From 2b2aa11021114438591d184af19fde6bbf06950a Mon Sep 17 00:00:00 2001 From: Sylvain Desbureaux Date: Thu, 19 Nov 2020 16:22:39 +0100 Subject: [COMMON] New templates to handle repositories Current repository templates handles only ONAP "nexus" repository configuration. So, all images coming from another repository (currently, OOM is using 4 repository, including nexus one) cannot simply be retrieved from another one. This commit add new templates, in a specific chart, in order to change that. Now, each for repository can be overidden and all 4 can have a credentials. Also, in order to minimize global variables, templates aimed to retrieve usual utility images (busybox, envsubst, readiness, ...) are created. Issue-ID: OOM-2634 Change-Id: I27eb33d830d56ec28f9de68599f5108a262983b3 Signed-off-by: Sylvain Desbureaux [Reduce code size, add missing busyboxRepository] Signed-off-by: Krzysztof Opasiak --- kubernetes/common/repositoryGenerator/Chart.yaml | 18 +++ .../common/repositoryGenerator/requirements.yaml | 14 ++ .../repositoryGenerator/templates/_repository.tpl | 177 +++++++++++++++++++++ kubernetes/common/repositoryGenerator/values.yaml | 62 ++++++++ 4 files changed, 271 insertions(+) create mode 100644 kubernetes/common/repositoryGenerator/Chart.yaml create mode 100644 kubernetes/common/repositoryGenerator/requirements.yaml create mode 100644 kubernetes/common/repositoryGenerator/templates/_repository.tpl create mode 100644 kubernetes/common/repositoryGenerator/values.yaml (limited to 'kubernetes/common/repositoryGenerator') diff --git a/kubernetes/common/repositoryGenerator/Chart.yaml b/kubernetes/common/repositoryGenerator/Chart.yaml new file mode 100644 index 0000000000..5ff53fa3d4 --- /dev/null +++ b/kubernetes/common/repositoryGenerator/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Template used to generate the right repository link +name: repositoryGenerator +version: 6.0.0 diff --git a/kubernetes/common/repositoryGenerator/requirements.yaml b/kubernetes/common/repositoryGenerator/requirements.yaml new file mode 100644 index 0000000000..70ab2ecce6 --- /dev/null +++ b/kubernetes/common/repositoryGenerator/requirements.yaml @@ -0,0 +1,14 @@ +# Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl new file mode 100644 index 0000000000..c351db1ba0 --- /dev/null +++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl @@ -0,0 +1,177 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- define "repositoryGenerator._repositoryHelper" -}} + {{- $dot := default . .dot -}} + {{- $initRoot := default $dot.Values.repositoryGenerator .initRoot -}} + {{- $repoName := .repoName }} + {{- $overrideName := printf "%s%s" $repoName "Override" }} + {{- if (hasKey $dot.Values $overrideName) -}} + {{- printf "%s" (first (pluck $overrideName $dot.Values)) -}} + {{- else -}} + {{- first (pluck $repoName $dot.Values.global $initRoot.global) -}} + {{- end }} +{{- end -}} + +{{/* + Resolve the name of the common image repository. + + - .Values.global.repository : default image repository for all ONAP images + - .Values.repositoryOverride : override global repository on a per chart basis +*/}} +{{- define "repositoryGenerator.repository" -}} + {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "repository") .) }} +{{- end -}} + +{{/* + Resolve the name of the dockerHub image repository. + + - .Values.global.dockerHubRepository : default image dockerHubRepository for all dockerHub images + - .Values.dockerHubRepositoryOverride : override global dockerHub repository on a per chart basis +*/}} +{{- define "repositoryGenerator.dockerHubRepository" -}} + {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "dockerHubRepository") .) }} +{{- end -}} + +{{/* + Resolve the name of the elasticRepository image repository. + + - .Values.global.elasticRepository : default image elasticRepository for all images using elastic repository + - .Values.elasticRepositoryOverride : override global elasticRepository repository on a per chart basis +*/}} +{{- define "repositoryGenerator.elasticRepository" -}} + {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "elasticRepository") .) }} +{{- end -}} + +{{/* + Resolve the name of the googleK8sRepository image repository. + + - .Values.global.googleK8sRepository : default image dockerHubRepository for all dockerHub images + - .Values.googleK8sRepositoryOverride : override global dockerHub repository on a per chart basis +*/}} +{{- define "repositoryGenerator.googleK8sRepository" -}} + {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "googleK8sRepository") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image._helper" -}} + {{- $dot := default . .dot -}} + {{- $initRoot := default $dot.Values.repositoryGenerator .initRoot -}} + {{- $image := .image }} + {{- $repoName := first (pluck $image $initRoot.imageRepoMapping) }} + {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" $repoName ) .) }}/{{- first (pluck $image $dot.Values.global $initRoot.global) -}} +{{- end -}} + +{{- define "repositoryGenerator.image.busybox" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "busyboxImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.curl" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "curlImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.envsubst" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "envsubstImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.htpasswd" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "htpasswdImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.kubectl" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "kubectlImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.logging" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "loggingImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.mariadb" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "mariadbImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.nginx" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "nginxImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.postgres" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "postgresImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.readiness" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "readinessImage") .) }} +{{- end -}} + +{{/* + Resolve the image repository secret token. + The value for .Values.global.repositoryCred is used if provided: + repositoryCred: + user: user + password: password + mail: email (optional) + You can also set the same things for dockerHub, elastic and googleK8s if + needed. +*/}} +{{- define "repositoryGenerator.secret" -}} + {{- $dot := default . .dot -}} + {{- $initRoot := default $dot.Values.repositoryGenerator .initRoot -}} + {{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}} + {{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} + {{- $repoCreds := "" }} + {{- if $subchartDot.Values.global.dockerHubRepositoryCred }} + {{- $repo := $subchartDot.Values.global.repository }} + {{- $cred := $subchartDot.Values.global.repositoryCred }} + {{- $mail := default "@" $cred.mail }} + {{- $auth := printf "%s:%s" $cred.user $cred.password | b64enc }} + {{- $repoCreds = printf "\"%s\": {\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $repo $cred.user $cred.password $mail $auth }} + {{- end }} + {{- if $subchartDot.Values.global.dockerHubRepositoryCred }} + {{- $dhRepo := $subchartDot.Values.global.dockerHubRepository }} + {{- $dhCred := $subchartDot.Values.global.dockerHubRepositoryCred }} + {{- $dhMail := default "@" $dhCred.mail }} + {{- $dhAuth := printf "%s:%s" $dhCred.user $dhCred.password | b64enc }} + {{- $dhRepoCreds := printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $dhRepo $dhCred.user $dhCred.password $dhMail $dhAuth }} + {{- if eq "" $repoCreds }} + {{- $repoCreds = $dhRepoCreds }} + {{- else }} + {{- $repoCreds = printf "%s, %s" $repoCreds $dhRepoCreds }} + {{- end }} + {{- end }} + {{- if $subchartDot.Values.global.elasticRepositoryCred }} + {{- $eRepo := $subchartDot.Values.global.elasticRepository }} + {{- $eCred := $subchartDot.Values.global.elasticRepositoryCred }} + {{- $eMail := default "@" $eCred.mail }} + {{- $eAuth := printf "%s:%s" $eCred.user $eCred.password | b64enc }} + {{- $eRepoCreds := printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $eRepo $eCred.user $eCred.password $eMail $eAuth }} + {{- if eq "" $repoCreds }} + {{- $repoCreds = $eRepoCreds }} + {{- else }} + {{- $repoCreds = printf "%s, %s" $repoCreds $eRepoCreds }} + {{- end }} + {{- end }} + {{- if $subchartDot.Values.global.googleK8sRepositoryCred }} + {{- $gcrRepo := $subchartDot.Values.global.googleK8sRepository }} + {{- $gcrCred := $subchartDot.Values.global.googleK8sRepositoryCred }} + {{- $gcrMail := default "@" $gcrCred.mail }} + {{- $gcrAuth := printf "%s:%s" $gcrCred.user $gcrCred.password | b64enc }} + {{- $gcrRepoCreds := printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $gcrRepo $gcrCred.user $gcrCred.password $gcrMail $gcrAuth }} + {{- if eq "" $repoCreds }} + {{- $repoCreds = $gcrRepoCreds }} + {{- else }} + {{- $repoCreds = printf "%s, %s" $repoCreds $gcrRepoCreds }} + {{- end }} + {{- end }} + {{- printf "{%s}" $repoCreds | b64enc -}} +{{- end -}} diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml new file mode 100644 index 0000000000..1ec3a35bd9 --- /dev/null +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -0,0 +1,62 @@ +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + # Repositories used + repository: nexus3.onap.org:10001 + dockerHubRepository: docker.io + elasticRepository: docker.elastic.co + googleK8sRepository: k8s.gcr.io + + # common global images + busyboxImage: busybox:1.32 + curlImage: curlimages/curl:7.69.1 + envsubstImage: dibi/envsubst:1 + # there's only latest image for htpasswd + htpasswdImage: xmartlabs/htpasswd:latest + kubectlImage: bitnami/kubectl:1.19 + loggingImage: beats/filebeat:5.5.0 + mariadbImage: mariadb:10.1.48 + nginxImage: bitnami/nginx:1.18-debian-10 + postgresImage: crunchydata/crunchy-postgres:centos7-10.11-4.2.1 + readinessImage: onap/oom/readiness:3.0.1 + + # Default credentials + # they're optional. If the target repository doesn't need them, comment them + repositoryCred: + user: docker + password: docker + # If you want / need authentication on the repositories, please set + # Don't set them if the target repo is the same than others + # dockerHubCred: + # user: myuser + # password: mypassord + # elasticCred: + # user: myuser + # password: mypassord + # googleK8sCred: + # user: myuser + # password: mypassord + +imageRepoMapping: + busyboxImage: dockerHubRepository + curlImage: dockerHubRepository + envsubstImage: dockerHubRepository + htpasswdImage: dockerHubRepository + kubectlImage: dockerHubRepository + loggingImage: elasticRepository + mariadbImage: dockerHubRepository + nginxImage: dockerHubRepository + postgresImage: dockerHubRepository + readinessImage: repository -- cgit 1.2.3-korg