diff options
Diffstat (limited to 'kubernetes/multicloud')
8 files changed, 114 insertions, 19 deletions
diff --git a/kubernetes/multicloud/Chart.yaml b/kubernetes/multicloud/Chart.yaml index cecef8c2e2..fd028a718f 100644 --- a/kubernetes/multicloud/Chart.yaml +++ b/kubernetes/multicloud/Chart.yaml @@ -2,6 +2,7 @@ # Modifications Copyright © 2018 AT&T # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +19,7 @@ apiVersion: v2 description: ONAP multicloud broker name: multicloud -version: 15.0.0 +version: 15.0.2 dependencies: - name: common diff --git a/kubernetes/multicloud/components/multicloud-fcaps/Chart.yaml b/kubernetes/multicloud/components/multicloud-fcaps/Chart.yaml index b825f67969..64c8d5a7fe 100644 --- a/kubernetes/multicloud/components/multicloud-fcaps/Chart.yaml +++ b/kubernetes/multicloud/components/multicloud-fcaps/Chart.yaml @@ -1,5 +1,6 @@ # Copyright (c) 2019, CMCC Technologies Co., Ltd. # Modifications Copyright © 2021 Orange +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/multicloud/components/multicloud-k8s/Chart.yaml b/kubernetes/multicloud/components/multicloud-k8s/Chart.yaml index 5dc375290a..046f940d40 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/Chart.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/Chart.yaml @@ -1,6 +1,7 @@ # Copyright 2019 Intel Corporation, Inc # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,7 +18,7 @@ apiVersion: v2 description: ONAP Multicloud Kubernetes Plugin name: multicloud-k8s -version: 13.1.0 +version: 13.1.2 dependencies: - name: common diff --git a/kubernetes/multicloud/components/multicloud-k8s/resources/config/k8sconfig.json b/kubernetes/multicloud/components/multicloud-k8s/resources/config/k8sconfig.json index d6fa40d471..08c228f2eb 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/resources/config/k8sconfig.json +++ b/kubernetes/multicloud/components/multicloud-k8s/resources/config/k8sconfig.json @@ -8,4 +8,4 @@ "database-address": "multicloud-k8s-mongo", "etcd-ip": "multicloud-k8s-etcd", "plugin-dir": "/opt/multicloud/k8splugin/plugins" -}
\ No newline at end of file +} diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml index 9881a13615..6ed5dee8ee 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml @@ -1,5 +1,6 @@ {{/* # Copyright 2019 Intel Corporation, Inc +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,6 +24,7 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} containers: - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -30,6 +32,7 @@ spec: command: ["/opt/multicloud/k8splugin/k8plugin"] workingDir: /opt/multicloud/k8splugin ports: {{ include "common.containerPorts" . | nindent 10 }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: @@ -43,9 +46,11 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - mountPath: /opt/multicloud/k8splugin/k8sconfig.json - name: {{ include "common.name" .}} - subPath: k8sconfig.json + - mountPath: /tmp + name: tmp-dir-k8s + - mountPath: /opt/multicloud/k8splugin/k8sconfig.json + name: {{ include "common.name" .}} + subPath: k8sconfig.json resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} nodeSelector: @@ -60,10 +65,28 @@ spec: name: framework-artifactbroker command: ["/opt/app/distribution/bin/artifact-dist.sh"] args: ["/opt/app/distribution/etc/mounted/config.json"] + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + resources: {{ include "common.resources" . | nindent 10 }} ports: - containerPort: {{ .Values.artifactbroker.internalPort }} protocol: TCP + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.artifactbroker.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.artifactbroker.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: + - mountPath: /tmp + name: tmp-dir-broker + - mountPath: "{{ .Values.log.path }}" + name: framework-log - mountPath: /opt/app/distribution/etc/mounted/config.json name: {{ include "common.name" .}} subPath: config.json @@ -77,9 +100,19 @@ spec: key: sasl.jaas.config serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: + - name: tmp-dir-k8s + emptyDir: + sizeLimit: {{ .Values.volumes.tmpK8SSizeLimit }} + - name: tmp-dir-broker + emptyDir: + sizeLimit: {{ .Values.volumes.tmpBrokerSizeLimit }} + - name: framework-log + emptyDir: + sizeLimit: {{ .Values.volumes.logSizeLimit }} - name : {{ include "common.name" . }} configMap: name: {{ include "common.fullname" . }} - name: artifact-data - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.artifactDataSizeLimit }} {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/multicloud/components/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml index 5c9c0ad864..f22dfa7644 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/values.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml @@ -1,4 +1,5 @@ # Copyright 2019 Intel Corporation, Inc +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -59,6 +60,16 @@ nodeSelector: {} affinity: {} +securityContext: + user_id: 999 + group_id: 999 + +volumes: + tmpK8SSizeLimit: 100Mi + tmpBrokerSizeLimit: 100Mi + artifactDataSizeLimit: 100Mi + logSizeLimit: 100Mi + # probe configuration parameters liveness: initialDelaySeconds: 10 @@ -70,6 +81,7 @@ liveness: readiness: initialDelaySeconds: 10 periodSeconds: 30 + enabled: true service: type: NodePort @@ -181,3 +193,7 @@ serviceAccount: nameOverride: multicloud-k8s roles: - read + +#Log configuration +log: + path: /var/log/onap diff --git a/kubernetes/multicloud/templates/deployment.yaml b/kubernetes/multicloud/templates/deployment.yaml index 80a09c73b8..a03a6d02b7 100644 --- a/kubernetes/multicloud/templates/deployment.yaml +++ b/kubernetes/multicloud/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,6 +25,23 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} + initContainers: + - name: {{ include "common.name" . }}-copy-pub + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["cp", "-R", "/opt/multivimbroker/multivimbroker/pub/.", "/opt/multivimbroker/multivimbroker/pub_rw/"] + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 10m + memory: 100Mi + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + volumeMounts: + - mountPath: /opt/multivimbroker/multivimbroker/pub_rw + name: framework-pub containers: - env: - name: MSB_PROTO @@ -50,9 +68,12 @@ spec: image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} volumeMounts: - mountPath: "{{ .Values.log.path }}" name: framework-log + - mountPath: /opt/multivimbroker/multivimbroker/pub + name: framework-pub - mountPath: /opt/multivimbroker/multivimbroker/pub/config/log.yml name: framework-logconfig subPath: log.yml @@ -62,25 +83,34 @@ spec: ports: {{ include "common.containerPorts" . | nindent 10 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} + {{ if .Values.liveness.enabled }} livenessProbe: httpGet: - path: /api/multicloud/v0/swagger.json port: {{ .Values.service.internalPort }} - scheme: "HTTP" + path: {{ .Values.liveness.path }} + scheme: HTTP initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - successThreshold: {{ .Values.liveness.successThreshold }} - failureThreshold: {{ .Values.liveness.failureThreshold }} - {{ end -}} - + {{ end }} + {{ if .Values.readiness.enabled }} + readinessProbe: + httpGet: + port: {{ .Values.service.internalPort }} + path: {{ .Values.readiness.path }} + scheme: HTTP + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + {{ end }} # side car containers {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: framework-log - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.logSizeLimit }} + - name: framework-pub + emptyDir: + sizeLimit: {{ .Values.volumes.pubSizeLimit }} - name: provider-plugin configMap: name: {{ include "common.fullname" . }}-provider-plugin-configmap diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml index 69063906ba..0579cb9e7b 100644 --- a/kubernetes/multicloud/values.yaml +++ b/kubernetes/multicloud/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -57,14 +58,26 @@ nodeSelector: {} affinity: {} +securityContext: + user_id: 100 + group_id: 65533 + +volumes: + logSizeLimit: 50Mi + pubSizeLimit: 50Mi + # probe configuration parameters liveness: + enabled: true + path: /api/multicloud/v0/swagger.json initialDelaySeconds: 30 periodSeconds: 10 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 5 + +readiness: enabled: true + path: /api/multicloud/v0/swagger.json + initialDelaySeconds: 10 + periodSeconds: 30 service: type: NodePort |