summaryrefslogtreecommitdiffstats
path: root/kubernetes/common
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/common')
-rw-r--r--kubernetes/common/common/templates/_createPassword.tpl62
-rw-r--r--kubernetes/common/common/templates/_ingress.tpl43
-rw-r--r--kubernetes/common/common/templates/_mariadb.tpl59
-rw-r--r--kubernetes/common/common/templates/_name.tpl12
-rw-r--r--kubernetes/common/mariadb-init/.helmignore23
-rw-r--r--kubernetes/common/mariadb-init/Chart.yaml18
-rw-r--r--kubernetes/common/mariadb-init/requirements.yaml18
-rwxr-xr-xkubernetes/common/mariadb-init/resources/config/db_init.sh32
-rw-r--r--kubernetes/common/mariadb-init/templates/_configmap.tpl26
-rw-r--r--kubernetes/common/mariadb-init/templates/_mariadb.tpl26
-rw-r--r--kubernetes/common/mariadb-init/templates/configmap.yaml27
-rw-r--r--kubernetes/common/mariadb-init/templates/job.yaml105
-rw-r--r--kubernetes/common/mariadb-init/templates/secret.yaml30
-rw-r--r--kubernetes/common/mariadb-init/tests/configmap_test.yaml114
-rw-r--r--kubernetes/common/mariadb-init/tests/job_test.yaml307
-rw-r--r--kubernetes/common/mariadb-init/tests/secret_test.yaml49
-rw-r--r--kubernetes/common/mariadb-init/values.yaml87
17 files changed, 1030 insertions, 8 deletions
diff --git a/kubernetes/common/common/templates/_createPassword.tpl b/kubernetes/common/common/templates/_createPassword.tpl
new file mode 100644
index 0000000000..938b0ee514
--- /dev/null
+++ b/kubernetes/common/common/templates/_createPassword.tpl
@@ -0,0 +1,62 @@
+{{/*
+# Copyright © 2019 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+ Resolve the master password to be used to derive other passwords. The value of
+ .Values.masterPassword is used by default, unless either override mechanism is
+ used:
+
+ - .Values.global.masterPassword : override default master password for all charts
+ - .Values.masterPasswordOverride : override global and default masterPassword on a per chart basis
+*/}}
+{{- define "common.masterPassword" -}}
+ {{ if .Values.masterPasswordOverride }}
+ {{- printf "%d" .Values.masterPasswordOverride -}}
+ {{ else if .Values.global.masterPassword }}
+ {{- printf "%d" .Values.global.masterPassword -}}
+ {{ else if .Values.masterPassword }}
+ {{- printf "%d" .Values.masterPassword -}}
+ {{ else }}
+ {{ fail "masterPassword not provided" }}
+ {{ end }}
+{{- end -}}
+
+{{/*
+ Generate a new password based on masterPassword. The new password is not
+ random, it is derived from masterPassword, fully qualified chart name and
+ additional uid provided by the user. This ensures that every time when we
+ run this function from the same place, with the same password and uid we
+ get the same results. This allows to avoid password changes while you are
+ doing upgrade.
+
+ The function can take from one to three arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .uid : unique identifier of password to be generated within this particular chart. Use only when you create more than a single password within one chart
+ - .strength : complexity of derived password. See derivePassword documentation for more details
+
+ Example calls:
+
+ {{ include "common.createPassword" . }}
+ {{ include "common.createPassword" (dict "dot" . "uid" "mysqlRootPasswd") }}
+
+*/}}
+{{- define "common.createPassword" -}}
+ {{- $dot := default . .dot -}}
+ {{- $uid := default "onap" .uid -}}
+ {{- $strength := default "long" .strength -}}
+ {{- $mp := include "common.masterPassword" $dot -}}
+ {{- derivePassword 1 $strength $mp (include "common.fullname" $dot) $uid -}}
+{{- end -}}
diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl
index 49d7eeb415..b4afe6309d 100644
--- a/kubernetes/common/common/templates/_ingress.tpl
+++ b/kubernetes/common/common/templates/_ingress.tpl
@@ -1,12 +1,24 @@
{{- define "ingress.config.port" -}}
{{- if .Values.ingress -}}
-{{- if .Values.ingress.service -}}
+{{- if or (not .Values.global.ingress.virtualhost) (not .Values.global.ingress.virtualhost.enabled) -}}
+ - http:
+ paths:
{{- range .Values.ingress.service }}
- - path: {{ .path }}
+ - path: {{ printf "/%s" (required "baseaddr" .baseaddr) }}
backend:
serviceName: {{ .name }}
servicePort: {{ .port }}
{{- end -}}
+{{- else if .Values.ingress.service -}}
+{{- $burl := (required "baseurl" .Values.global.ingress.virtualhost.baseurl) -}}
+{{ range .Values.ingress.service }}
+ - host: {{ printf "%s.%s" (required "baseaddr" .baseaddr) $burl }}
+ http:
+ paths:
+ - backend:
+ serviceName: {{ .name }}
+ servicePort: {{ .port }}
+{{- end -}}
{{- else -}}
- path: {{ printf "/%s" .Chart.Name }}
backend:
@@ -17,18 +29,37 @@
{{- end -}}
+{{- define "ingress.config.annotations.ssl" -}}
+{{- if .Values.ingress.config -}}
+{{- if .Values.ingress.config.ssl -}}
+{{- if eq .Values.ingress.config.ssl "redirect" -}}
+kubernetes.io/ingress.class: nginx
+nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+nginx.ingress.kubernetes.io/ssl-redirect: "true"
+{{- else if eq .Values.ingress.config.ssl "native" -}}
+nginx.ingress.kubernetes.io/ssl-redirect: "true"
+{{- else if eq .Values.ingress.config.ssl "none" -}}
+nginx.ingress.kubernetes.io/ssl-redirect: "false"
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+
{{- define "ingress.config.annotations" -}}
{{- if .Values.ingress -}}
{{- if .Values.ingress.annotations -}}
{{ toYaml .Values.ingress.annotations | indent 4 | trim }}
{{- end -}}
{{- end -}}
+{{ include "ingress.config.annotations.ssl" . | indent 4 | trim }}
{{- end -}}
{{- define "common.ingress" -}}
{{- if .Values.ingress -}}
-{{- if .Values.ingress.enabled -}}
+{{- if .Values.global.ingress -}}
+{{- if and .Values.ingress.enabled .Values.global.ingress.enabled -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
@@ -42,9 +73,7 @@ metadata:
heritage: {{ .Release.Service }}
spec:
rules:
- - http:
- paths:
- {{- include "ingress.config.port" . }}
+ {{ include "ingress.config.port" . | trim }}
{{- if .Values.ingress.tls }}
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
@@ -52,4 +81,4 @@ spec:
{{- end -}}
{{- end -}}
{{- end -}}
-
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/common/common/templates/_mariadb.tpl b/kubernetes/common/common/templates/_mariadb.tpl
new file mode 100644
index 0000000000..cd7142fd73
--- /dev/null
+++ b/kubernetes/common/common/templates/_mariadb.tpl
@@ -0,0 +1,59 @@
+{{/*
+# Copyright © 2019 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+ Choose the name of the mariadb service to use.
+*/}}
+{{- define "common.mariadbService" -}}
+ {{- if .Values.global.mariadbGalera.localCluster -}}
+ {{- index .Values "mariadb-galera" "service" "name" -}}
+ {{- else -}}
+ {{- .Values.global.mariadbGalera.service -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+ Choose the value of mariadb port to use.
+*/}}
+{{- define "common.mariadbPort" -}}
+ {{- if .Values.global.mariadbGalera.localCluster -}}
+ {{- index .Values "mariadb-galera" "service" "internalPort" -}}
+ {{- else -}}
+ {{- .Values.global.mariadbGalera.internalPort -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+ Choose the value of secret to retrieve user value.
+*/}}
+{{- define "common.mariadbSecret" -}}
+ {{- if .Values.global.mariadbGalera.localCluster -}}
+ {{ printf "%s-%s" (include "common.fullname" .) (index .Values "mariadb-galera" "nameOverride") -}}
+ {{- else -}}
+ {{ printf "%s-%s" (.Release.Name) (index .Values "mariadb-init" "nameOverride") -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+ Choose the value of secret param to retrieve user value.
+*/}}
+{{- define "common.mariadbSecretParam" -}}
+ {{- if .Values.global.mariadbGalera.localCluster -}}
+ {{ printf "user-password" -}}
+ {{- else -}}
+ {{ printf "db-user-password" -}}
+ {{- end -}}
+{{- end -}}
diff --git a/kubernetes/common/common/templates/_name.tpl b/kubernetes/common/common/templates/_name.tpl
index 4299984673..f84ca21f3a 100644
--- a/kubernetes/common/common/templates/_name.tpl
+++ b/kubernetes/common/common/templates/_name.tpl
@@ -28,4 +28,14 @@
{{- define "common.fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}} \ No newline at end of file
+{{- end -}}
+
+{{/*
+ Retrieve the "original" release from the component release:
+ if ONAP is deploy with "helm deploy --name toto", then cassandra components
+ will have "toto-cassandra" as release name.
+ this function would answer back "toto".
+*/}}
+{{- define "common.release" -}}
+ {{- regexReplaceAll "-[a-zA-Z0-9]*$" .Release.Name "" }}
+{{- end -}}
diff --git a/kubernetes/common/mariadb-init/.helmignore b/kubernetes/common/mariadb-init/.helmignore
new file mode 100644
index 0000000000..dadf202953
--- /dev/null
+++ b/kubernetes/common/mariadb-init/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+tests
diff --git a/kubernetes/common/mariadb-init/Chart.yaml b/kubernetes/common/mariadb-init/Chart.yaml
new file mode 100644
index 0000000000..47b8b8f11c
--- /dev/null
+++ b/kubernetes/common/mariadb-init/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Chart for MariaDB Galera init job
+name: mariadb-init
+version: 5.0.0
diff --git a/kubernetes/common/mariadb-init/requirements.yaml b/kubernetes/common/mariadb-init/requirements.yaml
new file mode 100644
index 0000000000..d323ddaa2b
--- /dev/null
+++ b/kubernetes/common/mariadb-init/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: 'file://../common' \ No newline at end of file
diff --git a/kubernetes/common/mariadb-init/resources/config/db_init.sh b/kubernetes/common/mariadb-init/resources/config/db_init.sh
new file mode 100755
index 0000000000..304835bdd5
--- /dev/null
+++ b/kubernetes/common/mariadb-init/resources/config/db_init.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+# Copyright © 2019 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+echo "Creating database {{ .Values.config.mysqlDatabase }} and user {{ .Values.config.userName }}..."
+
+mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE OR REPLACE USER '{{ .Values.config.userName }}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'"
+mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE DATABASE IF NOT EXISTS {{ .Values.config.mysqlDatabase }}"
+mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "GRANT ALL PRIVILEGES ON {{ .Values.config.mysqlDatabase }}.* TO '{{ .Values.config.userName }}'@'%'"
+
+echo "Created database {{ .Values.config.mysqlDatabase }} and user {{ .Values.config.userName }}."
+
+{{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases -}}
+echo "Creating database {{ $db }} and user {{ $dbInfos.user }}..."
+
+mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE OR REPLACE USER '{{ $dbInfos.user }}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD_{{ $db | upper }}}'"
+mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "CREATE DATABASE IF NOT EXISTS {{ $db }}"
+mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD -e "GRANT ALL PRIVILEGES ON {{ $db }}.* TO '{{ $dbInfos.user }}'@'%'"
+
+echo "Created database {{ $db }} and user {{ $dbInfos.user }}."
+{{ end }}
diff --git a/kubernetes/common/mariadb-init/templates/_configmap.tpl b/kubernetes/common/mariadb-init/templates/_configmap.tpl
new file mode 100644
index 0000000000..ea612a078d
--- /dev/null
+++ b/kubernetes/common/mariadb-init/templates/_configmap.tpl
@@ -0,0 +1,26 @@
+{{/*
+# Copyright © 2019 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+ Choose the name of the configmap to use.
+*/}}
+{{- define "mariadbInit.configMap" -}}
+ {{- if (eq "default" .Values.config.config_map) -}}
+ {{- include "common.fullname" . -}}
+ {{- else -}}
+ {{- printf "%s-%s" (include "common.release" .) .Values.config.config_map -}}
+ {{- end -}}
+{{- end -}}
diff --git a/kubernetes/common/mariadb-init/templates/_mariadb.tpl b/kubernetes/common/mariadb-init/templates/_mariadb.tpl
new file mode 100644
index 0000000000..4f111a5f40
--- /dev/null
+++ b/kubernetes/common/mariadb-init/templates/_mariadb.tpl
@@ -0,0 +1,26 @@
+{{/*
+# Copyright © 2019 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+ Choose the name of the mariadb secret to use.
+*/}}
+{{- define "mariadbInit.mariadbClusterSecret" -}}
+ {{- if (eq "default" .Values.global.mariadbGalera.userRootSecret) -}}
+ {{- printf "%s-mariadb-galera-%s" (include "common.release" .) .Values.global.mariadbGalera.nameOverride -}}
+ {{- else -}}
+ {{- .Values.global.mariadbGalera.userRootSecret -}}
+ {{- end -}}
+{{- end -}}
diff --git a/kubernetes/common/mariadb-init/templates/configmap.yaml b/kubernetes/common/mariadb-init/templates/configmap.yaml
new file mode 100644
index 0000000000..9da03668f5
--- /dev/null
+++ b/kubernetes/common/mariadb-init/templates/configmap.yaml
@@ -0,0 +1,27 @@
+# Copyright © 2019 Orange
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml
new file mode 100644
index 0000000000..679c10c9a3
--- /dev/null
+++ b/kubernetes/common/mariadb-init/templates/job.yaml
@@ -0,0 +1,105 @@
+# Copyright © 2019 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-config-job
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ backoffLimit: 20
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ name: {{ include "common.name" . }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - {{ .Values.global.mariadbGalera.nameOverride }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - bash
+ - /db_init/db_init.sh
+ env:
+ - name: DB_HOST
+ value: "{{ .Values.global.mariadbGalera.nameOverride }}"
+ - name: DB_PORT
+ value: "{{ .Values.global.mariadbGalera.servicePort }}"
+ - name: MYSQL_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "mariadbInit.mariadbClusterSecret" . }}
+ key: {{ .Values.global.mariadbGalera.userRootSecretKey }}
+ - name: MYSQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "common.fullname" . }}
+ key: db-user-password
+{{- $root := . }}
+{{ range $db, $_value := .Values.config.mysqlAdditionalDatabases }}
+ - name: {{ printf "MYSQL_PASSWORD_%s" $db | upper }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "common.fullname" $root }}-secret
+ key: {{ printf "db-%s-user-password" $db }}
+{{ end }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: mariadb-conf
+ mountPath: /db_init/
+ readOnly: true
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: mariadb-conf
+ configMap:
+ name: {{ include "mariadbInit.configMap" . }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ restartPolicy: Never
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/common/mariadb-init/templates/secret.yaml b/kubernetes/common/mariadb-init/templates/secret.yaml
new file mode 100644
index 0000000000..f30d582110
--- /dev/null
+++ b/kubernetes/common/mariadb-init/templates/secret.yaml
@@ -0,0 +1,30 @@
+# Copyright © 2017 Amdocs, Bell Canada, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+ db-user-password: {{ index .Values.config.userPassword | b64enc | quote }}
+{{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }}
+ {{ printf "db-%s-user-password" $db}}: {{ $dbInfos.password | b64enc | quote }}
+{{ end }}
diff --git a/kubernetes/common/mariadb-init/tests/configmap_test.yaml b/kubernetes/common/mariadb-init/tests/configmap_test.yaml
new file mode 100644
index 0000000000..34914cdb3e
--- /dev/null
+++ b/kubernetes/common/mariadb-init/tests/configmap_test.yaml
@@ -0,0 +1,114 @@
+---
+suite: test configmap behavior
+templates:
+ - configmap.yaml
+tests:
+ - it: "should render with default value"
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - equal:
+ path: metadata.name
+ value: RELEASE-NAME-mariadb-init
+ - equal:
+ path: metadata.namespace
+ value: NAMESPACE
+ - matchRegex:
+ path: metadata.labels.app
+ pattern: mariadb-init
+ - equal:
+ path: data
+ value:
+ db_init.sh: |
+ #!/bin/sh
+ # Copyright © 2019 Orange
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+
+ echo "Creating database ynsaUCru6mUNwGal and user u5WZ1GMSIS1wHZF..."
+
+ mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
+ CREATE OR REPLACE USER 'u5WZ1GMSIS1wHZF'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD}';
+ CREATE OR REPLACE USER 'u5WZ1GMSIS1wHZF'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
+ CREATE DATABASE IF NOT EXISTS ynsaUCru6mUNwGal;
+ GRANT ALL PRIVILEGES ON ynsaUCru6mUNwGal.* TO 'u5WZ1GMSIS1wHZF'@'%';
+ GRANT ALL PRIVILEGES ON ynsaUCru6mUNwGal.* TO 'u5WZ1GMSIS1wHZF'@'localhost';
+ EOF
+
+ echo "Created database ynsaUCru6mUNwGal and user u5WZ1GMSIS1wHZF."
+ - it: "shoud render with other databases"
+ set:
+ config:
+ userName: testUser
+ mysqlDatabase: testDB
+ mysqlAdditionalDatabases:
+ dbOne:
+ user: one
+ password: pwd1
+ dbTwo:
+ user: two
+ password: pwd2
+ asserts:
+ - equal:
+ path: data
+ value:
+ db_init.sh: |
+ #!/bin/sh
+ # Copyright © 2019 Orange
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+
+ echo "Creating database testDB and user testUser..."
+
+ mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
+ CREATE OR REPLACE USER 'testUser'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD}';
+ CREATE OR REPLACE USER 'testUser'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
+ CREATE DATABASE IF NOT EXISTS testDB;
+ GRANT ALL PRIVILEGES ON testDB.* TO 'testUser'@'%';
+ GRANT ALL PRIVILEGES ON testDB.* TO 'testUser'@'localhost';
+ EOF
+
+ echo "Created database testDB and user testUser."
+
+ echo "Creating database dbOne and user one..."
+
+ mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
+ CREATE OR REPLACE USER 'one'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD_DBONE}';
+ CREATE OR REPLACE USER 'one'@'%' IDENTIFIED BY '${MYSQL_PASSWORD_DBONE}';
+ CREATE DATABASE IF NOT EXISTS dbOne;
+ GRANT ALL PRIVILEGES ON dbOne.* TO 'one'@'%';
+ GRANT ALL PRIVILEGES ON dbOne.* TO 'one'@'localhost';
+ EOF
+
+ echo "Created database dbOne and user one."
+ echo "Creating database dbTwo and user two..."
+
+ mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
+ CREATE OR REPLACE USER 'two'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD_DBTWO}';
+ CREATE OR REPLACE USER 'two'@'%' IDENTIFIED BY '${MYSQL_PASSWORD_DBTWO}';
+ CREATE DATABASE IF NOT EXISTS dbTwo;
+ GRANT ALL PRIVILEGES ON dbTwo.* TO 'two'@'%';
+ GRANT ALL PRIVILEGES ON dbTwo.* TO 'two'@'localhost';
+ EOF
+
+ echo "Created database dbTwo and user two."
diff --git a/kubernetes/common/mariadb-init/tests/job_test.yaml b/kubernetes/common/mariadb-init/tests/job_test.yaml
new file mode 100644
index 0000000000..7523ee1c6e
--- /dev/null
+++ b/kubernetes/common/mariadb-init/tests/job_test.yaml
@@ -0,0 +1,307 @@
+---
+suite: test job behavior
+templates:
+ - job.yaml
+tests:
+ - it: "should render with default value (global)"
+ asserts:
+ - isKind:
+ of: Job
+ - matchRegex:
+ path: metadata.name
+ pattern: -mariadb-init-config-job$
+ - equal:
+ path: metadata.namespace
+ value: NAMESPACE
+ - matchRegex:
+ path: metadata.labels.app
+ pattern: mariadb-init
+ - matchRegex:
+ path: spec.template.metadata.labels.app
+ pattern: mariadb-init
+ - matchRegex:
+ path: spec.template.metadata.name
+ pattern: mariadb-init
+ - isNull:
+ path: spec.template.spec.nodeSelector
+ - isNull:
+ path: spec.template.spec.affinity
+ - it: "should render with default value (init container)"
+ asserts:
+ - matchRegex:
+ path: spec.template.spec.initContainers[0].name
+ pattern: mariadb-init-readiness
+ - contains:
+ path: spec.template.spec.initContainers[0].args
+ content: mariadb-galera
+ - equal:
+ path: spec.template.spec.initContainers[0].image
+ value: oomk8s/readiness-check:2.0.2
+ - equal:
+ path: spec.template.spec.initContainers[0].imagePullPolicy
+ value: IfNotPresent
+ - it: "should render with default value (container)"
+ asserts:
+ - matchRegex:
+ path: spec.template.spec.containers[0].name
+ pattern: mariadb-init
+ - equal:
+ path: spec.template.spec.containers[0].image
+ value: nexus3.onap.org:10001/mariadb:10.1.38
+ - equal:
+ path: spec.template.spec.containers[0].imagePullPolicy
+ value: IfNotPresent
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: DB_HOST
+ value: mariadb-galera
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: DB_PORT
+ value: "3306"
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: MYSQL_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: RELEASE-NAME-mariadb-galera-mariadb-galera
+ key: db-root-password
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: MYSQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: RELEASE-NAME-mariadb-init-secret
+ key: db-user-password
+ - contains:
+ path: spec.template.spec.containers[0].volumeMounts
+ content:
+ name: mariadb-conf
+ mountPath: /db_init/
+ readOnly: true
+ - equal:
+ path: spec.template.spec.containers[0].resources.limits.cpu
+ value: 100m
+ - equal:
+ path: spec.template.spec.containers[0].resources.limits.memory
+ value: 500Mbi
+ - equal:
+ path: spec.template.spec.containers[0].resources.requests.cpu
+ value: 10m
+ - equal:
+ path: spec.template.spec.containers[0].resources.requests.memory
+ value: 10Mbi
+ - it: "should render with default value (volumes)"
+ asserts:
+ - contains:
+ path: spec.template.spec.volumes
+ content:
+ name: mariadb-conf
+ configMap:
+ name: RELEASE-NAME-mariadb-init
+
+ - it: "should render with nameOverride set"
+ set:
+ nameOverride: myJob
+ asserts:
+ - matchRegex:
+ path: metadata.name
+ pattern: -myJob-config-job$
+ - matchRegex:
+ path: metadata.labels.app
+ pattern: myJob
+ - matchRegex:
+ path: spec.template.metadata.labels.app
+ pattern: myJob
+ - matchRegex:
+ path: spec.template.metadata.name
+ pattern: myJob
+ - matchRegex:
+ path: spec.template.spec.initContainers[0].name
+ pattern: myJob-readiness
+ - matchRegex:
+ path: spec.template.spec.containers[0].name
+ pattern: myJob
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: MYSQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ # replicating name from mariadb galera cluster, kind of hardcoded...
+ name: RELEASE-NAME-myJob-secret
+ key: db-user-password
+ - contains:
+ path: spec.template.spec.volumes
+ content:
+ name: mariadb-conf
+ configMap:
+ name: RELEASE-NAME-myJob
+
+ - it: "should render with configmap set"
+ set:
+ config:
+ config_map: myCM
+ asserts:
+ - contains:
+ path: spec.template.spec.volumes
+ content:
+ name: mariadb-conf
+ configMap:
+ name: RELEASE-NAME-myCM
+
+ - it: "should render with mariadbGalera changes"
+ set:
+ global:
+ mariadbGalera:
+ nameOverride: myMaria
+ servicePort: 545
+ asserts:
+ - contains:
+ path: spec.template.spec.initContainers[0].args
+ content: myMaria
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: DB_HOST
+ value: myMaria
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: DB_PORT
+ value: "545"
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: MYSQL_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: RELEASE-NAME-mariadb-galera-myMaria
+ key: db-root-password
+
+ - it: "should render with full mariadbGalera changes"
+ set:
+ global:
+ mariadbGalera:
+ nameOverride: myMaria
+ servicePort: 545
+ userRootSecret: galera-secret
+ userRootSecretKey: root-password
+ asserts:
+ - contains:
+ path: spec.template.spec.initContainers[0].args
+ content: myMaria
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: DB_HOST
+ value: myMaria
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: DB_PORT
+ value: "545"
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: MYSQL_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: galera-secret
+ key: root-password
+
+ - it: "should set the right nodeSelector"
+ set:
+ nodeSelector:
+ disktype: ssd
+ asserts:
+ - equal:
+ path: spec.template.spec.nodeSelector.disktype
+ value: ssd
+
+ - it: "should set the right affinity"
+ set:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: kubernetes.io/e2e-az-name
+ operator: In
+ values:
+ - e2e-az1
+ - e2e-az2
+ asserts:
+ - equal:
+ path: spec.template.spec.affinity
+ value:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: kubernetes.io/e2e-az-name
+ operator: In
+ values:
+ - e2e-az1
+ - e2e-az2
+ - it: "should use large flavor"
+ set:
+ flavor: large
+ asserts:
+ - equal:
+ path: spec.template.spec.containers[0].resources.limits.cpu
+ value: 200m
+ - equal:
+ path: spec.template.spec.containers[0].resources.limits.memory
+ value: 500Mbi
+ - equal:
+ path: spec.template.spec.containers[0].resources.requests.cpu
+ value: 20m
+ - equal:
+ path: spec.template.spec.containers[0].resources.requests.memory
+ value: 20Mbi
+ - it: "should use unlimited flavor"
+ set:
+ flavor: unlimited
+ asserts:
+ - isEmpty:
+ path: spec.template.spec.containers[0].resources
+ - it: "shoud render with other databases"
+ set:
+ config:
+ mysqlAdditionalDatabases:
+ dbOne:
+ user: one
+ password: pwd1
+ dbTwo:
+ user: two
+ password: pwd2
+ asserts:
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: MYSQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: RELEASE-NAME-mariadb-init-secret
+ key: db-user-password
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: MYSQL_PASSWORD_DBONE
+ valueFrom:
+ secretKeyRef:
+ name: RELEASE-NAME-mariadb-init-secret
+ key: db-dbOne-user-password
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: MYSQL_PASSWORD_DBTWO
+ valueFrom:
+ secretKeyRef:
+ name: RELEASE-NAME-mariadb-init-secret
+ key: db-dbTwo-user-password
diff --git a/kubernetes/common/mariadb-init/tests/secret_test.yaml b/kubernetes/common/mariadb-init/tests/secret_test.yaml
new file mode 100644
index 0000000000..ef0565d6c0
--- /dev/null
+++ b/kubernetes/common/mariadb-init/tests/secret_test.yaml
@@ -0,0 +1,49 @@
+---
+suite: test secret behavior
+templates:
+ - secret.yaml
+tests:
+ - it: "should render with default values"
+ asserts:
+ - isKind:
+ of: Secret
+ - equal:
+ path: metadata.name
+ value: RELEASE-NAME-mariadb-init
+ - equal:
+ path: metadata.namespace
+ value: NAMESPACE
+ - matchRegex:
+ path: metadata.labels.app
+ pattern: mariadb-init-config-job
+ - equal:
+ path: data.db-user-password
+ value: Q2lAc2hzT2QzcGt5MVZqaQ==
+ - it: "should render specific password value base64 encoded"
+ set:
+ config:
+ userPassword: yolo
+ asserts:
+ - equal:
+ path: data.db-user-password
+ value: eW9sbw==
+ - it: "shoud render with other databases"
+ set:
+ config:
+ mysqlAdditionalDatabases:
+ dbOne:
+ user: one
+ password: pwd1
+ dbTwo:
+ user: two
+ password: pwd2
+ asserts:
+ - equal:
+ path: data.db-user-password
+ value: Q2lAc2hzT2QzcGt5MVZqaQ==
+ - equal:
+ path: data.db-dbOne-user-password
+ value: cHdkMQ==
+ - equal:
+ path: data.db-dbTwo-user-password
+ value: cHdkMg==
diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml
new file mode 100644
index 0000000000..095ff62ddf
--- /dev/null
+++ b/kubernetes/common/mariadb-init/values.yaml
@@ -0,0 +1,87 @@
+# Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ mariadbGalera:
+ nameOverride: mariadb-galera
+ servicePort: 3306
+ # set these two values if you want to access an 'out of ONAP' mariadb
+ userRootSecret: default
+ userRootSecretKey: db-root-password
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+image: mariadb:10.1.38
+pullPolicy: IfNotPresent
+
+# Set it if you want to change the name of the different components
+# nameOverride:
+
+config:
+ userPassword: Ci@shsOd3pky1Vji
+ userName: u5WZ1GMSIS1wHZF
+ mysqlDatabase: ynsaUCru6mUNwGal
+ mysqlAdditionalDatabases: {}
+ # add addtional dabases
+ # this is an dict
+ # Example:
+ # mysqlAdditionalDatabases:
+ # dbOne:
+ # user: one
+ # password: pwd1
+ # dbTwo:
+ # user: two
+ # password: pwd2
+ config_map: default
+
+nodeSelector: {}
+
+affinity: {}
+
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 100m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
+ large:
+ limits:
+ cpu: 200m
+ memory: 500Mi
+ requests:
+ cpu: 20m
+ memory: 20Mi
+ unlimited: {}