diff options
Diffstat (limited to 'kubernetes/common')
18 files changed, 94 insertions, 56 deletions
diff --git a/kubernetes/common/common/templates/_kafkaNodes.tpl b/kubernetes/common/common/templates/_kafkaNodes.tpl deleted file mode 100644 index f428b58d63..0000000000 --- a/kubernetes/common/common/templates/_kafkaNodes.tpl +++ /dev/null @@ -1,34 +0,0 @@ -{{/* -# Copyright © 2021 Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{/* - Generate comma separated list of kafka or zookeper nodes to reuse in message router charts. - How to use: - - zookeeper servers list: {{ include "common.kafkaNodes" (dict "dot" . "replicaCount" (index .Values "message-router-zookeeper" "replicaCount") "componentName" .Values.zookeeper.name "port" .Values.zookeeper.port ) }} - kafka servers list: {{ include "common.kafkaNodes" (dict "dot" . "replicaCount" (index .Values "message-router-kafka" "replicaCount") "componentName" .Values.kafka.name "port" .Values.kafka.port ) }} - -*/}} -{{- define "common.kafkaNodes" -}} -{{- $dot := .dot -}} -{{- $replicaCount := .replicaCount -}} -{{- $componentName := .componentName -}} -{{- $port := .port -}} -{{- $kafkaNodes := list -}} -{{- range $i, $e := until (int $replicaCount) -}} -{{- $kafkaNodes = print (include "common.release" $dot) "-" $componentName "-" $i "." $componentName "." (include "common.namespace" $dot) ".svc.cluster.local:" $port | append $kafkaNodes -}} -{{- end -}} -{{- $kafkaNodes | join "," -}} -{{- end -}} diff --git a/kubernetes/common/common/templates/_serviceMonitor.tpl b/kubernetes/common/common/templates/_serviceMonitor.tpl index 81d7a74578..907d9c6a9c 100644 --- a/kubernetes/common/common/templates/_serviceMonitor.tpl +++ b/kubernetes/common/common/templates/_serviceMonitor.tpl @@ -135,7 +135,7 @@ spec: {{- else if $dot.Values.metrics.serviceMonitor.targetPort }} targetPort: {{ $dot.Values.metrics.serviceMonitor.targetPort }} {{- else }} - port: metrics + port: tcp-metrics {{- end }} {{- if $dot.Values.metrics.serviceMonitor.isHttps }} scheme: https diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index 9257dc89f9..ddad8d7360 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -69,7 +69,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-dgbuilder-image:1.3.1 +image: onap/ccsdk-dgbuilder-image:1.3.4 pullPolicy: Always # flag to enable debugging - application support required @@ -130,7 +130,7 @@ readiness: service: type: NodePort name: dgbuilder - portName: dgbuilder + portName: http externalPort: 3000 internalPort: 3100 nodePort: 28 diff --git a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml index ea805c1813..a7278ba104 100644 --- a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml +++ b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml @@ -111,6 +111,12 @@ spec: value: "yes" - name: ELASTICSEARCH_NODE_TYPE value: "data" + - name: network.bind_host + value: 127.0.0.1 + - name: network.publish_host + valueFrom: + fieldRef: + fieldPath: status.podIP ports: {{- include "common.containerPorts" . |indent 12 }} {{- if .Values.livenessProbe.enabled }} livenessProbe: diff --git a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml index a35b4bf741..85ea2bbc54 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml @@ -115,6 +115,12 @@ spec: value: {{ .Values.dedicatednode | quote }} - name: ELASTICSEARCH_NODE_TYPE value: "master" + - name: network.bind_host + value: 127.0.0.1 + - name: network.publish_host + valueFrom: + fieldRef: + fieldPath: status.podIP ports: {{- include "common.containerPorts" . |indent 12 }} {{- if .Values.livenessProbe.enabled }} livenessProbe: diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml index 22de4dbf37..05e09cb696 100644 --- a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml +++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml @@ -113,6 +113,12 @@ spec: value: "coordinating" - name: ELASTICSEARCH_PORT_NUMBER value: "9000" + - name: network.bind_host + value: 127.0.0.1 + - name: network.publish_host + valueFrom: + fieldRef: + fieldPath: status.podIP {{/*ports: {{- include "common.containerPorts" . | indent 12 -}} */}} {{- if .Values.livenessProbe.enabled }} livenessProbe: diff --git a/kubernetes/common/etcd-init/templates/job.yaml b/kubernetes/common/etcd-init/templates/job.yaml index 69bcfaaf99..9d7dcc26da 100644 --- a/kubernetes/common/etcd-init/templates/job.yaml +++ b/kubernetes/common/etcd-init/templates/job.yaml @@ -55,6 +55,8 @@ spec: - /bin/sh - -ec - | + {{- if include "common.onServiceMesh" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} # Create users export ETCDCTL_ENDPOINTS=http://${ETCD_HOST}:${ETCD_PORT} export ETCDCTL_API=3 @@ -89,6 +91,7 @@ spec: name: localtime readOnly: true resources: {{ include "common.resources" . | nindent 12 }} + {{ include "common.waitForJobContainer" . | indent 6 | trim }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} {{- end -}} diff --git a/kubernetes/common/etcd-init/values.yaml b/kubernetes/common/etcd-init/values.yaml index c99c9f1e5b..6ccfb3e5d7 100644 --- a/kubernetes/common/etcd-init/values.yaml +++ b/kubernetes/common/etcd-init/values.yaml @@ -72,3 +72,7 @@ resources: cpu: 20m memory: 20Mi unlimited: {} + +wait_for_job_container: + containers: + - '{{ include "common.name" . }}' diff --git a/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml b/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml index e71351e9cb..841aab3e17 100644 --- a/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml +++ b/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml @@ -27,8 +27,8 @@ metadata: spec: type: {{ .Values.metrics.service.type }} ports: - - name: metrics + - name: tcp-metrics port: {{ .Values.metrics.service.port }} - targetPort: metrics + targetPort: tcp-metrics selector: {{- include "common.matchLabels" . | nindent 4 }} {{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/service.yaml b/kubernetes/common/mariadb-galera/templates/service.yaml index 75aff985e5..9b4c05ef70 100644 --- a/kubernetes/common/mariadb-galera/templates/service.yaml +++ b/kubernetes/common/mariadb-galera/templates/service.yaml @@ -18,3 +18,20 @@ {{ include "common.service" . }} --- {{ include "common.headlessService" . }} +{{- if (include "common.onServiceMesh" .) }} +{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }} +--- +apiVersion: security.istio.io/v1beta1 +kind: PeerAuthentication +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "common.servicename" . }} + portLevelMtls: + {{ .Values.service.internalPort }}: + mode: DISABLE +{{- end}} +{{- end}} diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml index 22832c936d..c95b572465 100644 --- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml +++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml @@ -197,12 +197,12 @@ spec: - | DATA_SOURCE_NAME="$MARIADB_ROOT_USER:$MARIADB_ROOT_PASSWORD@(localhost:3306)/" /bin/mysqld_exporter $MARIADB_METRICS_EXTRA_FLAGS ports: - - name: metrics + - name: tcp-metrics containerPort: 9104 livenessProbe: httpGet: path: /metrics - port: metrics + port: tcp-metrics initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} @@ -211,7 +211,7 @@ spec: readinessProbe: httpGet: path: /metrics - port: metrics + port: tcp-metrics initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index 38f3e6e423..d719fb30bd 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -89,14 +89,14 @@ service: headless: {} internalPort: &dbPort 3306 ports: - - name: mysql + - name: tcp-mysql port: *dbPort headlessPorts: - - name: galera + - name: tcp-galera port: 4567 - - name: ist + - name: tcp-ist port: 4568 - - name: sst + - name: tcp-sst port: 4444 @@ -380,8 +380,12 @@ updateStrategy: ## Additional pod annotations for MariaDB Galera pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## -> here required to enable mariadb-galera in istio ## -podAnnotations: {} +podAnnotations: + # sidecar.istio.io/inject: "false" + traffic.sidecar.istio.io/excludeInboundPorts: "4568" + traffic.sidecar.istio.io/includeInboundPorts: '*' ## Pod affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity @@ -504,14 +508,14 @@ livenessProbe: enabled: true initialDelaySeconds: 1 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 180 successThreshold: 1 failureThreshold: 3 readinessProbe: enabled: true initialDelaySeconds: 1 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 180 successThreshold: 1 failureThreshold: 3 startupProbe: @@ -520,7 +524,7 @@ startupProbe: enabled: true initialDelaySeconds: 10 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 180 successThreshold: 1 # will wait up for initialDelaySeconds + failureThreshold*periodSeconds before # stating startup wasn't good (910s per default) @@ -644,7 +648,7 @@ metrics: release: prometheus ## Rules as a map. - rules: {} + rules: [] # - alert: MariaDB-Down # annotations: # message: 'MariaDB instance {{ $labels.instance }} is down' diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml index 96d1dc54a4..e911d46d12 100644 --- a/kubernetes/common/mariadb-init/templates/job.yaml +++ b/kubernetes/common/mariadb-init/templates/job.yaml @@ -59,6 +59,8 @@ spec: - /bin/sh - -c - | + {{- if include "common.onServiceMesh" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} /db_init/db_init.sh {{ if or .Values.dbScriptConfigMap .Values.dbScript }} && /db_config/db_cmd.sh{{ end }} env: @@ -91,6 +93,7 @@ spec: {{- end }} resources: {{ include "common.resources" . | indent 12 }} + {{ include "common.waitForJobContainer" . | indent 6 | trim }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml index b2c0a05e46..9104dd84d6 100644 --- a/kubernetes/common/mariadb-init/values.yaml +++ b/kubernetes/common/mariadb-init/values.yaml @@ -117,3 +117,7 @@ resources: cpu: 20m memory: 20Mi unlimited: {} + +wait_for_job_container: + containers: + - '{{ include "common.name" . }}' diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml index 9bdf19c7ec..97fece8a54 100644 --- a/kubernetes/common/network-name-gen/templates/deployment.yaml +++ b/kubernetes/common/network-name-gen/templates/deployment.yaml @@ -80,7 +80,11 @@ spec: - name: POL_BASIC_AUTH_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pol-basic-auth-secret" "key" "password") | indent 10}} - name: POL_URL - value: "{{ .Values.config.polUrl }}" + {{- if (include "common.needTLS" .) }} + value: "{{ .Values.config.polUrl.https }}" + {{- else }} + value: "{{ .Values.config.polUrl.http }}" + {{- end }} - name: POL_ENV value: "{{ .Values.config.polEnv }}" - name: POL_REQ_ID @@ -90,7 +94,11 @@ spec: - name: AAI_CERT_PATH value: "{{ .Values.config.aaiCertPath }}" - name: AAI_URI - value: "{{ .Values.config.aaiUri }}" + {{- if (include "common.needTLS" .) }} + value: "{{ .Values.config.aaiUri.https }}" + {{- else }} + value: "{{ .Values.config.aaiUri.http }}" + {{- end }} - name: AAI_AUTH value: "{{ .Values.config.aaiAuth }}" - name: DISABLE_HOST_VERIFICATION diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml index 5f864a6555..e5e2a7a338 100644 --- a/kubernetes/common/network-name-gen/values.yaml +++ b/kubernetes/common/network-name-gen/values.yaml @@ -87,14 +87,18 @@ config: polClientAuth: cHl0aG9uOnRlc3Q= polBasicAuthUser: healthcheck polBasicAuthPassword: zb!XztG34 - polUrl: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision + polUrl: + https: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision + http: http://policy-xacml-pdp:8080/policy/pdpx/v1/decision polEnv: TEST polReqId: xx disableHostVerification: true aaiCertPass: changeit aaiCertPath: /opt/etc/config/aai_keystore aaiAuth: QUFJOkFBSQ== - aaiUri: https://aai:8443/aai/v14/ + aaiUri: + https: https://aai:8443/aai/v14/ + http: http://aai:8080/aai/v14/ # default number of instances replicaCount: 1 @@ -118,7 +122,7 @@ readiness: service: type: ClusterIP name: neng-serv - portName: neng-serv-port + portName: http internalPort: 8080 externalPort: 8080 diff --git a/kubernetes/common/postgres-init/templates/job.yaml b/kubernetes/common/postgres-init/templates/job.yaml index 01151bb4a9..d9a7386f83 100644 --- a/kubernetes/common/postgres-init/templates/job.yaml +++ b/kubernetes/common/postgres-init/templates/job.yaml @@ -59,6 +59,8 @@ spec: } export PG_PASSWORD=`prepare_password $PG_PASSWORD_INPUT`; export PG_ROOT_PASSWORD=`prepare_password $PG_ROOT_PASSWORD_INPUT`; + {{- if include "common.onServiceMesh" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done; psql "postgresql://postgres:$PG_ROOT_PASSWORD@$PG_HOST" < /config/setup.sql env: @@ -98,6 +100,7 @@ spec: name: pgconf resources: {{ include "common.resources" . | indent 12 }} + {{ include "common.waitForJobContainer" . | indent 6 | trim }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} diff --git a/kubernetes/common/postgres-init/values.yaml b/kubernetes/common/postgres-init/values.yaml index 7bcd8e23b4..d6d51f0b51 100644 --- a/kubernetes/common/postgres-init/values.yaml +++ b/kubernetes/common/postgres-init/values.yaml @@ -89,3 +89,7 @@ resources: cpu: 1 memory: 2Gi unlimited: {} + +wait_for_job_container: + containers: + - '{{ include "common.name" . }}-update-config'
\ No newline at end of file |