summaryrefslogtreecommitdiffstats
path: root/kubernetes/common
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/common')
-rw-r--r--kubernetes/common/certInitializer/templates/_certInitializer.yaml3
-rw-r--r--kubernetes/common/common/templates/_pod.tpl21
-rw-r--r--kubernetes/common/common/templates/_utils.tpl41
-rw-r--r--kubernetes/common/postgres/templates/_deployment.tpl15
-rw-r--r--kubernetes/common/readinessCheck/Chart.yaml (renamed from kubernetes/common/common/templates/_tplValue.tpl)20
-rw-r--r--kubernetes/common/readinessCheck/requirements.yaml18
-rw-r--r--kubernetes/common/readinessCheck/templates/_readinessCheck.tpl68
-rw-r--r--kubernetes/common/readinessCheck/values.yaml25
8 files changed, 190 insertions, 21 deletions
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
index 7ac360b4eb..eddc7bc124 100644
--- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml
+++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
@@ -41,8 +41,7 @@
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
{{- $initName := default "certInitializer" -}}
-{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}}
-{{- $subchartDot := mergeOverwrite (deepCopy (omit $dot "Values")) (dict "Chart" (set (fromJson (toJson $dot.Chart)) "Name" $initRoot.nameOverride) "Values" (mergeOverwrite (deepCopy $initRoot) (dict "global" $dot.Values.global))) }}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
- name: {{ include "common.name" $dot }}-aaf-readiness
image: "{{ $subchartDot.Values.global.readinessRepository }}/{{ $subchartDot.Values.global.readinessImage }}"
imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
diff --git a/kubernetes/common/common/templates/_pod.tpl b/kubernetes/common/common/templates/_pod.tpl
index d3fc25ad6e..de2548562d 100644
--- a/kubernetes/common/common/templates/_pod.tpl
+++ b/kubernetes/common/common/templates/_pod.tpl
@@ -47,3 +47,24 @@
{{- end }}
{{- end }}
{{- end -}}
+
+{{/*
+ Generate securityContext for pod
+*/}}
+{{- define "common.podSecurityContext" -}}
+securityContext:
+ runAsUser: {{ .Values.securityContext.user_id }}
+ runAsGroup: {{ .Values.securityContext.group_id }}
+ fsGroup: {{ .Values.securityContext.group_id }}
+{{- end }}
+
+{{/*
+ Generate securityContext for container
+*/}}
+{{- define "common.containerSecurityContext" -}}
+securityContext:
+ readOnlyRootFilesystem: true
+ privileged: false
+ allowPrivilegeEscalation: false
+{{- end }}
+
diff --git a/kubernetes/common/common/templates/_utils.tpl b/kubernetes/common/common/templates/_utils.tpl
new file mode 100644
index 0000000000..ece786f49f
--- /dev/null
+++ b/kubernetes/common/common/templates/_utils.tpl
@@ -0,0 +1,41 @@
+{{/*
+# Copyright © 2019 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+Renders a value that contains template.
+Usage:
+{{ include "common.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }}
+*/}}
+{{- define "common.tplValue" -}}
+ {{- if typeIs "string" .value }}
+ {{- tpl .value .context }}
+ {{- else }}
+ {{- tpl (.value | toYaml) .context }}
+ {{- end }}
+{{- end -}}
+
+{{/*
+Retrieve values from the subchart, not from the main chart
+Usage:
+{{- $initRoot := default $dot.Values.subChartName .initRoot -}}
+{{ $subchartDot := fromJson (include "common.subChartDot" (dict "dot" . "initRoot" $initRoot)) }}
+*/}}
+{{- define "common.subChartDot" }}
+{{- $initRoot := .initRoot }}
+{{- $dot := .dot }}
+{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}}
+{{ mergeOverwrite (deepCopy (omit $dot "Values")) (dict "Chart" (set (fromJson (toJson $dot.Chart)) "Name" $initRoot.nameOverride) "Values" (mergeOverwrite (deepCopy $initRoot) (dict "global" $dot.Values.global))) | toJson }}
+{{- end -}}
diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl
index e3ac66933f..b1aae5f50d 100644
--- a/kubernetes/common/postgres/templates/_deployment.tpl
+++ b/kubernetes/common/postgres/templates/_deployment.tpl
@@ -44,19 +44,26 @@ spec:
- sh
args:
- -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - |
+ function prepare_password {
+ echo -n $1 | sed -e "s/'/''/g"
+ }
+ export PG_PRIMARY_PASSWORD=`prepare_password $PG_PRIMARY_PASSWORD_INPUT`;
+ export PG_PASSWORD=`prepare_password $PG_PASSWORD_INPUT`;
+ export PG_ROOT_PASSWORD=`prepare_password $PG_ROOT_PASSWORD_INPUT`;
+ cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done
env:
- name: PG_PRIMARY_USER
value: primaryuser
- - name: PG_PRIMARY_PASSWORD
+ - name: PG_PRIMARY_PASSWORD_INPUT
{{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
- name: PG_USER
{{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
- - name: PG_PASSWORD
+ - name: PG_PASSWORD_INPUT
{{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
- name: PG_DATABASE
value: "{{ $dot.Values.config.pgDatabase }}"
- - name: PG_ROOT_PASSWORD
+ - name: PG_ROOT_PASSWORD_INPUT
{{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input/setup.sql
diff --git a/kubernetes/common/common/templates/_tplValue.tpl b/kubernetes/common/readinessCheck/Chart.yaml
index b74ecbda19..5aaad668f7 100644
--- a/kubernetes/common/common/templates/_tplValue.tpl
+++ b/kubernetes/common/readinessCheck/Chart.yaml
@@ -1,5 +1,4 @@
-{{/*
-# Copyright © 2019 Orange
+# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,17 +11,8 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
-{{/*
-Renders a value that contains template.
-Usage:
-{{ include "common.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }}
-*/}}
-{{- define "common.tplValue" -}}
- {{- if typeIs "string" .value }}
- {{- tpl .value .context }}
- {{- else }}
- {{- tpl (.value | toYaml) .context }}
- {{- end }}
-{{- end -}}
+apiVersion: v1
+description: Template used to wait for other deployment/sts/jobs in onap
+name: readinessCheck
+version: 6.0.0
diff --git a/kubernetes/common/readinessCheck/requirements.yaml b/kubernetes/common/readinessCheck/requirements.yaml
new file mode 100644
index 0000000000..237f1d1354
--- /dev/null
+++ b/kubernetes/common/readinessCheck/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: 'file://../common'
diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
new file mode 100644
index 0000000000..5c70e78735
--- /dev/null
+++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
@@ -0,0 +1,68 @@
+{{/*
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+ Generate readiness part for a pod
+ Will look by default to .Values.wait_for
+
+ Value of wait_for is an array of all pods /jobs to wait:
+
+ Example:
+
+ wait_for:
+ - aaf-locate
+ - aaf-cm
+ - aaf-service
+
+ The function can takes two arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .wait_for : list of containers / jobs to wait for (default to
+ .Values.wait_for)
+
+ Example calls:
+ {{ include "common.readinessCheck.waitFor" . }}
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.where.my.wait_for.is ) }}
+*/}}
+{{- define "common.readinessCheck.waitFor" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.readinessCheck .initRoot -}}
+{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}}
+{{- $subchartDot := include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot) }}
+{{- $wait_for := default $dot.Values.wait_for .wait_for -}}
+- name: {{ include "common.name" $dot }}-{{ $wait_for.name }}-readiness
+ image: "{{ $subchartDot.Values.global.readinessRepository }}/{{ $subchartDot.Values.global.readinessImage }}"
+ imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ {{- range $container := $wait_for.containers }}
+ - --container-name
+ - {{ tpl $container $dot }}
+ {{- end }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: {{ $subchartDot.Values.limits.cpu }}
+ memory: {{ $subchartDot.Values.limits.memory }}
+ requests:
+ cpu: {{ $subchartDot.Values.requests.cpu }}
+ memory: {{ $subchartDot.Values.requests.memory }}
+{{- end -}}
diff --git a/kubernetes/common/readinessCheck/values.yaml b/kubernetes/common/readinessCheck/values.yaml
new file mode 100644
index 0000000000..8417407a99
--- /dev/null
+++ b/kubernetes/common/readinessCheck/values.yaml
@@ -0,0 +1,25 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global:
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.2.1
+ pullPolicy: Always
+
+limits:
+ cpu: 100m
+ memory: 100Mi
+requests:
+ cpu: 3m
+ memory: 20Mi