diff options
Diffstat (limited to 'kubernetes/common')
13 files changed, 186 insertions, 20 deletions
diff --git a/kubernetes/common/cassandra/templates/servicemonitor.yaml b/kubernetes/common/cassandra/templates/servicemonitor.yaml new file mode 100644 index 0000000000..5297e692d2 --- /dev/null +++ b/kubernetes/common/cassandra/templates/servicemonitor.yaml @@ -0,0 +1,19 @@ +{{/* +# Copyright © 2022 Amdocs, Bitnami, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.metrics.serviceMonitor.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index 840e95b490..43367ee542 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada +# Copyright © 2022 Amdocs, AT&T, Bell Canada, Bitnami # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,6 +26,15 @@ spec: type: {{ .Values.updateStrategy.type }} template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} + {{- if or .Values.podAnnotations (and .Values.metrics.serviceMonitor.enabled .Values.metrics.podAnnotations) }} + annotations: + {{- if .Values.podAnnotations }} + {{- include "common.tplValue" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.serviceMonitor.enabled .Values.metrics.podAnnotations }} + {{- include "common.tplValue" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} spec: hostNetwork: {{ .Values.hostNetwork }} imagePullSecrets: @@ -126,6 +135,41 @@ spec: command: ["/bin/sh", "-c", "PID=$(pidof java) && kill $PID && while ps -p $PID > /dev/null; do sleep 1; done"] {{- end }} resources: {{ toYaml .Values.resources | nindent 10 }} + {{- if .Values.metrics.serviceMonitor.enabled }} + - name: {{ include "common.name" . }}-metrics + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.metrics.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.metrics.pullPolicy | quote}} + {{- if (.Values.metrics.enabled) }} + ports: + {{- range $index, $metricPort := .Values.metrics.ports }} + - name: {{ $metricPort.name }} + containerPort: {{ $metricPort.port }} + protocol: TCP + {{- end }} + livenessProbe: + httpGet: + path: {{ .Values.metrics.livenessProbe.httpGet.path }} + port: {{ .Values.metrics.livenessProbe.httpGet.port }} + initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} + readinessProbe: + httpGet: + path: {{ .Values.metrics.readinessProbe.httpGet.path }} + port: {{ .Values.metrics.readinessProbe.httpGet.port }} + initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} + {{- end }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 10 }} + {{- end }} + {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} {{- end -}} diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml index 1d69993956..597174ee0a 100644 --- a/kubernetes/common/cassandra/values.yaml +++ b/kubernetes/common/cassandra/values.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 Amdocs, Bell Canada, AT&T +# Copyright © 2022 Amdocs, Bell Canada, AT&T, Bitnami # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -168,3 +168,63 @@ serviceAccount: nameOverride: cassandra roles: - nothing + +# Cassandra Metrics +metrics: + enabled: false + image: bitnami/cassandra-exporter:2.3.4-debian-10-r641 + pullPolicy: IfNotPresent + ports: + - name: tcp-metrics + port: 8080 + podAnnotations: + prometheus.io/scrape: 'true' + prometheus.io/port: '8080' + livenessProbe: + enabled: true + httpGet: + path: /metrics + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /metrics + port: 8080 + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + serviceMonitor: + enabled: false + targetPort: 8080 + path: /metrics + basicAuth: + enabled: false + ## Namespace in which Prometheus is running + ## + # namespace: monitoring + + ## Interval at which metrics should be scraped. + #interval: 30s + + ## Timeout after which the scrape is ended + # scrapeTimeout: 10s + + ## ServiceMonitor selector labels + selector: + app.kubernetes.io/name: '{{ include "common.name" . }}' + helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + app.kubernetes.io/instance: '{{ include "common.release" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + + ## RelabelConfigs to apply to samples before scraping + relabelings: [] + + ## MetricRelabelConfigs to apply to samples before ingestion + metricRelabelings: [] diff --git a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh index fa3de03ece..96b0c0c0c8 100755 --- a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh +++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh @@ -41,7 +41,7 @@ for f in $CERTS_DIR/*; do if echo $f | grep '\.sh$' >/dev/null; then continue fi - if echo $f | grep '\.b64$' >/dev/null; then + if echo $f | grep '\.b64$' >/dev/null then base64 -d $f > $WORK_DIR/`basename $f .b64` else @@ -87,4 +87,4 @@ if [ $? != 0 ] exit 1 else cp /etc/ssl/certs/ca-certificates.crt $WORK_DIR/. -fi
\ No newline at end of file +fi diff --git a/kubernetes/common/certInitializer/templates/job.yaml b/kubernetes/common/certInitializer/templates/job.yaml index 2acb423511..84a3e87098 100644 --- a/kubernetes/common/certInitializer/templates/job.yaml +++ b/kubernetes/common/certInitializer/templates/job.yaml @@ -25,6 +25,8 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: {{ include "common.certInitializer.initContainer" (dict "dot" . "initRoot" .Values) | nindent 6 }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" containers: - name: create-tls-secret command: diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml index 4b8438ace2..aeac9901a3 100644 --- a/kubernetes/common/cmpv2Config/values.yaml +++ b/kubernetes/common/cmpv2Config/values.yaml @@ -35,5 +35,5 @@ global: truststorePasswordSecretName: oom-cert-service-truststore-password truststorePasswordSecretKey: password certPostProcessor: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0 diff --git a/kubernetes/common/common/templates/_dmaapProvisioning.tpl b/kubernetes/common/common/templates/_dmaapProvisioning.tpl index d28494aacd..eefd00d7bf 100644 --- a/kubernetes/common/common/templates/_dmaapProvisioning.tpl +++ b/kubernetes/common/common/templates/_dmaapProvisioning.tpl @@ -138,6 +138,7 @@ args: - -c - | + set -uex -o pipefail if [ -d /opt/app/config/cache ]; then cd /opt/app/config/cache for file in $(ls feed*); do @@ -147,8 +148,6 @@ done for file in $(ls drpub*); do NUM=$(echo "$file" | sed 's/drpubConfig-\([0-9]\+\)-resp.json/\1/') - export DR_USERNAME_"$NUM"="$(grep -o '"username":"[^"]*' "$file" | cut -d '"' -f4)" - export DR_PASSWORD_"$NUM"="$(grep -o '"userpwd":"[^"]*' "$file" | cut -d '"' -f4)" export DR_FILES_PUBLISHER_ID_"$NUM"="$(grep -o '"pubId":"[^"]*' "$file" | cut -d '"' -f4)" done for file in $(ls drsub*); do diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index a488e0d5fa..f6a0f211a9 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -267,6 +267,11 @@ spec: {{- $ports := $dot.Values.service.headlessPorts -}} {{- $labels := default (dict) .labels -}} {{- $matchLabels := default (dict) .matchLabels -}} +{{- if ($dot.Values.metrics) }} +{{- range $index, $metricPort := $dot.Values.metrics.ports }} +{{- $ports = append $ports $metricPort }} +{{- end }} +{{- end }} {{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "headless" true "labels" $labels "matchLabels" $matchLabels) }} {{- end -}} diff --git a/kubernetes/common/common/templates/_serviceMesh.tpl b/kubernetes/common/common/templates/_serviceMesh.tpl index d4fc182b34..a685a73627 100644 --- a/kubernetes/common/common/templates/_serviceMesh.tpl +++ b/kubernetes/common/common/templates/_serviceMesh.tpl @@ -14,8 +14,7 @@ # limitations under the License. */}} - -{/* +{{/* Calculate if we are on service mesh. */}} {{- define "common.onServiceMesh" -}} @@ -26,6 +25,9 @@ true {{- end -}} {{- end -}} +{{/* + Kills the sidecar proxy associated with a pod. +*/}} {{- define "common.serviceMesh.killSidecar" -}} {{- if (include "common.onServiceMesh" .) }} RCODE="$?"; @@ -37,3 +39,30 @@ echo "*** exiting with script exit code" ; exit "$RCODE" {{- end }} {{- end -}} + +{{/* + Wait for job container. +*/}} +{{- define "common.waitForJobContainer" -}} +{{- $dot := default . .dot -}} +{{- $wait_for_job_container := default $dot.Values.wait_for_job_container .wait_for_job_container -}} +{{- if (include "common.onServiceMesh" .) }} +- name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $wait_for_job_container.name) (empty $wait_for_job_container.name) }}-service-mesh-wait-for-job-container + image: {{ include "repositoryGenerator.image.quitQuit" $dot }} + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} + command: + - /bin/sh + - "-c" + args: + - echo "waiting 10s for istio side cars to be up"; sleep 10s; + {{- range $container := $wait_for_job_container.containers }} + /app/ready.py --service-mesh-check {{ tpl $container $dot }} -t 45; + {{- end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace +{{- end }} +{{- end }} diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index f49a898818..9f7c882134 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -608,8 +608,8 @@ metrics: ## ServiceMonitor selector labels ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration ## - selector: - prometheus: kube-prometheus + # selector: + # prometheus: kube-prometheus ## RelabelConfigs to apply to samples before scraping ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl index 349bb4072a..f57d390477 100644 --- a/kubernetes/common/repositoryGenerator/templates/_repository.tpl +++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl @@ -141,6 +141,10 @@ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "dbcClientImage") .) }} {{- end -}} +{{- define "repositoryGenerator.image.quitQuit" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "quitQuitImage") .) }} +{{- end -}} + {{/* Resolve the image repository secret token. The value for .Values.global.repositoryCred is used if provided: diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml index a05bc13ae6..34ce466f48 100644 --- a/kubernetes/common/repositoryGenerator/values.yaml +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -1,6 +1,6 @@ # Copyright © 2020 Orange # Copyright © 2021 Nokia, AT&T -# Modifications Copyright (C) 2021 Nordix Foundation. +# Modifications Copyright (c) 2022 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,21 +23,25 @@ global: githubContainerRegistry: ghcr.io # common global images - busyboxImage: busybox:1.32 + busyboxImage: busybox:1.34.1 curlImage: curlimages/curl:7.80.0 envsubstImage: dibi/envsubst:1 # there's only latest image for htpasswd htpasswdImage: xmartlabs/htpasswd:latest - jettyImage: jetty:9-jdk11-slim + # if you change jetty image, you'll also need to update jar file which is + # "hardcoded" to the value... + # (/usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar) for 9.4.45 + jettyImage: jetty:9.4.45-jdk11-slim jreImage: onap/integration-java11:10.0.0 - kubectlImage: bitnami/kubectl:1.19 + kubectlImage: bitnami/kubectl:1.22.4 loggingImage: beats/filebeat:5.5.0 mariadbImage: bitnami/mariadb:10.6.5-debian-10-r28 - nginxImage: bitnami/nginx:1.18-debian-10 + nginxImage: bitnami/nginx:1.21.4 postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 readinessImage: onap/oom/readiness:3.0.1 dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 - dbcClientImage: onap/dmaap/dbc-client:2.0.7 + dbcClientImage: onap/dmaap/dbc-client:2.0.9 + quitQuitImage: onap/oom/readiness:4.1.0 # Default credentials # they're optional. If the target repository doesn't need them, comment them @@ -71,3 +75,4 @@ imageRepoMapping: readinessImage: repository dcaePolicySyncImage: repository dbcClientImage: repository + quitQuitImage: repository diff --git a/kubernetes/common/timescaledb/values.yaml b/kubernetes/common/timescaledb/values.yaml index 258f516ff0..72a4b6ffd0 100644 --- a/kubernetes/common/timescaledb/values.yaml +++ b/kubernetes/common/timescaledb/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (c) 2021 Bell Canada. +# Copyright (c) 2021 2022 Bell Canada. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,7 +23,7 @@ global: ################################################################# # Secrets. ############################################################## -image: timescale/timescaledb:2.1.1-pg13 +image: timescale/timescaledb:2.5.1-pg14 pullPolicy: Always containerPorts: 5432 @@ -125,4 +125,3 @@ secrets: externalSecret: '{{ tpl (default "" .Values.config.pgUserExternalSecret) . }}' login: '{{ .Values.config.pgUserName }}' password: '{{ .Values.config.pgUserPassword }}' - |