--- /dev/null
+package controller\r
+\r
+import (\r
+ corev1 "k8s.io/api/core/v1"\r
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"\r
+) \r
+\r
+func GetClusterRole() []*rbacv1.ClusterRole {\r
+\r
+ clusterRole1 := &rbacv1.ClusterRole{\r
+ ObjectMeta: metav1.ObjectMeta{\r
+ Name: "svcacct-ricplt-appmgr-ricxapp-access",\r
+ },\r
+ Rules: []rbacv1.PolicyRule{\r
+\r
+ rbacv1.PolicyRule{\r
+ APIGroups: []string{\r
+\r
+ "",\r
+ },\r
+ Resources: []string{\r
+\r
+ "pods/portforward",\r
+ },\r
+ Verbs: []string{\r
+\r
+ "create",\r
+ },\r
+ },\r
+ rbacv1.PolicyRule{\r
+ APIGroups: []string{\r
+\r
+ "",\r
+ },\r
+ Resources: []string{\r
+\r
+ "pods",\r
+ "configmaps",\r
+ "deployments",\r
+ "services",\r
+ },\r
+ Verbs: []string{\r
+\r
+ "get",\r
+ "list",\r
+ "create",\r
+ "delete",\r
+ },\r
+ },\r
+ rbacv1.PolicyRule{\r
+ APIGroups: []string{\r
+\r
+ "",\r
+ },\r
+ Resources: []string{\r
+\r
+ "secrets",\r
+ },\r
+ Verbs: []string{\r
+\r
+ "get",\r
+ "list",\r
+ },\r
+ },\r
+ },\r
+ TypeMeta: metav1.TypeMeta{\r
+ Kind: "ClusterRole",\r
+ APIVersion: "rbac.authorization.k8s.io/v1",\r
+ },\r
+ }\r
+\r
+ clusterRole2 := &rbacv1.ClusterRole{\r
+ Rules: []rbacv1.PolicyRule{\r
+\r
+ rbacv1.PolicyRule{\r
+ APIGroups: []string{\r
+\r
+ "",\r
+ },\r
+ Resources: []string{\r
+\r
+ "configmaps",\r
+ "endpoints",\r
+ "services",\r
+ },\r
+ Verbs: []string{\r
+\r
+ "get",\r
+ "list",\r
+ "create",\r
+ "update",\r
+ "delete",\r
+ },\r
+ },\r
+ },\r
+ TypeMeta: metav1.TypeMeta{\r
+ APIVersion: "rbac.authorization.k8s.io/v1",\r
+ Kind: "ClusterRole",\r
+ },\r
+ ObjectMeta: metav1.ObjectMeta{\r
+ Name: "svcacct-ricplt-appmgr-ricxapp-getappconfig",\r
+ },\r
+ }\r
+\r
+ return []*rbacv1.ClusterRole{clusterRole1, clusterRole2}\r
+\r
+}
\ No newline at end of file
--- /dev/null
+package controller\r
+\r
+import (\r
+ corev1 "k8s.io/api/core/v1"\r
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"\r
+ "k8s.io/apimachinery/pkg/util/intstr"\r
+)\r
+\r
+func GetClusterRoleBinding() []*rbacv1.ClusterRoleBinding {\r
+ clusterRoleBinding1 := &rbacv1.ClusterRoleBinding{\r
+ TypeMeta: metav1.TypeMeta{\r
+ APIVersion: "rbac.authorization.k8s.io/v1",\r
+ Kind: "ClusterRoleBinding",\r
+ },\r
+ ObjectMeta: metav1.ObjectMeta{\r
+ Name: "svcacct-ricplt-appmgr-ricxapp-access",\r
+ Namespace: "ricplt",\r
+ },\r
+ RoleRef: rbacv1.RoleRef{\r
+ Kind: "ClusterRole",\r
+ Name: "svcacct-ricplt-appmgr-ricxapp-access",\r
+ APIGroup: "rbac.authorization.k8s.io",\r
+ },\r
+ Subjects: []rbacv1.Subject{\r
+\r
+ rbacv1.Subject{\r
+ Namespace: "ricplt",\r
+ Kind: "ServiceAccount",\r
+ Name: "svcacct-ricplt-appmgr",\r
+ },\r
+ },\r
+ }\r
+\r
+ clusterRoleBinding2 := &rbacv1.ClusterRoleBinding{\r
+ ObjectMeta: metav1.ObjectMeta{\r
+ Name: "svcacct-ricplt-appmgr-ricxapp-getappconfig",\r
+ Namespace: "ricxapp",\r
+ },\r
+ RoleRef: rbacv1.RoleRef{\r
+ APIGroup: "rbac.authorization.k8s.io",\r
+ Kind: "ClusterRole",\r
+ Name: "svcacct-ricplt-appmgr-ricxapp-getappconfig",\r
+ },\r
+ Subjects: []rbacv1.Subject{\r
+\r
+ rbacv1.Subject{\r
+ Namespace: "ricplt",\r
+ Kind: "ServiceAccount",\r
+ Name: "svcacct-ricplt-appmgr",\r
+ },\r
+ },\r
+ TypeMeta: metav1.TypeMeta{\r
+ APIVersion: "rbac.authorization.k8s.io/v1",\r
+ Kind: "ClusterRoleBinding",\r
+ },\r
+ }\r
+ return []*rbacv1.ClusterRoleBinding{clusterRoleBinding1, clusterRoleBinding2}\r
+}\r
},\r
}\r
\r
- return []*corev1.ConfigMap{configMap1, configMap2, configMap3, configMap4, configMap5, configMap6}\r
+ configMap7 := &corev1.ConfigMap{\r
+ Data: map[string]string{\r
+ "appmgr.yaml": "\"local\":\n" +\r
+ " # Port on which the xapp-manager REST services are provided\n" +\r
+ " \"host\": \":8080\"\n" +\r
+ "\"helm\":\n" +\r
+ " # Remote helm repo URL. UPDATE this as required.\n" +\r
+ " \"repo\": \"\\\"http://service-ricplt-xapp-onboarder-http:8080\\\"\"\n" +\r
+ "\n" +\r
+ " # Repo name referred within the xapp-manager\n" +\r
+ " \"repo-name\": \"helm-repo\"\n" +\r
+ "\n" +\r
+ " # Tiller service details in the cluster. UPDATE this as required.\n" +\r
+ " \"tiller-service\": service-tiller-ricxapp\n" +\r
+ " \"tiller-namespace\": ricinfra\n" +\r
+ " \"tiller-port\": \"44134\"\n" +\r
+ " # helm username and password files\n" +\r
+ " \"helm-username-file\": \"/opt/ric/secret/helm_repo_username\"\n" +\r
+ " \"helm-password-file\": \"/opt/ric/secret/helm_repo_password\"\n" +\r
+ " \"retry\": 1\n" +\r
+ "\"xapp\":\n" +\r
+ " #Namespace to install xAPPs\n" +\r
+ " \"namespace\": \"ricxapp\"\n" +\r
+ " \"tarDir\": \"/tmp\"\n" +\r
+ " \"schema\": \"descriptors/schema.json\"\n" +\r
+ " \"config\": \"config/config-file.json\"\n" +\r
+ " \"tmpConfig\": \"/tmp/config-file.json\"\n" +\r
+ "",\r
+ },\r
+ ObjectMeta: metav1.ObjectMeta{\r
+ Name: "configmap-ricplt-appmgr-appconfig",\r
+ },\r
+ TypeMeta: metav1.TypeMeta{\r
+ APIVersion: "v1",\r
+ Kind: "ConfigMap",\r
+ },\r
+ }\r
+\r
+ configMap8 := &corev1.ConfigMap{\r
+ Data: map[string]string{\r
+ "appmgr-tiller-secret-copier.sh": "#!/bin/sh\n" +\r
+ "if [ -x /svcacct-to-kubeconfig.sh ] ; then\n" +\r
+ " /svcacct-to-kubeconfig.sh\n" +\r
+ "fi\n" +\r
+ "\n" +\r
+ "if [ ! -z \"${HELM_TLS_CA_CERT}\" ]; then\n" +\r
+ " kubectl -n ${SECRET_NAMESPACE} get secret -o yaml ${SECRET_NAME} | \\\n" +\r
+ " grep 'ca.crt:' | \\\n" +\r
+ " awk '{print $2}' | \\\n" +\r
+ " base64 -d > ${HELM_TLS_CA_CERT}\n" +\r
+ "fi\n" +\r
+ "\n" +\r
+ "if [ ! -z \"${HELM_TLS_CERT}\" ]; then\n" +\r
+ " kubectl -n ${SECRET_NAMESPACE} get secret -o yaml ${SECRET_NAME} | \\\n" +\r
+ " grep 'tls.crt:' | \\\n" +\r
+ " awk '{print $2}' | \\\n" +\r
+ " base64 -d > ${HELM_TLS_CERT}\n" +\r
+ "fi\n" +\r
+ "\n" +\r
+ "if [ ! -z \"${HELM_TLS_KEY}\" ]; then\n" +\r
+ " kubectl -n ${SECRET_NAMESPACE} get secret -o yaml ${SECRET_NAME} | \\\n" +\r
+ " grep 'tls.key:' | \\\n" +\r
+ " awk '{print $2}' | \\\n" +\r
+ " base64 -d > ${HELM_TLS_KEY}\n" +\r
+ "fi\n" +\r
+ "",\r
+ "svcacct-to-kubeconfig.sh": "#!/bin/sh\n" +\r
+ "\n" +\r
+ "# generate a kubconfig (at ${KUBECONFIG} file from the automatically-mounted\n" +\r
+ "# service account token.\n" +\r
+ "# ENVIRONMENT:\n" +\r
+ "# SVCACCT_NAME: the name of the service account user. default \"default\"\n" +\r
+ "# CLUSTER_NAME: the name of the kubernetes cluster. default \"kubernetes\"\n" +\r
+ "# KUBECONFIG: where the generated file will be deposited.\n" +\r
+ "SVCACCT_TOKEN=`cat /var/run/secrets/kubernetes.io/serviceaccount/token`\n" +\r
+ "CLUSTER_CA=`base64 /var/run/secrets/kubernetes.io/serviceaccount/ca.crt|tr -d '\\n'`\n" +\r
+ "\n" +\r
+ "cat >${KUBECONFIG} <<__EOF__\n" +\r
+ "ApiVersion: v1\n" +\r
+ "kind: Config\n" +\r
+ "users:\n" +\r
+ "- name: ${SVCACCT_NAME:-default}\n" +\r
+ " user:\n" +\r
+ " token: ${SVCACCT_TOKEN}\n" +\r
+ "clusters:\n" +\r
+ "- cluster:\n" +\r
+ " certificate-authority-data: ${CLUSTER_CA}\n" +\r
+ " server: ${K8S_API_HOST:-https://kubernetes.default.svc.cluster.local/}\n" +\r
+ " name: ${CLUSTER_NAME:-kubernetes}\n" +\r
+ "contexts:\n" +\r
+ "- context:\n" +\r
+ " cluster: ${CLUSTER_NAME:-kubernetes}\n" +\r
+ " user: ${SVCACCT_NAME:-default}\n" +\r
+ " name: svcs-acct-context\n" +\r
+ "current-context: svcs-acct-context\n" +\r
+ "__EOF__\n" +\r
+ "",\r
+ },\r
+ ObjectMeta: metav1.ObjectMeta{\r
+ Name: "configmap-ricplt-appmgr-bin",\r
+ },\r
+ TypeMeta: metav1.TypeMeta{\r
+ Kind: "ConfigMap",\r
+ APIVersion: "v1",\r
+ },\r
+ }\r
+\r
+ configMap9 := &corev1.ConfigMap{\r
+ Data: map[string]string{\r
+ "RMR_RTG_SVC": "4561",\r
+ "HELM_TLS_CA_CERT": "/opt/ric/secret/tiller-ca.cert",\r
+ "HELM_TLS_CERT": "/opt/ric/secret/helm-client.cert",\r
+ "HELM_TLS_HOSTNAME": "service-tiller-ricxapp",\r
+ "HELM_TLS_VERIFY": "true",\r
+ "NAME": "xappmgr",\r
+ "HELM_HOST": "service-tiller-ricxapp.ricinfra:44134",\r
+ "HELM_TLS_ENABLED": "true",\r
+ "HELM_TLS_KEY": "/opt/ric/secret/helm-client.key",\r
+ },\r
+ ObjectMeta: metav1.ObjectMeta{\r
+ Name: "configmap-ricplt-appmgr-env",\r
+ },\r
+ TypeMeta: metav1.TypeMeta{\r
+ APIVersion: "v1",\r
+ Kind: "ConfigMap",\r
+ },\r
+ }\r
+ \r
+ return []*corev1.ConfigMap{configMap1, configMap2, configMap3, configMap4, configMap5, configMap6,configMap7, configMap8, configMap9}\r
}\r
},\r
},\r
},\r
- }
\ No newline at end of file
+ }\r
+ ingress2 := &unstructured.Unstructured{\r
+ Object: map[string]interface{}{\r
+ "apiVersion": "networking.k8s.io/v1beta1",\r
+ "kind": "Ingress",\r
+ "metadata": map[string]interface{}{\r
+ "name": "ingress-ricplt-appmgr",\r
+ },\r
+ "spec": map[string]interface{}{\r
+ "rules": []interface{}{\r
+ map[string]interface{}{\r
+ "http": map[string]interface{}{\r
+ "paths": []interface{}{\r
+ map[string]interface{}{\r
+ "backend": map[string]interface{}{\r
+ "serviceName": "service-ricplt-appmgr-http",\r
+ "servicePort": 8080,\r
+ },\r
+ "path": "/appmgr",\r
+ },\r
+ },\r
+ },\r
+ },\r
+ },\r
+ },\r
+ },\r
+ }\r
+ \r
+ return []*unstructured.Unstructured{ingress1, ingress2}\r
+}
\ No newline at end of file
--- /dev/null
+package controller\r
+\r
+import (\r
+ corev1 "k8s.io/api/core/v1"\r
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"\r
+ "k8s.io/apimachinery/pkg/util/intstr"\r
+)\r
+\r
+func GetSecret() []*corev1.Secret {\r
+\r
+ secret1 := &corev1.Secret{\r
+ Data: map[string][]uint8{\r
+ "helm_repo_password": getDataForSecret("helm"),\r
+ "helm_repo_username": getDataForSecret("helm"),\r
+ },\r
+ ObjectMeta: metav1.ObjectMeta{\r
+ Name: "secret-ricplt-appmgr",\r
+ },\r
+ Type: corev1.SecretType("Opaque"),\r
+ TypeMeta: metav1.TypeMeta{\r
+ APIVersion: "v1",\r
+ Kind: "Secret",\r
+ },\r
+ }\r
+return []*corev1.Secret{secret1}\r
+\r
+}
\ No newline at end of file
Kind: "ServiceAccount",\r
},\r
}\r
- return []*corev1.ServiceAccount{serviceAccount1}\r
+ serviceAccount2 := &corev1.ServiceAccount{\r
+ ObjectMeta: metav1.ObjectMeta{\r
+ Namespace: "ricplt",\r
+ Name: "svcacct-ricplt-appmgr",\r
+ },\r
+ TypeMeta: metav1.TypeMeta{\r
+ APIVersion: "v1",\r
+ Kind: "ServiceAccount",\r
+ },\r
+ }\r
+ \r
+ return []*corev1.ServiceAccount{serviceAccount1,serviceAccount2}\r
}
\ No newline at end of file
},\r
}\r
\r
- return []*corev1.Service{service1, service2, service3, service4}\r
+ service5 := &corev1.Service{\r
+ ObjectMeta: metav1.ObjectMeta{\r
+ Labels: map[string]string{\r
+ "app": "ricplt-appmgr",\r
+ "chart": "appmgr-3.0.0",\r
+ "heritage": "Helm",\r
+ "release": "release-name",\r
+ },\r
+ Name: "service-ricplt-appmgr-http",\r
+ Namespace: "ricplt",\r
+ },\r
+ Spec: corev1.ServiceSpec{\r
+ Ports: []corev1.ServicePort{\r
+\r
+ corev1.ServicePort{\r
+ Name: "http",\r
+ Port: 8080,\r
+ Protocol: corev1.Protocol("TCP"),\r
+ TargetPort: intstr.IntOrString{\r
+ Type: intstr.Type(1),\r
+ StrVal: "http",\r
+ },\r
+ },\r
+ },\r
+ PublishNotReadyAddresses: false,\r
+ Selector: map[string]string{\r
+ "release": "release-name",\r
+ "app": "ricplt-appmgr",\r
+ },\r
+ Type: corev1.ServiceType("ClusterIP"),\r
+ },\r
+ TypeMeta: metav1.TypeMeta{\r
+ APIVersion: "v1",\r
+ Kind: "Service",\r
+ },\r
+ }\r
+\r
+ service6 := &corev1.Service{\r
+ ObjectMeta: metav1.ObjectMeta{\r
+ Name: "service-ricplt-appmgr-rmr",\r
+ Namespace: "ricplt",\r
+ Labels: map[string]string{\r
+ "chart": "appmgr-3.0.0",\r
+ "heritage": "Helm",\r
+ "release": "release-name",\r
+ "app": "ricplt-appmgr",\r
+ },\r
+ },\r
+ Spec: corev1.ServiceSpec{\r
+ Ports: []corev1.ServicePort{\r
+\r
+ corev1.ServicePort{\r
+ Name: "rmrroute",\r
+ Port: 4561,\r
+ Protocol: corev1.Protocol("TCP"),\r
+ TargetPort: intstr.IntOrString{\r
+ Type: intstr.Type(1),\r
+ StrVal: "rmrroute",\r
+ },\r
+ },\r
+ corev1.ServicePort{\r
+ Name: "rmrdata",\r
+ Port: 4560,\r
+ Protocol: corev1.Protocol("TCP"),\r
+ TargetPort: intstr.IntOrString{\r
+ StrVal: "rmrdata",\r
+ Type: intstr.Type(1),\r
+ },\r
+ },\r
+ },\r
+ PublishNotReadyAddresses: false,\r
+ Selector: map[string]string{\r
+ "app": "ricplt-appmgr",\r
+ "release": "release-name",\r
+ },\r
+ Type: corev1.ServiceType("ClusterIP"),\r
+ },\r
+ TypeMeta: metav1.TypeMeta{\r
+ APIVersion: "v1",\r
+ Kind: "Service",\r
+ },\r
+ }\r
+\r
+ return []*corev1.Service{service1, service2, service3, service4,service5,service6 }\r
}\r