diff options
Diffstat (limited to 'kubernetes/common')
25 files changed, 1175 insertions, 26 deletions
diff --git a/kubernetes/common/common/templates/_createPassword.tpl b/kubernetes/common/common/templates/_createPassword.tpl new file mode 100644 index 0000000000..938b0ee514 --- /dev/null +++ b/kubernetes/common/common/templates/_createPassword.tpl @@ -0,0 +1,62 @@ +{{/* +# Copyright © 2019 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + Resolve the master password to be used to derive other passwords. The value of + .Values.masterPassword is used by default, unless either override mechanism is + used: + + - .Values.global.masterPassword : override default master password for all charts + - .Values.masterPasswordOverride : override global and default masterPassword on a per chart basis +*/}} +{{- define "common.masterPassword" -}} + {{ if .Values.masterPasswordOverride }} + {{- printf "%d" .Values.masterPasswordOverride -}} + {{ else if .Values.global.masterPassword }} + {{- printf "%d" .Values.global.masterPassword -}} + {{ else if .Values.masterPassword }} + {{- printf "%d" .Values.masterPassword -}} + {{ else }} + {{ fail "masterPassword not provided" }} + {{ end }} +{{- end -}} + +{{/* + Generate a new password based on masterPassword. The new password is not + random, it is derived from masterPassword, fully qualified chart name and + additional uid provided by the user. This ensures that every time when we + run this function from the same place, with the same password and uid we + get the same results. This allows to avoid password changes while you are + doing upgrade. + + The function can take from one to three arguments (inside a dictionary): + - .dot : environment (.) + - .uid : unique identifier of password to be generated within this particular chart. Use only when you create more than a single password within one chart + - .strength : complexity of derived password. See derivePassword documentation for more details + + Example calls: + + {{ include "common.createPassword" . }} + {{ include "common.createPassword" (dict "dot" . "uid" "mysqlRootPasswd") }} + +*/}} +{{- define "common.createPassword" -}} + {{- $dot := default . .dot -}} + {{- $uid := default "onap" .uid -}} + {{- $strength := default "long" .strength -}} + {{- $mp := include "common.masterPassword" $dot -}} + {{- derivePassword 1 $strength $mp (include "common.fullname" $dot) $uid -}} +{{- end -}} diff --git a/kubernetes/common/common/templates/_mariadb.tpl b/kubernetes/common/common/templates/_mariadb.tpl new file mode 100644 index 0000000000..cd7142fd73 --- /dev/null +++ b/kubernetes/common/common/templates/_mariadb.tpl @@ -0,0 +1,59 @@ +{{/* +# Copyright © 2019 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + Choose the name of the mariadb service to use. +*/}} +{{- define "common.mariadbService" -}} + {{- if .Values.global.mariadbGalera.localCluster -}} + {{- index .Values "mariadb-galera" "service" "name" -}} + {{- else -}} + {{- .Values.global.mariadbGalera.service -}} + {{- end -}} +{{- end -}} + +{{/* + Choose the value of mariadb port to use. +*/}} +{{- define "common.mariadbPort" -}} + {{- if .Values.global.mariadbGalera.localCluster -}} + {{- index .Values "mariadb-galera" "service" "internalPort" -}} + {{- else -}} + {{- .Values.global.mariadbGalera.internalPort -}} + {{- end -}} +{{- end -}} + +{{/* + Choose the value of secret to retrieve user value. +*/}} +{{- define "common.mariadbSecret" -}} + {{- if .Values.global.mariadbGalera.localCluster -}} + {{ printf "%s-%s" (include "common.fullname" .) (index .Values "mariadb-galera" "nameOverride") -}} + {{- else -}} + {{ printf "%s-%s" (.Release.Name) (index .Values "mariadb-init" "nameOverride") -}} + {{- end -}} +{{- end -}} + +{{/* + Choose the value of secret param to retrieve user value. +*/}} +{{- define "common.mariadbSecretParam" -}} + {{- if .Values.global.mariadbGalera.localCluster -}} + {{ printf "user-password" -}} + {{- else -}} + {{ printf "db-user-password" -}} + {{- end -}} +{{- end -}} diff --git a/kubernetes/common/common/templates/_name.tpl b/kubernetes/common/common/templates/_name.tpl index 4299984673..f84ca21f3a 100644 --- a/kubernetes/common/common/templates/_name.tpl +++ b/kubernetes/common/common/templates/_name.tpl @@ -28,4 +28,14 @@ {{- define "common.fullname" -}} {{- $name := default .Chart.Name .Values.nameOverride -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}}
\ No newline at end of file +{{- end -}} + +{{/* + Retrieve the "original" release from the component release: + if ONAP is deploy with "helm deploy --name toto", then cassandra components + will have "toto-cassandra" as release name. + this function would answer back "toto". +*/}} +{{- define "common.release" -}} + {{- regexReplaceAll "-[a-zA-Z0-9]*$" .Release.Name "" }} +{{- end -}} diff --git a/kubernetes/common/common/templates/_storageClass.tpl b/kubernetes/common/common/templates/_storageClass.tpl new file mode 100644 index 0000000000..8fd1f9772b --- /dev/null +++ b/kubernetes/common/common/templates/_storageClass.tpl @@ -0,0 +1,57 @@ +{{/* +# Copyright © 2019 Amdocs, Bell Canada, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + Expand the name of the storage class. + The value "common.fullname"-data is used by default, + unless either override mechanism is used. + + - .Values.global.persistence.storageClass : override default storageClass for all charts + - .Values.persistence.storageClassOverride : override global and default storage class on a per chart basis + - .Values.persistence.storageClass : override default storage class on a per chart basis +*/}} +{{- define "common.storageClass" -}} + {{- if .Values.persistence.storageClassOverride -}} + {{- if ne "-" .Values.persistence.storageClassOverride -}} + {{- printf "%s" .Values.persistence.storageClassOverride -}} + {{- else -}} + {{- $storage_class := "" -}} + {{- printf "%q" $storage_class -}} + {{- end -}} + {{- else -}} + {{- if or .Values.persistence.storageClass .Values.global.persistence.storageClass }} + {{- if ne "-" (default .Values.persistence.storageClass .Values.global.persistence.storageClass) -}} + {{- printf "%s" (default .Values.persistence.storageClass .Values.global.persistence.storageClass) -}} + {{- else -}} + {{- $storage_class := "" -}} + {{- printf "%q" $storage_class -}} + {{- end -}} + {{- else -}} + {{- printf "%s-data" (include "common.fullname" .) -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* + Calculate if we need a PV. If a storageClass is provided, then we don't need. +*/}} +{{- define "common.needPV" -}} +{{- if or (or .Values.persistence.storageClassOverride .Values.persistence.storageClass) .Values.global.persistence.storageClass -}} + False +{{- else -}} + True +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/mariadb-galera/.helmignore b/kubernetes/common/mariadb-galera/.helmignore index f0c1319444..f3d010c5f7 100644 --- a/kubernetes/common/mariadb-galera/.helmignore +++ b/kubernetes/common/mariadb-galera/.helmignore @@ -19,3 +19,6 @@ .project .idea/ *.tmproj + +# Unit tests folder +tests diff --git a/kubernetes/common/mariadb-galera/templates/configmap.yaml b/kubernetes/common/mariadb-galera/templates/configmap.yaml index 9c9a248f35..ff6e119b0c 100644 --- a/kubernetes/common/mariadb-galera/templates/configmap.yaml +++ b/kubernetes/common/mariadb-galera/templates/configmap.yaml @@ -12,19 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-confd - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/mariadb/conf.d/*").AsConfig . | indent 2 }} ---- {{- if .Values.externalConfig }} apiVersion: v1 kind: ConfigMap @@ -39,4 +26,4 @@ metadata: data: my_extra.cnf: | {{ .Values.externalConfig | indent 4 }} -{{- end -}}
\ No newline at end of file +{{- end -}} diff --git a/kubernetes/common/mariadb-galera/templates/pv.yaml b/kubernetes/common/mariadb-galera/templates/pv.yaml index a2096fdef3..96bd94ee3a 100644 --- a/kubernetes/common/mariadb-galera/templates/pv.yaml +++ b/kubernetes/common/mariadb-galera/templates/pv.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2019 Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,12 +14,13 @@ # limitations under the License. */}} {{- $global := . }} -{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) -}} -{{- range $i, $t := until (int $global.Values.replicaCount)}} +{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} +{{- if eq "True" (include "common.needPV" .) -}} +{{- range $i := until (int $global.Values.replicaCount)}} kind: PersistentVolume apiVersion: v1 metadata: - name: {{ include "common.fullname" $global }}-data{{$i}} + name: {{ include "common.fullname" $global }}-data-{{$i}} namespace: {{ include "common.namespace" $global }} labels: app: {{ include "common.fullname" $global }} @@ -35,7 +36,10 @@ spec: persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} storageClassName: "{{ include "common.fullname" $global }}-data" hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ $global.Release.Name }}/{{ $global.Values.persistence.mountSubPath }}{{$i}} + path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ $global.Release.Name }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} +{{if ne $i (int $global.Values.replicaCount) }} --- {{- end -}} {{- end -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml index b0b7174811..2e770367b3 100644 --- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml +++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml @@ -130,11 +130,8 @@ spec: spec: accessModes: - {{ .Values.persistence.accessMode | quote }} - storageClassName: {{ include "common.fullname" . }}-data + storageClassName: {{ include "common.storageClass" . }} resources: requests: storage: {{ .Values.persistence.size | quote }} - selector: - matchLabels: - name: {{ include "common.fullname" . }} {{- end }} diff --git a/kubernetes/common/mariadb-galera/tests/pv_test.yaml b/kubernetes/common/mariadb-galera/tests/pv_test.yaml new file mode 100644 index 0000000000..cd4007960b --- /dev/null +++ b/kubernetes/common/mariadb-galera/tests/pv_test.yaml @@ -0,0 +1,35 @@ +--- +suite: test pv behavior +templates: + - pv.yaml +tests: + - it: 'should render "" (global case))' + values: + - ./values/persistence.yaml + set: + global.persistence.storageClass: "-" + asserts: + - isEmpty: + + - it: 'should "" (override case)' + values: + - ./values/persistence.yaml + set: + global.persistence.storageClass: "global" + persistence.storageClassOverride: "-" + asserts: + - isEmpty: + + - it: 'should "" (local case)' + values: + - ./values/persistence.yaml + set: + persistence.storageClass: "-" + asserts: + - isEmpty: + + - it: 'should render "RELEASE-NAME-mariadb-galera-data" as storageClassname' + asserts: + - equal: + path: spec.storageClassName + value: "RELEASE-NAME-mariadb-galera-data" diff --git a/kubernetes/common/mariadb-galera/tests/storage_class_test.yaml b/kubernetes/common/mariadb-galera/tests/storage_class_test.yaml new file mode 100644 index 0000000000..9b7bdcb550 --- /dev/null +++ b/kubernetes/common/mariadb-galera/tests/storage_class_test.yaml @@ -0,0 +1,67 @@ +--- +suite: test storage class behavior +templates: + - statefulset.yaml +tests: + - it: 'should render "" as storageClassname (global case)' + values: + - ./values/persistence.yaml + set: + global.persistence.storageClass: "-" + asserts: + - isEmpty: + path: spec.volumeClaimTemplates[0].spec.storageClassName + + - it: 'should "" as storageClassname (override case)' + values: + - ./values/persistence.yaml + set: + global.persistence.storageClass: "global" + persistence.storageClassOverride: "-" + asserts: + - isEmpty: + path: spec.volumeClaimTemplates[0].spec.storageClassName + + - it: 'should "" as storageClassname (local case)' + values: + - ./values/persistence.yaml + set: + persistence.storageClass: "-" + asserts: + - isEmpty: + path: spec.volumeClaimTemplates[0].spec.storageClassName + + - it: 'should render "global" as storageClassname' + values: + - ./values/persistence.yaml + set: + global.persistence.storageClass: "global" + asserts: + - equal: + path: spec.volumeClaimTemplates[0].spec.storageClassName + value: "global" + + - it: 'should render "local" as storageClassname' + values: + - ./values/persistence.yaml + asserts: + - equal: + path: spec.volumeClaimTemplates[0].spec.storageClassName + value: "local" + + - it: 'should render "override" as storageClassname' + values: + - ./values/persistence.yaml + set: + global.persistence.storageClass: "global" + persistence.storageClassOverride: "override" + asserts: + - equal: + path: spec.volumeClaimTemplates[0].spec.storageClassName + value: "override" + + - it: 'should render "RELEASE-NAME-mariadb-galera-data" as storageClassname' + asserts: + - equal: + path: spec.volumeClaimTemplates[0].spec.storageClassName + value: "RELEASE-NAME-mariadb-galera-data" diff --git a/kubernetes/common/mariadb-galera/tests/values/persistence.yaml b/kubernetes/common/mariadb-galera/tests/values/persistence.yaml new file mode 100644 index 0000000000..a282f74318 --- /dev/null +++ b/kubernetes/common/mariadb-galera/tests/values/persistence.yaml @@ -0,0 +1,6 @@ +--- +persistence: + enabled: true + existingClaim: false + size: 10Gb + storageClass: "local" diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index a662b1e04a..14215e46de 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -35,7 +35,7 @@ global: #repository: mysql repository: nexus3.onap.org:10001 image: adfinissygroup/k8s-mariadb-galera-centos:v002 -backupImage: library/mariadb:10.1.38 +backupImage: library/mariadb:10.1.38 imageInit: busybox pullPolicy: IfNotPresent @@ -91,7 +91,7 @@ persistence: mountSubPath: "mariadb-galera/data" mysqlPath: /var/lib/mysql backup: - mountPath: /dockerdata-nfs/backup + mountPath: /dockerdata-nfs/backup{{- if or (or .Values.storageClassOverride .Values.persistence.storageClass) .Values.global.persistence.storageClass -}} service: internalPort: 3306 diff --git a/kubernetes/common/mariadb-init/.helmignore b/kubernetes/common/mariadb-init/.helmignore new file mode 100644 index 0000000000..dadf202953 --- /dev/null +++ b/kubernetes/common/mariadb-init/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj + +tests diff --git a/kubernetes/common/mariadb-init/Chart.yaml b/kubernetes/common/mariadb-init/Chart.yaml new file mode 100644 index 0000000000..47b8b8f11c --- /dev/null +++ b/kubernetes/common/mariadb-init/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Chart for MariaDB Galera init job +name: mariadb-init +version: 5.0.0 diff --git a/kubernetes/common/mariadb-init/requirements.yaml b/kubernetes/common/mariadb-init/requirements.yaml new file mode 100644 index 0000000000..d323ddaa2b --- /dev/null +++ b/kubernetes/common/mariadb-init/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~5.x-0 + repository: 'file://../common'
\ No newline at end of file diff --git a/kubernetes/common/mariadb-init/resources/config/db_init.sh b/kubernetes/common/mariadb-init/resources/config/db_init.sh new file mode 100755 index 0000000000..304835bdd5 --- /dev/null +++ b/kubernetes/common/mariadb-init/resources/config/db_init.sh @@ -0,0 +1,32 @@ +#!/bin/sh +# Copyright © 2019 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +echo "Creating database {{ .Values.config.mysqlDatabase }} and user {{ .Values.config.userName }}..." + +mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE OR REPLACE USER '{{ .Values.config.userName }}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'" +mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE DATABASE IF NOT EXISTS {{ .Values.config.mysqlDatabase }}" +mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "GRANT ALL PRIVILEGES ON {{ .Values.config.mysqlDatabase }}.* TO '{{ .Values.config.userName }}'@'%'" + +echo "Created database {{ .Values.config.mysqlDatabase }} and user {{ .Values.config.userName }}." + +{{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases -}} +echo "Creating database {{ $db }} and user {{ $dbInfos.user }}..." + +mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE OR REPLACE USER '{{ $dbInfos.user }}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD_{{ $db | upper }}}'" +mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE DATABASE IF NOT EXISTS {{ $db }}" +mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "GRANT ALL PRIVILEGES ON {{ $db }}.* TO '{{ $dbInfos.user }}'@'%'" + +echo "Created database {{ $db }} and user {{ $dbInfos.user }}." +{{ end }} diff --git a/kubernetes/common/mariadb-init/templates/_configmap.tpl b/kubernetes/common/mariadb-init/templates/_configmap.tpl new file mode 100644 index 0000000000..ea612a078d --- /dev/null +++ b/kubernetes/common/mariadb-init/templates/_configmap.tpl @@ -0,0 +1,26 @@ +{{/* +# Copyright © 2019 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + Choose the name of the configmap to use. +*/}} +{{- define "mariadbInit.configMap" -}} + {{- if (eq "default" .Values.config.config_map) -}} + {{- include "common.fullname" . -}} + {{- else -}} + {{- printf "%s-%s" (include "common.release" .) .Values.config.config_map -}} + {{- end -}} +{{- end -}} diff --git a/kubernetes/common/mariadb-init/templates/_mariadb.tpl b/kubernetes/common/mariadb-init/templates/_mariadb.tpl new file mode 100644 index 0000000000..4f111a5f40 --- /dev/null +++ b/kubernetes/common/mariadb-init/templates/_mariadb.tpl @@ -0,0 +1,26 @@ +{{/* +# Copyright © 2019 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + Choose the name of the mariadb secret to use. +*/}} +{{- define "mariadbInit.mariadbClusterSecret" -}} + {{- if (eq "default" .Values.global.mariadbGalera.userRootSecret) -}} + {{- printf "%s-mariadb-galera-%s" (include "common.release" .) .Values.global.mariadbGalera.nameOverride -}} + {{- else -}} + {{- .Values.global.mariadbGalera.userRootSecret -}} + {{- end -}} +{{- end -}} diff --git a/kubernetes/common/mariadb-init/templates/configmap.yaml b/kubernetes/common/mariadb-init/templates/configmap.yaml new file mode 100644 index 0000000000..9da03668f5 --- /dev/null +++ b/kubernetes/common/mariadb-init/templates/configmap.yaml @@ -0,0 +1,27 @@ +# Copyright © 2019 Orange +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml new file mode 100644 index 0000000000..679c10c9a3 --- /dev/null +++ b/kubernetes/common/mariadb-init/templates/job.yaml @@ -0,0 +1,105 @@ +# Copyright © 2019 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-config-job + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + backoffLimit: 20 + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + name: {{ include "common.name" . }} + spec: + initContainers: + - name: {{ include "common.name" . }}-readiness + command: + - /root/ready.py + args: + - --container-name + - {{ .Values.global.mariadbGalera.nameOverride }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - bash + - /db_init/db_init.sh + env: + - name: DB_HOST + value: "{{ .Values.global.mariadbGalera.nameOverride }}" + - name: DB_PORT + value: "{{ .Values.global.mariadbGalera.servicePort }}" + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mariadbInit.mariadbClusterSecret" . }} + key: {{ .Values.global.mariadbGalera.userRootSecretKey }} + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: db-user-password +{{- $root := . }} +{{ range $db, $_value := .Values.config.mysqlAdditionalDatabases }} + - name: {{ printf "MYSQL_PASSWORD_%s" $db | upper }} + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" $root }}-secret + key: {{ printf "db-%s-user-password" $db }} +{{ end }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: mariadb-conf + mountPath: /db_init/ + readOnly: true + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: mariadb-conf + configMap: + name: {{ include "mariadbInit.configMap" . }} + - name: localtime + hostPath: + path: /etc/localtime + restartPolicy: Never + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/mariadb-init/templates/secret.yaml b/kubernetes/common/mariadb-init/templates/secret.yaml new file mode 100644 index 0000000000..f30d582110 --- /dev/null +++ b/kubernetes/common/mariadb-init/templates/secret.yaml @@ -0,0 +1,30 @@ +# Copyright © 2017 Amdocs, Bell Canada, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + db-user-password: {{ index .Values.config.userPassword | b64enc | quote }} +{{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }} + {{ printf "db-%s-user-password" $db}}: {{ $dbInfos.password | b64enc | quote }} +{{ end }} diff --git a/kubernetes/common/mariadb-init/tests/configmap_test.yaml b/kubernetes/common/mariadb-init/tests/configmap_test.yaml new file mode 100644 index 0000000000..34914cdb3e --- /dev/null +++ b/kubernetes/common/mariadb-init/tests/configmap_test.yaml @@ -0,0 +1,114 @@ +--- +suite: test configmap behavior +templates: + - configmap.yaml +tests: + - it: "should render with default value" + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: RELEASE-NAME-mariadb-init + - equal: + path: metadata.namespace + value: NAMESPACE + - matchRegex: + path: metadata.labels.app + pattern: mariadb-init + - equal: + path: data + value: + db_init.sh: | + #!/bin/sh + # Copyright © 2019 Orange + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + echo "Creating database ynsaUCru6mUNwGal and user u5WZ1GMSIS1wHZF..." + + mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 + CREATE OR REPLACE USER 'u5WZ1GMSIS1wHZF'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD}'; + CREATE OR REPLACE USER 'u5WZ1GMSIS1wHZF'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'; + CREATE DATABASE IF NOT EXISTS ynsaUCru6mUNwGal; + GRANT ALL PRIVILEGES ON ynsaUCru6mUNwGal.* TO 'u5WZ1GMSIS1wHZF'@'%'; + GRANT ALL PRIVILEGES ON ynsaUCru6mUNwGal.* TO 'u5WZ1GMSIS1wHZF'@'localhost'; + EOF + + echo "Created database ynsaUCru6mUNwGal and user u5WZ1GMSIS1wHZF." + - it: "shoud render with other databases" + set: + config: + userName: testUser + mysqlDatabase: testDB + mysqlAdditionalDatabases: + dbOne: + user: one + password: pwd1 + dbTwo: + user: two + password: pwd2 + asserts: + - equal: + path: data + value: + db_init.sh: | + #!/bin/sh + # Copyright © 2019 Orange + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + echo "Creating database testDB and user testUser..." + + mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 + CREATE OR REPLACE USER 'testUser'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD}'; + CREATE OR REPLACE USER 'testUser'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'; + CREATE DATABASE IF NOT EXISTS testDB; + GRANT ALL PRIVILEGES ON testDB.* TO 'testUser'@'%'; + GRANT ALL PRIVILEGES ON testDB.* TO 'testUser'@'localhost'; + EOF + + echo "Created database testDB and user testUser." + + echo "Creating database dbOne and user one..." + + mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 + CREATE OR REPLACE USER 'one'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD_DBONE}'; + CREATE OR REPLACE USER 'one'@'%' IDENTIFIED BY '${MYSQL_PASSWORD_DBONE}'; + CREATE DATABASE IF NOT EXISTS dbOne; + GRANT ALL PRIVILEGES ON dbOne.* TO 'one'@'%'; + GRANT ALL PRIVILEGES ON dbOne.* TO 'one'@'localhost'; + EOF + + echo "Created database dbOne and user one." + echo "Creating database dbTwo and user two..." + + mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 + CREATE OR REPLACE USER 'two'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD_DBTWO}'; + CREATE OR REPLACE USER 'two'@'%' IDENTIFIED BY '${MYSQL_PASSWORD_DBTWO}'; + CREATE DATABASE IF NOT EXISTS dbTwo; + GRANT ALL PRIVILEGES ON dbTwo.* TO 'two'@'%'; + GRANT ALL PRIVILEGES ON dbTwo.* TO 'two'@'localhost'; + EOF + + echo "Created database dbTwo and user two." diff --git a/kubernetes/common/mariadb-init/tests/job_test.yaml b/kubernetes/common/mariadb-init/tests/job_test.yaml new file mode 100644 index 0000000000..7523ee1c6e --- /dev/null +++ b/kubernetes/common/mariadb-init/tests/job_test.yaml @@ -0,0 +1,307 @@ +--- +suite: test job behavior +templates: + - job.yaml +tests: + - it: "should render with default value (global)" + asserts: + - isKind: + of: Job + - matchRegex: + path: metadata.name + pattern: -mariadb-init-config-job$ + - equal: + path: metadata.namespace + value: NAMESPACE + - matchRegex: + path: metadata.labels.app + pattern: mariadb-init + - matchRegex: + path: spec.template.metadata.labels.app + pattern: mariadb-init + - matchRegex: + path: spec.template.metadata.name + pattern: mariadb-init + - isNull: + path: spec.template.spec.nodeSelector + - isNull: + path: spec.template.spec.affinity + - it: "should render with default value (init container)" + asserts: + - matchRegex: + path: spec.template.spec.initContainers[0].name + pattern: mariadb-init-readiness + - contains: + path: spec.template.spec.initContainers[0].args + content: mariadb-galera + - equal: + path: spec.template.spec.initContainers[0].image + value: oomk8s/readiness-check:2.0.2 + - equal: + path: spec.template.spec.initContainers[0].imagePullPolicy + value: IfNotPresent + - it: "should render with default value (container)" + asserts: + - matchRegex: + path: spec.template.spec.containers[0].name + pattern: mariadb-init + - equal: + path: spec.template.spec.containers[0].image + value: nexus3.onap.org:10001/mariadb:10.1.38 + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: IfNotPresent + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_HOST + value: mariadb-galera + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_PORT + value: "3306" + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-galera-mariadb-galera + key: db-root-password + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-init-secret + key: db-user-password + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: mariadb-conf + mountPath: /db_init/ + readOnly: true + - equal: + path: spec.template.spec.containers[0].resources.limits.cpu + value: 100m + - equal: + path: spec.template.spec.containers[0].resources.limits.memory + value: 500Mbi + - equal: + path: spec.template.spec.containers[0].resources.requests.cpu + value: 10m + - equal: + path: spec.template.spec.containers[0].resources.requests.memory + value: 10Mbi + - it: "should render with default value (volumes)" + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: mariadb-conf + configMap: + name: RELEASE-NAME-mariadb-init + + - it: "should render with nameOverride set" + set: + nameOverride: myJob + asserts: + - matchRegex: + path: metadata.name + pattern: -myJob-config-job$ + - matchRegex: + path: metadata.labels.app + pattern: myJob + - matchRegex: + path: spec.template.metadata.labels.app + pattern: myJob + - matchRegex: + path: spec.template.metadata.name + pattern: myJob + - matchRegex: + path: spec.template.spec.initContainers[0].name + pattern: myJob-readiness + - matchRegex: + path: spec.template.spec.containers[0].name + pattern: myJob + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + # replicating name from mariadb galera cluster, kind of hardcoded... + name: RELEASE-NAME-myJob-secret + key: db-user-password + - contains: + path: spec.template.spec.volumes + content: + name: mariadb-conf + configMap: + name: RELEASE-NAME-myJob + + - it: "should render with configmap set" + set: + config: + config_map: myCM + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: mariadb-conf + configMap: + name: RELEASE-NAME-myCM + + - it: "should render with mariadbGalera changes" + set: + global: + mariadbGalera: + nameOverride: myMaria + servicePort: 545 + asserts: + - contains: + path: spec.template.spec.initContainers[0].args + content: myMaria + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_HOST + value: myMaria + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_PORT + value: "545" + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-galera-myMaria + key: db-root-password + + - it: "should render with full mariadbGalera changes" + set: + global: + mariadbGalera: + nameOverride: myMaria + servicePort: 545 + userRootSecret: galera-secret + userRootSecretKey: root-password + asserts: + - contains: + path: spec.template.spec.initContainers[0].args + content: myMaria + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_HOST + value: myMaria + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_PORT + value: "545" + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: galera-secret + key: root-password + + - it: "should set the right nodeSelector" + set: + nodeSelector: + disktype: ssd + asserts: + - equal: + path: spec.template.spec.nodeSelector.disktype + value: ssd + + - it: "should set the right affinity" + set: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/e2e-az-name + operator: In + values: + - e2e-az1 + - e2e-az2 + asserts: + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/e2e-az-name + operator: In + values: + - e2e-az1 + - e2e-az2 + - it: "should use large flavor" + set: + flavor: large + asserts: + - equal: + path: spec.template.spec.containers[0].resources.limits.cpu + value: 200m + - equal: + path: spec.template.spec.containers[0].resources.limits.memory + value: 500Mbi + - equal: + path: spec.template.spec.containers[0].resources.requests.cpu + value: 20m + - equal: + path: spec.template.spec.containers[0].resources.requests.memory + value: 20Mbi + - it: "should use unlimited flavor" + set: + flavor: unlimited + asserts: + - isEmpty: + path: spec.template.spec.containers[0].resources + - it: "shoud render with other databases" + set: + config: + mysqlAdditionalDatabases: + dbOne: + user: one + password: pwd1 + dbTwo: + user: two + password: pwd2 + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-init-secret + key: db-user-password + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PASSWORD_DBONE + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-init-secret + key: db-dbOne-user-password + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PASSWORD_DBTWO + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-init-secret + key: db-dbTwo-user-password diff --git a/kubernetes/common/mariadb-init/tests/secret_test.yaml b/kubernetes/common/mariadb-init/tests/secret_test.yaml new file mode 100644 index 0000000000..ef0565d6c0 --- /dev/null +++ b/kubernetes/common/mariadb-init/tests/secret_test.yaml @@ -0,0 +1,49 @@ +--- +suite: test secret behavior +templates: + - secret.yaml +tests: + - it: "should render with default values" + asserts: + - isKind: + of: Secret + - equal: + path: metadata.name + value: RELEASE-NAME-mariadb-init + - equal: + path: metadata.namespace + value: NAMESPACE + - matchRegex: + path: metadata.labels.app + pattern: mariadb-init-config-job + - equal: + path: data.db-user-password + value: Q2lAc2hzT2QzcGt5MVZqaQ== + - it: "should render specific password value base64 encoded" + set: + config: + userPassword: yolo + asserts: + - equal: + path: data.db-user-password + value: eW9sbw== + - it: "shoud render with other databases" + set: + config: + mysqlAdditionalDatabases: + dbOne: + user: one + password: pwd1 + dbTwo: + user: two + password: pwd2 + asserts: + - equal: + path: data.db-user-password + value: Q2lAc2hzT2QzcGt5MVZqaQ== + - equal: + path: data.db-dbOne-user-password + value: cHdkMQ== + - equal: + path: data.db-dbTwo-user-password + value: cHdkMg== diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml new file mode 100644 index 0000000000..095ff62ddf --- /dev/null +++ b/kubernetes/common/mariadb-init/values.yaml @@ -0,0 +1,87 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + mariadbGalera: + nameOverride: mariadb-galera + servicePort: 3306 + # set these two values if you want to access an 'out of ONAP' mariadb + userRootSecret: default + userRootSecretKey: db-root-password + +################################################################# +# Application configuration defaults. +################################################################# + +image: mariadb:10.1.38 +pullPolicy: IfNotPresent + +# Set it if you want to change the name of the different components +# nameOverride: + +config: + userPassword: Ci@shsOd3pky1Vji + userName: u5WZ1GMSIS1wHZF + mysqlDatabase: ynsaUCru6mUNwGal + mysqlAdditionalDatabases: {} + # add addtional dabases + # this is an dict + # Example: + # mysqlAdditionalDatabases: + # dbOne: + # user: one + # password: pwd1 + # dbTwo: + # user: two + # password: pwd2 + config_map: default + +nodeSelector: {} + +affinity: {} + +#resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +flavor: small +resources: + small: + limits: + cpu: 100m + memory: 500Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 20m + memory: 20Mi + unlimited: {} |