diff options
Diffstat (limited to 'kubernetes/common')
-rw-r--r-- | kubernetes/common/certInitializer/templates/_certInitializer.yaml | 3 | ||||
-rw-r--r-- | kubernetes/common/common/templates/_pod.tpl | 21 | ||||
-rw-r--r-- | kubernetes/common/common/templates/_utils.tpl | 41 | ||||
-rw-r--r-- | kubernetes/common/postgres/templates/_deployment.tpl | 15 | ||||
-rw-r--r-- | kubernetes/common/readinessCheck/Chart.yaml (renamed from kubernetes/common/common/templates/_tplValue.tpl) | 20 | ||||
-rw-r--r-- | kubernetes/common/readinessCheck/requirements.yaml | 18 | ||||
-rw-r--r-- | kubernetes/common/readinessCheck/templates/_readinessCheck.tpl | 68 | ||||
-rw-r--r-- | kubernetes/common/readinessCheck/values.yaml | 25 |
8 files changed, 190 insertions, 21 deletions
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml index 7ac360b4eb..eddc7bc124 100644 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -41,8 +41,7 @@ {{- $dot := default . .dot -}} {{- $initRoot := default $dot.Values.certInitializer .initRoot -}} {{- $initName := default "certInitializer" -}} -{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}} -{{- $subchartDot := mergeOverwrite (deepCopy (omit $dot "Values")) (dict "Chart" (set (fromJson (toJson $dot.Chart)) "Name" $initRoot.nameOverride) "Values" (mergeOverwrite (deepCopy $initRoot) (dict "global" $dot.Values.global))) }} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} - name: {{ include "common.name" $dot }}-aaf-readiness image: "{{ $subchartDot.Values.global.readinessRepository }}/{{ $subchartDot.Values.global.readinessImage }}" imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} diff --git a/kubernetes/common/common/templates/_pod.tpl b/kubernetes/common/common/templates/_pod.tpl index d3fc25ad6e..de2548562d 100644 --- a/kubernetes/common/common/templates/_pod.tpl +++ b/kubernetes/common/common/templates/_pod.tpl @@ -47,3 +47,24 @@ {{- end }} {{- end }} {{- end -}} + +{{/* + Generate securityContext for pod +*/}} +{{- define "common.podSecurityContext" -}} +securityContext: + runAsUser: {{ .Values.securityContext.user_id }} + runAsGroup: {{ .Values.securityContext.group_id }} + fsGroup: {{ .Values.securityContext.group_id }} +{{- end }} + +{{/* + Generate securityContext for container +*/}} +{{- define "common.containerSecurityContext" -}} +securityContext: + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false +{{- end }} + diff --git a/kubernetes/common/common/templates/_utils.tpl b/kubernetes/common/common/templates/_utils.tpl new file mode 100644 index 0000000000..ece786f49f --- /dev/null +++ b/kubernetes/common/common/templates/_utils.tpl @@ -0,0 +1,41 @@ +{{/* +# Copyright © 2019 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplValue" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} + +{{/* +Retrieve values from the subchart, not from the main chart +Usage: +{{- $initRoot := default $dot.Values.subChartName .initRoot -}} +{{ $subchartDot := fromJson (include "common.subChartDot" (dict "dot" . "initRoot" $initRoot)) }} +*/}} +{{- define "common.subChartDot" }} +{{- $initRoot := .initRoot }} +{{- $dot := .dot }} +{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}} +{{ mergeOverwrite (deepCopy (omit $dot "Values")) (dict "Chart" (set (fromJson (toJson $dot.Chart)) "Name" $initRoot.nameOverride) "Values" (mergeOverwrite (deepCopy $initRoot) (dict "global" $dot.Values.global))) | toJson }} +{{- end -}} diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index e3ac66933f..b1aae5f50d 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -44,19 +44,26 @@ spec: - sh args: - -c - - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + - | + function prepare_password { + echo -n $1 | sed -e "s/'/''/g" + } + export PG_PRIMARY_PASSWORD=`prepare_password $PG_PRIMARY_PASSWORD_INPUT`; + export PG_PASSWORD=`prepare_password $PG_PASSWORD_INPUT`; + export PG_ROOT_PASSWORD=`prepare_password $PG_ROOT_PASSWORD_INPUT`; + cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done env: - name: PG_PRIMARY_USER value: primaryuser - - name: PG_PRIMARY_PASSWORD + - name: PG_PRIMARY_PASSWORD_INPUT {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }} - name: PG_USER {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }} - - name: PG_PASSWORD + - name: PG_PASSWORD_INPUT {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }} - name: PG_DATABASE value: "{{ $dot.Values.config.pgDatabase }}" - - name: PG_ROOT_PASSWORD + - name: PG_ROOT_PASSWORD_INPUT {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input/setup.sql diff --git a/kubernetes/common/common/templates/_tplValue.tpl b/kubernetes/common/readinessCheck/Chart.yaml index b74ecbda19..5aaad668f7 100644 --- a/kubernetes/common/common/templates/_tplValue.tpl +++ b/kubernetes/common/readinessCheck/Chart.yaml @@ -1,5 +1,4 @@ -{{/* -# Copyright © 2019 Orange +# Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,17 +11,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} -{{/* -Renders a value that contains template. -Usage: -{{ include "common.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "common.tplValue" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} +apiVersion: v1 +description: Template used to wait for other deployment/sts/jobs in onap +name: readinessCheck +version: 6.0.0 diff --git a/kubernetes/common/readinessCheck/requirements.yaml b/kubernetes/common/readinessCheck/requirements.yaml new file mode 100644 index 0000000000..237f1d1354 --- /dev/null +++ b/kubernetes/common/readinessCheck/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: 'file://../common' diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl new file mode 100644 index 0000000000..5c70e78735 --- /dev/null +++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl @@ -0,0 +1,68 @@ +{{/* +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + Generate readiness part for a pod + Will look by default to .Values.wait_for + + Value of wait_for is an array of all pods /jobs to wait: + + Example: + + wait_for: + - aaf-locate + - aaf-cm + - aaf-service + + The function can takes two arguments (inside a dictionary): + - .dot : environment (.) + - .wait_for : list of containers / jobs to wait for (default to + .Values.wait_for) + + Example calls: + {{ include "common.readinessCheck.waitFor" . }} + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.where.my.wait_for.is ) }} +*/}} +{{- define "common.readinessCheck.waitFor" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.readinessCheck .initRoot -}} +{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}} +{{- $subchartDot := include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot) }} +{{- $wait_for := default $dot.Values.wait_for .wait_for -}} +- name: {{ include "common.name" $dot }}-{{ $wait_for.name }}-readiness + image: "{{ $subchartDot.Values.global.readinessRepository }}/{{ $subchartDot.Values.global.readinessImage }}" + imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} + command: + - /root/ready.py + args: + {{- range $container := $wait_for.containers }} + - --container-name + - {{ tpl $container $dot }} + {{- end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + resources: + limits: + cpu: {{ $subchartDot.Values.limits.cpu }} + memory: {{ $subchartDot.Values.limits.memory }} + requests: + cpu: {{ $subchartDot.Values.requests.cpu }} + memory: {{ $subchartDot.Values.requests.memory }} +{{- end -}} diff --git a/kubernetes/common/readinessCheck/values.yaml b/kubernetes/common/readinessCheck/values.yaml new file mode 100644 index 0000000000..8417407a99 --- /dev/null +++ b/kubernetes/common/readinessCheck/values.yaml @@ -0,0 +1,25 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + readinessRepository: oomk8s + readinessImage: readiness-check:2.2.1 + pullPolicy: Always + +limits: + cpu: 100m + memory: 100Mi +requests: + cpu: 3m + memory: 20Mi |