From f47fe4275a37b3f55f3288dae881547161be9a5f Mon Sep 17 00:00:00 2001 From: krishnaa96 Date: Fri, 17 Jul 2020 19:21:18 +0530 Subject: [OOF] Move nginx to a sidecar container Issue-ID: OPTFRA-794 Signed-off-by: krishnaa96 Change-Id: I16547f24ca58a80634ff13a9aeb7a5f595633b44 --- .../charts/oof-has-api/templates/deployment.yaml | 42 +++++++++++++++++----- .../charts/oof-has/charts/oof-has-api/values.yaml | 8 +++++ .../oof/charts/oof-has/resources/config/nginx.conf | 6 ++-- 3 files changed, 44 insertions(+), 12 deletions(-) (limited to 'kubernetes/oof') diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml index 0ccf606627..7e0a88f94d 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Copyright (C) 2020 Wipro Limited. # Modifications Copyright © 2018 AT&T,VMware # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -88,21 +89,21 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/bin/bash","-c"] - args: ["nginx && /usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port=8080 --die-on-term --exit-on-reload --logto /var/log/conductor/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:8080"] + args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --logto /var/log/conductor/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"] ports: - - containerPort: {{ .Values.liveness.periodSeconds }} + - containerPort: {{ .Values.uwsgi.internalPort }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if .Values.liveness.enabled }} livenessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ .Values.uwsgi.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ .Values.uwsgi.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: @@ -110,9 +111,6 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /etc/nginx/nginx.conf - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: nginx.conf - mountPath: /usr/local/etc/conductor/conductor.conf name: {{ .Values.global.commonConfigPrefix }}-config subPath: conductor.conf @@ -122,10 +120,36 @@ spec: - mountPath: /usr/local/bin/AAF_RootCA.cer name: {{ .Values.global.commonConfigPrefix }}-config subPath: AAF_RootCA.cer - - mountPath: /etc/nginx/ssl/org.onap.oof.crt + resources: +{{ include "common.resources" . | indent 12 }} + - name: {{ include "common.name" . }}-nginx + image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.nginx.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + {{- if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/bitnami/nginx/conf/nginx.conf + name: {{ .Values.global.commonConfigPrefix }}-config + subPath: nginx.conf + - mountPath: /opt/bitnami/nginx/ssl/org.onap.oof.crt name: {{ .Values.global.commonConfigPrefix }}-config subPath: org.onap.oof.crt - - mountPath: /etc/nginx/ssl/org.onap.oof.key + - mountPath: /opt/bitnami/nginx/ssl/org.onap.oof.key name: {{ .Values.global.commonConfigPrefix }}-config subPath: org.onap.oof.key resources: diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml index da6ab9b548..b9efec0b45 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,6 +23,13 @@ service: internalPort: 8091 nodePort: 75 portName: oof-has-api + +#sidecar container image +nginx: + image: bitnami/nginx:1.18-debian-10 +#backend container info +uwsgi: + internalPort: 8080 ingress: enabled: false replicaCount: 1 diff --git a/kubernetes/oof/charts/oof-has/resources/config/nginx.conf b/kubernetes/oof/charts/oof-has/resources/config/nginx.conf index f2172b2793..7b5c3a504c 100644 --- a/kubernetes/oof/charts/oof-has/resources/config/nginx.conf +++ b/kubernetes/oof/charts/oof-has/resources/config/nginx.conf @@ -13,13 +13,13 @@ http { listen 8091 ssl; server_name oof; - ssl_certificate /etc/nginx/ssl/org.onap.oof.crt; - ssl_certificate_key /etc/nginx/ssl/org.onap.oof.key; + ssl_certificate /opt/bitnami/nginx/ssl/org.onap.oof.crt; + ssl_certificate_key /opt/bitnami/nginx/ssl/org.onap.oof.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; location / { - include /etc/nginx/uwsgi_params; + include /opt/bitnami/nginx/conf/uwsgi_params; uwsgi_pass conductor_uwsgi; uwsgi_param Host $host; -- cgit 1.2.3-korg