configmap behavior +templates: + - configmap.yaml +tests: + - it: "should render with default value" + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: RELEASE-NAME-mariadb-init + - equal: + path: metadata.namespace + value: NAMESPACE + - matchRegex: + path: metadata.labels.app + pattern: mariadb-init + - equal: + path: data + value: + db_init.sh: | + #!/bin/sh + # Copyright © 2019 Orange + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + echo "Creating database ynsaUCru6mUNwGal and user u5WZ1GMSIS1wHZF..." + + mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 + CREATE OR REPLACE USER 'u5WZ1GMSIS1wHZF'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD}'; + CREATE OR REPLACE USER 'u5WZ1GMSIS1wHZF'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'; + CREATE DATABASE IF NOT EXISTS ynsaUCru6mUNwGal; + GRANT ALL PRIVILEGES ON ynsaUCru6mUNwGal.* TO 'u5WZ1GMSIS1wHZF'@'%'; + GRANT ALL PRIVILEGES ON ynsaUCru6mUNwGal.* TO 'u5WZ1GMSIS1wHZF'@'localhost'; + EOF + + echo "Created database ynsaUCru6mUNwGal and user u5WZ1GMSIS1wHZF." + - it: "shoud render with other databases" + set: + config: + userName: testUser + mysqlDatabase: testDB + mysqlAdditionalDatabases: + dbOne: + user: one + password: pwd1 + dbTwo: + user: two + password: pwd2 + asserts: + - equal: + path: data + value: + db_init.sh: | + #!/bin/sh + # Copyright © 2019 Orange + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + echo "Creating database testDB and user testUser..." + + mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 + CREATE OR REPLACE USER 'testUser'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD}'; + CREATE OR REPLACE USER 'testUser'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'; + CREATE DATABASE IF NOT EXISTS testDB; + GRANT ALL PRIVILEGES ON testDB.* TO 'testUser'@'%'; + GRANT ALL PRIVILEGES ON testDB.* TO 'testUser'@'localhost'; + EOF + + echo "Created database testDB and user testUser." + + echo "Creating database dbOne and user one..." + + mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 + CREATE OR REPLACE USER 'one'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD_DBONE}'; + CREATE OR REPLACE USER 'one'@'%' IDENTIFIED BY '${MYSQL_PASSWORD_DBONE}'; + CREATE DATABASE IF NOT EXISTS dbOne; + GRANT ALL PRIVILEGES ON dbOne.* TO 'one'@'%'; + GRANT ALL PRIVILEGES ON dbOne.* TO 'one'@'localhost'; + EOF + + echo "Created database dbOne and user one." + echo "Creating database dbTwo and user two..." + + mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 + CREATE OR REPLACE USER 'two'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD_DBTWO}'; + CREATE OR REPLACE USER 'two'@'%' IDENTIFIED BY '${MYSQL_PASSWORD_DBTWO}'; + CREATE DATABASE IF NOT EXISTS dbTwo; + GRANT ALL PRIVILEGES ON dbTwo.* TO 'two'@'%'; + GRANT ALL PRIVILEGES ON dbTwo.* TO 'two'@'localhost'; + EOF + + echo "Created database dbTwo and user two." diff --git a/kubernetes/common/mariadb-init/tests/job_test.yaml b/kubernetes/common/mariadb-init/tests/job_test.yaml new file mode 100644 index 0000000000..7523ee1c6e --- /dev/null +++ b/kubernetes/common/mariadb-init/tests/job_test.yaml @@ -0,0 +1,307 @@ +--- +suite: test job behavior +templates: + - job.yaml +tests: + - it: "should render with default value (global)" + asserts: + - isKind: + of: Job + - matchRegex: + path: metadata.name + pattern: -mariadb-init-config-job$ + - equal: + path: metadata.namespace + value: NAMESPACE + - matchRegex: + path: metadata.labels.app + pattern: mariadb-init + - matchRegex: + path: spec.template.metadata.labels.app + pattern: mariadb-init + - matchRegex: + path: spec.template.metadata.name + pattern: mariadb-init + - isNull: + path: spec.template.spec.nodeSelector + - isNull: + path: spec.template.spec.affinity + - it: "should render with default value (init container)" + asserts: + - matchRegex: + path: spec.template.spec.initContainers[0].name + pattern: mariadb-init-readiness + - contains: + path: spec.template.spec.initContainers[0].args + content: mariadb-galera + - equal: + path: spec.template.spec.initContainers[0].image + value: oomk8s/readiness-check:2.0.2 + - equal: + path: spec.template.spec.initContainers[0].imagePullPolicy + value: IfNotPresent + - it: "should render with default value (container)" + asserts: + - matchRegex: + path: spec.template.spec.containers[0].name + pattern: mariadb-init + - equal: + path: spec.template.spec.containers[0].image + value: nexus3.onap.org:10001/mariadb:10.1.38 + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: IfNotPresent + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_HOST + value: mariadb-galera + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_PORT + value: "3306" + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-galera-mariadb-galera + key: db-root-password + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-init-secret + key: db-user-password + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: mariadb-conf + mountPath: /db_init/ + readOnly: true + - equal: + path: spec.template.spec.containers[0].resources.limits.cpu + value: 100m + - equal: + path: spec.template.spec.containers[0].resources.limits.memory + value: 500Mbi + - equal: + path: spec.template.spec.containers[0].resources.requests.cpu + value: 10m + - equal: + path: spec.template.spec.containers[0].resources.requests.memory + value: 10Mbi + - it: "should render with default value (volumes)" + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: mariadb-conf + configMap: + name: RELEASE-NAME-mariadb-init + + - it: "should render with nameOverride set" + set: + nameOverride: myJob + asserts: + - matchRegex: + path: metadata.name + pattern: -myJob-config-job$ + - matchRegex: + path: metadata.labels.app + pattern: myJob + - matchRegex: + path: spec.template.metadata.labels.app + pattern: myJob + - matchRegex: + path: spec.template.metadata.name + pattern: myJob + - matchRegex: + path: spec.template.spec.initContainers[0].name + pattern: myJob-readiness + - matchRegex: + path: spec.template.spec.containers[0].name + pattern: myJob + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + # replicating name from mariadb galera cluster, kind of hardcoded... + name: RELEASE-NAME-myJob-secret + key: db-user-password + - contains: + path: spec.template.spec.volumes + content: + name: mariadb-conf + configMap: + name: RELEASE-NAME-myJob + + - it: "should render with configmap set" + set: + config: + config_map: myCM + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: mariadb-conf + configMap: + name: RELEASE-NAME-myCM + + - it: "should render with mariadbGalera changes" + set: + global: + mariadbGalera: + nameOverride: myMaria + servicePort: 545 + asserts: + - contains: + path: spec.template.spec.initContainers[0].args + content: myMaria + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_HOST + value: myMaria + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_PORT + value: "545" + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-galera-myMaria + key: db-root-password + + - it: "should render with full mariadbGalera changes" + set: + global: + mariadbGalera: + nameOverride: myMaria + servicePort: 545 + userRootSecret: galera-secret + userRootSecretKey: root-password + asserts: + - contains: + path: spec.template.spec.initContainers[0].args + content: myMaria + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_HOST + value: myMaria + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_PORT + value: "545" + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: galera-secret + key: root-password + + - it: "should set the right nodeSelector" + set: + nodeSelector: + disktype: ssd + asserts: + - equal: + path: spec.template.spec.nodeSelector.disktype + value: ssd + + - it: "should set the right affinity" + set: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/e2e-az-name + operator: In + values: + - e2e-az1 + - e2e-az2 + asserts: + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/e2e-az-name + operator: In + values: + - e2e-az1 + - e2e-az2 + - it: "should use large flavor" + set: + flavor: large + asserts: + - equal: + path: spec.template.spec.containers[0].resources.limits.cpu + value: 200m + - equal: + path: spec.template.spec.containers[0].resources.limits.memory + value: 500Mbi + - equal: + path: spec.template.spec.containers[0].resources.requests.cpu + value: 20m + - equal: + path: spec.template.spec.containers[0].resources.requests.memory + value: 20Mbi + - it: "should use unlimited flavor" + set: + flavor: unlimited + asserts: + - isEmpty: + path: spec.template.spec.containers[0].resources + - it: "shoud render with other databases" + set: + config: + mysqlAdditionalDatabases: + dbOne: + user: one + password: pwd1 + dbTwo: + user: two + password: pwd2 + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-init-secret + key: db-user-password + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PASSWORD_DBONE + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-init-secret + key: db-dbOne-user-password + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PASSWORD_DBTWO + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-init-secret + key: db-dbTwo-user-password diff --git a/kubernetes/common/mariadb-init/tests/secret_test.yaml b/kubernetes/common/mariadb-init/tests/secret_test.yaml new file mode 100644 index 0000000000..ef0565d6c0 --- /dev/null +++ b/kubernetes/common/mariadb-init/tests/secret_test.yaml @@ -0,0 +1,49 @@ +--- +suite: test secret behavior +templates: + - secret.yaml +tests: + - it: "should render with default values" + asserts: + - isKind: + of: Secret + - equal: + path: metadata.name + value: RELEASE-NAME-mariadb-init + - equal: + path: metadata.namespace + value: NAMESPACE + - matchRegex: + path: metadata.labels.app + pattern: mariadb-init-config-job + - equal: + path: data.db-user-password + value: Q2lAc2hzT2QzcGt5MVZqaQ== + - it: "should render specific password value base64 encoded" + set: + config: + userPassword: yolo + asserts: + - equal: + path: data.db-user-password + value: eW9sbw== + - it: "shoud render with other databases" + set: + config: + mysqlAdditionalDatabases: + dbOne: + user: one + password: pwd1 + dbTwo: + user: two + password: pwd2 + asserts: + - equal: + path: data.db-user-password + value: Q2lAc2hzT2QzcGt5MVZqaQ== + - equal: + path: data.db-dbOne-user-password + value: cHdkMQ== + - equal: + path: data.db-dbTwo-user-password + value: cHdkMg== diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml new file mode 100644 index 0000000000..d148ba6888 --- /dev/null +++ b/kubernetes/common/mariadb-init/values.yaml @@ -0,0 +1,87 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + mariadbGalera: + nameOverride: mariadb-galera + servicePort: 3306 + # set these two values if you want to access an 'out of ONAP' mariadb + userRootSecret: default + userRootSecretKey: password + +################################################################# +# Application configuration defaults. +################################################################# + +image: mariadb:10.1.38 +pullPolicy: IfNotPresent + +# Set it if you want to change the name of the different components +# nameOverride: + +config: + userPassword: Ci@shsOd3pky1Vji + userName: u5WZ1GMSIS1wHZF + mysqlDatabase: ynsaUCru6mUNwGal + mysqlAdditionalDatabases: {} + # add addtional dabases + # this is an dict + # Example: + # mysqlAdditionalDatabases: + # dbOne: + # user: one + # password: pwd1 + # dbTwo: + # user: two + # password: pwd2 + config_map: default + +nodeSelector: {} + +affinity: {} + +#resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +flavor: small +resources: + small: + limits: + cpu: 100m + memory: 500Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 20m + memory: 20Mi + unlimited: {} diff --git a/kubernetes/common/mongo/templates/nfs-provisoner.yaml b/kubernetes/common/mongo/templates/nfs-provisoner.yaml deleted file mode 100644 index 355ad38235..0000000000 --- a/kubernetes/common/mongo/templates/nfs-provisoner.yaml +++ /dev/null @@ -1,78 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ if not .Values.disableNfsProvisioner }} -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - #replicas: {{ .Values.replicaCount }} - strategy: - type: Recreate - template: - metadata: - labels: - app: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - release: {{ .Release.Name }} - spec: - containers: - - name: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - image: "{{ .Values.global.nfsprovisionerRepository | default .Values.nfsprovisionerRepository }}/{{ .Values.nfsprovisionerImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - name: nfs - containerPort: {{ .Values.service.nfsPort }} - - name: mountd - containerPort: {{ .Values.service.mountdPort }} - - name: rpcbind - containerPort: {{ .Values.service.rpcbindPort }} - - name: rpcbind-udp - containerPort: {{ .Values.service.rpcbindUdpPort }} - protocol: UDP - securityContext: - capabilities: - add: - - DAC_READ_SEARCH - - SYS_RESOURCE - args: - - "-provisioner={{ include "common.fullname" . }}/nfs" - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_NAME - value: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: export-volume - mountPath: /export - volumes: - - name: export-volume - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} -{{ end }} diff --git a/kubernetes/common/mongo/templates/pv.yaml b/kubernetes/common/mongo/templates/pv.yaml index 824dcbb87b..edc50aedea 100644 --- a/kubernetes/common/mongo/templates/pv.yaml +++ b/kubernetes/common/mongo/templates/pv.yaml @@ -14,25 +14,33 @@ # limitations under the License. */}} -{{- if (and (and (.Values.persistence.enabled) (not .Values.persistence.existingClaim)) ( .Values.disableNfsProvisioner)) -}} +{{- $global := . }} +{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} +{{- if eq "True" (include "common.needPV" .) -}} +{{- range $i := until (int $global.Values.replicaCount)}} kind: PersistentVolume apiVersion: v1 metadata: - name: {{ include "common.fullname" . }}-data - namespace: {{ include "common.namespace" . }} + name: {{ include "common.fullname" $global }}-data-{{ $i }} + namespace: {{ include "common.namespace" $global }} labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} + app: {{ include "common.fullname" $global }} + chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" + release: "{{ $global.Release.Name }}" + heritage: "{{ $global.Release.Service }}" + name: {{ include "common.fullname" $global }} spec: capacity: - storage: {{ .Values.persistence.size}} + storage: {{ $global.Values.persistence.size}} accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" . }}-data" - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + - {{ $global.Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" $global }}-data" hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} + path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ $global.Release.Name }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} +{{if ne $i (int $global.Values.replicaCount) }} +--- +{{- end -}} +{{- end -}} +{{- end -}} {{- end -}} diff --git a/kubernetes/common/mongo/templates/pvc.yaml b/kubernetes/common/mongo/templates/pvc.yaml deleted file mode 100644 index 372c106800..0000000000 --- a/kubernetes/common/mongo/templates/pvc.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-data - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.size }} - selector: - matchLabels: - name: {{ include "common.fullname" . }} - storageClassName: "{{ include "common.fullname" . }}-data" -{{- end -}} diff --git a/kubernetes/common/mongo/templates/service.yaml b/kubernetes/common/mongo/templates/service.yaml index df55854ee5..d59243f90d 100644 --- a/kubernetes/common/mongo/templates/service.yaml +++ b/kubernetes/common/mongo/templates/service.yaml @@ -32,29 +32,6 @@ spec: app: {{ include "common.name" . }} release: {{ .Release.Name }} clusterIP: None -#{{ if not .Values.disableNfsProvisioner }} ---- -kind: Service -apiVersion: v1 -metadata: - name: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - namespace: {{ include "common.namespace" . }} - labels: - app: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner -spec: - ports: - - name: nfs - port: {{ .Values.service.nfsPort }} - - name: mountd - port: {{ .Values.service.mountdPort }} - - name: rpcbind - port: {{ .Values.service.rpcbindPort }} - - name: rpcbind-udp - port: {{ .Values.service.rpcbindUdpPort }} - protocol: UDP - selector: - app: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner -#{{ end }} --- # Client service for connecting to any Mongo instance for reads. apiVersion: v1 diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml index c79739f5f1..0c6c9f4fd5 100644 --- a/kubernetes/common/mongo/templates/statefulset.yaml +++ b/kubernetes/common/mongo/templates/statefulset.yaml @@ -33,24 +33,6 @@ spec: app: {{ include "common.name" . }} release: {{ .Release.Name }} spec: - initContainers: -#{{ if not .Values.disableNfsProvisioner }} - - name: {{ include "common.name" . }}-readiness - command: - - /root/ready.py - args: - - --container-name - - {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -#{{ end }} - containers: - name: {{ include "common.name" . }} image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}" @@ -79,8 +61,8 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - mountPath: /var/lib/mongo - name: {{ include "common.fullname" . }}-data + - name: {{ include "common.fullname" . }}-data + mountPath: /var/lib/mongo resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -95,10 +77,24 @@ spec: - name: localtime hostPath: path: /etc/localtime + {{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: {{ include "common.fullname" . }}-data + labels: + name: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + storageClassName: {{ include "common.storageClass" . }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- else }} + volumes: - name: {{ include "common.fullname" . }}-data -#{{ if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-data -#{{ else }} emptyDir: {} -#{{ end }} + {{- end }} diff --git a/kubernetes/common/mongo/values.yaml b/kubernetes/common/mongo/values.yaml index 8a681296ce..3c04b429cd 100644 --- a/kubernetes/common/mongo/values.yaml +++ b/kubernetes/common/mongo/values.yaml @@ -40,8 +40,6 @@ nodeSelector: {} affinity: {} -disableNfsProvisioner: true - # probe configuration parameters liveness: initialDelaySeconds: 30 @@ -108,11 +106,6 @@ resources: {} # cpu: 2 # memory: 4Gi - -nfsprovisionerRepository: quay.io -nfsprovisionerImage: kubernetes_incubator/nfs-provisioner:v1.0.8 -nfsprovisionerPrefix: mongo - sdnctlPrefix: mongo geoEnabled: false diff --git a/kubernetes/common/music/charts/music-cassandra/templates/pv.yaml b/kubernetes/common/music/charts/music-cassandra/templates/pv.yaml new file mode 100644 index 0000000000..fb815400da --- /dev/null +++ b/kubernetes/common/music/charts/music-cassandra/templates/pv.yaml @@ -0,0 +1,46 @@ +{{/* +# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- $global := . }} +{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} +{{- if eq "True" (include "common.needPV" .) -}} +{{- range $i := until (int $global.Values.replicaCount)}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" $global }}-data-{{ $i }} + namespace: {{ include "common.namespace" $global }} + labels: + app: {{ include "common.fullname" $global }} + chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" + release: "{{ $global.Release.Name }}" + heritage: "{{ $global.Release.Service }}" + name: {{ include "common.fullname" $global }} +spec: + capacity: + storage: {{ $global.Values.persistence.size}} + accessModes: + - {{ $global.Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" $global }}-data" + hostPath: + path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ $global.Release.Name }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} +{{if ne $i (int $global.Values.replicaCount) }} +--- +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml b/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml index 514bccc785..c3c56f2282 100644 --- a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml +++ b/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# Copyright © 2019 AT&T, Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -102,40 +102,33 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP +{{- if .Values.persistence.enabled }} volumeMounts: - - name: {{ template "common.name" . }}-data + - name: {{ include "common.fullname" . }}-data mountPath: /var/lib/cassandra +{{- end }} resources: {{ include "common.resources" . | indent 12 }} volumes: - name: localtime hostPath: path: /etc/localtime - {{- if not .Values.persistence.enabled }} - - name: {{ template "common.name" . }}-data - emptyDir: {} - {{- else }} +{{- if .Values.persistence.enabled }} volumeClaimTemplates: - - metadata: - name: {{ template "common.name" . }}-data - labels: - app: {{ template "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - annotations: - volume.beta.kubernetes.io/storage-class: {{ .Values.persistence.storageClass }} - spec: - storageClassName: {{ .Values.persistence.storageClass }} - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - selector: - matchLabels: - app: {{ include "common.name" . }} - release: "{{ .Release.Name }}" - {{- end }} + - metadata: + name: {{ include "common.fullname" . }}-data + labels: + name: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + storageClassName: {{ include "common.storageClass" . }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/music/charts/music-cassandra/templates/volumes.yaml b/kubernetes/common/music/charts/music-cassandra/templates/volumes.yaml deleted file mode 100644 index 83e7e189b5..0000000000 --- a/kubernetes/common/music/charts/music-cassandra/templates/volumes.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ if .Values.persistence.enabled }} -{{- $root := . -}} -{{ range $i, $e := until (atoi (quote $root.Values.replicaCount) | default 3) }} ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ $root.Release.Name }}-{{ $root.Values.service.name }}-{{ $i }} - namespace: {{ $root.Release.Namespace }} - labels: - type: {{ $root.Values.persistence.storageType }} - app: {{ $root.Values.service.name }} - chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }} - release: {{ $root.Release.Name }} - heritage: {{ $root.Release.Service }} -spec: - capacity: - storage: {{ $root.Values.persistence.size }} - accessModes: - - {{ $root.Values.persistence.accessMode }} - hostPath: - path: {{ $root.Values.persistence.mountPath }}/{{ $root.Release.Name }}/{{ $root.Values.persistence.mountSubPath }}-{{$i}} - persistentVolumeReclaimPolicy: {{ $root.Values.persistence.volumeReclaimPolicy }} - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - "{{ $root.Chart.Name }}" - topologyKey: kubernetes.io/hostname -{{ end }} -{{ end }} diff --git a/kubernetes/common/music/charts/music-cassandra/values.yaml b/kubernetes/common/music/charts/music-cassandra/values.yaml index f0888c12e6..460671d839 100644 --- a/kubernetes/common/music/charts/music-cassandra/values.yaml +++ b/kubernetes/common/music/charts/music-cassandra/values.yaml @@ -107,8 +107,6 @@ persistence: size: 2Gi mountPath: /dockerdata-nfs/ mountSubPath: common/cassandra/data - storageType: local - storageClass: "" # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/common/music/charts/zookeeper/templates/pv.yaml b/kubernetes/common/music/charts/zookeeper/templates/pv.yaml new file mode 100644 index 0000000000..795ad3188b --- /dev/null +++ b/kubernetes/common/music/charts/zookeeper/templates/pv.yaml @@ -0,0 +1,45 @@ +{{/* +# Copyright © 2019 Amdocs, Bell Canada, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- $global := . }} +{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} +{{- if eq "True" (include "common.needPV" .) -}} +{{- range $i := until (int $global.Values.replicaCount)}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" $global }}-data-{{ $i }} + namespace: {{ include "common.namespace" $global }} + labels: + app: {{ include "common.fullname" $global }} + chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" + release: "{{ $global.Release.Name }}" + heritage: "{{ $global.Release.Service }}" + name: {{ include "common.fullname" $global }} +spec: + capacity: + storage: {{ $global.Values.persistence.size}} + accessModes: + - {{ $global.Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" $global }}-data" + hostPath: + path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ $global.Release.Name }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} +{{if ne $i (int $global.Values.replicaCount) }} +--- +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/music/charts/zookeeper/templates/statefulset.yaml b/kubernetes/common/music/charts/zookeeper/templates/statefulset.yaml index 9e3549f20d..580042d090 100644 --- a/kubernetes/common/music/charts/zookeeper/templates/statefulset.yaml +++ b/kubernetes/common/music/charts/zookeeper/templates/statefulset.yaml @@ -82,7 +82,7 @@ spec: resources: {{ include "common.resources" . }} volumeMounts: - - name: zookeeper-data + - name: {{ include "common.fullname" . }}-data mountPath: /var/lib/zookeeper {{- if .Values.exporters.jmx.enabled }} @@ -162,30 +162,21 @@ spec: configMap: name: {{ .Release.Name }}-jmx-exporter {{- end }} - {{- if not .Values.persistence.enabled }} - - name: zookeeper-data - emptyDir: {} - {{- end }} {{- end }} {{- if .Values.persistence.enabled }} volumeClaimTemplates: - - metadata: - name: zookeeper-data - labels: - app: {{ .Chart.Name }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - annotations: - volume.beta.kubernetes.io/storage-class: {{ .Values.persistence.storageClass }} - spec: - storageClassName: {{ .Values.persistence.storageClass }} - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - selector: - matchLabels: - release: "{{ .Release.Name }}" + - metadata: + name: {{ include "common.fullname" . }}-data + labels: + name: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + storageClassName: {{ include "common.storageClass" . }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} {{- end }} diff --git a/kubernetes/common/music/charts/zookeeper/templates/volumes.yaml b/kubernetes/common/music/charts/zookeeper/templates/volumes.yaml deleted file mode 100644 index b0c05fdbfd..0000000000 --- a/kubernetes/common/music/charts/zookeeper/templates/volumes.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Values.persistence.enabled }} -{{- $root := . -}} -{{ range $i, $e := until (atoi (quote $root.Values.replicaCount) | default 3) }} ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ $root.Release.Name }}-{{ $root.Values.service.name }}-{{ $i }} - namespace: {{ $root.Release.Namespace }} - labels: - type: {{ $root.Values.persistence.storageType }} - app: {{ $root.Values.service.name }} - chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }} - release: {{ $root.Release.Name }} - heritage: {{ $root.Release.Service }} -spec: - capacity: - storage: {{ $root.Values.persistence.size }} - accessModes: - - {{ $root.Values.persistence.accessMode }} - hostPath: - path: {{ $root.Values.persistence.mountPath }}/{{ $root.Release.Name }}/{{ $root.Values.persistence.mountSubPath }}-{{$i}} - persistentVolumeReclaimPolicy: {{ $root.Values.persistence.volumeReclaimPolicy }} -{{ end }} -{{ end }} diff --git a/kubernetes/common/music/charts/zookeeper/values.yaml b/kubernetes/common/music/charts/zookeeper/values.yaml index 550dbf272b..28c9711e84 100644 --- a/kubernetes/common/music/charts/zookeeper/values.yaml +++ b/kubernetes/common/music/charts/zookeeper/values.yaml @@ -119,8 +119,6 @@ persistence: accessMode: ReadWriteOnce mountPath: /dockerdata-nfs mountSubPath: music/zookeeper - storageType: local - storageClass: "" size: 4Gi ## Exporters query apps for metrics and make those metrics available for diff --git a/kubernetes/common/mysql/templates/configmap.yaml b/kubernetes/common/mysql/templates/configmap.yaml deleted file mode 100644 index 65ac5f2d1e..0000000000 --- a/kubernetes/common/mysql/templates/configmap.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-db-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: - master.cnf: | - # Apply this config only on the master. - [mysqld] - sql_mode = "NO_ENGINE_SUBSTITUTION" - log-bin - [localpathprefix] - master - slave.cnf: | - # Apply this config only on slaves. - [mysqld] - sql_mode = "NO_ENGINE_SUBSTITUTION" - super-read-only - [localpathprefix] - slave diff --git a/kubernetes/common/mysql/templates/nfs-provisoner.yaml b/kubernetes/common/mysql/templates/nfs-provisoner.yaml deleted file mode 100644 index 355ad38235..0000000000 --- a/kubernetes/common/mysql/templates/nfs-provisoner.yaml +++ /dev/null @@ -1,78 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ if not .Values.disableNfsProvisioner }} -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - #replicas: {{ .Values.replicaCount }} - strategy: - type: Recreate - template: - metadata: - labels: - app: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - release: {{ .Release.Name }} - spec: - containers: - - name: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - image: "{{ .Values.global.nfsprovisionerRepository | default .Values.nfsprovisionerRepository }}/{{ .Values.nfsprovisionerImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - name: nfs - containerPort: {{ .Values.service.nfsPort }} - - name: mountd - containerPort: {{ .Values.service.mountdPort }} - - name: rpcbind - containerPort: {{ .Values.service.rpcbindPort }} - - name: rpcbind-udp - containerPort: {{ .Values.service.rpcbindUdpPort }} - protocol: UDP - securityContext: - capabilities: - add: - - DAC_READ_SEARCH - - SYS_RESOURCE - args: - - "-provisioner={{ include "common.fullname" . }}/nfs" - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_NAME - value: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: export-volume - mountPath: /export - volumes: - - name: export-volume - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} -{{ end }} diff --git a/kubernetes/common/mysql/templates/pv.yaml b/kubernetes/common/mysql/templates/pv.yaml deleted file mode 100644 index 3bef651916..0000000000 --- a/kubernetes/common/mysql/templates/pv.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if (and (and (.Values.persistence.enabled) (not .Values.persistence.existingClaim)) ( .Values.disableNfsProvisioner)) -}} -{{ $pvNum := default 1 .Values.replicaCount | int }} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-mysql0 - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" . }}-mysql" - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}0 -{{ if gt $pvNum 1 }} ---- -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-mysql1 - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" . }}-mysql" - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}1 -{{ end }} -{{- end -}} diff --git a/kubernetes/common/mysql/templates/service.yaml b/kubernetes/common/mysql/templates/service.yaml deleted file mode 100644 index e1771c6054..0000000000 --- a/kubernetes/common/mysql/templates/service.yaml +++ /dev/null @@ -1,146 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - selector: - app: {{ include "common.name" . }} - release: {{ .Release.Name }} - clusterIP: None -#{{ if not .Values.disableNfsProvisioner }} ---- -kind: Service -apiVersion: v1 -metadata: - name: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - namespace: {{ include "common.namespace" . }} - labels: - app: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ports: - - name: nfs - port: {{ .Values.service.nfsPort }} - - name: mountd - port: {{ .Values.service.mountdPort }} - - name: rpcbind - port: {{ .Values.service.rpcbindPort }} - - name: rpcbind-udp - port: {{ .Values.service.rpcbindUdpPort }} - protocol: UDP - selector: - app: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner -#{{ end }} ---- -# Client service for connecting to any MySQL instance for reads. -# Only master: sdnc-dbhost-0 accepts the write request. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }}-read - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - selector: - app: {{ include "common.name" . }} - release: {{ .Release.Name }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.sdnctlPrefix }}-sdnctldb01 - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - selector: - app: {{ include "common.name" . }} - release: {{ .Release.Name }} - clusterIP: None ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.sdnctlPrefix }}-sdnctldb02 - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - selector: - app: {{ include "common.name" . }} - release: {{ .Release.Name }} - clusterIP: None ---- -{{ if .Values.geoEnabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }}-nodeport - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-0 - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ports: - - name: {{ .Values.service.portName | default .Values.service.name }}-1 - port: {{ .Values.service.internalPort }} - targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodeport1 }} - - name: {{ .Values.service.portName | default .Values.service.name }}-2 - port: {{ .Values.xtrabackup.internalPort }} - targetPort: {{ .Values.xtrabackup.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodeport2 }} - type: {{ .Values.service.type }} - selector: - statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-0 - release: {{ .Release.Name }} -{{ end }} diff --git a/kubernetes/common/mysql/templates/statefulset.yaml b/kubernetes/common/mysql/templates/statefulset.yaml deleted file mode 100644 index c3f8ae236f..0000000000 --- a/kubernetes/common/mysql/templates/statefulset.yaml +++ /dev/null @@ -1,263 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1beta1 -kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - serviceName: {{ .Values.service.name }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - spec: - initContainers: -#{{ if not .Values.disableNfsProvisioner }} - - name: {{ include "common.name" . }}-readiness - command: - - /root/ready.py - args: - - --container-name - - {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -#{{ end }} - - name: init-mysql - image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - bash - - "-c" - - | - set -ex - # Generate mysql server-id from pod ordinal index. - [[ `hostname` =~ -([0-9]+)$ ]] || exit 1 - ordinal=${BASH_REMATCH[1]} - siteId={{ .Values.geoSiteId }} - echo BASH_REMATCH=${BASH_REMATCH} - echo [mysqld] > /mnt/conf.d/server-id.cnf - # Add an offset to avoid reserved server-id=0 value. - echo server-id=$(($siteId*100 + $ordinal)) >> /mnt/conf.d/server-id.cnf - # Copy appropriate conf.d files from config-map to emptyDir. - if [[ $ordinal -eq 0 ]]; then - cp /mnt/config-map/master.cnf /mnt/conf.d/ - else - cp /mnt/config-map/slave.cnf /mnt/conf.d/ - fi - volumeMounts: - - name: conf - mountPath: /mnt/conf.d - - name: config-map - mountPath: /mnt/config-map - - - name: clone-mysql - image: "{{ .Values.global.xtrabackupRepository | default .Values.xtrabackupRepository }}/{{ .Values.xtrabackupImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password - command: - - bash - - "-c" - - | - set -ex - # Skip the clone if data already exists. - [[ -d /var/lib/mysql/mysql ]] && exit 0 - # Skip the clone on master (ordinal index 0). - [[ `hostname` =~ -([0-9]+)$ ]] || exit 1 - ordinal=${BASH_REMATCH[1]} - echo ${BASH_REMATCH} - [[ $ordinal -eq 0 ]] && exit 0 - # Clone data from previous peer. - ncat --recv-only {{ include "common.fullname" . }}-$(($ordinal-1)).{{ .Values.service.name }}.{{ include "common.namespace" . }} 3307 | xbstream -x -C {{ .Values.persistence.mysqlPath }} - # Prepare the backup. - xtrabackup --user=root --password=$MYSQL_ROOT_PASSWORD --prepare --target-dir=/var/lib/mysql - ls -l {{ .Values.persistence.mysqlPath }} - volumeMounts: - - name: {{ include "common.fullname" . }}-mysql - mountPath: {{ .Values.persistence.mysqlPath }} - - name: conf - mountPath: /etc/mysql/conf.d - - containers: - - name: {{ include "common.name" . }} - image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - exec: - command: ["mysqladmin", "ping"] - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - {{end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password - - name: MYSQL_ROOT_HOST - value: '%' - - name: MYSQL_ALLOW_EMPTY_PASSWORD - value: {{ .Values.config.dbAllowEmptyPassword | default "0" | quote }} - volumeMounts: - - mountPath: {{ .Values.persistence.mysqlPath }} - name: {{ include "common.fullname" . }}-mysql - - mountPath: /etc/mysql/conf.d - name: conf - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - - - name: xtrabackup - image: "{{ .Values.global.xtrabackupRepository | default .Values.xtrabackupRepository }}/{{ .Values.xtrabackupImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password - ports: - - containerPort: {{ .Values.xtrabackup.internalPort }} - name: xtrabackup - command: - - bash - - "-c" - - | - set -ex - cd {{ .Values.persistence.mysqlPath }} - ls -l - # Determine binlog position of cloned data, if any. - if [[ -f xtrabackup_slave_info ]]; then - echo "Inside xtrabackup_slave_info" - # XtraBackup already generated a partial "CHANGE MASTER TO" query - # because we're cloning from an existing slave. - mv xtrabackup_slave_info change_master_to.sql.in - # Ignore xtrabackup_binlog_info in this case (it's useless). - rm -f xtrabackup_binlog_info - elif [[ -f xtrabackup_binlog_info ]]; then - echo "Inside xtrabackup_binlog_info" - # We're cloning directly from master. Parse binlog position. - [[ `cat xtrabackup_binlog_info` =~ ^(.*?)[[:space:]]+(.*?)$ ]] || exit 1 - rm xtrabackup_binlog_info - echo "CHANGE MASTER TO MASTER_LOG_FILE='${BASH_REMATCH[1]}',\ - MASTER_LOG_POS=${BASH_REMATCH[2]}" > change_master_to.sql.in - fi - - [[ `hostname` =~ -([0-9]+)$ ]] || exit 1 - ordinal=${BASH_REMATCH[1]} - echo $ordinal - - mysqlhost={{ include "common.fullname" . }}-$(($ordinal)).{{ .Values.service.name }}.{{ include "common.namespace" . }} - echo $mysqlhost - - # Check if we need to complete a clone by starting replication. - if [[ -f change_master_to.sql.in ]]; then - echo "Waiting for mysqld to be ready (accepting connections)" - until mysql --user=root --password=$MYSQL_ROOT_PASSWORD -h $mysqlhost -e "SELECT 1"; do sleep 1; done - - echo "Initializing replication from clone position" - # In case of container restart, attempt this at-most-once. - mv change_master_to.sql.in change_master_to.sql.orig - mysql --user=root --password=$MYSQL_ROOT_PASSWORD -h $mysqlhost <<EOF - $(<change_master_to.sql.orig), - MASTER_HOST="{{ include "common.fullname" . }}-0.{{ .Values.service.name }}.{{ include "common.namespace" . }}", - MASTER_USER="root", - MASTER_PASSWORD="$MYSQL_ROOT_PASSWORD", - MASTER_CONNECT_RETRY=10; - START SLAVE; - EOF - fi - - # Start a server to send backups when requested by peers. - exec ncat --listen --keep-open --send-only --max-conns=1 3307 -c \ - "xtrabackup --user=root --password=$MYSQL_ROOT_PASSWORD --backup --slave-info --stream=xbstream --host=$mysqlhost" - volumeMounts: - - name: {{ include "common.fullname" . }}-mysql - mountPath: {{ .Values.persistence.mysqlPath }} - - name: conf - mountPath: /etc/mysql/conf.d - volumes: - - name: conf - emptyDir: {} - - name: config-map - configMap: - name: {{ include "common.fullname" . }}-db-configmap - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }}-mysql - {{ if not .Values.persistence.enabled }} - - name: {{ include "common.fullname" . }}-mysql - emptyDir: {} - {{ else }} - volumeClaimTemplates: - - metadata: - name: {{ include "common.fullname" . }}-mysql - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - name: {{ include "common.fullname" . }} - spec: - accessModes: [ {{ .Values.persistence.accessMode }} ] - storageClassName: {{ include "common.fullname" . }}-mysql - resources: - requests: - storage: {{ .Values.persistence.size }} - selector: - matchLabels: - name: {{ include "common.fullname" . }} - {{ end }} diff --git a/kubernetes/common/mysql/values.yaml b/kubernetes/common/mysql/values.yaml deleted file mode 100644 index 9fd67fcabc..0000000000 --- a/kubernetes/common/mysql/values.yaml +++ /dev/null @@ -1,133 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - persistence: {} - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - - -################################################################# -# Application configuration defaults. -################################################################# - -dockerHubRepository: registry.hub.docker.com -image: library/mysql:5.7 -pullPolicy: Always - -# application configuration -config: - dbRootPassword: openECOMP1.0 - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -disableNfsProvisioner: true - -# probe configuration parameters -liveness: - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 5 - periodSeconds: 10 - -## Persist data to a persitent volume -persistence: - enabled: true - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - volumeReclaimPolicy: Retain - - ## database data Persistent Volume Storage Class - ## If defined, storageClassName: <storageClass> - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - accessMode: ReadWriteOnce - size: 1Gi - mountPath: /dockerdata-nfs - mountSubPath: "mysql/data" - mysqlPath: /var/lib/mysql - -service: - name: mysql - portName: mysql - internalPort: 3306 - # nfs provisioner ports - nfsPort: 2049 - mountdPort: 20048 - rpcbindPort: 111 - rpcbindUdpPort: 111 - type: NodePort - nodeport1: 72 - nodeport2: 73 - -ingress: - enabled: false - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi - -################################################################# -# Sidecar Configuration. -# -# xtrabackup configuration defaults. -################################################################# -xtrabackupRepository: gcr.io/google-samples -xtrabackupImage: xtrabackup:1.0 -xtrabackup: - internalPort: 3307 - -nfsprovisionerRepository: quay.io -nfsprovisionerImage: kubernetes_incubator/nfs-provisioner:v1.0.8 -nfsprovisionerPrefix: mysql - -sdnctlPrefix: mysql - -geoEnabled: false -geoSiteId: 1 diff --git a/kubernetes/common/nfs-provisioner/requirements.yaml b/kubernetes/common/nfs-provisioner/requirements.yaml deleted file mode 100644 index 542c262ef0..0000000000 --- a/kubernetes/common/nfs-provisioner/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2019 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~5.x-0 - repository: '@local' diff --git a/kubernetes/common/nfs-provisioner/templates/nfs-provisoner.yaml b/kubernetes/common/nfs-provisioner/templates/nfs-provisoner.yaml deleted file mode 100644 index 58cf7a3866..0000000000 --- a/kubernetes/common/nfs-provisioner/templates/nfs-provisoner.yaml +++ /dev/null @@ -1,78 +0,0 @@ -{{/* -# Copyright © 2019 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - strategy: - type: Recreate - template: - metadata: - labels: - app: {{ include "common.fullname" . }} - release: {{ .Release.Name }} - spec: - containers: - - name: {{ include "common.fullname" . }} - image: "{{ .Values.global.nfsprovisionerRepository | default .Values.nfsprovisionerRepository }}/{{ .Values.nfsprovisionerImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - name: nfs - containerPort: {{ .Values.service.nfsPort }} - - name: mountd - containerPort: {{ .Values.service.mountdPort }} - - name: rpcbind - containerPort: {{ .Values.service.rpcbindPort }} - - name: rpcbind-udp - containerPort: {{ .Values.service.rpcbindUdpPort }} - protocol: UDP - securityContext: - capabilities: - add: - - DAC_READ_SEARCH - - SYS_RESOURCE - args: - - "-provisioner={{ include "common.namespace" . }}/nfs" - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_NAME - value: {{ include "common.servicename" . }} - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: export-volume - mountPath: /export - {{- if .Values.affinity }} - affinity: - {{ toYaml .Values.affinity | indent 8 }} - {{- end }} - volumes: - - name: export-volume - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }} diff --git a/kubernetes/common/nfs-provisioner/templates/service.yaml b/kubernetes/common/nfs-provisioner/templates/service.yaml deleted file mode 100644 index f9bba0f872..0000000000 --- a/kubernetes/common/nfs-provisioner/templates/service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -# Copyright © 2019 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -kind: Service -apiVersion: v1 -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ports: - - name: nfs - port: {{ .Values.service.nfsPort }} - - name: mountd - port: {{ .Values.service.mountdPort }} - - name: rpcbind - port: {{ .Values.service.rpcbindPort }} - - name: rpcbind-udp - port: {{ .Values.service.rpcbindUdpPort }} - protocol: UDP - selector: - app: {{ include "common.fullname" . }}
\ No newline at end of file diff --git a/kubernetes/common/nfs-provisioner/values.yaml b/kubernetes/common/nfs-provisioner/values.yaml deleted file mode 100644 index 687219d680..0000000000 --- a/kubernetes/common/nfs-provisioner/values.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright © 2019 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- persistence:
- mountPath: /dockerdata-nfs
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-dockerHubRepository: registry.hub.docker.com
-pullPolicy: Always
-
-# default number of instances
-
-nodeSelector: {}
-
-affinity: {}
-
-service:
- name: nfs-provisioner
- nfsPort: 2049
- mountdPort: 20048
- rpcbindPort: 111
- rpcbindUdpPort: 111
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
- mountPath: /dockerdata-nfs
-
-## NFS provisioner image properties
-nfsprovisionerRepository: quay.io
-nfsprovisionerImage: kubernetes_incubator/nfs-provisioner:v1.0.8
-
diff --git a/kubernetes/common/postgres/templates/pv.yaml b/kubernetes/common/postgres/templates/pv.yaml index 144a3f793b..bcd67d79cb 100644 --- a/kubernetes/common/postgres/templates/pv.yaml +++ b/kubernetes/common/postgres/templates/pv.yaml @@ -13,46 +13,33 @@ # # See the License for the specific language governing permissions and # # limitations under the License. */}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- $global := . }} +{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} +{{- if eq "True" (include "common.needPV" .) -}} +{{- range $i := until (int $global.Values.replicaCount)}} kind: PersistentVolume apiVersion: v1 metadata: - name: {{ include "common.fullname" . }}-data0 - namespace: {{ include "common.namespace" . }} + name: {{ include "common.fullname" $global }}-data-{{ $i }} + namespace: {{ include "common.namespace" $global }} labels: - app: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} + app: {{ include "common.fullname" $global }} + chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" + release: "{{ $global.Release.Name }}" + heritage: "{{ $global.Release.Service }}" + name: {{ include "common.fullname" $global }} spec: capacity: - storage: {{ .Values.persistence.size}} + storage: {{ $global.Values.persistence.size}} accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" . }}-data" - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + - {{ $global.Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" $global }}-data" hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}0 + path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ $global.Release.Name }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} +{{if ne $i (int $global.Values.replicaCount) }} --- -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-data1 - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" . }}-data" - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}1 +{{- end -}} +{{- end -}} +{{- end -}} {{- end -}} diff --git a/kubernetes/common/postgres/templates/statefulset.yaml b/kubernetes/common/postgres/templates/statefulset.yaml index db4a256f12..7c38d1d9d7 100644 --- a/kubernetes/common/postgres/templates/statefulset.yaml +++ b/kubernetes/common/postgres/templates/statefulset.yaml @@ -37,23 +37,13 @@ spec: - /bin/sh - -c - | - for i in $(seq 0 $(({{ .Values.replicaCount }}-1))); do - if [ ! -d /podroot/data$i ]; then - mkdir -p /podroot/data$i; - chown 26:26 /podroot/data$i; - chmod 700 /podroot/data$i; - fi; - done - env: - - name: POD_NAME - valueFrom: { fieldRef: { fieldPath: metadata.name } } - securityContext: - privileged: true + chown -R 26:26 /podroot/; + chmod 700 /podroot/; image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: init-sysctl + name: {{ include "common.name" . }}-prepare volumeMounts: - - name: {{ include "common.fullname" . }}-init + - name: {{ include "common.fullname" . }}-data mountPath: /podroot/ containers: - name: {{ include "common.name" . }} @@ -129,27 +119,25 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: {{ include "common.fullname" . }}-init - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountInitPath }} - name: {{ include "common.fullname" . }}-backup emptyDir: {} -#{{ if not .Values.persistence.enabled }} +{{- if not .Values.persistence.enabled }} - name: {{ include "common.fullname" . }}-data emptyDir: {} -#{{ else }} +{{- else }} volumeClaimTemplates: - metadata: name: {{ include "common.fullname" . }}-data labels: name: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" spec: - accessModes: [ {{ .Values.persistence.accessMode }} ] - storageClassName: {{ include "common.fullname" . }}-data + accessModes: + - {{ .Values.persistence.accessMode | quote }} + storageClassName: {{ include "common.storageClass" . }} resources: requests: - storage: {{ .Values.persistence.size }} - selector: - matchLabels: - name: {{ include "common.fullname" . }} -#{{ end }} + storage: {{ .Values.persistence.size | quote }} +{{- end }} |