From 7896cf270efe0dbbf0aff8ced88aaffa7a5ebf15 Mon Sep 17 00:00:00 2001 From: Sylvain Desbureaux Date: Thu, 26 Mar 2020 14:55:33 +0100 Subject: [COMMON] Faster aafConfig template "index" function is bad in term of performance in Helm. Reworked the templates in order to avoid it. as certificates are retrieved at every boot (and as already present certs are deleted before), we don't need persistent storage Also set aafImage as a global variable in order to have a consistent use accross ONAP Issue-ID: EXTAPI-375 Signed-off-by: Sylvain Desbureaux Change-Id: Ie3f5ae5c2a37d816afc42d2c67ebe8e40e749c79 --- kubernetes/common/common/templates/_aafconfig.tpl | 168 ++++++---------------- kubernetes/onap/values.yaml | 4 +- 2 files changed, 48 insertions(+), 124 deletions(-) diff --git a/kubernetes/common/common/templates/_aafconfig.tpl b/kubernetes/common/common/templates/_aafconfig.tpl index db7cbe8d8d..0c78cc11b9 100644 --- a/kubernetes/common/common/templates/_aafconfig.tpl +++ b/kubernetes/common/common/templates/_aafconfig.tpl @@ -18,11 +18,10 @@ common templates to enable aaf configs for applictaions Parameter for aafConfig to be defined in values.yaml - aafConfig: --> if a different key is used, call templates with argument (dict "aafRoot" "" "dot" .) + aafConfig: --> if a different key is used, call templates with argument (dict "aafRoot" .Values. "dot" .) # additional scripts can be defined to handle certs addconfig: true|false fqdn: "sdnc" - image: onap/aaf/aaf_agent:2.1.15 app_ns: "org.osaaf.aaf" fqi: "sdnc@sdnc.onap.org" fqi_namespace: org.onap.sdnc @@ -31,19 +30,13 @@ aafDeployPass: demo123456! cadi_latitude: "38.0" cadi_longitude: "-72.0" - persistence: - enabled: true - config.volumeReclaimPolicy: Delete - config.accessMode: ReadWriteMany - config.size: 40M - config.storageClass: "manual" - config.mountPath: "/dockerdata-nfs" - config.mountSubPath: "sdnc/aaf" + secret_uid: &aaf_secret_uid my-component-aaf-deploy-creds + # secrets configuration, Note: create a secrets template secrets: - - uid: aaf-deploy-creds + - uid: *aaf_secret_uid type: basicAuth - externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}' + externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' login: '{{ .Values.aafConfig.aafDeployFqi }}' password: '{{ .Values.aafConfig.aafDeployPass }}' passwordPolicy: required @@ -56,25 +49,18 @@ volumeMounts: {{- if .Values.global.aafEnabled }} - mountPath: "/opt/app/osaaf" - name: {{ include "common.fullname" . }}-aaf-config-vol + name: {{ include "common.fullname" . }}-aaf-config {{- end }} volumes: {{- include "common.aaf-config-volumes" . | nindent XX}} - - If persistence.enabled = true - Create pvc: - {{ include "common.aaf-config-pvc" . }} - Create pv - {{ include "common.aaf-config-pv" . }} - */}} {{- define "common.aaf-config" -}} -{{- $dot := default . .dot -}} -{{- $aafRoot := default "aafConfig" .aafRoot -}} -{{ if .Values.global.aafEnabled }} -- name: {{ include "common.name" . }}-aaf-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- $dot := default . .dot -}} +{{- $aafRoot := default $dot.Values.aafConfig .aafRoot -}} +{{- if $dot.Values.global.aafEnabled -}} +- name: {{ include "common.name" $dot }}-aaf-readiness + image: "{{ $dot.Values.global.readinessRepository }}/{{ $dot.Values.global.readinessImage }}" + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} command: - /root/ready.py args: @@ -84,143 +70,79 @@ - aaf-cm - --container-name - aaf-service - env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace -- name: {{ include "common.name" . }}-aaf-config - image: {{ .Values.global.repository }}/{{index .Values $aafRoot "image" }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +- name: {{ include "common.name" $dot }}-aaf-config + image: {{ (default $dot.Values.repository $dot.Values.global.repository) }}/{{ $dot.Values.global.aafAgentImage }} + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} volumeMounts: - mountPath: "/opt/app/osaaf" - name: {{ include "common.fullname" . }}-aaf-config-vol - {{- if (index .Values $aafRoot "addconfig") }} + name: {{ include "common.fullname" $dot }}-aaf-config +{{- if $aafRoot.addconfig }} - name: aaf-add-config mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh subPath: aaf-add-config.sh - {{- end }} +{{- end }} command: - sh - -c - | #!/usr/bin/env bash /opt/app/aaf_config/bin/agent.sh - {{- if (index .Values $aafRoot "addconfig") }} +{{- if $aafRoot.addconfig }} /opt/app/aaf_config/bin/aaf-add-config.sh - {{- end }} +{{- end }} env: - name: APP_FQI - value: "{{ index .Values $aafRoot "fqi" }}" + value: "{{ $aafRoot.fqi }}" - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace}}:8095" + value: "https://aaf-locate.{{ $dot.Release.Namespace}}:8095" - name: aaf_locator_container value: "oom" - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" + value: "{{ $dot.Release.Namespace }}" - name: aaf_locator_fqdn - value: "{{ index .Values $aafRoot "fqdn" }}" + value: "{{ $aafRoot.fqdn }}" - name: aaf_locator_app_ns - value: "{{ index .Values $aafRoot "app_ns" }}" + value: "{{ $aafRoot.app_ns }}" - name: DEPLOY_FQI - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 6 }} + {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "login") | indent 6 }} - name: DEPLOY_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 6 }} - #Note: want to put this on Nodes, evenutally + {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "password") | indent 6 }} + #Note: want to put this on Nodes, eventually - name: cadi_longitude - value: "{{ default "52.3" (index .Values $aafRoot "cadi_longitude") }}" + value: "{{ default "52.3" $aafRoot.cadi_longitude }}" - name: cadi_latitude - value: "{{ default "13.2" (index .Values $aafRoot "cadi_latitude") }}" + value: "{{ default "13.2" $aafRoot.cadi_latitude }}" #Hello specific. Clients don't don't need this, unless Registering with AAF Locator - name: aaf_locator_public_fqdn - value: "{{ (index .Values $aafRoot "public_fqdn") | default "" }}" -{{- end -}} + value: "{{ $aafRoot.public_fqdn | default "" }}" +{{- end -}} {{- end -}} - {{- define "common.aaf-config-volume-mountpath" -}} -{{ if .Values.global.aafEnabled }} +{{- if .Values.global.aafEnabled -}} - mountPath: "/opt/app/osaaf" - name: {{ include "common.fullname" . }}-aaf-config-vol -{{- end -}} + name: {{ include "common.fullname" . }}-aaf-config +{{- end -}} {{- end -}} {{- define "common.aaf-config-volumes" -}} -{{ if .Values.global.aafEnabled }} -{{- $dot := default . .dot -}} -{{- $aafRoot := default "aafConfig" .aafRoot -}} -- name: {{ include "common.fullname" . }}-aaf-config-vol - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-aaf-config-pvc -{{- if (index .Values $aafRoot "addconfig") }} +{{- $dot := default . .dot -}} +{{- $aafRoot := default $dot.Values.aafConfig .aafRoot -}} +{{- if $dot.Values.global.aafEnabled -}} +- name: {{ include "common.fullname" $dot }}-aaf-config + emptyDir: + medium: Memory +{{- if $aafRoot.addconfig }} - name: aaf-add-config configMap: - name: {{ include "common.fullname" . }}-aaf-add-config + name: {{ include "common.fullname" $dot }}-aaf-add-config defaultMode: 0700 -{{- end }} -{{- end -}} -{{- end }} - -{{- define "common.aaf-config-pv" -}} -{{- $dot := default . .dot -}} -{{- $aafRoot := default "aafConfig" .aafRoot -}} -metadata: - name: {{ include "common.fullname" . }}-aaf-config-pv - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-aaf-config-pv - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ index .Values $aafRoot "persistence" "config" "size"}} - accessModes: - - {{ index .Values $aafRoot "persistence" "config" "accessMode" }} - persistentVolumeReclaimPolicy: {{ index .Values $aafRoot "persistence" "config" "volumeReclaimPolicy" }} - hostPath: - path: {{ index .Values $aafRoot "persistence" "config" "mountPath" }}/{{ .Release.Name }}/{{ index .Values $aafRoot "persistence" "config" "mountSubPath" }} -{{- if (index .Values $aafRoot "persistence" "config" "storageClass") }} -{{- if (eq "-" (index .Values $aafRoot "persistence" "config" "storageClass")) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ index .Values $aafRoot "persistence" "config" "storageClass" }}" -{{- end }} -{{- end }} -{{- end -}} - -{{- define "common.aaf-config-pvc" -}} -{{- $dot := default . .dot -}} -{{- $aafRoot := default "aafConfig" .aafRoot -}} -metadata: - name: {{ include "common.fullname" . }}-aaf-config-pvc - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -{{- if (index .Values $aafRoot "persistence" "annotations") }} - annotations: -{{ toYaml (index .Values $aafRoot "persistence" "annotations" ) | indent 4 }} -{{- end }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }}-aaf-config-pv - accessModes: - - {{ index .Values $aafRoot "persistence" "config" "accessMode" }} - resources: - requests: - storage: {{ index .Values $aafRoot "persistence" "config" "size" }} -{{- if (index .Values $aafRoot "persistence" "config" "storageClass") }} -{{- if (eq "-" (index .Values $aafRoot "persistence" "config" "storageClass")) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ index .Values $aafRoot "persistence" "config" "storageClass" }}" -{{- end }} -{{- end }} +{{- end -}} +{{- end -}} {{- end -}} diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 4d69b9d3cb..40275a5696 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -71,8 +71,10 @@ global: tls: true # Disabling AAF - # POC Mode, don't use it in production + # POC Mode, only for use in development environment + # Keep it enabled in production aafEnabled: true + aafAgentImage: onap/aaf/aaf_agent:2.1.20 # TLS # Set to false if you want to disable TLS for NodePorts. Be aware that this -- cgit 1.2.3-korg