From 50aafc5ef50a1280c9e85d12be3d24104258ae95 Mon Sep 17 00:00:00 2001 From: Dominic Lunanuova Date: Fri, 30 Mar 2018 02:29:23 +0000 Subject: Initial chart for dmaap - 2nd attempt This should conform to new OOM standard helm structure. It starts a directory called dmaap which will hold all dmaap components. But for now it only has buscontroller. Once we get this working, we can add message-router. (see DMAAP-386) Patch 2 gets private postgresql working. I'd prefer to integreate with common postgresql from Tony in a future commit to avoid any immediate delivery timing dependency. Patch 3 corrects some port mapping from service to pod. Change-Id: Id9838d7ddb2ccccfc8b0e3f3b9e50f9b5672c484 Signed-off-by: Dominic Lunanuova Issue-ID: DMAAP-117 Signed-off-by: Dominic Lunanuova --- kubernetes/dmaap/charts/postgresql/Chart.yaml | 16 +++ .../dmaap/charts/postgresql/templates/Notes.txt | 35 ++++++ .../dmaap/charts/postgresql/templates/_helpers.tpl | 36 ++++++ .../charts/postgresql/templates/deployment.yaml | 128 +++++++++++++++++++++ .../charts/postgresql/templates/networkpolicy.yaml | 28 +++++ .../dmaap/charts/postgresql/templates/pvc.yaml | 28 +++++ .../dmaap/charts/postgresql/templates/secrets.yaml | 19 +++ .../dmaap/charts/postgresql/templates/svc.yaml | 30 +++++ kubernetes/dmaap/charts/postgresql/values.yaml | 123 ++++++++++++++++++++ 9 files changed, 443 insertions(+) create mode 100644 kubernetes/dmaap/charts/postgresql/Chart.yaml create mode 100644 kubernetes/dmaap/charts/postgresql/templates/Notes.txt create mode 100644 kubernetes/dmaap/charts/postgresql/templates/_helpers.tpl create mode 100644 kubernetes/dmaap/charts/postgresql/templates/deployment.yaml create mode 100644 kubernetes/dmaap/charts/postgresql/templates/networkpolicy.yaml create mode 100644 kubernetes/dmaap/charts/postgresql/templates/pvc.yaml create mode 100644 kubernetes/dmaap/charts/postgresql/templates/secrets.yaml create mode 100644 kubernetes/dmaap/charts/postgresql/templates/svc.yaml create mode 100644 kubernetes/dmaap/charts/postgresql/values.yaml (limited to 'kubernetes/dmaap/charts') diff --git a/kubernetes/dmaap/charts/postgresql/Chart.yaml b/kubernetes/dmaap/charts/postgresql/Chart.yaml new file mode 100644 index 0000000000..c64338735a --- /dev/null +++ b/kubernetes/dmaap/charts/postgresql/Chart.yaml @@ -0,0 +1,16 @@ +name: postgresql +version: 0.9.3 +description: Object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. +keywords: +- postgresql +- postgres +- database +- sql +home: https://www.postgresql.org/ +icon: https://www.postgresql.org/media/img/about/press/elephant.png +sources: +- https://github.com/kubernetes/charts +- https://github.com/docker-library/postgres +maintainers: +- name: databus23 +engine: gotpl diff --git a/kubernetes/dmaap/charts/postgresql/templates/Notes.txt b/kubernetes/dmaap/charts/postgresql/templates/Notes.txt new file mode 100644 index 0000000000..9b49bb2982 --- /dev/null +++ b/kubernetes/dmaap/charts/postgresql/templates/Notes.txt @@ -0,0 +1,35 @@ +# PostgreSQL can be accessed via port 5432 on the following DNS name from within your cluster: +# {{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local +# +# To get your user password run: +# +# PGPASSWORD=$(kubectl get secret --namespace {{ .Values.global.nsPrefix }} {{ template "postgresql.fullname" . }} -o jsonpath="{.data.postgres-password}" | base64 --decode; echo) +# +# To connect to your database run the following command (using the env variable from above): +# +# kubectl run --namespace {{ .Values.global.nsPrefix }} {{ template "postgresql.fullname" . }}-client --restart=Never --rm --tty -i --image postgres \ +# --env "PGPASSWORD=$PGPASSWORD" \{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} +# --labels="{{ template "postgresql.fullname" . }}-client=true" \{{- end }} +# --command -- psql -U {{ default "postgres" .Values.postgresUser }} \ +# -h {{ template "postgresql.fullname" . }} {{ default "postgres" .Values.postgresDatabase }} +# +# {{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} +# Note: Since NetworkPolicy is enabled, only pods with label +# {{ template "postgresql.fullname" . }}-client=true" +# will be able to connect to this PostgreSQL cluster. +# {{- end }} +# +# To connect to your database directly from outside the K8s cluster: +# {{- if contains "NodePort" .Values.service.type }} +# PGHOST=$(kubectl get nodes --namespace {{ .Values.global.nsPrefix }} -o jsonpath='{.items[0].status.addresses[0].address}') +# PGPORT=$(kubectl get svc --namespace {{ .Values.global.nsPrefix }} {{ template "postgresql.fullname" . }} -o jsonpath='{.spec.ports[0].nodePort}') +# +# {{- else if contains "ClusterIP" .Values.service.type }} +# PGHOST=127.0.0.1 +# PGPORT={{ default "5432" .Values.service.port }} +# +# # Execute the following commands to route the connection: +# export POD_NAME=$(kubectl get pods --namespace {{ .Values.global.nsPrefix }} -l "app={{ template "postgresql.fullname" . }}" -o jsonpath="{.items[0].metadata.name}") +# kubectl port-forward --namespace {{ .Values.global.nsPrefix }} $POD_NAME {{ default "5432" .Values.service.port }}:{{ default "5432" .Values.service.port }} +# +# {{- end }} diff --git a/kubernetes/dmaap/charts/postgresql/templates/_helpers.tpl b/kubernetes/dmaap/charts/postgresql/templates/_helpers.tpl new file mode 100644 index 0000000000..b2d3d523a9 --- /dev/null +++ b/kubernetes/dmaap/charts/postgresql/templates/_helpers.tpl @@ -0,0 +1,36 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "postgresql.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "postgresql.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "postgresql.networkPolicy.apiVersion" -}} +{{- if and (ge .Capabilities.KubeVersion.Minor "4") (le .Capabilities.KubeVersion.Minor "6") -}} +"extensions/v1beta1" +{{- else if ge .Capabilities.KubeVersion.Minor "7" -}} +"networking.k8s.io/v1" +{{- end -}} +{{- end -}} diff --git a/kubernetes/dmaap/charts/postgresql/templates/deployment.yaml b/kubernetes/dmaap/charts/postgresql/templates/deployment.yaml new file mode 100644 index 0000000000..57acfbda9b --- /dev/null +++ b/kubernetes/dmaap/charts/postgresql/templates/deployment.yaml @@ -0,0 +1,128 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ template "postgresql.fullname" . }} + namespace: {{ .Values.global.nsPrefix }} + labels: + app: {{ template "postgresql.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + template: + metadata: + labels: + app: {{ template "postgresql.fullname" . }} + spec: + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} + containers: + - name: {{ template "postgresql.fullname" . }} + image: "{{ .Values.image }}:{{ .Values.imageTag }}" + imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }} + args: + {{- range $key, $value := default dict .Values.postgresConfig }} + - -c + - '{{ $key | snakecase }}={{ $value }}' + {{- end }} + env: + - name: POSTGRES_USER + value: {{ default "postgres" .Values.global.postgresUser | quote }} + # Required for pg_isready in the health probes. + - name: PGUSER + value: {{ default "postgres" .Values.global.postgresUser | quote }} + - name: POSTGRES_DB + value: {{ default "" .Values.global.postgresDatabase | quote }} + - name: POSTGRES_INITDB_ARGS + value: {{ default "" .Values.postgresInitdbArgs | quote }} + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + - name: POSTGRES_PASSWORD + value: {{ default "postgres" .Values.global.postgresPassword | quote }} +# original code: +# valueFrom: +# secretKeyRef: +# name: {{ template "postgresql.fullname" . }} +# key: postgres-password + - name: POD_IP + valueFrom: { fieldRef: { fieldPath: status.podIP } } + ports: + - name: postgresql + containerPort: 5432 + livenessProbe: + exec: + command: + - sh + - -c + - exec pg_isready --host $POD_IP + initialDelaySeconds: 120 + timeoutSeconds: 5 + failureThreshold: 6 + readinessProbe: + exec: + command: + - sh + - -c + - exec pg_isready --host $POD_IP + initialDelaySeconds: 5 + timeoutSeconds: 3 + periodSeconds: 5 + resources: +{{ toYaml .Values.resources | indent 10 }} + volumeMounts: + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} +{{- if .Values.metrics.enabled }} + - name: metrics + image: "{{ .Values.metrics.image }}:{{ .Values.metrics.imageTag }}" + imagePullPolicy: {{ default "" .Values.metrics.imagePullPolicy | quote }} + env: + - name: DATA_SOURCE_NAME + value: postgresql://postgres@127.0.0.1:5432?sslmode=disable + ports: + - name: metrics + containerPort: 9187 + {{- if .Values.metrics.customMetrics }} + args: ["-extend.query-path", "/conf/custom-metrics.yaml"] + volumeMounts: + - name: custom-metrics + mountPath: /conf + readOnly: true + {{- end }} + resources: +{{ toYaml .Values.metrics.resources | indent 10 }} +{{- end }} + volumes: + - name: data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "postgresql.fullname" .) }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} + - name: custom-metrics + secret: + secretName: {{ template "postgresql.fullname" . }} + items: + - key: custom-metrics.yaml + path: custom-metrics.yaml + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + - name: {{ .Values.imagePullSecrets }} + {{- end }} diff --git a/kubernetes/dmaap/charts/postgresql/templates/networkpolicy.yaml b/kubernetes/dmaap/charts/postgresql/templates/networkpolicy.yaml new file mode 100644 index 0000000000..92f3b71b15 --- /dev/null +++ b/kubernetes/dmaap/charts/postgresql/templates/networkpolicy.yaml @@ -0,0 +1,28 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }} +metadata: + name: "{{ template "postgresql.fullname" . }}" + labels: + app: {{ template "postgresql.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + podSelector: + matchLabels: + app: "{{ template "postgresql.fullname" . }}" + ingress: + # Allow inbound connections + - ports: + - port: 5432 + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "postgresql.fullname" . }}-client: "true" + {{- end }} + # Allow prometheus scrapes + - ports: + - port: 9187 +{{- end }} diff --git a/kubernetes/dmaap/charts/postgresql/templates/pvc.yaml b/kubernetes/dmaap/charts/postgresql/templates/pvc.yaml new file mode 100644 index 0000000000..f1d38dfb14 --- /dev/null +++ b/kubernetes/dmaap/charts/postgresql/templates/pvc.yaml @@ -0,0 +1,28 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "postgresql.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/kubernetes/dmaap/charts/postgresql/templates/secrets.yaml b/kubernetes/dmaap/charts/postgresql/templates/secrets.yaml new file mode 100644 index 0000000000..6dd4c7da55 --- /dev/null +++ b/kubernetes/dmaap/charts/postgresql/templates/secrets.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "postgresql.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +type: Opaque +data: + {{ if .Values.postgresPassword }} + postgres-password: {{ .Values.postgresPassword | b64enc | quote }} + {{ else }} + postgres-password: {{ randAlphaNum 10 | b64enc | quote }} + {{ end }} + {{- if .Values.metrics.customMetrics }} + custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | b64enc | quote }} + {{- end }} diff --git a/kubernetes/dmaap/charts/postgresql/templates/svc.yaml b/kubernetes/dmaap/charts/postgresql/templates/svc.yaml new file mode 100644 index 0000000000..f6373c8368 --- /dev/null +++ b/kubernetes/dmaap/charts/postgresql/templates/svc.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Service +metadata: + name: dmaap-prov-{{ template "postgresql.name" . }} + namespace: {{ .Values.global.nsPrefix }} + labels: + app: {{ template "postgresql.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.metrics.enabled }} + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9187" +{{- end }} +spec: + type: {{ .Values.service.type }} + ports: + - name: postgresql + port: {{ .Values.service.port }} + targetPort: postgresql + {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} +{{- if .Values.service.externalIPs }} + externalIPs: +{{ toYaml .Values.service.externalIPs | indent 4 }} +{{- end }} + selector: + app: {{ template "postgresql.fullname" . }} diff --git a/kubernetes/dmaap/charts/postgresql/values.yaml b/kubernetes/dmaap/charts/postgresql/values.yaml new file mode 100644 index 0000000000..37bbddaef9 --- /dev/null +++ b/kubernetes/dmaap/charts/postgresql/values.yaml @@ -0,0 +1,123 @@ +## postgres image repository +image: "postgres" +## postgres image version +## ref: https://hub.docker.com/r/library/postgres/tags/ +## +imageTag: "9.6.2" + +## Specify a imagePullPolicy +## 'Always' if imageTag is 'latest', else set to 'IfNotPresent' +## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images +## +# imagePullPolicy: + +## Specify imagePullSecrets +## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod +## +# imagePullSecrets: myregistrykey + +## Create a database user +## Default: postgres +#postgresUser: "dmaap" +## Default: random 10 character string +#postgresPassword: "onapdemodb" + +## Create a database +## Default: the postgres user +#postgresDatabase: "dmaap" + +## Specify initdb arguments, e.g. --data-checksums +## ref: https://github.com/docker-library/docs/blob/master/postgres/content.md#postgres_initdb_args +## ref: https://www.postgresql.org/docs/current/static/app-initdb.html +# postgresInitdbArgs: + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Specify runtime config parameters as a dict, using camelCase, e.g. +## {"sharedBuffers": "500MB"} +## ref: https://www.postgresql.org/docs/current/static/runtime-config.html +# postgresConfig: + +## Persist data to a persitent volume +persistence: + enabled: false + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + accessMode: ReadWriteOnce + size: 8Gi + subPath: "postgresql-db" + mountPath: /var/lib/postgresql/data/pgdata + + # annotations: {} + +metrics: + enabled: false + image: wrouesnel/postgres_exporter + imageTag: v0.1.1 + imagePullPolicy: IfNotPresent + resources: + requests: + memory: 256Mi + cpu: 100m + ## Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + # customMetrics: + # pg_database: + # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + # metrics: + # - name: + # usage: "LABEL" + # description: "Name of the database" + # - size_bytes: + # usage: "GAUGE" + # description: "Size of the database in bytes" + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 256Mi + cpu: 100m + +service: + type: ClusterIP + port: 5432 + externalIPs: [] + ## Manually set NodePort value + ## Requires service.type: NodePort + # nodePort: + +networkPolicy: + ## Enable creation of NetworkPolicy resources. + ## + enabled: false + + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the port PostgreSQL is listening + ## on. When true, PostgreSQL will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + +## Node labels and tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature +nodeSelector: {} +tolerations: [] +affinity: {} -- cgit 1.2.3-korg