diff options
Diffstat (limited to 'kubernetes/common')
13 files changed, 223 insertions, 16 deletions
diff --git a/kubernetes/common/cassandra/requirements.yaml b/kubernetes/common/cassandra/requirements.yaml index 501cc89a44..f2860ff140 100644 --- a/kubernetes/common/cassandra/requirements.yaml +++ b/kubernetes/common/cassandra/requirements.yaml @@ -20,3 +20,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: 'file://../repositoryGenerator' + - name: serviceAccount + version: ~8.x-0 + repository: 'file://../serviceAccount' diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index 3553cd4069..840e95b490 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -28,6 +28,8 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: hostNetwork: {{ .Values.hostNetwork }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} @@ -111,14 +113,6 @@ spec: value: {{ default "GossipingPropertyFileSnitch" .Values.config.endpoint_snitch | quote }} - name: CASSANDRA_AUTHENTICATOR value: {{ default "PasswordAuthenticator" .Values.config.authenticator | quote }} - {{- if include "common.onServiceMesh" . }} - - name: CASSANDRA_LISTEN_ADDRESS - value: "127.0.0.1" - - name: CASSANDRA_BROADCAST_ADDRESS - valueFrom: - fieldRef: - fieldPath: status.podIP - {{- end }} - name: POD_IP valueFrom: fieldRef: @@ -138,6 +132,7 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "nothing" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml index 9f19bf5c14..1d69993956 100644 --- a/kubernetes/common/cassandra/values.yaml +++ b/kubernetes/common/cassandra/values.yaml @@ -162,3 +162,9 @@ backup: - name: system_traces - name: system_auth - name: system_distributed + +#Pods Service Account +serviceAccount: + nameOverride: cassandra + roles: + - nothing diff --git a/kubernetes/common/common/templates/_dmaapProvisioning.tpl b/kubernetes/common/common/templates/_dmaapProvisioning.tpl new file mode 100644 index 0000000000..704bd06a49 --- /dev/null +++ b/kubernetes/common/common/templates/_dmaapProvisioning.tpl @@ -0,0 +1,186 @@ +{{/* +################################################################################ +# Copyright (C) 2021 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +{{/* + This template generates a Kubernetes init containers common template to enable applications to provision + DMaaP topics (on Message Router) and feeds (on Data Router), with associated authorization (on AAF). + DMaap Bus Controller endpoints are used to provision: + - Authorized topic on MR, and to create and grant permission for publishers and subscribers. + - Feed on DR, with associated user authentication. + + common.dmaap.provisioning.initContainer: + This template make use of Dmaap Bus Controller docker image to create resources on Dmaap Data Router + microservice, with the help of dbc-client.sh script it makes use of Bus Controller API to create Feed, Topics. + If the resource creation is successful via script response is logged back at particular location with + appropriate naming convention. + + More details can be found at : + (https://wiki.onap.org/pages/viewpage.action?pageId=103417564) + + The template directly references data in .Values, and indirectly (through its + use of templates from the ONAP "common" collection) references data in .Release. + + Parameter for _dmaapProvisioning to be defined in values.yaml + # DataRouter Feed Configuration + drFeedConfig: + - feedName: bulk_pm_feed + owner: dcaecm + feedVersion: 0.0 + asprClassification: unclassified + feedDescription: DFC Feed Creation + + # DataRouter Publisher Configuration + drPubConfig: + - feedName: bulk_pm_feed + dcaeLocationName: loc00 + + # DataRouter Subscriber Configuration + drSubConfig: + - feedName: bulk_pm_feed + decompress: True + dcaeLocationName: loc00 + privilegedSubscriber: True + deliveryURL: https://dcae-pm-mapper:8443/delivery + + # MessageRouter Topic, Publisher Configuration + mrTopicsConfig: + - topicName: PERFORMANCE_MEASUREMENTS + topicDescription: Description about Topic + owner: dcaecm + tnxEnabled: false + clients: + - dcaeLocationName: san-francisco + clientRole: org.onap.dcae.pmPublisher + action: + - pub + - view + + # ConfigMap Configuration for DR Feed, Dr_Publisher, Dr_Subscriber, MR Topics + volumes: + - name: feeds-config + path: /opt/app/config/feeds + - name: drpub-config + path: /opt/app/config/dr_pubs + - name: drsub-config + path: /opt/app/config/dr_subs + - name: topics-config + path: /opt/app/config/topics + + In deployments/jobs/stateful include: + initContainers: + {{- include "common.dmaap.provisioning.initContainer" . | nindent XX }} + volumes: + {{- include "common.dmaap.provisioning._volumes" . | nindent XX -}} +*/}} + +{{- define "common.dmaap.provisioning._volumeMounts" -}} +{{- $dot := default . .dot -}} +- mountPath: /opt/app/config/cache + name: dbc-response-cache +{{- range $name, $volume := $dot.Values.volumes }} +- name: {{ $volume.name }} + mountPath: {{ $volume.path }} +{{- end }} +{{- end -}} + +{{- define "common.dmaap.provisioning._volumes" -}} +{{- $dot := default . .dot -}} +- name: dbc-response-cache + emptyDir: {} +{{- range $name, $volume := $dot.Values.volumes }} +- name: {{ $volume.name }} + configMap: + defaultMode: 420 + name: {{ include "common.fullname" $dot }}-{{ printf "%s" $volume.name }} +{{- end }} +{{- end -}} + +{{- define "common.dmaap.provisioning.initContainer" -}} +{{- $dot := default . .dot -}} +{{- $drFeedConfig := default $dot.Values.drFeedConfig .drFeedConfig -}} +{{- $mrTopicsConfig := default $dot.Values.mrTopicsConfig .mrTopicsConfig -}} +{{- if or $drFeedConfig $mrTopicsConfig -}} +- name: {{ include "common.name" $dot }}-init-dmaap-provisioning + image: {{ include "repositoryGenerator.image.dbcClient" $dot }} + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} + env: + - name: RESP_CACHE + value: /opt/app/config/cache + - name: REQUESTID + value: "{{ include "common.name" $dot }}-dmaap-provisioning" + {{- range $cred := $dot.Values.credentials }} + - name: {{ $cred.name }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $cred.uid "key" $cred.key) | nindent 4 }} + {{- end }} + volumeMounts: + {{- include "common.dmaap.provisioning._volumeMounts" $dot | trim | nindent 2 }} + resources: {{ include "common.resources" $dot | nindent 1 }} +- name: {{ include "common.name" $dot }}-init-merge-config + image: {{ include "repositoryGenerator.image.envsubst" $dot }} + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} + command: + - /bin/sh + args: + - -c + - | + if [ -d /opt/app/config/cache ]; then + cd /opt/app/config/cache + for file in $(ls feed*); do + NUM=$(echo "$file" | sed 's/feedConfig-\([0-9]\+\)-resp.json/\1/') + export DR_LOG_URL_"$NUM"="$(grep -o '"logURL":"[^"]*' "$file" | cut -d '"' -f4)" + export DR_FILES_PUBLISHER_URL_"$NUM"="$(grep -o '"publishURL":"[^"]*' "$file" | cut -d '"' -f4)" + done + for file in $(ls drpub*); do + NUM=$(echo "$file" | sed 's/drpubConfig-\([0-9]\+\)-resp.json/\1/') + export DR_USERNAME_"$NUM"="$(grep -o '"username":"[^"]*' "$file" | cut -d '"' -f4)" + export DR_PASSWORD_"$NUM"="$(grep -o '"userpwd":"[^"]*' "$file" | cut -d '"' -f4)" + export DR_FILES_PUBLISHER_ID_"$NUM"="$(grep -o '"pubId":"[^"]*' "$file" | cut -d '"' -f4)" + done + for file in $(ls drsub*); do + NUM=$(echo "$file" | sed 's/drsubConfig-\([0-9]\+\)-resp.json/\1/') + export DR_FILES_SUBSCRIBER_ID_"$NUM"="$(grep -o '"subId":"[^"]*' "$file" | cut -d '"' -f4)" + done + for file in $(ls topics*); do + NUM=$(echo "$file" | sed 's/topicsConfig-\([0-9]\+\)-resp.json/\1/') + export MR_FILES_PUBLISHER_CLIENT_ID_"$NUM"="$(grep -o '"mrClientId":"[^"]*' "$file" | cut -d '"' -f4)" + done + else + echo "No Response logged for Dmaap BusController Http POST Request..!" + fi + cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done + env: + {{- range $cred := $dot.Values.credentials }} + - name: {{ $cred.name }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $cred.uid "key" $cred.key) | nindent 4 }} + {{- end }} + volumeMounts: + - mountPath: /opt/app/config/cache + name: dbc-response-cache + - mountPath: /config-input + name: app-config-input + - mountPath: /config + name: app-config + resources: + limits: + cpu: 200m + memory: 250Mi + requests: + cpu: 100m + memory: 200Mi +{{- end -}} +{{- end -}}
\ No newline at end of file diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml index b91ac76056..a3f15645a3 100644 --- a/kubernetes/common/elasticsearch/values.yaml +++ b/kubernetes/common/elasticsearch/values.yaml @@ -279,7 +279,6 @@ certInitializer: aaf_add_config: > cd {{ .Values.credsPath }}; mkdir -p certs; - export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password; openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12; cp {{ .Values.fqi_namespace }}.key certs/key.pem; diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index 48c8b6d0cc..c8c0ffa0b2 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -48,6 +48,8 @@ spec: tolerations: {{ toYaml .Values.tolerations | indent 8 }} {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.googleK8sRepository" . }}/{{ .Values.image }} diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml index ad97cd4ed6..96d1dc54a4 100644 --- a/kubernetes/common/mariadb-init/templates/job.yaml +++ b/kubernetes/common/mariadb-init/templates/job.yaml @@ -63,9 +63,9 @@ spec: /db_config/db_cmd.sh{{ end }} env: - name: DB_HOST - value: "{{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.serviceName }}" + value: {{ include "common.mariadbService" . }} - name: DB_PORT - value: "{{ default .Values.global.mariadbGalera.servicePort .Values.mariadbGalera.servicePort }}" + value: {{ include "common.mariadbPort" . | quote }} - name: MYSQL_ROOT_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }} - name: {{ printf "MYSQL_USER_%s" .Values.config.mysqlDatabase | upper }} @@ -83,10 +83,10 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - name: mariadb-conf + - name: mariadb-init mountPath: /db_init/ {{- if or .Values.dbScriptConfigMap .Values.dbScript }} - - name: mariadb-init + - name: mariadb-conf mountPath: /db_config/ {{- end }} resources: @@ -104,7 +104,7 @@ spec: hostPath: path: /etc/localtime {{- if or .Values.dbScriptConfigMap .Values.dbScript }} - - name: mariadb-init + - name: mariadb-conf configMap: {{- if .Values.dbScriptConfigMap }} name: {{ tpl .Values.dbScriptConfigMap . }} @@ -113,7 +113,7 @@ spec: {{- end }} defaultMode: 0755 {{- end }} - - name: mariadb-conf + - name: mariadb-init configMap: name: {{ include "mariadbInit.configMap" . }} defaultMode: 0755 diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml index 73186b392d..11602054e8 100644 --- a/kubernetes/common/mongo/templates/statefulset.yaml +++ b/kubernetes/common/mongo/templates/statefulset.yaml @@ -37,6 +37,8 @@ spec: release: {{ include "common.release" . }} spec: {{ include "common.podSecurityContext" . | indent 6 }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} diff --git a/kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml b/kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml index 1aabfb6bcc..d80e70b5fb 100644 --- a/kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml +++ b/kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml @@ -41,6 +41,8 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} diff --git a/kubernetes/common/music/templates/deployment.yaml b/kubernetes/common/music/templates/deployment.yaml index 1e5d3c5377..53d5a366f7 100644 --- a/kubernetes/common/music/templates/deployment.yaml +++ b/kubernetes/common/music/templates/deployment.yaml @@ -23,6 +23,8 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" initContainers: - name: {{ include "common.name" . }}-cassandra-readiness image: {{ include "repositoryGenerator.image.readiness" . }} diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index 7d04501f24..d93d401ebc 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -42,6 +42,8 @@ spec: release: {{ include "common.release" $dot }} name: "{{ index $dot.Values "container" "name" $pgMode }}" spec: + imagePullSecrets: + - name: "{{ include "common.namespace" $dot }}-docker-registry-key" initContainers: - command: - sh diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl index 211cf1c599..1662985d0a 100644 --- a/kubernetes/common/repositoryGenerator/templates/_repository.tpl +++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada -# Copyright © 2021 AT&T +# Copyright © 2021 AT&T +# Modifications Copyright (C) 2021 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -132,6 +133,10 @@ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "readinessImage") .) }} {{- end -}} +{{- define "repositoryGenerator.image.dbcClient" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "dbcClientImage") .) }} +{{- end -}} + {{/* Resolve the image repository secret token. The value for .Values.global.repositoryCred is used if provided: diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml index 2a01112ce6..f4104538f7 100644 --- a/kubernetes/common/repositoryGenerator/values.yaml +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2020 Orange # Copyright © 2021 Nokia, AT&T +# Modifications Copyright (C) 2021 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -35,6 +36,7 @@ global: postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 readinessImage: onap/oom/readiness:3.0.1 dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 + dbcClientImage: onap/dmaap/dbc-client:2.0.7 # Default credentials # they're optional. If the target repository doesn't need them, comment them @@ -66,3 +68,4 @@ imageRepoMapping: postgresImage: dockerHubRepository readinessImage: repository dcaePolicySyncImage: repository + dbcClientImage: repository |