aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/common
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/common')
-rw-r--r--kubernetes/common/cassandra/requirements.yaml3
-rw-r--r--kubernetes/common/cassandra/templates/statefulset.yaml11
-rw-r--r--kubernetes/common/cassandra/values.yaml6
-rw-r--r--kubernetes/common/common/templates/_dmaapProvisioning.tpl186
-rw-r--r--kubernetes/common/elasticsearch/values.yaml1
-rw-r--r--kubernetes/common/etcd/templates/statefulset.yaml2
-rw-r--r--kubernetes/common/mariadb-init/templates/job.yaml12
-rw-r--r--kubernetes/common/mongo/templates/statefulset.yaml2
-rw-r--r--kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml2
-rw-r--r--kubernetes/common/music/templates/deployment.yaml2
-rw-r--r--kubernetes/common/postgres/templates/_deployment.tpl2
-rw-r--r--kubernetes/common/repositoryGenerator/templates/_repository.tpl7
-rw-r--r--kubernetes/common/repositoryGenerator/values.yaml3
13 files changed, 223 insertions, 16 deletions
diff --git a/kubernetes/common/cassandra/requirements.yaml b/kubernetes/common/cassandra/requirements.yaml
index 501cc89a44..f2860ff140 100644
--- a/kubernetes/common/cassandra/requirements.yaml
+++ b/kubernetes/common/cassandra/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: 'file://../repositoryGenerator'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: 'file://../serviceAccount'
diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml
index 3553cd4069..840e95b490 100644
--- a/kubernetes/common/cassandra/templates/statefulset.yaml
+++ b/kubernetes/common/cassandra/templates/statefulset.yaml
@@ -28,6 +28,8 @@ spec:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
hostNetwork: {{ .Values.hostNetwork }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
@@ -111,14 +113,6 @@ spec:
value: {{ default "GossipingPropertyFileSnitch" .Values.config.endpoint_snitch | quote }}
- name: CASSANDRA_AUTHENTICATOR
value: {{ default "PasswordAuthenticator" .Values.config.authenticator | quote }}
- {{- if include "common.onServiceMesh" . }}
- - name: CASSANDRA_LISTEN_ADDRESS
- value: "127.0.0.1"
- - name: CASSANDRA_BROADCAST_ADDRESS
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- {{- end }}
- name: POD_IP
valueFrom:
fieldRef:
@@ -138,6 +132,7 @@ spec:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "nothing" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml
index 9f19bf5c14..1d69993956 100644
--- a/kubernetes/common/cassandra/values.yaml
+++ b/kubernetes/common/cassandra/values.yaml
@@ -162,3 +162,9 @@ backup:
- name: system_traces
- name: system_auth
- name: system_distributed
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: cassandra
+ roles:
+ - nothing
diff --git a/kubernetes/common/common/templates/_dmaapProvisioning.tpl b/kubernetes/common/common/templates/_dmaapProvisioning.tpl
new file mode 100644
index 0000000000..704bd06a49
--- /dev/null
+++ b/kubernetes/common/common/templates/_dmaapProvisioning.tpl
@@ -0,0 +1,186 @@
+{{/*
+################################################################################
+# Copyright (C) 2021 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{/*
+ This template generates a Kubernetes init containers common template to enable applications to provision
+ DMaaP topics (on Message Router) and feeds (on Data Router), with associated authorization (on AAF).
+ DMaap Bus Controller endpoints are used to provision:
+ - Authorized topic on MR, and to create and grant permission for publishers and subscribers.
+ - Feed on DR, with associated user authentication.
+
+ common.dmaap.provisioning.initContainer:
+ This template make use of Dmaap Bus Controller docker image to create resources on Dmaap Data Router
+ microservice, with the help of dbc-client.sh script it makes use of Bus Controller API to create Feed, Topics.
+ If the resource creation is successful via script response is logged back at particular location with
+ appropriate naming convention.
+
+ More details can be found at :
+ (https://wiki.onap.org/pages/viewpage.action?pageId=103417564)
+
+ The template directly references data in .Values, and indirectly (through its
+ use of templates from the ONAP "common" collection) references data in .Release.
+
+ Parameter for _dmaapProvisioning to be defined in values.yaml
+ # DataRouter Feed Configuration
+ drFeedConfig:
+ - feedName: bulk_pm_feed
+ owner: dcaecm
+ feedVersion: 0.0
+ asprClassification: unclassified
+ feedDescription: DFC Feed Creation
+
+ # DataRouter Publisher Configuration
+ drPubConfig:
+ - feedName: bulk_pm_feed
+ dcaeLocationName: loc00
+
+ # DataRouter Subscriber Configuration
+ drSubConfig:
+ - feedName: bulk_pm_feed
+ decompress: True
+ dcaeLocationName: loc00
+ privilegedSubscriber: True
+ deliveryURL: https://dcae-pm-mapper:8443/delivery
+
+ # MessageRouter Topic, Publisher Configuration
+ mrTopicsConfig:
+ - topicName: PERFORMANCE_MEASUREMENTS
+ topicDescription: Description about Topic
+ owner: dcaecm
+ tnxEnabled: false
+ clients:
+ - dcaeLocationName: san-francisco
+ clientRole: org.onap.dcae.pmPublisher
+ action:
+ - pub
+ - view
+
+ # ConfigMap Configuration for DR Feed, Dr_Publisher, Dr_Subscriber, MR Topics
+ volumes:
+ - name: feeds-config
+ path: /opt/app/config/feeds
+ - name: drpub-config
+ path: /opt/app/config/dr_pubs
+ - name: drsub-config
+ path: /opt/app/config/dr_subs
+ - name: topics-config
+ path: /opt/app/config/topics
+
+ In deployments/jobs/stateful include:
+ initContainers:
+ {{- include "common.dmaap.provisioning.initContainer" . | nindent XX }}
+ volumes:
+ {{- include "common.dmaap.provisioning._volumes" . | nindent XX -}}
+*/}}
+
+{{- define "common.dmaap.provisioning._volumeMounts" -}}
+{{- $dot := default . .dot -}}
+- mountPath: /opt/app/config/cache
+ name: dbc-response-cache
+{{- range $name, $volume := $dot.Values.volumes }}
+- name: {{ $volume.name }}
+ mountPath: {{ $volume.path }}
+{{- end }}
+{{- end -}}
+
+{{- define "common.dmaap.provisioning._volumes" -}}
+{{- $dot := default . .dot -}}
+- name: dbc-response-cache
+ emptyDir: {}
+{{- range $name, $volume := $dot.Values.volumes }}
+- name: {{ $volume.name }}
+ configMap:
+ defaultMode: 420
+ name: {{ include "common.fullname" $dot }}-{{ printf "%s" $volume.name }}
+{{- end }}
+{{- end -}}
+
+{{- define "common.dmaap.provisioning.initContainer" -}}
+{{- $dot := default . .dot -}}
+{{- $drFeedConfig := default $dot.Values.drFeedConfig .drFeedConfig -}}
+{{- $mrTopicsConfig := default $dot.Values.mrTopicsConfig .mrTopicsConfig -}}
+{{- if or $drFeedConfig $mrTopicsConfig -}}
+- name: {{ include "common.name" $dot }}-init-dmaap-provisioning
+ image: {{ include "repositoryGenerator.image.dbcClient" $dot }}
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ env:
+ - name: RESP_CACHE
+ value: /opt/app/config/cache
+ - name: REQUESTID
+ value: "{{ include "common.name" $dot }}-dmaap-provisioning"
+ {{- range $cred := $dot.Values.credentials }}
+ - name: {{ $cred.name }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $cred.uid "key" $cred.key) | nindent 4 }}
+ {{- end }}
+ volumeMounts:
+ {{- include "common.dmaap.provisioning._volumeMounts" $dot | trim | nindent 2 }}
+ resources: {{ include "common.resources" $dot | nindent 1 }}
+- name: {{ include "common.name" $dot }}-init-merge-config
+ image: {{ include "repositoryGenerator.image.envsubst" $dot }}
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ if [ -d /opt/app/config/cache ]; then
+ cd /opt/app/config/cache
+ for file in $(ls feed*); do
+ NUM=$(echo "$file" | sed 's/feedConfig-\([0-9]\+\)-resp.json/\1/')
+ export DR_LOG_URL_"$NUM"="$(grep -o '"logURL":"[^"]*' "$file" | cut -d '"' -f4)"
+ export DR_FILES_PUBLISHER_URL_"$NUM"="$(grep -o '"publishURL":"[^"]*' "$file" | cut -d '"' -f4)"
+ done
+ for file in $(ls drpub*); do
+ NUM=$(echo "$file" | sed 's/drpubConfig-\([0-9]\+\)-resp.json/\1/')
+ export DR_USERNAME_"$NUM"="$(grep -o '"username":"[^"]*' "$file" | cut -d '"' -f4)"
+ export DR_PASSWORD_"$NUM"="$(grep -o '"userpwd":"[^"]*' "$file" | cut -d '"' -f4)"
+ export DR_FILES_PUBLISHER_ID_"$NUM"="$(grep -o '"pubId":"[^"]*' "$file" | cut -d '"' -f4)"
+ done
+ for file in $(ls drsub*); do
+ NUM=$(echo "$file" | sed 's/drsubConfig-\([0-9]\+\)-resp.json/\1/')
+ export DR_FILES_SUBSCRIBER_ID_"$NUM"="$(grep -o '"subId":"[^"]*' "$file" | cut -d '"' -f4)"
+ done
+ for file in $(ls topics*); do
+ NUM=$(echo "$file" | sed 's/topicsConfig-\([0-9]\+\)-resp.json/\1/')
+ export MR_FILES_PUBLISHER_CLIENT_ID_"$NUM"="$(grep -o '"mrClientId":"[^"]*' "$file" | cut -d '"' -f4)"
+ done
+ else
+ echo "No Response logged for Dmaap BusController Http POST Request..!"
+ fi
+ cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done
+ env:
+ {{- range $cred := $dot.Values.credentials }}
+ - name: {{ $cred.name }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $cred.uid "key" $cred.key) | nindent 4 }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: /opt/app/config/cache
+ name: dbc-response-cache
+ - mountPath: /config-input
+ name: app-config-input
+ - mountPath: /config
+ name: app-config
+ resources:
+ limits:
+ cpu: 200m
+ memory: 250Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
+{{- end -}}
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml
index b91ac76056..a3f15645a3 100644
--- a/kubernetes/common/elasticsearch/values.yaml
+++ b/kubernetes/common/elasticsearch/values.yaml
@@ -279,7 +279,6 @@ certInitializer:
aaf_add_config: >
cd {{ .Values.credsPath }};
mkdir -p certs;
- export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
cp {{ .Values.fqi_namespace }}.key certs/key.pem;
diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml
index 48c8b6d0cc..c8c0ffa0b2 100644
--- a/kubernetes/common/etcd/templates/statefulset.yaml
+++ b/kubernetes/common/etcd/templates/statefulset.yaml
@@ -48,6 +48,8 @@ spec:
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.googleK8sRepository" . }}/{{ .Values.image }}
diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml
index ad97cd4ed6..96d1dc54a4 100644
--- a/kubernetes/common/mariadb-init/templates/job.yaml
+++ b/kubernetes/common/mariadb-init/templates/job.yaml
@@ -63,9 +63,9 @@ spec:
/db_config/db_cmd.sh{{ end }}
env:
- name: DB_HOST
- value: "{{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.serviceName }}"
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- value: "{{ default .Values.global.mariadbGalera.servicePort .Values.mariadbGalera.servicePort }}"
+ value: {{ include "common.mariadbPort" . | quote }}
- name: MYSQL_ROOT_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }}
- name: {{ printf "MYSQL_USER_%s" .Values.config.mysqlDatabase | upper }}
@@ -83,10 +83,10 @@ spec:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - name: mariadb-conf
+ - name: mariadb-init
mountPath: /db_init/
{{- if or .Values.dbScriptConfigMap .Values.dbScript }}
- - name: mariadb-init
+ - name: mariadb-conf
mountPath: /db_config/
{{- end }}
resources:
@@ -104,7 +104,7 @@ spec:
hostPath:
path: /etc/localtime
{{- if or .Values.dbScriptConfigMap .Values.dbScript }}
- - name: mariadb-init
+ - name: mariadb-conf
configMap:
{{- if .Values.dbScriptConfigMap }}
name: {{ tpl .Values.dbScriptConfigMap . }}
@@ -113,7 +113,7 @@ spec:
{{- end }}
defaultMode: 0755
{{- end }}
- - name: mariadb-conf
+ - name: mariadb-init
configMap:
name: {{ include "mariadbInit.configMap" . }}
defaultMode: 0755
diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml
index 73186b392d..11602054e8 100644
--- a/kubernetes/common/mongo/templates/statefulset.yaml
+++ b/kubernetes/common/mongo/templates/statefulset.yaml
@@ -37,6 +37,8 @@ spec:
release: {{ include "common.release" . }}
spec:
{{ include "common.podSecurityContext" . | indent 6 }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
diff --git a/kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml b/kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml
index 1aabfb6bcc..d80e70b5fb 100644
--- a/kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml
+++ b/kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml
@@ -41,6 +41,8 @@ spec:
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
diff --git a/kubernetes/common/music/templates/deployment.yaml b/kubernetes/common/music/templates/deployment.yaml
index 1e5d3c5377..53d5a366f7 100644
--- a/kubernetes/common/music/templates/deployment.yaml
+++ b/kubernetes/common/music/templates/deployment.yaml
@@ -23,6 +23,8 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
initContainers:
- name: {{ include "common.name" . }}-cassandra-readiness
image: {{ include "repositoryGenerator.image.readiness" . }}
diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl
index 7d04501f24..d93d401ebc 100644
--- a/kubernetes/common/postgres/templates/_deployment.tpl
+++ b/kubernetes/common/postgres/templates/_deployment.tpl
@@ -42,6 +42,8 @@ spec:
release: {{ include "common.release" $dot }}
name: "{{ index $dot.Values "container" "name" $pgMode }}"
spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" $dot }}-docker-registry-key"
initContainers:
- command:
- sh
diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl
index 211cf1c599..1662985d0a 100644
--- a/kubernetes/common/repositoryGenerator/templates/_repository.tpl
+++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
-# Copyright © 2021 AT&T
+# Copyright © 2021 AT&T
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -132,6 +133,10 @@
{{- include "repositoryGenerator.image._helper" (merge (dict "image" "readinessImage") .) }}
{{- end -}}
+{{- define "repositoryGenerator.image.dbcClient" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "dbcClientImage") .) }}
+{{- end -}}
+
{{/*
Resolve the image repository secret token.
The value for .Values.global.repositoryCred is used if provided:
diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml
index 2a01112ce6..f4104538f7 100644
--- a/kubernetes/common/repositoryGenerator/values.yaml
+++ b/kubernetes/common/repositoryGenerator/values.yaml
@@ -1,5 +1,6 @@
# Copyright © 2020 Orange
# Copyright © 2021 Nokia, AT&T
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -35,6 +36,7 @@ global:
postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
readinessImage: onap/oom/readiness:3.0.1
dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
+ dbcClientImage: onap/dmaap/dbc-client:2.0.7
# Default credentials
# they're optional. If the target repository doesn't need them, comment them
@@ -66,3 +68,4 @@ imageRepoMapping:
postgresImage: dockerHubRepository
readinessImage: repository
dcaePolicySyncImage: repository
+ dbcClientImage: repository