diff options
Diffstat (limited to 'kubernetes')
-rw-r--r-- | kubernetes/cli/requirements.yaml | 3 | ||||
-rw-r--r-- | kubernetes/cli/templates/deployment.yaml | 1 | ||||
-rw-r--r-- | kubernetes/cli/values.yaml | 6 | ||||
-rw-r--r-- | kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml | 4 | ||||
-rw-r--r-- | kubernetes/vfc/components/vfc-nslcm/values.yaml | 23 | ||||
-rw-r--r-- | kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml | 6 | ||||
-rw-r--r-- | kubernetes/vfc/components/vfc-vnflcm/values.yaml | 23 | ||||
-rw-r--r-- | kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml | 6 | ||||
-rw-r--r-- | kubernetes/vfc/components/vfc-vnfmgr/values.yaml | 22 | ||||
-rw-r--r-- | kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml | 6 | ||||
-rw-r--r-- | kubernetes/vfc/components/vfc-vnfres/values.yaml | 23 | ||||
-rw-r--r-- | kubernetes/vfc/requirements.yaml | 1 | ||||
-rw-r--r-- | kubernetes/vfc/values.yaml | 39 |
13 files changed, 94 insertions, 69 deletions
diff --git a/kubernetes/cli/requirements.yaml b/kubernetes/cli/requirements.yaml index e2ce84d0a3..2394a6700d 100644 --- a/kubernetes/cli/requirements.yaml +++ b/kubernetes/cli/requirements.yaml @@ -25,3 +25,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/cli/templates/deployment.yaml b/kubernetes/cli/templates/deployment.yaml index 735308754f..0a3f967eee 100644 --- a/kubernetes/cli/templates/deployment.yaml +++ b/kubernetes/cli/templates/deployment.yaml @@ -75,6 +75,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: lighttpd configMap: diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml index 4dcee4568c..28d227645a 100644 --- a/kubernetes/cli/values.yaml +++ b/kubernetes/cli/values.yaml @@ -126,3 +126,9 @@ resources: cpu: 2 memory: 4Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: cli + roles: + - read diff --git a/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml b/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml index 40ca646e0f..17d8cc263e 100644 --- a/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml @@ -42,7 +42,7 @@ spec: - /app/ready.py args: - --container-name - - {{ .Values.config.mariadbService }} + - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}' env: - name: NAMESPACE valueFrom: @@ -83,7 +83,7 @@ spec: - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - name: MYSQL_ADDR - value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" + value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}' - name: MYSQL_ROOT_USER value: "{{ .Values.global.config.mariadb_admin }}" - name: MYSQL_ROOT_PASSWORD diff --git a/kubernetes/vfc/components/vfc-nslcm/values.yaml b/kubernetes/vfc/components/vfc-nslcm/values.yaml index 5854a370a2..ead1a4ccde 100644 --- a/kubernetes/vfc/components/vfc-nslcm/values.yaml +++ b/kubernetes/vfc/components/vfc-nslcm/values.yaml @@ -19,15 +19,20 @@ global: nodePortPrefix: 302 config: ssl_enabled: false + mariadbGalera: + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera ################################################################# # Secrets metaconfig ################################################################# secrets: - - uid: "db-root-pass" - externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' + - uid: db-root-pass + externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}' type: password - password: '{{ .Values.config.mariadbRootPassword }}' + password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}' policy: required ################################################################# @@ -45,13 +50,11 @@ istioSidecar: true # flag to enable debugging - application support required debugEnabled: false -# application configuration -config: - mariadbService: vfc-mariadb - mariadbPort: 3306 - mariadbRootPassword: secretpassword - # mariadbRootPasswordExternalSecret: some secret - +# Local mariadb galera instance default name +mariadb-galera: + rootUser: + externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass' + nameOverride: vfc-mariadb # default number of instances replicaCount: 1 diff --git a/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml index b93d7af02b..75968b2ffe 100644 --- a/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml @@ -42,7 +42,7 @@ spec: - /app/ready.py args: - --container-name - - {{ .Values.config.mariadbService }} + - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}' env: - name: NAMESPACE valueFrom: @@ -58,7 +58,7 @@ spec: - sh args: - -c - - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' + - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: @@ -83,7 +83,7 @@ spec: - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - name: MYSQL_ADDR - value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" + value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}' - name: MYSQL_ROOT_USER value: "{{ .Values.global.config.mariadb_admin }}" - name: MYSQL_ROOT_PASSWORD diff --git a/kubernetes/vfc/components/vfc-vnflcm/values.yaml b/kubernetes/vfc/components/vfc-vnflcm/values.yaml index acdf006992..cd5e999314 100644 --- a/kubernetes/vfc/components/vfc-vnflcm/values.yaml +++ b/kubernetes/vfc/components/vfc-vnflcm/values.yaml @@ -19,15 +19,20 @@ global: nodePortPrefix: 302 config: ssl_enabled: false + mariadbGalera: + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera ################################################################# # Secrets metaconfig ################################################################# secrets: - - uid: "db-root-pass" - externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' + - uid: db-root-pass + externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}' type: password - password: '{{ .Values.config.mariadbRootPassword }}' + password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}' policy: required ################################################################# @@ -45,13 +50,11 @@ istioSidecar: true # flag to enable debugging - application support required debugEnabled: false -# application configuration -config: - mariadbService: vfc-mariadb - mariadbPort: 3306 - mariadbRootPassword: secretpassword - # mariadbRootPasswordExternalSecret: some secret - +# Local mariadb galera instance default name +mariadb-galera: + rootUser: + externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass' + nameOverride: vfc-mariadb # default number of instances replicaCount: 1 diff --git a/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml index 9c8430c9fc..f9a8ba71f2 100644 --- a/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml @@ -42,7 +42,7 @@ spec: - /app/ready.py args: - --container-name - - {{ .Values.config.mariadbService }} + - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}' env: - name: NAMESPACE valueFrom: @@ -58,7 +58,7 @@ spec: - sh args: - -c - - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' + - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: @@ -83,7 +83,7 @@ spec: - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - name: MYSQL_ADDR - value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" + value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}' - name: REDIS_HOST value: "{{ .Values.global.config.redisServiceName }}" - name: REDIS_PORT diff --git a/kubernetes/vfc/components/vfc-vnfmgr/values.yaml b/kubernetes/vfc/components/vfc-vnfmgr/values.yaml index aa327792b3..35aa0aacd0 100644 --- a/kubernetes/vfc/components/vfc-vnfmgr/values.yaml +++ b/kubernetes/vfc/components/vfc-vnfmgr/values.yaml @@ -19,15 +19,20 @@ global: nodePortPrefix: 302 config: ssl_enabled: false + mariadbGalera: + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera ################################################################# # Secrets metaconfig ################################################################# secrets: - - uid: "db-root-pass" - externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' + - uid: db-root-pass + externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}' type: password - password: '{{ .Values.config.mariadbRootPassword }}' + password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}' policy: required ################################################################# @@ -45,12 +50,11 @@ istioSidecar: true # flag to enable debugging - application support required debugEnabled: false -# application configuration -config: - mariadbService: vfc-mariadb - mariadbPort: 3306 - mariadbRootPassword: secretpassword - # mariadbRootPasswordExternalSecret: some secret +# Local mariadb galera instance default name +mariadb-galera: + rootUser: + externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass' + nameOverride: vfc-mariadb # default number of instances replicaCount: 1 diff --git a/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml index 2577887523..06258a0d7e 100644 --- a/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml @@ -42,7 +42,7 @@ spec: - /app/ready.py args: - --container-name - - {{ .Values.config.mariadbService }} + - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}' env: - name: NAMESPACE valueFrom: @@ -58,7 +58,7 @@ spec: - sh args: - -c - - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' + - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: @@ -83,7 +83,7 @@ spec: - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - name: MYSQL_ADDR - value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" + value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}' - name: REDIS_HOST value: "{{ .Values.global.config.redisServiceName }}" - name: REDIS_PORT diff --git a/kubernetes/vfc/components/vfc-vnfres/values.yaml b/kubernetes/vfc/components/vfc-vnfres/values.yaml index 7683912aa2..204d414e7d 100644 --- a/kubernetes/vfc/components/vfc-vnfres/values.yaml +++ b/kubernetes/vfc/components/vfc-vnfres/values.yaml @@ -19,15 +19,20 @@ global: nodePortPrefix: 302 config: ssl_enabled: false + mariadbGalera: + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera ################################################################# # Secrets metaconfig ################################################################# secrets: - - uid: "db-root-pass" - externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' + - uid: db-root-pass + externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}' type: password - password: '{{ .Values.config.mariadbRootPassword }}' + password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}' policy: required ################################################################# @@ -45,13 +50,11 @@ istioSidecar: true # flag to enable debugging - application support required debugEnabled: false -# application configuration -config: - mariadbService: vfc-mariadb - mariadbPort: 3306 - mariadbRootPassword: secretpassword - # mariadbRootPasswordExternalSecret: some secret - +# Local mariadb galera instance default name +mariadb-galera: + rootUser: + externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass' + nameOverride: vfc-mariadb # default number of instances replicaCount: 1 diff --git a/kubernetes/vfc/requirements.yaml b/kubernetes/vfc/requirements.yaml index ab3f4ae979..7f65b021f9 100644 --- a/kubernetes/vfc/requirements.yaml +++ b/kubernetes/vfc/requirements.yaml @@ -19,6 +19,7 @@ dependencies: - name: mariadb-galera version: ~8.x-0 repository: '@local' + condition: global.mariadbGalera.localCluster - name: repositoryGenerator version: ~8.x-0 repository: '@local' diff --git a/kubernetes/vfc/values.yaml b/kubernetes/vfc/values.yaml index 0560832a5f..64bd029bd1 100644 --- a/kubernetes/vfc/values.yaml +++ b/kubernetes/vfc/values.yaml @@ -26,42 +26,47 @@ global: # we use this flag to determine who is responbile for serice registeration # and it can reduce duplicate registration. reg_to_msb_when_start: False - mariadb_admin: root + mariadb_admin: &mariadbAdmin root persistence: mountPath: /dockerdata-nfs + mariadbGalera: &mariadbGalera + #This flag allows VFC to instantiate its own mariadb-galera cluster + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera ################################################################# # Secrets metaconfig ################################################################# secrets: - - uid: "db-root-pass" + - uid: db-root-pass name: &dbRootPassSecret '{{ include "common.release" . }}-vfc-db-root-pass' + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "db-root-pass" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "rootUser" "user" }}' + password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}' type: password - password: '{{ .Values.config.mariadbRootPassword }}' # application configuration config: logstashServiceName: log-ls logstashPort: 5044 -mariadb-galera: +mariadb-galera: &localMariadb rootUser: + user: *mariadbAdmin + # password: externalSecret: *dbRootPassSecret - nameOverride: &vfc-mariadb vfc-mariadb + nameOverride: &dbServer vfc-mariadb nfsprovisionerPrefix: vfc persistence: mountSubPath: vfc/data enabled: true disableNfsProvisioner: true serviceAccount: - nameOverride: *vfc-mariadb + nameOverride: *dbServer replicaCount: 1 -db: &dbConfig - mariadbService: vfc-mariadb - mariadbPort: 3306 - mariadbRootPasswordExternalSecret: *dbRootPassSecret - vfc-generic-vnfm-driver: enabled: true @@ -70,26 +75,22 @@ vfc-huawei-vnfm-driver: vfc-nslcm: enabled: true - config: - << : *dbConfig + mariadb-galera: *localMariadb vfc-redis: enabled: true vfc-vnflcm: enabled: true - config: - << : *dbConfig + mariadb-galera: *localMariadb vfc-vnfmgr: enabled: true - config: - << : *dbConfig + mariadb-galera: *localMariadb vfc-vnfres: enabled: true - config: - << : *dbConfig + mariadb-galera: *localMariadb # sub-chart configuration vfc-workflow: |