diff options
Diffstat (limited to 'kubernetes/common')
63 files changed, 1818 insertions, 3008 deletions
diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml index dfa0a3e250..090dbcc2a2 100644 --- a/kubernetes/common/cassandra/values.yaml +++ b/kubernetes/common/cassandra/values.yaml @@ -27,7 +27,7 @@ global: # global defaults # application image repository: nexus3.onap.org:10001 -image: library/cassandra:2.2.14 +image: library/cassandra:3.11.4 pullPolicy: Always # flag to enable debugging - application support required @@ -90,6 +90,7 @@ service: port: 7199 - name: tcp-cql port: 9042 + ## thrift protocol is deprecated . Should be removed. Being left until all project removes it. - name: tcp-thrift port: 9160 - name: tcp-agent diff --git a/kubernetes/common/common/documentation.rst b/kubernetes/common/common/documentation.rst new file mode 100644 index 0000000000..e6cf948d79 --- /dev/null +++ b/kubernetes/common/common/documentation.rst @@ -0,0 +1,549 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International +.. License. +.. http://creativecommons.org/licenses/by/4.0 +.. Copyright 2020 Orange. All rights reserved. + +.. _developer-guide-label: + + +Current given templating functions +================================== + + +In order to have a consistent deployments of ONAP components, several templating +functions are proposed in `kubernets/common/common/templates` folder. +This file list them and gives examples for the most used. +All these templating functions have a description in their own file, here we +only give an overview. + +* conditional functions + + +----------------------------------------------------+-----------------------+ + | Function | File | + +----------------------------------------------------+-----------------------+ + | `common.needPV` | `_storage.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.onServiceMesh` | `_serviceMesh.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.common.needTLS` | `_service.tpl` | + +----------------------------------------------------+-----------------------+ + +* template generation functions + + +----------------------------------------------------+-----------------------+ + | Function | File | + +----------------------------------------------------+-----------------------+ + | `common.masterPassword` | `_createPassword.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.createPassword` | `_createPassword.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.secret.genName` | `_secret.yaml` | + +----------------------------------------------------+-----------------------+ + | `common.secret.getSecretName` | `_secret.yaml` | + +----------------------------------------------------+-----------------------+ + | `common.secret.envFromSecret` | `_secret.yaml` | + +----------------------------------------------------+-----------------------+ + | `common.secret` | `_secret.yaml` | + +----------------------------------------------------+-----------------------+ + | `ingress.config.port` | `_ingress.tpl` | + +----------------------------------------------------+-----------------------+ + | `ingress.config.annotations.ssl` | `_ingress.tpl` | + +----------------------------------------------------+-----------------------+ + | `ingress.config.annotations` | `_ingress.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.ingress` | `_ingress.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.labels` | `_labels.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.matchLabels` | `_labels.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.resourceMetadata` | `_labels.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.templateMetadata` | `_labels.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.selectors` | `_labels.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.name` | `_name.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.fullname` | `_name.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.fullnameExplicit` | `_name.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.release` | `_name.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.chart` | `_name.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.namespace` | `_namespace.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.repository` | `_repository.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.repository.secret` | `_repository.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.flavor` | `_resources.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.resources` | `_resources.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.storageClass` | `_storage.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.replicaPV` | `_storage.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.servicename` | `_service.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.serviceMetadata` | `_service.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.servicePorts` | `_service.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.genericService` | `_service.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.service` | `_service.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.headlessService` | `_service.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadb.secret.rootPassUID` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadb.secret.rootPassSecretName` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadb.secret.userCredentialsUID` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadb.secret.userCredentialsSecretName` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadbService` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadbPort` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadbSecret` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadbSecretParam` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.postgres.secret.rootPassUID` | `_postgres.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.postgres.secret.rootPassSecretName` | `_postgres.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.postgres.secret.userCredentialsUID` | `_postgres.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.postgres.secret.userCredentialsSecretName` | `_postgres.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.postgres.secret.primaryPasswordUID` | `_postgres.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.postgres.secret.primaryPasswordSecretName` | `_postgres.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.tplValue` | `_tplValue.tpl` | + +----------------------------------------------------+-----------------------+ + + +Passwords +--------- + +These functions are defined in +`kubernetes/common/common/templates/_createPassword.tpl`. + +* `common.masterPassword`: Resolve the master password to be used to derive + other passwords. +* `common.createPassword`: Generate a new password based on masterPassword. + +Secrets +------- + +These functions are defined in +`kubernetes/common/common/templates/_secret.yaml`. + +* `common.secret.genName`: Generate a secret name based on provided name or UID. +* `common.secret.getSecretName`: Get the real secret name by UID or name, based + on the configuration provided by user. +* `common.secret.envFromSecret`: Convenience template which can be used to + easily set the value of environment variable to the value of a key in a + secret. +* `common.secret`: Define secrets to be used by chart. + +The most widely use templates is the last (`common.secret`). +It should be the only (except license part) line of your secret file: + +.. code-block:: yaml + + {{ include "common.secret" . }} + +In order to have the right values set, you need to create the right +configuration in `values.yaml` (example taken from mariadb configuration): + +.. code-block:: yaml + + secrets: + - uid: 'db-root-password' + type: password + externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' + password: '{{ .Values.config.dbRootPassword }}' + - uid: 'db-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.dbSdnctlPassword }}' + +Ingress +------- + +These functions are defined in +`kubernetes/common/common/templates/_ingress.tpl`. + +* `ingress.config.port`: generate the port path on an Ingress resource. +* `ingress.config.annotations.ssl`: generate the ssl annotations of an Ingress + resource. +* `ingress.config.annotations`: generate the annotations of an Ingress resource. +* `common.ingress`: generate an Ingress resource (if needed). + +The most widely use templates is the last (`common.ingress`) . + +It should be the only (except license part) line of your ingress file: + +.. code-block:: yaml + + {{ include "common.ingress" . }} + +In order to have the right values set, you need to create the right +configuration in `values.yaml` (example taken from clamp configuration): + +.. code-block:: yaml + + ingress: + enabled: false + service: + - baseaddr: "clamp" + name: "clamp" + port: 443 + config: + ssl: "redirect" + +Labels +------ + +These functions are defined in `kubernetes/common/common/templates/_labels.tpl`. + +The goal of these functions is to always create the right labels for all the +resource in a consistent way. + +* `common.labels`: generate the common labels for a resource +* `common.matchLabels`: generate the labels to match (to be used in conjunction + with `common.labels` or `common.resourceMetadata`) +* `common.resourceMetadata`: generate the "top" metadatas for a resource + (Deployment, StatefulSet, Service, ConfigMap, ...) +* `common.templateMetadata`: generate the metadata put in the template part + (for example `spec.template.metadata` for a Deployment) +* `common.selectors`: generate the right selectors for Service / Deployment / + StatefulSet, ... (to be used in conjunction with `common.labels` or + `common.resourceMetadata`) + + +Here's an example of use of these functions in a Deployment template (example +taken on nbi): + +.. code-block:: yaml + + apiVersion: apps/v1 + kind: Deployment + metadata: {{- include "common.resourceMetadata" . | nindent 2 }} + spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + ... + +Name +---- + +These functions are defined in `kubernetes/common/common/templates/_name.tpl`. + +The goal of these functions is to always name the resource the same way. + +* `common.name`: Generate the name for a chart. +* `common.fullname`: Create a default fully qualified application name. +* `common.fullnameExplicit`: The same as common.full name but based on passed + dictionary instead of trying to figure out chart name on its own. +* `common.release`: Retrieve the "original" release from the component release. +* `common.chart`: Generate the chart name + +Here's an example of use of these functions in a Deployment template (example +taken on mariadb-galera): + +.. code-block:: yaml + + apiVersion: apps/v1beta1 + kind: StatefulSet + ... + spec: + serviceName: {{ .Values.service.name }} + replicas: {{ .Values.replicaCount }} + template: + ... + spec: + {{- if .Values.nodeSelector }} + nodeSelector: + {{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + volumes: + {{- if .Values.externalConfig }} + - name: config + configMap: + name: {{ include "common.fullname" . }}-external-config + {{- end}} + ... + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + ... + +Namespace +--------- + +These functions are defined in +`kubernetes/common/common/templates/_namespace.tpl`. + +The goal of these functions is to always retrieve the namespace the same way. + +* `common.namespace`: Generate the namespace for a chart. Shouldn't be used + directly but use `common.resourceMetadata` (which uses it). + + +Repository +---------- + +These functions are defined in +`kubernetes/common/common/templates/_repository.tpl`. + +The goal of these functions is to generate image name the same way. + +* `common.repository`: Resolve the name of the common image repository. +* `common.repository.secret`: Resolve the image repository secret token. + + +Resources +--------- + +These functions are defined in +`kubernetes/common/common/templates/_resources.tpl`. + +The goal of these functions is to generate resources for pods the same way. + +* `common.flavor`: Resolve the name of the common resource limit/request flavor. + Shouldn't be used alone. +* `common.resources`: Resolve the resource limit/request flavor using the + desired flavor value. + + +Storage +------- + +These functions are defined in +`kubernetes/common/common/templates/_storage.tpl`. + +The goal of these functions is to generate storage part of Deployment / +Statefulset and storage resource (PV, PVC, ...) in a consistent way. + +* `common.storageClass`: Expand the name of the storage class. +* `common.needPV`: Calculate if we need a PV. If a storageClass is provided, + then we don't need. +* `common.replicaPV`: Generate N PV for a statefulset + + +Pod +--- + +These functions are defined in `kubernetes/common/common/templates/_pod.tpl`. + +* `common.containerPorts`: generate the port list for containers. See Service + part to know how to declare the port list. + +Here's an example of use of these functions in a Deployment template (example +taken on nbi): + +.. code-block:: yaml + + apiVersion: apps/v1 + kind: Deployment + ... + spec: + ... + template: + ... + spec: + containers: + - name: {{ include "common.name" . }} + ports: {{- include "common.containerPorts" . | nindent 8 } + + +Service +------- + +These functions are defined in +`kubernetes/common/common/templates/_service.tpl`. + +The goal of these functions is to generate services in a consistent way. + +* `common.servicename`: Expand the service name for a chart. +* `common.serviceMetadata`: Define the metadata of Service. Shouldn't be used + directly but used through `common.service` or `common.headlessService`. +* `common.servicePorts`: Define the ports of Service. Shouldn't be used directly + but used through `common.service` or `common.headlessService`. +* `common.genericService`: Template for creating any Service. Shouldn't be used + directly but used through `common.service` or `common.headlessService`. May be + used if you want to create a Service with some specificities (on the ports for + example). +* `common.needTLS`: Calculate if we need to use TLS ports on services +* `common.service`: Create service template. +* `common.headlessService`: Create headless service template + + +The most widely used templates are the two last (`common.service` and +`common.headlessService`). +It should use with only one (except license part) line of your service (or +service-headless) file: + +.. code-block:: yaml + + {{ include "common.service" . }} + +In order to have the right values set, you need to create the right +configuration in `values.yaml` (example taken from nbi configuration + other +part): + +.. code-block:: yaml + + service: + type: NodePort + name: nbi + annotations: + my: super-annotation + ports: + - name: api + port: 8443 + plain_port: 8080 + port_protocol: http + nodePort: 74 + - name: tcp-raw + port: 8459 + nodePort: 89 + + +would generate: + +.. code-block:: yaml + + apiVersion: v1 + kind: Service + metadata: + annotations: + my: super-annotation + name: nbi + namespace: default + labels: + app.kubernetes.io/name: nbi + helm.sh/chart: nbi-5.0.0 + app.kubernetes.io/instance: release + app.kubernetes.io/managed-by: Tiller + spec: + ports: + - port: 8443 + targetPort: api + name: https-api + nodePort: 30274 + - port: 8459 + targetPort: tcp-raw + name: tcp-raw + nodePort: 30289 + type: NodePort + selector: + app.kubernetes.io/name: nbi + app.kubernetes.io/instance: release + + +`plain_port` is used only if we mandate to use http (see ServiceMesh part). +Today a port can be http or https but not both. +headless configuration is equivalent (example taken from cassandra): + +.. code-block:: yaml + + service: + name: cassandra + headless: + suffix: "" + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + publishNotReadyAddresses: true + headlessPorts: + - name: tcp-intra + port: 7000 + - name: tls + port: 7001 + - name: tcp-jmx + port: 7199 + - name: tcp-cql + port: 9042 + - name: tcp-thrift + port: 9160 + - name: tcp-agent + port: 61621 + + +ServiceMesh +----------- + +These functions are defined in +`kubernetes/common/common/templates/_serviceMesh.tpl`. + +The goal of these functions is to handle onboarding of ONAP on service mesh. + +* `common.onServiceMesh`: Calculate if we if we are on service mesh + + + +MariaDB +------- + +These functions are defined in +`kubernetes/common/common/templates/_mariadb.tpl`. + +The goal of these functions is to simplify use of mariadb and its different +values. + +* `common.mariadb.secret.rootPassUID`: UID of mariadb root password +* `common.mariadb.secret.rootPassSecretName`: Name of mariadb root password + secret +* `common.mariadb.secret.userCredentialsUID`: UID of mariadb user credentials +* `common.mariadb.secret.userCredentialsSecretName`: Name of mariadb user + credentials secret +* `common.mariadbService`: Choose the name of the mariadb service to use +* `common.mariadbPort`: Choose the value of mariadb port to use +* `common.mariadbSecret`: Choose the value of secret to retrieve user value +* `common.mariadbSecretParam`: Choose the value of secret param to retrieve user + value + +PostgreSQL +---------- + +These functions are defined in +`kubernetes/common/common/templates/_postgres.tpl`. + +The goal of these functions is to simplify use of postgres and its different +values. + +* `common.postgres.secret.rootPassUID`: UID of postgres root password +* `common.postgres.secret.rootPassSecretName`: Name of postgres root password + secret +* `common.postgres.secret.userCredentialsUID`: UID of postgres user credentials +* `common.postgres.secret.userCredentialsSecretName`: Name of postgres user + credentials secret +* `common.postgres.secret.primaryPasswordUID`: UID of postgres primary password +* `common.postgres.secret.primaryPasswordSecretName`: Name of postgres primary + credentials secret + + +Utilities +--------- + +These functions are defined in +`kubernetes/common/common/templates/_tplValue.tpl`. + +The goal of these functions is provide utility function, usually used in other +templating functions. + +* `common.tplValue`: Renders a value that contains template. diff --git a/kubernetes/common/common/templates/_aafconfig.tpl b/kubernetes/common/common/templates/_aafconfig.tpl new file mode 100644 index 0000000000..db7cbe8d8d --- /dev/null +++ b/kubernetes/common/common/templates/_aafconfig.tpl @@ -0,0 +1,226 @@ +{{/* +# Copyright © 2020 Amdocs, Bell Canada, highstreet technologies GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + common templates to enable aaf configs for applictaions + + Parameter for aafConfig to be defined in values.yaml + aafConfig: --> if a different key is used, call templates with argument (dict "aafRoot" "<yourkey>" "dot" .) + # additional scripts can be defined to handle certs + addconfig: true|false + fqdn: "sdnc" + image: onap/aaf/aaf_agent:2.1.15 + app_ns: "org.osaaf.aaf" + fqi: "sdnc@sdnc.onap.org" + fqi_namespace: org.onap.sdnc + public_fqdn: "aaf.osaaf.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "38.0" + cadi_longitude: "-72.0" + persistence: + enabled: true + config.volumeReclaimPolicy: Delete + config.accessMode: ReadWriteMany + config.size: 40M + config.storageClass: "manual" + config.mountPath: "/dockerdata-nfs" + config.mountSubPath: "sdnc/aaf" + # secrets configuration, Note: create a secrets template + secrets: + - uid: aaf-deploy-creds + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aafConfig.aafDeployFqi }}' + password: '{{ .Values.aafConfig.aafDeployPass }}' + passwordPolicy: required + + In deployments/jobs/stateful include: + initContainers: + {{ include "common.aaf-config" . | nindent XX}} + + containers: + volumeMounts: + {{- if .Values.global.aafEnabled }} + - mountPath: "/opt/app/osaaf" + name: {{ include "common.fullname" . }}-aaf-config-vol + {{- end }} + volumes: + {{- include "common.aaf-config-volumes" . | nindent XX}} + + If persistence.enabled = true + Create pvc: + {{ include "common.aaf-config-pvc" . }} + Create pv + {{ include "common.aaf-config-pv" . }} + +*/}} +{{- define "common.aaf-config" -}} +{{- $dot := default . .dot -}} +{{- $aafRoot := default "aafConfig" .aafRoot -}} +{{ if .Values.global.aafEnabled }} +- name: {{ include "common.name" . }}-aaf-readiness + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - aaf-locate + - --container-name + - aaf-cm + - --container-name + - aaf-service + + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace +- name: {{ include "common.name" . }}-aaf-config + image: {{ .Values.global.repository }}/{{index .Values $aafRoot "image" }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: {{ include "common.fullname" . }}-aaf-config-vol + {{- if (index .Values $aafRoot "addconfig") }} + - name: aaf-add-config + mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh + subPath: aaf-add-config.sh + {{- end }} + command: + - sh + - -c + - | + #!/usr/bin/env bash + /opt/app/aaf_config/bin/agent.sh + {{- if (index .Values $aafRoot "addconfig") }} + /opt/app/aaf_config/bin/aaf-add-config.sh + {{- end }} + env: + - name: APP_FQI + value: "{{ index .Values $aafRoot "fqi" }}" + - name: aaf_locate_url + value: "https://aaf-locate.{{ .Release.Namespace}}:8095" + - name: aaf_locator_container + value: "oom" + - name: aaf_locator_container_ns + value: "{{ .Release.Namespace }}" + - name: aaf_locator_fqdn + value: "{{ index .Values $aafRoot "fqdn" }}" + - name: aaf_locator_app_ns + value: "{{ index .Values $aafRoot "app_ns" }}" + - name: DEPLOY_FQI + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 6 }} + - name: DEPLOY_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 6 }} + #Note: want to put this on Nodes, evenutally + - name: cadi_longitude + value: "{{ default "52.3" (index .Values $aafRoot "cadi_longitude") }}" + - name: cadi_latitude + value: "{{ default "13.2" (index .Values $aafRoot "cadi_latitude") }}" + #Hello specific. Clients don't don't need this, unless Registering with AAF Locator + - name: aaf_locator_public_fqdn + value: "{{ (index .Values $aafRoot "public_fqdn") | default "" }}" +{{- end -}} +{{- end -}} + + +{{- define "common.aaf-config-volume-mountpath" -}} +{{ if .Values.global.aafEnabled }} +- mountPath: "/opt/app/osaaf" + name: {{ include "common.fullname" . }}-aaf-config-vol +{{- end -}} +{{- end -}} + +{{- define "common.aaf-config-volumes" -}} +{{ if .Values.global.aafEnabled }} +{{- $dot := default . .dot -}} +{{- $aafRoot := default "aafConfig" .aafRoot -}} +- name: {{ include "common.fullname" . }}-aaf-config-vol + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-aaf-config-pvc +{{- if (index .Values $aafRoot "addconfig") }} +- name: aaf-add-config + configMap: + name: {{ include "common.fullname" . }}-aaf-add-config + defaultMode: 0700 +{{- end }} +{{- end -}} +{{- end }} + +{{- define "common.aaf-config-pv" -}} +{{- $dot := default . .dot -}} +{{- $aafRoot := default "aafConfig" .aafRoot -}} +metadata: + name: {{ include "common.fullname" . }}-aaf-config-pv + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-aaf-config-pv + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ index .Values $aafRoot "persistence" "config" "size"}} + accessModes: + - {{ index .Values $aafRoot "persistence" "config" "accessMode" }} + persistentVolumeReclaimPolicy: {{ index .Values $aafRoot "persistence" "config" "volumeReclaimPolicy" }} + hostPath: + path: {{ index .Values $aafRoot "persistence" "config" "mountPath" }}/{{ .Release.Name }}/{{ index .Values $aafRoot "persistence" "config" "mountSubPath" }} +{{- if (index .Values $aafRoot "persistence" "config" "storageClass") }} +{{- if (eq "-" (index .Values $aafRoot "persistence" "config" "storageClass")) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ index .Values $aafRoot "persistence" "config" "storageClass" }}" +{{- end }} +{{- end }} +{{- end -}} + +{{- define "common.aaf-config-pvc" -}} +{{- $dot := default . .dot -}} +{{- $aafRoot := default "aafConfig" .aafRoot -}} +metadata: + name: {{ include "common.fullname" . }}-aaf-config-pvc + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if (index .Values $aafRoot "persistence" "annotations") }} + annotations: +{{ toYaml (index .Values $aafRoot "persistence" "annotations" ) | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }}-aaf-config-pv + accessModes: + - {{ index .Values $aafRoot "persistence" "config" "accessMode" }} + resources: + requests: + storage: {{ index .Values $aafRoot "persistence" "config" "size" }} +{{- if (index .Values $aafRoot "persistence" "config" "storageClass") }} +{{- if (eq "-" (index .Values $aafRoot "persistence" "config" "storageClass")) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ index .Values $aafRoot "persistence" "config" "storageClass" }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/kubernetes/common/common/templates/_labels.tpl b/kubernetes/common/common/templates/_labels.tpl index 95d51e17b7..66727629ef 100644 --- a/kubernetes/common/common/templates/_labels.tpl +++ b/kubernetes/common/common/templates/_labels.tpl @@ -18,45 +18,84 @@ {{/* Common labels +The function takes several arguments (inside a dictionary): + - .dot : environment (.) + - .labels : labels to add (dict) */}} {{- define "common.labels" -}} -app.kubernetes.io/name: {{ include "common.name" . }} -helm.sh/chart: {{ include "common.chart" . }} -app.kubernetes.io/instance: {{ include "common.release" . }} -app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- $dot := default . .dot -}} +app.kubernetes.io/name: {{ include "common.name" $dot }} +helm.sh/chart: {{ include "common.chart" $dot }} +app.kubernetes.io/instance: {{ include "common.release" $dot }} +app.kubernetes.io/managed-by: {{ $dot.Release.Service }} +{{ if .labels }} +{{- include "common.tplValue" (dict "value" .labels "context" $dot) }} +{{- end -}} {{- end -}} {{/* Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +The function takes several arguments (inside a dictionary): + - .dot : environment (.) + - .matchLabels: selectors/matchlLabels to add (dict) */}} {{- define "common.matchLabels" -}} -app.kubernetes.io/name: {{ include "common.name" . }} -app.kubernetes.io/instance: {{ include "common.release" . }} +{{- $dot := default . .dot -}} +{{- if not .matchLabels.nameNoMatch -}} +app.kubernetes.io/name: {{ include "common.name" $dot }} +{{- end }} +app.kubernetes.io/instance: {{ include "common.release" $dot }} +{{ if .matchLabels }} +{{$_ := unset .matchLabels "nameNoMatch"}} +{{- include "common.tplValue" (dict "value" .matchLabels "context" $dot) }} +{{- end -}} {{- end -}} {{/* Generate "top" metadata for Deployment / StatefulSet / ... + The function takes several arguments (inside a dictionary): + - .dot : environment (.) + - .labels: labels to add (dict) + - .suffix: suffix to name + */}} {{- define "common.resourceMetadata" -}} -name: {{ include "common.fullname" . }} -namespace: {{ include "common.namespace" . }} -labels: {{- include "common.labels" . | nindent 2 }} +{{- $dot := default . .dot -}} +{{- $suffix := default "" .suffix -}} +{{- $labels := default (dict) .labels -}} +{{- $annotations := default (dict) .annotations -}} +name: {{ include "common.fullname" (dict "suffix" $suffix "dot" $dot )}} +namespace: {{ include "common.namespace" $dot }} +labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot ) | nindent 2 }} +{{- if $annotations }} +annotations: {{- include "common.tplValue" (dict "value" $annotations "context" $dot) | nindent 2}} +{{- end -}} {{- end -}} {{/* Generate selectors for Deployment / StatefulSet / ... + The function takes several arguments (inside a dictionary): + - .dot : environment (.) + - .matchLabels: labels to add (dict) */}} {{- define "common.selectors" -}} -matchLabels: {{- include "common.matchLabels" . | nindent 2 }} +{{- $dot := default . .dot -}} +{{- $matchLabels := default (dict) .matchLabels -}} +matchLabels: {{- include "common.matchLabels" (dict "matchLabels" $matchLabels "dot" $dot) | nindent 2 }} {{- end -}} {{/* Generate "template" metadata for Deployment / StatefulSet / ... + The function takes several arguments (inside a dictionary) + - .dot : environment (.) + - .labels: labels to add (dict) */}} {{- define "common.templateMetadata" -}} -{{- if .Values.podAnnotations }} -annotations: {{- include "common.tplValue" (dict "value" .Values.podAnnotations "context" $) | nindent 2 }} +{{- $dot := default . .dot -}} +{{- $labels := default (dict) .labels -}} +{{- if $dot.Values.podAnnotations }} +annotations: {{- include "common.tplValue" (dict "value" $dot.Values.podAnnotations "context" $) | nindent 2 }} {{- end }} -labels: {{- include "common.labels" . | nindent 2 }} -name: {{ include "common.name" . }} +labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 }} +name: {{ include "common.name" $dot }} {{- end -}} diff --git a/kubernetes/common/common/templates/_name.tpl b/kubernetes/common/common/templates/_name.tpl index 943078ff2f..e918cc1dd8 100644 --- a/kubernetes/common/common/templates/_name.tpl +++ b/kubernetes/common/common/templates/_name.tpl @@ -16,9 +16,14 @@ {{/* Expand the name of a chart. + The function takes from one to two arguments (inside a dictionary): + - .dot : environment (.) + - .suffix : add a suffix to the name */}} {{- define "common.name" -}} - {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} + {{- $dot := default . .dot -}} + {{- $suffix := .suffix -}} + {{- default $dot.Chart.Name $dot.Values.nameOverride | trunc 63 | trimSuffix "-" -}}{{ if $suffix }}{{ print "-" $suffix }}{{ end }} {{- end -}} {{/* @@ -28,16 +33,25 @@ {{- define "common.fullnameExplicit" -}} {{- $dot := .dot }} {{- $name := .chartName }} - {{- printf "%s-%s" (include "common.release" $dot) $name | trunc 63 | trimSuffix "-" -}} + {{- $suffix := default "" .suffix -}} + {{- printf "%s-%s-%s" (include "common.release" $dot) $name $suffix | trunc 63 | trimSuffix "-" | trimSuffix "-" -}} {{- end -}} {{/* Create a default fully qualified application name. Truncated at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). + Usage: + include "common.fullname" . + include "common.fullname" (dict "suffix" "mySuffix" "dot" .) + The function takes from one to two arguments: + - .dot : environment (.) + - .suffix : add a suffix to the fullname */}} {{- define "common.fullname" -}} - {{- $name := default .Chart.Name .Values.nameOverride -}} - {{- include "common.fullnameExplicit" (dict "dot" . "chartName" $name) }} +{{- $dot := default . .dot -}} +{{- $suffix := default "" .suffix -}} + {{- $name := default $dot.Chart.Name $dot.Values.nameOverride -}} + {{- include "common.fullnameExplicit" (dict "dot" $dot "chartName" $name "suffix" $suffix) }} {{- end -}} {{/* diff --git a/kubernetes/common/common/templates/_pod.tpl b/kubernetes/common/common/templates/_pod.tpl index 9329572a92..d3fc25ad6e 100644 --- a/kubernetes/common/common/templates/_pod.tpl +++ b/kubernetes/common/common/templates/_pod.tpl @@ -19,10 +19,12 @@ Will use first ".Values.service.ports" list. Will append ports from ".Values.service.headlessPorts" only if port number is not already in port list. + Will add tls port AND plain port if both_tls_and_plain is set to true */}} {{- define "common.containerPorts" -}} {{- $ports := default (list) .Values.service.ports }} {{- $portsNumber := list }} +{{- $both_tls_and_plain:= default false .Values.service.both_tls_and_plain }} {{- range $index, $port := $ports }} {{- $portsNumber = append $portsNumber $port.port }} {{- end }} @@ -31,8 +33,17 @@ {{- $ports = append $ports $port }} {{- end }} {{- end }} +{{- $global := . }} {{- range $index, $port := $ports }} +{{- if (include "common.needTLS" $global) }} - containerPort: {{ $port.port }} +{{- else }} +- containerPort: {{ default $port.port $port.plain_port }} +{{- end }} name: {{ $port.name }} +{{- if (and $port.plain_port (and (include "common.needTLS" $global) $both_tls_and_plain)) }} +- containerPort: {{ $port.plain_port }} + name: {{ $port.name }}-plain +{{- end }} {{- end }} {{- end -}} diff --git a/kubernetes/common/common/templates/_postgres.tpl b/kubernetes/common/common/templates/_postgres.tpl new file mode 100644 index 0000000000..45d903e574 --- /dev/null +++ b/kubernetes/common/common/templates/_postgres.tpl @@ -0,0 +1,65 @@ +{{/* +# Copyright © 2019 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{/* + UID of postgres root password +*/}} +{{- define "common.postgres.secret.rootPassUID" -}} + {{- printf "db-root-password" }} +{{- end -}} + +{{/* + Name of postgres secret +*/}} +{{- define "common.postgres.secret._secretName" -}} + {{- $global := .dot }} + {{- $chartName := tpl .chartName $global -}} + {{- include "common.secret.genName" (dict "global" $global "uid" (include .uidTemplate $global) "chartName" $chartName) }} +{{- end -}} + +{{/* + Name of postgres root password secret +*/}} +{{- define "common.postgres.secret.rootPassSecretName" -}} + {{- include "common.postgres.secret._secretName" (set . "uidTemplate" "common.postgres.secret.rootPassUID") }} +{{- end -}} + +{{/* + UID of postgres user credentials +*/}} +{{- define "common.postgres.secret.userCredentialsUID" -}} + {{- printf "db-user-credentials" }} +{{- end -}} + +{{/* + Name of postgres user credentials secret +*/}} +{{- define "common.postgres.secret.userCredentialsSecretName" -}} + {{- include "common.postgres.secret._secretName" (set . "uidTemplate" "common.postgres.secret.userCredentialsUID") }} +{{- end -}} + +{{/* + UID of postgres primary password +*/}} +{{- define "common.postgres.secret.primaryPasswordUID" -}} + {{- printf "primary-password" }} +{{- end -}} + +{{/* + Name of postgres user credentials secret +*/}} +{{- define "common.postgres.secret.primaryPasswordSecretName" -}} + {{- include "common.postgres.secret._secretName" (set . "uidTemplate" "common.postgres.secret.primaryPasswordUID") }} +{{- end -}} diff --git a/kubernetes/common/common/templates/_secret.yaml b/kubernetes/common/common/templates/_secret.tpl index e24a2e4ba7..064b0c16af 100644 --- a/kubernetes/common/common/templates/_secret.yaml +++ b/kubernetes/common/common/templates/_secret.tpl @@ -22,6 +22,7 @@ The template takes two arguments: - .global: environment (.) - .name: name of the secret + - .annotations: annotations which should be used Example call: {{ include "common.secret._header" (dict "global" . "name" "myFancyName") }} @@ -39,6 +40,9 @@ metadata: chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }} release: {{ include "common.release" $global }} heritage: {{ $global.Release.Service }} +{{- if .annotations }} + annotations: {{- include "common.tplValue" (dict "value" .annotations "context" $global) | nindent 4 }} +{{- end }} type: Opaque {{- end -}} @@ -74,6 +78,38 @@ type: Opaque {{- end }} {{- end -}} +{{/* + For internal use only! + + Pick a value based on "user input" and generation policy. + + The template takes below arguments: + - .global: environment (.) + - .secretName: name of the secret where the value will be placed + - .secretEnv: map of values which configures this secret. This can contain below keys: + - value: Value of secret key provided by user (can be a template inside a string) + - policy: What to do if value is missing or empty. Possible options are: + - generate: Generate a new password deriving it from master password + - required: Fail the deployment if value has not been provided + Defaults to generate. + - name: Name of the key to which this value should be assigned +*/}} +{{- define "common.secret._valueFast" -}} + {{- $global := .global }} + {{- $name := .secretName }} + {{- $secretEnv := .secretEnv }} + {{- $value := $secretEnv.value }} + {{- $policy := default "generate" $secretEnv.policy }} + + {{- if $value }} + {{- $value | quote }} + {{- else if eq $policy "generate" }} + {{- include "common.createPassword" (dict "dot" $global "uid" $name) | quote }} + {{- else }} + {{- fail (printf "Value for %s secret %s key not provided" $name $secretEnv.name) }} + {{- end }} +{{- end -}} + {{/* Generate a secret name based on provided name or UID. @@ -96,6 +132,14 @@ type: Opaque {{- default (printf "%s-%s" $fullname $uid) $name }} {{- end -}} +{{- define "common.secret.genNameFast" -}} + {{- $global := .global }} + {{- $uid := (default "" .uid) }} + {{- $name := (default "" .name) }} + {{- $fullname := ne (default "" .chartName) "" | ternary (include "common.fullnameExplicit" (dict "dot" $global "chartName" .chartName)) (include "common.fullname" $global) }} + {{- default (printf "%s-%s" $fullname $uid) $name }} +{{- end -}} + {{/* Get the real secret name by UID or name, based on the configuration provided by user. User may decide to not create a new secret but reuse existing one for this deployment @@ -118,8 +162,8 @@ type: Opaque {{- $uid := tpl (default "" .uid) $global }} {{- $targetName := default (include "common.secret.genName" (dict "global" $global "uid" $uid "name" .name)) $name}} {{- range $secret := $global.Values.secrets }} - {{- $givenName := tpl (default "" $secret.name) $global }} {{- $currUID := tpl (default "" $secret.uid) $global }} + {{- $givenName := tpl (default "" $secret.name) $global }} {{- $currName := default (include "common.secret.genName" (dict "global" $global "uid" $currUID "name" $secret.name)) $givenName }} {{- if or (eq $uid $currUID) (eq $currName $targetName) }} {{- $externalSecret := tpl (default "" $secret.externalSecret) $global }} @@ -128,6 +172,51 @@ type: Opaque {{- end }} {{- end -}} +{{- define "common.secret.getSecretNameFast" -}} + {{- $global := .global }} + {{- include "common.secret.buildCache" $global }} + {{- $secretsCache := $global.Values._secretsCache }} + {{- $uid := tpl .uid $global }} + {{- $secret := index $secretsCache $uid }} + {{- $secret.realName }} +{{- end -}} + +{{- define "common.secret.buildCache" -}} + {{- $global := . }} + {{- if not $global.Values._secretsCache }} + {{- $secretCache := dict }} + {{- range $secret := .Values.secrets }} + {{- $entry := dict }} + {{- $uid := tpl (default "" $secret.uid) $global }} + {{- $keys := keys $secret }} + {{- range $key := (without $keys "annotations" "filePaths" )}} + {{- $_ := set $entry $key (tpl (index $secret $key) $global) }} + {{- end }} + {{- if $secret.annotations }} + {{- $_ := set $entry "annotations" $secret.annotations }} + {{- end }} + {{- if $secret.filePaths }} + {{- if kindIs "string" $secret.filePaths }} + {{- $evaluated := tpl (default "" $secret.filePaths) $global }} + {{- if and $evaluated (ne $evaluated "\"\"") }} + {{- $fstr := printf "val:\n%s" ($evaluated | indent 2) }} + {{- $flist := (index (tpl $fstr $global | fromYaml) "val") }} + {{- $_ := set $entry "filePaths" $flist }} + {{- else }} + {{- $_ := set $entry "filePaths" (list) }} + {{- end }} + {{- else }} + {{- $_ := set $entry "filePaths" $secret.filePaths }} + {{- end }} + {{- end }} + {{- $realName := default (include "common.secret.genNameFast" (dict "global" $global "uid" $uid "name" $entry.name) ) $entry.externalSecret }} + {{- $_ := set $entry "realName" $realName }} + {{- $_ := set $secretCache $uid $entry }} + {{- end }} + {{- $_ := set $global.Values "_secretsCache" $secretCache }} + {{- end }} +{{- end -}} + {{/* Convenience template which can be used to easily set the value of environment variable to the value of a key in a secret. @@ -155,6 +244,14 @@ valueFrom: key: {{ $key }} {{- end -}} +{{- define "common.secret.envFromSecretFast" -}} + {{- $key := .key }} +valueFrom: + secretKeyRef: + name: {{ include "common.secret.getSecretNameFast" . }} + key: {{ $key }} +{{- end -}} + {{/* Define secrets to be used by chart. Every secret has a type which is one of: @@ -204,6 +301,8 @@ valueFrom: - name: Overrides default secret name generation and allows to set immutable and globaly unique name + - annotations: + List of annotations to be used while defining a secret To allow sharing a secret between the components and allow to pre-deploy secrets before ONAP deployment it is possible to use already existing secret instead of @@ -239,11 +338,12 @@ valueFrom: {{- range $secret := .Values.secrets }} {{- $uid := tpl (default "" $secret.uid) $global }} {{- $name := include "common.secret.genName" (dict "global" $global "uid" $uid "name" $secret.name) }} + {{- $annotations := default "" $secret.annotations }} {{- $type := default "generic" $secret.type }} {{- $externalSecret := tpl (default "" $secret.externalSecret) $global }} {{- if not $externalSecret }} --- - {{ include "common.secret._header" (dict "global" $global "name" $name) }} + {{ include "common.secret._header" (dict "global" $global "name" $name "annotations" $annotations) }} {{- if eq $type "generic" }} data: @@ -278,3 +378,132 @@ stringData: {{- end }} {{- end }} {{- end -}} + +{{/* + Define secrets to be used by chart. + Every secret has a type which is one of: + - generic: + Generic secret template that allows to input some raw data (from files). + File Input can be passed as list of files (filePaths) or as a single string + (filePath) + - genericKV: + Type of secret which allows you to define a list of key value pairs. + The list is assiged to envs value. Every item may define below items: + - name: + Identifier of this value within secret + - value: + String that defines a value associated with given key. + This can be a simple string or a template. + - policy: + Defines what to do if value is not provided by the user. + Available options are: + - generate: + Generate a value by derriving it from master password + - required: + Fail the deployment + - password: + Type of secret that holds only the password. + Only two items can be defined for this type: + - password: + Equivalent of value field from genericKV + - policy: + The same meaning as for genericKV policy field + - basicAuth: + Type of secret that holds both username and password. + Below fields are available: + - login: + The value for login key. + This can be a simple string or a template. + Providing a value for login is always required. + - password: + The value for password key. + This can be a simple string or a template. + - passwordPolicy: + The same meaning as the policy field in genericKV. + Only the policy for password can be set. + + Every secret can be identified using: + - uid: + A string to be appended to the chart fullname to generate a secret name. + - name: + Overrides default secret name generation and allows to set immutable + and globaly unique name + - annotations: + List of annotations to be used while defining a secret + + To allow sharing a secret between the components and allow to pre-deploy secrets + before ONAP deployment it is possible to use already existing secret instead of + creating a new one. For this purpose externalSecret field can be used. If value of + this field is evaluated to true no new secret is created, only the name of the + secret is aliased to the external one. + + Example usage: + secrets.yaml: + {{ include "common.secretFast" . }} + + values.yaml: + mysqlLogin: "root" + + mysqlExternalSecret: "some-other-secret-name" + + secrets: + - uid: "mysql" + externalSecret: '{{ tpl .Values.passExternalSecret . }}' + type: basicAuth + login: '{{ .Values.mysqlLogin }}' + mysqlPassword: '{{ .Values.mysqlPassword }}' + passwordPolicy: generate + + In the above example new secret is not going to be created. + Already existing one (some-other-secret-name) is going to be used. + To force creating a new one, just make sure that mysqlExternalSecret + is not set. + +*/}} +{{- define "common.secretFast" -}} + {{- $global := . }} + {{- include "common.secret.buildCache" $global }} + {{- range $secret := .Values._secretsCache }} + {{- $uid := $secret.uid }} + {{- $externalSecret := $secret.externalSecret }} + {{- if not $externalSecret }} + {{- $name := $secret.realName }} + {{- $annotations := default "" $secret.annotations }} + {{- $type := default "generic" $secret.type }} +--- + {{ include "common.secret._header" (dict "global" $global "name" $name "annotations" $annotations) }} + + {{- if eq $type "generic" }} +data: + {{- range $curFilePath := $secret.filePaths }} + {{- fail (printf "%s" $curFilePath) }} + {{ tpl ($global.Files.Glob $curFilePath).AsSecrets $global | indent 2 }} + {{- end }} + {{- if $secret.filePath }} + {{ tpl ($global.Files.Glob $secret.filePath).AsSecrets $global | indent 2 }} + {{- end }} + {{- else if eq $type "genericKV" }} +stringData: + {{- if $secret.envs }} + {{- range $secretEnv := $secret.envs }} + {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }} + {{ $secretEnv.name }}: {{ include "common.secret._valueFast" $valueDesc }} + {{- end }} + {{- end }} + {{- else if eq $type "password" }} + {{- $secretEnv := (dict "policy" (default "generate" $secret.policy) "name" "password" "value" $secret.password) }} + {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }} +stringData: + password: {{ include "common.secret._valueFast" $valueDesc }} + {{- else if eq $type "basicAuth" }} +stringData: + {{- $secretEnv := (dict "policy" "required" "name" "login" "value" $secret.login) }} + {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }} + login: {{ include "common.secret._valueFast" $valueDesc }} + {{- $secretEnv := (dict "policy" (default "generate" $secret.passwordPolicy) "name" "password" "value" $secret.password) }} + {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }} + password: {{ include "common.secret._valueFast" $valueDesc }} + {{- end }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index 075f7965b9..0c7660eb1f 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -31,10 +31,12 @@ {{- end -}} {{/* Define the metadata of Service - The function takes from one to three arguments (inside a dictionary): + The function takes from one to four arguments (inside a dictionary): - .dot : environment (.) - .suffix : a string which will be added at the end of the name (with a '-'). - .annotations: the annotations to add + - .msb_informations: msb information in order to create msb annotation + - .labels : labels to add Usage example: {{ include "common.serviceMetadata" ( dict "suffix" "myService" "dot" .) }} {{ include "common.serviceMetadata" ( dict "annotations" .Values.service.annotation "dot" .) }} @@ -43,83 +45,178 @@ {{- $dot := default . .dot -}} {{- $suffix := default "" .suffix -}} {{- $annotations := default "" .annotations -}} -{{- if $annotations -}} -annotations: {{- include "common.tplValue" (dict "value" $annotations "context" $dot) | nindent 2 }} + {{- $msb_informations := default "" .msb_informations -}} + {{- $labels := default (dict) .labels -}} +{{- if or $annotations $msb_informations -}} +annotations: +{{- if $annotations }} +{{ include "common.tplValue" (dict "value" $annotations "context" $dot) | indent 2 }} +{{- end }} +{{- if $msb_informations }} + msb.onap.org/service-info: '[ +{{- range $index, $msb_information := $msb_informations }} +{{- if ne $index 0 }} + , +{{- end }} + { + "serviceName": "{{ default (include "common.servicename" $dot) $msb_information.serviceName }}", + "version": "{{ default "v1" $msb_information.version }}", + "url": "{{ default "/" $msb_information.url }}", + "protocol": "{{ default "REST" $msb_information.protocol }}", + "port": "{{ $msb_information.port }}", + "visualRange":"{{ default "1" $msb_information.visualRange }}" + } +{{- end }} + ]' +{{- end}} {{- end }} name: {{ include "common.servicename" $dot }}{{ if $suffix }}{{ print "-" $suffix }}{{ end }} namespace: {{ include "common.namespace" $dot }} -labels: {{- include "common.labels" $dot | nindent 2 -}} +labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 -}} {{- end -}} {{/* Define the ports of Service The function takes three arguments (inside a dictionary): - .dot : environment (.) - .ports : an array of ports - - .portType: the type of the service + - .serviceType: the type of the service + - .add_plain_port: add tls port AND plain port */}} {{- define "common.servicePorts" -}} -{{- $portType := .portType -}} -{{- $dot := .dot -}} -{{- range $index, $port := .ports }} +{{- $serviceType := .serviceType }} +{{- $dot := .dot }} +{{- $add_plain_port := default false .add_plain_port }} +{{- range $index, $port := .ports }} +{{- if (include "common.needTLS" $dot) }} - port: {{ $port.port }} targetPort: {{ $port.name }} - {{- if (eq $portType "NodePort") }} +{{- if $port.port_protocol }} + name: {{ printf "%ss-%s" $port.port_protocol $port.name }} +{{- else }} + name: {{ $port.name }} +{{- end }} +{{- if (eq $serviceType "NodePort") }} nodePort: {{ $dot.Values.global.nodePortPrefix | default $dot.Values.nodePortPrefix }}{{ $port.nodePort }} - {{- end }} +{{- end }} +{{- else }} +- port: {{ default $port.port $port.plain_port }} + targetPort: {{ $port.name }} +{{- if $port.port_protocol }} + name: {{ printf "%s-%s" $port.port_protocol $port.name }} +{{- else }} name: {{ $port.name }} -{{- end -}} +{{- end }} +{{- end }} +{{- if (and (and (include "common.needTLS" $dot) $add_plain_port) $port.plain_port) }} +{{- if (eq $serviceType "ClusterIP") }} +- port: {{ $port.plain_port }} + targetPort: {{ $port.name }}-plain +{{- if $port.port_protocol }} + name: {{ printf "%s-%s" $port.port_protocol $port.name }} +{{- else }} + name: {{ $port.name }}-plain +{{- end }} +{{- end }} +{{- end }} +{{- end }} {{- end -}} {{/* Create generic service template The function takes several arguments (inside a dictionary): - .dot : environment (.) - .ports : an array of ports - - .portType: the type of the service + - .serviceType: the type of the service - .suffix : a string which will be added at the end of the name (with a '-') - .annotations: the annotations to add + - .msb_informations: msb information in order to create msb annotation - .publishNotReadyAddresses: if we publish not ready address - .headless: if the service is headless + - .add_plain_port: add tls port AND plain port + - .labels : labels to add (dict) + - .matchLabels: selectors/machLabels to add (dict) + - .sessionAffinity: ClientIP - enables sticky sessions based on client IP, default: None */}} {{- define "common.genericService" -}} {{- $dot := default . .dot -}} {{- $suffix := default "" .suffix -}} {{- $annotations := default "" .annotations -}} +{{- $msb_informations := default "" .msb_informations -}} {{- $publishNotReadyAddresses := default false .publishNotReadyAddresses -}} -{{- $portType := .portType -}} +{{- $serviceType := .serviceType -}} {{- $ports := .ports -}} {{- $headless := default false .headless -}} +{{- $add_plain_port := default false .add_plain_port }} +{{- $labels := default (dict) .labels -}} +{{- $matchLabels := default (dict) .matchLabels -}} +{{- $sessionAffinity := default "None" $dot.Values.service.sessionAffinity -}} apiVersion: v1 kind: Service -metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "dot" $dot ) | nindent 2 }} +metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "labels" $labels "dot" $dot) | nindent 2 }} spec: {{- if $headless }} clusterIP: None {{- end }} - ports: {{- include "common.servicePorts" (dict "portType" $portType "ports" $ports "dot" $dot) | nindent 4 }} + ports: {{- include "common.servicePorts" (dict "serviceType" $serviceType "ports" $ports "dot" $dot "add_plain_port" $add_plain_port) | nindent 4 }} {{- if $publishNotReadyAddresses }} publishNotReadyAddresses: true {{- end }} - type: {{ $portType }} - selector: {{- include "common.matchLabels" $dot | nindent 4 }} + type: {{ $serviceType }} + selector: {{- include "common.matchLabels" (dict "matchLabels" $matchLabels "dot" $dot) | nindent 4 }} + sessionAffinity: {{ $sessionAffinity }} {{- end -}} -{{/* Create service template */}} +{{/* + Create service template + Will create one or two service templates according to this table: + + | serviceType | both_tls_and_plain | result | + |---------------|--------------------|--------------| + | ClusterIP | any | one Service | + | Not ClusterIP | not present | one Service | + | Not ClusterIP | false | one Service | + | Not ClusterIP | true | two Services | + + If two services are created, one is ClusterIP with both crypted and plain + ports and the other one is NodePort (or LoadBalancer) with crypted port only. +*/}} {{- define "common.service" -}} -{{- $suffix := default "" .Values.service.suffix -}} -{{- $annotations := default "" .Values.service.annotations -}} -{{- $publishNotReadyAddresses := default false .Values.service.publishNotReadyAddresses -}} -{{- $portType := .Values.service.type -}} -{{- $ports := .Values.service.ports -}} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "portType" $portType) }} +{{- $dot := default . .dot -}} +{{- $suffix := default "" $dot.Values.service.suffix -}} +{{- $annotations := default "" $dot.Values.service.annotations -}} +{{- $publishNotReadyAddresses := default false $dot.Values.service.publishNotReadyAddresses -}} +{{- $msb_informations := default "" $dot.Values.service.msb -}} +{{- $serviceType := $dot.Values.service.type -}} +{{- $ports := $dot.Values.service.ports -}} +{{- $both_tls_and_plain:= default false $dot.Values.service.both_tls_and_plain }} +{{- $labels := default (dict) .labels -}} +{{- $matchLabels := default (dict) .matchLabels -}} + +{{- if (and (include "common.needTLS" .) $both_tls_and_plain) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true $labels "matchLabels" $matchLabels) }} +{{- if (ne $serviceType "ClusterIP") }} +--- +{{- if $suffix }} +{{- $suffix = printf "%s-external" $suffix }} +{{- else }} +{{- $suffix = "external" }} +{{- end }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }} +{{- end }} +{{- else }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }} +{{- end }} {{- end -}} {{/* Create headless service template */}} {{- define "common.headlessService" -}} -{{- $suffix := include "common._makeHeadlessSuffix" . -}} -{{- $annotations := default "" .Values.service.headless.annotations -}} -{{- $publishNotReadyAddresses := default false .Values.service.headless.publishNotReadyAddresses -}} -{{- $ports := .Values.service.headlessPorts -}} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "portType" "ClusterIP" "headless" true ) }} +{{- $dot := default . .dot -}} +{{- $suffix := include "common._makeHeadlessSuffix" $dot -}} +{{- $annotations := default "" $dot.Values.service.headless.annotations -}} +{{- $publishNotReadyAddresses := default false $dot.Values.service.headless.publishNotReadyAddresses -}} +{{- $ports := $dot.Values.service.headlessPorts -}} +{{- $labels := default (dict) .labels -}} +{{- $matchLabels := default (dict) .matchLabels -}} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "headless" true "labels" $labels "matchLabels" $matchLabels) }} {{- end -}} {{/* @@ -132,3 +229,45 @@ spec: {{- print "headless" }} {{- end }} {{- end -}} + +{{/* + Calculate if we need to use TLS ports. + We use TLS by default unless we're on service mesh with TLS. + We can also override this behavior with override toggles: + - .Values.global.tlsEnabled : override default TLS behavior for all charts + - .Values.tlsOverride : override global and default TLS on a per chart basis + + this will give these combinations: + | tlsOverride | global.tlsEnabled | global.serviceMesh.enabled | global.serviceMesh.tls | result | + |-------------|-------------------|----------------------------|------------------------|--------| + | not present | not present | not present | any | true | + | not present | not present | false | any | true | + | not present | not present | true | false | true | + | not present | not present | true | true | false | + | not present | true | any | any | true | + | not present | false | any | any | false | + | true | any | any | any | true | + | false | any | any | any | false | + +*/}} +{{- define "common.needTLS" -}} +{{- if hasKey .Values "tlsOverride" }} +{{- if .Values.tlsOverride -}} +true +{{- end }} +{{- else }} +{{- if hasKey .Values.global "tlsEnabled" }} +{{- if .Values.global.tlsEnabled }} +true +{{- end }} +{{- else }} +{{- if not (include "common.onServiceMesh" .) -}} +true +{{- else }} +{{- if not (default false .Values.global.serviceMesh.tls) -}} +true +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/Chart.yaml b/kubernetes/common/common/templates/_serviceMesh.tpl index e2818139fa..4457762754 100644 --- a/kubernetes/common/postgres-legacy/charts/pgpool/Chart.yaml +++ b/kubernetes/common/common/templates/_serviceMesh.tpl @@ -1,4 +1,5 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada +{{/* +# Copyright © 2020 Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,8 +12,16 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: v1 -description: ONAP Postgres Server -name: pgpool -version: 5.0.0 + +{/* + Calculate if we are on service mesh. +*/}} +{{- define "common.onServiceMesh" -}} +{{- if .Values.global.serviceMesh -}} +{{- if (default false .Values.global.serviceMesh.enabled) -}} +true +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/common/templates/_storage.tpl b/kubernetes/common/common/templates/_storage.tpl index ae9335909d..45c8b7504a 100644 --- a/kubernetes/common/common/templates/_storage.tpl +++ b/kubernetes/common/common/templates/_storage.tpl @@ -15,6 +15,13 @@ */}} {{/* + Give the root folder for ONAP when using host pathes +*/}} +{{- define "common.persistencePath" -}} +{{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} +{{- end -}} + +{{/* Expand the name of the storage class. The value "common.fullname"-data is used by default, unless either override mechanism is used. @@ -55,6 +62,31 @@ {{- end -}} {{/* + Generate a PV +*/}} +{{- define "common.PV" -}} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if (include "common.needPV" .) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-data + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} +spec: + capacity: + storage: {{ .Values.persistence.size }} + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: "{{ include "common.fullname" . }}-data" + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ include "common.persistencePath" . }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* Generate N PV for a statefulset */}} {{- define "common.replicaPV" -}} @@ -77,8 +109,30 @@ spec: persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} storageClassName: "{{ include "common.fullname" $global }}-data" hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} + path: {{ include "common.persistencePath" $global }}-{{$i}} +{{- end -}} +{{- end -}} {{- end -}} {{- end -}} + +{{/* + Generate a PVC +*/}} +{{- define "common.PVC" -}} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: {{ include "common.storageClass" . }} + resources: + requests: + storage: {{ .Values.persistence.size }} {{- end -}} {{- end -}} diff --git a/kubernetes/common/dgbuilder/resources/scripts/customSettings.js b/kubernetes/common/dgbuilder/resources/config/customSettings.js index 66b7b5ed15..42c2e5728b 100644 --- a/kubernetes/common/dgbuilder/resources/scripts/customSettings.js +++ b/kubernetes/common/dgbuilder/resources/config/customSettings.js @@ -26,31 +26,31 @@ module.exports={ "sharedDir": "releases/sdnc1.0/flows/shared", "userDir": "releases/sdnc1.0", "httpAuth": { - "user": "dguser", - "pass": "{{.Values.config.dgUserPassword}}" + "user": "${HTTP_USER}", + "pass": "${HTTP_PASSWORD}" }, "dbHost": "{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}", "dbPort": "3306", - "dbName": "sdnctl", - "dbUser": "sdnctl", - "dbPassword": "{{.Values.config.dbSdnctlPassword}}", + "dbName": "{{.Values.config.db.dbName}}", + "dbUser": "${DB_USER}", + "dbPassword": "${DB_PASSWORD}", "gitLocalRepository": "", "restConfUrl": "http://localhost:8181/restconf/operations/SLI-API:execute-graph", - "restConfUser": "admin", - "restConfPassword": "admin", + "restConfUser": "${REST_CONF_USER}", + "restConfPassword": "${REST_CONF_PASSWORD}", "formatXML": "Y", "formatJSON": "Y", "httpRoot": "/", "disableEditor": false, "httpAdminRoot": "/", "httpAdminAuth": { - "user": "dguser", - "pass": "{{.Values.config.dgUserPassword}}" + "user": "${HTTP_ADMIN_USER}", + "pass": "${HTTP_ADMIN_PASSWORD}" }, "httpNodeRoot": "/", "httpNodeAuth": { - "user": "dguser", - "pass": "{{.Values.config.dgUserPassword}}" + "user": "${HTTP_NODE_USER}", + "pass": "${HTTP_NODE_PASSWORD}" }, "uiHost": "0.0.0.0", "version": "0.9.1", diff --git a/kubernetes/common/dgbuilder/resources/config/svclogic.properties b/kubernetes/common/dgbuilder/resources/config/svclogic.properties index b780cafbcd..28612a270b 100644 --- a/kubernetes/common/dgbuilder/resources/config/svclogic.properties +++ b/kubernetes/common/dgbuilder/resources/config/svclogic.properties @@ -13,7 +13,7 @@ # limitations under the License. org.onap.ccsdk.sli.dbtype=jdbc -org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/sdnctl -org.onap.ccsdk.sli.jdbc.database=sdnctl -org.onap.ccsdk.sli.jdbc.user=sdnctl -org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}} +org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/{{.Values.config.db.dbName}} +org.onap.ccsdk.sli.jdbc.database={{.Values.config.db.dbName}} +org.onap.ccsdk.sli.jdbc.user=${DB_USER} +org.onap.ccsdk.sli.jdbc.password=${DB_PASSWORD} diff --git a/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh b/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh deleted file mode 100755 index b037058c2b..0000000000 --- a/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh +++ /dev/null @@ -1,149 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#!/bin/bash -export PATH=$PATH:. -appDir=$(pwd) -if [ "$#" != 3 -a "$#" != 4 ] -then - echo "Usage $0 releaseDir loginId emailAddress [gitLocalRepository]" - echo "Note: Specify the gitLocalRepository path if you would want to be able to import flows from your local git repository" - exit -fi -if [ ! -e "releases" ] -then - mkdir releases -fi -releaseDir="$1" -name="Release $releaseDir" -loginId="$2" -emailid="$3" -dbHost="{{.Values.config.dbServiceName}}.{{.Release.Namespace}}" -dbPort="3306" -dbName="sdnctl" -dbUser="sdnctl" -dbPassword="{{.Values.config.dbSdnctlPassword}}" -gitLocalRepository="$4" - -lastPort=$(find "releases/" -name "customSettings.js" |xargs grep uiPort|cut -d: -f2|sed -e s/,//|sort|tail -1) -echo $lastPort|grep uiPort >/dev/null 2>&1 -if [ "$?" == "0" ] -then -lastPort=$(find "releases/" -name "customSettings.js" |xargs grep uiPort|cut -d: -f3|sed -e s/,//|sort|tail -1) -fi -#echo $lastPort -if [ "${lastPort}" == "" ] -then - lastPort="3099" -fi -let nextPort=$(expr $lastPort+1) -#echo $nextPort -if [ ! -e "releases/$releaseDir" ] -then -mkdir releases/$releaseDir -cd releases/$releaseDir -mkdir flows -mkdir flows/shared -mkdir flows/shared/backups -mkdir html -mkdir xml -mkdir lib -mkdir lib/flows -mkdir logs -mkdir conf -mkdir codecloud -customSettingsFile="customSettings.js" -if [ ! -e "./$customSettingsFile" ] -then - echo "module.exports = {" >$customSettingsFile - echo " 'name' : '$name'," >>$customSettingsFile - echo " 'emailAddress' :'$emailid'," >>$customSettingsFile - echo " 'uiPort' :$nextPort," >>$customSettingsFile - echo " 'mqttReconnectTime': 15000," >>$customSettingsFile - echo " 'serialReconnectTime' : 15000," >>$customSettingsFile - echo " 'debugMaxLength': 1000," >>$customSettingsFile - echo " 'htmlPath': 'releases/$releaseDir/html/'," >>$customSettingsFile - echo " 'xmlPath': 'releases/$releaseDir/xml/'," >>$customSettingsFile - echo " 'flowFile' : 'releases/$releaseDir/flows/flows.json'," >>$customSettingsFile - echo " 'sharedDir': 'releases/$releaseDir/flows/shared'," >>$customSettingsFile - echo " 'userDir' : 'releases/$releaseDir'," >>$customSettingsFile - echo " 'httpAuth': {user:'$loginId',pass:'cc03e747a6afbbcbf8be7668acfebee5'}," >>$customSettingsFile - echo " 'dbHost': '$dbHost'," >>$customSettingsFile - echo " 'dbPort': '$dbPort'," >>$customSettingsFile - echo " 'dbName': '$dbName'," >>$customSettingsFile - echo " 'dbUser': '$dbUser'," >>$customSettingsFile - echo " 'dbPassword': '$dbPassword'," >>$customSettingsFile - echo " 'gitLocalRepository': '$gitLocalRepository'" >>$customSettingsFile - echo " 'restConfUrl': '$restConfUrl'," >>$customSettingsFile - echo " 'restConfUser': '$restConfUser'," >>$customSettingsFile - echo " 'restConfPassword': '$restConfPassword'," >>$customSettingsFile - echo " 'formatXML': '$formatXML'," >>$customSettingsFile - echo " 'formatJSON': '$formatJSON'," >>$customSettingsFile - echo " 'enableHttps': true" >>$customSettingsFile - echo " }" >>$customSettingsFile -fi - #echo "Created custom settings file $customSettingsFile" - echo "Done ....." -else - echo "ERROR:customSettings file $customSettingsFile already exists for $releaseDir" - exit -fi -#echo "Content of custom settings file" -#echo "============================================================================" -# cat $customSettingsFile -#echo "============================================================================" -svclogicPropFile="./conf/svclogic.properties" -if [ ! -d "${appDir}/yangFiles" ] -then - mkdir -p "${appDir}/yangFiles" -fi -if [ ! -d "${appDir}/generatedJS" ] -then - mkdir -p "${appDir}/generatedJS" -fi - -if [ ! -e "./$svclogicPropFile" ] -then - echo "org.onap.ccsdk.sli.dbtype=jdbc" >$svclogicPropFile - echo "org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{.Release.Namespace}}:3306/sdnctl" >>$svclogicPropFile - echo "org.onap.ccsdk.sli.jdbc.database=sdnctl" >>$svclogicPropFile - echo "org.onap.ccsdk.sli.jdbc.user=sdnctl" >>$svclogicPropFile - echo "org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}" >>$svclogicPropFile -fi -if [ ! -e "${appDir}/flowShareUsers.js" ] -then - echo "module.exports = {\"flowShareUsers\":" >${appDir}/flowShareUsers.js - echo " [" >>${appDir}/flowShareUsers.js - echo " ]" >>${appDir}/flowShareUsers.js - echo "}" >>${appDir}/flowShareUsers.js -fi -grep "$releaseDir" ${appDir}/flowShareUsers.js >/dev/null 2>&1 -if [ "$?" != "0" ] -then - num_of_lines=$(cat ${appDir}/flowShareUsers.js|wc -l) - if [ $num_of_lines -gt 4 ] - then - content=$(head -n -2 ${appDir}/flowShareUsers.js) - echo "${content}," > ${appDir}/flowShareUsers.js - else - content=$(head -n -2 ${appDir}/flowShareUsers.js) - echo "$content" > ${appDir}/flowShareUsers.js - fi - echo " {" >> ${appDir}/flowShareUsers.js - echo " \"name\" : \"$name\"," >> ${appDir}/flowShareUsers.js - echo " \"rootDir\" : \"$releaseDir\"" >> ${appDir}/flowShareUsers.js - echo " }" >> ${appDir}/flowShareUsers.js - echo " ]" >> ${appDir}/flowShareUsers.js - echo "}" >> ${appDir}/flowShareUsers.js -fi diff --git a/kubernetes/common/dgbuilder/templates/configmap.yaml b/kubernetes/common/dgbuilder/templates/configmap.yaml index 24f61b5487..05699e6107 100644 --- a/kubernetes/common/dgbuilder/templates/configmap.yaml +++ b/kubernetes/common/dgbuilder/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap @@ -24,16 +26,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-scripts - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/scripts/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml index 495c4c6ab6..e1fac77a97 100644 --- a/kubernetes/common/dgbuilder/templates/deployment.yaml +++ b/kubernetes/common/dgbuilder/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: extensions/v1beta1 kind: Deployment @@ -32,6 +34,40 @@ spec: spec: initContainers: - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} + - name: HTTP_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "http-user-creds" "key" "login") | indent 10 }} + - name: HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "http-user-creds" "key" "password") | indent 10 }} + - name: HTTP_ADMIN_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "admin-creds" "key" "login") | indent 10 }} + - name: HTTP_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "admin-creds" "key" "password") | indent 10 }} + - name: HTTP_NODE_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "node-creds" "key" "login") | indent 10 }} + - name: HTTP_NODE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "node-creds" "key" "password") | indent 10 }} + - name: REST_CONF_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }} + - name: REST_CONF_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: config-input + - mountPath: /config + name: config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - command: - /root/ready.py args: - --container-name @@ -59,11 +95,6 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password - name: SDNC_CONFIG_DIR value: /opt/onap/sdnc/data/properties volumeMounts: @@ -79,10 +110,7 @@ spec: - name: config mountPath: /opt/onap/ccsdk/dgbuilder/svclogic/svclogic.properties subPath: svclogic.properties - - name: scripts - mountPath: /opt/onap/ccsdk/dgbuilder/createReleaseDir.sh - subPath: createReleaseDir.sh - - name: scripts + - name: config mountPath: /opt/onap/ccsdk/dgbuilder/releases/sdnc1.0/customSettings.js subPath: customSettings.js resources: @@ -99,12 +127,11 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: config + - name: config-input configMap: name: {{ include "common.fullname" . }}-config - - name: scripts - configMap: - name: {{ include "common.fullname" . }}-scripts - defaultMode: 0755 + - name: config + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/dgbuilder/templates/secrets.yaml b/kubernetes/common/dgbuilder/templates/secrets.yaml index e00d7cfc03..4b4849980c 100644 --- a/kubernetes/common/dgbuilder/templates/secrets.yaml +++ b/kubernetes/common/dgbuilder/templates/secrets.yaml @@ -1,4 +1,6 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,17 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - db-root-password: {{ .Values.config.dbRootPassword | b64enc | quote }}
\ No newline at end of file +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/dgbuilder/templates/service.yaml b/kubernetes/common/dgbuilder/templates/service.yaml index 7a8f752a2d..bfe8b0aeb5 100644 --- a/kubernetes/common/dgbuilder/templates/service.yaml +++ b/kubernetes/common/dgbuilder/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index fa205e227e..96d7dffb0a 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -31,6 +31,9 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + # envsusbt + envsubstImage: dibi/envsubst + # image pull policy pullPolicy: Always @@ -43,6 +46,40 @@ global: debugEnabled: true ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: 'db-root-password' + type: password + externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' + password: '{{ .Values.config.dbRootPassword }}' + - uid: 'db-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.dbSdnctlPassword }}' + - uid: 'http-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.httpCredsExternalSecret) . }}' + login: '{{ .Values.config.httpUser }}' + password: '{{ .Values.config.dgUserPassword }}' + - uid: 'admin-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.adminCredsExternalSecret) . }}' + login: '{{ .Values.config.adminUser }}' + password: '{{ .Values.config.dgUserPassword }}' + - uid: 'node-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.nodeCredsExternalSecret) . }}' + login: '{{ .Values.config.nodeUser }}' + password: '{{ .Values.config.dgUserPassword }}' + - uid: 'restconf-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.restconfCredsExternalSecret) . }}' + login: '{{ .Values.config.restconfUser }}' + password: '{{ .Values.config.restconfPassword }}' + +################################################################# # Application configuration defaults. ################################################################# # application image @@ -55,6 +92,32 @@ debugEnabled: false # application configuration config: + db: + dbName: sdnctl + # unused for now to preserve the API + rootPassword: openECOMP1.0 + # rootPasswordExternalSecret: some secret + userName: sdnctl + # unused for now to preserve the API + userPassword: gamma + # userCredentialsExternalSecret: some secret + httpUser: dguser + # unused for now to preserve the API + httpPassword: cc03e747a6afbbcbf8be7668acfebee5 + # httpCredsExternalSecret: some secret + adminUser: dguser + # unused for now to preserve the API + adminPassword: cc03e747a6afbbcbf8be7668acfebee5 + # adminCredsExternalSecret: some secret + nodeUser: dguser + # unused for now to preserve the API + nodePassword: cc03e747a6afbbcbf8be7668acfebee5 + # nodeCredsExternalSecret: some secret + restconfUser: admin + # unused for now to preserve the API + restconfPassword: admin + # restconfCredsExternalSecret: some secret + dbRootPassword: openECOMP1.0 dbSdnctlPassword: gamma dbPodName: mysql-db diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml index c9e2ffe85c..29d96748a3 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml @@ -86,7 +86,7 @@ spec: echo "Backup Successful!!!" env: - name: DB_PASS - {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}} volumeMounts: - name: backup-dir mountPath: /backup @@ -96,7 +96,7 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}} command: - /bin/bash - -c diff --git a/kubernetes/common/mariadb-galera/templates/configmap.yaml b/kubernetes/common/mariadb-galera/templates/configmap.yaml index f143c3b679..e7bb701930 100644 --- a/kubernetes/common/mariadb-galera/templates/configmap.yaml +++ b/kubernetes/common/mariadb-galera/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.externalConfig }} apiVersion: v1 diff --git a/kubernetes/common/mariadb-galera/templates/pv.yaml b/kubernetes/common/mariadb-galera/templates/pv.yaml index 6e53a9543d..579b3475d1 100644 --- a/kubernetes/common/mariadb-galera/templates/pv.yaml +++ b/kubernetes/common/mariadb-galera/templates/pv.yaml @@ -13,6 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} + {{- $global := . }} {{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} {{- if eq "True" (include "common.needPV" .) -}} diff --git a/kubernetes/common/mariadb-galera/templates/secrets.yaml b/kubernetes/common/mariadb-galera/templates/secrets.yaml index 3f8eb0b6de..27c9a3aaee 100644 --- a/kubernetes/common/mariadb-galera/templates/secrets.yaml +++ b/kubernetes/common/mariadb-galera/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada # Copyright © 2019 Samsung Electronics # @@ -12,4 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/mariadb-galera/templates/service.yaml b/kubernetes/common/mariadb-galera/templates/service.yaml index 71d1b0fe80..69d8999f67 100644 --- a/kubernetes/common/mariadb-galera/templates/service.yaml +++ b/kubernetes/common/mariadb-galera/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml index a6260fae54..7157e3390b 100644 --- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml +++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Amdocs, Bell Canada, Orange, Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1beta1 kind: StatefulSet @@ -61,13 +63,13 @@ spec: apiVersion: v1 fieldPath: metadata.namespace - name: MYSQL_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "login") | indent 14}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "login") | indent 14}} - name: MYSQL_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "password") | indent 14}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "password") | indent 14}} - name: MYSQL_DATABASE value: {{ default "" .Values.config.mysqlDatabase | quote }} - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}} ports: - containerPort: {{ .Values.service.internalPort }} name: {{ .Values.service.portName }} diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml index cac6f79f16..f6ce95a65f 100644 --- a/kubernetes/common/mariadb-init/values.yaml +++ b/kubernetes/common/mariadb-init/values.yaml @@ -37,7 +37,7 @@ secrets: password: '{{ tpl (default "" .global.mariadbGalera.userRootPassword) . }}' - uid: '{{ .Values.config.mysqlDatabase }}' type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.mysqlExternalSecret) . }}' + externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}' login: '{{ .Values.config.userName }}' password: '{{ .Values.config.userPassword }}' passwordPolicy: required @@ -56,7 +56,7 @@ config: userPassword: Ci@shsOd3pky1Vji userName: u5WZ1GMSIS1wHZF # set this value if you would like to use external secret instead of providing a password - # mysqlExternalsecret: some-secret-name + # userCredentialsExternalsecret: some-secret-name mysqlDatabase: ynsaUCru6mUNwGal mysqlAdditionalDatabases: {} # add addtional dabases diff --git a/kubernetes/common/network-name-gen/requirements.yaml b/kubernetes/common/network-name-gen/requirements.yaml index 9ef8db89a4..eda693f832 100644 --- a/kubernetes/common/network-name-gen/requirements.yaml +++ b/kubernetes/common/network-name-gen/requirements.yaml @@ -18,4 +18,9 @@ dependencies: repository: '@local'
- name: mariadb-galera
version: ~5.x-0
- repository: file://../mariadb-galera/
+ repository: '@local'
+ condition: global.mariadbGalera.localCluster
+ - name: mariadb-init
+ version: ~5.x-0
+ repository: '@local'
+ condition: not global.mariadbGalera.localCluster
diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml index 2f9cd6a158..3e9e849052 100644 --- a/kubernetes/common/network-name-gen/templates/deployment.yaml +++ b/kubernetes/common/network-name-gen/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (C) 2018 AT&T Intellectual Property. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: extensions/v1beta1 kind: Deployment @@ -31,11 +33,19 @@ spec: release: {{ include "common.release" . }} spec: initContainers: +{{- if .Values.global.mariadbGalera.localCluster }} - command: - /root/ready.py args: - --container-name - {{ index .Values "mariadb-galera" "nameOverride" }} +{{- else }} + - command: + - /root/job_complete.py + args: + - --job-name + - {{ include "common.release" . }}-{{ index .Values "mariadb-init" "nameOverride" }}-config-job +{{- end }} env: - name: NAMESPACE valueFrom: @@ -53,11 +63,11 @@ spec: - name: SPRING_PROFILE value: "{{ .Values.config.springProfile }}" - name: NENG_DB_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "login") | indent 10}} - name: NENG_DB_PASS - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}} - name: NENG_DB_URL - value: {{ .Values.config.dbUrl }} + value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }} - name: POL_CLIENT_AUTH value: "{{ .Values.config.polClientAuth }}" - name: POL_BASIC_AUTH diff --git a/kubernetes/common/network-name-gen/templates/secrets.yaml b/kubernetes/common/network-name-gen/templates/secrets.yaml index d5bdce3e04..61b83d7a9b 100644 --- a/kubernetes/common/network-name-gen/templates/secrets.yaml +++ b/kubernetes/common/network-name-gen/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2018 Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,8 +12,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} --- apiVersion: v1 data: diff --git a/kubernetes/common/network-name-gen/templates/service.yaml b/kubernetes/common/network-name-gen/templates/service.yaml index a4c5b05012..753448c5b7 100644 --- a/kubernetes/common/network-name-gen/templates/service.yaml +++ b/kubernetes/common/network-name-gen/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (C) 2018 AT&T Intellectual Property. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} + apiVersion: v1 kind: Service metadata: diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml index d5897013c4..0defa97c26 100644 --- a/kubernetes/common/network-name-gen/values.yaml +++ b/kubernetes/common/network-name-gen/values.yaml @@ -32,24 +32,29 @@ global: # image pull policy pullPolicy: IfNotPresent + mariadbGalera: &mariadbGalera + #This flag allows SO to instantiate its own mariadb-galera cluster + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera + ################################################################# # Secrets metaconfig ################################################################# secrets: - - uid: "db-user-creds" - externalSecret: '{{- include "common.mariadb.secret.userCredentialsSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}' + - uid: neng-db-secret + name: '{{ include "common.release" . }}-neng-db-secret' type: basicAuth - - uid: "db-root-pass" - externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}' - type: password + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.db.userPassword }}' # sub-chart config mariadb-galera: - config: - userName: nenguser - userPassword: nenguser123 - mariadbRootPassword: nenguser123 - mysqlDatabase: nengdb + config: &mariadbConfig + userCredentialsExternalSecret: '{{ include "common.release" . }}-neng-db-secret' + mysqlDatabase: nengdb nameOverride: nengdb service: name: nengdb @@ -59,6 +64,9 @@ mariadb-galera: enabled: true mountSubPath: network-name-gen/data +mariadb-init: + config: *mariadbConfig + nameOverride: nengdb-init ################################################################# # Application configuration defaults. @@ -70,7 +78,10 @@ pullPolicy: IfNotPresent # application configuration config: - dbUrl: jdbc:mysql://nengdb:3306/nengdb + db: + userName: nenguser + # userPassword: password + # userCredentialsExternalSecret: some-secret springProfile: live polClientAuth: cHl0aG9uOnRlc3Q= polBasicAuth: dGVzdHBkcDphbHBoYTEyMw== diff --git a/kubernetes/common/postgres-legacy/.helmignore b/kubernetes/common/postgres-legacy/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/common/postgres-legacy/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/common/postgres-legacy/Chart.yaml b/kubernetes/common/postgres-legacy/Chart.yaml deleted file mode 100644 index eff8e36eba..0000000000 --- a/kubernetes/common/postgres-legacy/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Postgres Server -name: postgres-legacy -version: 5.0.0 diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/configs/pgpool.conf b/kubernetes/common/postgres-legacy/charts/pgpool/configs/pgpool.conf deleted file mode 100644 index f335174f40..0000000000 --- a/kubernetes/common/postgres-legacy/charts/pgpool/configs/pgpool.conf +++ /dev/null @@ -1,677 +0,0 @@ -# ---------------------------- -# pgPool-II configuration file a custom version -# ---------------------------- -# -# This file consists of lines of the form: -# -# name = value -# -# Whitespace may be used. Comments are introduced with "#" anywhere on a line. -# The complete list of parameter names and allowed values can be found in the -# pgPool-II documentation. -# -# This file is read on server startup and when the server receives a SIGHUP -# signal. If you edit the file on a running system, you have to SIGHUP the -# server for the changes to take effect, or use "pgpool reload". Some -# parameters, which are marked below, require a server shutdown and restart to -# take effect. -# - - -#------------------------------------------------------------------------------ -# CONNECTIONS -#------------------------------------------------------------------------------ - -# - pgpool Connection Settings - - -listen_addresses = '*' - # Host name or IP address to listen on: - # '*' for all, '' for no TCP/IP connections - # (change requires restart) -#port = 9999 -port = 5432 - # Port number - # (change requires restart) -socket_dir = '/tmp' - # Unix domain socket path - # The Debian package defaults to - # /var/run/postgresql - # (change requires restart) - - -# - pgpool Communication Manager Connection Settings - - -pcp_port = 9898 - # Port number for pcp - # (change requires restart) -pcp_socket_dir = '/tmp' - # Unix domain socket path for pcp - # The Debian package defaults to - # /var/run/postgresql - # (change requires restart) - -# - Backend Connection Settings - - -backend_hostname0 = '{{.Values.container.name.primary}}' -backend_port0 = 5432 -backend_weight0= 1 -backend_flag0= 'DISALLOW_TO_FAILOVER' - -backend_hostname1 = '{{.Values.container.name.replica}}' -backend_port1 = 5432 -backend_weight1= 1 -backend_flag1= 'DISALLOW_TO_FAILOVER' - -#backend_hostname0 = 'master' - # Host name or IP address to connect to for backend 0 -#backend_port0 = 5432 - # Port number for backend 0 -#backend_weight0 = 1 - # Weight for backend 0 (only in load balancing mode) -#backend_data_directory0 = '/data' - # Data directory for backend 0 -#backend_flag0 = 'ALLOW_TO_FAILOVER' - # Controls various backend behavior - # ALLOW_TO_FAILOVER or DISALLOW_TO_FAILOVER -#backend_hostname1 = 'standby' -#backend_port1 = 5432 -#backend_weight1 = 1 -#backend_data_directory1 = '/data1' -#backend_flag1 = 'ALLOW_TO_FAILOVER' - -# - Authentication - - -enable_pool_hba = on - # Use pool_hba.conf for client authentication -pool_passwd = 'pool_passwd' - # File name of pool_passwd for md5 authentication. - # "" disables pool_passwd. - # (change requires restart) -authentication_timeout = 60 - # Delay in seconds to complete client authentication - # 0 means no timeout. - -# - SSL Connections - - -ssl = off - # Enable SSL support - # (change requires restart) -#ssl_key = './server.key' - # Path to the SSL private key file - # (change requires restart) -#ssl_cert = './server.cert' - # Path to the SSL public certificate file - # (change requires restart) -#ssl_ca_cert = '' - # Path to a single PEM format file - # containing CA root certificate(s) - # (change requires restart) -#ssl_ca_cert_dir = '' - # Directory containing CA root certificate(s) - # (change requires restart) - - -#------------------------------------------------------------------------------ -# POOLS -#------------------------------------------------------------------------------ - -# - Pool size - - -num_init_children = 5 - # Number of pools - # (change requires restart) -max_pool = 1 - # Number of connections per pool - # (change requires restart) - -# - Life time - - -child_life_time = 300 - # Pool exits after being idle for this many seconds -child_max_connections = 0 - # Pool exits after receiving that many connections - # 0 means no exit -connection_life_time = 0 - # Connection to backend closes after being idle for this many seconds - # 0 means no close -client_idle_limit = 0 - # Client is disconnected after being idle for that many seconds - # (even inside an explicit transactions!) - # 0 means no disconnection - - -#------------------------------------------------------------------------------ -# LOGS -#------------------------------------------------------------------------------ - -# - Where to log - - -log_destination = 'stderr' - # Where to log - # Valid values are combinations of stderr, - # and syslog. Default to stderr. - -# - What to log - - -print_timestamp = on - # Print timestamp on each line - # (change requires restart) - -log_connections = on - # Log connections -log_hostname = on - # Hostname will be shown in ps status - # and in logs if connections are logged -log_statement = on - # Log all statements -log_per_node_statement = off - # Log all statements - # with node and backend informations -log_standby_delay = 'if_over_threshold' - # Log standby delay - # Valid values are combinations of always, - # if_over_threshold, none - -# - Syslog specific - - -syslog_facility = 'LOCAL0' - # Syslog local facility. Default to LOCAL0 -syslog_ident = 'pgpool' - # Syslog program identification string - # Default to 'pgpool' - -# - Debug - - -debug_level = 1 - # Debug message verbosity level - # 0 means no message, 1 or more mean verbose - - -#------------------------------------------------------------------------------ -# FILE LOCATIONS -#------------------------------------------------------------------------------ - -pid_file_name = '/tmp/pgpool.pid' - # PID file name - # (change requires restart) -logdir = '/tmp' - # Directory of pgPool status file - # (change requires restart) - - -#------------------------------------------------------------------------------ -# CONNECTION POOLING -#------------------------------------------------------------------------------ - -connection_cache = off - # Activate connection pools - # (change requires restart) - - # Semicolon separated list of queries - # to be issued at the end of a session - # The default is for 8.3 and later -reset_query_list = 'ABORT; DISCARD ALL' - # The following one is for 8.2 and before -#reset_query_list = 'ABORT; RESET ALL; SET SESSION AUTHORIZATION DEFAULT' - - -#------------------------------------------------------------------------------ -# REPLICATION MODE -#------------------------------------------------------------------------------ - -replication_mode = off - # Activate replication mode - # (change requires restart) -replicate_select = off - # Replicate SELECT statements - # when in replication or parallel mode - # replicate_select is higher priority than - # load_balance_mode. - -insert_lock = off - # Automatically locks a dummy row or a table - # with INSERT statements to keep SERIAL data - # consistency - # Without SERIAL, no lock will be issued -lobj_lock_table = '' - # When rewriting lo_creat command in - # replication mode, specify table name to - # lock - -# - Degenerate handling - - -replication_stop_on_mismatch = off - # On disagreement with the packet kind - # sent from backend, degenerate the node - # which is most likely "minority" - # If off, just force to exit this session - -failover_if_affected_tuples_mismatch = off - # On disagreement with the number of affected - # tuples in UPDATE/DELETE queries, then - # degenerate the node which is most likely - # "minority". - # If off, just abort the transaction to - # keep the consistency - - -#------------------------------------------------------------------------------ -# LOAD BALANCING MODE -#------------------------------------------------------------------------------ - -load_balance_mode = on - # Activate load balancing mode - # (change requires restart) -ignore_leading_white_space = on - # Ignore leading white spaces of each query -white_function_list = '' - # Comma separated list of function names - # that don't write to database - # Regexp are accepted -black_function_list = 'currval,lastval,nextval,setval' - # Comma separated list of function names - # that write to database - # Regexp are accepted - - -#------------------------------------------------------------------------------ -# MASTER/SLAVE MODE -#------------------------------------------------------------------------------ - -master_slave_mode = on - # Activate master/slave mode - # (change requires restart) -master_slave_sub_mode = 'stream' - # Master/slave sub mode - # Valid values are combinations slony or - # stream. Default is slony. - # (change requires restart) - -# - Streaming - - -sr_check_period = 10 - # Streaming replication check period - # Disabled (0) by default -sr_check_user = '{{.Values.credentials.pgusername}}' - # Streaming replication check user - # This is neccessary even if you disable streaming - # replication delay check by sr_check_period = 0 -sr_check_password = '{{.Values.credentials.pgpassword}}' - # Password for streaming replication check user -delay_threshold = 10000000 - # Threshold before not dispatching query to standby node - # Unit is in bytes - # Disabled (0) by default - -# - Special commands - - -follow_master_command = '' - # Executes this command after master failover - # Special values: - # %d = node id - # %h = host name - # %p = port number - # %D = database cluster path - # %m = new master node id - # %H = hostname of the new master node - # %M = old master node id - # %P = old primary node id - # %r = new master port number - # %R = new master database cluster path - # %% = '%' character - - -#------------------------------------------------------------------------------ -# PARALLEL MODE -#------------------------------------------------------------------------------ - -parallel_mode = off - # Activates parallel query mode - # (change requires restart) -pgpool2_hostname = '' - # Set pgpool2 hostname - # (change requires restart) - -# - System DB info - - -#system_db_hostname = 'localhost' - # (change requires restart) -#system_db_port = 5432 - # (change requires restart) -#system_db_dbname = 'pgpool' - # (change requires restart) -#system_db_schema = 'pgpool_catalog' - # (change requires restart) -#system_db_user = 'pgpool' - # (change requires restart) -#system_db_password = '' - # (change requires restart) - - -#------------------------------------------------------------------------------ -# HEALTH CHECK -#------------------------------------------------------------------------------ - -health_check_period = 20 - # Health check period - # Disabled (0) by default -health_check_timeout = 10 - # Health check timeout - # 0 means no timeout -health_check_user = '{{.Values.credentials.pgusername}}' - # Health check user -health_check_password = '{{.Values.credentials.pgpassword}}' - # Password for health check user -health_check_max_retries = 3 -connect_timeout = 10000 # Timeout value in milliseconds before giving up to connect to backend. - - # Maximum number of times to retry a failed health check before giving up. -health_check_retry_delay = 1 - # Amount of time to wait (in seconds) between retries. - - -#------------------------------------------------------------------------------ -# FAILOVER AND FAILBACK -#------------------------------------------------------------------------------ - -failover_command = '' - # Executes this command at failover - # Special values: - # %d = node id - # %h = host name - # %p = port number - # %D = database cluster path - # %m = new master node id - # %H = hostname of the new master node - # %M = old master node id - # %P = old primary node id - # %r = new master port number - # %R = new master database cluster path - # %% = '%' character -failback_command = '' - # Executes this command at failback. - # Special values: - # %d = node id - # %h = host name - # %p = port number - # %D = database cluster path - # %m = new master node id - # %H = hostname of the new master node - # %M = old master node id - # %P = old primary node id - # %r = new master port number - # %R = new master database cluster path - # %% = '%' character - -fail_over_on_backend_error = off - # Initiates failover when reading/writing to the - # backend communication socket fails - # If set to off, pgpool will report an - # error and disconnect the session. - -search_primary_node_timeout = 10 - # Timeout in seconds to search for the - # primary node when a failover occurs. - # 0 means no timeout, keep searching - # for a primary node forever. - -#------------------------------------------------------------------------------ -# ONLINE RECOVERY -#------------------------------------------------------------------------------ - -recovery_user = '{{.Values.credentials.pgusername}}' - # Online recovery user -recovery_password = '{{.Values.credentials.pgpassword}}' - # Online recovery password -recovery_1st_stage_command = '' - # Executes a command in first stage -recovery_2nd_stage_command = '' - # Executes a command in second stage -recovery_timeout = 90 - # Timeout in seconds to wait for the - # recovering node's postmaster to start up - # 0 means no wait -client_idle_limit_in_recovery = 0 - # Client is disconnected after being idle - # for that many seconds in the second stage - # of online recovery - # 0 means no disconnection - # -1 means immediate disconnection - - -#------------------------------------------------------------------------------ -# WATCHDOG -#------------------------------------------------------------------------------ - -# - Enabling - - -use_watchdog = off - # Activates watchdog - # (change requires restart) - -# -Connection to up stream servers - - -trusted_servers = '' - # trusted server list which are used - # to confirm network connection - # (hostA,hostB,hostC,...) - # (change requires restart) -ping_path = '/bin' - # ping command path - # (change requires restart) - -# - Watchdog communication Settings - - -wd_hostname = '' - # Host name or IP address of this watchdog - # (change requires restart) -wd_port = 9000 - # port number for watchdog service - # (change requires restart) -wd_authkey = '' - # Authentication key for watchdog communication - # (change requires restart) - -# - Virtual IP control Setting - - -delegate_IP = '' - # delegate IP address - # If this is empty, virtual IP never bring up. - # (change requires restart) -ifconfig_path = '/sbin' - # ifconfig command path - # (change requires restart) -if_up_cmd = 'ifconfig eth0:0 inet $_IP_$ netmask 255.255.255.0' - # startup delegate IP command - # (change requires restart) -if_down_cmd = 'ifconfig eth0:0 down' - # shutdown delegate IP command - # (change requires restart) - -arping_path = '/usr/sbin' # arping command path - # (change requires restart) - -arping_cmd = 'arping -U $_IP_$ -w 1' - # arping command - # (change requires restart) - -# - Behaivor on escalation Setting - - -clear_memqcache_on_escalation = on - # Clear all the query cache on shared memory - # when standby pgpool escalate to active pgpool - # (= virtual IP holder). - # This should be off if client connects to pgpool - # not using virtual IP. - # (change requires restart) -wd_escalation_command = '' - # Executes this command at escalation on new active pgpool. - # (change requires restart) - -# - Lifecheck Setting - - -# -- common -- - -wd_lifecheck_method = 'heartbeat' - # Method of watchdog lifecheck ('heartbeat' or 'query') - # (change requires restart) -wd_interval = 10 - # lifecheck interval (sec) > 0 - # (change requires restart) - -# -- heartbeat mode -- - -wd_heartbeat_port = 9694 - # Port number for receiving heartbeat signal - # (change requires restart) -wd_heartbeat_keepalive = 2 - # Interval time of sending heartbeat signal (sec) - # (change requires restart) -wd_heartbeat_deadtime = 30 - # Deadtime interval for heartbeat signal (sec) - # (change requires restart) -heartbeat_destination0 = 'host0_ip1' - # Host name or IP address of destination 0 - # for sending heartbeat signal. - # (change requires restart) -heartbeat_destination_port0 = 9694 - # Port number of destination 0 for sending - # heartbeat signal. Usually this is the - # same as wd_heartbeat_port. - # (change requires restart) -heartbeat_device0 = '' - # Name of NIC device (such like 'eth0') - # used for sending/receiving heartbeat - # signal to/from destination 0. - # This works only when this is not empty - # and pgpool has root privilege. - # (change requires restart) - -#heartbeat_destination1 = 'host0_ip2' -#heartbeat_destination_port1 = 9694 -#heartbeat_device1 = '' - -# -- query mode -- - -wd_life_point = 3 - # lifecheck retry times - # (change requires restart) -wd_lifecheck_query = 'SELECT 1' - # lifecheck query to pgpool from watchdog - # (change requires restart) -wd_lifecheck_dbname = 'template1' - # Database name connected for lifecheck - # (change requires restart) -wd_lifecheck_user = 'nobody' - # watchdog user monitoring pgpools in lifecheck - # (change requires restart) -wd_lifecheck_password = '' - # Password for watchdog user in lifecheck - # (change requires restart) - -# - Other pgpool Connection Settings - - -#other_pgpool_hostname0 = 'host0' - # Host name or IP address to connect to for other pgpool 0 - # (change requires restart) -#other_pgpool_port0 = 5432 - # Port number for othet pgpool 0 - # (change requires restart) -#other_wd_port0 = 9000 - # Port number for othet watchdog 0 - # (change requires restart) -#other_pgpool_hostname1 = 'host1' -#other_pgpool_port1 = 5432 -#other_wd_port1 = 9000 - - -#------------------------------------------------------------------------------ -# OTHERS -#------------------------------------------------------------------------------ -relcache_expire = 0 - # Life time of relation cache in seconds. - # 0 means no cache expiration(the default). - # The relation cache is used for cache the - # query result against PostgreSQL system - # catalog to obtain various information - # including table structures or if it's a - # temporary table or not. The cache is - # maintained in a pgpool child local memory - # and being kept as long as it survives. - # If someone modify the table by using - # ALTER TABLE or some such, the relcache is - # not consistent anymore. - # For this purpose, cache_expiration - # controls the life time of the cache. -relcache_size = 256 - # Number of relation cache - # entry. If you see frequently: - # "pool_search_relcache: cache replacement happend" - # in the pgpool log, you might want to increate this number. - -check_temp_table = on - # If on, enable temporary table check in SELECT statements. - # This initiates queries against system catalog of primary/master - # thus increases load of master. - # If you are absolutely sure that your system never uses temporary tables - # and you want to save access to primary/master, you could turn this off. - # Default is on. - - -#------------------------------------------------------------------------------ -# ON MEMORY QUERY MEMORY CACHE -#------------------------------------------------------------------------------ -memory_cache_enabled = off - # If on, use the memory cache functionality, off by default -memqcache_method = 'shmem' - # Cache storage method. either 'shmem'(shared memory) or - # 'memcached'. 'shmem' by default - # (change requires restart) -memqcache_memcached_host = 'localhost' - # Memcached host name or IP address. Mandatory if - # memqcache_method = 'memcached'. - # Defaults to localhost. - # (change requires restart) -memqcache_memcached_port = 11211 - # Memcached port number. Mondatory if memqcache_method = 'memcached'. - # Defaults to 11211. - # (change requires restart) -memqcache_total_size = 67108864 - # Total memory size in bytes for storing memory cache. - # Mandatory if memqcache_method = 'shmem'. - # Defaults to 64MB. - # (change requires restart) -memqcache_max_num_cache = 1000000 - # Total number of cache entries. Mandatory - # if memqcache_method = 'shmem'. - # Each cache entry consumes 48 bytes on shared memory. - # Defaults to 1,000,000(45.8MB). - # (change requires restart) -memqcache_expire = 0 - # Memory cache entry life time specified in seconds. - # 0 means infinite life time. 0 by default. - # (change requires restart) -memqcache_auto_cache_invalidation = on - # If on, invalidation of query cache is triggered by corresponding - # DDL/DML/DCL(and memqcache_expire). If off, it is only triggered - # by memqcache_expire. on by default. - # (change requires restart) -memqcache_maxcache = 409600 - # Maximum SELECT result size in bytes. - # Must be smaller than memqcache_cache_block_size. Defaults to 400KB. - # (change requires restart) -memqcache_cache_block_size = 1048576 - # Cache block size in bytes. Mandatory if memqcache_method = 'shmem'. - # Defaults to 1MB. - # (change requires restart) -memqcache_oiddir = '/var/log/pgpool/oiddir' - # Temporary work directory to record table oids - # (change requires restart) -white_memqcache_table_list = '' - # Comma separated list of table names to memcache - # that don't write to database - # Regexp are accepted -black_memqcache_table_list = '' - # Comma separated list of table names not to memcache - # that don't write to database - # Regexp are accepted diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_hba.conf b/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_hba.conf deleted file mode 100644 index d8918409e8..0000000000 --- a/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_hba.conf +++ /dev/null @@ -1,67 +0,0 @@ -# pgpool Client Authentication Configuration File a custom version -# =============================================== -# -# The format rule in this file follows the rules in the PostgreSQL -# Administrator's Guide. Refer to chapter "Client Authentication" for a -# complete description. A short synopsis follows. -# -# This file controls: which hosts are allowed to connect, how clients -# are authenticated, which user names they can use, which databases they -# can access. Records take one of these forms: -# -# local DATABASE USER METHOD [OPTION] -# host DATABASE USER CIDR-ADDRESS METHOD [OPTION] -# -# (The uppercase items must be replaced by actual values.) -# -# The first field is the connection type: "local" is a Unix-domain -# socket, "host" is either a plain or SSL-encrypted TCP/IP socket. -# -# DATABASE can be "all", "sameuser", a database name, or a comma-separated -# list thereof. Note that "samegroup" like in PostgreSQL's pg_hba.conf -# file is not supported, since pgpool does not know which group a user -# belongs to. Also note that the database specified here may not exist in -# the backend PostgreSQL. pgpool will authenticate based on the database's -# name, not based on whether it exists or not. -# -# USER can be "all", a user name, or a comma-separated list thereof. In -# both the DATABASE and USER fields you can also write a file name prefixed -# with "@" to include names from a separate file. Note that a group name -# prefixed with "+" like in PostgreSQL's pg_hba.conf file is not supported -# because of the same reason as "samegroup" token. Also note that a user -# name specified here may not exist in the backend PostgreSQL. pgpool will -# authenticate based on the user's name, not based on whether he/she exists. -# -# CIDR-ADDRESS specifies the set of hosts the record matches. -# It is made up of an IP address and a CIDR mask that is an integer -# (between 0 and 32 (IPv4) that specifies the number of significant bits in -# the mask. Alternatively, you can write an IP address and netmask in -# separate columns to specify the set of hosts. -# -# METHOD can be "trust", "reject", "md5" or "pam". Note that "pam" sends passwords -# in clear text. -# -# OPTION is the name of the PAM service. Default service name is "pgpool" -# -# Database and user names containing spaces, commas, quotes and other special -# characters must be quoted. Quoting one of the keywords "all" or "sameuser" -# makes the name lose its special character, and just match a database or -# username with that name. -# -# This file is read on pgpool startup. If you edit the file on a running -# system, you have to restart the pgpool for the changes to take effect. - -# Put your actual configuration here -# ---------------------------------- -# -# If you want to allow non-local connections, you need to add more -# "host" records. In that case you will also need to make pgpool listen -# on a non-local interface via the listen_addresses configuration parameter. -# - -# TYPE DATABASE USER CIDR-ADDRESS METHOD - -# "local" is for Unix domain socket connections only -#local all all trust -# IPv4 local connections: -host all all 0.0.0.0/0 md5 diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_passwd b/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_passwd deleted file mode 100644 index 3636d1de74..0000000000 --- a/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_passwd +++ /dev/null @@ -1,2 +0,0 @@ -testuser:md599e8713364988502fa6189781bcf648f -postgres:md53175bce1d3201d16594cebf9d7eb3f9d diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/requirements.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/requirements.yaml deleted file mode 100644 index 5b097f3ab7..0000000000 --- a/kubernetes/common/postgres-legacy/charts/pgpool/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~5.x-0 - repository: '@local' diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/templates/configmap.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/templates/configmap.yaml deleted file mode 100755 index 099c8dd12e..0000000000 --- a/kubernetes/common/postgres-legacy/charts/pgpool/templates/configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-pgpool-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/templates/deployment.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/templates/deployment.yaml deleted file mode 100644 index 7572d7f444..0000000000 --- a/kubernetes/common/postgres-legacy/charts/pgpool/templates/deployment.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} -kind: Deployment -apiVersion: extensions/v1beta1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: 2 - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - containers: - - image: "{{.Values.repository}}/{{.Values.image}}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }} - env: - - name: PG_PRIMARY_SERVICE_NAME - value: {{.Values.container.name.primary}} - - name: PG_REPLICA_SERVICE_NAME - value: {{.Values.container.name.replica}} - - name: PG_USERNAME - value: {{.Values.credentials.pgusername}} - - name: PG_PASSWORD - value: {{.Values.credentials.pgpassword}} - ports: - - containerPort: 5432 - name: pgpool - protocol: TCP - readinessProbe: - tcpSocket: - port: 5432 - initialDelaySeconds: 20 - periodSeconds: 10 - livenessProbe: - tcpSocket: - port: 5432 - initialDelaySeconds: 15 - periodSeconds: 20 - volumeMounts: - - name: pgpool-pgconf - mountPath: /pgconf/pgpoolconfigdir - readOnly: false - volumes: - - name: pgpool-pgconf - configMap: - name: {{ include "common.fullname" . }}-pgpool-configmap diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/templates/service.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/templates/service.yaml deleted file mode 100644 index 8c066e5b7a..0000000000 --- a/kubernetes/common/postgres-legacy/charts/pgpool/templates/service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.name }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/values.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/values.yaml deleted file mode 100644 index cb732b7cd7..0000000000 --- a/kubernetes/common/postgres-legacy/charts/pgpool/values.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - persistence: {} - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: crunchydata -image: crunchy-pgpool:centos7-10.4-2.0.0 -pullPolicy: Always - -container: - port: 5432 - name: - primary: pgset-primary - replica: pgset-replica -credentials: - pgusername: testuser - pgpassword: password -service: - name: pgpool - type: ClusterIP - externalPort: 5432 - internalPort: 5432 diff --git a/kubernetes/common/postgres-legacy/requirements.yaml b/kubernetes/common/postgres-legacy/requirements.yaml deleted file mode 100644 index 5b097f3ab7..0000000000 --- a/kubernetes/common/postgres-legacy/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~5.x-0 - repository: '@local' diff --git a/kubernetes/common/postgres-legacy/templates/pv.yaml b/kubernetes/common/postgres-legacy/templates/pv.yaml deleted file mode 100644 index 2ac5d979d5..0000000000 --- a/kubernetes/common/postgres-legacy/templates/pv.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} -{{- $global := . }} -{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) -}} -{{- range $i := until (int $global.Values.replicaCount)}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-data-{{ $i }} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ include "common.fullname" $global }} - chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" $global }}" - heritage: "{{ $global.Release.Service }}" - name: {{ include "common.fullname" $global }} -spec: - capacity: - storage: {{ $global.Values.persistence.size}} - accessModes: - - {{ $global.Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" $global }}-data" - hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} -{{if ne $i (int $global.Values.replicaCount) }} ---- -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/kubernetes/common/postgres-legacy/templates/secrets.yaml b/kubernetes/common/postgres-legacy/templates/secrets.yaml deleted file mode 100644 index db1bc5bb15..0000000000 --- a/kubernetes/common/postgres-legacy/templates/secrets.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - pg-primary-password: {{ .Values.config.pgPrimaryPassword | b64enc | quote }} - pg-user-password: {{ .Values.config.pgUserPassword | b64enc | quote }} - pg-root-password: {{ .Values.config.pgRootPassword | b64enc | quote }} - diff --git a/kubernetes/common/postgres-legacy/templates/service.yaml b/kubernetes/common/postgres-legacy/templates/service.yaml deleted file mode 100644 index 30d824bbd7..0000000000 --- a/kubernetes/common/postgres-legacy/templates/service.yaml +++ /dev/null @@ -1,95 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.name }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name2 }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type2 }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.name2 }} - {{- else -}} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.name2 }} - {{- end}} - selector: - name: "{{.Values.container.name.primary}}" - release: {{ include "common.release" . }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name3 }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type3 }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort3 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} - name: {{ .Values.service.name3 }} - {{- else -}} - - port: {{ .Values.service.externalPort3 }} - targetPort: {{ .Values.service.internalPort3 }} - name: {{ .Values.service.name3 }} - {{- end}} - selector: - name: "{{.Values.container.name.replica}}" - release: {{ include "common.release" . }} diff --git a/kubernetes/common/postgres-legacy/templates/statefulset.yaml b/kubernetes/common/postgres-legacy/templates/statefulset.yaml deleted file mode 100644 index 5333a0d310..0000000000 --- a/kubernetes/common/postgres-legacy/templates/statefulset.yaml +++ /dev/null @@ -1,143 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} -apiVersion: apps/v1beta1 -kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - serviceName: {{ .Values.service.name }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - /bin/sh - - -c - - | - chown -R 26:26 /podroot/; - chmod 700 /podroot/; - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-prepare - volumeMounts: - - name: {{ include "common.fullname" . }}-data - mountPath: /podroot/ - containers: - - name: {{ include "common.name" . }} - image: "{{ .Values.postgresRepository }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - name: postgres - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - {{end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: PGHOST - value: /tmp - - name: PG_PRIMARY_USER - value: primaryuser - - name: PG_MODE - value: set - - name: PG_PRIMARY_HOST - value: "{{.Values.container.name.primary}}" - - name: PG_REPLICA_HOST - value: "{{.Values.container.name.replica}}" - - name: PG_PRIMARY_PORT - value: "{{.Values.service.internalPort}}" - - name: PG_PRIMARY_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: pg-primary-password - - name: PG_USER - value: "{{.Values.config.pgUserName}}" - - name: PG_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: pg-user-password - - name: PG_DATABASE - value: "{{.Values.config.pgDatabase}}" - - name: PG_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: pg-root-password - volumeMounts: - - mountPath: /pgdata - name: {{ include "common.fullname" . }}-data - - mountPath: /backup - name: {{ include "common.fullname" . }}-backup - readOnly: true - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }}-backup - emptyDir: {} -{{- if not .Values.persistence.enabled }} - - name: {{ include "common.fullname" . }}-data - emptyDir: {} -{{- else }} - volumeClaimTemplates: - - metadata: - name: {{ include "common.fullname" . }}-data - labels: - name: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} -{{- end }} diff --git a/kubernetes/common/postgres-legacy/values.yaml b/kubernetes/common/postgres-legacy/values.yaml deleted file mode 100644 index 8dd5d0aaac..0000000000 --- a/kubernetes/common/postgres-legacy/values.yaml +++ /dev/null @@ -1,139 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - persistence: {} - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - -################################################################# -# Application configuration defaults. -################################################################# - -# BusyBox image -busyboxRepository: registry.hub.docker.com -busyboxImage: library/busybox:latest - -postgresRepository: crunchydata -image: crunchy-postgres:centos7-10.4-2.0.0 -pullPolicy: Always - -# application configuration -config: - pgUserName: testuser - pgDatabase: userdb - pgPrimaryPassword: password - pgUserPassword: password - pgRootPassword: password - -container: - name: - primary: pgset-primary - replica: pgset-replica - -pgpool: - container: - port: 5432 - name: - primary: pgset-primary - replica: pgset-replica - credentials: - pgusername: testuser - pgpassword: password - service: - name: pgpool - - -# default number of instances -replicaCount: 2 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 300 - periodSeconds: 10 - timeoutSeconds: 5 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -## Persist data to a persitent volume -persistence: - enabled: true - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - volumeReclaimPolicy: Retain - - ## database data Persistent Volume Storage Class - ## If defined, storageClassName: <storageClass> - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - accessMode: ReadWriteOnce - size: 1Gi - mountPath: /dockerdata-nfs - mountSubPath: postgres/data - mountInitPath: postgres - -service: - type: ClusterIP - name: pgset - externalPort: 5432 - internalPort: 5432 - type2: ClusterIP - name2: pgset-primary - externalPort2: 5432 - internalPort2: 5432 - type3: ClusterIP - name3: pgset-replica - externalPort3: 5432 - internalPort3: 5432 - -ingress: - enabled: false - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi - diff --git a/kubernetes/common/postgres/charts/pgpool/Chart.yaml b/kubernetes/common/postgres/charts/pgpool/Chart.yaml deleted file mode 100644 index e2818139fa..0000000000 --- a/kubernetes/common/postgres/charts/pgpool/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Postgres Server -name: pgpool -version: 5.0.0 diff --git a/kubernetes/common/postgres/charts/pgpool/configs/pgpool.conf b/kubernetes/common/postgres/charts/pgpool/configs/pgpool.conf deleted file mode 100644 index f335174f40..0000000000 --- a/kubernetes/common/postgres/charts/pgpool/configs/pgpool.conf +++ /dev/null @@ -1,677 +0,0 @@ -# ---------------------------- -# pgPool-II configuration file a custom version -# ---------------------------- -# -# This file consists of lines of the form: -# -# name = value -# -# Whitespace may be used. Comments are introduced with "#" anywhere on a line. -# The complete list of parameter names and allowed values can be found in the -# pgPool-II documentation. -# -# This file is read on server startup and when the server receives a SIGHUP -# signal. If you edit the file on a running system, you have to SIGHUP the -# server for the changes to take effect, or use "pgpool reload". Some -# parameters, which are marked below, require a server shutdown and restart to -# take effect. -# - - -#------------------------------------------------------------------------------ -# CONNECTIONS -#------------------------------------------------------------------------------ - -# - pgpool Connection Settings - - -listen_addresses = '*' - # Host name or IP address to listen on: - # '*' for all, '' for no TCP/IP connections - # (change requires restart) -#port = 9999 -port = 5432 - # Port number - # (change requires restart) -socket_dir = '/tmp' - # Unix domain socket path - # The Debian package defaults to - # /var/run/postgresql - # (change requires restart) - - -# - pgpool Communication Manager Connection Settings - - -pcp_port = 9898 - # Port number for pcp - # (change requires restart) -pcp_socket_dir = '/tmp' - # Unix domain socket path for pcp - # The Debian package defaults to - # /var/run/postgresql - # (change requires restart) - -# - Backend Connection Settings - - -backend_hostname0 = '{{.Values.container.name.primary}}' -backend_port0 = 5432 -backend_weight0= 1 -backend_flag0= 'DISALLOW_TO_FAILOVER' - -backend_hostname1 = '{{.Values.container.name.replica}}' -backend_port1 = 5432 -backend_weight1= 1 -backend_flag1= 'DISALLOW_TO_FAILOVER' - -#backend_hostname0 = 'master' - # Host name or IP address to connect to for backend 0 -#backend_port0 = 5432 - # Port number for backend 0 -#backend_weight0 = 1 - # Weight for backend 0 (only in load balancing mode) -#backend_data_directory0 = '/data' - # Data directory for backend 0 -#backend_flag0 = 'ALLOW_TO_FAILOVER' - # Controls various backend behavior - # ALLOW_TO_FAILOVER or DISALLOW_TO_FAILOVER -#backend_hostname1 = 'standby' -#backend_port1 = 5432 -#backend_weight1 = 1 -#backend_data_directory1 = '/data1' -#backend_flag1 = 'ALLOW_TO_FAILOVER' - -# - Authentication - - -enable_pool_hba = on - # Use pool_hba.conf for client authentication -pool_passwd = 'pool_passwd' - # File name of pool_passwd for md5 authentication. - # "" disables pool_passwd. - # (change requires restart) -authentication_timeout = 60 - # Delay in seconds to complete client authentication - # 0 means no timeout. - -# - SSL Connections - - -ssl = off - # Enable SSL support - # (change requires restart) -#ssl_key = './server.key' - # Path to the SSL private key file - # (change requires restart) -#ssl_cert = './server.cert' - # Path to the SSL public certificate file - # (change requires restart) -#ssl_ca_cert = '' - # Path to a single PEM format file - # containing CA root certificate(s) - # (change requires restart) -#ssl_ca_cert_dir = '' - # Directory containing CA root certificate(s) - # (change requires restart) - - -#------------------------------------------------------------------------------ -# POOLS -#------------------------------------------------------------------------------ - -# - Pool size - - -num_init_children = 5 - # Number of pools - # (change requires restart) -max_pool = 1 - # Number of connections per pool - # (change requires restart) - -# - Life time - - -child_life_time = 300 - # Pool exits after being idle for this many seconds -child_max_connections = 0 - # Pool exits after receiving that many connections - # 0 means no exit -connection_life_time = 0 - # Connection to backend closes after being idle for this many seconds - # 0 means no close -client_idle_limit = 0 - # Client is disconnected after being idle for that many seconds - # (even inside an explicit transactions!) - # 0 means no disconnection - - -#------------------------------------------------------------------------------ -# LOGS -#------------------------------------------------------------------------------ - -# - Where to log - - -log_destination = 'stderr' - # Where to log - # Valid values are combinations of stderr, - # and syslog. Default to stderr. - -# - What to log - - -print_timestamp = on - # Print timestamp on each line - # (change requires restart) - -log_connections = on - # Log connections -log_hostname = on - # Hostname will be shown in ps status - # and in logs if connections are logged -log_statement = on - # Log all statements -log_per_node_statement = off - # Log all statements - # with node and backend informations -log_standby_delay = 'if_over_threshold' - # Log standby delay - # Valid values are combinations of always, - # if_over_threshold, none - -# - Syslog specific - - -syslog_facility = 'LOCAL0' - # Syslog local facility. Default to LOCAL0 -syslog_ident = 'pgpool' - # Syslog program identification string - # Default to 'pgpool' - -# - Debug - - -debug_level = 1 - # Debug message verbosity level - # 0 means no message, 1 or more mean verbose - - -#------------------------------------------------------------------------------ -# FILE LOCATIONS -#------------------------------------------------------------------------------ - -pid_file_name = '/tmp/pgpool.pid' - # PID file name - # (change requires restart) -logdir = '/tmp' - # Directory of pgPool status file - # (change requires restart) - - -#------------------------------------------------------------------------------ -# CONNECTION POOLING -#------------------------------------------------------------------------------ - -connection_cache = off - # Activate connection pools - # (change requires restart) - - # Semicolon separated list of queries - # to be issued at the end of a session - # The default is for 8.3 and later -reset_query_list = 'ABORT; DISCARD ALL' - # The following one is for 8.2 and before -#reset_query_list = 'ABORT; RESET ALL; SET SESSION AUTHORIZATION DEFAULT' - - -#------------------------------------------------------------------------------ -# REPLICATION MODE -#------------------------------------------------------------------------------ - -replication_mode = off - # Activate replication mode - # (change requires restart) -replicate_select = off - # Replicate SELECT statements - # when in replication or parallel mode - # replicate_select is higher priority than - # load_balance_mode. - -insert_lock = off - # Automatically locks a dummy row or a table - # with INSERT statements to keep SERIAL data - # consistency - # Without SERIAL, no lock will be issued -lobj_lock_table = '' - # When rewriting lo_creat command in - # replication mode, specify table name to - # lock - -# - Degenerate handling - - -replication_stop_on_mismatch = off - # On disagreement with the packet kind - # sent from backend, degenerate the node - # which is most likely "minority" - # If off, just force to exit this session - -failover_if_affected_tuples_mismatch = off - # On disagreement with the number of affected - # tuples in UPDATE/DELETE queries, then - # degenerate the node which is most likely - # "minority". - # If off, just abort the transaction to - # keep the consistency - - -#------------------------------------------------------------------------------ -# LOAD BALANCING MODE -#------------------------------------------------------------------------------ - -load_balance_mode = on - # Activate load balancing mode - # (change requires restart) -ignore_leading_white_space = on - # Ignore leading white spaces of each query -white_function_list = '' - # Comma separated list of function names - # that don't write to database - # Regexp are accepted -black_function_list = 'currval,lastval,nextval,setval' - # Comma separated list of function names - # that write to database - # Regexp are accepted - - -#------------------------------------------------------------------------------ -# MASTER/SLAVE MODE -#------------------------------------------------------------------------------ - -master_slave_mode = on - # Activate master/slave mode - # (change requires restart) -master_slave_sub_mode = 'stream' - # Master/slave sub mode - # Valid values are combinations slony or - # stream. Default is slony. - # (change requires restart) - -# - Streaming - - -sr_check_period = 10 - # Streaming replication check period - # Disabled (0) by default -sr_check_user = '{{.Values.credentials.pgusername}}' - # Streaming replication check user - # This is neccessary even if you disable streaming - # replication delay check by sr_check_period = 0 -sr_check_password = '{{.Values.credentials.pgpassword}}' - # Password for streaming replication check user -delay_threshold = 10000000 - # Threshold before not dispatching query to standby node - # Unit is in bytes - # Disabled (0) by default - -# - Special commands - - -follow_master_command = '' - # Executes this command after master failover - # Special values: - # %d = node id - # %h = host name - # %p = port number - # %D = database cluster path - # %m = new master node id - # %H = hostname of the new master node - # %M = old master node id - # %P = old primary node id - # %r = new master port number - # %R = new master database cluster path - # %% = '%' character - - -#------------------------------------------------------------------------------ -# PARALLEL MODE -#------------------------------------------------------------------------------ - -parallel_mode = off - # Activates parallel query mode - # (change requires restart) -pgpool2_hostname = '' - # Set pgpool2 hostname - # (change requires restart) - -# - System DB info - - -#system_db_hostname = 'localhost' - # (change requires restart) -#system_db_port = 5432 - # (change requires restart) -#system_db_dbname = 'pgpool' - # (change requires restart) -#system_db_schema = 'pgpool_catalog' - # (change requires restart) -#system_db_user = 'pgpool' - # (change requires restart) -#system_db_password = '' - # (change requires restart) - - -#------------------------------------------------------------------------------ -# HEALTH CHECK -#------------------------------------------------------------------------------ - -health_check_period = 20 - # Health check period - # Disabled (0) by default -health_check_timeout = 10 - # Health check timeout - # 0 means no timeout -health_check_user = '{{.Values.credentials.pgusername}}' - # Health check user -health_check_password = '{{.Values.credentials.pgpassword}}' - # Password for health check user -health_check_max_retries = 3 -connect_timeout = 10000 # Timeout value in milliseconds before giving up to connect to backend. - - # Maximum number of times to retry a failed health check before giving up. -health_check_retry_delay = 1 - # Amount of time to wait (in seconds) between retries. - - -#------------------------------------------------------------------------------ -# FAILOVER AND FAILBACK -#------------------------------------------------------------------------------ - -failover_command = '' - # Executes this command at failover - # Special values: - # %d = node id - # %h = host name - # %p = port number - # %D = database cluster path - # %m = new master node id - # %H = hostname of the new master node - # %M = old master node id - # %P = old primary node id - # %r = new master port number - # %R = new master database cluster path - # %% = '%' character -failback_command = '' - # Executes this command at failback. - # Special values: - # %d = node id - # %h = host name - # %p = port number - # %D = database cluster path - # %m = new master node id - # %H = hostname of the new master node - # %M = old master node id - # %P = old primary node id - # %r = new master port number - # %R = new master database cluster path - # %% = '%' character - -fail_over_on_backend_error = off - # Initiates failover when reading/writing to the - # backend communication socket fails - # If set to off, pgpool will report an - # error and disconnect the session. - -search_primary_node_timeout = 10 - # Timeout in seconds to search for the - # primary node when a failover occurs. - # 0 means no timeout, keep searching - # for a primary node forever. - -#------------------------------------------------------------------------------ -# ONLINE RECOVERY -#------------------------------------------------------------------------------ - -recovery_user = '{{.Values.credentials.pgusername}}' - # Online recovery user -recovery_password = '{{.Values.credentials.pgpassword}}' - # Online recovery password -recovery_1st_stage_command = '' - # Executes a command in first stage -recovery_2nd_stage_command = '' - # Executes a command in second stage -recovery_timeout = 90 - # Timeout in seconds to wait for the - # recovering node's postmaster to start up - # 0 means no wait -client_idle_limit_in_recovery = 0 - # Client is disconnected after being idle - # for that many seconds in the second stage - # of online recovery - # 0 means no disconnection - # -1 means immediate disconnection - - -#------------------------------------------------------------------------------ -# WATCHDOG -#------------------------------------------------------------------------------ - -# - Enabling - - -use_watchdog = off - # Activates watchdog - # (change requires restart) - -# -Connection to up stream servers - - -trusted_servers = '' - # trusted server list which are used - # to confirm network connection - # (hostA,hostB,hostC,...) - # (change requires restart) -ping_path = '/bin' - # ping command path - # (change requires restart) - -# - Watchdog communication Settings - - -wd_hostname = '' - # Host name or IP address of this watchdog - # (change requires restart) -wd_port = 9000 - # port number for watchdog service - # (change requires restart) -wd_authkey = '' - # Authentication key for watchdog communication - # (change requires restart) - -# - Virtual IP control Setting - - -delegate_IP = '' - # delegate IP address - # If this is empty, virtual IP never bring up. - # (change requires restart) -ifconfig_path = '/sbin' - # ifconfig command path - # (change requires restart) -if_up_cmd = 'ifconfig eth0:0 inet $_IP_$ netmask 255.255.255.0' - # startup delegate IP command - # (change requires restart) -if_down_cmd = 'ifconfig eth0:0 down' - # shutdown delegate IP command - # (change requires restart) - -arping_path = '/usr/sbin' # arping command path - # (change requires restart) - -arping_cmd = 'arping -U $_IP_$ -w 1' - # arping command - # (change requires restart) - -# - Behaivor on escalation Setting - - -clear_memqcache_on_escalation = on - # Clear all the query cache on shared memory - # when standby pgpool escalate to active pgpool - # (= virtual IP holder). - # This should be off if client connects to pgpool - # not using virtual IP. - # (change requires restart) -wd_escalation_command = '' - # Executes this command at escalation on new active pgpool. - # (change requires restart) - -# - Lifecheck Setting - - -# -- common -- - -wd_lifecheck_method = 'heartbeat' - # Method of watchdog lifecheck ('heartbeat' or 'query') - # (change requires restart) -wd_interval = 10 - # lifecheck interval (sec) > 0 - # (change requires restart) - -# -- heartbeat mode -- - -wd_heartbeat_port = 9694 - # Port number for receiving heartbeat signal - # (change requires restart) -wd_heartbeat_keepalive = 2 - # Interval time of sending heartbeat signal (sec) - # (change requires restart) -wd_heartbeat_deadtime = 30 - # Deadtime interval for heartbeat signal (sec) - # (change requires restart) -heartbeat_destination0 = 'host0_ip1' - # Host name or IP address of destination 0 - # for sending heartbeat signal. - # (change requires restart) -heartbeat_destination_port0 = 9694 - # Port number of destination 0 for sending - # heartbeat signal. Usually this is the - # same as wd_heartbeat_port. - # (change requires restart) -heartbeat_device0 = '' - # Name of NIC device (such like 'eth0') - # used for sending/receiving heartbeat - # signal to/from destination 0. - # This works only when this is not empty - # and pgpool has root privilege. - # (change requires restart) - -#heartbeat_destination1 = 'host0_ip2' -#heartbeat_destination_port1 = 9694 -#heartbeat_device1 = '' - -# -- query mode -- - -wd_life_point = 3 - # lifecheck retry times - # (change requires restart) -wd_lifecheck_query = 'SELECT 1' - # lifecheck query to pgpool from watchdog - # (change requires restart) -wd_lifecheck_dbname = 'template1' - # Database name connected for lifecheck - # (change requires restart) -wd_lifecheck_user = 'nobody' - # watchdog user monitoring pgpools in lifecheck - # (change requires restart) -wd_lifecheck_password = '' - # Password for watchdog user in lifecheck - # (change requires restart) - -# - Other pgpool Connection Settings - - -#other_pgpool_hostname0 = 'host0' - # Host name or IP address to connect to for other pgpool 0 - # (change requires restart) -#other_pgpool_port0 = 5432 - # Port number for othet pgpool 0 - # (change requires restart) -#other_wd_port0 = 9000 - # Port number for othet watchdog 0 - # (change requires restart) -#other_pgpool_hostname1 = 'host1' -#other_pgpool_port1 = 5432 -#other_wd_port1 = 9000 - - -#------------------------------------------------------------------------------ -# OTHERS -#------------------------------------------------------------------------------ -relcache_expire = 0 - # Life time of relation cache in seconds. - # 0 means no cache expiration(the default). - # The relation cache is used for cache the - # query result against PostgreSQL system - # catalog to obtain various information - # including table structures or if it's a - # temporary table or not. The cache is - # maintained in a pgpool child local memory - # and being kept as long as it survives. - # If someone modify the table by using - # ALTER TABLE or some such, the relcache is - # not consistent anymore. - # For this purpose, cache_expiration - # controls the life time of the cache. -relcache_size = 256 - # Number of relation cache - # entry. If you see frequently: - # "pool_search_relcache: cache replacement happend" - # in the pgpool log, you might want to increate this number. - -check_temp_table = on - # If on, enable temporary table check in SELECT statements. - # This initiates queries against system catalog of primary/master - # thus increases load of master. - # If you are absolutely sure that your system never uses temporary tables - # and you want to save access to primary/master, you could turn this off. - # Default is on. - - -#------------------------------------------------------------------------------ -# ON MEMORY QUERY MEMORY CACHE -#------------------------------------------------------------------------------ -memory_cache_enabled = off - # If on, use the memory cache functionality, off by default -memqcache_method = 'shmem' - # Cache storage method. either 'shmem'(shared memory) or - # 'memcached'. 'shmem' by default - # (change requires restart) -memqcache_memcached_host = 'localhost' - # Memcached host name or IP address. Mandatory if - # memqcache_method = 'memcached'. - # Defaults to localhost. - # (change requires restart) -memqcache_memcached_port = 11211 - # Memcached port number. Mondatory if memqcache_method = 'memcached'. - # Defaults to 11211. - # (change requires restart) -memqcache_total_size = 67108864 - # Total memory size in bytes for storing memory cache. - # Mandatory if memqcache_method = 'shmem'. - # Defaults to 64MB. - # (change requires restart) -memqcache_max_num_cache = 1000000 - # Total number of cache entries. Mandatory - # if memqcache_method = 'shmem'. - # Each cache entry consumes 48 bytes on shared memory. - # Defaults to 1,000,000(45.8MB). - # (change requires restart) -memqcache_expire = 0 - # Memory cache entry life time specified in seconds. - # 0 means infinite life time. 0 by default. - # (change requires restart) -memqcache_auto_cache_invalidation = on - # If on, invalidation of query cache is triggered by corresponding - # DDL/DML/DCL(and memqcache_expire). If off, it is only triggered - # by memqcache_expire. on by default. - # (change requires restart) -memqcache_maxcache = 409600 - # Maximum SELECT result size in bytes. - # Must be smaller than memqcache_cache_block_size. Defaults to 400KB. - # (change requires restart) -memqcache_cache_block_size = 1048576 - # Cache block size in bytes. Mandatory if memqcache_method = 'shmem'. - # Defaults to 1MB. - # (change requires restart) -memqcache_oiddir = '/var/log/pgpool/oiddir' - # Temporary work directory to record table oids - # (change requires restart) -white_memqcache_table_list = '' - # Comma separated list of table names to memcache - # that don't write to database - # Regexp are accepted -black_memqcache_table_list = '' - # Comma separated list of table names not to memcache - # that don't write to database - # Regexp are accepted diff --git a/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf b/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf deleted file mode 100644 index 580185c6f0..0000000000 --- a/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf +++ /dev/null @@ -1,68 +0,0 @@ -# pgpool Client Authentication Configuration File a custom version -# =============================================== -# -# The format rule in this file follows the rules in the PostgreSQL -# Administrator's Guide. Refer to chapter "Client Authentication" for a -# complete description. A short synopsis follows. -# -# This file controls: which hosts are allowed to connect, how clients -# are authenticated, which user names they can use, which databases they -# can access. Records take one of these forms: -# -# local DATABASE USER METHOD [OPTION] -# host DATABASE USER CIDR-ADDRESS METHOD [OPTION] -# -# (The uppercase items must be replaced by actual values.) -# -# The first field is the connection type: "local" is a Unix-domain -# socket, "host" is either a plain or SSL-encrypted TCP/IP socket. -# -# DATABASE can be "all", "sameuser", a database name, or a comma-separated -# list thereof. Note that "samegroup" like in PostgreSQL's pg_hba.conf -# file is not supported, since pgpool does not know which group a user -# belongs to. Also note that the database specified here may not exist in -# the backend PostgreSQL. pgpool will authenticate based on the database's -# name, not based on whether it exists or not. -# -# USER can be "all", a user name, or a comma-separated list thereof. In -# both the DATABASE and USER fields you can also write a file name prefixed -# with "@" to include names from a separate file. Note that a group name -# prefixed with "+" like in PostgreSQL's pg_hba.conf file is not supported -# because of the same reason as "samegroup" token. Also note that a user -# name specified here may not exist in the backend PostgreSQL. pgpool will -# authenticate based on the user's name, not based on whether he/she exists. -# -# CIDR-ADDRESS specifies the set of hosts the record matches. -# It is made up of an IP address and a CIDR mask that is an integer -# (between 0 and 32 (IPv4) that specifies the number of significant bits in -# the mask. Alternatively, you can write an IP address and netmask in -# separate columns to specify the set of hosts. -# -# METHOD can be "trust", "reject", "md5" or "pam". Note that "pam" sends passwords -# in clear text. -# -# OPTION is the name of the PAM service. Default service name is "pgpool" -# -# Database and user names containing spaces, commas, quotes and other special -# characters must be quoted. Quoting one of the keywords "all" or "sameuser" -# makes the name lose its special character, and just match a database or -# username with that name. -# -# This file is read on pgpool startup. If you edit the file on a running -# system, you have to restart the pgpool for the changes to take effect. - -# Put your actual configuration here -# ---------------------------------- -# -# If you want to allow non-local connections, you need to add more -# "host" records. In that case you will also need to make pgpool listen -# on a non-local interface via the listen_addresses configuration parameter. -# - -# TYPE DATABASE USER CIDR-ADDRESS METHOD - -# "local" is for Unix domain socket connections only -#local all all trust -# IPv4 local connections: -host all all 0.0.0.0/0 md5 - diff --git a/kubernetes/common/postgres/charts/pgpool/requirements.yaml b/kubernetes/common/postgres/charts/pgpool/requirements.yaml deleted file mode 100644 index 5b097f3ab7..0000000000 --- a/kubernetes/common/postgres/charts/pgpool/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~5.x-0 - repository: '@local' diff --git a/kubernetes/common/postgres/charts/pgpool/templates/configmap.yaml b/kubernetes/common/postgres/charts/pgpool/templates/configmap.yaml deleted file mode 100755 index 099c8dd12e..0000000000 --- a/kubernetes/common/postgres/charts/pgpool/templates/configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-pgpool-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml b/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml deleted file mode 100644 index c24916ad22..0000000000 --- a/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml +++ /dev/null @@ -1,100 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} -kind: Deployment -apiVersion: extensions/v1beta1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: 2 - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: {{ include "common.name" . }}-job - image: "{{.Values.repository}}/{{.Values.image}}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: pgpool-pgconf - mountPath: /pgconf/pgpoolconfigdir - readOnly: false - - name: pgpool-pgconf-static - mountPath: /configdir/ - readOnly: false - command: - - /bin/sh - args: - - -c - - | - cp /configdir/pgpool.conf /pgconf/pgpoolconfigdir/ - cp /configdir/pool_hba.conf /pgconf/pgpoolconfigdir/ - pg_md5 -f /pgconf/pgpoolconfigdir/pgpool.conf --md5auth --username=${PG_USER} ${PG_PASSWORD} - env: - - name: PG_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-user-password - - name: PG_USER - value: {{ index .Values.credentials.pgusername }} - containers: - - image: "{{.Values.repository}}/{{.Values.image}}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }} - env: - - name: PG_PRIMARY_SERVICE_NAME - value: {{.Values.container.name.primary}} - - name: PG_REPLICA_SERVICE_NAME - value: {{.Values.container.name.replica}} - - name: PG_USERNAME - value: {{.Values.credentials.pgusername}} - - name: PG_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-user-password - ports: - - containerPort: 5432 - name: pgpool - protocol: TCP - readinessProbe: - tcpSocket: - port: 5432 - initialDelaySeconds: 20 - periodSeconds: 10 - livenessProbe: - tcpSocket: - port: 5432 - initialDelaySeconds: 15 - periodSeconds: 20 - volumeMounts: - - name: pgpool-pgconf - mountPath: /pgconf/pgpoolconfigdir - readOnly: false - volumes: - - name: pgpool-pgconf - emptyDir: {} - - name: pgpool-pgconf-static - configMap: - name: {{ include "common.fullname" . }}-pgpool-configmap diff --git a/kubernetes/common/postgres/charts/pgpool/templates/secrets.yaml b/kubernetes/common/postgres/charts/pgpool/templates/secrets.yaml deleted file mode 100644 index 3b89371ad4..0000000000 --- a/kubernetes/common/postgres/charts/pgpool/templates/secrets.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -type: Opaque -data: - db-user-password: {{ default "" .Values.credentials.pgpassword | b64enc | quote }} - diff --git a/kubernetes/common/postgres/charts/pgpool/templates/service.yaml b/kubernetes/common/postgres/charts/pgpool/templates/service.yaml deleted file mode 100644 index 696b22a80d..0000000000 --- a/kubernetes/common/postgres/charts/pgpool/templates/service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/common/postgres/charts/pgpool/values.yaml b/kubernetes/common/postgres/charts/pgpool/values.yaml deleted file mode 100644 index 8ceff8f964..0000000000 --- a/kubernetes/common/postgres/charts/pgpool/values.yaml +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - persistence: {} - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: crunchydata -image: crunchy-pgpool:centos7-10.4-2.0.0 -pullPolicy: Always - -container: - port: 5432 - name: - primary: pgset-primary - replica: pgset-replica -credentials: - pgusername: testuser - pgpassword: password -service: - name: pgpool - portName: tcp-postgres - type: ClusterIP - externalPort: 5432 - internalPort: 5432 diff --git a/kubernetes/common/postgres/configs/setup.sql b/kubernetes/common/postgres/configs/setup.sql new file mode 100644 index 0000000000..f60b473242 --- /dev/null +++ b/kubernetes/common/postgres/configs/setup.sql @@ -0,0 +1,40 @@ +--- System Setup +SET application_name="container_setup"; + +CREATE EXTENSION IF NOT EXISTS pg_stat_statements; +CREATE EXTENSION IF NOT EXISTS pgaudit; + +ALTER USER postgres PASSWORD '${PG_ROOT_PASSWORD}'; + +CREATE USER ${PG_PRIMARY_USER} WITH REPLICATION; +ALTER USER ${PG_PRIMARY_USER} PASSWORD '${PG_PRIMARY_PASSWORD}'; + +CREATE USER "${PG_USER}" LOGIN; +ALTER USER "${PG_USER}" PASSWORD '${PG_PASSWORD}'; + +CREATE DATABASE ${PG_DATABASE}; +GRANT ALL PRIVILEGES ON DATABASE ${PG_DATABASE} TO "${PG_USER}"; + +CREATE TABLE IF NOT EXISTS primarytable (key varchar(20), value varchar(20)); +GRANT ALL ON primarytable TO ${PG_PRIMARY_USER}; + +--- PG_DATABASE Setup + +\c ${PG_DATABASE} + +CREATE EXTENSION IF NOT EXISTS pg_stat_statements; +CREATE EXTENSION IF NOT EXISTS pgaudit; + +--- Verify permissions via PG_USER + +\c ${PG_DATABASE} "${PG_USER}"; + +CREATE SCHEMA IF NOT EXISTS "${PG_USER}"; + +CREATE TABLE IF NOT EXISTS "${PG_USER}".testtable ( + name varchar(30) PRIMARY KEY, + value varchar(50) NOT NULL, + updatedt timestamp NOT NULL +); + +INSERT INTO "${PG_USER}".testtable (name, value, updatedt) VALUES ('CPU', '256', now()); diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl new file mode 100644 index 0000000000..e3ac66933f --- /dev/null +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -0,0 +1,169 @@ +{{/* +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# Copyright © 2020 Samsung Electronics +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} + +{{- define "common.postgres.deployment" -}} + {{- $dot := .dot }} + {{- $pgMode := .pgMode }} +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" $dot }}-{{ $pgMode }} + namespace: {{ include "common.namespace" $dot }} + labels: + app: {{ include "common.name" $dot }}-{{ $pgMode }} + chart: {{ $dot.Chart.Name }}-{{ $dot.Chart.Version | replace "+" "_" }} + release: {{ include "common.release" $dot }} + heritage: {{ $dot.Release.Service }} + name: "{{ index $dot.Values "container" "name" $pgMode }}" +spec: + serviceName: {{ $dot.Values.service.name }} + replicas: 1 + template: + metadata: + labels: + app: {{ include "common.name" $dot }}-{{ $pgMode }} + release: {{ include "common.release" $dot }} + name: "{{ index $dot.Values "container" "name" $pgMode }}" + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: PG_PRIMARY_USER + value: primaryuser + - name: PG_PRIMARY_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }} + - name: PG_USER + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }} + - name: PG_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }} + - name: PG_DATABASE + value: "{{ $dot.Values.config.pgDatabase }}" + - name: PG_ROOT_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input/setup.sql + name: config + subPath: setup.sql + - mountPath: /config + name: pgconf + image: "{{ $dot.Values.global.envsubstImage }}" + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} + name: {{ include "common.name" $dot }}-update-config + + - name: init-sysctl + command: + - /bin/sh + - -c + - | + chown 26:26 /podroot/; + chmod 700 /podroot/; + image: {{ $dot.Values.global.busyboxRepository | default $dot.Values.busyboxRepository }}/{{ $dot.Values.busyboxImage }} + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" $dot }}-data + mountPath: /podroot/ + containers: + - name: {{ include "common.name" $dot }} + image: "{{ $dot.Values.postgresRepository }}/{{ $dot.Values.image }}" + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} + ports: + - containerPort: {{ $dot.Values.service.internalPort }} + name: {{ $dot.Values.service.portName }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq $dot.Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ $dot.Values.service.internalPort }} + initialDelaySeconds: {{ $dot.Values.liveness.initialDelaySeconds }} + periodSeconds: {{ $dot.Values.liveness.periodSeconds }} + timeoutSeconds: {{ $dot.Values.liveness.timeoutSeconds }} + {{- end }} + readinessProbe: + tcpSocket: + port: {{ $dot.Values.service.internalPort }} + initialDelaySeconds: {{ $dot.Values.readiness.initialDelaySeconds }} + periodSeconds: {{ $dot.Values.readiness.periodSeconds }} + env: + - name: PGHOST + value: /tmp + - name: PG_PRIMARY_USER + value: primaryuser + - name: PG_MODE + value: {{ $pgMode }} + - name: PG_PRIMARY_HOST + value: "{{ $dot.Values.container.name.primary }}" + - name: PG_REPLICA_HOST + value: "{{ $dot.Values.container.name.replica }}" + - name: PG_PRIMARY_PORT + value: "{{ $dot.Values.service.internalPort }}" + - name: PG_PRIMARY_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }} + - name: PG_USER + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }} + - name: PG_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }} + - name: PG_DATABASE + value: "{{ $dot.Values.config.pgDatabase }}" + - name: PG_ROOT_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }} + volumeMounts: + - name: config + mountPath: /pgconf/pool_hba.conf + subPath: pool_hba.conf + - name: pgconf + mountPath: /pgconf/setup.sql + subPath: setup.sql + - mountPath: /pgdata + name: {{ include "common.fullname" $dot }}-data + - mountPath: /backup + name: {{ include "common.fullname" $dot }}-backup + readOnly: true + resources: +{{ include "common.resources" $dot | indent 12 }} + {{- if $dot.Values.nodeSelector }} + nodeSelector: +{{ toYaml $dot.Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if $dot.Values.affinity }} + affinity: +{{ toYaml $dot.Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" $dot }}-backup + emptyDir: {} + - name: {{ include "common.fullname" $dot }}-data +{{- if $dot.Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "common.fullname" $dot }}-{{ $pgMode }} +{{- else }} + emptyDir: {} +{{ end }} + - name: config + configMap: + name: {{ include "common.fullname" $dot }} + - name: pgconf + emptyDir: + medium: Memory +{{- end -}} diff --git a/kubernetes/common/postgres/templates/deployment-primary.yaml b/kubernetes/common/postgres/templates/deployment-primary.yaml index b234dc2092..c8a000142e 100644 --- a/kubernetes/common/postgres/templates/deployment-primary.yaml +++ b/kubernetes/common/postgres/templates/deployment-primary.yaml @@ -13,126 +13,4 @@ # # See the License for the specific language governing permissions and # # limitations under the License. */}} -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }}-primary - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-primary - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - name: "{{ .Values.container.name.primary }}" -spec: - serviceName: {{ .Values.service.name }} - replicas: 1 - template: - metadata: - labels: - app: {{ include "common.name" . }}-primary - release: {{ include "common.release" . }} - name: "{{ .Values.container.name.primary }}" - spec: - initContainers: - - name: init-sysctl - command: - - /bin/sh - - -c - - | - chown 26:26 /podroot/; - chmod 700 /podroot/; - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-data - mountPath: /podroot/ - containers: - - name: {{ include "common.name" . }} - image: "{{ .Values.postgresRepository }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - {{- end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: PGHOST - value: /tmp - - name: PG_PRIMARY_USER - value: primaryuser - - name: PG_MODE - value: primary - - name: PG_PRIMARY_HOST - value: "{{ .Values.container.name.primary }}" - - name: PG_REPLICA_HOST - value: "{{ .Values.container.name.replica }}" - - name: PG_PRIMARY_PORT - value: "{{ .Values.service.internalPort }}" - - name: PG_PRIMARY_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: pg-primary-password - - name: PG_USER - value: "{{ .Values.config.pgUserName }}" - - name: PG_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: pg-user-password - - name: PG_DATABASE - value: "{{ .Values.config.pgDatabase }}" - - name: PG_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: pg-root-password - volumeMounts: - - name: pool-hba-conf - mountPath: /pgconf/pool_hba.conf - subPath: pool_hba.conf - - mountPath: /pgdata - name: {{ include "common.fullname" . }}-data - - mountPath: /backup - name: {{ include "common.fullname" . }}-backup - readOnly: true - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }}-backup - emptyDir: {} - - name: {{ include "common.fullname" . }}-data -{{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-primary -{{- else }} - emptyDir: {} -{{ end }} - - name: pool-hba-conf - configMap: - name: {{ include "common.fullname" . }} +{{ include "common.postgres.deployment" (dict "dot" . "pgMode" "primary") }} diff --git a/kubernetes/common/postgres/templates/deployment-replica.yaml b/kubernetes/common/postgres/templates/deployment-replica.yaml index 72a8736e17..dc19c2d985 100644 --- a/kubernetes/common/postgres/templates/deployment-replica.yaml +++ b/kubernetes/common/postgres/templates/deployment-replica.yaml @@ -13,126 +13,4 @@ # # See the License for the specific language governing permissions and # # limitations under the License. */}} -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }}-replica - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-replica - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - name: "{{ .Values.container.name.replica }}" -spec: - serviceName: {{ .Values.service.name }} - replicas: 1 - template: - metadata: - labels: - app: {{ include "common.name" . }}-replica - release: {{ include "common.release" . }} - name: "{{ .Values.container.name.replica }}" - spec: - initContainers: - - name: init-sysctl - command: - - /bin/sh - - -c - - | - chown 26:26 /podroot/; - chmod 700 /podroot/; - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-data - mountPath: /podroot/ - containers: - - name: {{ include "common.name" . }} - image: "{{ .Values.postgresRepository }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - {{end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: PGHOST - value: /tmp - - name: PG_PRIMARY_USER - value: primaryuser - - name: PG_MODE - value: replica - - name: PG_PRIMARY_HOST - value: "{{.Values.container.name.primary}}" - - name: PG_REPLICA_HOST - value: "{{.Values.container.name.replica}}" - - name: PG_PRIMARY_PORT - value: "{{.Values.service.internalPort}}" - - name: PG_PRIMARY_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: pg-primary-password - - name: PG_USER - value: "{{.Values.config.pgUserName}}" - - name: PG_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: pg-user-password - - name: PG_DATABASE - value: "{{.Values.config.pgDatabase}}" - - name: PG_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: pg-root-password - volumeMounts: - - name: pool-hba-conf - mountPath: /pgconf/pool_hba.conf - subPath: pool_hba.conf - - mountPath: /pgdata - name: {{ include "common.fullname" . }}-data - - mountPath: /backup - name: {{ include "common.fullname" . }}-backup - readOnly: true - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }}-backup - emptyDir: {} - - name: {{ include "common.fullname" . }}-data -{{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-replica -{{- else }} - emptyDir: {} -{{ end }} - - name: pool-hba-conf - configMap: - name: {{ include "common.fullname" . }} +{{ include "common.postgres.deployment" (dict "dot" . "pgMode" "replica") }} diff --git a/kubernetes/common/postgres/templates/pvc-primary.yaml b/kubernetes/common/postgres/templates/pvc-primary.yaml index fa25f19077..a47d3ed56e 100644 --- a/kubernetes/common/postgres/templates/pvc-primary.yaml +++ b/kubernetes/common/postgres/templates/pvc-primary.yaml @@ -41,5 +41,4 @@ spec: {{- else }} storageClassName: {{ include "common.storageClass" . }} {{- end }} - storageClassName: "{{ include "common.fullname" . }}-primary" {{- end -}} diff --git a/kubernetes/common/postgres/templates/secrets.yaml b/kubernetes/common/postgres/templates/secrets.yaml index db1bc5bb15..c4cde05216 100644 --- a/kubernetes/common/postgres/templates/secrets.yaml +++ b/kubernetes/common/postgres/templates/secrets.yaml @@ -13,19 +13,4 @@ # # See the License for the specific language governing permissions and # # limitations under the License. */}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - pg-primary-password: {{ .Values.config.pgPrimaryPassword | b64enc | quote }} - pg-user-password: {{ .Values.config.pgUserPassword | b64enc | quote }} - pg-root-password: {{ .Values.config.pgRootPassword | b64enc | quote }} - +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml index 3104ee79d2..10f9405de6 100644 --- a/kubernetes/common/postgres/values.yaml +++ b/kubernetes/common/postgres/values.yaml @@ -21,6 +21,27 @@ global: readinessRepository: oomk8s readinessImage: readiness-check:2.0.0 + # envsusbt + envsubstImage: dibi/envsubst + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: '{{ include "common.postgres.secret.rootPassUID" . }}' + type: password + externalSecret: '{{ tpl (default "" .Values.config.pgRootPasswordExternalSecret) . }}' + password: '{{ .Values.config.pgRootPassword }}' + - uid: '{{ include "common.postgres.secret.userCredentialsUID" . }}' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.pgUserExternalSecret) . }}' + login: '{{ .Values.config.pgUserName }}' + password: '{{ .Values.config.pgUserPassword }}' + - uid: '{{ include "common.postgres.secret.primaryPasswordUID" . }}' + type: password + externalSecret: '{{ tpl (default "" .Values.config.pgPrimaryPasswordExternalSecret) . }}' + password: '{{ .Values.config.pgPrimaryPassword }}' + ################################################################# # Application configuration defaults. ################################################################# @@ -30,7 +51,7 @@ busyboxRepository: registry.hub.docker.com busyboxImage: library/busybox:latest postgresRepository: crunchydata -image: crunchy-postgres:centos7-10.4-2.0.0 +image: crunchy-postgres:centos7-10.11-4.2.1 pullPolicy: Always # application configuration @@ -46,22 +67,6 @@ container: primary: pgset-primary replica: pgset-replica -pgpool: - container: - port: 5432 - name: - primary: pgset-primary - replica: pgset-replica - credentials: - pgusername: testuser - pgpassword: password - service: - name: pgpool - - -# default number of instances -replicaCount: 2 - nodeSelector: {} affinity: {} |