diff options
Diffstat (limited to 'kubernetes/common')
95 files changed, 3429 insertions, 1440 deletions
diff --git a/kubernetes/common/cassandra/templates/backup/cronjob.yaml b/kubernetes/common/cassandra/templates/backup/cronjob.yaml index 630ac43ba3..0d06318422 100644 --- a/kubernetes/common/cassandra/templates/backup/cronjob.yaml +++ b/kubernetes/common/cassandra/templates/backup/cronjob.yaml @@ -75,7 +75,7 @@ spec: echo "Executing cleanup!!" command="nodetool cleanup" - /root/exec.py -p "cassandra" -c "$command" + /root/exec.py -p "cassandra" -c "$command" echo "Cleaned Node!! Backing up database now!!!" command="nodetool snapshot -t $curr_time" @@ -97,7 +97,7 @@ spec: if [ 1 ] {{- range $t, $keyspace := $root.Values.backup.keyspacesToSkip }} && [ "{{ $keyspace.name }}" != "$keyspace_name" ] {{- end }}; then /root/restore.sh -b $backup_dir/cassandra-{{ $i }}/data -s /onap-data/cassandra-{{ $i }}/data/$keyspace_name -k $keyspace_name -t $curr_time & pids="$pids $!" - fi + fi done {{- end }} @@ -121,7 +121,7 @@ spec: echo "Failed" > /backup/backup.log exit 0 fi - + mv /backup/temp /backup/backup-${curr_time} echo "Success" > /backup/backup.log echo "Cassandra Backup Succeeded" @@ -135,8 +135,10 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /onap-data - name: data-dir + {{- range $i := until (int .Values.replicaCount)}} + - mountPath: /onap-data/cassandra-{{ $i }} + name: data-dir-{{ $i }} + {{- end }} - mountPath: /backup name: backup-dir - name: scripts @@ -144,7 +146,7 @@ spec: subPath: restore.sh - name: scripts mountPath: /root/exec.py - subPath: exec.py + subPath: exec.py containers: - name: cassandra-backup-validate image: "{{ .Values.image }}" @@ -200,7 +202,7 @@ spec: done kill -9 $CASS_PID {{- end }} - echo "Validation Successful!!!" + echo "Validation Successful!!!" cd /backup totalFiles=`ls -t | grep "backup-" | wc -l` if [ $totalFiles -gt {{ .Values.backup.retentionPeriod }} ]; then @@ -230,13 +232,14 @@ spec: path: /etc/localtime - name: scripts configMap: - name: {{ include "common.fullname" $ }}-configmap + name: {{ include "common.fullname" . }}-configmap defaultMode: 0755 - - name: data-dir + {{- range $i := until (int .Values.replicaCount)}} + - name: data-dir-{{ $i }} persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-db-data + claimName: {{ include "common.fullname" . }}-data-{{ $i }} + {{- end }} - name: backup-dir persistentVolumeClaim: claimName: {{ include "common.fullname" . }}-backup-data {{- end -}} - diff --git a/kubernetes/common/cassandra/templates/backup/pv.yaml b/kubernetes/common/cassandra/templates/backup/pv.yaml index 332dc95e05..10c310077b 100644 --- a/kubernetes/common/cassandra/templates/backup/pv.yaml +++ b/kubernetes/common/cassandra/templates/backup/pv.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2019 Amdocs, Bell Canada, AT&T +# Copyright © 2019 Amdocs, Bell Canada, AT&T, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,25 +14,8 @@ # limitations under the License. */}} {{- if .Values.backup.enabled }} -{{ if .Values.persistence.enabled }} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ include "common.fullname" . }}-db-data - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - heritage: {{ .Release.Service }} - name: {{ include "common.fullname" . }}-db-data -spec: - capacity: - storage: {{ .Values.persistence.size }} - accessModes: - - {{ .Values.persistence.accessMode }} - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if eq "True" (include "common.needPV" .) -}} --- apiVersion: v1 kind: PersistentVolume @@ -49,9 +32,10 @@ spec: storage: {{ .Values.persistence.size }} accessModes: - {{ .Values.persistence.accessMode }} - hostPath: - path: {{ .Values.global.persistence.backup.mountPath | default .Values.persistence.backup.mountPath }}/{{ include "common.namespace" $ }}/{{ include "common.fullname" $ }} persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} -{{ end }} + storageClassName: "{{ include "common.fullname" . }}-data" + hostPath: + path: {{ .Values.global.persistence.backup.mountPath | default .Values.persistence.backup.mountPath }}/{{ include "common.namespace" . }}/{{ include "common.fullname" . }} +{{- end -}} +{{- end -}} {{- end -}} - diff --git a/kubernetes/common/cassandra/templates/backup/pvc.yaml b/kubernetes/common/cassandra/templates/backup/pvc.yaml index 1f848c3315..dd7f3810a0 100644 --- a/kubernetes/common/cassandra/templates/backup/pvc.yaml +++ b/kubernetes/common/cassandra/templates/backup/pvc.yaml @@ -15,36 +15,6 @@ */}} {{- if .Values.backup.enabled }} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-db-data - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-backup - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - selector: - matchLabels: - name: {{ include "common.fullname" . }}-db-data - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end }} --- kind: PersistentVolumeClaim apiVersion: v1 @@ -61,20 +31,11 @@ metadata: {{ toYaml .Values.persistence.annotations | indent 4 }} {{- end }} spec: - selector: - matchLabels: - name: {{ include "common.fullname" . }}-backup-data accessModes: - {{ .Values.persistence.accessMode }} resources: requests: storage: {{ .Values.persistence.size }} -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end }} + storageClassName: {{ include "common.storageClass" . }} {{- end -}} {{- end -}} diff --git a/kubernetes/common/cassandra/templates/pv.yaml b/kubernetes/common/cassandra/templates/pv.yaml index 06f41e7683..fbbb5ba105 100644 --- a/kubernetes/common/cassandra/templates/pv.yaml +++ b/kubernetes/common/cassandra/templates/pv.yaml @@ -12,28 +12,35 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ if .Values.persistence.enabled }} -{{- $root := . -}} -{{ range $i, $e := until (int $root.Values.replicaCount) }} +{{- $global := . }} +{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} +{{- if eq "True" (include "common.needPV" .) -}} +{{- range $i := until (int $global.Values.replicaCount)}} --- apiVersion: v1 kind: PersistentVolume metadata: - name: {{ $root.Release.Name }}-{{ $root.Values.service.name }}-{{ $i }} - namespace: {{ $root.Release.Namespace }} + name: {{ $global.Release.Name }}-{{ $global.Values.service.name }}-{{ $i }} + namespace: {{ $global.Release.Namespace }} labels: - type: {{ $root.Values.persistence.storageType }} - app: {{ $root.Values.service.name }} - chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }} - release: {{ $root.Release.Name }} - heritage: {{ $root.Release.Service }} + type: {{ $global.Values.persistence.storageType }} + app: {{ $global.Values.service.name }} + chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }} + release: {{ $global.Release.Name }} + heritage: {{ $global.Release.Service }} spec: capacity: - storage: {{ $root.Values.persistence.size }} + storage: {{ $global.Values.persistence.size }} accessModes: - - {{ $root.Values.persistence.accessMode }} + {{- if $global.Values.backup.enabled }} + - ReadWriteMany + {{- else }} + - ReadWriteOnce + {{- end }} + persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" $global }}-data" hostPath: - path: {{ $root.Values.persistence.mountPath }}/{{ $root.Release.Name }}/{{ $root.Values.persistence.mountSubPath }}-{{ $i }} - persistentVolumeReclaimPolicy: {{ $root.Values.persistence.volumeReclaimPolicy }} -{{ end }} -{{ end }} + path: {{ $global.Values.persistence.mountPath }}/{{ $global.Release.Name }}/{{ $global.Values.persistence.mountSubPath }}-{{ $i }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index 4be3570851..72e886d4d1 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -49,7 +49,7 @@ spec: - containerPort: {{ $ports.port }} {{- end }} volumeMounts: - - name: cassandra-data + - name: {{ include "common.fullname" . }}-data mountPath: /var/lib/cassandra - name: localtime mountPath: /etc/localtime @@ -151,25 +151,26 @@ spec: name: {{ include "common.fullname" . }}-entrypoint defaultMode: 0755 {{- if not .Values.persistence.enabled }} - - name: cassandra-data + - name: {{ include "common.fullname" . }}-data emptyDir: {} {{- else }} volumeClaimTemplates: - metadata: - name: cassandra-data + name: {{ include "common.fullname" . }}-data labels: - app: {{ template "common.fullname" . }} + name: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" - annotations: - volume.beta.kubernetes.io/storage-class: {{ .Values.persistence.storageClass }} spec: accessModes: - - {{ .Values.persistence.accessMode | quote }} + {{- if .Values.backup.enabled }} + - ReadWriteMany + {{- else }} + - ReadWriteOnce + {{- end }} + storageClassName: {{ include "common.storageClass" . }} resources: requests: storage: {{ .Values.persistence.size | quote }} - selector: - matchLabels: - release: "{{ .Release.Name }}" {{- end }} diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml index f078bd17ce..c3af7e59b2 100644 --- a/kubernetes/common/cassandra/values.yaml +++ b/kubernetes/common/cassandra/values.yaml @@ -37,7 +37,7 @@ debugEnabled: false config: cluster_domain: cluster.local heap: - max: 512M + max: 2048M min: 100M jvmOpts: -Dcassandra.consistent.rangemovement=false clusterName: cassandra @@ -115,12 +115,12 @@ persistence: ## GKE, AWS & OpenStack) ## ## storageClass: "-" - accessMode: ReadWriteOnce + ## Not set as it depends of the backup enabledment or not. + #accessMode: ReadWriteOnce size: 2Gi mountPath: /dockerdata-nfs mountSubPath: cassandra storageType: local - storageClass: "" backup: mountPath: /dockerdata-nfs/backup diff --git a/kubernetes/common/common/templates/_createPassword.tpl b/kubernetes/common/common/templates/_createPassword.tpl new file mode 100644 index 0000000000..938b0ee514 --- /dev/null +++ b/kubernetes/common/common/templates/_createPassword.tpl @@ -0,0 +1,62 @@ +{{/* +# Copyright © 2019 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + Resolve the master password to be used to derive other passwords. The value of + .Values.masterPassword is used by default, unless either override mechanism is + used: + + - .Values.global.masterPassword : override default master password for all charts + - .Values.masterPasswordOverride : override global and default masterPassword on a per chart basis +*/}} +{{- define "common.masterPassword" -}} + {{ if .Values.masterPasswordOverride }} + {{- printf "%d" .Values.masterPasswordOverride -}} + {{ else if .Values.global.masterPassword }} + {{- printf "%d" .Values.global.masterPassword -}} + {{ else if .Values.masterPassword }} + {{- printf "%d" .Values.masterPassword -}} + {{ else }} + {{ fail "masterPassword not provided" }} + {{ end }} +{{- end -}} + +{{/* + Generate a new password based on masterPassword. The new password is not + random, it is derived from masterPassword, fully qualified chart name and + additional uid provided by the user. This ensures that every time when we + run this function from the same place, with the same password and uid we + get the same results. This allows to avoid password changes while you are + doing upgrade. + + The function can take from one to three arguments (inside a dictionary): + - .dot : environment (.) + - .uid : unique identifier of password to be generated within this particular chart. Use only when you create more than a single password within one chart + - .strength : complexity of derived password. See derivePassword documentation for more details + + Example calls: + + {{ include "common.createPassword" . }} + {{ include "common.createPassword" (dict "dot" . "uid" "mysqlRootPasswd") }} + +*/}} +{{- define "common.createPassword" -}} + {{- $dot := default . .dot -}} + {{- $uid := default "onap" .uid -}} + {{- $strength := default "long" .strength -}} + {{- $mp := include "common.masterPassword" $dot -}} + {{- derivePassword 1 $strength $mp (include "common.fullname" $dot) $uid -}} +{{- end -}} diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index 49d7eeb415..b4afe6309d 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -1,12 +1,24 @@ {{- define "ingress.config.port" -}} {{- if .Values.ingress -}} -{{- if .Values.ingress.service -}} +{{- if or (not .Values.global.ingress.virtualhost) (not .Values.global.ingress.virtualhost.enabled) -}} + - http: + paths: {{- range .Values.ingress.service }} - - path: {{ .path }} + - path: {{ printf "/%s" (required "baseaddr" .baseaddr) }} backend: serviceName: {{ .name }} servicePort: {{ .port }} {{- end -}} +{{- else if .Values.ingress.service -}} +{{- $burl := (required "baseurl" .Values.global.ingress.virtualhost.baseurl) -}} +{{ range .Values.ingress.service }} + - host: {{ printf "%s.%s" (required "baseaddr" .baseaddr) $burl }} + http: + paths: + - backend: + serviceName: {{ .name }} + servicePort: {{ .port }} +{{- end -}} {{- else -}} - path: {{ printf "/%s" .Chart.Name }} backend: @@ -17,18 +29,37 @@ {{- end -}} +{{- define "ingress.config.annotations.ssl" -}} +{{- if .Values.ingress.config -}} +{{- if .Values.ingress.config.ssl -}} +{{- if eq .Values.ingress.config.ssl "redirect" -}} +kubernetes.io/ingress.class: nginx +nginx.ingress.kubernetes.io/ssl-passthrough: "true" +nginx.ingress.kubernetes.io/ssl-redirect: "true" +{{- else if eq .Values.ingress.config.ssl "native" -}} +nginx.ingress.kubernetes.io/ssl-redirect: "true" +{{- else if eq .Values.ingress.config.ssl "none" -}} +nginx.ingress.kubernetes.io/ssl-redirect: "false" +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + + {{- define "ingress.config.annotations" -}} {{- if .Values.ingress -}} {{- if .Values.ingress.annotations -}} {{ toYaml .Values.ingress.annotations | indent 4 | trim }} {{- end -}} {{- end -}} +{{ include "ingress.config.annotations.ssl" . | indent 4 | trim }} {{- end -}} {{- define "common.ingress" -}} {{- if .Values.ingress -}} -{{- if .Values.ingress.enabled -}} +{{- if .Values.global.ingress -}} +{{- if and .Values.ingress.enabled .Values.global.ingress.enabled -}} apiVersion: extensions/v1beta1 kind: Ingress metadata: @@ -42,9 +73,7 @@ metadata: heritage: {{ .Release.Service }} spec: rules: - - http: - paths: - {{- include "ingress.config.port" . }} + {{ include "ingress.config.port" . | trim }} {{- if .Values.ingress.tls }} tls: {{ toYaml .Values.ingress.tls | indent 4 }} @@ -52,4 +81,4 @@ spec: {{- end -}} {{- end -}} {{- end -}} - +{{- end -}}
\ No newline at end of file diff --git a/kubernetes/common/common/templates/_mariadb.tpl b/kubernetes/common/common/templates/_mariadb.tpl new file mode 100644 index 0000000000..15fb5a4225 --- /dev/null +++ b/kubernetes/common/common/templates/_mariadb.tpl @@ -0,0 +1,59 @@ +{{/* +# Copyright © 2019 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + Choose the name of the mariadb service to use. +*/}} +{{- define "common.mariadbService" -}} + {{- if .Values.global.mariadbGalera.localCluster -}} + {{- index .Values "mariadb-galera" "service" "name" -}} + {{- else -}} + {{- .Values.global.mariadbGalera.service -}} + {{- end -}} +{{- end -}} + +{{/* + Choose the value of mariadb port to use. +*/}} +{{- define "common.mariadbPort" -}} + {{- if .Values.global.mariadbGalera.localCluster -}} + {{- index .Values "mariadb-galera" "service" "internalPort" -}} + {{- else -}} + {{- .Values.global.mariadbGalera.internalPort -}} + {{- end -}} +{{- end -}} + +{{/* + Choose the value of secret to retrieve user value. +*/}} +{{- define "common.mariadbSecret" -}} + {{- if .Values.global.mariadbGalera.localCluster -}} + {{ printf "%s-%s-db-user-credentials" (include "common.fullname" .) (index .Values "mariadb-galera" "nameOverride") -}} + {{- else -}} + {{ printf "%s-%s" (.Release.Name) (index .Values "mariadb-init" "nameOverride") -}} + {{- end -}} +{{- end -}} + +{{/* + Choose the value of secret param to retrieve user value. +*/}} +{{- define "common.mariadbSecretParam" -}} + {{- if .Values.global.mariadbGalera.localCluster -}} + {{ printf "password" -}} + {{- else -}} + {{ printf "db-user-password" -}} + {{- end -}} +{{- end -}} diff --git a/kubernetes/common/common/templates/_name.tpl b/kubernetes/common/common/templates/_name.tpl index 4299984673..f84ca21f3a 100644 --- a/kubernetes/common/common/templates/_name.tpl +++ b/kubernetes/common/common/templates/_name.tpl @@ -28,4 +28,14 @@ {{- define "common.fullname" -}} {{- $name := default .Chart.Name .Values.nameOverride -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}}
\ No newline at end of file +{{- end -}} + +{{/* + Retrieve the "original" release from the component release: + if ONAP is deploy with "helm deploy --name toto", then cassandra components + will have "toto-cassandra" as release name. + this function would answer back "toto". +*/}} +{{- define "common.release" -}} + {{- regexReplaceAll "-[a-zA-Z0-9]*$" .Release.Name "" }} +{{- end -}} diff --git a/kubernetes/common/common/templates/_secret.yaml b/kubernetes/common/common/templates/_secret.yaml new file mode 100644 index 0000000000..523d7880f0 --- /dev/null +++ b/kubernetes/common/common/templates/_secret.yaml @@ -0,0 +1,276 @@ +{{/* +# Copyright © 2019 AT&T, Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + For internal use only! + + Generates a secret header with given name and desired labels. + + The template takes two arguments: + - .global: environment (.) + - .name: name of the secret + + Example call: + {{ include "common.secret._header" (dict "global" . "name" "myFancyName") }} +*/}} +{{- define "common.secret._header" -}} +{{- $global := .global }} +{{- $name := .name }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $name }} + namespace: {{ include "common.namespace" $global }} + labels: + app: {{ include "common.name" $global }} + chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }} + release: {{ $global.Release.Name }} + heritage: {{ $global.Release.Service }} +type: Opaque +{{- end -}} + +{{/* + For internal use only! + + Pick a value based on "user input" and generation policy. + + The template takes below arguments: + - .global: environment (.) + - .secretName: name of the secret where the value will be placed + - .secretEnv: map of values which configures this secret. This can contain below keys: + - value: Value of secret key provided by user (can be a template inside a string) + - policy: What to do if value is missing or empty. Possible options are: + - generate: Generate a new password deriving it from master password + - required: Fail the deployment if value has not been provided + Defaults to generate. + - name: Name of the key to which this value should be assigned +*/}} +{{- define "common.secret._value" -}} + {{- $global := .global }} + {{- $name := .secretName }} + {{- $secretEnv := .secretEnv }} + {{- $value := tpl $secretEnv.value $global }} + {{- $policy := default "generate" $secretEnv.policy }} + + {{- if $value }} + {{- $value | quote }} + {{- else if eq $policy "generate" }} + {{- include "common.createPassword" (dict "dot" $global "uid" $name) | quote }} + {{- else }} + {{- fail (printf "Value for %s secret %s key not provided" $name $secretEnv.name) }} + {{- end }} +{{- end -}} + + +{{/* + For internal use only! + + Generate a secret name based on provided name or UID. + If UID is provided then the name is generated by appending this UID right after + the chart name. If name is provided, it overrides the name generation algorith + and is used right away. Both name and uid strings may contain a template to be + resolved. + + The template takes below arguments: + - .global: environment (.) + - .uid: string that uniquely identifies this secret within a helm chart + - .name: string that can be used to override default name generation algorithm + and provide a custom name for the secret +*/}} +{{- define "common.secret._genName" -}} + {{- $global := .global }} + {{- $uid := tpl (default "" .uid) $global }} + {{- $name := tpl (default "" .name) $global }} + {{- default (printf "%s-%s" (include "common.fullname" $global) $uid) $name }} +{{- end -}} + +{{/* + Get the real secret name by UID or name, based on the configuration provided by user. + User may decide to not create a new secret but reuse existing one for this deployment + (aka externalSecret). In this case the real name of secret to be used is different + than the one declared in secret definition. This easily retrieve current secret real + name based on declared name or UID even if it has been overrided by the user using + externalSecret option. You should use this template always when you need to reference + a secret created using common.secret template by name. + + The template takes below arguments: + - .global: environment (.) + - .uid: string that uniquely identifies this secret within a helm chart + (can be omitted if name has been provided) + - .name: name which was used to declare a secret + (can be omitted if uid has been provided) +*/}} +{{- define "common.secret.getSecretName" -}} + {{- $global := .global }} + {{- $targetName := include "common.secret._genName" (dict "global" $global "uid" .uid "name" .name) }} + {{- range $secret := $global.Values.secrets }} + {{- $currName := include "common.secret._genName" (dict "global" $global "uid" $secret.uid "name" $secret.name) }} + {{- if eq $currName $targetName }} + {{- $externalSecret := tpl (default "" $secret.externalSecret) $global }} + {{- default $currName $externalSecret }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* + Convenience template which can be used to easily set the value of environment variable + to the value of a key in a secret. + + It takes care of all name mangling, usage of external secrets etc. + + The template takes below arguments: + - .global: environment (.) + - .uid: string that uniquely identifies this secret within a helm chart + (can be omitted if name has been provided) + - .name: name which was used to declare a secret + (can be omitted if uid has been provided) + - .key: Key within this secret which value should be assigned to this variable + + Example usage: + env: + - name: SECRET_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "secret" "key" "password") | indent 8}} +*/}} +{{- define "common.secret.envFromSecret" -}} + {{- $key := .key }} +valueFrom: + secretKeyRef: + name: {{ include "common.secret.getSecretName" . }} + key: {{ $key }} +{{- end -}} + +{{/* + Define secrets to be used by chart. + Every secret has a type which is one of: + - generic: + Generic secret template that allows to input some raw data (from files). + File Input can be passed as list of files (filePaths) or as a single string + (filePath) + - genericKV: + Type of secret which allows you to define a list of key value pairs. + The list is assiged to envs value. Every item may define below items: + - name: + Identifier of this value within secret + - value: + String that defines a value associated with given key. + This can be a simple string or a template. + - policy: + Defines what to do if value is not provided by the user. + Available options are: + - generate: + Generate a value by derriving it from master password + - required: + Fail the deployment + - password: + Type of secret that holds only the password. + Only two items can be defined for this type: + - password: + Equivalent of value field from genericKV + - policy: + The same meaning as for genericKV policy field + - basicAuth: + Type of secret that holds both username and password. + Below fields are available: + - login: + The value for login key. + This can be a simple string or a template. + Providing a value for login is always required. + - password: + The value for password key. + This can be a simple string or a template. + - passwordPolicy: + The same meaning as the policy field in genericKV. + Only the policy for password can be set. + + Every secret can be identified using: + - uid: + A string to be appended to the chart fullname to generate a secret name. + - name: + Overrides default secret name generation and allows to set immutable + and globaly unique name + + To allow sharing a secret between the components and allow to pre-deploy secrets + before ONAP deployment it is possible to use already existing secret instead of + creating a new one. For this purpose externalSecret field can be used. If value of + this field is evaluated to true no new secret is created, only the name of the + secret is aliased to the external one. + + Example usage: + secrets.yaml: + {{ include "common.secret" . }} + + values.yaml: + mysqlLogin: "root" + + mysqlExternalSecret: "some-other-secret-name" + + secrets: + - uid: "mysql" + externalSecret: '{{ tpl .Values.passExternalSecret . }}' + type: basicAuth + login: '{{ .Values.mysqlLogin }}' + mysqlPassword: '{{ .Values.mysqlPassword }}' + passwordPolicy: generate + + In the above example new secret is not going to be created. + Already existing one (some-other-secret-name) is going to be used. + To force creating a new one, just make sure that mysqlExternalSecret + is not set. + +*/}} +{{- define "common.secret" -}} + {{- $global := . }} + {{- range $secret := .Values.secrets }} + {{- $name := include "common.secret._genName" (dict "global" $global "uid" $secret.uid "name" $secret.name) }} + {{- $type := default "generic" $secret.type }} + {{- $externalSecret := tpl (default "" $secret.externalSecret) $global }} + {{- if not $externalSecret }} +--- + {{ include "common.secret._header" (dict "global" $global "name" $name) }} + + {{- if eq $type "generic" }} +data: + {{- range $curFilePath := $secret.filePaths }} + {{ tpl ($global.Files.Glob $curFilePath).AsSecrets $global | indent 2 }} + {{- end }} + {{- if $secret.filePath }} + {{ tpl ($global.Files.Glob $secret.filePath).AsSecrets $global | indent 2 }} + {{- end }} + {{- else if eq $type "genericKV" }} +stringData: + {{- if $secret.envs }} + {{- range $secretEnv := $secret.envs }} + {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }} + {{ $secretEnv.name }}: {{ include "common.secret._value" $valueDesc }} + {{- end }} + {{- end }} + {{- else if eq $type "password" }} + {{- $secretEnv := (dict "policy" (default "generate" $secret.policy) "name" "password" "value" $secret.password) }} + {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }} +stringData: + password: {{ include "common.secret._value" $valueDesc }} + {{- else if eq $type "basicAuth" }} +stringData: + {{- $secretEnv := (dict "policy" "required" "name" "login" "value" $secret.login) }} + {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }} + login: {{ include "common.secret._value" $valueDesc }} + {{- $secretEnv := (dict "policy" (default "generate" $secret.passwordPolicy) "name" "password" "value" $secret.password) }} + {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }} + password: {{ include "common.secret._value" $valueDesc }} + {{- end }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/kubernetes/common/common/templates/_storageClass.tpl b/kubernetes/common/common/templates/_storageClass.tpl new file mode 100644 index 0000000000..8fd1f9772b --- /dev/null +++ b/kubernetes/common/common/templates/_storageClass.tpl @@ -0,0 +1,57 @@ +{{/* +# Copyright © 2019 Amdocs, Bell Canada, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + Expand the name of the storage class. + The value "common.fullname"-data is used by default, + unless either override mechanism is used. + + - .Values.global.persistence.storageClass : override default storageClass for all charts + - .Values.persistence.storageClassOverride : override global and default storage class on a per chart basis + - .Values.persistence.storageClass : override default storage class on a per chart basis +*/}} +{{- define "common.storageClass" -}} + {{- if .Values.persistence.storageClassOverride -}} + {{- if ne "-" .Values.persistence.storageClassOverride -}} + {{- printf "%s" .Values.persistence.storageClassOverride -}} + {{- else -}} + {{- $storage_class := "" -}} + {{- printf "%q" $storage_class -}} + {{- end -}} + {{- else -}} + {{- if or .Values.persistence.storageClass .Values.global.persistence.storageClass }} + {{- if ne "-" (default .Values.persistence.storageClass .Values.global.persistence.storageClass) -}} + {{- printf "%s" (default .Values.persistence.storageClass .Values.global.persistence.storageClass) -}} + {{- else -}} + {{- $storage_class := "" -}} + {{- printf "%q" $storage_class -}} + {{- end -}} + {{- else -}} + {{- printf "%s-data" (include "common.fullname" .) -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* + Calculate if we need a PV. If a storageClass is provided, then we don't need. +*/}} +{{- define "common.needPV" -}} +{{- if or (or .Values.persistence.storageClassOverride .Values.persistence.storageClass) .Values.global.persistence.storageClass -}} + False +{{- else -}} + True +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/etcd/Chart.yaml b/kubernetes/common/etcd/Chart.yaml index a01524c42f..012a4e13ce 100644 --- a/kubernetes/common/etcd/Chart.yaml +++ b/kubernetes/common/etcd/Chart.yaml @@ -11,7 +11,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - + +apiVersion: v1 name: etcd home: https://github.com/coreos/etcd version: 5.0.0 diff --git a/kubernetes/common/etcd/templates/pv.yaml b/kubernetes/common/etcd/templates/pv.yaml index 65993e5f2a..da8dfb8a22 100644 --- a/kubernetes/common/etcd/templates/pv.yaml +++ b/kubernetes/common/etcd/templates/pv.yaml @@ -12,30 +12,34 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ if .Values.persistence.enabled }} -{{- $root := . -}} -{{ range $i, $e := until (int $root.Values.replicaCount) }} +{{- $global := . }} +{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} +{{- if eq "True" (include "common.needPV" .) -}} +{{- range $i := until (int $global.Values.replicaCount)}} --- apiVersion: v1 kind: PersistentVolume metadata: - name: {{ include "common.fullname" $root }}-data-{{ $i }} - namespace: {{ $root.Release.Namespace }} + name: {{ include "common.fullname" $global }}-data-{{ $i }} + namespace: {{ include "common.namespace" $global }} labels: - type: {{ $root.Values.persistence.storageType }} - app: {{ include "common.fullname" $root }} - chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }} - release: {{ $root.Release.Name }} - heritage: {{ $root.Release.Service }} + app: {{ include "common.fullname" $global }} + chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" + release: "{{ $global.Release.Name }}" + heritage: "{{ $global.Release.Service }}" + name: {{ include "common.fullname" $global }} spec: capacity: - storage: {{ $root.Values.persistence.storage }} + storage: {{ $global.Values.persistence.storage }} accessModes: - - {{ $root.Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" $root }}-data" + - {{ $global.Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" $global }}-data" hostPath: - path: {{ $root.Values.persistence.mountPath }}/{{ $root.Release.Name }}/{{ $root.Values.persistence.mountSubPath }}-{{ $i }} - persistentVolumeReclaimPolicy: {{ $root.Values.persistence.volumeReclaimPolicy }} -{{ end }} -{{ end }} - + path: {{ $global.Values.persistence.mountPath }}/{{ $global.Release.Name }}/{{ $global.Values.persistence.mountSubPath }}-{{ $i }} +{{if ne $i (int $global.Values.replicaCount) }} +--- +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index 7190c5bca0..cef1a48c2a 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -213,14 +213,19 @@ spec: volumeClaimTemplates: - metadata: name: {{ include "common.fullname" . }}-data + labels: + name: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" spec: accessModes: - - "{{ .Values.persistence.accessMode }}" + - "{{ .Values.persistence.accessMode }}" + storageClassName: {{ include "common.storageClass" . }} resources: requests: # upstream recommended max is 700M storage: "{{ .Values.persistence.storage }}" - storageClassName: {{ include "common.fullname" . }}-data {{- else }} volumes: - name: {{ include "common.fullname" . }}-data @@ -231,4 +236,3 @@ spec: emptyDir: {} {{- end }} {{- end }} - diff --git a/kubernetes/common/etcd/values.yaml b/kubernetes/common/etcd/values.yaml index 7f53d22248..d994f87ea4 100644 --- a/kubernetes/common/etcd/values.yaml +++ b/kubernetes/common/etcd/values.yaml @@ -45,7 +45,7 @@ liveness: enabled: true persistence: - enabled: false + enabled: true ## etcd data Persistent Volume Storage Class ## If defined, storageClassName: <storageClass> ## If set to "-", storageClassName: "", which disables dynamic provisioning @@ -79,4 +79,3 @@ tolerations: [] affinity: {} extraEnv: [] resources: {} - diff --git a/kubernetes/common/mariadb-galera/.helmignore b/kubernetes/common/mariadb-galera/.helmignore index f0c1319444..f3d010c5f7 100644 --- a/kubernetes/common/mariadb-galera/.helmignore +++ b/kubernetes/common/mariadb-galera/.helmignore @@ -19,3 +19,6 @@ .project .idea/ *.tmproj + +# Unit tests folder +tests diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml index 7d3ec75c00..408bd1814c 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2019 Amdocs, Bell Canada +# Copyright © 2019 Amdocs, Bell Canada, Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -86,25 +86,17 @@ spec: echo "Backup Successful!!!" env: - name: DB_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.fullname" . }} - key: db-root-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14}} volumeMounts: - - name: backup-data + - name: backup-dir mountPath: /backup - - name: db-data - mountPath: /var/lib/mysql containers: - name: mariadb-backup-validate image: "{{ include "common.repository" . }}/{{ .Values.backupImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.fullname" . }} - key: db-root-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14}} command: - /bin/bash - -c @@ -130,7 +122,7 @@ spec: remove_dir $target_dir exit 0 fi - + /docker-entrypoint.sh mysqld & count=0 @@ -163,16 +155,13 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - name: backup-data + - name: backup-dir mountPath: /backup volumes: - name: localtime hostPath: path: /etc/localtime - - name: db-data - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-db-data - - name: backup-data + - name: backup-dir persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-backup + claimName: {{ include "common.fullname" . }}-backup-data {{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/backup/pv.yaml b/kubernetes/common/mariadb-galera/templates/backup/pv.yaml index 2972191563..ec6f44d955 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/pv.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/pv.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2019 Amdocs, Bell Canada +# Copyright © 2019 Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,45 +15,27 @@ */}} {{- if .Values.backup.enabled }} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-backup - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }}-backup -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.global.persistence.backup.mountPath | default .Values.persistence.backup.mountPath }}/{{ include "common.namespace" . }}/{{include "common.name" . }} +{{- if eq "True" (include "common.needPV" .) -}} --- -kind: PersistentVolume apiVersion: v1 +kind: PersistentVolume metadata: - name: {{ include "common.fullname" . }}-db-data + name: {{ include "common.fullname" . }}-backup-data namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }}-db-data + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: {{ .Release.Service }} + name: {{ include "common.fullname" . }}-backup-data spec: capacity: - storage: {{ .Values.persistence.size}} + storage: {{ .Values.persistence.size }} accessModes: - {{ .Values.persistence.accessMode }} persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" . }}-data-backup" hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}{{ sub .Values.replicaCount 1 }} + path: {{ .Values.global.persistence.backup.mountPath | default .Values.persistence.backup.mountPath }}/{{ include "common.namespace" $ }}/{{ include "common.fullname" $ }} +{{- end -}} {{- end -}} {{- end -}} - diff --git a/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml b/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml index a983c8af98..06b590c7fd 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2019 Amdocs, Bell Canada +# Copyright © 2019 Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,44 +15,14 @@ */}} {{- if .Values.backup.enabled }} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-backup - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-backup - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - selector: - matchLabels: - name: {{ include "common.fullname" . }}-backup - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end }} --- kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: {{ include "common.fullname" . }}-db-data + name: {{ include "common.fullname" . }}-backup-data namespace: {{ include "common.namespace" . }} labels: - app: {{ include "common.name" . }}-db-data + app: {{ include "common.name" . }}-backup chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" @@ -61,21 +31,15 @@ metadata: {{ toYaml .Values.persistence.annotations | indent 4 }} {{- end }} spec: - selector: - matchLabels: - name: {{ include "common.fullname" . }}-db-data accessModes: - {{ .Values.persistence.accessMode }} resources: requests: storage: {{ .Values.persistence.size }} -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" +{{- if eq "True" (include "common.needPV" .) -}} + storageClassName: "{{ include "common.fullname" . }}-data-backup" {{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end }} + storageClassName: {{ include "common.storageClass" . }} +{{- end -}} {{- end -}} {{- end -}} - diff --git a/kubernetes/common/mariadb-galera/templates/configmap.yaml b/kubernetes/common/mariadb-galera/templates/configmap.yaml index 9c9a248f35..ff6e119b0c 100644 --- a/kubernetes/common/mariadb-galera/templates/configmap.yaml +++ b/kubernetes/common/mariadb-galera/templates/configmap.yaml @@ -12,19 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-confd - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/mariadb/conf.d/*").AsConfig . | indent 2 }} ---- {{- if .Values.externalConfig }} apiVersion: v1 kind: ConfigMap @@ -39,4 +26,4 @@ metadata: data: my_extra.cnf: | {{ .Values.externalConfig | indent 4 }} -{{- end -}}
\ No newline at end of file +{{- end -}} diff --git a/kubernetes/common/mariadb-galera/templates/pv.yaml b/kubernetes/common/mariadb-galera/templates/pv.yaml index a2096fdef3..795ad3188b 100644 --- a/kubernetes/common/mariadb-galera/templates/pv.yaml +++ b/kubernetes/common/mariadb-galera/templates/pv.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2019 Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,12 +14,13 @@ # limitations under the License. */}} {{- $global := . }} -{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) -}} -{{- range $i, $t := until (int $global.Values.replicaCount)}} +{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} +{{- if eq "True" (include "common.needPV" .) -}} +{{- range $i := until (int $global.Values.replicaCount)}} kind: PersistentVolume apiVersion: v1 metadata: - name: {{ include "common.fullname" $global }}-data{{$i}} + name: {{ include "common.fullname" $global }}-data-{{ $i }} namespace: {{ include "common.namespace" $global }} labels: app: {{ include "common.fullname" $global }} @@ -35,7 +36,10 @@ spec: persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} storageClassName: "{{ include "common.fullname" $global }}-data" hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ $global.Release.Name }}/{{ $global.Values.persistence.mountSubPath }}{{$i}} + path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ $global.Release.Name }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} +{{if ne $i (int $global.Values.replicaCount) }} --- {{- end -}} {{- end -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/mariadb-galera/templates/secrets.yaml b/kubernetes/common/mariadb-galera/templates/secrets.yaml index 233158f791..3f8eb0b6de 100644 --- a/kubernetes/common/mariadb-galera/templates/secrets.yaml +++ b/kubernetes/common/mariadb-galera/templates/secrets.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2019 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,18 +12,4 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -type: Opaque -data: - db-root-password: {{ .Values.config.mariadbRootPassword | b64enc | quote }} - user-password: {{ default "" .Values.config.userPassword | b64enc | quote }}
\ No newline at end of file +{{ include "common.secret" . }} diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml index b0b7174811..a9f1fb37b7 100644 --- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml +++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2019 Amdocs, Bell Canada, Orange, Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -61,19 +61,13 @@ spec: apiVersion: v1 fieldPath: metadata.namespace - name: MYSQL_USER - value: {{ default "" .Values.config.userName | quote }} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-credentials" "key" "login") | indent 14}} - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: user-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-credentials" "key" "password") | indent 14}} - name: MYSQL_DATABASE value: {{ default "" .Values.config.mysqlDatabase | quote }} - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14}} ports: - containerPort: {{ .Values.service.internalPort }} name: {{ .Values.service.portName }} @@ -112,7 +106,7 @@ spec: - mountPath: /var/lib/mysql name: {{ include "common.fullname" . }}-data initContainers: - - name: mariadb-galera-prepare + - name: {{ include "common.name" . }}-prepare image: "{{ include "common.repository" . }}/{{ .Values.imageInit }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy | quote}} command: ["sh", "-c", "chown -R 27:27 /var/lib/mysql"] @@ -130,11 +124,8 @@ spec: spec: accessModes: - {{ .Values.persistence.accessMode | quote }} - storageClassName: {{ include "common.fullname" . }}-data + storageClassName: {{ include "common.storageClass" . }} resources: requests: storage: {{ .Values.persistence.size | quote }} - selector: - matchLabels: - name: {{ include "common.fullname" . }} {{- end }} diff --git a/kubernetes/common/mariadb-galera/tests/pv_test.yaml b/kubernetes/common/mariadb-galera/tests/pv_test.yaml new file mode 100644 index 0000000000..cd4007960b --- /dev/null +++ b/kubernetes/common/mariadb-galera/tests/pv_test.yaml @@ -0,0 +1,35 @@ +--- +suite: test pv behavior +templates: + - pv.yaml +tests: + - it: 'should render "" (global case))' + values: + - ./values/persistence.yaml + set: + global.persistence.storageClass: "-" + asserts: + - isEmpty: + + - it: 'should "" (override case)' + values: + - ./values/persistence.yaml + set: + global.persistence.storageClass: "global" + persistence.storageClassOverride: "-" + asserts: + - isEmpty: + + - it: 'should "" (local case)' + values: + - ./values/persistence.yaml + set: + persistence.storageClass: "-" + asserts: + - isEmpty: + + - it: 'should render "RELEASE-NAME-mariadb-galera-data" as storageClassname' + asserts: + - equal: + path: spec.storageClassName + value: "RELEASE-NAME-mariadb-galera-data" diff --git a/kubernetes/common/mariadb-galera/tests/storage_class_test.yaml b/kubernetes/common/mariadb-galera/tests/storage_class_test.yaml new file mode 100644 index 0000000000..9b7bdcb550 --- /dev/null +++ b/kubernetes/common/mariadb-galera/tests/storage_class_test.yaml @@ -0,0 +1,67 @@ +--- +suite: test storage class behavior +templates: + - statefulset.yaml +tests: + - it: 'should render "" as storageClassname (global case)' + values: + - ./values/persistence.yaml + set: + global.persistence.storageClass: "-" + asserts: + - isEmpty: + path: spec.volumeClaimTemplates[0].spec.storageClassName + + - it: 'should "" as storageClassname (override case)' + values: + - ./values/persistence.yaml + set: + global.persistence.storageClass: "global" + persistence.storageClassOverride: "-" + asserts: + - isEmpty: + path: spec.volumeClaimTemplates[0].spec.storageClassName + + - it: 'should "" as storageClassname (local case)' + values: + - ./values/persistence.yaml + set: + persistence.storageClass: "-" + asserts: + - isEmpty: + path: spec.volumeClaimTemplates[0].spec.storageClassName + + - it: 'should render "global" as storageClassname' + values: + - ./values/persistence.yaml + set: + global.persistence.storageClass: "global" + asserts: + - equal: + path: spec.volumeClaimTemplates[0].spec.storageClassName + value: "global" + + - it: 'should render "local" as storageClassname' + values: + - ./values/persistence.yaml + asserts: + - equal: + path: spec.volumeClaimTemplates[0].spec.storageClassName + value: "local" + + - it: 'should render "override" as storageClassname' + values: + - ./values/persistence.yaml + set: + global.persistence.storageClass: "global" + persistence.storageClassOverride: "override" + asserts: + - equal: + path: spec.volumeClaimTemplates[0].spec.storageClassName + value: "override" + + - it: 'should render "RELEASE-NAME-mariadb-galera-data" as storageClassname' + asserts: + - equal: + path: spec.volumeClaimTemplates[0].spec.storageClassName + value: "RELEASE-NAME-mariadb-galera-data" diff --git a/kubernetes/common/mariadb-galera/tests/values/persistence.yaml b/kubernetes/common/mariadb-galera/tests/values/persistence.yaml new file mode 100644 index 0000000000..a282f74318 --- /dev/null +++ b/kubernetes/common/mariadb-galera/tests/values/persistence.yaml @@ -0,0 +1,6 @@ +--- +persistence: + enabled: true + existingClaim: false + size: 10Gb + storageClass: "local" diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index a662b1e04a..a6dd1ca359 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2019 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +14,21 @@ # limitations under the License. ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: "db-root-password" + type: password + externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' + password: '{{ .Values.config.mariadbRootPassword }}' + - uid: "db-user-credentials" + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.userName }}' + password: '{{ .Values.config.userPassword }}' + + +################################################################# # Global configuration defaults. ################################################################# global: @@ -35,13 +51,15 @@ global: #repository: mysql repository: nexus3.onap.org:10001 image: adfinissygroup/k8s-mariadb-galera-centos:v002 -backupImage: library/mariadb:10.1.38 +backupImage: library/mariadb:10.1.38 imageInit: busybox pullPolicy: IfNotPresent # application configuration config: + # .mariadbRootPasswordExternalSecret: 'some-external-secret' mariadbRootPassword: secretpassword + # .userCredentialsExternalSecret: 'some-external-secret' userName: my-user userPassword: my-password mysqlDatabase: my-database @@ -91,7 +109,7 @@ persistence: mountSubPath: "mariadb-galera/data" mysqlPath: /var/lib/mysql backup: - mountPath: /dockerdata-nfs/backup + mountPath: /dockerdata-nfs/backup{{- if or (or .Values.storageClassOverride .Values.persistence.storageClass) .Values.global.persistence.storageClass -}} service: internalPort: 3306 diff --git a/kubernetes/common/mariadb-init/.helmignore b/kubernetes/common/mariadb-init/.helmignore new file mode 100644 index 0000000000..dadf202953 --- /dev/null +++ b/kubernetes/common/mariadb-init/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj + +tests diff --git a/kubernetes/common/mariadb-init/Chart.yaml b/kubernetes/common/mariadb-init/Chart.yaml new file mode 100644 index 0000000000..47b8b8f11c --- /dev/null +++ b/kubernetes/common/mariadb-init/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Chart for MariaDB Galera init job +name: mariadb-init +version: 5.0.0 diff --git a/kubernetes/common/mariadb-init/requirements.yaml b/kubernetes/common/mariadb-init/requirements.yaml new file mode 100644 index 0000000000..d323ddaa2b --- /dev/null +++ b/kubernetes/common/mariadb-init/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~5.x-0 + repository: 'file://../common'
\ No newline at end of file diff --git a/kubernetes/common/mariadb-init/resources/config/db_init.sh b/kubernetes/common/mariadb-init/resources/config/db_init.sh new file mode 100755 index 0000000000..b2fdb14b12 --- /dev/null +++ b/kubernetes/common/mariadb-init/resources/config/db_init.sh @@ -0,0 +1,36 @@ +#!/bin/bash +# Copyright © 2019 Orange +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +while read DB ; do + USER_VAR="MYSQL_USER_${DB^^}" + PASS_VAR="MYSQL_PASSWORD_${DB^^}" + USER=${!USER_VAR} + PASS=${!PASS_VAR} + MYSQL_OPTS=( -h ${DB_HOST} -P ${DB_PORT} -uroot -p${MYSQL_ROOT_PASSWORD} ) + + echo "Creating database ${DB} and user ${USER}..." + + mysql "${MYSQL_OPTS[@]}" -e "CREATE OR REPLACE USER '${USER}'@'%' IDENTIFIED BY '${PASS}'" + mysql "${MYSQL_OPTS[@]}" -e "CREATE DATABASE IF NOT EXISTS ${DB}" + mysql "${MYSQL_OPTS[@]}" -e "GRANT ALL PRIVILEGES ON ${DB}.* TO '${USER}'@'%'" + + echo "Created database ${DB} and user ${USER}." +done <<EOF +{{ .Values.config.mysqlDatabase }} +{{- range $db, $_value := .Values.config.mysqlAdditionalDatabases }} +{{ $db }} +{{- end }} +EOF diff --git a/kubernetes/common/mongo/templates/storageclass.yaml b/kubernetes/common/mariadb-init/templates/_configmap.tpl index 3cd502ea30..ea612a078d 100644 --- a/kubernetes/common/mongo/templates/storageclass.yaml +++ b/kubernetes/common/mariadb-init/templates/_configmap.tpl @@ -1,5 +1,5 @@ {{/* -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2019 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,11 +14,13 @@ # limitations under the License. */}} -{{ if not .Values.disableNfsProvisioner }} -kind: StorageClass -apiVersion: storage.k8s.io/v1 -metadata: - name: "{{ include "common.fullname" . }}-data" - namespace: {{ include "common.namespace" . }} -provisioner: {{ include "common.fullname" . }}/nfs -{{ end }} +{{/* + Choose the name of the configmap to use. +*/}} +{{- define "mariadbInit.configMap" -}} + {{- if (eq "default" .Values.config.config_map) -}} + {{- include "common.fullname" . -}} + {{- else -}} + {{- printf "%s-%s" (include "common.release" .) .Values.config.config_map -}} + {{- end -}} +{{- end -}} diff --git a/kubernetes/common/mariadb-init/templates/_mariadb.tpl b/kubernetes/common/mariadb-init/templates/_mariadb.tpl new file mode 100644 index 0000000000..fb3f7974b9 --- /dev/null +++ b/kubernetes/common/mariadb-init/templates/_mariadb.tpl @@ -0,0 +1,26 @@ +{{/* +# Copyright © 2019 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + Choose the name of the mariadb secret to use. +*/}} +{{- define "mariadbInit.mariadbClusterSecret" -}} + {{- if (eq "default" .Values.global.mariadbGalera.userRootSecret) -}} + {{- printf "%s-mariadb-galera-%s-db-root-password" (include "common.release" .) .Values.global.mariadbGalera.nameOverride -}} + {{- else -}} + {{- .Values.global.mariadbGalera.userRootSecret -}} + {{- end -}} +{{- end -}} diff --git a/kubernetes/common/mysql/templates/secrets.yaml b/kubernetes/common/mariadb-init/templates/configmap.yaml index 7f9b1230eb..9da03668f5 100644 --- a/kubernetes/common/mysql/templates/secrets.yaml +++ b/kubernetes/common/mariadb-init/templates/configmap.yaml @@ -1,5 +1,5 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2019 Orange +# Modifications Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,18 +12,16 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} apiVersion: v1 -kind: Secret +kind: ConfigMap metadata: name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: - app: {{ include "common.fullname" . }} + app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -type: Opaque data: - db-root-password: {{ .Values.config.dbRootPassword | b64enc | quote }} +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml new file mode 100644 index 0000000000..f3ff9934ab --- /dev/null +++ b/kubernetes/common/mariadb-init/templates/job.yaml @@ -0,0 +1,110 @@ +# Copyright © 2019 Orange +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-config-job + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + backoffLimit: 20 + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + name: {{ include "common.name" . }} + spec: + initContainers: + - name: {{ include "common.name" . }}-readiness + command: + - /root/ready.py + args: + - --container-name + - {{ .Values.global.mariadbGalera.nameOverride }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - bash + - /db_init/db_init.sh + env: + - name: DB_HOST + value: "{{ .Values.global.mariadbGalera.nameOverride }}" + - name: DB_PORT + value: "{{ .Values.global.mariadbGalera.servicePort }}" + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mariadbInit.mariadbClusterSecret" . }} + key: {{ .Values.global.mariadbGalera.userRootSecretKey }} + - name: {{ printf "MYSQL_USER_%s" .Values.config.mysqlDatabase | upper }} + value: "{{ .Values.config.userName }}" + - name: {{ printf "MYSQL_PASSWORD_%s" .Values.config.mysqlDatabase | upper }} + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: db-user-password +{{- $root := . }} +{{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }} + - name: {{ printf "MYSQL_USER_%s" $db | upper }} + value: {{ $dbInfos.user }} + - name: {{ printf "MYSQL_PASSWORD_%s" $db | upper }} + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" $root }}-secret + key: {{ printf "db-%s-user-password" $db }} +{{ end }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: mariadb-conf + mountPath: /db_init/ + readOnly: true + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: mariadb-conf + configMap: + name: {{ include "mariadbInit.configMap" . }} + - name: localtime + hostPath: + path: /etc/localtime + restartPolicy: Never + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/nfs-provisioner/templates/service.yaml b/kubernetes/common/mariadb-init/templates/secret.yaml index f9bba0f872..f30d582110 100644 --- a/kubernetes/common/nfs-provisioner/templates/service.yaml +++ b/kubernetes/common/mariadb-init/templates/secret.yaml @@ -1,5 +1,4 @@ -{{/* -# Copyright © 2019 Amdocs, Bell Canada +# Copyright © 2017 Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,28 +11,20 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} -kind: Service apiVersion: v1 +kind: Secret metadata: - name: {{ include "common.servicename" . }} + name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: - app: {{ include "common.fullname" . }} + app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -spec: - ports: - - name: nfs - port: {{ .Values.service.nfsPort }} - - name: mountd - port: {{ .Values.service.mountdPort }} - - name: rpcbind - port: {{ .Values.service.rpcbindPort }} - - name: rpcbind-udp - port: {{ .Values.service.rpcbindUdpPort }} - protocol: UDP - selector: - app: {{ include "common.fullname" . }}
\ No newline at end of file +type: Opaque +data: + db-user-password: {{ index .Values.config.userPassword | b64enc | quote }} +{{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }} + {{ printf "db-%s-user-password" $db}}: {{ $dbInfos.password | b64enc | quote }} +{{ end }} diff --git a/kubernetes/common/mariadb-init/tests/configmap_test.yaml b/kubernetes/common/mariadb-init/tests/configmap_test.yaml new file mode 100644 index 0000000000..34914cdb3e --- /dev/null +++ b/kubernetes/common/mariadb-init/tests/configmap_test.yaml @@ -0,0 +1,114 @@ +--- +suite: test configmap behavior +templates: + - configmap.yaml +tests: + - it: "should render with default value" + asserts: + - isKind: + of: ConfigMap + - equal: + path: metadata.name + value: RELEASE-NAME-mariadb-init + - equal: + path: metadata.namespace + value: NAMESPACE + - matchRegex: + path: metadata.labels.app + pattern: mariadb-init + - equal: + path: data + value: + db_init.sh: | + #!/bin/sh + # Copyright © 2019 Orange + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + echo "Creating database ynsaUCru6mUNwGal and user u5WZ1GMSIS1wHZF..." + + mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 + CREATE OR REPLACE USER 'u5WZ1GMSIS1wHZF'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD}'; + CREATE OR REPLACE USER 'u5WZ1GMSIS1wHZF'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'; + CREATE DATABASE IF NOT EXISTS ynsaUCru6mUNwGal; + GRANT ALL PRIVILEGES ON ynsaUCru6mUNwGal.* TO 'u5WZ1GMSIS1wHZF'@'%'; + GRANT ALL PRIVILEGES ON ynsaUCru6mUNwGal.* TO 'u5WZ1GMSIS1wHZF'@'localhost'; + EOF + + echo "Created database ynsaUCru6mUNwGal and user u5WZ1GMSIS1wHZF." + - it: "shoud render with other databases" + set: + config: + userName: testUser + mysqlDatabase: testDB + mysqlAdditionalDatabases: + dbOne: + user: one + password: pwd1 + dbTwo: + user: two + password: pwd2 + asserts: + - equal: + path: data + value: + db_init.sh: | + #!/bin/sh + # Copyright © 2019 Orange + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + echo "Creating database testDB and user testUser..." + + mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 + CREATE OR REPLACE USER 'testUser'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD}'; + CREATE OR REPLACE USER 'testUser'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'; + CREATE DATABASE IF NOT EXISTS testDB; + GRANT ALL PRIVILEGES ON testDB.* TO 'testUser'@'%'; + GRANT ALL PRIVILEGES ON testDB.* TO 'testUser'@'localhost'; + EOF + + echo "Created database testDB and user testUser." + + echo "Creating database dbOne and user one..." + + mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 + CREATE OR REPLACE USER 'one'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD_DBONE}'; + CREATE OR REPLACE USER 'one'@'%' IDENTIFIED BY '${MYSQL_PASSWORD_DBONE}'; + CREATE DATABASE IF NOT EXISTS dbOne; + GRANT ALL PRIVILEGES ON dbOne.* TO 'one'@'%'; + GRANT ALL PRIVILEGES ON dbOne.* TO 'one'@'localhost'; + EOF + + echo "Created database dbOne and user one." + echo "Creating database dbTwo and user two..." + + mysql -h ${DB_HOST} -P ${DB_PORT} -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 + CREATE OR REPLACE USER 'two'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD_DBTWO}'; + CREATE OR REPLACE USER 'two'@'%' IDENTIFIED BY '${MYSQL_PASSWORD_DBTWO}'; + CREATE DATABASE IF NOT EXISTS dbTwo; + GRANT ALL PRIVILEGES ON dbTwo.* TO 'two'@'%'; + GRANT ALL PRIVILEGES ON dbTwo.* TO 'two'@'localhost'; + EOF + + echo "Created database dbTwo and user two." diff --git a/kubernetes/common/mariadb-init/tests/job_test.yaml b/kubernetes/common/mariadb-init/tests/job_test.yaml new file mode 100644 index 0000000000..7523ee1c6e --- /dev/null +++ b/kubernetes/common/mariadb-init/tests/job_test.yaml @@ -0,0 +1,307 @@ +--- +suite: test job behavior +templates: + - job.yaml +tests: + - it: "should render with default value (global)" + asserts: + - isKind: + of: Job + - matchRegex: + path: metadata.name + pattern: -mariadb-init-config-job$ + - equal: + path: metadata.namespace + value: NAMESPACE + - matchRegex: + path: metadata.labels.app + pattern: mariadb-init + - matchRegex: + path: spec.template.metadata.labels.app + pattern: mariadb-init + - matchRegex: + path: spec.template.metadata.name + pattern: mariadb-init + - isNull: + path: spec.template.spec.nodeSelector + - isNull: + path: spec.template.spec.affinity + - it: "should render with default value (init container)" + asserts: + - matchRegex: + path: spec.template.spec.initContainers[0].name + pattern: mariadb-init-readiness + - contains: + path: spec.template.spec.initContainers[0].args + content: mariadb-galera + - equal: + path: spec.template.spec.initContainers[0].image + value: oomk8s/readiness-check:2.0.2 + - equal: + path: spec.template.spec.initContainers[0].imagePullPolicy + value: IfNotPresent + - it: "should render with default value (container)" + asserts: + - matchRegex: + path: spec.template.spec.containers[0].name + pattern: mariadb-init + - equal: + path: spec.template.spec.containers[0].image + value: nexus3.onap.org:10001/mariadb:10.1.38 + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: IfNotPresent + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_HOST + value: mariadb-galera + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_PORT + value: "3306" + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-galera-mariadb-galera + key: db-root-password + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-init-secret + key: db-user-password + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: mariadb-conf + mountPath: /db_init/ + readOnly: true + - equal: + path: spec.template.spec.containers[0].resources.limits.cpu + value: 100m + - equal: + path: spec.template.spec.containers[0].resources.limits.memory + value: 500Mbi + - equal: + path: spec.template.spec.containers[0].resources.requests.cpu + value: 10m + - equal: + path: spec.template.spec.containers[0].resources.requests.memory + value: 10Mbi + - it: "should render with default value (volumes)" + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: mariadb-conf + configMap: + name: RELEASE-NAME-mariadb-init + + - it: "should render with nameOverride set" + set: + nameOverride: myJob + asserts: + - matchRegex: + path: metadata.name + pattern: -myJob-config-job$ + - matchRegex: + path: metadata.labels.app + pattern: myJob + - matchRegex: + path: spec.template.metadata.labels.app + pattern: myJob + - matchRegex: + path: spec.template.metadata.name + pattern: myJob + - matchRegex: + path: spec.template.spec.initContainers[0].name + pattern: myJob-readiness + - matchRegex: + path: spec.template.spec.containers[0].name + pattern: myJob + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + # replicating name from mariadb galera cluster, kind of hardcoded... + name: RELEASE-NAME-myJob-secret + key: db-user-password + - contains: + path: spec.template.spec.volumes + content: + name: mariadb-conf + configMap: + name: RELEASE-NAME-myJob + + - it: "should render with configmap set" + set: + config: + config_map: myCM + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: mariadb-conf + configMap: + name: RELEASE-NAME-myCM + + - it: "should render with mariadbGalera changes" + set: + global: + mariadbGalera: + nameOverride: myMaria + servicePort: 545 + asserts: + - contains: + path: spec.template.spec.initContainers[0].args + content: myMaria + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_HOST + value: myMaria + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_PORT + value: "545" + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-galera-myMaria + key: db-root-password + + - it: "should render with full mariadbGalera changes" + set: + global: + mariadbGalera: + nameOverride: myMaria + servicePort: 545 + userRootSecret: galera-secret + userRootSecretKey: root-password + asserts: + - contains: + path: spec.template.spec.initContainers[0].args + content: myMaria + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_HOST + value: myMaria + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_PORT + value: "545" + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: galera-secret + key: root-password + + - it: "should set the right nodeSelector" + set: + nodeSelector: + disktype: ssd + asserts: + - equal: + path: spec.template.spec.nodeSelector.disktype + value: ssd + + - it: "should set the right affinity" + set: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/e2e-az-name + operator: In + values: + - e2e-az1 + - e2e-az2 + asserts: + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/e2e-az-name + operator: In + values: + - e2e-az1 + - e2e-az2 + - it: "should use large flavor" + set: + flavor: large + asserts: + - equal: + path: spec.template.spec.containers[0].resources.limits.cpu + value: 200m + - equal: + path: spec.template.spec.containers[0].resources.limits.memory + value: 500Mbi + - equal: + path: spec.template.spec.containers[0].resources.requests.cpu + value: 20m + - equal: + path: spec.template.spec.containers[0].resources.requests.memory + value: 20Mbi + - it: "should use unlimited flavor" + set: + flavor: unlimited + asserts: + - isEmpty: + path: spec.template.spec.containers[0].resources + - it: "shoud render with other databases" + set: + config: + mysqlAdditionalDatabases: + dbOne: + user: one + password: pwd1 + dbTwo: + user: two + password: pwd2 + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-init-secret + key: db-user-password + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PASSWORD_DBONE + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-init-secret + key: db-dbOne-user-password + - contains: + path: spec.template.spec.containers[0].env + content: + name: MYSQL_PASSWORD_DBTWO + valueFrom: + secretKeyRef: + name: RELEASE-NAME-mariadb-init-secret + key: db-dbTwo-user-password diff --git a/kubernetes/common/mariadb-init/tests/secret_test.yaml b/kubernetes/common/mariadb-init/tests/secret_test.yaml new file mode 100644 index 0000000000..ef0565d6c0 --- /dev/null +++ b/kubernetes/common/mariadb-init/tests/secret_test.yaml @@ -0,0 +1,49 @@ +--- +suite: test secret behavior +templates: + - secret.yaml +tests: + - it: "should render with default values" + asserts: + - isKind: + of: Secret + - equal: + path: metadata.name + value: RELEASE-NAME-mariadb-init + - equal: + path: metadata.namespace + value: NAMESPACE + - matchRegex: + path: metadata.labels.app + pattern: mariadb-init-config-job + - equal: + path: data.db-user-password + value: Q2lAc2hzT2QzcGt5MVZqaQ== + - it: "should render specific password value base64 encoded" + set: + config: + userPassword: yolo + asserts: + - equal: + path: data.db-user-password + value: eW9sbw== + - it: "shoud render with other databases" + set: + config: + mysqlAdditionalDatabases: + dbOne: + user: one + password: pwd1 + dbTwo: + user: two + password: pwd2 + asserts: + - equal: + path: data.db-user-password + value: Q2lAc2hzT2QzcGt5MVZqaQ== + - equal: + path: data.db-dbOne-user-password + value: cHdkMQ== + - equal: + path: data.db-dbTwo-user-password + value: cHdkMg== diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml new file mode 100644 index 0000000000..d148ba6888 --- /dev/null +++ b/kubernetes/common/mariadb-init/values.yaml @@ -0,0 +1,87 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + mariadbGalera: + nameOverride: mariadb-galera + servicePort: 3306 + # set these two values if you want to access an 'out of ONAP' mariadb + userRootSecret: default + userRootSecretKey: password + +################################################################# +# Application configuration defaults. +################################################################# + +image: mariadb:10.1.38 +pullPolicy: IfNotPresent + +# Set it if you want to change the name of the different components +# nameOverride: + +config: + userPassword: Ci@shsOd3pky1Vji + userName: u5WZ1GMSIS1wHZF + mysqlDatabase: ynsaUCru6mUNwGal + mysqlAdditionalDatabases: {} + # add addtional dabases + # this is an dict + # Example: + # mysqlAdditionalDatabases: + # dbOne: + # user: one + # password: pwd1 + # dbTwo: + # user: two + # password: pwd2 + config_map: default + +nodeSelector: {} + +affinity: {} + +#resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +flavor: small +resources: + small: + limits: + cpu: 100m + memory: 500Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 20m + memory: 20Mi + unlimited: {} diff --git a/kubernetes/common/mongo/templates/nfs-provisoner.yaml b/kubernetes/common/mongo/templates/nfs-provisoner.yaml deleted file mode 100644 index 355ad38235..0000000000 --- a/kubernetes/common/mongo/templates/nfs-provisoner.yaml +++ /dev/null @@ -1,78 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ if not .Values.disableNfsProvisioner }} -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - #replicas: {{ .Values.replicaCount }} - strategy: - type: Recreate - template: - metadata: - labels: - app: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - release: {{ .Release.Name }} - spec: - containers: - - name: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - image: "{{ .Values.global.nfsprovisionerRepository | default .Values.nfsprovisionerRepository }}/{{ .Values.nfsprovisionerImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - name: nfs - containerPort: {{ .Values.service.nfsPort }} - - name: mountd - containerPort: {{ .Values.service.mountdPort }} - - name: rpcbind - containerPort: {{ .Values.service.rpcbindPort }} - - name: rpcbind-udp - containerPort: {{ .Values.service.rpcbindUdpPort }} - protocol: UDP - securityContext: - capabilities: - add: - - DAC_READ_SEARCH - - SYS_RESOURCE - args: - - "-provisioner={{ include "common.fullname" . }}/nfs" - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_NAME - value: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: export-volume - mountPath: /export - volumes: - - name: export-volume - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} -{{ end }} diff --git a/kubernetes/common/mongo/templates/pv.yaml b/kubernetes/common/mongo/templates/pv.yaml index 824dcbb87b..edc50aedea 100644 --- a/kubernetes/common/mongo/templates/pv.yaml +++ b/kubernetes/common/mongo/templates/pv.yaml @@ -14,25 +14,33 @@ # limitations under the License. */}} -{{- if (and (and (.Values.persistence.enabled) (not .Values.persistence.existingClaim)) ( .Values.disableNfsProvisioner)) -}} +{{- $global := . }} +{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} +{{- if eq "True" (include "common.needPV" .) -}} +{{- range $i := until (int $global.Values.replicaCount)}} kind: PersistentVolume apiVersion: v1 metadata: - name: {{ include "common.fullname" . }}-data - namespace: {{ include "common.namespace" . }} + name: {{ include "common.fullname" $global }}-data-{{ $i }} + namespace: {{ include "common.namespace" $global }} labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} + app: {{ include "common.fullname" $global }} + chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" + release: "{{ $global.Release.Name }}" + heritage: "{{ $global.Release.Service }}" + name: {{ include "common.fullname" $global }} spec: capacity: - storage: {{ .Values.persistence.size}} + storage: {{ $global.Values.persistence.size}} accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" . }}-data" - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + - {{ $global.Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" $global }}-data" hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} + path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ $global.Release.Name }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} +{{if ne $i (int $global.Values.replicaCount) }} +--- +{{- end -}} +{{- end -}} +{{- end -}} {{- end -}} diff --git a/kubernetes/common/mongo/templates/service.yaml b/kubernetes/common/mongo/templates/service.yaml index df55854ee5..d59243f90d 100644 --- a/kubernetes/common/mongo/templates/service.yaml +++ b/kubernetes/common/mongo/templates/service.yaml @@ -32,29 +32,6 @@ spec: app: {{ include "common.name" . }} release: {{ .Release.Name }} clusterIP: None -#{{ if not .Values.disableNfsProvisioner }} ---- -kind: Service -apiVersion: v1 -metadata: - name: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - namespace: {{ include "common.namespace" . }} - labels: - app: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner -spec: - ports: - - name: nfs - port: {{ .Values.service.nfsPort }} - - name: mountd - port: {{ .Values.service.mountdPort }} - - name: rpcbind - port: {{ .Values.service.rpcbindPort }} - - name: rpcbind-udp - port: {{ .Values.service.rpcbindUdpPort }} - protocol: UDP - selector: - app: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner -#{{ end }} --- # Client service for connecting to any Mongo instance for reads. apiVersion: v1 diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml index c79739f5f1..0c6c9f4fd5 100644 --- a/kubernetes/common/mongo/templates/statefulset.yaml +++ b/kubernetes/common/mongo/templates/statefulset.yaml @@ -33,24 +33,6 @@ spec: app: {{ include "common.name" . }} release: {{ .Release.Name }} spec: - initContainers: -#{{ if not .Values.disableNfsProvisioner }} - - name: {{ include "common.name" . }}-readiness - command: - - /root/ready.py - args: - - --container-name - - {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -#{{ end }} - containers: - name: {{ include "common.name" . }} image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}" @@ -79,8 +61,8 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - mountPath: /var/lib/mongo - name: {{ include "common.fullname" . }}-data + - name: {{ include "common.fullname" . }}-data + mountPath: /var/lib/mongo resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -95,10 +77,24 @@ spec: - name: localtime hostPath: path: /etc/localtime + {{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: {{ include "common.fullname" . }}-data + labels: + name: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + storageClassName: {{ include "common.storageClass" . }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- else }} + volumes: - name: {{ include "common.fullname" . }}-data -#{{ if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-data -#{{ else }} emptyDir: {} -#{{ end }} + {{- end }} diff --git a/kubernetes/common/mongo/values.yaml b/kubernetes/common/mongo/values.yaml index 8a681296ce..3c04b429cd 100644 --- a/kubernetes/common/mongo/values.yaml +++ b/kubernetes/common/mongo/values.yaml @@ -40,8 +40,6 @@ nodeSelector: {} affinity: {} -disableNfsProvisioner: true - # probe configuration parameters liveness: initialDelaySeconds: 30 @@ -108,11 +106,6 @@ resources: {} # cpu: 2 # memory: 4Gi - -nfsprovisionerRepository: quay.io -nfsprovisionerImage: kubernetes_incubator/nfs-provisioner:v1.0.8 -nfsprovisionerPrefix: mongo - sdnctlPrefix: mongo geoEnabled: false diff --git a/kubernetes/common/music/charts/music-cassandra/templates/pv.yaml b/kubernetes/common/music/charts/music-cassandra/templates/pv.yaml new file mode 100644 index 0000000000..fb815400da --- /dev/null +++ b/kubernetes/common/music/charts/music-cassandra/templates/pv.yaml @@ -0,0 +1,46 @@ +{{/* +# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- $global := . }} +{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} +{{- if eq "True" (include "common.needPV" .) -}} +{{- range $i := until (int $global.Values.replicaCount)}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" $global }}-data-{{ $i }} + namespace: {{ include "common.namespace" $global }} + labels: + app: {{ include "common.fullname" $global }} + chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" + release: "{{ $global.Release.Name }}" + heritage: "{{ $global.Release.Service }}" + name: {{ include "common.fullname" $global }} +spec: + capacity: + storage: {{ $global.Values.persistence.size}} + accessModes: + - {{ $global.Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" $global }}-data" + hostPath: + path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ $global.Release.Name }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} +{{if ne $i (int $global.Values.replicaCount) }} +--- +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml b/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml index ae5f7c5a81..c3c56f2282 100644 --- a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml +++ b/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# Copyright © 2019 AT&T, Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -102,40 +102,33 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP +{{- if .Values.persistence.enabled }} volumeMounts: - - name: {{ template "common.name" . }}-data + - name: {{ include "common.fullname" . }}-data mountPath: /var/lib/cassandra +{{- end }} resources: -{{ toYaml .Values.resources | indent 10 }} +{{ include "common.resources" . | indent 12 }} volumes: - name: localtime hostPath: path: /etc/localtime - {{- if not .Values.persistence.enabled }} - - name: {{ template "common.name" . }}-data - emptyDir: {} - {{- else }} +{{- if .Values.persistence.enabled }} volumeClaimTemplates: - - metadata: - name: {{ template "common.name" . }}-data - labels: - app: {{ template "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - annotations: - volume.beta.kubernetes.io/storage-class: {{ .Values.persistence.storageClass }} - spec: - storageClassName: {{ .Values.persistence.storageClass }} - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - selector: - matchLabels: - app: {{ include "common.name" . }} - release: "{{ .Release.Name }}" - {{- end }} + - metadata: + name: {{ include "common.fullname" . }}-data + labels: + name: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + storageClassName: {{ include "common.storageClass" . }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/music/charts/music-cassandra/templates/volumes.yaml b/kubernetes/common/music/charts/music-cassandra/templates/volumes.yaml deleted file mode 100644 index 83e7e189b5..0000000000 --- a/kubernetes/common/music/charts/music-cassandra/templates/volumes.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ if .Values.persistence.enabled }} -{{- $root := . -}} -{{ range $i, $e := until (atoi (quote $root.Values.replicaCount) | default 3) }} ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ $root.Release.Name }}-{{ $root.Values.service.name }}-{{ $i }} - namespace: {{ $root.Release.Namespace }} - labels: - type: {{ $root.Values.persistence.storageType }} - app: {{ $root.Values.service.name }} - chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }} - release: {{ $root.Release.Name }} - heritage: {{ $root.Release.Service }} -spec: - capacity: - storage: {{ $root.Values.persistence.size }} - accessModes: - - {{ $root.Values.persistence.accessMode }} - hostPath: - path: {{ $root.Values.persistence.mountPath }}/{{ $root.Release.Name }}/{{ $root.Values.persistence.mountSubPath }}-{{$i}} - persistentVolumeReclaimPolicy: {{ $root.Values.persistence.volumeReclaimPolicy }} - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - "{{ $root.Chart.Name }}" - topologyKey: kubernetes.io/hostname -{{ end }} -{{ end }} diff --git a/kubernetes/common/music/charts/music-cassandra/values.yaml b/kubernetes/common/music/charts/music-cassandra/values.yaml index d18dc68e67..460671d839 100644 --- a/kubernetes/common/music/charts/music-cassandra/values.yaml +++ b/kubernetes/common/music/charts/music-cassandra/values.yaml @@ -107,13 +107,23 @@ persistence: size: 2Gi mountPath: /dockerdata-nfs/ mountSubPath: common/cassandra/data - storageType: local - storageClass: "" +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) resources: - limits: - cpu: 4 - memory: 8Gi - requests: - cpu: 2 - memory: 4Gi + small: + limits: + cpu: 500m + memory: 1.2Gi + requests: + cpu: 160m + memory: 900Mi + large: + limits: + cpu: 4 + memory: 10Gi + requests: + cpu: 2 + memory: 6Gi + unlimited: {} diff --git a/kubernetes/common/music/charts/music-tomcat/templates/deployment.yaml b/kubernetes/common/music/charts/music-tomcat/templates/deployment.yaml index 2e04b15561..2a38a6aad0 100755 --- a/kubernetes/common/music/charts/music-tomcat/templates/deployment.yaml +++ b/kubernetes/common/music/charts/music-tomcat/templates/deployment.yaml @@ -40,7 +40,7 @@ spec: - /root/ready.py args: - --container-name - - zookeeper + - zookeeper env: - name: NAMESPACE valueFrom: @@ -101,7 +101,7 @@ spec: mountPath: /opt/app/music/etc/music.properties subPath: music.properties resources: -{{ toYaml .Values.resources | indent 10 }} +{{ include "common.resources" . | indent 12 }} volumes: - name: shared-data emptyDir: {} diff --git a/kubernetes/common/music/charts/music-tomcat/values.yaml b/kubernetes/common/music/charts/music-tomcat/values.yaml index 05a1b17169..b91ffbd4e4 100755 --- a/kubernetes/common/music/charts/music-tomcat/values.yaml +++ b/kubernetes/common/music/charts/music-tomcat/values.yaml @@ -81,14 +81,26 @@ service: ingress: enabled: false -#resources: {} +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) resources: - limits: - cpu: 2 - memory: 2Gi - requests: - cpu: 2 - memory: 1Gi + small: + limits: + cpu: 900m + memory: 460Mi + requests: + cpu: 550m + memory: 360Mi + large: + limits: + cpu: 4 + memory: 2Gi + requests: + cpu: 2 + memory: 1Gi + unlimited: {} + properties: @@ -100,4 +112,3 @@ properties: # Admin API # ONAP AAF aafAdminUrl: - diff --git a/kubernetes/common/music/charts/zookeeper/templates/pv.yaml b/kubernetes/common/music/charts/zookeeper/templates/pv.yaml new file mode 100644 index 0000000000..795ad3188b --- /dev/null +++ b/kubernetes/common/music/charts/zookeeper/templates/pv.yaml @@ -0,0 +1,45 @@ +{{/* +# Copyright © 2019 Amdocs, Bell Canada, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- $global := . }} +{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} +{{- if eq "True" (include "common.needPV" .) -}} +{{- range $i := until (int $global.Values.replicaCount)}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" $global }}-data-{{ $i }} + namespace: {{ include "common.namespace" $global }} + labels: + app: {{ include "common.fullname" $global }} + chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" + release: "{{ $global.Release.Name }}" + heritage: "{{ $global.Release.Service }}" + name: {{ include "common.fullname" $global }} +spec: + capacity: + storage: {{ $global.Values.persistence.size}} + accessModes: + - {{ $global.Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" $global }}-data" + hostPath: + path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ $global.Release.Name }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} +{{if ne $i (int $global.Values.replicaCount) }} +--- +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/music/charts/zookeeper/templates/statefulset.yaml b/kubernetes/common/music/charts/zookeeper/templates/statefulset.yaml index 9e3549f20d..580042d090 100644 --- a/kubernetes/common/music/charts/zookeeper/templates/statefulset.yaml +++ b/kubernetes/common/music/charts/zookeeper/templates/statefulset.yaml @@ -82,7 +82,7 @@ spec: resources: {{ include "common.resources" . }} volumeMounts: - - name: zookeeper-data + - name: {{ include "common.fullname" . }}-data mountPath: /var/lib/zookeeper {{- if .Values.exporters.jmx.enabled }} @@ -162,30 +162,21 @@ spec: configMap: name: {{ .Release.Name }}-jmx-exporter {{- end }} - {{- if not .Values.persistence.enabled }} - - name: zookeeper-data - emptyDir: {} - {{- end }} {{- end }} {{- if .Values.persistence.enabled }} volumeClaimTemplates: - - metadata: - name: zookeeper-data - labels: - app: {{ .Chart.Name }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - annotations: - volume.beta.kubernetes.io/storage-class: {{ .Values.persistence.storageClass }} - spec: - storageClassName: {{ .Values.persistence.storageClass }} - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - selector: - matchLabels: - release: "{{ .Release.Name }}" + - metadata: + name: {{ include "common.fullname" . }}-data + labels: + name: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + storageClassName: {{ include "common.storageClass" . }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} {{- end }} diff --git a/kubernetes/common/music/charts/zookeeper/templates/volumes.yaml b/kubernetes/common/music/charts/zookeeper/templates/volumes.yaml deleted file mode 100644 index b0c05fdbfd..0000000000 --- a/kubernetes/common/music/charts/zookeeper/templates/volumes.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Values.persistence.enabled }} -{{- $root := . -}} -{{ range $i, $e := until (atoi (quote $root.Values.replicaCount) | default 3) }} ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ $root.Release.Name }}-{{ $root.Values.service.name }}-{{ $i }} - namespace: {{ $root.Release.Namespace }} - labels: - type: {{ $root.Values.persistence.storageType }} - app: {{ $root.Values.service.name }} - chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }} - release: {{ $root.Release.Name }} - heritage: {{ $root.Release.Service }} -spec: - capacity: - storage: {{ $root.Values.persistence.size }} - accessModes: - - {{ $root.Values.persistence.accessMode }} - hostPath: - path: {{ $root.Values.persistence.mountPath }}/{{ $root.Release.Name }}/{{ $root.Values.persistence.mountSubPath }}-{{$i}} - persistentVolumeReclaimPolicy: {{ $root.Values.persistence.volumeReclaimPolicy }} -{{ end }} -{{ end }} diff --git a/kubernetes/common/music/charts/zookeeper/values.yaml b/kubernetes/common/music/charts/zookeeper/values.yaml index ea02e6151e..28c9711e84 100644 --- a/kubernetes/common/music/charts/zookeeper/values.yaml +++ b/kubernetes/common/music/charts/zookeeper/values.yaml @@ -54,23 +54,23 @@ ports: protocol: TCP # Protocol for zookeeper container server port. # Resource Limit flavor -By Default using small -flavor: large +flavor: small # Segregation for Different environment (Small and Large) resources: small: limits: - cpu: 1 - memory: 1Gi + cpu: 500m + memory: 900Mi requests: - cpu: 500m - memory: 500Mi + cpu: 10m + memory: 730Mi large: limits: cpu: 3 memory: 2Gi requests: - cpu: 2 - memory: 1Gi + cpu: 2 + memory: 1Gi unlimited: {} nodeSelector: {} # Node label-values required to run zookeeper pods. @@ -78,7 +78,7 @@ nodeSelector: {} # Node label-values required to run zookeeper pods. tolerations: [] # Node taint overrides for zookeeper pods. affinity: {} # Criteria by which pod label-values influence scheduling for zookeeper pods. -affinity: +affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - topologyKey: "kubernetes.io/hostname" @@ -119,8 +119,6 @@ persistence: accessMode: ReadWriteOnce mountPath: /dockerdata-nfs mountSubPath: music/zookeeper - storageType: local - storageClass: "" size: 4Gi ## Exporters query apps for metrics and make those metrics available for diff --git a/kubernetes/common/mysql/templates/nfs-provisoner.yaml b/kubernetes/common/mysql/templates/nfs-provisoner.yaml deleted file mode 100644 index 355ad38235..0000000000 --- a/kubernetes/common/mysql/templates/nfs-provisoner.yaml +++ /dev/null @@ -1,78 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ if not .Values.disableNfsProvisioner }} -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - #replicas: {{ .Values.replicaCount }} - strategy: - type: Recreate - template: - metadata: - labels: - app: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - release: {{ .Release.Name }} - spec: - containers: - - name: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - image: "{{ .Values.global.nfsprovisionerRepository | default .Values.nfsprovisionerRepository }}/{{ .Values.nfsprovisionerImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - name: nfs - containerPort: {{ .Values.service.nfsPort }} - - name: mountd - containerPort: {{ .Values.service.mountdPort }} - - name: rpcbind - containerPort: {{ .Values.service.rpcbindPort }} - - name: rpcbind-udp - containerPort: {{ .Values.service.rpcbindUdpPort }} - protocol: UDP - securityContext: - capabilities: - add: - - DAC_READ_SEARCH - - SYS_RESOURCE - args: - - "-provisioner={{ include "common.fullname" . }}/nfs" - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_NAME - value: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: export-volume - mountPath: /export - volumes: - - name: export-volume - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} -{{ end }} diff --git a/kubernetes/common/mysql/templates/pv.yaml b/kubernetes/common/mysql/templates/pv.yaml deleted file mode 100644 index 3bef651916..0000000000 --- a/kubernetes/common/mysql/templates/pv.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if (and (and (.Values.persistence.enabled) (not .Values.persistence.existingClaim)) ( .Values.disableNfsProvisioner)) -}} -{{ $pvNum := default 1 .Values.replicaCount | int }} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-mysql0 - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" . }}-mysql" - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}0 -{{ if gt $pvNum 1 }} ---- -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-mysql1 - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" . }}-mysql" - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}1 -{{ end }} -{{- end -}} diff --git a/kubernetes/common/mysql/templates/service.yaml b/kubernetes/common/mysql/templates/service.yaml deleted file mode 100644 index e1771c6054..0000000000 --- a/kubernetes/common/mysql/templates/service.yaml +++ /dev/null @@ -1,146 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - selector: - app: {{ include "common.name" . }} - release: {{ .Release.Name }} - clusterIP: None -#{{ if not .Values.disableNfsProvisioner }} ---- -kind: Service -apiVersion: v1 -metadata: - name: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - namespace: {{ include "common.namespace" . }} - labels: - app: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ports: - - name: nfs - port: {{ .Values.service.nfsPort }} - - name: mountd - port: {{ .Values.service.mountdPort }} - - name: rpcbind - port: {{ .Values.service.rpcbindPort }} - - name: rpcbind-udp - port: {{ .Values.service.rpcbindUdpPort }} - protocol: UDP - selector: - app: {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner -#{{ end }} ---- -# Client service for connecting to any MySQL instance for reads. -# Only master: sdnc-dbhost-0 accepts the write request. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }}-read - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - selector: - app: {{ include "common.name" . }} - release: {{ .Release.Name }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.sdnctlPrefix }}-sdnctldb01 - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - selector: - app: {{ include "common.name" . }} - release: {{ .Release.Name }} - clusterIP: None ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.sdnctlPrefix }}-sdnctldb02 - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - selector: - app: {{ include "common.name" . }} - release: {{ .Release.Name }} - clusterIP: None ---- -{{ if .Values.geoEnabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }}-nodeport - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-0 - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ports: - - name: {{ .Values.service.portName | default .Values.service.name }}-1 - port: {{ .Values.service.internalPort }} - targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodeport1 }} - - name: {{ .Values.service.portName | default .Values.service.name }}-2 - port: {{ .Values.xtrabackup.internalPort }} - targetPort: {{ .Values.xtrabackup.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodeport2 }} - type: {{ .Values.service.type }} - selector: - statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-0 - release: {{ .Release.Name }} -{{ end }} diff --git a/kubernetes/common/mysql/templates/statefulset.yaml b/kubernetes/common/mysql/templates/statefulset.yaml deleted file mode 100644 index c3f8ae236f..0000000000 --- a/kubernetes/common/mysql/templates/statefulset.yaml +++ /dev/null @@ -1,263 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1beta1 -kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - serviceName: {{ .Values.service.name }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - spec: - initContainers: -#{{ if not .Values.disableNfsProvisioner }} - - name: {{ include "common.name" . }}-readiness - command: - - /root/ready.py - args: - - --container-name - - {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -#{{ end }} - - name: init-mysql - image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - bash - - "-c" - - | - set -ex - # Generate mysql server-id from pod ordinal index. - [[ `hostname` =~ -([0-9]+)$ ]] || exit 1 - ordinal=${BASH_REMATCH[1]} - siteId={{ .Values.geoSiteId }} - echo BASH_REMATCH=${BASH_REMATCH} - echo [mysqld] > /mnt/conf.d/server-id.cnf - # Add an offset to avoid reserved server-id=0 value. - echo server-id=$(($siteId*100 + $ordinal)) >> /mnt/conf.d/server-id.cnf - # Copy appropriate conf.d files from config-map to emptyDir. - if [[ $ordinal -eq 0 ]]; then - cp /mnt/config-map/master.cnf /mnt/conf.d/ - else - cp /mnt/config-map/slave.cnf /mnt/conf.d/ - fi - volumeMounts: - - name: conf - mountPath: /mnt/conf.d - - name: config-map - mountPath: /mnt/config-map - - - name: clone-mysql - image: "{{ .Values.global.xtrabackupRepository | default .Values.xtrabackupRepository }}/{{ .Values.xtrabackupImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password - command: - - bash - - "-c" - - | - set -ex - # Skip the clone if data already exists. - [[ -d /var/lib/mysql/mysql ]] && exit 0 - # Skip the clone on master (ordinal index 0). - [[ `hostname` =~ -([0-9]+)$ ]] || exit 1 - ordinal=${BASH_REMATCH[1]} - echo ${BASH_REMATCH} - [[ $ordinal -eq 0 ]] && exit 0 - # Clone data from previous peer. - ncat --recv-only {{ include "common.fullname" . }}-$(($ordinal-1)).{{ .Values.service.name }}.{{ include "common.namespace" . }} 3307 | xbstream -x -C {{ .Values.persistence.mysqlPath }} - # Prepare the backup. - xtrabackup --user=root --password=$MYSQL_ROOT_PASSWORD --prepare --target-dir=/var/lib/mysql - ls -l {{ .Values.persistence.mysqlPath }} - volumeMounts: - - name: {{ include "common.fullname" . }}-mysql - mountPath: {{ .Values.persistence.mysqlPath }} - - name: conf - mountPath: /etc/mysql/conf.d - - containers: - - name: {{ include "common.name" . }} - image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - exec: - command: ["mysqladmin", "ping"] - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - {{end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password - - name: MYSQL_ROOT_HOST - value: '%' - - name: MYSQL_ALLOW_EMPTY_PASSWORD - value: {{ .Values.config.dbAllowEmptyPassword | default "0" | quote }} - volumeMounts: - - mountPath: {{ .Values.persistence.mysqlPath }} - name: {{ include "common.fullname" . }}-mysql - - mountPath: /etc/mysql/conf.d - name: conf - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - - - name: xtrabackup - image: "{{ .Values.global.xtrabackupRepository | default .Values.xtrabackupRepository }}/{{ .Values.xtrabackupImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password - ports: - - containerPort: {{ .Values.xtrabackup.internalPort }} - name: xtrabackup - command: - - bash - - "-c" - - | - set -ex - cd {{ .Values.persistence.mysqlPath }} - ls -l - # Determine binlog position of cloned data, if any. - if [[ -f xtrabackup_slave_info ]]; then - echo "Inside xtrabackup_slave_info" - # XtraBackup already generated a partial "CHANGE MASTER TO" query - # because we're cloning from an existing slave. - mv xtrabackup_slave_info change_master_to.sql.in - # Ignore xtrabackup_binlog_info in this case (it's useless). - rm -f xtrabackup_binlog_info - elif [[ -f xtrabackup_binlog_info ]]; then - echo "Inside xtrabackup_binlog_info" - # We're cloning directly from master. Parse binlog position. - [[ `cat xtrabackup_binlog_info` =~ ^(.*?)[[:space:]]+(.*?)$ ]] || exit 1 - rm xtrabackup_binlog_info - echo "CHANGE MASTER TO MASTER_LOG_FILE='${BASH_REMATCH[1]}',\ - MASTER_LOG_POS=${BASH_REMATCH[2]}" > change_master_to.sql.in - fi - - [[ `hostname` =~ -([0-9]+)$ ]] || exit 1 - ordinal=${BASH_REMATCH[1]} - echo $ordinal - - mysqlhost={{ include "common.fullname" . }}-$(($ordinal)).{{ .Values.service.name }}.{{ include "common.namespace" . }} - echo $mysqlhost - - # Check if we need to complete a clone by starting replication. - if [[ -f change_master_to.sql.in ]]; then - echo "Waiting for mysqld to be ready (accepting connections)" - until mysql --user=root --password=$MYSQL_ROOT_PASSWORD -h $mysqlhost -e "SELECT 1"; do sleep 1; done - - echo "Initializing replication from clone position" - # In case of container restart, attempt this at-most-once. - mv change_master_to.sql.in change_master_to.sql.orig - mysql --user=root --password=$MYSQL_ROOT_PASSWORD -h $mysqlhost <<EOF - $(<change_master_to.sql.orig), - MASTER_HOST="{{ include "common.fullname" . }}-0.{{ .Values.service.name }}.{{ include "common.namespace" . }}", - MASTER_USER="root", - MASTER_PASSWORD="$MYSQL_ROOT_PASSWORD", - MASTER_CONNECT_RETRY=10; - START SLAVE; - EOF - fi - - # Start a server to send backups when requested by peers. - exec ncat --listen --keep-open --send-only --max-conns=1 3307 -c \ - "xtrabackup --user=root --password=$MYSQL_ROOT_PASSWORD --backup --slave-info --stream=xbstream --host=$mysqlhost" - volumeMounts: - - name: {{ include "common.fullname" . }}-mysql - mountPath: {{ .Values.persistence.mysqlPath }} - - name: conf - mountPath: /etc/mysql/conf.d - volumes: - - name: conf - emptyDir: {} - - name: config-map - configMap: - name: {{ include "common.fullname" . }}-db-configmap - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }}-mysql - {{ if not .Values.persistence.enabled }} - - name: {{ include "common.fullname" . }}-mysql - emptyDir: {} - {{ else }} - volumeClaimTemplates: - - metadata: - name: {{ include "common.fullname" . }}-mysql - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - name: {{ include "common.fullname" . }} - spec: - accessModes: [ {{ .Values.persistence.accessMode }} ] - storageClassName: {{ include "common.fullname" . }}-mysql - resources: - requests: - storage: {{ .Values.persistence.size }} - selector: - matchLabels: - name: {{ include "common.fullname" . }} - {{ end }} diff --git a/kubernetes/common/nfs-provisioner/templates/nfs-provisoner.yaml b/kubernetes/common/nfs-provisioner/templates/nfs-provisoner.yaml deleted file mode 100644 index 58cf7a3866..0000000000 --- a/kubernetes/common/nfs-provisioner/templates/nfs-provisoner.yaml +++ /dev/null @@ -1,78 +0,0 @@ -{{/* -# Copyright © 2019 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - strategy: - type: Recreate - template: - metadata: - labels: - app: {{ include "common.fullname" . }} - release: {{ .Release.Name }} - spec: - containers: - - name: {{ include "common.fullname" . }} - image: "{{ .Values.global.nfsprovisionerRepository | default .Values.nfsprovisionerRepository }}/{{ .Values.nfsprovisionerImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - name: nfs - containerPort: {{ .Values.service.nfsPort }} - - name: mountd - containerPort: {{ .Values.service.mountdPort }} - - name: rpcbind - containerPort: {{ .Values.service.rpcbindPort }} - - name: rpcbind-udp - containerPort: {{ .Values.service.rpcbindUdpPort }} - protocol: UDP - securityContext: - capabilities: - add: - - DAC_READ_SEARCH - - SYS_RESOURCE - args: - - "-provisioner={{ include "common.namespace" . }}/nfs" - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_NAME - value: {{ include "common.servicename" . }} - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: export-volume - mountPath: /export - {{- if .Values.affinity }} - affinity: - {{ toYaml .Values.affinity | indent 8 }} - {{- end }} - volumes: - - name: export-volume - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }} diff --git a/kubernetes/common/mysql/.helmignore b/kubernetes/common/postgres-legacy/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/common/mysql/.helmignore +++ b/kubernetes/common/postgres-legacy/.helmignore diff --git a/kubernetes/common/mysql/Chart.yaml b/kubernetes/common/postgres-legacy/Chart.yaml index 7f272295ff..eff8e36eba 100644 --- a/kubernetes/common/mysql/Chart.yaml +++ b/kubernetes/common/postgres-legacy/Chart.yaml @@ -1,4 +1,4 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2018 Amdocs, AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +13,6 @@ # limitations under the License. apiVersion: v1 -description: MySQL Server -name: mysql +description: ONAP Postgres Server +name: postgres-legacy version: 5.0.0 diff --git a/kubernetes/common/nfs-provisioner/Chart.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/Chart.yaml index ad16ed747b..e2818139fa 100644 --- a/kubernetes/common/nfs-provisioner/Chart.yaml +++ b/kubernetes/common/postgres-legacy/charts/pgpool/Chart.yaml @@ -1,4 +1,4 @@ -# Copyright © 2019 Amdocs, Bell Canada +# Copyright © 2018 Amdocs, AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +13,6 @@ # limitations under the License. apiVersion: v1 -description: NFS provisioner -name: nfs-provisioner +description: ONAP Postgres Server +name: pgpool version: 5.0.0 diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/configs/pgpool.conf b/kubernetes/common/postgres-legacy/charts/pgpool/configs/pgpool.conf new file mode 100644 index 0000000000..f335174f40 --- /dev/null +++ b/kubernetes/common/postgres-legacy/charts/pgpool/configs/pgpool.conf @@ -0,0 +1,677 @@ +# ---------------------------- +# pgPool-II configuration file a custom version +# ---------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# Whitespace may be used. Comments are introduced with "#" anywhere on a line. +# The complete list of parameter names and allowed values can be found in the +# pgPool-II documentation. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, or use "pgpool reload". Some +# parameters, which are marked below, require a server shutdown and restart to +# take effect. +# + + +#------------------------------------------------------------------------------ +# CONNECTIONS +#------------------------------------------------------------------------------ + +# - pgpool Connection Settings - + +listen_addresses = '*' + # Host name or IP address to listen on: + # '*' for all, '' for no TCP/IP connections + # (change requires restart) +#port = 9999 +port = 5432 + # Port number + # (change requires restart) +socket_dir = '/tmp' + # Unix domain socket path + # The Debian package defaults to + # /var/run/postgresql + # (change requires restart) + + +# - pgpool Communication Manager Connection Settings - + +pcp_port = 9898 + # Port number for pcp + # (change requires restart) +pcp_socket_dir = '/tmp' + # Unix domain socket path for pcp + # The Debian package defaults to + # /var/run/postgresql + # (change requires restart) + +# - Backend Connection Settings - + +backend_hostname0 = '{{.Values.container.name.primary}}' +backend_port0 = 5432 +backend_weight0= 1 +backend_flag0= 'DISALLOW_TO_FAILOVER' + +backend_hostname1 = '{{.Values.container.name.replica}}' +backend_port1 = 5432 +backend_weight1= 1 +backend_flag1= 'DISALLOW_TO_FAILOVER' + +#backend_hostname0 = 'master' + # Host name or IP address to connect to for backend 0 +#backend_port0 = 5432 + # Port number for backend 0 +#backend_weight0 = 1 + # Weight for backend 0 (only in load balancing mode) +#backend_data_directory0 = '/data' + # Data directory for backend 0 +#backend_flag0 = 'ALLOW_TO_FAILOVER' + # Controls various backend behavior + # ALLOW_TO_FAILOVER or DISALLOW_TO_FAILOVER +#backend_hostname1 = 'standby' +#backend_port1 = 5432 +#backend_weight1 = 1 +#backend_data_directory1 = '/data1' +#backend_flag1 = 'ALLOW_TO_FAILOVER' + +# - Authentication - + +enable_pool_hba = on + # Use pool_hba.conf for client authentication +pool_passwd = 'pool_passwd' + # File name of pool_passwd for md5 authentication. + # "" disables pool_passwd. + # (change requires restart) +authentication_timeout = 60 + # Delay in seconds to complete client authentication + # 0 means no timeout. + +# - SSL Connections - + +ssl = off + # Enable SSL support + # (change requires restart) +#ssl_key = './server.key' + # Path to the SSL private key file + # (change requires restart) +#ssl_cert = './server.cert' + # Path to the SSL public certificate file + # (change requires restart) +#ssl_ca_cert = '' + # Path to a single PEM format file + # containing CA root certificate(s) + # (change requires restart) +#ssl_ca_cert_dir = '' + # Directory containing CA root certificate(s) + # (change requires restart) + + +#------------------------------------------------------------------------------ +# POOLS +#------------------------------------------------------------------------------ + +# - Pool size - + +num_init_children = 5 + # Number of pools + # (change requires restart) +max_pool = 1 + # Number of connections per pool + # (change requires restart) + +# - Life time - + +child_life_time = 300 + # Pool exits after being idle for this many seconds +child_max_connections = 0 + # Pool exits after receiving that many connections + # 0 means no exit +connection_life_time = 0 + # Connection to backend closes after being idle for this many seconds + # 0 means no close +client_idle_limit = 0 + # Client is disconnected after being idle for that many seconds + # (even inside an explicit transactions!) + # 0 means no disconnection + + +#------------------------------------------------------------------------------ +# LOGS +#------------------------------------------------------------------------------ + +# - Where to log - + +log_destination = 'stderr' + # Where to log + # Valid values are combinations of stderr, + # and syslog. Default to stderr. + +# - What to log - + +print_timestamp = on + # Print timestamp on each line + # (change requires restart) + +log_connections = on + # Log connections +log_hostname = on + # Hostname will be shown in ps status + # and in logs if connections are logged +log_statement = on + # Log all statements +log_per_node_statement = off + # Log all statements + # with node and backend informations +log_standby_delay = 'if_over_threshold' + # Log standby delay + # Valid values are combinations of always, + # if_over_threshold, none + +# - Syslog specific - + +syslog_facility = 'LOCAL0' + # Syslog local facility. Default to LOCAL0 +syslog_ident = 'pgpool' + # Syslog program identification string + # Default to 'pgpool' + +# - Debug - + +debug_level = 1 + # Debug message verbosity level + # 0 means no message, 1 or more mean verbose + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +pid_file_name = '/tmp/pgpool.pid' + # PID file name + # (change requires restart) +logdir = '/tmp' + # Directory of pgPool status file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTION POOLING +#------------------------------------------------------------------------------ + +connection_cache = off + # Activate connection pools + # (change requires restart) + + # Semicolon separated list of queries + # to be issued at the end of a session + # The default is for 8.3 and later +reset_query_list = 'ABORT; DISCARD ALL' + # The following one is for 8.2 and before +#reset_query_list = 'ABORT; RESET ALL; SET SESSION AUTHORIZATION DEFAULT' + + +#------------------------------------------------------------------------------ +# REPLICATION MODE +#------------------------------------------------------------------------------ + +replication_mode = off + # Activate replication mode + # (change requires restart) +replicate_select = off + # Replicate SELECT statements + # when in replication or parallel mode + # replicate_select is higher priority than + # load_balance_mode. + +insert_lock = off + # Automatically locks a dummy row or a table + # with INSERT statements to keep SERIAL data + # consistency + # Without SERIAL, no lock will be issued +lobj_lock_table = '' + # When rewriting lo_creat command in + # replication mode, specify table name to + # lock + +# - Degenerate handling - + +replication_stop_on_mismatch = off + # On disagreement with the packet kind + # sent from backend, degenerate the node + # which is most likely "minority" + # If off, just force to exit this session + +failover_if_affected_tuples_mismatch = off + # On disagreement with the number of affected + # tuples in UPDATE/DELETE queries, then + # degenerate the node which is most likely + # "minority". + # If off, just abort the transaction to + # keep the consistency + + +#------------------------------------------------------------------------------ +# LOAD BALANCING MODE +#------------------------------------------------------------------------------ + +load_balance_mode = on + # Activate load balancing mode + # (change requires restart) +ignore_leading_white_space = on + # Ignore leading white spaces of each query +white_function_list = '' + # Comma separated list of function names + # that don't write to database + # Regexp are accepted +black_function_list = 'currval,lastval,nextval,setval' + # Comma separated list of function names + # that write to database + # Regexp are accepted + + +#------------------------------------------------------------------------------ +# MASTER/SLAVE MODE +#------------------------------------------------------------------------------ + +master_slave_mode = on + # Activate master/slave mode + # (change requires restart) +master_slave_sub_mode = 'stream' + # Master/slave sub mode + # Valid values are combinations slony or + # stream. Default is slony. + # (change requires restart) + +# - Streaming - + +sr_check_period = 10 + # Streaming replication check period + # Disabled (0) by default +sr_check_user = '{{.Values.credentials.pgusername}}' + # Streaming replication check user + # This is neccessary even if you disable streaming + # replication delay check by sr_check_period = 0 +sr_check_password = '{{.Values.credentials.pgpassword}}' + # Password for streaming replication check user +delay_threshold = 10000000 + # Threshold before not dispatching query to standby node + # Unit is in bytes + # Disabled (0) by default + +# - Special commands - + +follow_master_command = '' + # Executes this command after master failover + # Special values: + # %d = node id + # %h = host name + # %p = port number + # %D = database cluster path + # %m = new master node id + # %H = hostname of the new master node + # %M = old master node id + # %P = old primary node id + # %r = new master port number + # %R = new master database cluster path + # %% = '%' character + + +#------------------------------------------------------------------------------ +# PARALLEL MODE +#------------------------------------------------------------------------------ + +parallel_mode = off + # Activates parallel query mode + # (change requires restart) +pgpool2_hostname = '' + # Set pgpool2 hostname + # (change requires restart) + +# - System DB info - + +#system_db_hostname = 'localhost' + # (change requires restart) +#system_db_port = 5432 + # (change requires restart) +#system_db_dbname = 'pgpool' + # (change requires restart) +#system_db_schema = 'pgpool_catalog' + # (change requires restart) +#system_db_user = 'pgpool' + # (change requires restart) +#system_db_password = '' + # (change requires restart) + + +#------------------------------------------------------------------------------ +# HEALTH CHECK +#------------------------------------------------------------------------------ + +health_check_period = 20 + # Health check period + # Disabled (0) by default +health_check_timeout = 10 + # Health check timeout + # 0 means no timeout +health_check_user = '{{.Values.credentials.pgusername}}' + # Health check user +health_check_password = '{{.Values.credentials.pgpassword}}' + # Password for health check user +health_check_max_retries = 3 +connect_timeout = 10000 # Timeout value in milliseconds before giving up to connect to backend. + + # Maximum number of times to retry a failed health check before giving up. +health_check_retry_delay = 1 + # Amount of time to wait (in seconds) between retries. + + +#------------------------------------------------------------------------------ +# FAILOVER AND FAILBACK +#------------------------------------------------------------------------------ + +failover_command = '' + # Executes this command at failover + # Special values: + # %d = node id + # %h = host name + # %p = port number + # %D = database cluster path + # %m = new master node id + # %H = hostname of the new master node + # %M = old master node id + # %P = old primary node id + # %r = new master port number + # %R = new master database cluster path + # %% = '%' character +failback_command = '' + # Executes this command at failback. + # Special values: + # %d = node id + # %h = host name + # %p = port number + # %D = database cluster path + # %m = new master node id + # %H = hostname of the new master node + # %M = old master node id + # %P = old primary node id + # %r = new master port number + # %R = new master database cluster path + # %% = '%' character + +fail_over_on_backend_error = off + # Initiates failover when reading/writing to the + # backend communication socket fails + # If set to off, pgpool will report an + # error and disconnect the session. + +search_primary_node_timeout = 10 + # Timeout in seconds to search for the + # primary node when a failover occurs. + # 0 means no timeout, keep searching + # for a primary node forever. + +#------------------------------------------------------------------------------ +# ONLINE RECOVERY +#------------------------------------------------------------------------------ + +recovery_user = '{{.Values.credentials.pgusername}}' + # Online recovery user +recovery_password = '{{.Values.credentials.pgpassword}}' + # Online recovery password +recovery_1st_stage_command = '' + # Executes a command in first stage +recovery_2nd_stage_command = '' + # Executes a command in second stage +recovery_timeout = 90 + # Timeout in seconds to wait for the + # recovering node's postmaster to start up + # 0 means no wait +client_idle_limit_in_recovery = 0 + # Client is disconnected after being idle + # for that many seconds in the second stage + # of online recovery + # 0 means no disconnection + # -1 means immediate disconnection + + +#------------------------------------------------------------------------------ +# WATCHDOG +#------------------------------------------------------------------------------ + +# - Enabling - + +use_watchdog = off + # Activates watchdog + # (change requires restart) + +# -Connection to up stream servers - + +trusted_servers = '' + # trusted server list which are used + # to confirm network connection + # (hostA,hostB,hostC,...) + # (change requires restart) +ping_path = '/bin' + # ping command path + # (change requires restart) + +# - Watchdog communication Settings - + +wd_hostname = '' + # Host name or IP address of this watchdog + # (change requires restart) +wd_port = 9000 + # port number for watchdog service + # (change requires restart) +wd_authkey = '' + # Authentication key for watchdog communication + # (change requires restart) + +# - Virtual IP control Setting - + +delegate_IP = '' + # delegate IP address + # If this is empty, virtual IP never bring up. + # (change requires restart) +ifconfig_path = '/sbin' + # ifconfig command path + # (change requires restart) +if_up_cmd = 'ifconfig eth0:0 inet $_IP_$ netmask 255.255.255.0' + # startup delegate IP command + # (change requires restart) +if_down_cmd = 'ifconfig eth0:0 down' + # shutdown delegate IP command + # (change requires restart) + +arping_path = '/usr/sbin' # arping command path + # (change requires restart) + +arping_cmd = 'arping -U $_IP_$ -w 1' + # arping command + # (change requires restart) + +# - Behaivor on escalation Setting - + +clear_memqcache_on_escalation = on + # Clear all the query cache on shared memory + # when standby pgpool escalate to active pgpool + # (= virtual IP holder). + # This should be off if client connects to pgpool + # not using virtual IP. + # (change requires restart) +wd_escalation_command = '' + # Executes this command at escalation on new active pgpool. + # (change requires restart) + +# - Lifecheck Setting - + +# -- common -- + +wd_lifecheck_method = 'heartbeat' + # Method of watchdog lifecheck ('heartbeat' or 'query') + # (change requires restart) +wd_interval = 10 + # lifecheck interval (sec) > 0 + # (change requires restart) + +# -- heartbeat mode -- + +wd_heartbeat_port = 9694 + # Port number for receiving heartbeat signal + # (change requires restart) +wd_heartbeat_keepalive = 2 + # Interval time of sending heartbeat signal (sec) + # (change requires restart) +wd_heartbeat_deadtime = 30 + # Deadtime interval for heartbeat signal (sec) + # (change requires restart) +heartbeat_destination0 = 'host0_ip1' + # Host name or IP address of destination 0 + # for sending heartbeat signal. + # (change requires restart) +heartbeat_destination_port0 = 9694 + # Port number of destination 0 for sending + # heartbeat signal. Usually this is the + # same as wd_heartbeat_port. + # (change requires restart) +heartbeat_device0 = '' + # Name of NIC device (such like 'eth0') + # used for sending/receiving heartbeat + # signal to/from destination 0. + # This works only when this is not empty + # and pgpool has root privilege. + # (change requires restart) + +#heartbeat_destination1 = 'host0_ip2' +#heartbeat_destination_port1 = 9694 +#heartbeat_device1 = '' + +# -- query mode -- + +wd_life_point = 3 + # lifecheck retry times + # (change requires restart) +wd_lifecheck_query = 'SELECT 1' + # lifecheck query to pgpool from watchdog + # (change requires restart) +wd_lifecheck_dbname = 'template1' + # Database name connected for lifecheck + # (change requires restart) +wd_lifecheck_user = 'nobody' + # watchdog user monitoring pgpools in lifecheck + # (change requires restart) +wd_lifecheck_password = '' + # Password for watchdog user in lifecheck + # (change requires restart) + +# - Other pgpool Connection Settings - + +#other_pgpool_hostname0 = 'host0' + # Host name or IP address to connect to for other pgpool 0 + # (change requires restart) +#other_pgpool_port0 = 5432 + # Port number for othet pgpool 0 + # (change requires restart) +#other_wd_port0 = 9000 + # Port number for othet watchdog 0 + # (change requires restart) +#other_pgpool_hostname1 = 'host1' +#other_pgpool_port1 = 5432 +#other_wd_port1 = 9000 + + +#------------------------------------------------------------------------------ +# OTHERS +#------------------------------------------------------------------------------ +relcache_expire = 0 + # Life time of relation cache in seconds. + # 0 means no cache expiration(the default). + # The relation cache is used for cache the + # query result against PostgreSQL system + # catalog to obtain various information + # including table structures or if it's a + # temporary table or not. The cache is + # maintained in a pgpool child local memory + # and being kept as long as it survives. + # If someone modify the table by using + # ALTER TABLE or some such, the relcache is + # not consistent anymore. + # For this purpose, cache_expiration + # controls the life time of the cache. +relcache_size = 256 + # Number of relation cache + # entry. If you see frequently: + # "pool_search_relcache: cache replacement happend" + # in the pgpool log, you might want to increate this number. + +check_temp_table = on + # If on, enable temporary table check in SELECT statements. + # This initiates queries against system catalog of primary/master + # thus increases load of master. + # If you are absolutely sure that your system never uses temporary tables + # and you want to save access to primary/master, you could turn this off. + # Default is on. + + +#------------------------------------------------------------------------------ +# ON MEMORY QUERY MEMORY CACHE +#------------------------------------------------------------------------------ +memory_cache_enabled = off + # If on, use the memory cache functionality, off by default +memqcache_method = 'shmem' + # Cache storage method. either 'shmem'(shared memory) or + # 'memcached'. 'shmem' by default + # (change requires restart) +memqcache_memcached_host = 'localhost' + # Memcached host name or IP address. Mandatory if + # memqcache_method = 'memcached'. + # Defaults to localhost. + # (change requires restart) +memqcache_memcached_port = 11211 + # Memcached port number. Mondatory if memqcache_method = 'memcached'. + # Defaults to 11211. + # (change requires restart) +memqcache_total_size = 67108864 + # Total memory size in bytes for storing memory cache. + # Mandatory if memqcache_method = 'shmem'. + # Defaults to 64MB. + # (change requires restart) +memqcache_max_num_cache = 1000000 + # Total number of cache entries. Mandatory + # if memqcache_method = 'shmem'. + # Each cache entry consumes 48 bytes on shared memory. + # Defaults to 1,000,000(45.8MB). + # (change requires restart) +memqcache_expire = 0 + # Memory cache entry life time specified in seconds. + # 0 means infinite life time. 0 by default. + # (change requires restart) +memqcache_auto_cache_invalidation = on + # If on, invalidation of query cache is triggered by corresponding + # DDL/DML/DCL(and memqcache_expire). If off, it is only triggered + # by memqcache_expire. on by default. + # (change requires restart) +memqcache_maxcache = 409600 + # Maximum SELECT result size in bytes. + # Must be smaller than memqcache_cache_block_size. Defaults to 400KB. + # (change requires restart) +memqcache_cache_block_size = 1048576 + # Cache block size in bytes. Mandatory if memqcache_method = 'shmem'. + # Defaults to 1MB. + # (change requires restart) +memqcache_oiddir = '/var/log/pgpool/oiddir' + # Temporary work directory to record table oids + # (change requires restart) +white_memqcache_table_list = '' + # Comma separated list of table names to memcache + # that don't write to database + # Regexp are accepted +black_memqcache_table_list = '' + # Comma separated list of table names not to memcache + # that don't write to database + # Regexp are accepted diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_hba.conf b/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_hba.conf new file mode 100644 index 0000000000..d8918409e8 --- /dev/null +++ b/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_hba.conf @@ -0,0 +1,67 @@ +# pgpool Client Authentication Configuration File a custom version +# =============================================== +# +# The format rule in this file follows the rules in the PostgreSQL +# Administrator's Guide. Refer to chapter "Client Authentication" for a +# complete description. A short synopsis follows. +# +# This file controls: which hosts are allowed to connect, how clients +# are authenticated, which user names they can use, which databases they +# can access. Records take one of these forms: +# +# local DATABASE USER METHOD [OPTION] +# host DATABASE USER CIDR-ADDRESS METHOD [OPTION] +# +# (The uppercase items must be replaced by actual values.) +# +# The first field is the connection type: "local" is a Unix-domain +# socket, "host" is either a plain or SSL-encrypted TCP/IP socket. +# +# DATABASE can be "all", "sameuser", a database name, or a comma-separated +# list thereof. Note that "samegroup" like in PostgreSQL's pg_hba.conf +# file is not supported, since pgpool does not know which group a user +# belongs to. Also note that the database specified here may not exist in +# the backend PostgreSQL. pgpool will authenticate based on the database's +# name, not based on whether it exists or not. +# +# USER can be "all", a user name, or a comma-separated list thereof. In +# both the DATABASE and USER fields you can also write a file name prefixed +# with "@" to include names from a separate file. Note that a group name +# prefixed with "+" like in PostgreSQL's pg_hba.conf file is not supported +# because of the same reason as "samegroup" token. Also note that a user +# name specified here may not exist in the backend PostgreSQL. pgpool will +# authenticate based on the user's name, not based on whether he/she exists. +# +# CIDR-ADDRESS specifies the set of hosts the record matches. +# It is made up of an IP address and a CIDR mask that is an integer +# (between 0 and 32 (IPv4) that specifies the number of significant bits in +# the mask. Alternatively, you can write an IP address and netmask in +# separate columns to specify the set of hosts. +# +# METHOD can be "trust", "reject", "md5" or "pam". Note that "pam" sends passwords +# in clear text. +# +# OPTION is the name of the PAM service. Default service name is "pgpool" +# +# Database and user names containing spaces, commas, quotes and other special +# characters must be quoted. Quoting one of the keywords "all" or "sameuser" +# makes the name lose its special character, and just match a database or +# username with that name. +# +# This file is read on pgpool startup. If you edit the file on a running +# system, you have to restart the pgpool for the changes to take effect. + +# Put your actual configuration here +# ---------------------------------- +# +# If you want to allow non-local connections, you need to add more +# "host" records. In that case you will also need to make pgpool listen +# on a non-local interface via the listen_addresses configuration parameter. +# + +# TYPE DATABASE USER CIDR-ADDRESS METHOD + +# "local" is for Unix domain socket connections only +#local all all trust +# IPv4 local connections: +host all all 0.0.0.0/0 md5 diff --git a/kubernetes/common/postgres/charts/pgpool/configs/pool_passwd b/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_passwd index 3636d1de74..3636d1de74 100644 --- a/kubernetes/common/postgres/charts/pgpool/configs/pool_passwd +++ b/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_passwd diff --git a/kubernetes/common/mysql/requirements.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/requirements.yaml index 79d7de4dd3..5b097f3ab7 100644 --- a/kubernetes/common/mysql/requirements.yaml +++ b/kubernetes/common/postgres-legacy/charts/pgpool/requirements.yaml @@ -1,4 +1,4 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2018 Amdocs, AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/common/mysql/templates/storageclass.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/templates/configmap.yaml index bbe4562d0a..e2c77ff910 100644..100755 --- a/kubernetes/common/mysql/templates/storageclass.yaml +++ b/kubernetes/common/postgres-legacy/charts/pgpool/templates/configmap.yaml @@ -1,4 +1,3 @@ -{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -12,18 +11,16 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} -{{ if not .Values.disableNfsProvisioner }} -kind: StorageClass -apiVersion: storage.k8s.io/v1 +apiVersion: v1 +kind: ConfigMap metadata: - name: "{{ include "common.fullname" . }}-mysql" + name: {{ include "common.fullname" . }}-pgpool-configmap namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -provisioner: {{ include "common.fullname" . }}/nfs -{{ end }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/templates/deployment.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/templates/deployment.yaml new file mode 100644 index 0000000000..15fa18d81d --- /dev/null +++ b/kubernetes/common/postgres-legacy/charts/pgpool/templates/deployment.yaml @@ -0,0 +1,68 @@ +{{/* +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: 2 + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + containers: + - image: "{{.Values.repository}}/{{.Values.image}}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }} + env: + - name: PG_PRIMARY_SERVICE_NAME + value: {{.Values.container.name.primary}} + - name: PG_REPLICA_SERVICE_NAME + value: {{.Values.container.name.replica}} + - name: PG_USERNAME + value: {{.Values.credentials.pgusername}} + - name: PG_PASSWORD + value: {{.Values.credentials.pgpassword}} + ports: + - containerPort: 5432 + name: pgpool + protocol: TCP + readinessProbe: + tcpSocket: + port: 5432 + initialDelaySeconds: 20 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: 5432 + initialDelaySeconds: 15 + periodSeconds: 20 + volumeMounts: + - name: pgpool-pgconf + mountPath: /pgconf/pgpoolconfigdir + readOnly: false + volumes: + - name: pgpool-pgconf + configMap: + name: {{ include "common.fullname" . }}-pgpool-configmap diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/templates/service.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/templates/service.yaml new file mode 100644 index 0000000000..86442a2740 --- /dev/null +++ b/kubernetes/common/postgres-legacy/charts/pgpool/templates/service.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.name }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.name }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.name }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} diff --git a/kubernetes/common/nfs-provisioner/values.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/values.yaml index 687219d680..cb732b7cd7 100644 --- a/kubernetes/common/nfs-provisioner/values.yaml +++ b/kubernetes/common/postgres-legacy/charts/pgpool/values.yaml @@ -1,50 +1,44 @@ -# Copyright © 2019 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- persistence:
- mountPath: /dockerdata-nfs
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-dockerHubRepository: registry.hub.docker.com
-pullPolicy: Always
-
-# default number of instances
-
-nodeSelector: {}
-
-affinity: {}
-
-service:
- name: nfs-provisioner
- nfsPort: 2049
- mountdPort: 20048
- rpcbindPort: 111
- rpcbindUdpPort: 111
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
- mountPath: /dockerdata-nfs
-
-## NFS provisioner image properties
-nfsprovisionerRepository: quay.io
-nfsprovisionerImage: kubernetes_incubator/nfs-provisioner:v1.0.8
-
+# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + persistence: {} + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: crunchydata +image: crunchy-pgpool:centos7-10.4-2.0.0 +pullPolicy: Always + +container: + port: 5432 + name: + primary: pgset-primary + replica: pgset-replica +credentials: + pgusername: testuser + pgpassword: password +service: + name: pgpool + type: ClusterIP + externalPort: 5432 + internalPort: 5432 diff --git a/kubernetes/common/nfs-provisioner/requirements.yaml b/kubernetes/common/postgres-legacy/requirements.yaml index 542c262ef0..5b097f3ab7 100644 --- a/kubernetes/common/nfs-provisioner/requirements.yaml +++ b/kubernetes/common/postgres-legacy/requirements.yaml @@ -1,4 +1,4 @@ -# Copyright © 2019 Amdocs, Bell Canada +# Copyright © 2018 Amdocs, AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/common/postgres-legacy/templates/pv.yaml b/kubernetes/common/postgres-legacy/templates/pv.yaml new file mode 100644 index 0000000000..bcd67d79cb --- /dev/null +++ b/kubernetes/common/postgres-legacy/templates/pv.yaml @@ -0,0 +1,45 @@ +{{/* +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +{{- $global := . }} +{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} +{{- if eq "True" (include "common.needPV" .) -}} +{{- range $i := until (int $global.Values.replicaCount)}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" $global }}-data-{{ $i }} + namespace: {{ include "common.namespace" $global }} + labels: + app: {{ include "common.fullname" $global }} + chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" + release: "{{ $global.Release.Name }}" + heritage: "{{ $global.Release.Service }}" + name: {{ include "common.fullname" $global }} +spec: + capacity: + storage: {{ $global.Values.persistence.size}} + accessModes: + - {{ $global.Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" $global }}-data" + hostPath: + path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ $global.Release.Name }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} +{{if ne $i (int $global.Values.replicaCount) }} +--- +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/postgres-legacy/templates/secrets.yaml b/kubernetes/common/postgres-legacy/templates/secrets.yaml new file mode 100644 index 0000000000..29de3af260 --- /dev/null +++ b/kubernetes/common/postgres-legacy/templates/secrets.yaml @@ -0,0 +1,31 @@ +{{/* +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + pg-primary-password: {{ .Values.config.pgPrimaryPassword | b64enc | quote }} + pg-user-password: {{ .Values.config.pgUserPassword | b64enc | quote }} + pg-root-password: {{ .Values.config.pgRootPassword | b64enc | quote }} + diff --git a/kubernetes/common/postgres/templates/service.yaml b/kubernetes/common/postgres-legacy/templates/service.yaml index 2a4e369ef4..2a4e369ef4 100644 --- a/kubernetes/common/postgres/templates/service.yaml +++ b/kubernetes/common/postgres-legacy/templates/service.yaml diff --git a/kubernetes/common/postgres/templates/statefulset.yaml b/kubernetes/common/postgres-legacy/templates/statefulset.yaml index db4a256f12..7c38d1d9d7 100644 --- a/kubernetes/common/postgres/templates/statefulset.yaml +++ b/kubernetes/common/postgres-legacy/templates/statefulset.yaml @@ -37,23 +37,13 @@ spec: - /bin/sh - -c - | - for i in $(seq 0 $(({{ .Values.replicaCount }}-1))); do - if [ ! -d /podroot/data$i ]; then - mkdir -p /podroot/data$i; - chown 26:26 /podroot/data$i; - chmod 700 /podroot/data$i; - fi; - done - env: - - name: POD_NAME - valueFrom: { fieldRef: { fieldPath: metadata.name } } - securityContext: - privileged: true + chown -R 26:26 /podroot/; + chmod 700 /podroot/; image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: init-sysctl + name: {{ include "common.name" . }}-prepare volumeMounts: - - name: {{ include "common.fullname" . }}-init + - name: {{ include "common.fullname" . }}-data mountPath: /podroot/ containers: - name: {{ include "common.name" . }} @@ -129,27 +119,25 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: {{ include "common.fullname" . }}-init - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountInitPath }} - name: {{ include "common.fullname" . }}-backup emptyDir: {} -#{{ if not .Values.persistence.enabled }} +{{- if not .Values.persistence.enabled }} - name: {{ include "common.fullname" . }}-data emptyDir: {} -#{{ else }} +{{- else }} volumeClaimTemplates: - metadata: name: {{ include "common.fullname" . }}-data labels: name: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" spec: - accessModes: [ {{ .Values.persistence.accessMode }} ] - storageClassName: {{ include "common.fullname" . }}-data + accessModes: + - {{ .Values.persistence.accessMode | quote }} + storageClassName: {{ include "common.storageClass" . }} resources: requests: - storage: {{ .Values.persistence.size }} - selector: - matchLabels: - name: {{ include "common.fullname" . }} -#{{ end }} + storage: {{ .Values.persistence.size | quote }} +{{- end }} diff --git a/kubernetes/common/mysql/values.yaml b/kubernetes/common/postgres-legacy/values.yaml index 9fd67fcabc..8dd5d0aaac 100644 --- a/kubernetes/common/mysql/values.yaml +++ b/kubernetes/common/postgres-legacy/values.yaml @@ -1,4 +1,4 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2018 Amdocs, AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,31 +21,54 @@ global: readinessRepository: oomk8s readinessImage: readiness-check:2.0.0 - ################################################################# # Application configuration defaults. ################################################################# -dockerHubRepository: registry.hub.docker.com -image: library/mysql:5.7 +# BusyBox image +busyboxRepository: registry.hub.docker.com +busyboxImage: library/busybox:latest + +postgresRepository: crunchydata +image: crunchy-postgres:centos7-10.4-2.0.0 pullPolicy: Always # application configuration config: - dbRootPassword: openECOMP1.0 + pgUserName: testuser + pgDatabase: userdb + pgPrimaryPassword: password + pgUserPassword: password + pgRootPassword: password + +container: + name: + primary: pgset-primary + replica: pgset-replica + +pgpool: + container: + port: 5432 + name: + primary: pgset-primary + replica: pgset-replica + credentials: + pgusername: testuser + pgpassword: password + service: + name: pgpool + # default number of instances -replicaCount: 1 +replicaCount: 2 nodeSelector: {} affinity: {} -disableNfsProvisioner: true - # probe configuration parameters liveness: - initialDelaySeconds: 30 + initialDelaySeconds: 300 periodSeconds: 10 timeoutSeconds: 5 # necessary to disable liveness probe when setting breakpoints @@ -53,7 +76,7 @@ liveness: enabled: true readiness: - initialDelaySeconds: 5 + initialDelaySeconds: 10 periodSeconds: 10 ## Persist data to a persitent volume @@ -75,21 +98,22 @@ persistence: accessMode: ReadWriteOnce size: 1Gi mountPath: /dockerdata-nfs - mountSubPath: "mysql/data" - mysqlPath: /var/lib/mysql + mountSubPath: postgres/data + mountInitPath: postgres service: - name: mysql - portName: mysql - internalPort: 3306 - # nfs provisioner ports - nfsPort: 2049 - mountdPort: 20048 - rpcbindPort: 111 - rpcbindUdpPort: 111 - type: NodePort - nodeport1: 72 - nodeport2: 73 + type: ClusterIP + name: pgset + externalPort: 5432 + internalPort: 5432 + type2: ClusterIP + name2: pgset-primary + externalPort2: 5432 + internalPort2: 5432 + type3: ClusterIP + name3: pgset-replica + externalPort3: 5432 + internalPort3: 5432 ingress: enabled: false @@ -113,21 +137,3 @@ resources: {} # cpu: 2 # memory: 4Gi -################################################################# -# Sidecar Configuration. -# -# xtrabackup configuration defaults. -################################################################# -xtrabackupRepository: gcr.io/google-samples -xtrabackupImage: xtrabackup:1.0 -xtrabackup: - internalPort: 3307 - -nfsprovisionerRepository: quay.io -nfsprovisionerImage: kubernetes_incubator/nfs-provisioner:v1.0.8 -nfsprovisionerPrefix: mysql - -sdnctlPrefix: mysql - -geoEnabled: false -geoSiteId: 1 diff --git a/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf b/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf index d8918409e8..580185c6f0 100644 --- a/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf +++ b/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf @@ -65,3 +65,4 @@ #local all all trust # IPv4 local connections: host all all 0.0.0.0/0 md5 + diff --git a/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml b/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml index 15fa18d81d..a4b0ca8657 100644 --- a/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml +++ b/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml @@ -31,6 +31,33 @@ spec: app: {{ include "common.name" . }} release: {{ .Release.Name }} spec: + initContainers: + - name: {{ include "common.name" . }}-job + image: "{{.Values.repository}}/{{.Values.image}}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: pgpool-pgconf + mountPath: /pgconf/pgpoolconfigdir + readOnly: false + - name: pgpool-pgconf-static + mountPath: /configdir/ + readOnly: false + command: + - /bin/sh + args: + - -c + - | + cp /configdir/pgpool.conf /pgconf/pgpoolconfigdir/ + cp /configdir/pool_hba.conf /pgconf/pgpoolconfigdir/ + pg_md5 -f /pgconf/pgpoolconfigdir/pgpool.conf --md5auth --username=${PG_USER} ${PG_PASSWORD} + env: + - name: PG_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: db-user-password + - name: PG_USER + value: {{ index .Values.credentials.pgusername }} containers: - image: "{{.Values.repository}}/{{.Values.image}}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -43,7 +70,10 @@ spec: - name: PG_USERNAME value: {{.Values.credentials.pgusername}} - name: PG_PASSWORD - value: {{.Values.credentials.pgpassword}} + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: db-user-password ports: - containerPort: 5432 name: pgpool @@ -64,5 +94,7 @@ spec: readOnly: false volumes: - name: pgpool-pgconf + emptyDir: {} + - name: pgpool-pgconf-static configMap: name: {{ include "common.fullname" . }}-pgpool-configmap diff --git a/kubernetes/common/postgres/charts/pgpool/templates/secrets.yaml b/kubernetes/common/postgres/charts/pgpool/templates/secrets.yaml new file mode 100644 index 0000000000..b449faca92 --- /dev/null +++ b/kubernetes/common/postgres/charts/pgpool/templates/secrets.yaml @@ -0,0 +1,28 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +type: Opaque +data: + db-user-password: {{ default "" .Values.credentials.pgpassword | b64enc | quote }} + diff --git a/kubernetes/common/postgres/charts/pgpool/templates/service.yaml b/kubernetes/common/postgres/charts/pgpool/templates/service.yaml index 86442a2740..4306b264b2 100644 --- a/kubernetes/common/postgres/charts/pgpool/templates/service.yaml +++ b/kubernetes/common/postgres/charts/pgpool/templates/service.yaml @@ -15,11 +15,11 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.externalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.name }} + name: {{ .Values.service.portName }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} + name: {{ .Values.service.portName }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/common/postgres/charts/pgpool/values.yaml b/kubernetes/common/postgres/charts/pgpool/values.yaml index cb732b7cd7..8ceff8f964 100644 --- a/kubernetes/common/postgres/charts/pgpool/values.yaml +++ b/kubernetes/common/postgres/charts/pgpool/values.yaml @@ -38,7 +38,8 @@ credentials: pgusername: testuser pgpassword: password service: - name: pgpool + name: pgpool + portName: tcp-postgres type: ClusterIP externalPort: 5432 internalPort: 5432 diff --git a/kubernetes/common/postgres/configs/pg_hba.conf b/kubernetes/common/postgres/configs/pg_hba.conf new file mode 100644 index 0000000000..580185c6f0 --- /dev/null +++ b/kubernetes/common/postgres/configs/pg_hba.conf @@ -0,0 +1,68 @@ +# pgpool Client Authentication Configuration File a custom version +# =============================================== +# +# The format rule in this file follows the rules in the PostgreSQL +# Administrator's Guide. Refer to chapter "Client Authentication" for a +# complete description. A short synopsis follows. +# +# This file controls: which hosts are allowed to connect, how clients +# are authenticated, which user names they can use, which databases they +# can access. Records take one of these forms: +# +# local DATABASE USER METHOD [OPTION] +# host DATABASE USER CIDR-ADDRESS METHOD [OPTION] +# +# (The uppercase items must be replaced by actual values.) +# +# The first field is the connection type: "local" is a Unix-domain +# socket, "host" is either a plain or SSL-encrypted TCP/IP socket. +# +# DATABASE can be "all", "sameuser", a database name, or a comma-separated +# list thereof. Note that "samegroup" like in PostgreSQL's pg_hba.conf +# file is not supported, since pgpool does not know which group a user +# belongs to. Also note that the database specified here may not exist in +# the backend PostgreSQL. pgpool will authenticate based on the database's +# name, not based on whether it exists or not. +# +# USER can be "all", a user name, or a comma-separated list thereof. In +# both the DATABASE and USER fields you can also write a file name prefixed +# with "@" to include names from a separate file. Note that a group name +# prefixed with "+" like in PostgreSQL's pg_hba.conf file is not supported +# because of the same reason as "samegroup" token. Also note that a user +# name specified here may not exist in the backend PostgreSQL. pgpool will +# authenticate based on the user's name, not based on whether he/she exists. +# +# CIDR-ADDRESS specifies the set of hosts the record matches. +# It is made up of an IP address and a CIDR mask that is an integer +# (between 0 and 32 (IPv4) that specifies the number of significant bits in +# the mask. Alternatively, you can write an IP address and netmask in +# separate columns to specify the set of hosts. +# +# METHOD can be "trust", "reject", "md5" or "pam". Note that "pam" sends passwords +# in clear text. +# +# OPTION is the name of the PAM service. Default service name is "pgpool" +# +# Database and user names containing spaces, commas, quotes and other special +# characters must be quoted. Quoting one of the keywords "all" or "sameuser" +# makes the name lose its special character, and just match a database or +# username with that name. +# +# This file is read on pgpool startup. If you edit the file on a running +# system, you have to restart the pgpool for the changes to take effect. + +# Put your actual configuration here +# ---------------------------------- +# +# If you want to allow non-local connections, you need to add more +# "host" records. In that case you will also need to make pgpool listen +# on a non-local interface via the listen_addresses configuration parameter. +# + +# TYPE DATABASE USER CIDR-ADDRESS METHOD + +# "local" is for Unix domain socket connections only +#local all all trust +# IPv4 local connections: +host all all 0.0.0.0/0 md5 + diff --git a/kubernetes/common/mysql/templates/configmap.yaml b/kubernetes/common/postgres/templates/configmap.yaml index 65ac5f2d1e..7abd39b9b9 100644 --- a/kubernetes/common/mysql/templates/configmap.yaml +++ b/kubernetes/common/postgres/templates/configmap.yaml @@ -1,5 +1,4 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2019 Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,12 +11,11 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-db-configmap + name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -25,17 +23,5 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: - master.cnf: | - # Apply this config only on the master. - [mysqld] - sql_mode = "NO_ENGINE_SUBSTITUTION" - log-bin - [localpathprefix] - master - slave.cnf: | - # Apply this config only on slaves. - [mysqld] - sql_mode = "NO_ENGINE_SUBSTITUTION" - super-read-only - [localpathprefix] - slave +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} + diff --git a/kubernetes/common/postgres/templates/deployment-primary.yaml b/kubernetes/common/postgres/templates/deployment-primary.yaml new file mode 100644 index 0000000000..9cb3007400 --- /dev/null +++ b/kubernetes/common/postgres/templates/deployment-primary.yaml @@ -0,0 +1,138 @@ +{{/* +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }}-primary + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-primary + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: "{{ .Values.container.name.primary }}" +spec: + serviceName: {{ .Values.service.name }} + replicas: 1 + template: + metadata: + labels: + app: {{ include "common.name" . }}-primary + release: {{ .Release.Name }} + name: "{{ .Values.container.name.primary }}" + spec: + initContainers: + - name: init-sysctl + command: + - /bin/sh + - -c + - | + chown 26:26 /podroot/; + chmod 700 /podroot/; + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-data + mountPath: /podroot/ + containers: + - name: {{ include "common.name" . }} + image: "{{ .Values.postgresRepository }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + {{- end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: PGHOST + value: /tmp + - name: PG_PRIMARY_USER + value: primaryuser + - name: PG_MODE + value: primary + - name: PG_PRIMARY_HOST + value: "{{ .Values.container.name.primary }}" + - name: PG_REPLICA_HOST + value: "{{ .Values.container.name.replica }}" + - name: PG_PRIMARY_PORT + value: "{{ .Values.service.internalPort }}" + - name: PG_PRIMARY_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: pg-primary-password + - name: PG_USER + value: "{{ .Values.config.pgUserName }}" + - name: PG_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: pg-user-password + - name: PG_DATABASE + value: "{{ .Values.config.pgDatabase }}" + - name: PG_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: pg-root-password + volumeMounts: + - name: pool-hba-conf + mountPath: /pgconf/pool_hba.conf + subPath: pool_hba.conf + - mountPath: /pgdata + name: {{ include "common.fullname" . }}-data + - mountPath: /backup + name: {{ include "common.fullname" . }}-backup + readOnly: true + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-backup + emptyDir: {} + - name: {{ include "common.fullname" . }}-data +{{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-primary +{{- else }} + emptyDir: {} +{{ end }} + - name: pool-hba-conf + configMap: + name: {{ include "common.fullname" . }} diff --git a/kubernetes/common/postgres/templates/deployment-replica.yaml b/kubernetes/common/postgres/templates/deployment-replica.yaml new file mode 100644 index 0000000000..8f09a2f48f --- /dev/null +++ b/kubernetes/common/postgres/templates/deployment-replica.yaml @@ -0,0 +1,138 @@ +{{/* +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }}-replica + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-replica + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: "{{ .Values.container.name.replica }}" +spec: + serviceName: {{ .Values.service.name }} + replicas: 1 + template: + metadata: + labels: + app: {{ include "common.name" . }}-replica + release: {{ .Release.Name }} + name: "{{ .Values.container.name.replica }}" + spec: + initContainers: + - name: init-sysctl + command: + - /bin/sh + - -c + - | + chown 26:26 /podroot/; + chmod 700 /podroot/; + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-data + mountPath: /podroot/ + containers: + - name: {{ include "common.name" . }} + image: "{{ .Values.postgresRepository }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + {{end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: PGHOST + value: /tmp + - name: PG_PRIMARY_USER + value: primaryuser + - name: PG_MODE + value: replica + - name: PG_PRIMARY_HOST + value: "{{.Values.container.name.primary}}" + - name: PG_REPLICA_HOST + value: "{{.Values.container.name.replica}}" + - name: PG_PRIMARY_PORT + value: "{{.Values.service.internalPort}}" + - name: PG_PRIMARY_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: pg-primary-password + - name: PG_USER + value: "{{.Values.config.pgUserName}}" + - name: PG_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: pg-user-password + - name: PG_DATABASE + value: "{{.Values.config.pgDatabase}}" + - name: PG_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: pg-root-password + volumeMounts: + - name: pool-hba-conf + mountPath: /pgconf/pool_hba.conf + subPath: pool_hba.conf + - mountPath: /pgdata + name: {{ include "common.fullname" . }}-data + - mountPath: /backup + name: {{ include "common.fullname" . }}-backup + readOnly: true + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-backup + emptyDir: {} + - name: {{ include "common.fullname" . }}-data +{{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-replica +{{- else }} + emptyDir: {} +{{ end }} + - name: pool-hba-conf + configMap: + name: {{ include "common.fullname" . }} diff --git a/kubernetes/common/postgres/templates/pv.yaml b/kubernetes/common/postgres/templates/pv-primary.yaml index 144a3f793b..1764868ffc 100644 --- a/kubernetes/common/postgres/templates/pv.yaml +++ b/kubernetes/common/postgres/templates/pv-primary.yaml @@ -14,10 +14,11 @@ # # limitations under the License. */}} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if include "common.needPV" . -}} kind: PersistentVolume apiVersion: v1 metadata: - name: {{ include "common.fullname" . }}-data0 + name: {{ include "common.fullname" . }}-primary namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.fullname" . }} @@ -30,29 +31,9 @@ spec: storage: {{ .Values.persistence.size}} accessModes: - {{ .Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" . }}-data" + storageClassName: "{{ include "common.fullname" . }}-primary" persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}0 ---- -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-data1 - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" . }}-data" - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}1 + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}/primary +{{- end -}} {{- end -}} diff --git a/kubernetes/common/postgres/templates/pv-replica.yaml b/kubernetes/common/postgres/templates/pv-replica.yaml new file mode 100644 index 0000000000..b67cac0c26 --- /dev/null +++ b/kubernetes/common/postgres/templates/pv-replica.yaml @@ -0,0 +1,39 @@ +{{/* +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if include "common.needPV" . -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-replica + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: "{{ include "common.fullname" . }}-replica" + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}/replica +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/mariadb-galera/templates/pvc.yaml b/kubernetes/common/postgres/templates/pvc-primary.yaml index e27c3311e9..e529da1bd5 100644 --- a/kubernetes/common/mariadb-galera/templates/pvc.yaml +++ b/kubernetes/common/postgres/templates/pvc-primary.yaml @@ -18,31 +18,28 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: {{ include "common.fullname" . }} + name: {{ include "common.fullname" . }}-primary namespace: {{ include "common.namespace" . }} labels: - app: {{ include "common.name" . }} + app: {{ include "common.fullname" . }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} {{- if .Values.persistence.annotations }} annotations: {{ toYaml .Values.persistence.annotations | indent 4 }} {{- end }} spec: - selector: - matchLabels: - name: {{ include "common.fullname" . }} accessModes: - {{ .Values.persistence.accessMode }} resources: requests: storage: {{ .Values.persistence.size }} -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" +{{- if include "common.needPV" . }} + storageClassName: "{{ include "common.fullname" . }}-primary" {{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} + storageClassName: {{ include "common.storageClass" . }} {{- end }} + storageClassName: "{{ include "common.fullname" . }}-primary" {{- end -}} diff --git a/kubernetes/common/mongo/templates/pvc.yaml b/kubernetes/common/postgres/templates/pvc-replica.yaml index 372c106800..41199b6861 100644 --- a/kubernetes/common/mongo/templates/pvc.yaml +++ b/kubernetes/common/postgres/templates/pvc-replica.yaml @@ -18,7 +18,7 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: {{ include "common.fullname" . }}-data + name: {{ include "common.fullname" . }}-replica namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.fullname" . }} @@ -36,8 +36,9 @@ spec: resources: requests: storage: {{ .Values.persistence.size }} - selector: - matchLabels: - name: {{ include "common.fullname" . }} - storageClassName: "{{ include "common.fullname" . }}-data" +{{- if include "common.needPV" . }} + storageClassName: "{{ include "common.fullname" . }}-replica" +{{- else }} + storageClassName: {{ include "common.storageClass" . }} +{{- end }} {{- end -}} diff --git a/kubernetes/common/postgres/templates/service-common.yaml b/kubernetes/common/postgres/templates/service-common.yaml new file mode 100644 index 0000000000..da0505cfa6 --- /dev/null +++ b/kubernetes/common/postgres/templates/service-common.yaml @@ -0,0 +1,41 @@ +{{/* +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.name }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} diff --git a/kubernetes/common/postgres/templates/service-primary.yaml b/kubernetes/common/postgres/templates/service-primary.yaml new file mode 100644 index 0000000000..501c01ecfe --- /dev/null +++ b/kubernetes/common/postgres/templates/service-primary.yaml @@ -0,0 +1,41 @@ +{{/* +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.name2 }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-primary + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: +spec: + type: {{ .Values.service.type2 }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort2 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} + name: {{ .Values.service.portName2 }} + {{- else -}} + - port: {{ .Values.service.externalPort2 }} + targetPort: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 }} + {{- end}} + selector: + name: "{{.Values.container.name.primary}}" + release: {{ .Release.Name }} diff --git a/kubernetes/common/postgres/templates/service-replica.yaml b/kubernetes/common/postgres/templates/service-replica.yaml new file mode 100644 index 0000000000..34f76d125e --- /dev/null +++ b/kubernetes/common/postgres/templates/service-replica.yaml @@ -0,0 +1,41 @@ +{{/* +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.name3 }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-replica + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: +spec: + type: {{ .Values.service.type3 }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort3 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} + name: {{ .Values.service.portName3 }} + {{- else -}} + - port: {{ .Values.service.externalPort3 }} + targetPort: {{ .Values.service.internalPort3 }} + name: {{ .Values.service.portName3 }} + {{- end}} + selector: + name: "{{.Values.container.name.replica}}" + release: {{ .Release.Name }} diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml index 8dd5d0aaac..3104ee79d2 100644 --- a/kubernetes/common/postgres/values.yaml +++ b/kubernetes/common/postgres/values.yaml @@ -104,14 +104,17 @@ persistence: service: type: ClusterIP name: pgset + portName: tcp-postgres externalPort: 5432 internalPort: 5432 type2: ClusterIP - name2: pgset-primary + name2: tcp-pgset-primary + portName2: tcp-postgres externalPort2: 5432 internalPort2: 5432 type3: ClusterIP - name3: pgset-replica + name3: tcp-pgset-replica + portName3: tcp-postgres externalPort3: 5432 internalPort3: 5432 @@ -136,4 +139,3 @@ resources: {} # requests: # cpu: 2 # memory: 4Gi - |