From 38dc857062b14145f5b9db89d10eba0ae5b90d11 Mon Sep 17 00:00:00 2001 From: Zhe Huang Date: Sun, 8 Dec 2019 00:01:26 -0500 Subject: [PATCH] Add standalone R3 RIC platform helm charts and deployment scripts. Signed-off-by: Zhe Huang Change-Id: Id0011e0d1d78915918736a310a444f9bf769c476 --- .gitignore | 8 + amber_example_recipe.yaml | 151 +++++++ bin/install | 94 +++++ bin/uninstall | 47 +++ example_recipe.yaml | 140 +++++++ helm/a1mediator/.gitignore | 1 + helm/a1mediator/.helmignore | 22 + helm/a1mediator/Chart.yaml | 5 + helm/a1mediator/requirements.yaml | 21 + helm/a1mediator/resources/ricmanifest.json | 69 ++++ .../resources/rmr_string_int_mapping.txt | 5 + helm/a1mediator/templates/config.yaml | 45 +++ helm/a1mediator/templates/deployment.yaml | 88 ++++ helm/a1mediator/templates/env.yaml | 30 ++ helm/a1mediator/templates/ingress-a1mediator.yaml | 12 + helm/a1mediator/templates/service-http.yaml | 38 ++ helm/a1mediator/templates/service-rmr.yaml | 41 ++ helm/a1mediator/values.yaml | 39 ++ helm/appmgr/.helmignore | 22 + helm/appmgr/Chart.yaml | 22 + helm/appmgr/requirements.yaml | 21 + helm/appmgr/resources/appmgr.yaml | 25 ++ helm/appmgr/templates/appconfig.yaml | 33 ++ .../bin/_appmgr-tiller-secret-copier.sh.tpl | 41 ++ .../templates/bin/_svcacct-to-kubeconfig.sh.tpl | 46 +++ helm/appmgr/templates/configmap-bin.yaml | 26 ++ helm/appmgr/templates/deployment.yaml | 161 ++++++++ helm/appmgr/templates/env-appmgr.yaml | 46 +++ helm/appmgr/templates/env-chartmuseum.yaml | 25 ++ helm/appmgr/templates/ingress-appmgr.yaml | 12 + helm/appmgr/templates/ingress-chartmuseum.yaml | 33 ++ helm/appmgr/templates/secret.yaml | 24 ++ helm/appmgr/templates/service-http.yaml | 43 ++ helm/appmgr/templates/service-rmr.yaml | 42 ++ helm/appmgr/templates/serviceaccount.yaml | 67 ++++ helm/appmgr/values.yaml | 102 +++++ helm/dbaas1/Chart.yaml | 21 + helm/dbaas1/requirements.yaml | 20 + helm/dbaas1/templates/deployment.yaml | 57 +++ helm/dbaas1/templates/service.yaml | 35 ++ helm/dbaas1/values.yaml | 30 ++ helm/e2mgr/Chart.yaml | 22 + helm/e2mgr/requirements.yaml | 21 + helm/e2mgr/templates/configmap.yaml | 114 ++++++ helm/e2mgr/templates/deployment.yaml | 79 ++++ helm/e2mgr/templates/env.yaml | 30 ++ helm/e2mgr/templates/ingress-e2mgr.yaml | 12 + helm/e2mgr/templates/service-http.yaml | 37 ++ helm/e2mgr/templates/service-rmr.yaml | 41 ++ helm/e2mgr/values.yaml | 41 ++ helm/e2term/.helmignore | 22 + helm/e2term/Chart.yaml | 22 + helm/e2term/requirements.yaml | 21 + helm/e2term/resources/cleaner.sh | 25 ++ helm/e2term/resources/configfile.properties | 18 + helm/e2term/resources/pizpub.crontab | 18 + helm/e2term/templates/configmap-pizpub.yaml | 24 ++ helm/e2term/templates/configmap.yaml | 59 +++ helm/e2term/templates/deployment.yaml | 120 ++++++ helm/e2term/templates/e2term-pv.yaml | 31 ++ helm/e2term/templates/e2term-pvc.yaml | 28 ++ helm/e2term/templates/env.yaml | 33 ++ helm/e2term/templates/service-rmr.yaml | 41 ++ helm/e2term/values.yaml | 46 +++ helm/infrastructure/Chart.yaml | 23 ++ helm/infrastructure/requirements.yaml | 41 ++ .../subcharts/certificate-manager/Chart.yaml | 5 + .../certificate-manager/requirements.yaml | 21 + .../certificate-manager/templates/secret.yaml | 69 ++++ .../subcharts/certificate-manager/values.yaml | 12 + .../subcharts/chartmuseum/Chart.yaml | 23 ++ .../subcharts/chartmuseum/requirements.yaml | 21 + .../subcharts/chartmuseum/templates/_gen-cert.tpl | 29 ++ .../chartmuseum/templates/deployment.yaml | 66 +++ .../subcharts/chartmuseum/templates/env.yaml | 24 ++ .../subcharts/chartmuseum/templates/ingress.yaml | 32 ++ .../chartmuseum/templates/job-save-certs.yaml | 47 +++ .../chartmuseum/templates/persistentVolume.yaml | 34 ++ .../templates/persistentVolumeClaim.yaml | 11 + .../subcharts/chartmuseum/templates/secret.yaml | 27 ++ .../subcharts/chartmuseum/templates/service.yaml | 37 ++ .../subcharts/chartmuseum/values.yaml | 43 ++ .../subcharts/docker-credential/Chart.yaml | 22 + .../subcharts/docker-credential/requirements.yaml | 21 + .../templates/secrets-docker-reg.yaml | 41 ++ .../subcharts/docker-credential/values.yaml | 16 + helm/infrastructure/subcharts/extsvcplt/Chart.yaml | 23 ++ .../subcharts/extsvcplt/requirements.yaml | 21 + .../extsvcplt/templates/services-aux.yaml | 50 +++ .../infrastructure/subcharts/extsvcplt/values.yaml | 20 + helm/infrastructure/subcharts/kong/.helmignore | 22 + helm/infrastructure/subcharts/kong/Chart.yaml | 31 ++ helm/infrastructure/subcharts/kong/README.md | 397 ++++++++++++++++++ .../subcharts/kong/charts/cassandra/.helmignore | 17 + .../subcharts/kong/charts/cassandra/Chart.yaml | 17 + .../subcharts/kong/charts/cassandra/README.md | 190 +++++++++ .../cassandra/sample/create-storage-gce.yaml | 7 + .../kong/charts/cassandra/templates/NOTES.txt | 35 ++ .../kong/charts/cassandra/templates/_helpers.tpl | 43 ++ .../charts/cassandra/templates/backup/cronjob.yaml | 73 ++++ .../charts/cassandra/templates/backup/rbac.yaml | 50 +++ .../kong/charts/cassandra/templates/configmap.yaml | 14 + .../kong/charts/cassandra/templates/pdb.yaml | 17 + .../kong/charts/cassandra/templates/service.yaml | 36 ++ .../charts/cassandra/templates/statefulset.yaml | 200 ++++++++++ .../subcharts/kong/charts/cassandra/values.yaml | 209 ++++++++++ .../subcharts/kong/charts/postgresql/.helmignore | 2 + .../subcharts/kong/charts/postgresql/Chart.yaml | 23 ++ .../subcharts/kong/charts/postgresql/README.md | 278 +++++++++++++ .../kong/charts/postgresql/files/README.md | 1 + .../kong/charts/postgresql/files/conf.d/README.md | 4 + .../files/docker-entrypoint-initdb.d/README.md | 3 + .../kong/charts/postgresql/templates/NOTES.txt | 60 +++ .../kong/charts/postgresql/templates/_helpers.tpl | 152 +++++++ .../charts/postgresql/templates/configmap.yaml | 26 ++ .../templates/extended-config-configmap.yaml | 21 + .../templates/initialization-configmap.yaml | 24 ++ .../charts/postgresql/templates/metrics-svc.yaml | 26 ++ .../charts/postgresql/templates/networkpolicy.yaml | 29 ++ .../kong/charts/postgresql/templates/secrets.yaml | 25 ++ .../postgresql/templates/statefulset-slaves.yaml | 211 ++++++++++ .../charts/postgresql/templates/statefulset.yaml | 300 ++++++++++++++ .../charts/postgresql/templates/svc-headless.yaml | 19 + .../kong/charts/postgresql/templates/svc-read.yaml | 31 ++ .../kong/charts/postgresql/templates/svc.yaml | 32 ++ .../kong/charts/postgresql/values-production.yaml | 283 +++++++++++++ .../subcharts/kong/charts/postgresql/values.yaml | 289 ++++++++++++++ .../subcharts/kong/ci/cassandra.yaml | 7 + ...-no-kic-internal-declarative-config-values.yaml | 39 ++ .../subcharts/kong/ci/dbless-no-kic-values.yaml | 21 + .../subcharts/kong/ci/dbless-values.yaml | 29 ++ .../subcharts/kong/ci/default-values.yaml | 444 +++++++++++++++++++++ .../kong/ci/ingressController-values.yaml | 3 + .../subcharts/kong/ci/loadbalancer-values.yaml | 50 +++ .../subcharts/kong/requirements.yaml | 25 ++ .../subcharts/kong/templates/NOTES.txt | 81 ++++ .../subcharts/kong/templates/_helpers.tpl | 227 +++++++++++ .../templates/config-custom-server-blocks.yaml | 29 ++ .../subcharts/kong/templates/config-dbless.yaml | 16 + .../kong/templates/controller-cluster-role.yaml | 76 ++++ .../kong/templates/controller-deployment.yaml | 96 +++++ .../subcharts/kong/templates/controller-pdb.yaml | 20 + .../controller-rbac-cluster-role-binding.yaml | 19 + .../templates/controller-rbac-role-binding.yaml | 20 + .../kong/templates/controller-rbac-role.yaml | 47 +++ .../kong/templates/controller-service-account.yaml | 12 + .../subcharts/kong/templates/crd-kongconsumer.yaml | 36 ++ .../kong/templates/crd-kongcredential.yaml | 41 ++ .../subcharts/kong/templates/crd-kongingress.yaml | 137 +++++++ .../subcharts/kong/templates/crd-kongplugins.yaml | 50 +++ .../subcharts/kong/templates/deployment.yaml | 281 +++++++++++++ .../subcharts/kong/templates/ingress-admin.yaml | 33 ++ .../subcharts/kong/templates/ingress-manager.yaml | 35 ++ .../kong/templates/ingress-portal-api.yaml | 35 ++ .../subcharts/kong/templates/ingress-portal.yaml | 35 ++ .../subcharts/kong/templates/ingress-proxy.yaml | 33 ++ .../kong/templates/migrations-post-upgrade.yaml | 76 ++++ .../kong/templates/migrations-pre-upgrade.yaml | 76 ++++ .../subcharts/kong/templates/migrations.yaml | 71 ++++ .../subcharts/kong/templates/pdb.yaml | 20 + .../kong/templates/service-kong-admin.yaml | 38 ++ .../kong/templates/service-kong-manager.yaml | 57 +++ .../kong/templates/service-kong-portal-api.yaml | 57 +++ .../kong/templates/service-kong-portal.yaml | 57 +++ .../kong/templates/service-kong-proxy.yaml | 57 +++ .../subcharts/kong/templates/servicemonitor.yaml | 29 ++ helm/infrastructure/subcharts/kong/values.yaml | 444 +++++++++++++++++++++ .../templates/deployment-tiller.yaml | 206 ++++++++++ .../templates/job-tiller-secrets.yaml | 103 +++++ helm/infrastructure/values.yaml | 99 +++++ helm/jaegeradapter/.helmignore | 37 ++ helm/jaegeradapter/Chart.yaml | 19 + helm/jaegeradapter/requirements.yaml | 20 + helm/jaegeradapter/templates/agent-service.yaml | 43 ++ .../jaegeradapter/templates/collector-service.yaml | 43 ++ helm/jaegeradapter/templates/deployment.yaml | 85 ++++ helm/jaegeradapter/templates/env.yaml | 11 + helm/jaegeradapter/templates/query-service.yaml | 35 ++ helm/jaegeradapter/values.yaml | 34 ++ helm/rsm/Chart.yaml | 21 + helm/rsm/requirements.yaml | 20 + helm/rsm/templates/configmap.yaml | 139 +++++++ helm/rsm/templates/deployment.yaml | 78 ++++ helm/rsm/templates/env.yaml | 28 ++ helm/rsm/templates/ingress-rsm.yaml | 27 ++ helm/rsm/templates/service-http.yaml | 36 ++ helm/rsm/templates/service-rmr.yaml | 40 ++ helm/rsm/values.yaml | 38 ++ helm/rtmgr/.helmignore | 22 + helm/rtmgr/Chart.yaml | 22 + helm/rtmgr/requirements.yaml | 21 + helm/rtmgr/templates/config.yaml | 51 +++ helm/rtmgr/templates/deployment.yaml | 76 ++++ helm/rtmgr/templates/env.yaml | 35 ++ helm/rtmgr/templates/service-http.yaml | 38 ++ helm/rtmgr/templates/service-rmr.yaml | 41 ++ helm/rtmgr/values.yaml | 34 ++ helm/submgr/Chart.yaml | 22 + helm/submgr/requirements.yaml | 21 + helm/submgr/templates/configmap.yaml | 35 ++ helm/submgr/templates/deployment.yaml | 78 ++++ helm/submgr/templates/env.yaml | 29 ++ helm/submgr/templates/service-http.yaml | 42 ++ helm/submgr/templates/service-rmr.yaml | 47 +++ helm/submgr/values.yaml | 30 ++ helm/vespamgr/.helmignore | 37 ++ helm/vespamgr/Chart.yaml | 20 + helm/vespamgr/requirements.yaml | 21 + helm/vespamgr/templates/deployment.yaml | 73 ++++ helm/vespamgr/templates/secret.yaml | 8 + helm/vespamgr/templates/service.yaml | 35 ++ helm/vespamgr/templates/vespa-config.yaml | 13 + helm/vespamgr/values.yaml | 35 ++ 213 files changed, 11698 insertions(+) create mode 100644 .gitignore create mode 100644 amber_example_recipe.yaml create mode 100755 bin/install create mode 100755 bin/uninstall create mode 100644 example_recipe.yaml create mode 100644 helm/a1mediator/.gitignore create mode 100644 helm/a1mediator/.helmignore create mode 100644 helm/a1mediator/Chart.yaml create mode 100644 helm/a1mediator/requirements.yaml create mode 100644 helm/a1mediator/resources/ricmanifest.json create mode 100644 helm/a1mediator/resources/rmr_string_int_mapping.txt create mode 100644 helm/a1mediator/templates/config.yaml create mode 100644 helm/a1mediator/templates/deployment.yaml create mode 100644 helm/a1mediator/templates/env.yaml create mode 100644 helm/a1mediator/templates/ingress-a1mediator.yaml create mode 100644 helm/a1mediator/templates/service-http.yaml create mode 100644 helm/a1mediator/templates/service-rmr.yaml create mode 100644 helm/a1mediator/values.yaml create mode 100644 helm/appmgr/.helmignore create mode 100644 helm/appmgr/Chart.yaml create mode 100644 helm/appmgr/requirements.yaml create mode 100644 helm/appmgr/resources/appmgr.yaml create mode 100644 helm/appmgr/templates/appconfig.yaml create mode 100644 helm/appmgr/templates/bin/_appmgr-tiller-secret-copier.sh.tpl create mode 100755 helm/appmgr/templates/bin/_svcacct-to-kubeconfig.sh.tpl create mode 100644 helm/appmgr/templates/configmap-bin.yaml create mode 100644 helm/appmgr/templates/deployment.yaml create mode 100644 helm/appmgr/templates/env-appmgr.yaml create mode 100644 helm/appmgr/templates/env-chartmuseum.yaml create mode 100644 helm/appmgr/templates/ingress-appmgr.yaml create mode 100644 helm/appmgr/templates/ingress-chartmuseum.yaml create mode 100644 helm/appmgr/templates/secret.yaml create mode 100644 helm/appmgr/templates/service-http.yaml create mode 100644 helm/appmgr/templates/service-rmr.yaml create mode 100644 helm/appmgr/templates/serviceaccount.yaml create mode 100644 helm/appmgr/values.yaml create mode 100644 helm/dbaas1/Chart.yaml create mode 100644 helm/dbaas1/requirements.yaml create mode 100644 helm/dbaas1/templates/deployment.yaml create mode 100644 helm/dbaas1/templates/service.yaml create mode 100644 helm/dbaas1/values.yaml create mode 100644 helm/e2mgr/Chart.yaml create mode 100644 helm/e2mgr/requirements.yaml create mode 100644 helm/e2mgr/templates/configmap.yaml create mode 100644 helm/e2mgr/templates/deployment.yaml create mode 100644 helm/e2mgr/templates/env.yaml create mode 100644 helm/e2mgr/templates/ingress-e2mgr.yaml create mode 100644 helm/e2mgr/templates/service-http.yaml create mode 100644 helm/e2mgr/templates/service-rmr.yaml create mode 100644 helm/e2mgr/values.yaml create mode 100644 helm/e2term/.helmignore create mode 100644 helm/e2term/Chart.yaml create mode 100644 helm/e2term/requirements.yaml create mode 100644 helm/e2term/resources/cleaner.sh create mode 100644 helm/e2term/resources/configfile.properties create mode 100644 helm/e2term/resources/pizpub.crontab create mode 100644 helm/e2term/templates/configmap-pizpub.yaml create mode 100644 helm/e2term/templates/configmap.yaml create mode 100644 helm/e2term/templates/deployment.yaml create mode 100644 helm/e2term/templates/e2term-pv.yaml create mode 100644 helm/e2term/templates/e2term-pvc.yaml create mode 100644 helm/e2term/templates/env.yaml create mode 100644 helm/e2term/templates/service-rmr.yaml create mode 100644 helm/e2term/values.yaml create mode 100644 helm/infrastructure/Chart.yaml create mode 100644 helm/infrastructure/requirements.yaml create mode 100644 helm/infrastructure/subcharts/certificate-manager/Chart.yaml create mode 100644 helm/infrastructure/subcharts/certificate-manager/requirements.yaml create mode 100644 helm/infrastructure/subcharts/certificate-manager/templates/secret.yaml create mode 100644 helm/infrastructure/subcharts/certificate-manager/values.yaml create mode 100644 helm/infrastructure/subcharts/chartmuseum/Chart.yaml create mode 100644 helm/infrastructure/subcharts/chartmuseum/requirements.yaml create mode 100644 helm/infrastructure/subcharts/chartmuseum/templates/_gen-cert.tpl create mode 100644 helm/infrastructure/subcharts/chartmuseum/templates/deployment.yaml create mode 100644 helm/infrastructure/subcharts/chartmuseum/templates/env.yaml create mode 100644 helm/infrastructure/subcharts/chartmuseum/templates/ingress.yaml create mode 100644 helm/infrastructure/subcharts/chartmuseum/templates/job-save-certs.yaml create mode 100644 helm/infrastructure/subcharts/chartmuseum/templates/persistentVolume.yaml create mode 100644 helm/infrastructure/subcharts/chartmuseum/templates/persistentVolumeClaim.yaml create mode 100644 helm/infrastructure/subcharts/chartmuseum/templates/secret.yaml create mode 100644 helm/infrastructure/subcharts/chartmuseum/templates/service.yaml create mode 100644 helm/infrastructure/subcharts/chartmuseum/values.yaml create mode 100644 helm/infrastructure/subcharts/docker-credential/Chart.yaml create mode 100644 helm/infrastructure/subcharts/docker-credential/requirements.yaml create mode 100644 helm/infrastructure/subcharts/docker-credential/templates/secrets-docker-reg.yaml create mode 100644 helm/infrastructure/subcharts/docker-credential/values.yaml create mode 100644 helm/infrastructure/subcharts/extsvcplt/Chart.yaml create mode 100644 helm/infrastructure/subcharts/extsvcplt/requirements.yaml create mode 100644 helm/infrastructure/subcharts/extsvcplt/templates/services-aux.yaml create mode 100644 helm/infrastructure/subcharts/extsvcplt/values.yaml create mode 100755 helm/infrastructure/subcharts/kong/.helmignore create mode 100755 helm/infrastructure/subcharts/kong/Chart.yaml create mode 100755 helm/infrastructure/subcharts/kong/README.md create mode 100755 helm/infrastructure/subcharts/kong/charts/cassandra/.helmignore create mode 100755 helm/infrastructure/subcharts/kong/charts/cassandra/Chart.yaml create mode 100755 helm/infrastructure/subcharts/kong/charts/cassandra/README.md create mode 100755 helm/infrastructure/subcharts/kong/charts/cassandra/sample/create-storage-gce.yaml create mode 100755 helm/infrastructure/subcharts/kong/charts/cassandra/templates/NOTES.txt create mode 100755 helm/infrastructure/subcharts/kong/charts/cassandra/templates/_helpers.tpl create mode 100755 helm/infrastructure/subcharts/kong/charts/cassandra/templates/backup/cronjob.yaml create mode 100755 helm/infrastructure/subcharts/kong/charts/cassandra/templates/backup/rbac.yaml create mode 100755 helm/infrastructure/subcharts/kong/charts/cassandra/templates/configmap.yaml create mode 100755 helm/infrastructure/subcharts/kong/charts/cassandra/templates/pdb.yaml create mode 100755 helm/infrastructure/subcharts/kong/charts/cassandra/templates/service.yaml create mode 100755 helm/infrastructure/subcharts/kong/charts/cassandra/templates/statefulset.yaml create mode 100755 helm/infrastructure/subcharts/kong/charts/cassandra/values.yaml create mode 100755 helm/infrastructure/subcharts/kong/charts/postgresql/.helmignore create mode 100755 helm/infrastructure/subcharts/kong/charts/postgresql/Chart.yaml create mode 100755 helm/infrastructure/subcharts/kong/charts/postgresql/README.md create mode 100755 helm/infrastructure/subcharts/kong/charts/postgresql/files/README.md create mode 100755 helm/infrastructure/subcharts/kong/charts/postgresql/files/conf.d/README.md create mode 100755 helm/infrastructure/subcharts/kong/charts/postgresql/files/docker-entrypoint-initdb.d/README.md create mode 100755 helm/infrastructure/subcharts/kong/charts/postgresql/templates/NOTES.txt create mode 100755 helm/infrastructure/subcharts/kong/charts/postgresql/templates/_helpers.tpl create mode 100755 helm/infrastructure/subcharts/kong/charts/postgresql/templates/configmap.yaml create mode 100755 helm/infrastructure/subcharts/kong/charts/postgresql/templates/extended-config-configmap.yaml create mode 100755 helm/infrastructure/subcharts/kong/charts/postgresql/templates/initialization-configmap.yaml create mode 100755 helm/infrastructure/subcharts/kong/charts/postgresql/templates/metrics-svc.yaml create mode 100755 helm/infrastructure/subcharts/kong/charts/postgresql/templates/networkpolicy.yaml create mode 100755 helm/infrastructure/subcharts/kong/charts/postgresql/templates/secrets.yaml create mode 100755 helm/infrastructure/subcharts/kong/charts/postgresql/templates/statefulset-slaves.yaml create mode 100755 helm/infrastructure/subcharts/kong/charts/postgresql/templates/statefulset.yaml create mode 100755 helm/infrastructure/subcharts/kong/charts/postgresql/templates/svc-headless.yaml create mode 100755 helm/infrastructure/subcharts/kong/charts/postgresql/templates/svc-read.yaml create mode 100755 helm/infrastructure/subcharts/kong/charts/postgresql/templates/svc.yaml create mode 100755 helm/infrastructure/subcharts/kong/charts/postgresql/values-production.yaml create mode 100755 helm/infrastructure/subcharts/kong/charts/postgresql/values.yaml create mode 100755 helm/infrastructure/subcharts/kong/ci/cassandra.yaml create mode 100755 helm/infrastructure/subcharts/kong/ci/dbless-no-kic-internal-declarative-config-values.yaml create mode 100755 helm/infrastructure/subcharts/kong/ci/dbless-no-kic-values.yaml create mode 100755 helm/infrastructure/subcharts/kong/ci/dbless-values.yaml create mode 100755 helm/infrastructure/subcharts/kong/ci/default-values.yaml create mode 100755 helm/infrastructure/subcharts/kong/ci/ingressController-values.yaml create mode 100755 helm/infrastructure/subcharts/kong/ci/loadbalancer-values.yaml create mode 100755 helm/infrastructure/subcharts/kong/requirements.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/NOTES.txt create mode 100755 helm/infrastructure/subcharts/kong/templates/_helpers.tpl create mode 100755 helm/infrastructure/subcharts/kong/templates/config-custom-server-blocks.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/config-dbless.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/controller-cluster-role.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/controller-deployment.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/controller-pdb.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/controller-rbac-cluster-role-binding.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/controller-rbac-role-binding.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/controller-rbac-role.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/controller-service-account.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/crd-kongconsumer.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/crd-kongcredential.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/crd-kongingress.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/crd-kongplugins.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/deployment.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/ingress-admin.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/ingress-manager.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/ingress-portal-api.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/ingress-portal.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/ingress-proxy.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/migrations-post-upgrade.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/migrations-pre-upgrade.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/migrations.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/pdb.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/service-kong-admin.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/service-kong-manager.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/service-kong-portal-api.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/service-kong-portal.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/service-kong-proxy.yaml create mode 100755 helm/infrastructure/subcharts/kong/templates/servicemonitor.yaml create mode 100755 helm/infrastructure/subcharts/kong/values.yaml create mode 100644 helm/infrastructure/templates/deployment-tiller.yaml create mode 100644 helm/infrastructure/templates/job-tiller-secrets.yaml create mode 100644 helm/infrastructure/values.yaml create mode 100644 helm/jaegeradapter/.helmignore create mode 100644 helm/jaegeradapter/Chart.yaml create mode 100644 helm/jaegeradapter/requirements.yaml create mode 100644 helm/jaegeradapter/templates/agent-service.yaml create mode 100644 helm/jaegeradapter/templates/collector-service.yaml create mode 100644 helm/jaegeradapter/templates/deployment.yaml create mode 100644 helm/jaegeradapter/templates/env.yaml create mode 100644 helm/jaegeradapter/templates/query-service.yaml create mode 100644 helm/jaegeradapter/values.yaml create mode 100644 helm/rsm/Chart.yaml create mode 100644 helm/rsm/requirements.yaml create mode 100644 helm/rsm/templates/configmap.yaml create mode 100644 helm/rsm/templates/deployment.yaml create mode 100644 helm/rsm/templates/env.yaml create mode 100644 helm/rsm/templates/ingress-rsm.yaml create mode 100644 helm/rsm/templates/service-http.yaml create mode 100644 helm/rsm/templates/service-rmr.yaml create mode 100644 helm/rsm/values.yaml create mode 100644 helm/rtmgr/.helmignore create mode 100644 helm/rtmgr/Chart.yaml create mode 100644 helm/rtmgr/requirements.yaml create mode 100644 helm/rtmgr/templates/config.yaml create mode 100644 helm/rtmgr/templates/deployment.yaml create mode 100644 helm/rtmgr/templates/env.yaml create mode 100644 helm/rtmgr/templates/service-http.yaml create mode 100644 helm/rtmgr/templates/service-rmr.yaml create mode 100644 helm/rtmgr/values.yaml create mode 100644 helm/submgr/Chart.yaml create mode 100644 helm/submgr/requirements.yaml create mode 100644 helm/submgr/templates/configmap.yaml create mode 100644 helm/submgr/templates/deployment.yaml create mode 100644 helm/submgr/templates/env.yaml create mode 100644 helm/submgr/templates/service-http.yaml create mode 100644 helm/submgr/templates/service-rmr.yaml create mode 100644 helm/submgr/values.yaml create mode 100644 helm/vespamgr/.helmignore create mode 100644 helm/vespamgr/Chart.yaml create mode 100644 helm/vespamgr/requirements.yaml create mode 100644 helm/vespamgr/templates/deployment.yaml create mode 100644 helm/vespamgr/templates/secret.yaml create mode 100644 helm/vespamgr/templates/service.yaml create mode 100644 helm/vespamgr/templates/vespa-config.yaml create mode 100644 helm/vespamgr/values.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7de0f2d --- /dev/null +++ b/.gitignore @@ -0,0 +1,8 @@ +# ignore all logs +*.log +*.tar +*.tgz +*.swp +*.lock +.tox +docs/_build/ diff --git a/amber_example_recipe.yaml b/amber_example_recipe.yaml new file mode 100644 index 0000000..92491b5 --- /dev/null +++ b/amber_example_recipe.yaml @@ -0,0 +1,151 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +############################################################################### + +#------------------------------------------------------------------------- +# Global common setting +#------------------------------------------------------------------------- + +common: + releasePrefix: r3 + +# If a local docker registry is used, please specify it using the following option +# localregistry: nexus3.o-ran-sc.org:10004 + +# Change the overall image pull policy using the following option +# pullpolicy: IfNotPresent + +# Change the namespaces using the following options +# namespace: +# aux: ricaux +# platform: ricplt +# xapp: ricxapp +# infra: ricinfra + +# ricip should be the ingress controller listening IP for the platform cluster +# auxip should be the ingress controller listening IP for the AUX cluster +extsvcplt: + ricip: "10.0.0.1" + auxip: "10.0.0.1" + + +#Specify the docker registry credential using the following +docker-credential: + enabled: true + credential: + oran: + registry: "nexus3.o-ran-sc.org:10002" + credential: + user: "docker" + password: "docker" + email: "@" + + +a1mediator: + image: + name: ric-plt-a1 + tag: 1.0.4 + rmr_timeout_config: + rcv_retry_interval_ms: 500 + rcv_retry_times: 20 + +appmgr: + image: + init: + registry: "nexus3.o-ran-sc.org:10002/o-ran-sc" + name: it-dep-init + tag: 0.0.1 + appmgr: + registry: "nexus3.o-ran-sc.org:10002/o-ran-sc" + name: ric-plt-appmgr + tag: 0.1.10 + chartmuseum: + registry: "docker.io" + name: chartmuseum/chartmuseum + tag: v0.8.2 + +dbaas: + backend: + image: + registry: "nexus3.o-ran-sc.org:10002/o-ran-sc" + name: ric-plt-dbaas + tag: 0.2.2 + +e2mgr: + image: + registry: "nexus3.o-ran-sc.org:10002/o-ran-sc" + name: ric-plt-e2mgr + tag: 2.0.10 + privilegedmode: false + env: + RIC_ID: "bbbccc-abcd0e/20" + + +e2term: + image: + registry: "nexus3.o-ran-sc.org:10002/o-ran-sc" + name: ric-plt-e2 + tag: 3.0.1 + + privilegedmode: false + hostnetworkmode: false + env: + print: "1" + messagecollectorfile: "/data/outgoing/" + dataVolSize: 100Mi + storageClassName: local-storage + pizpub: + enabled: false + + +jaegeradapter: + image: + registry: "docker.io" + name: jaegertracing/all-in-one + tag: 1.12 + + +rsm: + image: + registry: "nexus3.o-ran-sc.org:10002/o-ran-sc" + name: ric-plt-resource-status-manager + tag: 3.0.1 + privilegedmode: false + enableResourceStatus: true + +rtmgr: + image: + registry: "nexus3.o-ran-sc.org:10002/o-ran-sc" + name: ric-plt-rtmgr + tag: 0.3.9 + rpe: rmrpush + sbi: nngpush + sbiurl: 0.0.0.0 + nbi: httpRESTful + nbiurl: http://0.0.0.0:8888 + loglevel: DEBUG + +submgr: + image: + registry: "nexus3.o-ran-sc.org:10002/o-ran-sc" + name: ric-plt-submgr + tag: 0.10.7 + +vespamgr: + image: + registry: "nexus3.o-ran-sc.org:10002/o-ran-sc" + name: ric-plt-vespamgr + tag: 0.0.8 + prometheusurl: "http://rec-prometheus-server.default" diff --git a/bin/install b/bin/install new file mode 100755 index 0000000..5c7837d --- /dev/null +++ b/bin/install @@ -0,0 +1,94 @@ +#!/bin/bash +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +while [ -n "$1" ]; do # while loop starts + + case "$1" in + + -f) OVERRIDEYAML=$2 + shift + ;; + -c) LIST_OF_COMPONENTS=$2 + shift + ;; + *) echo "Option $1 not recognized" ;; # In case you typed a different option other than a,b,c + + esac + + shift + +done + +if [ -z "$OVERRIDEYAML" ];then + echo "****************************************************************************************************************" + echo " ERROR " + echo "****************************************************************************************************************" + echo "RIC deployment without deployment recipe is currently disabled. Please specify an recipe with the -f option." + echo "****************************************************************************************************************" + exit 1 +fi + +HAS_COMMON_PACKAGE=$(helm search local/ric-common | grep ric-common) + +if [ -z "$HAS_COMMON_PACKAGE" ];then + echo "****************************************************************************************************************" + echo " ERROR " + echo "****************************************************************************************************************" + echo "Can't locate the ric-common helm package in the local repo. Please make sure that it is properly installed." + echo "****************************************************************************************************************" + exit 1 +fi + + + + + + + + + + + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" +COMMON_BLOCK=$(cat $OVERRIDEYAML | awk '/^common:/{getline; while ($0 ~ /^ +.*|^ *$/) {print $0; if (getline == 0) {break}}}') +NAMESPACE_BLOCK=$(cat $OVERRIDEYAML | awk '/^ namespace:/{getline; while ($0 ~ /^ .*|^ *$/) {print $0; if (getline == 0) {break}}}') +PLTNAMESPACE=$(echo "$NAMESPACE_BLOCK" | awk '/^ *platform:/{print $2}') +INFRANAMESPACE=$(echo "$NAMESPACE_BLOCK" | awk '/^ *infra:/{print $2}') +XAPPNAMESPACE=$(echo "$NAMESPACE_BLOCK" | awk '/^ *xapp:/{print $2}') +RELEASE_PREFIX=$(echo "$COMMON_BLOCK" | awk '/^ *releasePrefix:/{print $2}') +COMPONENTS=${LIST_OF_COMPONENTS:-"infrastructure appmgr rtmgr dbaas1 e2mgr e2term a1mediator submgr vespamgr rsm jaegeradapter"} +echo "Deploying RIC infra components [$COMPONENTS]" + + +if ! kubectl get ns ${PLTNAMESPACE:-ricplt}> /dev/null 2>&1; then + kubectl create ns ${PLTNAMESPACE:-ricplt} +fi +if ! kubectl get ns ${INFRANAMESPACE:-ricinfra}> /dev/null 2>&1; then + kubectl create ns ${INFRANAMESPACE:-ricinfra} +fi +if ! kubectl get ns ${XAPPNAMESPACE:-ricxapp}> /dev/null 2>&1; then + kubectl create ns ${XAPPNAMESPACE:-ricxapp} +fi + +kubectl create configmap -n ${PLTNAMESPACE:-ricplt} ricplt-recipe --from-file=recipe=$OVERRIDEYAML + + +for component in $COMPONENTS; do + helm dep up $DIR/../helm/$component + helm install -f $OVERRIDEYAML --namespace "${PLTNAMESPACE:-ricplt}" --name "${RELEASE_PREFIX}-$component" $DIR/../helm/$component + sleep 3 +done diff --git a/bin/uninstall b/bin/uninstall new file mode 100755 index 0000000..dd7e869 --- /dev/null +++ b/bin/uninstall @@ -0,0 +1,47 @@ +#!/bin/bash +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +COMPONENTS="appmgr rtmgr dbaas1 e2mgr e2term a1mediator submgr vespamgr rsm jaegeradapter infrastructure" +RECIPE_NAMESPACE=$(kubectl get cm --all-namespaces | grep ricplt-recipe | awk '{print $1}') +kubectl get configmap -n $RECIPE_NAMESPACE ricplt-recipe -o jsonpath='{.data.recipe}' > /tmp/recipe.yaml + +if [ ! -s /tmp/recipe.yaml ]; then + echo "RICPLT recipe is not found. Are you sure the ric platform is deployed successfully?" + exit 0 +fi + +COMMON_BLOCK=$(cat /tmp/recipe.yaml | awk '/^common:/{getline; while ($0 ~ /^ +.*|^ *$/) {print $0; if (getline == 0) {break}}}') +NAMESPACE_BLOCK=$(cat /tmp/recipe.yaml | awk '/^ namespace:/{getline; while ($0 ~ /^ .*|^ *$/) {print $0; if (getline == 0) {break}}}') +PLTNAMESPACE=$(echo "$NAMESPACE_BLOCK" | awk '/^ *platform:/{print $2}') +INFRANAMESPACE=$(echo "$NAMESPACE_BLOCK" | awk '/^ *infra:/{print $2}') +XAPPNAMESPACE=$(echo "$NAMESPACE_BLOCK" | awk '/^ *xapp:/{print $2}') +RELEASE_PREFIX=$(echo "$COMMON_BLOCK" | awk '/^ *releasePrefix:/{print $2}') + + +echo "Undeploying RIC platform components [$COMPONENTS]" + + +for component in $COMPONENTS; do + helm delete --purge ${RELEASE_PREFIX}-$component +done + +kubectl delete cm -n ${PLTNAMESPACE:-ricplt} ricplt-recipe + +kubectl delete ns ${XAPPNAMESPACE:-ricxapp} +kubectl delete ns ${INFRANAMESPACE:-ricinfra} +kubectl delete ns ${PLTNAMESPACE:-ricplt} diff --git a/example_recipe.yaml b/example_recipe.yaml new file mode 100644 index 0000000..9738470 --- /dev/null +++ b/example_recipe.yaml @@ -0,0 +1,140 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +############################################################################### + +#------------------------------------------------------------------------- +# Global common setting +#------------------------------------------------------------------------- + +common: + releasePrefix: r3 + +# If a local docker registry is used, please specify it using the following option +# localregistry: nexus3.o-ran-sc.org:10004 + +# Change the overall image pull policy using the following option +# pullpolicy: IfNotPresent + +# Change the namespaces using the following options +# namespace: +# aux: ricaux +# platform: ricplt +# xapp: ricxapp +# infra: ricinfra + +# ricip should be the ingress controller listening IP for the platform cluster +# auxip should be the ingress controller listening IP for the AUX cluster +extsvcplt: + ricip: "10.0.0.1" + auxip: "10.0.0.1" + + +#Specify the docker registry credential using the following +docker-credential: + enabled: true + credential: + oran: + registry: "nexus3.o-ran-sc.org:10004" + credential: + user: "docker" + password: "docker" + email: "@" + + +a1mediator: + image: + name: ric-plt-a1 + tag: 1.0.4 + rmr_timeout_config: + rcv_retry_interval_ms: 500 + rcv_retry_times: 20 + +appmgr: + image: + init: + name: it-dep-init + tag: 0.0.1 + appmgr: + name: ric-plt-appmgr + tag: 0.2.0 + chartmuseum: + name: chartmuseum/chartmuseum + tag: v0.8.2 + +dbaas: + backend: + image: + name: ric-plt-dbaas + tag: 0.1.0 + +e2mgr: + image: + name: ric-plt-e2mgr + tag: 3.0.1 + privilegedmode: false + env: + RIC_ID: "bbbccc-abcd0e/20" + + +e2term: + image: + name: ric-plt-e2 + tag: 3.0.1 + + privilegedmode: false + hostnetworkmode: false + env: + print: "1" + messagecollectorfile: "/data/outgoing/" + dataVolSize: 100Mi + storageClassName: local-storage + pizpub: + enabled: false + + +jaegeradapter: + image: + name: jaegertracing/all-in-one + tag: 1.12 + + +rsm: + image: + name: ric-plt-resource-status-manager + tag: 3.0.1 + privilegedmode: false + enableResourceStatus: true + +rtmgr: + image: + name: ric-plt-rtmgr + tag: 0.3.8 + rpe: rmrpush + sbi: nngpush + sbiurl: 0.0.0.0 + nbi: httpRESTful + nbiurl: http://0.0.0.0:8888 + loglevel: DEBUG + +submgr: + image: + name: ric-plt-submgr + tag: 0.10.7 + +vespamgr: + image: + name: ric-plt-vespamgr + tag: 0.0.8 + prometheusurl: "http://rec-prometheus-server.default" diff --git a/helm/a1mediator/.gitignore b/helm/a1mediator/.gitignore new file mode 100644 index 0000000..d8651e0 --- /dev/null +++ b/helm/a1mediator/.gitignore @@ -0,0 +1 @@ +NOTES.txt diff --git a/helm/a1mediator/.helmignore b/helm/a1mediator/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/helm/a1mediator/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/a1mediator/Chart.yaml b/helm/a1mediator/Chart.yaml new file mode 100644 index 0000000..f7d6938 --- /dev/null +++ b/helm/a1mediator/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A1 Helm chart for Kubernetes +name: a1mediator +version: 3.0.0 diff --git a/helm/a1mediator/requirements.yaml b/helm/a1mediator/requirements.yaml new file mode 100644 index 0000000..db3a74b --- /dev/null +++ b/helm/a1mediator/requirements.yaml @@ -0,0 +1,21 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +dependencies: + - name: ric-common + version: ~3.0.0 + repository: "@local" diff --git a/helm/a1mediator/resources/ricmanifest.json b/helm/a1mediator/resources/ricmanifest.json new file mode 100644 index 0000000..98706fe --- /dev/null +++ b/helm/a1mediator/resources/ricmanifest.json @@ -0,0 +1,69 @@ +{ + "controls":[ + { + "name":"admission_control_policy", + "description":"various parameters to control admission of dual connection", + "control_state_request_rmr_type":"DC_ADM_GET_POLICY", + "control_state_request_reply_rmr_type":"DC_ADM_GET_POLICY_ACK", + "message_receives_rmr_type":"DC_ADM_INT_CONTROL", + "message_receives_payload_schema":{ + "$schema":"http://json-schema.org/draft-07/schema#", + "type":"object", + "properties":{ + "enforce":{ + "type":"boolean", + "default":true + }, + "window_length":{ + "type":"integer", + "default":1, + "minimum":1, + "maximum":60, + "description":"Sliding window length (in minutes)" + }, + "blocking_rate":{ + "type":"number", + "default":10, + "minimum":1, + "maximum":100, + "description":"% Connections to block" + }, + "trigger_threshold":{ + "type":"integer", + "default":10, + "minimum":1, + "description":"Minimum number of events in window to trigger blocking" + } + }, + "required":[ + "enforce", + "blocking_rate", + "trigger_threshold", + "window_length" + ], + "additionalProperties":false + }, + "message_sends_rmr_type":"DC_ADM_INT_CONTROL_ACK", + "message_sends_payload_schema":{ + "$schema":"http://json-schema.org/draft-07/schema#", + "type":"object", + "properties":{ + "status":{ + "type":"string", + "enum":[ + "SUCCESS", + "FAIL" + ] + }, + "message":{ + "type":"string" + } + }, + "required":[ + "status" + ], + "additionalProperties":false + } + } + ] +} diff --git a/helm/a1mediator/resources/rmr_string_int_mapping.txt b/helm/a1mediator/resources/rmr_string_int_mapping.txt new file mode 100644 index 0000000..7d4839d --- /dev/null +++ b/helm/a1mediator/resources/rmr_string_int_mapping.txt @@ -0,0 +1,5 @@ +DC_ADM_INT_CONTROL:20000 +DC_ADM_INT_CONTROL_ACK:20001 +DC_ADM_GET_POLICY: 20002 +DC_ADM_GET_POLICY_ACK: 20003 + diff --git a/helm/a1mediator/templates/config.yaml b/helm/a1mediator/templates/config.yaml new file mode 100644 index 0000000..8830427 --- /dev/null +++ b/helm/a1mediator/templates/config.yaml @@ -0,0 +1,45 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.configmapname.a1mediator" . }}-a1conf +data: + local.rt: | + newrt|start + rte|10060|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }} + rte|10061|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|10062|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|10080|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|10360|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }} + rte|10361|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|10362|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|12010|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }} + rte|12011|service-ricxapp-admctrl-rmr.{{ include "common.namespace.xapp" . }}:4563 + rte|12012|service-ricxapp-admctrl-rmr.{{ include "common.namespace.xapp" . }}:4563 + rte|12021|service-ricxapp-admctrl-rmr.{{ include "common.namespace.xapp" . }}:4563;service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560 + rte|12022|service-ricxapp-admctrl-rmr.{{ include "common.namespace.xapp" . }}:4563;service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560 + rte|12050|service-ricxapp-admctrl-rmr.{{ include "common.namespace.xapp" . }}:4563;service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560 + rte|20000|service-ricxapp-admctrl-rmr.{{ include "common.namespace.xapp" . }}:4563 + rte|20002|service-ricxapp-admctrl-rmr.{{ include "common.namespace.xapp" . }}:4563 + rte|20001|{{ include "common.servicename.a1mediator.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.a1mediator.rmr.data" . }} + rte|20003|{{ include "common.servicename.a1mediator.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.a1mediator.rmr.data" . }} + newrt|end + rmr_string_int_mapping.txt: {{ tpl (.Files.Get "resources/rmr_string_int_mapping.txt") . | quote }} + ricmanifest.json: {{ tpl (.Files.Get "resources/ricmanifest.json") . | quote }} diff --git a/helm/a1mediator/templates/deployment.yaml b/helm/a1mediator/templates/deployment.yaml new file mode 100644 index 0000000..7251935 --- /dev/null +++ b/helm/a1mediator/templates/deployment.yaml @@ -0,0 +1,88 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +{{- $imagectx := dict "ctx" . "defaultregistry" .Values.a1mediator.image.registry }} +{{- $pullpolicyctx := dict "ctx" . "defaultpullpolicy" .Values.a1mediator.imagePullPolicy }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.deploymentname.a1mediator" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.a1mediator" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.a1mediator.replicaCount }} + selector: + matchLabels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.a1mediator" . }} + release: {{ .Release.Name }} + template: + metadata: + {{- if .Values.a1mediator.annotations }} + annotations: + {{- .Values.a1mediator.annotations | nindent 8 -}} + {{ end }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.a1mediator" . }} + release: {{ .Release.Name }} + spec: + hostname: {{ include "common.name.a1mediator" . }} + imagePullSecrets: + - name: {{ include "common.dockerregistry.credential" $imagectx }} + containers: + - name: {{ include "common.containername.a1mediator" . }} + volumeMounts: + - name: a1conf + mountPath: /opt/ricmanifest.json + subPath: ricmanifest.json + - name: a1conf + mountPath: /opt/rmr_string_int_mapping.txt + subPath: rmr_string_int_mapping.txt + - name: a1conf + mountPath: /opt/route/local.rt + subPath: local.rt + envFrom: + - configMapRef: + name: {{ include "common.configmapname.a1mediator" . }}-env + image: {{ include "common.dockerregistry.url" $imagectx }}/{{ .Values.a1mediator.image.name }}:{{ .Values.a1mediator.image.tag }} + imagePullPolicy: {{ include "common.dockerregistry.pullpolicy" $pullpolicyctx }} + ports: + - name: http + containerPort: {{ include "common.serviceport.a1mediator.http" . }} + protocol: TCP + - name: rmrroute + containerPort: {{ include "common.serviceport.a1mediator.rmr.route" . }} + protocol: TCP + - name: rmrdata + containerPort: {{ include "common.serviceport.a1mediator.rmr.data" . }} + protocol: TCP + livenessProbe: + httpGet: + path: /a1-p/healthcheck + port: http + readinessProbe: + httpGet: + path: /a1-p/healthcheck + port: http + volumes: + - name: "a1conf" + configMap: + name: {{ include "common.configmapname.a1mediator" . }}-a1conf diff --git a/helm/a1mediator/templates/env.yaml b/helm/a1mediator/templates/env.yaml new file mode 100644 index 0000000..3141b1e --- /dev/null +++ b/helm/a1mediator/templates/env.yaml @@ -0,0 +1,30 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.configmapname.a1mediator" . }}-env +data: + DBAAS_SERVICE_HOST: {{ include "common.servicename.dbaas.tcp" . | quote }} + DBAAS_SERVICE_PORT: {{ include "common.serviceport.dbaas.tcp" . | quote }} + DBAAS_PORT_6379_TCP_ADDR: {{ include "common.servicename.dbaas.tcp" . | quote }} + DBAAS_PORT_6379_TCP_PORT: {{ include "common.serviceport.dbaas.tcp" . | quote }} + RMR_RTG_SVC: {{ include "common.serviceport.a1mediator.rmr.route" . | quote }} + PYTHONUNBUFFERED: "0" + RMR_RCV_RETRY_INTERVAL: "{{ .Values.a1mediator.rmr_timeout_config.rcv_retry_interval_ms }}" + RMR_RETRY_TIMES: "{{ .Values.a1mediator.rmr_timeout_config.rcv_retry_times }}" + diff --git a/helm/a1mediator/templates/ingress-a1mediator.yaml b/helm/a1mediator/templates/ingress-a1mediator.yaml new file mode 100644 index 0000000..8a04744 --- /dev/null +++ b/helm/a1mediator/templates/ingress-a1mediator.yaml @@ -0,0 +1,12 @@ +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "common.ingressname.a1mediator" . }} +spec: + rules: + - http: + paths: + - path: {{ include "common.kongpath.ric.a1mediator" . }} + backend: + serviceName: {{ include "common.servicename.a1mediator.http" . }} + servicePort: {{ include "common.serviceport.a1mediator.http" . }} diff --git a/helm/a1mediator/templates/service-http.yaml b/helm/a1mediator/templates/service-http.yaml new file mode 100644 index 0000000..1aeab75 --- /dev/null +++ b/helm/a1mediator/templates/service-http.yaml @@ -0,0 +1,38 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename.a1mediator.http" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.a1mediator" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + ports: + - port: {{ include "common.serviceport.a1mediator.http" . }} + protocol: "TCP" + name: "http" + targetPort: "http" + selector: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.a1mediator" . }} + release: {{ .Release.Name }} + diff --git a/helm/a1mediator/templates/service-rmr.yaml b/helm/a1mediator/templates/service-rmr.yaml new file mode 100644 index 0000000..c8f19f0 --- /dev/null +++ b/helm/a1mediator/templates/service-rmr.yaml @@ -0,0 +1,41 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename.a1mediator.rmr" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.a1mediator" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + ports: + - port: {{ include "common.serviceport.a1mediator.rmr.route" . }} + protocol: "TCP" + name: "rmrroute" + targetPort: "rmrroute" + - port: {{ include "common.serviceport.a1mediator.rmr.data" . }} + protocol: "TCP" + name: "rmrdata" + targetPort: "rmrdata" + selector: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.a1mediator" . }} + release: {{ .Release.Name }} diff --git a/helm/a1mediator/values.yaml b/helm/a1mediator/values.yaml new file mode 100644 index 0000000..f633cc9 --- /dev/null +++ b/helm/a1mediator/values.yaml @@ -0,0 +1,39 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +################################################################# +# Application configuration defaults. +################################################################# +# application image + +a1mediator: + replicaCount: 1 + imagePullPolicy: IfNotPresent + image: + name: ric-plt-a1 + tag: 1.0.4 + registry: "nexus3.o-ran-sc.org:10002/o-ran-sc" + + # Service ports are now defined in + # ric-common/Common-Template/helm/ric-common/templates/_ports.tpl file. + # If need to change a service port, make the code change necessary, then + # update the _ports.tpl file with the new port number. + +# these are ENV variables that A1 takes; see docs + rmr_timeout_config: + rcv_retry_interval_ms: 500 + rcv_retry_times: 20 diff --git a/helm/appmgr/.helmignore b/helm/appmgr/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/helm/appmgr/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/appmgr/Chart.yaml b/helm/appmgr/Chart.yaml new file mode 100644 index 0000000..d4e175b --- /dev/null +++ b/helm/appmgr/Chart.yaml @@ -0,0 +1,22 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +appVersion: "1.0" +description: Helm Chart for xAppManager +name: appmgr +version: 3.0.0 diff --git a/helm/appmgr/requirements.yaml b/helm/appmgr/requirements.yaml new file mode 100644 index 0000000..db3a74b --- /dev/null +++ b/helm/appmgr/requirements.yaml @@ -0,0 +1,21 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +dependencies: + - name: ric-common + version: ~3.0.0 + repository: "@local" diff --git a/helm/appmgr/resources/appmgr.yaml b/helm/appmgr/resources/appmgr.yaml new file mode 100644 index 0000000..6240038 --- /dev/null +++ b/helm/appmgr/resources/appmgr.yaml @@ -0,0 +1,25 @@ +"local": + # Port on which the xapp-manager REST services are provided + "host": __REST_PORT__ +"helm": + # Remote helm repo URL. UPDATE this as required. + "repo": __HELM_REPO__ + + # Repo name referred within the xapp-manager + "repo-name": __REPO_NAME__ + + # Tiller service details in the cluster. UPDATE this as required. + "tiller-service": __TILLER_SERVICE__ + "tiller-namespace": __TILLER_NAMESPACE__ + "tiller-port": __TILLER_PORT__ + # helm username and password files + "helm-username-file": "/opt/ric/secret/helm_repo_username" + "helm-password-file": "/opt/ric/secret/helm_repo_password" + "retry": 1 +"xapp": + #Namespace to install xAPPs + "namespace": __XAPP_NAMESPACE__ + "tarDir": "/tmp" + "schema": "descriptors/schema.json" + "config": "config/config-file.json" + "tmpConfig": "/tmp/config-file.json" diff --git a/helm/appmgr/templates/appconfig.yaml b/helm/appmgr/templates/appconfig.yaml new file mode 100644 index 0000000..cc38085 --- /dev/null +++ b/helm/appmgr/templates/appconfig.yaml @@ -0,0 +1,33 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +{{- $tillerKey := .Values.appmgr.tillerkey | default "ricxapp" }} +{{- $topCtx := . }} +{{- $ctx := dict "ctx" $topCtx "key" $tillerKey }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.configmapname.appmgr" . }}-appconfig +data: + {{- $restport := (printf ":%s" (include "common.serviceport.appmgr.http" .) ) | quote -}} + {{- $defaulthelmrepo := (printf "http://127.0.0.1:%s" (include "common.serviceport.appmgr.chartmuseum.http" .) ) | quote -}} + {{- $helmrepo := default $defaulthelmrepo .Values.appmgr.repoUrl | quote -}} + {{- $reponame := default "helm-repo" .Values.appmgr.reponame | quote -}} + {{- $tillerdeploynamespace := include "common.tillerDeployNameSpace" $ctx -}} + {{- $tillerservice := include "common.servicename.tiller" $ctx -}} + {{- $tillerport := include "common.tillerPort" $ctx | quote -}} + {{- $xappnamespace := include "common.namespace.xapp" . | quote -}} + {{- (.Files.Glob "resources/appmgr.yaml").AsConfig | replace "__XAPP_NAMESPACE__" $xappnamespace | replace "__HELM_REPO__" $helmrepo | replace "__REST_PORT__" $restport | replace "__REPO_NAME__" $reponame | replace "__TILLER_SERVICE__" $tillerservice | replace "__TILLER_NAMESPACE__" $tillerdeploynamespace | replace "__TILLER_PORT__" $tillerport | nindent 2 }} diff --git a/helm/appmgr/templates/bin/_appmgr-tiller-secret-copier.sh.tpl b/helm/appmgr/templates/bin/_appmgr-tiller-secret-copier.sh.tpl new file mode 100644 index 0000000..4b17cfb --- /dev/null +++ b/helm/appmgr/templates/bin/_appmgr-tiller-secret-copier.sh.tpl @@ -0,0 +1,41 @@ +{{/* + Copyright (c) 2019 AT&T Intellectual Property. + Copyright (c) 2019 Nokia. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/}} +#!/bin/sh +if [ -x /svcacct-to-kubeconfig.sh ] ; then + /svcacct-to-kubeconfig.sh +fi + +if [ ! -z "${HELM_TLS_CA_CERT}" ]; then + kubectl -n ${SECRET_NAMESPACE} get secret -o yaml ${SECRET_NAME} | \ + grep 'ca.crt:' | \ + awk '{print $2}' | \ + base64 -d > ${HELM_TLS_CA_CERT} +fi + +if [ ! -z "${HELM_TLS_CERT}" ]; then + kubectl -n ${SECRET_NAMESPACE} get secret -o yaml ${SECRET_NAME} | \ + grep 'tls.crt:' | \ + awk '{print $2}' | \ + base64 -d > ${HELM_TLS_CERT} +fi + +if [ ! -z "${HELM_TLS_KEY}" ]; then + kubectl -n ${SECRET_NAMESPACE} get secret -o yaml ${SECRET_NAME} | \ + grep 'tls.key:' | \ + awk '{print $2}' | \ + base64 -d > ${HELM_TLS_KEY} +fi diff --git a/helm/appmgr/templates/bin/_svcacct-to-kubeconfig.sh.tpl b/helm/appmgr/templates/bin/_svcacct-to-kubeconfig.sh.tpl new file mode 100755 index 0000000..1340317 --- /dev/null +++ b/helm/appmgr/templates/bin/_svcacct-to-kubeconfig.sh.tpl @@ -0,0 +1,46 @@ +{{/* + Copyright (c) 2019 AT&T Intellectual Property. + Copyright (c) 2019 Nokia. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/}} +#!/bin/sh + +# generate a kubconfig (at ${KUBECONFIG} file from the automatically-mounted +# service account token. +# ENVIRONMENT: +# SVCACCT_NAME: the name of the service account user. default "default" +# CLUSTER_NAME: the name of the kubernetes cluster. default "kubernetes" +# KUBECONFIG: where the generated file will be deposited. +SVCACCT_TOKEN=`cat /var/run/secrets/kubernetes.io/serviceaccount/token` +CLUSTER_CA=`base64 /var/run/secrets/kubernetes.io/serviceaccount/ca.crt|tr -d '\n'` + +cat >${KUBECONFIG} <<__EOF__ +ApiVersion: v1 +kind: Config +users: +- name: ${SVCACCT_NAME:-default} + user: + token: ${SVCACCT_TOKEN} +clusters: +- cluster: + certificate-authority-data: ${CLUSTER_CA} + server: ${K8S_API_HOST:-https://kubernetes.default.svc.cluster.local/} + name: ${CLUSTER_NAME:-kubernetes} +contexts: +- context: + cluster: ${CLUSTER_NAME:-kubernetes} + user: ${SVCACCT_NAME:-default} + name: svcs-acct-context +current-context: svcs-acct-context +__EOF__ diff --git a/helm/appmgr/templates/configmap-bin.yaml b/helm/appmgr/templates/configmap-bin.yaml new file mode 100644 index 0000000..dfd0714 --- /dev/null +++ b/helm/appmgr/templates/configmap-bin.yaml @@ -0,0 +1,26 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.configmapname.appmgr" . }}-bin +data: + appmgr-tiller-secret-copier.sh: | + {{- include "appmgr/templates/bin/_appmgr-tiller-secret-copier.sh.tpl" . | indent 4 }} + svcacct-to-kubeconfig.sh: | + {{- include "appmgr/templates/bin/_svcacct-to-kubeconfig.sh.tpl" . | indent 4 }} diff --git a/helm/appmgr/templates/deployment.yaml b/helm/appmgr/templates/deployment.yaml new file mode 100644 index 0000000..c3383aa --- /dev/null +++ b/helm/appmgr/templates/deployment.yaml @@ -0,0 +1,161 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +{{- $tillerKey := .Values.appmgr.tillerkey | default "ricxapp" }} +{{- $topCtx := . }} +{{- $ctx := dict "ctx" $topCtx "key" $tillerKey }} +{{- $secretPath := .Values.appmgr.appsecretpath | default "/opt/ric/secret" }} +{{- $certName := include "common.tillerHelmClientTLSSecret" $ctx }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.deploymentname.appmgr" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.appmgr" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.appmgr.replicaCount }} + selector: + matchLabels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.appmgr" . }} + release: {{ .Release.Name }} + template: + metadata: + {{- if .Values.appmgr.annotations }} + annotations: + {{- .Values.appmgr.annotations | nindent 8 -}} + {{ end }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.appmgr" . }} + release: {{ .Release.Name }} + spec: + hostname: {{ include "common.name.appmgr" . }} + serviceAccountName: {{ include "common.serviceaccountname.appmgr" . }} + imagePullSecrets: + {{- $newctx := dict "ctx" $topCtx "defaultregistry" .Values.appmgr.image.init.registry }} + - name: {{ include "common.dockerregistry.credential" $newctx -}} +{{- if or (eq ( include "common.tillerTLSVerify" $ctx ) "true" ) (eq ( include "common.tillerTLSAuthenticate" $ctx ) "true") }} + initContainers: + - name: {{ include "common.containername.appmgr" . }}-copy-tiller-secret + {{- $newctx := dict "ctx" $topCtx "defaultregistry" .Values.appmgr.image.init.registry }} + image: {{ include "common.dockerregistry.url" $newctx }}/{{ .Values.appmgr.image.init.name }}:{{ .Values.appmgr.image.init.tag }} + {{- $newctx := dict "ctx" $topCtx "defaultpullpolicy" .Values.appmgr.imagePullPolicy }} + imagePullPolicy: {{ include "common.dockerregistry.pullpolicy" $newctx }} + env: + - name: SVCACCT_NAME + value: {{ include "common.serviceaccountname.appmgr" . }} + - name: CLUSTER_NAME + value: {{ default "kubernetes" .Values.appmgr.clusterName }} + - name: KUBECONFIG + value: /tmp/kubeconfig + - name: K8S_API_HOST + value: {{ default "https://kubernetes.default.svc.cluster.local/" .Values.common.k8sAPIHost }} + - name: SECRET_NAMESPACE + value: {{ include "common.tillerDeployNameSpace" $ctx }} + - name: SECRET_NAME + value: {{ include "common.tillerHelmClientTLSSecret" $ctx }} + envFrom: + - configMapRef: + name: {{ include "common.configmapname.appmgr" . }}-env + command: ["/appmgr-tiller-secret-copier.sh"] + volumeMounts: + - name: helm-secret-volume + mountPath: {{ $secretPath }} + readOnly: false + - name: appmgr-bin-volume + mountPath: /svcacct-to-kubeconfig.sh + subPath: svcacct-to-kubeconfig.sh + - name: appmgr-bin-volume + mountPath: /appmgr-tiller-secret-copier.sh + subPath: appmgr-tiller-secret-copier.sh +{{- end }} + containers: + - name: {{ include "common.containername.appmgr.chartmuseum" . }} + {{- $newctx := dict "ctx" $topCtx "defaultregistry" .Values.appmgr.image.chartmuseum.registry }} + image: {{ include "common.dockerregistry.url" $newctx }}/{{ .Values.appmgr.image.chartmuseum.name }}:{{ .Values.appmgr.image.chartmuseum.tag }} + {{- $newctx := dict "ctx" $topCtx "defaultpullpolicy" .Values.appmgr.imagePullPolicy }} + imagePullPolicy: {{ include "common.dockerregistry.pullpolicy" $newctx }} + envFrom: + - configMapRef: + name: {{ include "common.configmapname.appmgr" . }}-chartmuseum-env + ports: + - name: chartmuseum + containerPort: {{ include "common.serviceport.appmgr.chartmuseum.http" . }} + protocol: TCP + - name: {{ include "common.containername.appmgr" . }} + {{- $newctx := dict "ctx" $topCtx "defaultregistry" .Values.appmgr.image.appmgr.registry }} + image: {{ include "common.dockerregistry.url" $newctx }}/{{ .Values.appmgr.image.appmgr.name }}:{{ .Values.appmgr.image.appmgr.tag }} + {{- $newctx := dict "ctx" $topCtx "defaultpullpolicy" .Values.appmgr.imagePullPolicy }} + imagePullPolicy: {{ include "common.dockerregistry.pullpolicy" $newctx }} + ports: + - name: http + containerPort: {{ include "common.serviceport.appmgr.http" . }} + protocol: TCP + - name: rmrroute + containerPort: {{ include "common.serviceport.appmgr.rmr.route" . }} + protocol: TCP + - name: rmrdata + containerPort: {{ include "common.serviceport.appmgr.rmr.data" . }} + protocol: TCP + volumeMounts: + - name: config-volume + mountPath: {{ .Values.appmgr.appconfigpath }}/appmgr.yaml + subPath: appmgr.yaml + - name: helm-secret-volume + mountPath: {{ $secretPath }} + readOnly: false + - name: secret-volume + mountPath: {{ $secretPath }}/helm_repo_username + subPath: helm_repo_username + - name: secret-volume + mountPath: {{ $secretPath }}/helm_repo_password + subPath: helm_repo_password + envFrom: + - configMapRef: + name: {{ include "common.configmapname.appmgr" . }}-env + livenessProbe: + #exec: + # command: + # - /bin/bash + # - -c + # - ps -ef | grep {{ .Values.livenessprocessname }}| grep -v "grep" + #initialDelaySeconds: 120 + #periodSeconds: 30 + readinessProbe: + # httpGet: + # path: / + # port: http + restartPolicy: Always + securityContext: + # ubuntu + #runAsUser: 1000 + #allowPrivilegeEscalation: false + volumes: + - name: config-volume + configMap: + name: {{ include "common.configmapname.appmgr" . }}-appconfig + - name: secret-volume + secret: + secretName: {{ include "common.secretname.appmgr" . }} + - name: helm-secret-volume + emptyDir: {} + - name: appmgr-bin-volume + configMap: + name: {{ include "common.configmapname.appmgr" . }}-bin + defaultMode: 0755 diff --git a/helm/appmgr/templates/env-appmgr.yaml b/helm/appmgr/templates/env-appmgr.yaml new file mode 100644 index 0000000..e87d3e1 --- /dev/null +++ b/helm/appmgr/templates/env-appmgr.yaml @@ -0,0 +1,46 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +{{- $tillerKey := .Values.appmgr.tillerkey | default "ricxapp" }} +{{- $topCtx := . }} +{{- $ctx := dict "ctx" $topCtx "key" $tillerKey }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.configmapname.appmgr" . }}-env +data: + NAME: "xappmgr" + DBAAS_SERVICE_HOST: {{ include "common.servicename.dbaas.tcp" . | quote }} + DBAAS_SERVICE_PORT: {{ include "common.serviceport.dbaas.tcp" . | quote }} + DBAAS_PORT_6379_TCP_ADDR: {{ include "common.servicename.dbaas.tcp" . | quote }} + DBAAS_PORT_6379_TCP_PORT: {{ include "common.serviceport.dbaas.tcp" . | quote }} + RMR_RTG_SVC: {{ include "common.serviceport.appmgr.rmr.route" . | quote }} +{{- $certPath := .Values.appmgr.appcertpath | default "/opt/ric/certificates" }} +{{- $secretPath := .Values.appmgr.appsecretpath | default "/opt/ric/secret" }} +{{- $servicename := include "common.servicename.tiller" $ctx }} +{{- $servicenamespace := include "common.tillerDeployNameSpace" $ctx }} +{{- $serviceport := include "common.tillerPort" $ctx }} + HELM_HOST: {{ printf "%s.%s:%s" $servicename $servicenamespace $serviceport | quote }} +{{- if eq (include "common.tillerTLSVerify" $ctx) "true" }} + HELM_TLS_VERIFY: "true" + HELM_TLS_CA_CERT: "{{ $secretPath }}/tiller-ca.cert" + HELM_TLS_HOSTNAME: {{ $servicename | quote }} +{{- end }} +{{- if eq (include "common.tillerTLSAuthenticate" $ctx) "true" }} + HELM_TLS_ENABLED: "true" + HELM_TLS_CERT: "{{ $secretPath }}/helm-client.cert" + HELM_TLS_KEY: "{{ $secretPath }}/helm-client.key" +{{- end }} diff --git a/helm/appmgr/templates/env-chartmuseum.yaml b/helm/appmgr/templates/env-chartmuseum.yaml new file mode 100644 index 0000000..ec419d5 --- /dev/null +++ b/helm/appmgr/templates/env-chartmuseum.yaml @@ -0,0 +1,25 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.configmapname.appmgr" . }}-chartmuseum-env +data: + DEBUG: "true" + STORAGE: "local" + STORAGE_LOCAL_ROOTDIR: "/charts" + PORT: {{ include "common.serviceport.appmgr.chartmuseum.http" . | quote }} diff --git a/helm/appmgr/templates/ingress-appmgr.yaml b/helm/appmgr/templates/ingress-appmgr.yaml new file mode 100644 index 0000000..e515d12 --- /dev/null +++ b/helm/appmgr/templates/ingress-appmgr.yaml @@ -0,0 +1,12 @@ +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "common.ingressname.appmgr" . }} +spec: + rules: + - http: + paths: + - path: {{ include "common.kongpath.ric.appmgr" . }} + backend: + serviceName: {{ include "common.servicename.appmgr.http" . }} + servicePort: {{ include "common.serviceport.appmgr.http" . }} diff --git a/helm/appmgr/templates/ingress-chartmuseum.yaml b/helm/appmgr/templates/ingress-chartmuseum.yaml new file mode 100644 index 0000000..a681e3a --- /dev/null +++ b/helm/appmgr/templates/ingress-chartmuseum.yaml @@ -0,0 +1,33 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "common.ingressname.appmgr" . }}-chartmuseum +spec: + tls: + - hosts: + - {{ include "common.ingresscontroller.url.platform" . }} + secretName: secret-plt-ingress-cert + rules: + - http: + paths: + - backend: + serviceName: {{ include "common.servicename.appmgr.http" . }} + servicePort: {{ include "common.serviceport.appmgr.chartmuseum.http" . }} + path: {{ include "common.kongpath.ric.helmrepo" . }} + diff --git a/helm/appmgr/templates/secret.yaml b/helm/appmgr/templates/secret.yaml new file mode 100644 index 0000000..6c8511c --- /dev/null +++ b/helm/appmgr/templates/secret.yaml @@ -0,0 +1,24 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.secretname.appmgr" . }} +type: Opaque +data: + helm_repo_username: {{ .Values.appmgr.repoUserName | default "helm" }} + helm_repo_password: {{ .Values.appmgr.repoPassword | default "helm" }} diff --git a/helm/appmgr/templates/service-http.yaml b/helm/appmgr/templates/service-http.yaml new file mode 100644 index 0000000..56a52a1 --- /dev/null +++ b/helm/appmgr/templates/service-http.yaml @@ -0,0 +1,43 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename.appmgr.http" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.appmgr" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + ports: + - port: {{ include "common.serviceport.appmgr.http" . }} + protocol: "TCP" + name: "http" + targetPort: "http" + - port: {{ include "common.serviceport.appmgr.chartmuseum.http" . }} + targetPort: chartmuseum + protocol: TCP + name: chartmuseum + selector: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.appmgr" . }} + release: {{ .Release.Name }} + + diff --git a/helm/appmgr/templates/service-rmr.yaml b/helm/appmgr/templates/service-rmr.yaml new file mode 100644 index 0000000..a0608cb --- /dev/null +++ b/helm/appmgr/templates/service-rmr.yaml @@ -0,0 +1,42 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename.appmgr.rmr" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.appmgr" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + ports: + - port: {{ include "common.serviceport.appmgr.rmr.route" . }} + protocol: "TCP" + name: "rmrroute" + targetPort: "rmrroute" + - port: {{ include "common.serviceport.appmgr.rmr.data" . }} + protocol: "TCP" + name: "rmrdata" + targetPort: "rmrdata" + selector: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.appmgr" . }} + release: {{ .Release.Name }} + diff --git a/helm/appmgr/templates/serviceaccount.yaml b/helm/appmgr/templates/serviceaccount.yaml new file mode 100644 index 0000000..f0da9a5 --- /dev/null +++ b/helm/appmgr/templates/serviceaccount.yaml @@ -0,0 +1,67 @@ +{{- $tillerKey := .Values.appmgr.tillerkey | default "ricxapp" }} +{{- $topCtx := . }} +{{- $ctx := dict "ctx" $topCtx "key" $tillerKey }} +{{- $certName := include "common.tillerHelmClientTLSSecret" $ctx }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "common.serviceaccountname.appmgr" . }} + namespace: {{ include "common.namespace.platform" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access + namespace: {{ include "common.tillerDeployNameSpace" $ctx }} +rules: +- apiGroups: [""] + resources: ["pods/portforward"] + verbs: ["create"] +- apiGroups: [""] + resources: ["pods", "configmaps", "deployments", "services"] + verbs: ["get", "list", "create", "delete"] +{{- if or (eq (include "common.tillerTLSVerify" $ctx) "true" ) (eq (include "common.tillerTLSAuthenticate" $ctx) "true") }} +- apiGroups: [""] + resources: ["secrets"] + resourceNames: [ {{ include "common.tillerHelmClientTLSSecret" $ctx | quote }} ] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access + namespace: {{ include "common.tillerDeployNameSpace" $ctx }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access +subjects: + - kind: ServiceAccount + name: {{ include "common.serviceaccountname.appmgr" . }} + namespace: {{ include "common.namespace.platform" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-getappconfig + namespace: {{ include "common.tillerNameSpace" $ctx }} +rules: +- apiGroups: [""] + resources: ["configmaps", "endpoints"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.namespace.xapp" . }}-getappconfig + namespace: {{ include "common.tillerNameSpace" $ctx }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-getappconfig +subjects: + - kind: ServiceAccount + name: {{ include "common.serviceaccountname.appmgr" . }} + namespace: {{ include "common.namespace.platform" . }} diff --git a/helm/appmgr/values.yaml b/helm/appmgr/values.yaml new file mode 100644 index 0000000..8accbd0 --- /dev/null +++ b/helm/appmgr/values.yaml @@ -0,0 +1,102 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +common: + k8sAPIHost: https://kubernetes.default.svc.cluster.local/ + tillers: + ricxapp: + name: ricxapp + nameSpace: ricxapp + deployNameSpace: ricinfra + imagePullPolicy: IfNotPresent + image: + tillerTLSSecrets: + registry: nexus3.o-ran-sc.org:10002/o-ran-sc + name: it-dep-secret + tag: 0.0.2 + tiller: + registry: gcr.io + name: kubernetes-helm/tiller + tag: v2.12.3 + secret: + create: true + tillerSecretName: ricxapp-tiller-secret + helmSecretName: ricxapp-helm-secret + tls: + authenticate: true + verify: true + serviceAccount: + name: tiller + role: + - apiGroups: [""] + resources: ["pods", "configmaps", "services"] + verbs: ["get", "list", "create", "delete"] + - apiGroups: ["extensions", "apps"] + resources: ["deployments"] + verbs: ["get", "list", "create", "delete"] + + + + +appmgr: + imagePullPolicy: IfNotPresent + image: + # xAppmanager Docker image name and tag + init: + registry: "nexus3.o-ran-sc.org:10002/o-ran-sc" + name: it-dep-init + tag: 0.0.1 + appmgr: + registry: "nexus3.o-ran-sc.org:10002/o-ran-sc" + name: ric-plt-appmgr + tag: 0.2.0 + chartmuseum: + registry: "docker.io" + name: chartmuseum/chartmuseum + tag: v0.8.2 + + + + # This section describes xAppManager + replicaCount: 1 + + reponame: "helm-repo" + #repoUserName: "" + #repoPassword: "" + #repoUrl: "" + + + # Service ports are now defined in + # ric-common/Common-Template/helm/ric-common/templates/_ports.tpl file. + # If need to change a service port, make the code change necessary, then + # update the _ports.tpl file with the new port number. + + # config + # Path referred in xapp-manager for retrieving configuration details + appconfigpath: /opt/ric/config + + + # secret + # Path referred in xapp-manager for retrieving helm repo secrets + appsecretpath: /opt/ric/secret + + + # certificates + # Path referred in xapp-manager for retrieving helm repo client certificates + appcertpath: /opt/ric/certificates + + tillerkey: "ricxapp" diff --git a/helm/dbaas1/Chart.yaml b/helm/dbaas1/Chart.yaml new file mode 100644 index 0000000..7a5e4a4 --- /dev/null +++ b/helm/dbaas1/Chart.yaml @@ -0,0 +1,21 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +appVersion: "1.0" +description: DBaaS realized with standalone, non-persistent, non-redundant Redis +name: dbaas1 +version: 3.0.0 diff --git a/helm/dbaas1/requirements.yaml b/helm/dbaas1/requirements.yaml new file mode 100644 index 0000000..18add19 --- /dev/null +++ b/helm/dbaas1/requirements.yaml @@ -0,0 +1,20 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +dependencies: + - name: ric-common + version: ~3.0.0 + repository: "@local" diff --git a/helm/dbaas1/templates/deployment.yaml b/helm/dbaas1/templates/deployment.yaml new file mode 100644 index 0000000..6146ff3 --- /dev/null +++ b/helm/dbaas1/templates/deployment.yaml @@ -0,0 +1,57 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.deploymentname.dbaas" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.dbaas" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.dbaas.backend.replicas }} + selector: + matchLabels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.dbaas" . }} + release: {{ .Release.Name }} + template: + metadata: + {{- if .Values.dbaas.annotations }} + annotations: + {{- .Values.dbaas.annotations | nindent 8 -}} + {{ end }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.dbaas" . }} + release: {{ .Release.Name }} + spec: + imagePullSecrets: + {{- $ctx := dict "ctx" . "defaultregistry" .Values.dbaas.backend.image.registry }} + - name: {{ include "common.dockerregistry.credential" $ctx }} + terminationGracePeriodSeconds: {{ .Values.dbaas.backend.terminationGracePeriodSeconds }} + containers: + - image: {{ include "common.dockerregistry.url" $ctx }}/{{ .Values.dbaas.backend.image.name }}:{{ .Values.dbaas.backend.image.tag }} + {{- $ctx := dict "ctx" . "defaultpullpolicy" .Values.dbaas.backend.imagePullPolicy }} + imagePullPolicy: {{ include "common.dockerregistry.pullpolicy" $ctx }} + ports: + - containerPort: {{ include "common.serviceport.dbaas.tcp" . }} + name: sql + protocol: TCP + name: {{ include "common.containername.dbaas" . }} + restartPolicy: Always diff --git a/helm/dbaas1/templates/service.yaml b/helm/dbaas1/templates/service.yaml new file mode 100644 index 0000000..591594b --- /dev/null +++ b/helm/dbaas1/templates/service.yaml @@ -0,0 +1,35 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename.dbaas.tcp" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.dbaas" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + selector: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.dbaas" . }} + release: {{ .Release.Name }} + ports: + - port: {{ include "common.serviceport.dbaas.tcp" . }} + targetPort: "sql" + protocol: "TCP" + name: "sql" diff --git a/helm/dbaas1/values.yaml b/helm/dbaas1/values.yaml new file mode 100644 index 0000000..10dc52f --- /dev/null +++ b/helm/dbaas1/values.yaml @@ -0,0 +1,30 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +dbaas: + backend: + terminationGracePeriodSeconds: 0 + replicas: 1 + imagePullPolicy: IfNotPresent + image: + name: ric-plt-dbaas + tag: 0.1.0 + registry: "nexus3.o-ran-sc.org:10002/o-ran-sc" + + # Service ports are now defined in + # ric-common/Common-Template/helm/ric-common/templates/_ports.tpl file. + # If need to change a service port, make the code change necessary, then + # update the _ports.tpl file with the new port number. diff --git a/helm/e2mgr/Chart.yaml b/helm/e2mgr/Chart.yaml new file mode 100644 index 0000000..ad6a357 --- /dev/null +++ b/helm/e2mgr/Chart.yaml @@ -0,0 +1,22 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +appVersion: "1.0" +apiVersion: v1 +description: Oran e2mgr Helm charts +name: e2mgr +version: 3.0.0 diff --git a/helm/e2mgr/requirements.yaml b/helm/e2mgr/requirements.yaml new file mode 100644 index 0000000..db3a74b --- /dev/null +++ b/helm/e2mgr/requirements.yaml @@ -0,0 +1,21 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +dependencies: + - name: ric-common + version: ~3.0.0 + repository: "@local" diff --git a/helm/e2mgr/templates/configmap.yaml b/helm/e2mgr/templates/configmap.yaml new file mode 100644 index 0000000..04dc74d --- /dev/null +++ b/helm/e2mgr/templates/configmap.yaml @@ -0,0 +1,114 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.configmapname.e2mgr" . }}-router-configmap + namespace: {{ include "common.namespace.platform" . }} +data: + rmr_verbose: | + 0 + router.txt: | + newrt|start + rte|1080|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|1090|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }} + rte|1100|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }} + rte|1200|{{ include "common.servicename.rsm.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.rsm.rmr.data" . }} + rte|1210|{{ include "common.servicename.rsm.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.rsm.rmr.data" . }} + rte|1220|{{ include "common.servicename.rsm.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.rsm.rmr.data" . }} + rte|10020|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|10060|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }} + rte|10061|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|10062|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|10070|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }} + rte|10071|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }} + rte|10080|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|10360|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }} + rte|10361|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|10362|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|10370|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|10371|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }} + rte|12010|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }} + rte|12020|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }} + rte|20001|{{ include "common.servicename.a1mediator.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.a1mediator.rmr.data" . }} + newrt|end + +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.configmapname.e2mgr" . }}-configuration-configmap + namespace: {{ include "common.namespace.platform" . }} +data: + configuration.yaml: | + logging: + {{- if hasKey .Values.e2mgr "logLevel" }} + logLevel: {{ .Values.e2mgr.logLevel }} + {{- else }} + logLevel: "info" + {{- end }} + http: + {{- if hasKey .Values.e2mgr "httpPort" }} + port: {{ .Values.e2mgr.httpPort }} + {{- else }} + port: 3800 + {{- end }} + rmr: + {{- if hasKey .Values.e2mgr "rmrPort" }} + port: {{ .Values.e2mgr.rmrPort }} + {{- else }} + port: 3801 + {{- end }} + {{- if hasKey .Values.e2mgr "maxMsgSize" }} + maxMsgSize: {{ .Values.e2mgr.maxMsgSize }} + {{- else }} + maxMsgSize: 4096 + {{- end }} + + {{- if hasKey .Values.e2mgr "notificationResponseBuffer" }} + notificationResponseBuffer: {{ .Values.e2mgr.notificationResponseBuffer }} + {{- else }} + notificationResponseBuffer: 100 + {{- end }} + + {{- if hasKey .Values.e2mgr "bigRedButtonTimeoutSec" }} + bigRedButtonTimeoutSec: {{ .Values.e2mgr.bigRedButtonTimeoutSec }} + {{- else }} + bigRedButtonTimeoutSec: 5 + {{- end }} + + {{- if hasKey .Values.e2mgr "maxConnectionAttempts" }} + maxConnectionAttempts: {{ .Values.e2mgr.maxConnectionAttempts }} + {{- else }} + maxConnectionAttempts: 3 + {{- end }} + + {{- if hasKey .Values.e2mgr "maxRnibConnectionAttempts" }} + maxRnibConnectionAttempts: {{ .Values.e2mgr.maxRnibConnectionAttempts }} + {{- else }} + maxRnibConnectionAttempts: 3 + {{- end }} + + {{- if hasKey .Values.e2mgr "rnibRetryIntervalMs" }} + rnibRetryIntervalMs: {{ .Values.e2mgr.rnibRetryIntervalMs }} + {{- else }} + rnibRetryIntervalMs: 10 + {{- end }} + +--- diff --git a/helm/e2mgr/templates/deployment.yaml b/helm/e2mgr/templates/deployment.yaml new file mode 100644 index 0000000..04028a4 --- /dev/null +++ b/helm/e2mgr/templates/deployment.yaml @@ -0,0 +1,79 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +{{- $imagectx := dict "ctx" . "defaultregistry" .Values.e2mgr.image.registry }} +{{- $pullpolicyctx := dict "ctx" . "defaultpullpolicy" .Values.e2mgr.imagePullPolicy }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.deploymentname.e2mgr" .}} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.e2mgr" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.e2mgr.replicaCount }} + selector: + matchLabels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.e2mgr" . }} + release: {{ .Release.Name }} + template: + metadata: + {{- if .Values.e2mgr.annotations }} + annotations: + {{- .Values.e2mgr.annotations | nindent 8 -}} + {{ end }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.e2mgr" . }} + release: {{ .Release.Name }} + spec: + hostname: {{ include "common.name.e2mgr" . }} + imagePullSecrets: + - name: {{ include "common.dockerregistry.credential" $imagectx }} + containers: + - name: {{ include "common.containername.e2mgr" . }} + image: {{ include "common.dockerregistry.url" $imagectx }}/{{ .Values.e2mgr.image.name }}:{{ .Values.e2mgr.image.tag }} + imagePullPolicy: {{ include "common.dockerregistry.pullpolicy" $pullpolicyctx }} + volumeMounts: + - mountPath: /opt/E2Manager/router.txt + name: local-router-file + subPath: router.txt + - mountPath: /opt/E2Manager/resources/configuration.yaml + name: local-configuration-file + subPath: configuration.yaml + envFrom: + - configMapRef: + name: {{ include "common.configmapname.e2mgr" . }}-env + ports: + - name: "http" + containerPort: {{ include "common.serviceport.e2mgr.http" . }} + - name: "rmrroute" + containerPort: {{ include "common.serviceport.e2mgr.rmr.route" . }} + - name: "rmrdata" + containerPort: {{ include "common.serviceport.e2mgr.rmr.data" . }} + stdin: true + tty: true + securityContext: + privileged: {{ .Values.e2mgr.privilegedmode}} + volumes: + - name: local-router-file + configMap: + name: {{ include "common.configmapname.e2mgr" . }}-router-configmap + - name: local-configuration-file + configMap: + name: {{ include "common.configmapname.e2mgr" . }}-configuration-configmap diff --git a/helm/e2mgr/templates/env.yaml b/helm/e2mgr/templates/env.yaml new file mode 100644 index 0000000..3c95c5b --- /dev/null +++ b/helm/e2mgr/templates/env.yaml @@ -0,0 +1,30 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.configmapname.e2mgr" . }}-env +data: + DBAAS_SERVICE_HOST: {{ include "common.servicename.dbaas.tcp" . | quote }} + DBAAS_SERVICE_PORT: {{ include "common.serviceport.dbaas.tcp" . | quote }} + DBAAS_PORT_6379_TCP_ADDR: {{ include "common.servicename.dbaas.tcp" . | quote }} + DBAAS_PORT_6379_TCP_PORT: {{ include "common.serviceport.dbaas.tcp" . | quote }} + RMR_RTG_SVC: {{ include "common.serviceport.e2mgr.rmr.route" . | quote }} + RMR_SRC_ID: {{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }} + RIC_ID: "{{ .Values.e2mgr.env.RIC_ID }}" + #nano: {{ include "common.serviceport.e2mgr.rmr.data" . | quote }} + diff --git a/helm/e2mgr/templates/ingress-e2mgr.yaml b/helm/e2mgr/templates/ingress-e2mgr.yaml new file mode 100644 index 0000000..015aff2 --- /dev/null +++ b/helm/e2mgr/templates/ingress-e2mgr.yaml @@ -0,0 +1,12 @@ +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "common.ingressname.e2mgr" . }} +spec: + rules: + - http: + paths: + - path: {{ include "common.kongpath.ric.e2mgr" . }} + backend: + serviceName: {{ include "common.servicename.e2mgr.http" . }} + servicePort: {{ include "common.serviceport.e2mgr.http" . }} diff --git a/helm/e2mgr/templates/service-http.yaml b/helm/e2mgr/templates/service-http.yaml new file mode 100644 index 0000000..53319bc --- /dev/null +++ b/helm/e2mgr/templates/service-http.yaml @@ -0,0 +1,37 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename.e2mgr.http" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.e2mgr" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + ports: + - port: {{ include "common.serviceport.e2mgr.http" . }} + protocol: "TCP" + name: "http" + targetPort: "http" + selector: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.e2mgr" . }} + release: {{ .Release.Name }} diff --git a/helm/e2mgr/templates/service-rmr.yaml b/helm/e2mgr/templates/service-rmr.yaml new file mode 100644 index 0000000..a9e9416 --- /dev/null +++ b/helm/e2mgr/templates/service-rmr.yaml @@ -0,0 +1,41 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename.e2mgr.rmr" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.e2mgr" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + ports: + - port: {{ include "common.serviceport.e2mgr.rmr.route" . }} + protocol: "TCP" + name: "rmrroute" + targetPort: "rmrroute" + - port: {{ include "common.serviceport.e2mgr.rmr.data" . }} + protocol: "TCP" + name: "rmrdata" + targetPort: "rmrdata" + selector: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.e2mgr" . }} + release: {{ .Release.Name }} diff --git a/helm/e2mgr/values.yaml b/helm/e2mgr/values.yaml new file mode 100644 index 0000000..7de686c --- /dev/null +++ b/helm/e2mgr/values.yaml @@ -0,0 +1,41 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +################################################################# +# Application configuration defaults. +################################################################# +# application image + +e2mgr: + imagePullPolicy: IfNotPresent + image: + name: ric-plt-e2mgr + tag: 3.0.1 + registry: "nexus3.o-ran-sc.org:10002/o-ran-sc" + + privilegedmode: false + + replicaCount: 1 + + env: + RIC_ID: "bbbccc-abcd0e/20" + + + # Service ports are now defined in + # ric-common/Common-Template/helm/ric-common/templates/_ports.tpl file. + # If need to change a service port, make the code change necessary, then + # update the _ports.tpl file with the new port number. diff --git a/helm/e2term/.helmignore b/helm/e2term/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/helm/e2term/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/e2term/Chart.yaml b/helm/e2term/Chart.yaml new file mode 100644 index 0000000..86a6064 --- /dev/null +++ b/helm/e2term/Chart.yaml @@ -0,0 +1,22 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +appVersion: "1.0" +description: O-RAN RIC E2 Termination Helm charts +name: e2term +version: 3.0.0 diff --git a/helm/e2term/requirements.yaml b/helm/e2term/requirements.yaml new file mode 100644 index 0000000..db3a74b --- /dev/null +++ b/helm/e2term/requirements.yaml @@ -0,0 +1,21 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +dependencies: + - name: ric-common + version: ~3.0.0 + repository: "@local" diff --git a/helm/e2term/resources/cleaner.sh b/helm/e2term/resources/cleaner.sh new file mode 100644 index 0000000..f297fd7 --- /dev/null +++ b/helm/e2term/resources/cleaner.sh @@ -0,0 +1,25 @@ +#!/bin/sh +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +( +echo "$0 cleaning old files under $1 older than $2 days" > /tmp/cleaner.log +while true; do + find $1 -type f -mtime +$2 -delete + sleep 86400 +done +) >/dev/null 2>&1 & +disown -a diff --git a/helm/e2term/resources/configfile.properties b/helm/e2term/resources/configfile.properties new file mode 100644 index 0000000..f83a815 --- /dev/null +++ b/helm/e2term/resources/configfile.properties @@ -0,0 +1,18 @@ +Processors: pub +pub.Class: com.att.research.basin.pubsubx.Publisher +pub.Threads: 2 +pub.PublishURL: {{ .Values.e2term.pizpub.publishURL }} +pub.User: {{ .Values.e2term.pizpub.user }} +pub.Password: {{ .Values.e2term.pizpub.password }} +pub.meta.feed_id: {{ .Values.e2term.pizpub.feedId }} +pub.meta.version: 1 +pub.meta.splits: 1 +Factories: scanner +scanner.Class: com.att.research.basin.pubsubx.FileScanner +scanner.Destination: pub +scanner.Directory: {{ .Values.e2term.pizpub.dataRootDir }}/{{ .Values.e2term.pizpub.scanDirectory }} +scanner.MinAgeSeconds: 10 +scanner.ScanIntervalSeconds: 10 +scanner.DeleteOrGZip: delete +scanner.LinkDirectory: {{ .Values.e2term.pizpub.dataRootDir }}/{{ .Values.e2term.pizpub.processedDirectory }} +scanner.meta.record_count: countNewLines diff --git a/helm/e2term/resources/pizpub.crontab b/helm/e2term/resources/pizpub.crontab new file mode 100644 index 0000000..a798dfe --- /dev/null +++ b/helm/e2term/resources/pizpub.crontab @@ -0,0 +1,18 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +# +0 * * * * find {{ .Values.dataRootDir }}/{{ .Values.processedDirectory }} -type f -mtime +3 -delete diff --git a/helm/e2term/templates/configmap-pizpub.yaml b/helm/e2term/templates/configmap-pizpub.yaml new file mode 100644 index 0000000..a669834 --- /dev/null +++ b/helm/e2term/templates/configmap-pizpub.yaml @@ -0,0 +1,24 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +{{ if .Values.e2term.pizpub.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.configmapname.e2term" . }}-pizpub + namespace: {{ include "common.namespace.platform" . }} +data: +{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} +{{ end }} diff --git a/helm/e2term/templates/configmap.yaml b/helm/e2term/templates/configmap.yaml new file mode 100644 index 0000000..316a64e --- /dev/null +++ b/helm/e2term/templates/configmap.yaml @@ -0,0 +1,59 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.configmapname.e2term" . }}-router-configmap + namespace: {{ include "common.namespace.platform" . }} +data: + rmr_verbose: | + 0 + router.txt: | + newrt|start + rte|1080|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|1090|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }} + rte|1100|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|10020|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|10060|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }} + rte|10061|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|10062|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|10030|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|10070|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|10071|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|10080|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|10091|{{ include "common.servicename.rsm.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.rsm.rmr.data" . }} + rte|10092|{{ include "common.servicename.rsm.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.rsm.rmr.data" . }} + rte|10360|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }} + rte|10361|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|10362|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|10370|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }} + rte|10371|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }} + rte|12010|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }} + rte|12020|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }} + rte|20001|{{ include "common.servicename.a1mediator.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.a1mediator.rmr.data" . }} + rte|12011|service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560;service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560 + rte|12050|service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560;service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560 + rte|12012|service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560;service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560 + rte|12021|service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560;service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560 + rte|12022|service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560;service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560 + rte|12041|service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560;service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560 + rte|12042|service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560;service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560 + rte|12050|service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560;service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560 + rte|20000|service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560;service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560 + newrt|end + diff --git a/helm/e2term/templates/deployment.yaml b/helm/e2term/templates/deployment.yaml new file mode 100644 index 0000000..c258095 --- /dev/null +++ b/helm/e2term/templates/deployment.yaml @@ -0,0 +1,120 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +{{- $imagectx := dict "ctx" . "defaultregistry" .Values.e2term.image.registry }} +{{- $pullpolicyctx := dict "ctx" . "defaultpullpolicy" .Values.e2term.imagePullPolicy }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.deploymentname.e2term" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.e2term" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.e2term.replicaCount }} + selector: + matchLabels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.e2term" . }} + release: {{ .Release.Name }} + template: + metadata: + {{- if .Values.e2term.annotations }} + annotations: + {{- .Values.e2term.annotations | nindent 8 -}} + {{ end }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.e2term" . }} + release: {{ .Release.Name }} + spec: + hostname: {{ include "common.name.e2term" . }} + hostNetwork: {{ .Values.e2term.hostnetworkmode }} + dnsPolicy: ClusterFirstWithHostNet + imagePullSecrets: + - name: {{ include "common.dockerregistry.credential" $imagectx }} + {{- with .Values.e2term.nodeselector }} + nodeSelector: {{ toYaml . | trim | nindent 8 -}} + {{- end }} + containers: + - name: {{ include "common.containername.e2term" . }} + image: {{ include "common.dockerregistry.url" $imagectx }}/{{ .Values.e2term.image.name }}:{{ .Values.e2term.image.tag }} + imagePullPolicy: {{ include "common.dockerregistry.pullpolicy" $pullpolicyctx }} + volumeMounts: + - mountPath: /opt/e2/router.txt + name: local-router-file + subPath: router.txt + - mountPath: /tmp/rmr_verbose + name: local-router-file + subPath: rmr_verbose +{{ if .Values.e2term.pizpub.enabled }} + - mountPath: "{{ .Values.e2term.env.messagecollectorfile }}" + name: vol-shared + readOnly: false + subPath: "{{ .Values.e2term.pizpub.scanDirectory }}" +{{ else }} + - mountPath: "{{ .Values.e2term.env.messagecollectorfile }}" + name: vol-shared + readOnly: false +{{ end }} + envFrom: + - configMapRef: + name: {{ include "common.configmapname.e2term" . }}-env + ports: + - name: "rmrroute" + containerPort: {{ include "common.serviceport.e2term.rmr.route" . }} + - name: "rmrdata" + containerPort: {{ include "common.serviceport.e2term.rmr.data" . }} + stdin: true + tty: true + securityContext: + privileged: {{ .Values.e2term.privilegedmode }} + +{{ if .Values.e2term.pizpub.enabled }} + - name: {{ include "common.containername.e2term" . }}-pizpub + image: {{ include "common.repository" . }}/{{ .Values.e2term.pizpub.imageName }}:{{ .Values.e2term.pizpub.imageVersion }} + imagePullPolicy: {{ include "common.pullPolicy" . }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: "{{ .Values.e2term.pizpub.dataRootDir }}" + name: vol-shared + readOnly: false + - name: pizpub-config + mountPath: /opt/app/config/conf/ + lifecycle: + postStart: + exec: + command: ["/bin/sh", "/opt/app/config/conf/cleaner.sh", "{{ .Values.e2term.pizpub.dataRootDir }}/{{ .Values.e2term.pizpub.processedDirectory }}", "3"] +{{ end }} + volumes: + - name: local-router-file + configMap: + name: {{ include "common.configmapname.e2term" . }}-router-configmap +{{ if .Values.e2term.pizpub.enabled }} + - name: localtime + hostPath: + path: /etc/localtime + - name: pizpub-config + configMap: + name: {{ include "common.configmapname.e2term" . }}-pizpub +{{ end }} + - name: vol-shared + persistentVolumeClaim: + claimName: {{ include "common.pvcname.e2term" . }} + diff --git a/helm/e2term/templates/e2term-pv.yaml b/helm/e2term/templates/e2term-pv.yaml new file mode 100644 index 0000000..2f46132 --- /dev/null +++ b/helm/e2term/templates/e2term-pv.yaml @@ -0,0 +1,31 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################1 +{{if eq .Values.e2term.storageClassName "local-storage" }} +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ include "common.pvname.e2term" . }} + labels: + type: local +spec: + storageClassName: {{ .Values.e2term.storageClassName }} + capacity: + storage: {{ .Values.e2term.dataVolSize }} + accessModes: + - ReadWriteOnce + hostPath: + path: /mnt/{{ include "common.pvname.e2term" . }} +{{ end }} diff --git a/helm/e2term/templates/e2term-pvc.yaml b/helm/e2term/templates/e2term-pvc.yaml new file mode 100644 index 0000000..df01541 --- /dev/null +++ b/helm/e2term/templates/e2term-pvc.yaml @@ -0,0 +1,28 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.pvcname.e2term" . }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.e2term.dataVolSize }} + storageClassName: {{ .Values.e2term.storageClassName }} + #volumeName: {{ include "common.pvname.e2term" . }} diff --git a/helm/e2term/templates/env.yaml b/helm/e2term/templates/env.yaml new file mode 100644 index 0000000..aa2ae94 --- /dev/null +++ b/helm/e2term/templates/env.yaml @@ -0,0 +1,33 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.configmapname.e2term" . }}-env +data: + DBAAS_SERVICE_HOST: {{ include "common.servicename.dbaas.tcp" . | quote }} + DBAAS_SERVICE_PORT: {{ include "common.serviceport.dbaas.tcp" . | quote }} + DBAAS_PORT_6379_TCP_ADDR: {{ include "common.servicename.dbaas.tcp" . | quote }} + DBAAS_PORT_6379_TCP_PORT: {{ include "common.serviceport.dbaas.tcp" . | quote }} + RMR_SRC_ID: {{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }} + RMR_RTG_SVC: {{ include "common.serviceport.e2term.rmr.route" . | quote }} + RMR_SEED_RT: "router.txt" + RMR_VCTL_FILE: "/tmp/rmr_verbose" + sctp: {{ include "common.serviceport.e2term.sctp" . | quote }} + nano: {{ include "common.serviceport.e2term.rmr.data" . | quote }} + print: "{{ .Values.e2term.env.print }}" + volume: "{{ .Values.e2term.env.messagecollectorfile }}" diff --git a/helm/e2term/templates/service-rmr.yaml b/helm/e2term/templates/service-rmr.yaml new file mode 100644 index 0000000..f9443a5 --- /dev/null +++ b/helm/e2term/templates/service-rmr.yaml @@ -0,0 +1,41 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename.e2term.rmr" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.e2term" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + ports: + - port: {{ include "common.serviceport.e2term.rmr.route" . }} + protocol: "TCP" + targetPort: "rmrroute" + name: "rmrroute" + - port: {{ include "common.serviceport.e2term.rmr.data" . }} + protocol: "TCP" + targetPort: "rmrdata" + name: "rmrdata" + selector: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.e2term" . }} + release: {{ .Release.Name }} diff --git a/helm/e2term/values.yaml b/helm/e2term/values.yaml new file mode 100644 index 0000000..c58fe99 --- /dev/null +++ b/helm/e2term/values.yaml @@ -0,0 +1,46 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +################################################################# +# Application configuration defaults. +################################################################# + +e2term: + imagePullPolicy: IfNotPresent + image: + name: ric-plt-e2 + tag: 3.0.1 + registry: "nexus3.o-ran-sc.org:10002/o-ran-sc" + + privilegedmode: false + hostnetworkmode: false + + replicaCount: 1 + env: + print: "1" + messagecollectorfile: "/data/outgoing/" + # Service ports are now defined in + # ric-common/Common-Template/helm/ric-common/templates/_ports.tpl file. + # If need to change a service port, make the code change necessary, then + # update the _ports.tpl file with the new port number. + + dataVolSize: 100Mi + storageClassName: local-storage + #storageClassName: ric-storage-class + + pizpub: + enabled: false diff --git a/helm/infrastructure/Chart.yaml b/helm/infrastructure/Chart.yaml new file mode 100644 index 0000000..4db1920 --- /dev/null +++ b/helm/infrastructure/Chart.yaml @@ -0,0 +1,23 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for setting up k8s env for RIC deployment +name: infrastructure +version: 3.0.0 + diff --git a/helm/infrastructure/requirements.yaml b/helm/infrastructure/requirements.yaml new file mode 100644 index 0000000..3286320 --- /dev/null +++ b/helm/infrastructure/requirements.yaml @@ -0,0 +1,41 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +dependencies: + - name: ric-common + version: ~3.0.0 + repository: "@local" + - name: extsvcplt + version: 0.2.0 + repository: "file://subcharts/extsvcplt" + condition: extsvcplt.enabled + - name: chartmuseum + version: 0.0.1 + repository: "file://./subcharts/chartmuseum" + condition: chartmuseum.enabled + - name: docker-credential + version: 1.0.0 + repository: "file://./subcharts/docker-credential" + condition: docker-credential.enabled + - name: kong + version: 0.17.0 + repository: "file://./subcharts/kong" + condition: kong.enabled + - name: certificate-manager + version: 0.1.0 + repository: "file://./subcharts/certificate-manager" + condition: certificate-manager.enabled diff --git a/helm/infrastructure/subcharts/certificate-manager/Chart.yaml b/helm/infrastructure/subcharts/certificate-manager/Chart.yaml new file mode 100644 index 0000000..7f93e7d --- /dev/null +++ b/helm/infrastructure/subcharts/certificate-manager/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: Create SSL certificates for RIC +name: certificate-manager +version: 0.1.0 diff --git a/helm/infrastructure/subcharts/certificate-manager/requirements.yaml b/helm/infrastructure/subcharts/certificate-manager/requirements.yaml new file mode 100644 index 0000000..db3a74b --- /dev/null +++ b/helm/infrastructure/subcharts/certificate-manager/requirements.yaml @@ -0,0 +1,21 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +dependencies: + - name: ric-common + version: ~3.0.0 + repository: "@local" diff --git a/helm/infrastructure/subcharts/certificate-manager/templates/secret.yaml b/helm/infrastructure/subcharts/certificate-manager/templates/secret.yaml new file mode 100644 index 0000000..e154252 --- /dev/null +++ b/helm/infrastructure/subcharts/certificate-manager/templates/secret.yaml @@ -0,0 +1,69 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +{{- $ca := genCA "/C=US/O=O-RAN Alliance/OU=O-RAN Software Community" 9125 -}} +{{- $pltAltNames := list ( include "common.ingresscontroller.url.platform" . ) -}} +{{- $auxAltNames := list ( include "common.ingresscontroller.url.aux" . ) -}} +{{- $pltcert := genSignedCert "/C=US/O=O-RAN Alliance/OU=O-RAN Software Community/CN=RIC-Platform" nil $pltAltNames 9125 $ca -}} +{{- $auxcert := genSignedCert "/C=US/O=O-RAN Alliance/OU=O-RAN Software Community/CN=helm" nil $auxAltNames 9125 $ca -}} + +{{ $platformNameSpace := include "common.namespace.platform" . }} +{{ $xAppNameSpace := include "common.namespace.xapp" . }} +{{ $nameSpaceList := list $platformNameSpace $xAppNameSpace }} +{{- range $nameSpaceList }} +{{- $namespace := . }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: secret-ric-ca-cert + namespace: {{ $namespace }} +data: +{{- if $.Values.ca.crt }} + ca.crt: {{ $.Values.ca.crt | b64enc }} +{{- else }} + ca.crt: {{ $ca.Cert | b64enc }} +{{- end }} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: secret-plt-ingress-cert + namespace: {{ $namespace }} +data: +{{- if not ( and $.Values.ingress.plt.crt $.Values.ingress.plt.key ) }} + tls.crt: {{ $pltcert.Cert | b64enc }} + tls.key: {{ $pltcert.Key | b64enc }} +{{- else }} + tls.crt: {{ $.Values.ingress.plt.crt | b64enc }} + tls.key: {{ $.Values.ingress.plt.key | b64enc }} +{{- end }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: secret-aux-ingress-cert + namespace: {{ $namespace }} +data: +{{- if not ( and $.Values.ingress.aux.crt $.Values.ingress.aux.key ) }} + tls.crt: {{ $auxcert.Cert | b64enc }} + tls.key: {{ $auxcert.Key | b64enc }} +{{- else }} + tls.crt: {{ $.Values.ingress.aux.crt | b64enc }} + tls.key: {{ $.Values.ingress.aux.key | b64enc }} +{{- end }} + +{{- end }} diff --git a/helm/infrastructure/subcharts/certificate-manager/values.yaml b/helm/infrastructure/subcharts/certificate-manager/values.yaml new file mode 100644 index 0000000..b8caa12 --- /dev/null +++ b/helm/infrastructure/subcharts/certificate-manager/values.yaml @@ -0,0 +1,12 @@ + +ingress: + plt: + crt: {} + key: {} + aux: + crt: {} + key: {} + +ca: + crt: {} + key: {} diff --git a/helm/infrastructure/subcharts/chartmuseum/Chart.yaml b/helm/infrastructure/subcharts/chartmuseum/Chart.yaml new file mode 100644 index 0000000..7594952 --- /dev/null +++ b/helm/infrastructure/subcharts/chartmuseum/Chart.yaml @@ -0,0 +1,23 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + + +apiVersion: v1 +description: A Helm chart for helm repository for RIC +name: chartmuseum +version: 0.0.1 +appVersion: 0.1 diff --git a/helm/infrastructure/subcharts/chartmuseum/requirements.yaml b/helm/infrastructure/subcharts/chartmuseum/requirements.yaml new file mode 100644 index 0000000..db3a74b --- /dev/null +++ b/helm/infrastructure/subcharts/chartmuseum/requirements.yaml @@ -0,0 +1,21 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +dependencies: + - name: ric-common + version: ~3.0.0 + repository: "@local" diff --git a/helm/infrastructure/subcharts/chartmuseum/templates/_gen-cert.tpl b/helm/infrastructure/subcharts/chartmuseum/templates/_gen-cert.tpl new file mode 100644 index 0000000..875d873 --- /dev/null +++ b/helm/infrastructure/subcharts/chartmuseum/templates/_gen-cert.tpl @@ -0,0 +1,29 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################i + +{{/* +Generate certificates for chartmuseum helm repo +*/}} + +{{- define "chartmuseum.gen-cert" -}} +{{- $altNames := list ( include "common.ingressurl.aux" . ) -}} +{{- $ca := genCA "docker-registry-ca" 365 -}} +{{- $cert := genSignedCert ( include "common.ingressurl.aux" . ) nil $altNames 365 $ca -}} +tls.crt: {{ $cert.Cert | b64enc }} +tls.key: {{ $cert.Key | b64enc }} +{{- end -}} + diff --git a/helm/infrastructure/subcharts/chartmuseum/templates/deployment.yaml b/helm/infrastructure/subcharts/chartmuseum/templates/deployment.yaml new file mode 100644 index 0000000..f3bf341 --- /dev/null +++ b/helm/infrastructure/subcharts/chartmuseum/templates/deployment.yaml @@ -0,0 +1,66 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.deploymentname.chartmuseum" .}} + labels: + app: {{ include "common.namespace.infra" . }}-{{ include "common.name.chartmuseum" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.chartmuseum.replicaCount }} + selector: + matchLabels: + app: {{ include "common.namespace.infra" . }}-{{ include "common.name.chartmuseum" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ include "common.namespace.infra" . }}-{{ include "common.name.chartmuseum" . }} + release: {{ .Release.Name }} + spec: + securityContext: + fsGroup: 0 + runAsUser: 0 + hostname: {{ .Chart.Name }} + imagePullSecrets: + - name: {{ include "common.repositoryCred" . }} + containers: + - name: {{ include "common.containername.chartmuseum" . }} + image: {{ include "common.repository" . }}/{{ .Values.chartmuseum.image.name }}:{{ .Values.chartmuseum.image.tag }} + imagePullPolicy: {{ include "common.pullPolicy" . }} + envFrom: + - configMapRef: + name: {{ include "common.configmapname.chartmuseum" . }}-env + # volumeMounts: + #- name: certs + # mountPath: /var/run/certs + # readOnly: true + ports: + - name: http + containerPort: {{ include "common.serviceport.chartmuseum.http" . }} + protocol: TCP + volumeMounts: + - name: chart-data + mountPath: /charts + volumes: + - name: chart-data + persistentVolumeClaim: + claimName: pvc-{{ include "common.name.chartmuseum" . }} diff --git a/helm/infrastructure/subcharts/chartmuseum/templates/env.yaml b/helm/infrastructure/subcharts/chartmuseum/templates/env.yaml new file mode 100644 index 0000000..8565e88 --- /dev/null +++ b/helm/infrastructure/subcharts/chartmuseum/templates/env.yaml @@ -0,0 +1,24 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.configmapname.chartmuseum" . }}-env +data: + DEBUG: "true" + STORAGE: "local" + STORAGE_LOCAL_ROOTDIR: "/charts" diff --git a/helm/infrastructure/subcharts/chartmuseum/templates/ingress.yaml b/helm/infrastructure/subcharts/chartmuseum/templates/ingress.yaml new file mode 100644 index 0000000..747942a --- /dev/null +++ b/helm/infrastructure/subcharts/chartmuseum/templates/ingress.yaml @@ -0,0 +1,32 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "common.ingressname.chartmuseum" . }} +spec: + tls: + - hosts: + - {{ include "common.ingressurl.aux" . }} + secretName: secret-{{ include "common.name.chartmuseum" . }} + rules: + - http: + paths: + - backend: + serviceName: {{ include "common.servicename.chartmuseum.http" . }} + servicePort: http + path: "/helm" diff --git a/helm/infrastructure/subcharts/chartmuseum/templates/job-save-certs.yaml b/helm/infrastructure/subcharts/chartmuseum/templates/job-save-certs.yaml new file mode 100644 index 0000000..6253d53 --- /dev/null +++ b/helm/infrastructure/subcharts/chartmuseum/templates/job-save-certs.yaml @@ -0,0 +1,47 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: batch/v1 +kind: Job +metadata: + name: job-{{ include "common.fullname.chartmuseum" . }}-save-certs +spec: + template: + spec: + imagePullSecrets: + - name: {{ include "common.repositoryCred" . }} + containers: + - name: cert-copy + image: {{ include "common.repository" . }}/{{ .Values.chartmuseum.job.image.name }}:{{ .Values.chartmuseum.job.image.tag }} + imagePullPolicy: {{ include "common.pullPolicy" . }} + command: [ "/bin/sh","-c","cp -rL /var/run/helmcerts/..data/tls.crt /var/run/certs-copy/helmtls.crt"] + # command: ["tail", "-f", "/dev/null"] + volumeMounts: + - name: helmcerts + mountPath: /var/run/helmcerts + readOnly: true + - name: write-to-volume + mountPath: /var/run/certs-copy + volumes: + - name: helmcerts + secret: + secretName: secret-{{ include "common.name.chartmuseum" . }} + - name: write-to-volume + hostPath: + path: /tmp + restartPolicy: Never + backoffLimit: 4 diff --git a/helm/infrastructure/subcharts/chartmuseum/templates/persistentVolume.yaml b/helm/infrastructure/subcharts/chartmuseum/templates/persistentVolume.yaml new file mode 100644 index 0000000..42939be --- /dev/null +++ b/helm/infrastructure/subcharts/chartmuseum/templates/persistentVolume.yaml @@ -0,0 +1,34 @@ +{{- if not .Values.chartmuseum.storageclass }} + +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: storageclass-{{ include "common.name.chartmuseum" . }} +provisioner: kubernetes.io/no-provisioner +volumeBindingMode: WaitForFirstConsumer + +--- + +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-{{ include "common.name.chartmuseum" . }} +spec: + capacity: + storage: {{ .Values.chartmuseum.storagesize }} + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: storageclass-{{ include "common.name.chartmuseum" . }} + local: + path: {{ .Values.chartmuseum.datapath }} + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: local-storage + operator: In + values: + - enable +{{- end -}} + diff --git a/helm/infrastructure/subcharts/chartmuseum/templates/persistentVolumeClaim.yaml b/helm/infrastructure/subcharts/chartmuseum/templates/persistentVolumeClaim.yaml new file mode 100644 index 0000000..9a945b2 --- /dev/null +++ b/helm/infrastructure/subcharts/chartmuseum/templates/persistentVolumeClaim.yaml @@ -0,0 +1,11 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: pvc-{{ include "common.name.chartmuseum" . }} +spec: + accessModes: + - ReadWriteOnce + storageClassName: {{ .Values.chartmuseum.storageclass | default (printf "storageclass-%s" ( include "common.name.chartmuseum" . )) }} + resources: + requests: + storage: {{ .Values.chartmuseum.storagesize }} diff --git a/helm/infrastructure/subcharts/chartmuseum/templates/secret.yaml b/helm/infrastructure/subcharts/chartmuseum/templates/secret.yaml new file mode 100644 index 0000000..5490528 --- /dev/null +++ b/helm/infrastructure/subcharts/chartmuseum/templates/secret.yaml @@ -0,0 +1,27 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +kind: Secret +type: kubernetes.io/tls +metadata: + name: secret-{{ include "common.name.chartmuseum" . }} + annotations: + "helm.sh/hook": "pre-install" + "helm.sh/hook-delete-policy": "before-hook-creation" +data: +{{ ( include "chartmuseum.gen-cert" . ) | indent 2 }} diff --git a/helm/infrastructure/subcharts/chartmuseum/templates/service.yaml b/helm/infrastructure/subcharts/chartmuseum/templates/service.yaml new file mode 100644 index 0000000..89e3592 --- /dev/null +++ b/helm/infrastructure/subcharts/chartmuseum/templates/service.yaml @@ -0,0 +1,37 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename.chartmuseum.http" . }} + namespace: {{ include "common.namespace.infra" . }} + labels: + app: {{ include "common.namespace.infra" . }}-{{ include "common.name.chartmuseum" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + ports: + - port: {{ include "common.serviceport.chartmuseum.http" . }} + targetPort: http + protocol: TCP + name: http + selector: + app: {{ include "common.namespace.infra" . }}-{{ include "common.name.chartmuseum" . }} + release: {{ .Release.Name }} diff --git a/helm/infrastructure/subcharts/chartmuseum/values.yaml b/helm/infrastructure/subcharts/chartmuseum/values.yaml new file mode 100644 index 0000000..600fa54 --- /dev/null +++ b/helm/infrastructure/subcharts/chartmuseum/values.yaml @@ -0,0 +1,43 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +# Default values for nexus. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +repository: "docker.io" +imagePullPolicy: IfNotPresent +repositoryCred: docker-reg-cred +helmRepositoryCert: xapp-mgr-certs + +chartmuseum: + repositoryOverride: "docker.io" + replicaCount: 1 + + job: + image: + name: alpine + tag: latest + +# This is designed to be deployed using local image + image: + name: chartmuseum/chartmuseum + tag: v0.8.2 + +# Specify a storage class to bypass the local storage definition. +# storageclass: + storagesize: 2Gi + datapath: /opt/data/chartmuseum-data diff --git a/helm/infrastructure/subcharts/docker-credential/Chart.yaml b/helm/infrastructure/subcharts/docker-credential/Chart.yaml new file mode 100644 index 0000000..a0028cd --- /dev/null +++ b/helm/infrastructure/subcharts/docker-credential/Chart.yaml @@ -0,0 +1,22 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for setting up k8s resources for accessing external and infrastructure resources before RIC deployment" +name: docker-credential +version: 1.0.0 diff --git a/helm/infrastructure/subcharts/docker-credential/requirements.yaml b/helm/infrastructure/subcharts/docker-credential/requirements.yaml new file mode 100644 index 0000000..db3a74b --- /dev/null +++ b/helm/infrastructure/subcharts/docker-credential/requirements.yaml @@ -0,0 +1,21 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +dependencies: + - name: ric-common + version: ~3.0.0 + repository: "@local" diff --git a/helm/infrastructure/subcharts/docker-credential/templates/secrets-docker-reg.yaml b/helm/infrastructure/subcharts/docker-credential/templates/secrets-docker-reg.yaml new file mode 100644 index 0000000..f0e0f27 --- /dev/null +++ b/helm/infrastructure/subcharts/docker-credential/templates/secrets-docker-reg.yaml @@ -0,0 +1,41 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +{{ $platformNameSpace := include "common.namespace.platform" . }} +{{ $xAppNameSpace := include "common.namespace.xapp" . }} +{{ $infraNameSpace := include "common.namespace.infra" . }} +{{ $nameSpaceList := list $platformNameSpace $xAppNameSpace $infraNameSpace }} +{{- range $nameSpaceList }} +{{- $namespace := . }} +{{- range keys $.Values.credential }} +{{- with index $.Values.credential . }} +{{- $repo := .registry }} +{{- $cred := .credential }} +{{- $user := default "docker" $cred.user }} +{{- $password := default "docker" $cred.password }} +{{- $mail := default "@" $cred.mail }} +{{- $auth := printf "%s:%s" $user $password | b64enc }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: secret-{{ $repo | replace "." "-" | replace ":" "-" | replace "/" "-" }} + namespace: {{ $namespace }} +data: + .dockercfg: {{ printf "{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}" $repo $user $password $mail $auth | b64enc }} +type: kubernetes.io/dockercfg +{{- end }} +{{- end }} +{{- end }} diff --git a/helm/infrastructure/subcharts/docker-credential/values.yaml b/helm/infrastructure/subcharts/docker-credential/values.yaml new file mode 100644 index 0000000..60054e7 --- /dev/null +++ b/helm/infrastructure/subcharts/docker-credential/values.yaml @@ -0,0 +1,16 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ diff --git a/helm/infrastructure/subcharts/extsvcplt/Chart.yaml b/helm/infrastructure/subcharts/extsvcplt/Chart.yaml new file mode 100644 index 0000000..9cd80bf --- /dev/null +++ b/helm/infrastructure/subcharts/extsvcplt/Chart.yaml @@ -0,0 +1,23 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for setting up services with endpoints referencing external services so that these external services can be accessed as if they are in the same namespace. +name: extsvcplt +version: 0.2.0 + diff --git a/helm/infrastructure/subcharts/extsvcplt/requirements.yaml b/helm/infrastructure/subcharts/extsvcplt/requirements.yaml new file mode 100644 index 0000000..db3a74b --- /dev/null +++ b/helm/infrastructure/subcharts/extsvcplt/requirements.yaml @@ -0,0 +1,21 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +dependencies: + - name: ric-common + version: ~3.0.0 + repository: "@local" diff --git a/helm/infrastructure/subcharts/extsvcplt/templates/services-aux.yaml b/helm/infrastructure/subcharts/extsvcplt/templates/services-aux.yaml new file mode 100644 index 0000000..12b80d1 --- /dev/null +++ b/helm/infrastructure/subcharts/extsvcplt/templates/services-aux.yaml @@ -0,0 +1,50 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +{{ $platformNameSpace := include "common.namespace.platform" . }} +{{ $xAppNameSpace := include "common.namespace.xapp" . }} +{{ $nameSpaceList := list $platformNameSpace $xAppNameSpace }} +{{- range $nameSpaceList }} +--- +kind: "Service" +apiVersion: "v1" +metadata: + name: {{ include "common.ingresscontroller.url.aux" $ }} + namespace: {{ . }} +spec: + ports: + - name: {{ include "common.ingresscontroller.url.aux" $ }}-http-ingress-port + protocol: "TCP" + port: 80 + - name: {{ include "common.ingresscontroller.url.aux" $ }}-https-ingress-port + protocol: "TCP" + port: 443 +--- +kind: "Endpoints" +apiVersion: "v1" +metadata: + # match with the selector-less service + name: {{ include "common.ingresscontroller.url.aux" $ }} + namespace: {{ . }} +subsets: + - addresses: + - ip: "{{ $.Values.auxip }}" + ports: + - port: {{ include "common.ingresscontroller.port.http" $ }} + name: {{ include "common.ingresscontroller.url.aux" $ }}-http-ingress-port + - port: {{ include "common.ingresscontroller.port.https" $ }} + name: {{ include "common.ingresscontroller.url.aux" $ }}-https-ingress-port +{{- end -}} diff --git a/helm/infrastructure/subcharts/extsvcplt/values.yaml b/helm/infrastructure/subcharts/extsvcplt/values.yaml new file mode 100644 index 0000000..3f91df6 --- /dev/null +++ b/helm/infrastructure/subcharts/extsvcplt/values.yaml @@ -0,0 +1,20 @@ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +# The IP address of the RIC cluster +ricip: "10.0.0.1" +# The IP address of the AUX cluster +auxip: "10.0.0.1" diff --git a/helm/infrastructure/subcharts/kong/.helmignore b/helm/infrastructure/subcharts/kong/.helmignore new file mode 100755 index 0000000..7c04072 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +OWNERS diff --git a/helm/infrastructure/subcharts/kong/Chart.yaml b/helm/infrastructure/subcharts/kong/Chart.yaml new file mode 100755 index 0000000..2e1cf0d --- /dev/null +++ b/helm/infrastructure/subcharts/kong/Chart.yaml @@ -0,0 +1,31 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +appVersion: "1.3" +description: The Cloud-Native Ingress and Service Mesh for APIs and Microservices +engine: gotpl +home: https://KongHQ.com/ +icon: https://s3.amazonaws.com/downloads.kong/universe/assets/icon-kong-inc-large.png +maintainers: +- email: shashi@konghq.com + name: shashiranjan84 +- email: harry@konghq.com + name: hbagdi +name: kong +sources: +- https://github.com/Kong/kong +version: 0.17.0 diff --git a/helm/infrastructure/subcharts/kong/README.md b/helm/infrastructure/subcharts/kong/README.md new file mode 100755 index 0000000..be6bc15 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/README.md @@ -0,0 +1,397 @@ +## Kong + +[Kong](https://KongHQ.com/) is an open-source API Gateway and Microservices +Management Layer, delivering high performance and reliability. + +## TL;DR; + +```bash +$ helm install stable/kong +``` + +## Introduction + +This chart bootstraps all the components needed to run Kong on a [Kubernetes](http://kubernetes.io) +cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.8+ with Beta APIs enabled. +- PV provisioner support in the underlying infrastructure if persistence + is needed for Kong datastore. + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release stable/kong +``` + +If using Kong Enterprise, several additional steps are necessary before +installing the chart. At minimum, you must: +* Create a [license secret](#license). +* Set `enterprise.enabled: true` in values.yaml. +* Update values.yaml to use a Kong Enterprise image. If needed, follow the +instructions in values.yaml to add a registry pull secret. + +Reading through [the full list of Enterprise considerations](#kong-enterprise-specific-parameters) +is recommended. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the +chart and deletes the release. + +## Configuration + +### General Configuration Parameters + +The following table lists the configurable parameters of the Kong chart +and their default values. + +| Parameter | Description | Default | +| ---------------------------------- | ------------------------------------------------------------------------------------- | ------------------- | +| image.repository | Kong image | `kong` | +| image.tag | Kong image version | `1.3` | +| image.pullPolicy | Image pull policy | `IfNotPresent` | +| image.pullSecrets | Image pull secrets | `null` | +| replicaCount | Kong instance count | `1` | +| admin.useTLS | Secure Admin traffic | `true` | +| admin.servicePort | TCP port on which the Kong admin service is exposed | `8444` | +| admin.containerPort | TCP port on which Kong app listens for admin traffic | `8444` | +| admin.nodePort | Node port when service type is `NodePort` | | +| admin.hostPort | Host port to use for admin traffic | | +| admin.type | k8s service type, Options: NodePort, ClusterIP, LoadBalancer | `NodePort` | +| admin.loadBalancerIP | Will reuse an existing ingress static IP for the admin service | `null` | +| admin.loadBalancerSourceRanges | Limit admin access to CIDRs if set and service type is `LoadBalancer` | `[]` | +| admin.ingress.enabled | Enable ingress resource creation (works with proxy.type=ClusterIP) | `false` | +| admin.ingress.tls | Name of secret resource, containing TLS secret | | +| admin.ingress.hosts | List of ingress hosts. | `[]` | +| admin.ingress.path | Ingress path. | `/` | +| admin.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` | +| proxy.http.enabled | Enables http on the proxy | true | +| proxy.http.servicePort | Service port to use for http | 80 | +| proxy.http.containerPort | Container port to use for http | 8000 | +| proxy.http.nodePort | Node port to use for http | 32080 | +| proxy.http.hostPort | Host port to use for http | | +| proxy.tls.enabled | Enables TLS on the proxy | true | +| proxy.tls.containerPort | Container port to use for TLS | 8443 | +| proxy.tls.servicePort | Service port to use for TLS | 8443 | +| proxy.tls.nodePort | Node port to use for TLS | 32443 | +| proxy.tls.hostPort | Host port to use for TLS | | +| proxy.type | k8s service type. Options: NodePort, ClusterIP, LoadBalancer | `NodePort` | +| proxy.loadBalancerSourceRanges | Limit proxy access to CIDRs if set and service type is `LoadBalancer` | `[]` | +| proxy.loadBalancerIP | To reuse an existing ingress static IP for the admin service | | +| proxy.externalIPs | IPs for which nodes in the cluster will also accept traffic for the proxy | `[]` | +| proxy.externalTrafficPolicy | k8s service's externalTrafficPolicy. Options: Cluster, Local | | +| proxy.ingress.enabled | Enable ingress resource creation (works with proxy.type=ClusterIP) | `false` | +| proxy.ingress.tls | Name of secret resource, containing TLS secret | | +| proxy.ingress.hosts | List of ingress hosts. | `[]` | +| proxy.ingress.path | Ingress path. | `/` | +| proxy.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` | +| updateStrategy | update strategy for deployment | `{}` | +| env | Additional [Kong configurations](https://getkong.org/docs/latest/configuration/) | | +| runMigrations | Run Kong migrations job | `true` | +| readinessProbe | Kong readiness probe | | +| livenessProbe | Kong liveness probe | | +| affinity | Node/pod affinities | | +| nodeSelector | Node labels for pod assignment | `{}` | +| podAnnotations | Annotations to add to each pod | `{}` | +| resources | Pod resource requests & limits | `{}` | +| tolerations | List of node taints to tolerate | `[]` | +| podDisruptionBudget.enabled | Enable PodDisruptionBudget for Kong | `false` | +| podDisruptionBudget.maxUnavailable | Represents the minimum number of Pods that can be unavailable (integer or percentage) | `50%` | +| podDisruptionBudget.minAvailable | Represents the number of Pods that must be available (integer or percentage) | | +| serviceMonitor.enabled | Create ServiceMonitor for Prometheus Operator | false | +| serviceMonitor.interval | Scrapping interval | 10s | +| serviceMonitor.namespace | Where to create ServiceMonitor | | + +### Admin/Proxy listener override + +If you specify `env.admin_listen` or `env.proxy_listen`, this chart will use +the value provided by you as opposed to constructing a listen variable +from fields like `proxy.http.containerPort` and `proxy.http.enabled`. This allows +you to be more prescriptive when defining listen directives. + +**Note:** Overriding `env.proxy_listen` and `env.admin_listen` will potentially cause +`admin.containerPort`, `proxy.http.containerPort` and `proxy.tls.containerPort` to become out of sync, +and therefore must be updated accordingly. + +I.E. updatating to `env.proxy_listen: 0.0.0.0:4444, 0.0.0.0:4443 ssl` will need +`proxy.http.containerPort: 4444` and `proxy.tls.containerPort: 4443` to be set in order +for the service definition to work properly. + +### Kong-specific parameters + +Kong has a choice of either Postgres or Cassandra as a backend datatstore. +This chart allows you to choose either of them with the `env.database` +parameter. Postgres is chosen by default. + +Additionally, this chart allows you to use your own database or spin up a new +instance by using the `postgres.enabled` or `cassandra.enabled` parameters. +Enabling both will create both databases in your cluster, but only one +will be used by Kong based on the `env.database` parameter. +Postgres is enabled by default. + +| Parameter | Description | Default | +| ------------------------------| ------------------------------------------------------------------------| ----------------------| +| cassandra.enabled | Spin up a new cassandra cluster for Kong | `false` | +| postgresql.enabled | Spin up a new postgres instance for Kong | `true` | +| waitImage.repository | Image used to wait for database to become ready | `busybox` | +| waitImage.tag | Tag for image used to wait for database to become ready | `latest` | +| env.database | Choose either `postgres`, `cassandra` or `"off"` (for dbless mode) | `postgres` | +| env.pg_user | Postgres username | `kong` | +| env.pg_database | Postgres database name | `kong` | +| env.pg_password | Postgres database password (required if you are using your own database)| `kong` | +| env.pg_host | Postgres database host (required if you are using your own database) | `` | +| env.pg_port | Postgres database port | `5432` | +| env.cassandra_contact_points | Cassandra contact points (required if you are using your own database) | `` | +| env.cassandra_port | Cassandra query port | `9042` | +| env.cassandra_keyspace | Cassandra keyspace | `kong` | +| env.cassandra_repl_factor | Replication factor for the Kong keyspace | `2` | +| dblessConfig.configMap | Name of an existing ConfigMap containing the `kong.yml` file. This must have the key `kong.yml`.| `` | +| dblessConfig.config | Yaml configuration file for the dbless (declarative) configuration of Kong | see in `values.yaml` | + +All `kong.env` parameters can also accept a mapping instead of a value to ensure the parameters can be set through configmaps and secrets. + +An example : + +```yaml +kong: + env: + pg_user: kong + pg_password: + valueFrom: + secretKeyRef: + key: kong + name: postgres +``` + + +For complete list of Kong configurations please check https://getkong.org/docs/latest/configuration/. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install stable/kong --name my-release \ + --set=image.tag=1.3,env.database=cassandra,cassandra.enabled=true +``` + +Alternatively, a YAML file that specifies the values for the above parameters +can be provided while installing the chart. For example, + +```console +$ helm install stable/kong --name my-release -f values.yaml +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +### Kong Enterprise-specific parameters + +Kong Enterprise requires some additional configuration not needed when using +Kong OSS. Some of the more important configuration is grouped in sections +under the `.enterprise` key in values.yaml, though most enterprise-specific +configuration can be placed under the `.env` key. + +To use Kong Enterprise, change your image to a Kong Enterprise image and set +`.enterprise.enabled: true` in values.yaml to render Enterprise sections of the +templates. Review the sections below for other settings you should consider +configuring before installing the chart. + +#### Service location hints + +Kong Enterprise add two GUIs, Kong Manager and the Kong Developer Portal, that +must know where other Kong services (namely the admin and files APIs) can be +accessed in order to function properly. Kong's default behavior for attempting +to locate these absent configuration is unlikely to work in common Kubernetes +environments. Because of this, you should set each of `admin_gui_url`, +`admin_api_uri`, `proxy_url`, `portal_api_url`, `portal_gui_host`, and +`portal_gui_protocol` under the `.env` key in values.yaml to locations where +each of their respective services can be accessed to ensure that Kong services +can locate one another and properly set CORS headers. See the [Property Reference documentation](https://docs.konghq.com/enterprise/0.35-x/property-reference/) +for more details on these settings. + +#### License + +All Kong Enterprise deployments require a license. If you do not have a copy +of yours, please contact Kong Support. Once you have it, you will need to +store it in a Secret. Save your secret in a file named `license` (no extension) +and then create and inspect your secret: + +``` +$ kubectl create secret generic kong-enterprise-license --from-file=./license +$ kubectl get secret kong-enterprise-license -o yaml +apiVersion: v1 +data: + license: eyJsaWNlbnNlIjp7InNpZ25hdHVyZSI6IkhFWSBJIFNFRSBZT1UgUEVFS0lORyBJTlNJREUgTVkgQkFTRTY0IEVYQU1QTEUiLCJwYXlsb2FkIjp7ImN1c3RvbWVyIjoiV0VMTCBUT08gQkFEIiwibGljZW5zZV9jcmVhdGlvbl9kYXRlIjoiMjAxOC0wNi0wNSIsInByb2R1Y3Rfc3Vic2NyaXB0aW9uIjoiVEhFUkVTIE5PVEhJTkcgSEVSRSIsImFkbWluX3NlYXRzIjoiNSIsInN1cHBvcnRfcGxhbiI6IkZha2UiLCJsaWNlbnNlX2V4cGlyYXRpb25fZGF0ZSI6IjIwMjAtMjAtMjAiLCJsaWNlbnNlX2tleSI6IlRTT0kgWkhJViJ9LCJ2ZXJzaW9uIjoxfX0K +kind: Secret +metadata: + creationTimestamp: "2019-05-17T21:45:16Z" + name: kong-enterprise-license + namespace: default + resourceVersion: "48695485" + selfLink: /api/v1/namespaces/default/secrets/kong-enterprise-license + uid: 0f2e8903-78ed-11e9-b1a6-42010a8a02ec +type: Opaque +``` +Set the secret name in values.yaml, in the `.enterprise.license_secret` key. + +#### RBAC + +Note that you can create a default RBAC superuser when initially setting up an +environment, by setting the `KONG_PASSWORD` environment variable on the initial +migration Job's Pod. This will create a `kong_admin` admin whose token and +basic-auth password match the value of `KONG_PASSWORD` + +Using RBAC within Kubernetes environments requires providing Kubernetes an RBAC +user for its readiness and liveness checks. We recommend creating a user that +has permission to read `/status` and nothing else. For example, with RBAC still +disabled: + +``` +$ curl -sX POST http://admin.kong.example/rbac/users --data name=statuschecker --data user_token=REPLACE_WITH_SOME_TOKEN +{"user_token_ident":"45239","user_token":"$2b$09$cL.xbvRQCzE35A0osl8VTej7u0BgJOIgpTVjxpwZ1U8.jNdMwyQRW","id":"fe8824dc-09a7-4b68-b5e6-541e4b9b4ced","name":"statuschecker","enabled":true,"comment":null,"created_at":1558131229} + +$ curl -sX POST http://admin.kong.example/rbac/roles --data name=read-status +{"comment":null,"created_at":1558131353,"id":"e32507a5-e636-40b2-88c0-090042db7d79","name":"read-status","is_default":false} + +$ curl -sX POST http://admin.kong.example/rbac/roles/read-status/endpoints --data endpoint="/status" --data actions=read +{"endpoint":"\/status","created_at":1558131423,"workspace":"default","actions":["read"],"negative":false,"role":{"id":"e32507a5-e636-40b2-88c0-090042db7d79"}} + +$ curl -sX POST http://admin.kong.example/rbac/users/statuschecker/roles --data roles=read-status +{"roles":[{"created_at":1558131353,"id":"e32507a5-e636-40b2-88c0-090042db7d79","name":"read-status"}],"user":{"user_token_ident":"45239","user_token":"$2b$09$cL.xbvRQCzE35A0osl8VTej7u0BgJOIgpTVjxpwZ1U8.jNdMwyQRW","id":"fe8824dc-09a7-4b68-b5e6-541e4b9b4ced","name":"statuschecker","comment":null,"enabled":true,"created_at":1558131229}} +``` +Probes will then need to include that user's token, e.g. for the readinessProbe: + +``` +readinessProbe: + httpGet: + path: "/status" + port: admin + scheme: HTTP + httpHeaders: + - name: Kong-Admin-Token + value: REPLACE_WITH_SOME_TOKEN + ... +``` + +Note that RBAC is **NOT** currently enabled on the admin API container for the +controller Pod when the ingress controller is enabled. This admin API container +is not exposed outside the Pod, so only the controller can interact with it. We +intend to add RBAC to this container in the future after updating the controller +to add support for storing its RBAC token in a Secret, as currently it would +need to be stored in plaintext. RBAC is still enforced on the admin API of the +main deployment when using the ingress controller, as that admin API *is* +accessible outside the Pod. + +#### Sessions + +Login sessions for Kong Manager and the Developer Portal make use of [the Kong +Sessions plugin](https://docs.konghq.com/enterprise/0.35-x/kong-manager/authentication/sessions/). +Their configuration must be stored in Secrets, as it contains an HMAC key. +If using either RBAC or the Portal, create a Secret with `admin_gui_session_conf` +and `portal_session_conf` keys. + +``` +$ cat admin_gui_session_conf +{"cookie_name":"admin_session","cookie_samesite":"off","secret":"admin-secret-CHANGEME","cookie_secure":true,"storage":"kong"} +$ cat portal_session_conf +{"cookie_name":"portal_session","cookie_samesite":"off","secret":"portal-secret-CHANGEME","cookie_secure":true,"storage":"kong"} +$ kubectl create secret generic kong-session-config --from-file=admin_gui_session_conf --from-file=portal_session_conf +secret/kong-session-config created +``` +The exact plugin settings may vary in your environment. The `secret` should +always be changed for both configurations. + +After creating your secret, set its name in values.yaml, in the +`.enterprise.rbac.session_conf_secret` and +`.enterprise.rbac.session_conf_secret` keys. + +#### Email/SMTP + +Email is used to send invitations for [Kong Admins](https://docs.konghq.com/enterprise/enterprise/0.35-x/kong-manager/networking/email/) +and [Developers](https://docs.konghq.com/enterprise/enterprise/0.35-x/developer-portal/configuration/smtp/). + +Email invitations rely on setting a number of SMTP settings at once. For +convenience, these are grouped under the `.enterprise.smtp` key in values.yaml. +Setting `.enterprise.smtp.disabled: true` will set `KONG_SMTP_MOCK=on` and +allow Admin/Developer invites to proceed without sending email. Note, however, +that these have limited functionality without sending email. + +If your SMTP server requires authentication, you should the `username` and +`smtp_password_secret` keys under `.enterprise.smtp.auth`. +`smtp_password_secret` must be a Secret containing an `smtp_password` key whose +value is your SMTP password. + +### DB-less Configuration + + +When deploying Kong in DB-less mode (`env.database: "off"`) and without the Ingress +Controller (`ingressController.enabled: false`), Kong needs a config to run. In +this case, configuration can be provided using an exsiting ConfigMap +(`dblessConfig.configMap`) or pushed directly into the values file under +`dblessConfig.config`. See the example configuration in the default values.yaml +for more details. + +### Kong Ingress Controller + +Kong Ingress Controller's primary purpose is to satisfy Ingress resources +created in your Kubernetes cluster. +It uses CRDs for more fine grained control over routing and +for Kong specific configuration. +To deploy the ingress controller together with +kong run the following command: + +```bash +# without a database +helm install stable/kong --set ingressController.enabled=true \ + --set postgresql.enabled=false --set env.database=off +# with a database +helm install stable/kong --set ingressController.enabled=true +``` + +If you like to use a static IP: + +```shell +helm install stable/kong --set ingressController.enabled=true --set proxy.loadBalancerIP=[Your IP goes there] --set proxy.type=LoadBalancer --name kong --namespace kong +``` + +**Note**: Kong Ingress controller doesn't support custom SSL certificates +on Admin port. We will be removing this limitation in the future. + +Kong ingress controller relies on several Custom Resource Definition objects to +declare the the Kong configurations and synchronize the configuration with the +Kong admin API. Each of this new objects declared in Kubernetes have a +one-to-one relation with a Kong resource. +The custom resources are: + +- KongConsumer +- KongCredential +- KongPlugin +- KongIngress + +You can can learn about kong ingress custom resource definitions [here](https://github.com/Kong/kubernetes-ingress-controller/blob/master/docs/custom-resources.md). + + +| Parameter | Description | Default | +| ---------------------------------- | ------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- | +| enabled | Deploy the ingress controller, rbac and crd | false | +| replicaCount | Number of desired ingress controllers | 1 | +| image.repository | Docker image with the ingress controller | kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller | +| image.tag | Version of the ingress controller | 0.2.0 | +| readinessProbe | Kong ingress controllers readiness probe | | +| livenessProbe | Kong ingress controllers liveness probe | | +| ingressClass | The ingress-class value for controller | nginx | +| podDisruptionBudget.enabled | Enable PodDisruptionBudget for ingress controller | `false` | +| podDisruptionBudget.maxUnavailable | Represents the minimum number of Pods that can be unavailable (integer or percentage) | `50%` | +| podDisruptionBudget.minAvailable | Represents the number of Pods that must be available (integer or percentage) | | + diff --git a/helm/infrastructure/subcharts/kong/charts/cassandra/.helmignore b/helm/infrastructure/subcharts/kong/charts/cassandra/.helmignore new file mode 100755 index 0000000..5e03def --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/cassandra/.helmignore @@ -0,0 +1,17 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +OWNERS diff --git a/helm/infrastructure/subcharts/kong/charts/cassandra/Chart.yaml b/helm/infrastructure/subcharts/kong/charts/cassandra/Chart.yaml new file mode 100755 index 0000000..44592bb --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/cassandra/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +appVersion: 3.11.3 +description: Apache Cassandra is a free and open-source distributed database management + system designed to handle large amounts of data across many commodity servers, providing + high availability with no single point of failure. +engine: gotpl +home: http://cassandra.apache.org +icon: https://upload.wikimedia.org/wikipedia/commons/thumb/5/5e/Cassandra_logo.svg/330px-Cassandra_logo.svg.png +keywords: +- cassandra +- database +- nosql +maintainers: +- email: goonohc@gmail.com + name: KongZ +name: cassandra +version: 0.10.5 diff --git a/helm/infrastructure/subcharts/kong/charts/cassandra/README.md b/helm/infrastructure/subcharts/kong/charts/cassandra/README.md new file mode 100755 index 0000000..b3b1959 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/cassandra/README.md @@ -0,0 +1,190 @@ +# Cassandra +A Cassandra Chart for Kubernetes + +## Install Chart +To install the Cassandra Chart into your Kubernetes cluster (This Chart requires persistent volume by default, you may need to create a storage class before install chart. To create storage class, see [Persist data](#persist_data) section) + +```bash +helm install --namespace "cassandra" -n "cassandra" incubator/cassandra +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status "cassandra" +``` + +If you want to delete your Chart, use this command +```bash +helm delete --purge "cassandra" +``` + +## Persist data +You need to create `StorageClass` before able to persist data in persistent volume. +To create a `StorageClass` on Google Cloud, run the following + +```bash +kubectl create -f sample/create-storage-gce.yaml +``` + +And set the following values in `values.yaml` + +```yaml +persistence: + enabled: true +``` + +If you want to create a `StorageClass` on other platform, please see documentation here [https://kubernetes.io/docs/user-guide/persistent-volumes/](https://kubernetes.io/docs/user-guide/persistent-volumes/) + +When running a cluster without persistence, the termination of a pod will first initiate a decommissioning of that pod. +Depending on the amount of data stored inside the cluster this may take a while. In order to complete a graceful +termination, pods need to get more time for it. Set the following values in `values.yaml`: + +```yaml +podSettings: + terminationGracePeriodSeconds: 1800 +``` + +## Install Chart with specific cluster size +By default, this Chart will create a cassandra with 3 nodes. If you want to change the cluster size during installation, you can use `--set config.cluster_size={value}` argument. Or edit `values.yaml` + +For example: +Set cluster size to 5 + +```bash +helm install --namespace "cassandra" -n "cassandra" --set config.cluster_size=5 incubator/cassandra/ +``` + +## Install Chart with specific resource size +By default, this Chart will create a cassandra with CPU 2 vCPU and 4Gi of memory which is suitable for development environment. +If you want to use this Chart for production, I would recommend to update the CPU to 4 vCPU and 16Gi. Also increase size of `max_heap_size` and `heap_new_size`. +To update the settings, edit `values.yaml` + +## Install Chart with specific node +Sometime you may need to deploy your cassandra to specific nodes to allocate resources. You can use node selector by edit `nodes.enabled=true` in `values.yaml` +For example, you have 6 vms in node pools and you want to deploy cassandra to node which labeled as `cloud.google.com/gke-nodepool: pool-db` + +Set the following values in `values.yaml` + +```yaml +nodes: + enabled: true + selector: + nodeSelector: + cloud.google.com/gke-nodepool: pool-db +``` + +## Configuration + +The following table lists the configurable parameters of the Cassandra chart and their default values. + +| Parameter | Description | Default | +| ----------------------- | --------------------------------------------- | ---------------------------------------------------------- | +| `image.repo` | `cassandra` image repository | `cassandra` | +| `image.tag` | `cassandra` image tag | `3.11.3` | +| `image.pullPolicy` | Image pull policy | `Always` if `imageTag` is `latest`, else `IfNotPresent` | +| `image.pullSecrets` | Image pull secrets | `nil` | +| `config.cluster_domain` | The name of the cluster domain. | `cluster.local` | +| `config.cluster_name` | The name of the cluster. | `cassandra` | +| `config.cluster_size` | The number of nodes in the cluster. | `3` | +| `config.seed_size` | The number of seed nodes used to bootstrap new clients joining the cluster. | `2` | +| `config.seeds` | The comma-separated list of seed nodes. | Automatically generated according to `.Release.Name` and `config.seed_size` | +| `config.num_tokens` | Initdb Arguments | `256` | +| `config.dc_name` | Initdb Arguments | `DC1` | +| `config.rack_name` | Initdb Arguments | `RAC1` | +| `config.endpoint_snitch` | Initdb Arguments | `SimpleSnitch` | +| `config.max_heap_size` | Initdb Arguments | `2048M` | +| `config.heap_new_size` | Initdb Arguments | `512M` | +| `config.ports.cql` | Initdb Arguments | `9042` | +| `config.ports.thrift` | Initdb Arguments | `9160` | +| `config.ports.agent` | The port of the JVM Agent (if any) | `nil` | +| `config.start_rpc` | Initdb Arguments | `false` | +| `configOverrides` | Overrides config files in /etc/cassandra dir | `{}` | +| `commandOverrides` | Overrides default docker command | `[]` | +| `argsOverrides` | Overrides default docker args | `[]` | +| `env` | Custom env variables | `{}` | +| `persistence.enabled` | Use a PVC to persist data | `true` | +| `persistence.storageClass` | Storage class of backing PVC | `nil` (uses alpha storage class annotation) | +| `persistence.accessMode` | Use volume as ReadOnly or ReadWrite | `ReadWriteOnce` | +| `persistence.size` | Size of data volume | `10Gi` | +| `resources` | CPU/Memory resource requests/limits | Memory: `4Gi`, CPU: `2` | +| `service.type` | k8s service type exposing ports, e.g. `NodePort`| `ClusterIP` | +| `podManagementPolicy` | podManagementPolicy of the StatefulSet | `OrderedReady` | +| `podDisruptionBudget` | Pod distruption budget | `{}` | +| `podAnnotations` | pod annotations for the StatefulSet | `{}` | +| `updateStrategy.type` | UpdateStrategy of the StatefulSet | `OnDelete` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `90` | +| `livenessProbe.periodSeconds` | How often to perform the probe | `30` | +| `livenessProbe.timeoutSeconds` | When the probe times out | `5` | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | +| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `90` | +| `readinessProbe.periodSeconds` | How often to perform the probe | `30` | +| `readinessProbe.timeoutSeconds` | When the probe times out | `5` | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | +| `rbac.create` | Specifies whether RBAC resources should be created | `true` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use | | +| `backup.enabled` | Enable backup on chart installation | `false` | +| `backup.schedule` | Keyspaces to backup, each with cron time | | +| `backup.annotations` | Backup pod annotations | iam.amazonaws.com/role: `cain` | +| `backup.image.repo` | Backup image repository | `nuvo/cain` | +| `backup.image.tag` | Backup image tag | `0.4.1` | +| `backup.extraArgs` | Additional arguments for cain | `[]` | +| `backup.env` | Backup environment variables | AWS_REGION: `us-east-1` | +| `backup.resources` | Backup CPU/Memory resource requests/limits | Memory: `1Gi`, CPU: `1` | +| `backup.destination` | Destination to store backup artifacts | `s3://bucket/cassandra` | +| `exporter.enabled` | Enable Cassandra exporter | `false` | +| `exporter.image.repo` | Exporter image repository | `criteord/cassandra_exporter` | +| `exporter.image.tag` | Exporter image tag | `2.0.2` | +| `exporter.port` | Exporter port | `5556` | +| `exporter.jvmOpts` | Exporter additional JVM options | | +| `affinity` | Kubernetes node affinity | `{}` | +| `tolerations` | Kubernetes node tolerations | `[]` | + + +## Scale cassandra +When you want to change the cluster size of your cassandra, you can use the helm upgrade command. + +```bash +helm upgrade --set config.cluster_size=5 cassandra incubator/cassandra +``` + +## Get cassandra status +You can get your cassandra cluster status by running the command + +```bash +kubectl exec -it --namespace cassandra $(kubectl get pods --namespace cassandra -l app=cassandra-cassandra -o jsonpath='{.items[0].metadata.name}') nodetool status +``` + +Output +```bash +Datacenter: asia-east1 +====================== +Status=Up/Down +|/ State=Normal/Leaving/Joining/Moving +-- Address Load Tokens Owns (effective) Host ID Rack +UN 10.8.1.11 108.45 KiB 256 66.1% 410cc9da-8993-4dc2-9026-1dd381874c54 a +UN 10.8.4.12 84.08 KiB 256 68.7% 96e159e1-ef94-406e-a0be-e58fbd32a830 c +UN 10.8.3.6 103.07 KiB 256 65.2% 1a42b953-8728-4139-b070-b855b8fff326 b +``` + +## Benchmark +You can use [cassandra-stress](https://docs.datastax.com/en/cassandra/3.0/cassandra/tools/toolsCStress.html) tool to run the benchmark on the cluster by the following command + +```bash +kubectl exec -it --namespace cassandra $(kubectl get pods --namespace cassandra -l app=cassandra-cassandra -o jsonpath='{.items[0].metadata.name}') cassandra-stress +``` + +Example of `cassandra-stress` argument + - Run both read and write with ration 9:1 + - Operator total 1 million keys with uniform distribution + - Use QUORUM for read/write + - Generate 50 threads + - Generate result in graph + - Use NetworkTopologyStrategy with replica factor 2 + +```bash +cassandra-stress mixed ratio\(write=1,read=9\) n=1000000 cl=QUORUM -pop dist=UNIFORM\(1..1000000\) -mode native cql3 -rate threads=50 -log file=~/mixed_autorate_r9w1_1M.log -graph file=test2.html title=test revision=test2 -schema "replication(strategy=NetworkTopologyStrategy, factor=2)" +``` diff --git a/helm/infrastructure/subcharts/kong/charts/cassandra/sample/create-storage-gce.yaml b/helm/infrastructure/subcharts/kong/charts/cassandra/sample/create-storage-gce.yaml new file mode 100755 index 0000000..2467b95 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/cassandra/sample/create-storage-gce.yaml @@ -0,0 +1,7 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: generic +provisioner: kubernetes.io/gce-pd +parameters: + type: pd-ssd diff --git a/helm/infrastructure/subcharts/kong/charts/cassandra/templates/NOTES.txt b/helm/infrastructure/subcharts/kong/charts/cassandra/templates/NOTES.txt new file mode 100755 index 0000000..9ecb004 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/cassandra/templates/NOTES.txt @@ -0,0 +1,35 @@ +Cassandra CQL can be accessed via port {{ .Values.config.ports.cql }} on the following DNS name from within your cluster: +Cassandra Thrift can be accessed via port {{ .Values.config.ports.thrift }} on the following DNS name from within your cluster: + +If you want to connect to the remote instance with your local Cassandra CQL cli. To forward the API port to localhost:9042 run the following: +- kubectl port-forward --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ template "cassandra.name" . }},release={{ .Release.Name }} -o jsonpath='{ .items[0].metadata.name }') 9042:{{ .Values.config.ports.cql }} + +If you want to connect to the Cassandra CQL run the following: +{{- if contains "NodePort" .Values.service.type }} +- export CQL_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "cassandra.fullname" . }}) +- export CQL_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") +- cqlsh $CQL_HOST $CQL_PORT + +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "cassandra.fullname" . }}' +- export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "cassandra.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') +- echo cqlsh $SERVICE_IP +{{- else if contains "ClusterIP" .Values.service.type }} +- kubectl port-forward --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "cassandra.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 9042:{{ .Values.config.ports.cql }} + echo cqlsh 127.0.0.1 9042 +{{- end }} + +You can also see the cluster status by run the following: +- kubectl exec -it --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ template "cassandra.name" . }},release={{ .Release.Name }} -o jsonpath='{.items[0].metadata.name}') nodetool status + +To tail the logs for the Cassandra pod run the following: +- kubectl logs -f --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ template "cassandra.name" . }},release={{ .Release.Name }} -o jsonpath='{ .items[0].metadata.name }') + +{{- if not .Values.persistence.enabled }} + +Note that the cluster is running with node-local storage instead of PersistentVolumes. In order to prevent data loss, +pods will be decommissioned upon termination. Decommissioning may take some time, so you might also want to adjust the +pod termination gace period, which is currently set to {{ .Values.podSettings.terminationGracePeriodSeconds }} seconds. + +{{- end}} diff --git a/helm/infrastructure/subcharts/kong/charts/cassandra/templates/_helpers.tpl b/helm/infrastructure/subcharts/kong/charts/cassandra/templates/_helpers.tpl new file mode 100755 index 0000000..b870420 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/cassandra/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "cassandra.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cassandra.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cassandra.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cassandra.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "cassandra.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/charts/cassandra/templates/backup/cronjob.yaml b/helm/infrastructure/subcharts/kong/charts/cassandra/templates/backup/cronjob.yaml new file mode 100755 index 0000000..fdf6282 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/cassandra/templates/backup/cronjob.yaml @@ -0,0 +1,73 @@ +{{- if .Values.backup.enabled }} +{{- $release := .Release }} +{{- $values := .Values }} +{{- $backup := $values.backup }} +{{- range $index, $schedule := $backup.schedule }} +--- +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: {{ template "cassandra.fullname" $ }}-backup-{{ $schedule.keyspace | replace "_" "-" }} + labels: + app: {{ template "cassandra.name" $ }}-cain + chart: {{ template "cassandra.chart" $ }} + release: "{{ $release.Name }}" + heritage: "{{ $release.Service }}" +spec: + schedule: {{ $schedule.cron | quote }} + concurrencyPolicy: Forbid + startingDeadlineSeconds: 120 + jobTemplate: + spec: + template: + metadata: + annotations: + {{ toYaml $backup.annotations }} + spec: + restartPolicy: OnFailure + serviceAccountName: {{ template "cassandra.serviceAccountName" $ }} + containers: + - name: cassandra-backup + image: "{{ $backup.image.repos }}:{{ $backup.image.tag }}" + command: ["cain"] + args: + - backup + - --namespace + - {{ $release.Namespace }} + - --selector + - release={{ $release.Name }},app={{ template "cassandra.name" $ }} + - --keyspace + - {{ $schedule.keyspace }} + - --dst + - {{ $backup.destination }} + {{- with $backup.extraArgs }} +{{ toYaml . | indent 12 }} + {{- end }} + {{- with $backup.env }} + env: +{{ toYaml . | indent 12 }} + {{- end }} + {{- with $backup.resources }} + resources: +{{ toYaml . | indent 14 }} + {{- end }} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - {{ template "cassandra.fullname" $ }} + - key: release + operator: In + values: + - {{ $release.Name }} + topologyKey: "kubernetes.io/hostname" + {{- with $values.tolerations }} + tolerations: +{{ toYaml . | indent 10 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/helm/infrastructure/subcharts/kong/charts/cassandra/templates/backup/rbac.yaml b/helm/infrastructure/subcharts/kong/charts/cassandra/templates/backup/rbac.yaml new file mode 100755 index 0000000..12b0f27 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/cassandra/templates/backup/rbac.yaml @@ -0,0 +1,50 @@ +{{- if .Values.backup.enabled }} +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "cassandra.serviceAccountName" . }} + labels: + app: {{ template "cassandra.name" . }} + chart: {{ template "cassandra.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +--- +{{- end }} +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "cassandra.fullname" . }}-backup + labels: + app: {{ template "cassandra.name" . }} + chart: {{ template "cassandra.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +rules: +- apiGroups: [""] + resources: ["pods", "pods/log"] + verbs: ["get", "list"] +- apiGroups: [""] + resources: ["pods/exec"] + verbs: ["create"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "cassandra.fullname" . }}-backup + labels: + app: {{ template "cassandra.name" . }} + chart: {{ template "cassandra.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "cassandra.fullname" . }}-backup +subjects: +- kind: ServiceAccount + name: {{ template "cassandra.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} +{{- end }} diff --git a/helm/infrastructure/subcharts/kong/charts/cassandra/templates/configmap.yaml b/helm/infrastructure/subcharts/kong/charts/cassandra/templates/configmap.yaml new file mode 100755 index 0000000..4e5ab76 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/cassandra/templates/configmap.yaml @@ -0,0 +1,14 @@ +{{- if .Values.configOverrides }} +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ template "cassandra.name" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "cassandra.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ toYaml .Values.configOverrides | indent 2 }} +{{- end }} diff --git a/helm/infrastructure/subcharts/kong/charts/cassandra/templates/pdb.yaml b/helm/infrastructure/subcharts/kong/charts/cassandra/templates/pdb.yaml new file mode 100755 index 0000000..2e539bd --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/cassandra/templates/pdb.yaml @@ -0,0 +1,17 @@ +{{- if .Values.podDisruptionBudget -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: {{ template "cassandra.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "cassandra.fullname" . }} +spec: + selector: + matchLabels: + app: {{ template "cassandra.name" . }} + release: {{ .Release.Name }} +{{ toYaml .Values.podDisruptionBudget | indent 2 }} +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/charts/cassandra/templates/service.yaml b/helm/infrastructure/subcharts/kong/charts/cassandra/templates/service.yaml new file mode 100755 index 0000000..cf7f94b --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/cassandra/templates/service.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "cassandra.fullname" . }} + labels: + app: {{ template "cassandra.name" . }} + chart: {{ template "cassandra.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + clusterIP: None + type: {{ .Values.service.type }} + ports: + - name: intra + port: 7000 + targetPort: 7000 + - name: tls + port: 7001 + targetPort: 7001 + - name: jmx + port: 7199 + targetPort: 7199 + - name: cql + port: {{ default 9042 .Values.config.ports.cql }} + targetPort: {{ default 9042 .Values.config.ports.cql }} + - name: thrift + port: {{ default 9160 .Values.config.ports.thrift }} + targetPort: {{ default 9160 .Values.config.ports.thrift }} + {{- if .Values.config.ports.agent }} + - name: agent + port: {{ .Values.config.ports.agent }} + targetPort: {{ .Values.config.ports.agent }} + {{- end }} + selector: + app: {{ template "cassandra.name" . }} + release: {{ .Release.Name }} diff --git a/helm/infrastructure/subcharts/kong/charts/cassandra/templates/statefulset.yaml b/helm/infrastructure/subcharts/kong/charts/cassandra/templates/statefulset.yaml new file mode 100755 index 0000000..c691597 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/cassandra/templates/statefulset.yaml @@ -0,0 +1,200 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "cassandra.fullname" . }} + labels: + app: {{ template "cassandra.name" . }} + chart: {{ template "cassandra.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + selector: + matchLabels: + app: {{ template "cassandra.name" . }} + release: {{ .Release.Name }} + serviceName: {{ template "cassandra.fullname" . }} + replicas: {{ .Values.config.cluster_size }} + podManagementPolicy: {{ .Values.podManagementPolicy }} + updateStrategy: + type: {{ .Values.updateStrategy.type }} + template: + metadata: + labels: + app: {{ template "cassandra.name" . }} + release: {{ .Release.Name }} +{{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 8 }} +{{- end }} +{{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} +{{- end }} + spec: + hostNetwork: {{ .Values.hostNetwork }} +{{- if .Values.selector }} +{{ toYaml .Values.selector | indent 6 }} +{{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} +{{- end }} +{{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} + containers: +{{- if .Values.exporter.enabled }} + - name: cassandra-exporter + image: "{{ .Values.exporter.image.repo }}:{{ .Values.exporter.image.tag }}" + env: + - name: CASSANDRA_EXPORTER_CONFIG_listenPort + value: {{ .Values.exporter.port | quote }} + - name: JVM_OPTS + value: {{ .Values.exporter.jvmOpts | quote }} + ports: + - name: metrics + containerPort: {{ .Values.exporter.port }} + protocol: TCP + - name: jmx + containerPort: 5555 + livenessProbe: + tcpSocket: + port: {{ .Values.exporter.port }} + readinessProbe: + httpGet: + path: /metrics + port: {{ .Values.exporter.port }} + initialDelaySeconds: 20 + timeoutSeconds: 45 +{{- end }} + - name: {{ template "cassandra.fullname" . }} + image: "{{ .Values.image.repo }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} +{{- if .Values.commandOverrides }} + command: {{ .Values.commandOverrides }} +{{- end }} +{{- if .Values.argsOverrides }} + args: {{ .Values.argsOverrides }} +{{- end }} + resources: +{{ toYaml .Values.resources | indent 10 }} + env: + {{- $seed_size := default 1 .Values.config.seed_size | int -}} + {{- $global := . }} + - name: CASSANDRA_SEEDS + {{- if .Values.hostNetwork }} + value: {{ required "You must fill \".Values.config.seeds\" with list of Cassandra seeds when hostNetwork is set to true" .Values.config.seeds | quote }} + {{- else }} + value: "{{- range $i, $e := until $seed_size }}{{ template "cassandra.fullname" $global }}-{{ $i }}.{{ template "cassandra.fullname" $global }}.{{ $global.Release.Namespace }}.svc.{{ $global.Values.config.cluster_domain }}{{- if (lt ( add1 $i ) $seed_size ) }},{{- end }}{{- end }}" + {{- end }} + - name: MAX_HEAP_SIZE + value: {{ default "8192M" .Values.config.max_heap_size | quote }} + - name: HEAP_NEWSIZE + value: {{ default "200M" .Values.config.heap_new_size | quote }} + - name: CASSANDRA_ENDPOINT_SNITCH + value: {{ default "SimpleSnitch" .Values.config.endpoint_snitch | quote }} + - name: CASSANDRA_CLUSTER_NAME + value: {{ default "Cassandra" .Values.config.cluster_name | quote }} + - name: CASSANDRA_DC + value: {{ default "DC1" .Values.config.dc_name | quote }} + - name: CASSANDRA_RACK + value: {{ default "RAC1" .Values.config.rack_name | quote }} + - name: CASSANDRA_START_RPC + value: {{ default "false" .Values.config.start_rpc | quote }} + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + {{- range $key, $value := .Values.env }} + - name: {{ $key | quote }} + value: {{ $value | quote }} + {{- end }} + livenessProbe: + exec: + command: [ "/bin/sh", "-c", "nodetool status" ] + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + readinessProbe: + exec: + command: [ "/bin/sh", "-c", "nodetool status | grep -E \"^UN\\s+${POD_IP}\"" ] + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + ports: + - name: intra + containerPort: 7000 + - name: tls + containerPort: 7001 + - name: jmx + containerPort: 7199 + - name: cql + containerPort: {{ default 9042 .Values.config.ports.cql }} + - name: thrift + containerPort: {{ default 9160 .Values.config.ports.thrift }} + {{- if .Values.config.ports.agent }} + - name: agent + containerPort: {{ .Values.config.ports.agent }} + {{- end }} + volumeMounts: + - name: data + mountPath: /var/lib/cassandra +{{- range $key, $value := .Values.configOverrides }} + - name: cassandra-config-{{ $key | replace "." "-" }} + mountPath: /etc/cassandra/{{ $key }} + subPath: {{ $key }} +{{- end }} + {{- if not .Values.persistence.enabled }} + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "exec nodetool decommission"] + {{- end }} + terminationGracePeriodSeconds: {{ default 30 .Values.podSettings.terminationGracePeriodSeconds }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + - name: {{ .Values.image.pullSecrets }} + {{- end }} +{{- if or .Values.configOverrides (not .Values.persistence.enabled) }} + volumes: +{{- end }} +{{- range $key, $value := .Values.configOverrides }} + - configMap: + name: cassandra + name: cassandra-config-{{ $key | replace "." "-" }} +{{- end }} +{{- if not .Values.persistence.enabled }} + - name: data + emptyDir: {} +{{- else }} + volumeClaimTemplates: + - metadata: + name: data + labels: + app: {{ template "cassandra.name" . }} + chart: {{ template "cassandra.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/infrastructure/subcharts/kong/charts/cassandra/values.yaml b/helm/infrastructure/subcharts/kong/charts/cassandra/values.yaml new file mode 100755 index 0000000..6bfae65 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/cassandra/values.yaml @@ -0,0 +1,209 @@ +## Cassandra image version +## ref: https://hub.docker.com/r/library/cassandra/ +image: + repo: cassandra + tag: 3.11.3 + pullPolicy: IfNotPresent + ## Specify ImagePullSecrets for Pods + ## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + # pullSecrets: myregistrykey + +## Specify a service type +## ref: http://kubernetes.io/docs/user-guide/services/ +service: + type: ClusterIP + +## Persist data to a persistent volume +persistence: + enabled: true + ## cassandra data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + accessMode: ReadWriteOnce + size: 10Gi + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## Minimum memory for development is 4GB and 2 CPU cores +## Minimum memory for production is 8GB and 4 CPU cores +## ref: http://docs.datastax.com/en/archived/cassandra/2.0/cassandra/architecture/architecturePlanningHardware_c.html +resources: {} + # requests: + # memory: 4Gi + # cpu: 2 + # limits: + # memory: 4Gi + # cpu: 2 + +## Change cassandra configuration parameters below: +## ref: http://docs.datastax.com/en/cassandra/3.0/cassandra/configuration/configCassandra_yaml.html +## Recommended max heap size is 1/2 of system memory +## Recommended heap new size is 1/4 of max heap size +## ref: http://docs.datastax.com/en/cassandra/3.0/cassandra/operations/opsTuneJVM.html +config: + cluster_domain: cluster.local + cluster_name: cassandra + cluster_size: 3 + seed_size: 2 + num_tokens: 256 + # If you want Cassandra to use this datacenter and rack name, + # you need to set endpoint_snitch to GossipingPropertyFileSnitch. + # Otherwise, these values are ignored and datacenter1 and rack1 + # are used. + dc_name: DC1 + rack_name: RAC1 + endpoint_snitch: SimpleSnitch + max_heap_size: 2048M + heap_new_size: 512M + start_rpc: false + ports: + cql: 9042 + thrift: 9160 + # If a JVM Agent is in place + # agent: 61621 + +## Cassandra config files overrides +configOverrides: {} + +## Cassandra docker command overrides +commandOverrides: [] + +## Cassandra docker args overrides +argsOverrides: [] + +## Custom env variables. +## ref: https://hub.docker.com/_/cassandra/ +env: {} + +## Liveness and Readiness probe values. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ +livenessProbe: + initialDelaySeconds: 90 + periodSeconds: 30 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 +readinessProbe: + initialDelaySeconds: 90 + periodSeconds: 30 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + +## Configure node selector. Edit code below for adding selector to pods +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +# selector: + # nodeSelector: + # cloud.google.com/gke-nodepool: pool-db + +## Additional pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +podAnnotations: {} + +## Additional pod labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +podLabels: {} + +## Additional pod-level settings +podSettings: + # Change this to give pods more time to properly leave the cluster when not using persistent storage. + terminationGracePeriodSeconds: 30 + +## Pod distruption budget +podDisruptionBudget: {} + # maxUnavailable: 1 + # minAvailable: 2 + +podManagementPolicy: OrderedReady +updateStrategy: + type: OnDelete + +## Pod Security Context +securityContext: + enabled: false + fsGroup: 999 + runAsUser: 999 + +## Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +affinity: {} + +## Node tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +rbac: + # Specifies whether RBAC resources should be created + create: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + # name: + +# Use host network for Cassandra pods +# You must pass seed list into config.seeds property if set to true +hostNetwork: false + +## Backup cronjob configuration +## Ref: https://github.com/nuvo/cain +backup: + enabled: false + + # Schedule to run jobs. Must be in cron time format + # Ref: https://crontab.guru/ + schedule: + - keyspace: keyspace1 + cron: "0 7 * * *" + - keyspace: keyspace2 + cron: "30 7 * * *" + + annotations: + # Example for authorization to AWS S3 using kube2iam + # Can also be done using environment variables + iam.amazonaws.com/role: cain + + image: + repos: nuvo/cain + tag: 0.4.1 + + # Additional arguments for cain + # Ref: https://github.com/nuvo/cain#usage + extraArgs: [] + + # Add additional environment variables + env: + # Example environment variable required for AWS credentials chain + - name: AWS_REGION + value: us-east-1 + + resources: + requests: + memory: 1Gi + cpu: 1 + limits: + memory: 1Gi + cpu: 1 + + # Destination to store the backup artifacts + # Supported cloud storage services: AWS S3, Minio S3, Azure Blob Storage + # Additional support can added. Visit this repository for details + # Ref: https://github.com/nuvo/skbn + destination: s3://bucket/cassandra + +## Cassandra exported configuration +## ref: https://github.com/criteo/cassandra_exporter +exporter: + enabled: false + image: + repo: criteord/cassandra_exporter + tag: 2.0.2 + port: 5556 + jvmOpts: "" diff --git a/helm/infrastructure/subcharts/kong/charts/postgresql/.helmignore b/helm/infrastructure/subcharts/kong/charts/postgresql/.helmignore new file mode 100755 index 0000000..a1c17ae --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/postgresql/.helmignore @@ -0,0 +1,2 @@ +.git +OWNERS \ No newline at end of file diff --git a/helm/infrastructure/subcharts/kong/charts/postgresql/Chart.yaml b/helm/infrastructure/subcharts/kong/charts/postgresql/Chart.yaml new file mode 100755 index 0000000..bbaf967 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/postgresql/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +appVersion: 10.6.0 +description: Chart for PostgreSQL, an object-relational database management system + (ORDBMS) with an emphasis on extensibility and on standards-compliance. +engine: gotpl +home: https://www.postgresql.org/ +icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-110x117.png +keywords: +- postgresql +- postgres +- database +- sql +- replication +- cluster +maintainers: +- email: containers@bitnami.com + name: Bitnami +- email: cedric@desaintmartin.fr + name: desaintmartin +name: postgresql +sources: +- https://github.com/bitnami/bitnami-docker-postgresql +version: 3.9.5 diff --git a/helm/infrastructure/subcharts/kong/charts/postgresql/README.md b/helm/infrastructure/subcharts/kong/charts/postgresql/README.md new file mode 100755 index 0000000..5bb0f07 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/postgresql/README.md @@ -0,0 +1,278 @@ +# PostgreSQL + +[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. + +## TL;DR; + +```console +$ helm install stable/postgresql +``` + +## Introduction + +This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.10+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm install --name my-release stable/postgresql +``` + +The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the PostgreSQL chart and their default values. + +| Parameter | Description | Default | +|-----------------------------------------------|------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------| +| `global.imageRegistry` | Global Docker Image registry | `nil` | +| `image.registry` | PostgreSQL Image registry | `docker.io` | +| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | +| `image.tag` | PostgreSQL Image tag | `{VERSION}` | +| `image.pullPolicy` | PostgreSQL Image pull policy | `Always` | +| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `image.debug` | Specify if debug values should be set | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `latest` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | +| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` | +| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | +| `replication.enabled` | Would you like to enable replication | `false` | +| `replication.user` | Replication user | `repl_user` | +| `replication.password` | Replication user password | `repl_password` | +| `replication.slaveReplicas` | Number of slaves replicas | `1` | +| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | +| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`. | `0` | +| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | +| `existingSecret` | Name of existing secret to use for PostgreSQL passwords | `nil` | +| `postgresqlUsername` | PostgreSQL admin user | `postgres` | +| `postgresqlPassword` | PostgreSQL admin password | _random 10 character alphanumeric string_ | +| `postgresqlDatabase` | PostgreSQL database | `nil` | +| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | +| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `nil` | +| `pgHbaConfiguration` | Content of pg\_hba.conf | `nil (do not create pg_hba.conf)` | +| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`) | `nil` | +| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files | `nil` | +| `initdbScripts` | List of initdb scripts | `nil` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `nil` | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.port` | PostgreSQL port | `5432` | +| `service.nodePort` | Kubernetes Service nodePort | `nil` | +| `service.annotations` | Annotations for PostgreSQL service | {} | +| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` | `nil` | +| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | +| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | +| `persistence.accessMode` | PVC Access Mode for PostgreSQL volume | `ReadWriteOnce` | +| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | +| `persistence.annotations` | Annotations for the PVC | `{}` | +| `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` | +| `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` | +| `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` | +| `slave.nodeSelector` | Node labels for pod assignment (postgresql slave) | `{}` | +| `slave.affinity` | Affinity labels for pod assignment (postgresql slave) | `{}` | +| `slave.tolerations` | Toleration labels for pod assignment (postgresql slave) | `[]` | +| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | +| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | +| `securityContext.enabled` | Enable security context | `true` | +| `securityContext.fsGroup` | Group ID for the container | `1001` | +| `securityContext.runAsUser` | User ID for the container | `1001` | +| `livenessProbe.enabled` | Would you like a livessProbed to be enabled | `true` | +| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | +| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `metrics.enabled` | Start a prometheus exporter | `false` | +| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | +| `service.clusterIP` | Static clusterIP or None for headless services | `nil` | +| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{}` | +| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | +| `metrics.image.registry` | PostgreSQL Image registry | `docker.io` | +| `metrics.image.repository` | PostgreSQL Image name | `wrouesnel/postgres_exporter` | +| `metrics.image.tag` | PostgreSQL Image tag | `{VERSION}` | +| `metrics.image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `extraEnv` | Any extra environment variables you would like to pass on to the pod | `{}` | +| `updateStrategy` | Update strategy policy | `{type: "onDelete"}` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install --name my-release \ + --set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \ + stable/postgresql +``` + +The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +$ helm install --name my-release -f values.yaml stable/postgresql +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +### postgresql.conf / pg_hba.conf files as configMap + +This helm chart also supports to customize the whole configuration file. + +Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server. + +Alternatively, you can specify PostgreSQL configuration parameters using the `postgresqlConfiguration` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}. + +In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options. + +### Allow settings to be loaded from files other than the default `postgresql.conf` + +If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory. +Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. + +Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option. + +## Initialize a fresh instance + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. + +Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. + +In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. + +The allowed extensions are `.sh`, `.sql` and `.sql.gz`. + +## Production and horizontal scaling + +The following repo contains the recommended production settings for PostgreSQL server in an alternative [values file](values-production.yaml). Please read carefully the comments in the values-production.yaml file to set up your environment + +To horizontally scale this chart, first download the [values-production.yaml](values-production.yaml) file to your local folder, then: + +```console +$ helm install --name my-release -f ./values-production.yaml stable/postgresql +$ kubectl scale statefulset my-postgresql-slave --replicas=3 +``` + +## Persistence + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. + +Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. +See the [Configuration](#configuration) section to configure the PVC or to disable persistence. + +## Metrics + +The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). + +The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. + +## NetworkPolicy + +To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. + +For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: + +```console +$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" +``` + +With NetworkPolicy enabled, traffic will be limited to just port 5432. + +For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. +This label will be displayed in the output of a successful install. + +## Upgrade + +### 3.0.0 + +This releases make it possible to specify different nodeSelector, affinity and tolerations for master and slave pods. +It also fixes an issue with `postgresql.master.fullname` helper template not obeying fullnameOverride. + +#### Breaking changes + +- `affinty` has been renamed to `master.affinity` and `slave.affinity`. +- `tolerations` has been renamed to `master.tolerations` and `slave.tolerations`. +- `nodeSelector` has been renamed to `master.nodeSelector` and `slave.nodeSelector`. + +### 2.0.0 + +In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps: + + - Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running + + ```console +$ kubectl get svc + ``` + +- Install (not upgrade) the new version + +```console +$ helm repo update +$ helm install --name my-release stable/postgresql +``` + +- Connect to the new pod (you can obtain the name by running `kubectl get pods`): + +```console +$ kubectl exec -it NAME bash +``` + +- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart: + +```console +$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql +``` + +After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`). +This operation could take some time depending on the database size. + +- Once you have the backup file, you can restore it with a command like the one below: + +```console +$ psql -U postgres DATABASE_NAME < /tmp/backup.sql +``` + +In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt). + +If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below. + +```console +$ psql -U postgres +postgres=# drop database DATABASE_NAME; +postgres=# create database DATABASE_NAME; +postgres=# create user USER_NAME; +postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD'; +postgres=# grant all privileges on database DATABASE_NAME to USER_NAME; +postgres=# alter database DATABASE_NAME owner to USER_NAME; +``` diff --git a/helm/infrastructure/subcharts/kong/charts/postgresql/files/README.md b/helm/infrastructure/subcharts/kong/charts/postgresql/files/README.md new file mode 100755 index 0000000..1813a2f --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/postgresql/files/README.md @@ -0,0 +1 @@ +Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map. diff --git a/helm/infrastructure/subcharts/kong/charts/postgresql/files/conf.d/README.md b/helm/infrastructure/subcharts/kong/charts/postgresql/files/conf.d/README.md new file mode 100755 index 0000000..184c187 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/postgresql/files/conf.d/README.md @@ -0,0 +1,4 @@ +If you don't want to provide the whole configuration file and only specify certain parameters, you can copy here your extended `.conf` files. +These files will be injected as a config maps and add/overwrite the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. + +More info in the [bitnami-docker-postgresql README](https://github.com/bitnami/bitnami-docker-postgresql#configuration-file). diff --git a/helm/infrastructure/subcharts/kong/charts/postgresql/files/docker-entrypoint-initdb.d/README.md b/helm/infrastructure/subcharts/kong/charts/postgresql/files/docker-entrypoint-initdb.d/README.md new file mode 100755 index 0000000..cba3809 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/postgresql/files/docker-entrypoint-initdb.d/README.md @@ -0,0 +1,3 @@ +You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image. + +More info in the [bitnami-docker-postgresql](https://github.com/bitnami/bitnami-docker-postgresql#initializing-a-new-instance) repository. \ No newline at end of file diff --git a/helm/infrastructure/subcharts/kong/charts/postgresql/templates/NOTES.txt b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/NOTES.txt new file mode 100755 index 0000000..41c2210 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/NOTES.txt @@ -0,0 +1,60 @@ +{{- if contains .Values.service.type "LoadBalancer" }} +{{- if not .Values.postgresqlPassword }} +------------------------------------------------------------------------------- + WARNING + + By specifying "serviceType=LoadBalancer" and not specifying "postgresqlPassword" + you have most likely exposed the PostgreSQL service externally without any + authentication mechanism. + + For security reasons, we strongly suggest that you switch to "ClusterIP" or + "NodePort". As an alternative, you can also specify a valid password on the + "postgresqlPassword" parameter. + +------------------------------------------------------------------------------- +{{- end }} +{{- end }} + +** Please be patient while the chart is being deployed ** + +PostgreSQL can be accessed via port 5432 on the following DNS name from within your cluster: + + {{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection +{{- if .Values.replication.enabled }} + {{ template "postgresql.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection +{{- end }} +To get the password for "{{ .Values.postgresqlUsername }}" run: + + export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "postgresql.fullname" . }}{{ end }} -o jsonpath="{.data.postgresql-password}" | base64 --decode) + +To connect to your database run the following command: + + kubectl run {{ template "postgresql.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image bitnami/postgresql --env="PGPASSWORD=$POSTGRESQL_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} + --labels="{{ template "postgresql.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "postgresql.fullname" . }} -U {{ .Values.postgresqlUsername }} + +{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} +Note: Since NetworkPolicy is enabled, only pods with label {{ template "postgresql.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster. +{{- end }} + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "postgresql.fullname" . }}) + {{ if .Values.postgresqlPassword }}PGPASSWORD="{{ .Values.postgresqlPassword}}" {{ end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }} + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "postgresql.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + {{ if .Values.postgresqlPassword }}PGPASSWORD="{{ .Values.postgresqlPassword}}" {{ end }}psql --host $SERVICE_IP --port {{ .Values.service.port }} -U {{ .Values.postgresqlUsername }} + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "postgresql.fullname" . }} 5432:5432 & + {{ if .Values.postgresqlPassword }}PGPASSWORD="{{ .Values.postgresqlPassword}}" {{ end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }} + +{{- end }} diff --git a/helm/infrastructure/subcharts/kong/charts/postgresql/templates/_helpers.tpl b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/_helpers.tpl new file mode 100755 index 0000000..d179779 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/_helpers.tpl @@ -0,0 +1,152 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "postgresql.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- printf .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.master.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}} +{{- if .Values.replication.enabled -}} +{{- printf "%s-%s" $fullname "master" | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "postgresql.networkPolicy.apiVersion" -}} +{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} +"extensions/v1beta1" +{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} +"networking.k8s.io/v1" +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "postgresql.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper PostgreSQL image name +*/}} +{{- define "postgresql.image" -}} +{{- $registryName := .Values.image.registry -}} +{{- $repositoryName := .Values.image.repository -}} +{{- $tag := .Values.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper image name to change the volume permissions +*/}} +{{- define "postgresql.volumePermissions.image" -}} +{{- $registryName := .Values.volumePermissions.image.registry -}} +{{- $repositoryName := .Values.volumePermissions.image.repository -}} +{{- $tag := .Values.volumePermissions.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + + +{{/* +Return the proper PostgreSQL metrics image name +*/}} +{{- define "metrics.image" -}} +{{- $registryName := default "docker.io" .Values.metrics.image.registry -}} +{{- $tag := default "latest" .Values.metrics.image.tag | toString -}} +{{- printf "%s/%s:%s" $registryName .Values.metrics.image.repository $tag -}} +{{- end -}} + +{{/* +Get the password secret. +*/}} +{{- define "postgresql.secretName" -}} +{{- if .Values.existingSecret -}} +{{- printf "%s" .Values.existingSecret -}} +{{- else -}} +{{- printf "%s" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the configuration ConfigMap name. +*/}} +{{- define "postgresql.configurationCM" -}} +{{- if .Values.configurationConfigMap -}} +{{- printf "%s" .Values.configurationConfigMap -}} +{{- else -}} +{{- printf "%s-configuration" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the extended configuration ConfigMap name. +*/}} +{{- define "postgresql.extendedConfigurationCM" -}} +{{- if .Values.extendedConfConfigMap -}} +{{- printf "%s" .Values.extendedConfConfigMap -}} +{{- else -}} +{{- printf "%s-extended-configuration" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "postgresql.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} +{{- printf "%s" .Values.initdbScriptsConfigMap -}} +{{- else -}} +{{- printf "%s-init-scripts" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/charts/postgresql/templates/configmap.yaml b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/configmap.yaml new file mode 100755 index 0000000..d2178c0 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/configmap.yaml @@ -0,0 +1,26 @@ +{{ if and (or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration) (not .Values.configurationConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-configuration + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +data: +{{- if (.Files.Glob "files/postgresql.conf") }} +{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }} +{{- else if .Values.postgresqlConfiguration }} + postgresql.conf: | +{{- range $key, $value := default dict .Values.postgresqlConfiguration }} + {{ $key | snakecase }}={{ $value }} +{{- end }} +{{- end }} +{{- if (.Files.Glob "files/pg_hba.conf") }} +{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }} +{{- else if .Values.pgHbaConfiguration }} + pg_hba.conf: | +{{ .Values.pgHbaConfiguration | indent 4 }} +{{- end }} +{{ end }} diff --git a/helm/infrastructure/subcharts/kong/charts/postgresql/templates/extended-config-configmap.yaml b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/extended-config-configmap.yaml new file mode 100755 index 0000000..8a41195 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/extended-config-configmap.yaml @@ -0,0 +1,21 @@ +{{- if and (or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf) (not .Values.extendedConfConfigMap)}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-extended-configuration + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +data: +{{- with .Files.Glob "files/conf.d/*.conf" }} +{{ .AsConfig | indent 2 }} +{{- end }} +{{ with .Values.postgresqlExtendedConf }} + override.conf: | +{{- range $key, $value := . }} + {{ $key | snakecase }}={{ $value }} +{{- end }} +{{- end }} +{{- end }} diff --git a/helm/infrastructure/subcharts/kong/charts/postgresql/templates/initialization-configmap.yaml b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/initialization-configmap.yaml new file mode 100755 index 0000000..8eb5e05 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/initialization-configmap.yaml @@ -0,0 +1,24 @@ +{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-init-scripts + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} +binaryData: +{{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}" }} +{{ .AsConfig | indent 2 }} +{{- end }} +{{- with .Values.initdbScripts }} +{{ toYaml . | indent 2 }} +{{- end }} +{{- end }} diff --git a/helm/infrastructure/subcharts/kong/charts/postgresql/templates/metrics-svc.yaml b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/metrics-svc.yaml new file mode 100755 index 0000000..2e210e3 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/metrics-svc.yaml @@ -0,0 +1,26 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-metrics + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + annotations: +{{ toYaml .Values.metrics.service.annotations | indent 4 }} +spec: + type: {{ .Values.metrics.service.type }} + {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} + {{- end }} + ports: + - name: metrics + port: 9187 + targetPort: metrics + selector: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name }} + role: master +{{- end }} diff --git a/helm/infrastructure/subcharts/kong/charts/postgresql/templates/networkpolicy.yaml b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/networkpolicy.yaml new file mode 100755 index 0000000..40496a7 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/networkpolicy.yaml @@ -0,0 +1,29 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: + podSelector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + ingress: + # Allow inbound connections + - ports: + - port: 5432 + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "postgresql.fullname" . }}-client: "true" + {{- end }} + # Allow prometheus scrapes + - ports: + - port: 9187 +{{- end }} diff --git a/helm/infrastructure/subcharts/kong/charts/postgresql/templates/secrets.yaml b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/secrets.yaml new file mode 100755 index 0000000..acc1681 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/secrets.yaml @@ -0,0 +1,25 @@ +{{- if not .Values.existingSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +type: Opaque +data: + {{- if .Values.postgresqlPassword }} + postgresql-password: {{ .Values.postgresqlPassword | b64enc | quote }} + {{- else }} + postgresql-password: {{ randAlphaNum 10 | b64enc | quote }} + {{- end }} + {{- if .Values.replication.enabled }} + {{- if .Values.replication.password }} + postgresql-replication-password: {{ .Values.replication.password | b64enc | quote }} + {{- else }} + postgresql-replication-password: {{ randAlphaNum 10 | b64enc | quote }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/charts/postgresql/templates/statefulset-slaves.yaml b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/statefulset-slaves.yaml new file mode 100755 index 0000000..498b9c7 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/statefulset-slaves.yaml @@ -0,0 +1,211 @@ +{{- if .Values.replication.enabled }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: "{{ template "postgresql.fullname" . }}-slave" + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: + serviceName: {{ template "postgresql.fullname" . }}-headless + replicas: {{ .Values.replication.slaveReplicas }} + selector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: slave + template: + metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + role: slave + spec: + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + {{- if .Values.slave.nodeSelector }} + nodeSelector: +{{ toYaml .Values.slave.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.slave.affinity }} + affinity: +{{ toYaml .Values.slave.affinity | indent 8 }} + {{- end }} + {{- if .Values.slave.tolerations }} + tolerations: +{{ toYaml .Values.slave.tolerations | indent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + initContainers: + - name: init-chmod-data + image: {{ template "postgresql.volumePermissions.image" . }} + imagePullPolicy: "{{ .Values.volumePermissions.image.pullPolicy }}" + resources: +{{ toYaml .Values.resources | indent 10 }} + command: + - sh + - -c + - | + chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /bitnami + if [ -d /bitnami/postgresql/data ]; then + chmod 0700 /bitnami/postgresql/data; + fi + securityContext: + runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} + volumeMounts: + - name: data + mountPath: /bitnami/postgresql + {{- end }} + containers: + - name: {{ template "postgresql.fullname" . }} + image: {{ template "postgresql.image" . }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + resources: +{{ toYaml .Values.resources | indent 10 }} + env: + {{- if .Values.image.debug}} + - name: BASH_DEBUG + value: "1" + - name: NAMI_DEBUG + value: "1" + {{- end }} + - name: POSTGRESQL_REPLICATION_MODE + value: "slave" + - name: POSTGRESQL_REPLICATION_USER + value: {{ .Values.replication.user | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRESQL_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" + {{- else }} + - name: POSTGRESQL_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-replication-password + {{- end }} + - name: POSTGRESQL_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + - name: POSTGRESQL_MASTER_HOST + value: {{ template "postgresql.fullname" . }} + - name: POSTGRESQL_MASTER_PORT_NUMBER + value: {{ .Values.service.port | quote }} + ports: + - name: postgresql + containerPort: {{ .Values.service.port }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - sh + - -c + {{- if .Values.postgresqlDatabase }} + - exec pg_isready -U {{ .Values.postgresqlUsername | quote }} -d {{ .Values.postgresqlDatabase | quote }} -h localhost + {{- else }} + - exec pg_isready -U {{ .Values.postgresqlUsername | quote }} -h localhost + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - sh + - -c + {{- if .Values.postgresqlDatabase }} + - exec pg_isready -U {{ .Values.postgresqlUsername | quote }} -d {{ .Values.postgresqlDatabase | quote }} -h localhost + {{- else }} + - exec pg_isready -U {{ .Values.postgresqlUsername | quote }} -h localhost + {{- end }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets + {{ end }} + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + {{ end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + - name: postgresql-config + mountPath: /bitnami/postgresql/conf + {{- end }} + volumes: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + secret: + secretName: {{ template "postgresql.secretName" . }} + {{ end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} + - name: postgresql-config + configMap: + name: {{ template "postgresql.configurationCM" . }} + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + configMap: + name: {{ template "postgresql.extendedConfigurationCM" . }} + {{- end }} + {{- if not .Values.persistence.enabled }} + - name: data + emptyDir: {} + {{- end }} + updateStrategy: + type: {{ .Values.updateStrategy.type }} +{{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/helm/infrastructure/subcharts/kong/charts/postgresql/templates/statefulset.yaml b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/statefulset.yaml new file mode 100755 index 0000000..8fee52d --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/statefulset.yaml @@ -0,0 +1,300 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "postgresql.master.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: + serviceName: {{ template "postgresql.fullname" . }}-headless + replicas: 1 + updateStrategy: + type: {{ .Values.updateStrategy.type }} + selector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: master + template: + metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + role: master + spec: + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + {{- if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- range .Values.metrics.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + {{- if .Values.master.nodeSelector }} + nodeSelector: +{{ toYaml .Values.master.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.master.affinity }} + affinity: +{{ toYaml .Values.master.affinity | indent 8 }} + {{- end }} + {{- if .Values.master.tolerations }} + tolerations: +{{ toYaml .Values.master.tolerations | indent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + initContainers: + - name: init-chmod-data + image: {{ template "postgresql.volumePermissions.image" . }} + imagePullPolicy: "{{ .Values.volumePermissions.image.pullPolicy }}" + resources: +{{ toYaml .Values.resources | indent 10 }} + command: + - sh + - -c + - | + chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /bitnami + if [ -d /bitnami/postgresql/data ]; then + chmod 0700 /bitnami/postgresql/data; + fi + securityContext: + runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} + volumeMounts: + - name: data + mountPath: /bitnami/postgresql + {{- end }} + containers: + - name: {{ template "postgresql.fullname" . }} + image: {{ template "postgresql.image" . }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + resources: +{{ toYaml .Values.resources | indent 10 }} + env: + {{- if .Values.image.debug}} + - name: BASH_DEBUG + value: "1" + - name: NAMI_DEBUG + value: "1" + {{- end }} + {{- if .Values.replication.enabled }} + - name: POSTGRESQL_REPLICATION_MODE + value: "master" + - name: POSTGRESQL_REPLICATION_USER + value: {{ .Values.replication.user | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRESQL_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" + {{- else }} + - name: POSTGRESQL_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-replication-password + {{- end }} + {{- if not (eq .Values.replication.synchronousCommit "off")}} + - name: POSTGRESQL_SYNCHRONOUS_COMMIT_MODE + value: {{ .Values.replication.synchronousCommit | quote }} + - name: POSTGRESQL_NUM_SYNCHRONOUS_REPLICAS + value: {{ .Values.replication.numSynchronousReplicas | quote }} + {{- end }} + - name: POSTGRESQL_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + {{- end }} + - name: POSTGRESQL_USERNAME + value: {{ .Values.postgresqlUsername | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRESQL_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: POSTGRESQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + {{- if .Values.postgresqlDatabase }} + - name: POSTGRESQL_DATABASE + value: {{ .Values.postgresqlDatabase | quote }} + {{- end }} +{{- if .Values.extraEnv }} +{{ toYaml .Values.extraEnv | indent 8 }} +{{- end }} + ports: + - name: postgresql + containerPort: {{ .Values.service.port }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - sh + - -c + {{- if .Values.postgresqlDatabase }} + - exec pg_isready -U {{ .Values.postgresqlUsername | quote }} -d {{ .Values.postgresqlDatabase | quote }} -h localhost + {{- else }} + - exec pg_isready -U {{ .Values.postgresqlUsername | quote }} -h localhost + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - sh + - -c + {{- if .Values.postgresqlDatabase }} + - exec pg_isready -U {{ .Values.postgresqlUsername | quote }} -d {{ .Values.postgresqlDatabase | quote }} -h localhost + {{- else }} + - exec pg_isready -U {{ .Values.postgresqlUsername | quote }} -h localhost + {{- end }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + - name: postgresql-config + mountPath: /bitnami/postgresql/conf + {{- end }} +{{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + env: + {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase)" .Values.postgresqlDatabase }} + - name: DATA_SOURCE_URI + value: {{ printf "localhost:%d/%s?sslmode=disable" (int .Values.service.port) $database | quote }} + {{- if .Values.usePasswordFile }} + - name: DATA_SOURCE_PASS_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: DATA_SOURCE_PASS + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + - name: DATA_SOURCE_USER + value: {{ .Values.postgresqlUsername }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: / + port: metrics + initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: / + port: metrics + initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + ports: + - name: metrics + containerPort: 9187 + resources: +{{ toYaml .Values.metrics.resources | indent 10 }} +{{- end }} + volumes: + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} + - name: postgresql-config + configMap: + name: {{ template "postgresql.configurationCM" . }} + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + configMap: + name: {{ template "postgresql.extendedConfigurationCM" . }} + {{- end }} + {{- if .Values.usePasswordFile }} + - name: postgresql-password + secret: + secretName: {{ template "postgresql.secretName" . }} + {{- end }} + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "postgresql.initdbScriptsCM" . }} + {{- end }} +{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim }} +{{- else if not .Values.persistence.enabled }} + - name: data + emptyDir: {} +{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} + volumeClaimTemplates: + - metadata: + name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/infrastructure/subcharts/kong/charts/postgresql/templates/svc-headless.yaml b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/svc-headless.yaml new file mode 100755 index 0000000..9414d60 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/svc-headless.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-headless + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: postgresql + port: 5432 + targetPort: postgresql + selector: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} diff --git a/helm/infrastructure/subcharts/kong/charts/postgresql/templates/svc-read.yaml b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/svc-read.yaml new file mode 100755 index 0000000..6b2de77 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/svc-read.yaml @@ -0,0 +1,31 @@ +{{- if .Values.replication.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-read + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +{{- with .Values.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - name: postgresql + port: {{ .Values.service.port }} + targetPort: postgresql + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + selector: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: slave +{{- end }} diff --git a/helm/infrastructure/subcharts/kong/charts/postgresql/templates/svc.yaml b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/svc.yaml new file mode 100755 index 0000000..31b9b08 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/svc.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +{{- with .Values.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + ports: + - name: postgresql + port: {{ .Values.service.port }} + targetPort: postgresql + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + selector: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: master diff --git a/helm/infrastructure/subcharts/kong/charts/postgresql/values-production.yaml b/helm/infrastructure/subcharts/kong/charts/postgresql/values-production.yaml new file mode 100755 index 0000000..f53542f --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/postgresql/values-production.yaml @@ -0,0 +1,283 @@ +## Global Docker image registry +### Please, note that this will override the image registry for all the images, including dependencies, configured to use the global value +### +## global: +## imageRegistry: + +## Bitnami PostgreSQL image version +## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ +## +image: + registry: docker.io + repository: bitnami/postgresql + tag: 10.6.0 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + +## +## Init containers parameters: +## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup +## +volumePermissions: + enabled: true + image: + registry: docker.io + repository: bitnami/minideb + tag: latest + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Init container Security Context + securityContext: + runAsUser: 0 + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + +replication: + enabled: true + user: repl_user + password: repl_password + slaveReplicas: 2 + ## Set synchronous commit mode: on, off, remote_apply, remote_write and local + ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL + synchronousCommit: "on" + ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication + ## NOTE: It cannot be > slaveReplicas + numSynchronousReplicas: 1 + ## Replication Cluster application name. Useful for defining multiple replication policies + applicationName: my_application + +## PostgreSQL admin user +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +postgresqlUsername: postgres + +## PostgreSQL password +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +## +# postgresqlPassword: + +## Create a database +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run +## +# postgresqlDatabase: + +## PostgreSQL password using existing secret +## existingSecret: secret + +## Mount PostgreSQL secret as a file instead of passing environment variable +# usePasswordFile: false + +## PostgreSQL configuration +## Specify runtime configuration parameters as a dict, using camelCase, e.g. +## {"sharedBuffers": "500MB"} +## Alternatively, you can put your postgresql.conf under the files/ directory +## ref: https://www.postgresql.org/docs/current/static/runtime-config.html +## +# postgresqlConfiguration: + +## PostgreSQL extended configuration +## As above, but _appended_ to the main configuration +## Alternatively, you can put your *.conf under the files/conf.d/ directory +## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf +## +# postgresqlExtendedConf: + +## PostgreSQL client authentication configuration +## Specify content for pg_hba.conf +## Default: do not create pg_hba.conf +## Alternatively, you can put your pg_hba.conf under the files/ directory +# pgHbaConfiguration: |- +# local all all trust +# host all all localhost trust +# host mydatabase mysuser 192.168.0.0/24 md5 + +## ConfigMap with PostgreSQL configuration +## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration +# configurationConfigMap: + +## ConfigMap with PostgreSQL extended configuration +# extendedConfConfigMap: + +## initdb scripts +## Specify dictionnary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh:| +# #!/bin/sh +# echo "Do something." + +## ConfigMap with scripts to be run at first boot +## NOTE: This will override initdbScripts +# initdbScriptsConfigMap: + +## PostgreSQL service configuration +service: + ## PosgresSQL service type + type: ClusterIP + port: 5432 + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + + ## Provide any additional annotations which may be required. This can be used to + annotations: {} + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + +## PostgreSQL data Persistent Volume Storage Class +## If defined, storageClassName: +## If set to "-", storageClassName: "", which disables dynamic provisioning +## If undefined (the default) or set to null, no storageClassName spec is +## set, choosing the default provisioner. (gp2 on AWS, standard on +## GKE, AWS & OpenStack) +## +persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + mountPath: /bitnami/postgresql + # storageClass: "-" + accessModes: + - ReadWriteOnce + size: 8Gi + annotations: {} + +## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +updateStrategy: + type: RollingUpdate + +## +## PostgreSQL Master parameters +## +master: + ## Node, affinity and tolerations labels for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + nodeSelector: {} + affinity: {} + tolerations: [] + +## +## PostgreSQL Slave parameters +## +slave: + ## Node, affinity and tolerations labels for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + nodeSelector: {} + affinity: {} + tolerations: [] + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 256Mi + cpu: 250m + +networkPolicy: + ## Enable creation of NetworkPolicy resources. + ## + enabled: false + + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the port PostgreSQL is listening + ## on. When true, PostgreSQL will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## Configure metrics exporter +## +metrics: + enabled: true + # resources: {} + service: + type: ClusterIP + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9187" + loadBalancerIP: + image: + registry: docker.io + repository: wrouesnel/postgres_exporter + tag: v0.4.6 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName + + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## Configure extra options for liveness and readiness probes + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +# Define custom environment variables to pass to the image here +extraEnv: {} diff --git a/helm/infrastructure/subcharts/kong/charts/postgresql/values.yaml b/helm/infrastructure/subcharts/kong/charts/postgresql/values.yaml new file mode 100755 index 0000000..e25704a --- /dev/null +++ b/helm/infrastructure/subcharts/kong/charts/postgresql/values.yaml @@ -0,0 +1,289 @@ +## Global Docker image registry +### Please, note that this will override the image registry for all the images, including dependencies, configured to use the global value +### +## global: +## imageRegistry: + +## Bitnami PostgreSQL image version +## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ +## +image: + registry: docker.io + repository: bitnami/postgresql + tag: 10.6.0 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + +## +## Init containers parameters: +## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup +## +volumePermissions: + enabled: true + image: + registry: docker.io + repository: bitnami/minideb + tag: latest + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Init container Security Context + securityContext: + runAsUser: 0 + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + +replication: + enabled: false + user: repl_user + password: repl_password + slaveReplicas: 1 + ## Set synchronous commit mode: on, off, remote_apply, remote_write and local + ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL + synchronousCommit: "off" + ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication + ## NOTE: It cannot be > slaveReplicas + numSynchronousReplicas: 0 + ## Replication Cluster application name. Useful for defining multiple replication policies + applicationName: my_application + +## PostgreSQL admin user +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +postgresqlUsername: postgres + +## PostgreSQL password +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +## +# postgresqlPassword: + +## PostgreSQL password using existing secret +## existingSecret: secret + +## Mount PostgreSQL secret as a file instead of passing environment variable +# usePasswordFile: false + +## Create a database +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run +## +# postgresqlDatabase: + +## PostgreSQL configuration +## Specify runtime configuration parameters as a dict, using camelCase, e.g. +## {"sharedBuffers": "500MB"} +## Alternatively, you can put your postgresql.conf under the files/ directory +## ref: https://www.postgresql.org/docs/current/static/runtime-config.html +## +# postgresqlConfiguration: + +## PostgreSQL extended configuration +## As above, but _appended_ to the main configuration +## Alternatively, you can put your *.conf under the files/conf.d/ directory +## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf +## +# postgresqlExtendedConf: + +## PostgreSQL client authentication configuration +## Specify content for pg_hba.conf +## Default: do not create pg_hba.conf +## Alternatively, you can put your pg_hba.conf under the files/ directory +# pgHbaConfiguration: |- +# local all all trust +# host all all localhost trust +# host mydatabase mysuser 192.168.0.0/24 md5 + +## ConfigMap with PostgreSQL configuration +## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration +# configurationConfigMap: + +## ConfigMap with PostgreSQL extended configuration +# extendedConfConfigMap: + +## initdb scripts +## Specify dictionnary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh:| +# #!/bin/sh +# echo "Do something." +# +## ConfigMap with scripts to be run at first boot +## NOTE: This will override initdbScripts +# initdbScriptsConfigMap: + +## Optional duration in seconds the pod needs to terminate gracefully. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +# terminationGracePeriodSeconds: 30 + +## PostgreSQL service configuration +service: + ## PosgresSQL service type + type: ClusterIP + # clusterIP: None + port: 5432 + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + + ## Provide any additional annotations which may be required. This can be used to + annotations: {} + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + +## PostgreSQL data Persistent Volume Storage Class +## If defined, storageClassName: +## If set to "-", storageClassName: "", which disables dynamic provisioning +## If undefined (the default) or set to null, no storageClassName spec is +## set, choosing the default provisioner. (gp2 on AWS, standard on +## GKE, AWS & OpenStack) +## +persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + mountPath: /bitnami/postgresql + # storageClass: "-" + accessModes: + - ReadWriteOnce + size: 8Gi + annotations: {} + +## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +updateStrategy: + type: RollingUpdate + +## +## PostgreSQL Master parameters +## +master: + ## Node, affinity and tolerations labels for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + nodeSelector: {} + affinity: {} + tolerations: [] + +## +## PostgreSQL Slave parameters +## +slave: + ## Node, affinity and tolerations labels for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + nodeSelector: {} + affinity: {} + tolerations: [] + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 256Mi + cpu: 250m + +networkPolicy: + ## Enable creation of NetworkPolicy resources. + ## + enabled: false + + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the port PostgreSQL is listening + ## on. When true, PostgreSQL will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## Configure metrics exporter +## +metrics: + enabled: false + # resources: {} + service: + type: ClusterIP + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9187" + loadBalancerIP: + image: + registry: docker.io + repository: wrouesnel/postgres_exporter + tag: v0.4.6 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName + + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## Configure extra options for liveness and readiness probes + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +# Define custom environment variables to pass to the image here +extraEnv: {} diff --git a/helm/infrastructure/subcharts/kong/ci/cassandra.yaml b/helm/infrastructure/subcharts/kong/ci/cassandra.yaml new file mode 100755 index 0000000..4357ccd --- /dev/null +++ b/helm/infrastructure/subcharts/kong/ci/cassandra.yaml @@ -0,0 +1,7 @@ +env: + database: cassandra + +cassandra: + enabled: true +postgres: + enabled: false diff --git a/helm/infrastructure/subcharts/kong/ci/dbless-no-kic-internal-declarative-config-values.yaml b/helm/infrastructure/subcharts/kong/ci/dbless-no-kic-internal-declarative-config-values.yaml new file mode 100755 index 0000000..596b7c7 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/ci/dbless-no-kic-internal-declarative-config-values.yaml @@ -0,0 +1,39 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +# CI test for testing dbless deployment without ingress controllers +ingressController: + enabled: false +env: + database: "off" +postgresql: + enabled: false +dblessConfig: + # Or the configuration is passed in full-text below + config: + _format_version: "1.1" + services: + - name: test-svc + url: http://example.com + routes: + - name: test + paths: + - /test + plugins: + - name: request-termination + config: + status_code: 200 + message: "dbless-config" diff --git a/helm/infrastructure/subcharts/kong/ci/dbless-no-kic-values.yaml b/helm/infrastructure/subcharts/kong/ci/dbless-no-kic-values.yaml new file mode 100755 index 0000000..04eaee7 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/ci/dbless-no-kic-values.yaml @@ -0,0 +1,21 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +# CI test for testing dbless deployment +env: + database: "off" +postgresql: + enabled: false diff --git a/helm/infrastructure/subcharts/kong/ci/dbless-values.yaml b/helm/infrastructure/subcharts/kong/ci/dbless-values.yaml new file mode 100755 index 0000000..f9fe62a --- /dev/null +++ b/helm/infrastructure/subcharts/kong/ci/dbless-values.yaml @@ -0,0 +1,29 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +# CI test for testing dbless deployment + +podDisruptionBudget: + enabled: true + +ingressController: + enabled: true + podDisruptionBudget: + enabled: true +env: + database: "off" +postgresql: + enabled: false diff --git a/helm/infrastructure/subcharts/kong/ci/default-values.yaml b/helm/infrastructure/subcharts/kong/ci/default-values.yaml new file mode 100755 index 0000000..b24106b --- /dev/null +++ b/helm/infrastructure/subcharts/kong/ci/default-values.yaml @@ -0,0 +1,444 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +# Default values for kong. +# Declare variables to be passed into your templates. + +image: + repository: kong + # repository: kong-docker-kong-enterprise-edition-docker.bintray.io/kong-enterprise-edition + tag: 1.3 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## If using the official Kong Enterprise registry above, you MUST provide a secret. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName + +waitImage: + repository: busybox + tag: latest + +# Specify Kong admin and proxy services configurations +admin: + # If you want to specify annotations for the admin service, uncomment the following + # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'. + annotations: {} + # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" + + # HTTPS traffic on the admin port + # if set to false also set readinessProbe and livenessProbe httpGet scheme's to 'HTTP' + useTLS: true + servicePort: 8444 + containerPort: 8444 + # Kong admin service type + type: NodePort + # Set a nodePort which is available + # nodePort: 32444 + # Kong admin ingress settings. + ingress: + # Enable/disable exposure using ingress. + enabled: false + # TLS secret name. + # tls: kong-admin.example.com-tls + # Array of ingress hosts. + hosts: [] + # Map of ingress annotations. + annotations: {} + # Ingress path. + path: / + +proxy: + # If you want to specify annotations for the proxy service, uncomment the following + # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'. + annotations: {} + # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" + + # HTTP plain-text traffic + http: + enabled: true + servicePort: 80 + containerPort: 8000 + # Set a nodePort which is available if service type is NodePort + # nodePort: 32080 + + tls: + enabled: true + servicePort: 443 + containerPort: 8443 + # Set a nodePort which is available if service type is NodePort + # nodePort: 32443 + + type: NodePort + + # Kong proxy ingress settings. + ingress: + # Enable/disable exposure using ingress. + enabled: false + # TLS secret name. + # tls: kong-proxy.example.com-tls + # Array of ingress hosts. + hosts: [] + # Map of ingress annotations. + annotations: {} + # Ingress path. + path: / + + externalIPs: [] + +manager: + # If you want to specify annotations for the Manager service, uncomment the following + # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'. + annotations: {} + # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" + + # HTTP plain-text traffic + http: + enabled: true + servicePort: 8002 + containerPort: 8002 + # Set a nodePort which is available if service type is NodePort + # nodePort: 32080 + + tls: + enabled: true + servicePort: 8445 + containerPort: 8445 + # Set a nodePort which is available if service type is NodePort + # nodePort: 32443 + + type: NodePort + + # Kong proxy ingress settings. + ingress: + # Enable/disable exposure using ingress. + enabled: false + # TLS secret name. + # tls: kong-proxy.example.com-tls + # Array of ingress hosts. + hosts: [] + # Map of ingress annotations. + annotations: {} + # Ingress path. + path: / + + externalIPs: [] + +portal: + # If you want to specify annotations for the Portal service, uncomment the following + # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'. + annotations: {} + # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" + + # HTTP plain-text traffic + http: + enabled: true + servicePort: 8003 + containerPort: 8003 + # Set a nodePort which is available if service type is NodePort + # nodePort: 32080 + + tls: + enabled: true + servicePort: 8446 + containerPort: 8446 + # Set a nodePort which is available if service type is NodePort + # nodePort: 32443 + + type: NodePort + + # Kong proxy ingress settings. + ingress: + # Enable/disable exposure using ingress. + enabled: false + # TLS secret name. + # tls: kong-proxy.example.com-tls + # Array of ingress hosts. + hosts: [] + # Map of ingress annotations. + annotations: {} + # Ingress path. + path: / + + externalIPs: [] + +portalapi: + # If you want to specify annotations for the Portal API service, uncomment the following + # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'. + annotations: {} + # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" + + # HTTP plain-text traffic + http: + enabled: true + servicePort: 8004 + containerPort: 8004 + # Set a nodePort which is available if service type is NodePort + # nodePort: 32080 + + tls: + enabled: true + servicePort: 8447 + containerPort: 8447 + # Set a nodePort which is available if service type is NodePort + # nodePort: 32443 + + type: NodePort + + # Kong proxy ingress settings. + ingress: + # Enable/disable exposure using ingress. + enabled: false + # TLS secret name. + # tls: kong-proxy.example.com-tls + # Array of ingress hosts. + hosts: [] + # Map of ingress annotations. + annotations: {} + # Ingress path. + path: / + + externalIPs: [] + +# Toggle Kong Enterprise features on or off +# RBAC and SMTP configuration have additional options that must all be set together +# Other settings should be added to the "env" settings below +enterprise: + enabled: false + # Kong Enterprise license secret name + # This secret must contain a single 'license' key, containing your base64-encoded license data + # The license secret is required for all Kong Enterprise deployments + license_secret: you-must-create-a-kong-license-secret + # Session configuration secret + # The session conf secret is required if using RBAC or the Portal + vitals: + enabled: true + portal: + enabled: false + # portal_auth here sets the default authentication mechanism for the Portal + # FIXME This can be changed per-workspace, but must currently default to + # basic-auth to work around limitations with session configuration + portal_auth: basic-auth + # If the Portal is enabled and any workspace's Portal uses authentication, + # this Secret must contain an portal_session_conf key + # The key value must be a secret configuration, following the example at https://docs.konghq.com/enterprise/0.35-x/kong-manager/authentication/sessions/ + session_conf_secret: you-must-create-a-portal-session-conf-secret + rbac: + enabled: false + admin_gui_auth: basic-auth + # If RBAC is enabled, this Secret must contain an admin_gui_session_conf key + # The key value must be a secret configuration, following the example at https://docs.konghq.com/enterprise/0.35-x/kong-manager/authentication/sessions/ + session_conf_secret: you-must-create-an-rbac-session-conf-secret + # Set to the appropriate plugin config JSON if not using basic-auth + admin_gui_auth_conf: {} + smtp: + enabled: false + portal_emails_from: none@example.com + portal_emails_reply_to: none@example.com + admin_emails_from: none@example.com + admin_emails_reply_to: none@example.com + smtp_admin_emails: none@example.com + smtp_host: smtp.example.com + smtp_port: 587 + smtp_starttls: true + auth: + # If your SMTP server does not require authentication, this section can + # be left as-is. If smtp_username is set to anything other than an empty + # string, you must create a Secret with an smtp_password key containing + # your SMTP password and specify its name here. + smtp_username: '' # e.g. postmaster@example.com + smtp_password_secret: you-must-create-an-smtp-password + +# Set runMigrations to run Kong migrations +runMigrations: true + +# update strategy +updateStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: "100%" + # maxUnavailable: "0%" + +# Specify Kong configurations +# Kong configurations guide https://getkong.org/docs/latest/configuration/ +# Values here take precedence over values from other sections of values.yaml, +# e.g. setting pg_user here will override the value normally set when postgresql.enabled +# is set below. In general, you should not set values here if they are set elsewhere. +env: + database: postgres + proxy_access_log: /dev/stdout + admin_access_log: /dev/stdout + admin_gui_access_log: /dev/stdout + portal_api_access_log: /dev/stdout + proxy_error_log: /dev/stderr + admin_error_log: /dev/stderr + admin_gui_error_log: /dev/stderr + portal_api_error_log: /dev/stderr + +# If you want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +# readinessProbe for Kong pods +# If using Kong Enterprise with RBAC, you must add a Kong-Admin-Token header +readinessProbe: + httpGet: + path: "/status" + port: admin + scheme: HTTPS + initialDelaySeconds: 30 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 5 + +# livenessProbe for Kong pods +# If using Kong Enterprise with RBAC, you must add a Kong-Admin-Token header +livenessProbe: + httpGet: + path: "/status" + port: admin + scheme: HTTPS + initialDelaySeconds: 30 + timeoutSeconds: 5 + periodSeconds: 30 + successThreshold: 1 + failureThreshold: 5 + +# Affinity for pod assignment +# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +# affinity: {} + +# Tolerations for pod assignment +# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# Node labels for pod assignment +# Ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} + +# Annotation to be added to Kong pods +podAnnotations: {} + +# Kong pod count +replicaCount: 1 + +# Kong Pod Disruption Budget +podDisruptionBudget: + enabled: false + maxUnavailable: "50%" + +# Kong has a choice of either Postgres or Cassandra as a backend datatstore. +# This chart allows you to choose either of them with the `database.type` +# parameter. Postgres is chosen by default. + +# Additionally, this chart allows you to use your own database or spin up a new +# instance by using the `postgres.enabled` or `cassandra.enabled` parameters. +# Enabling both will create both databases in your cluster, but only one +# will be used by Kong based on the `env.database` parameter. +# Postgres is enabled by default. + +# Cassandra chart configs +cassandra: + enabled: false + +# PostgreSQL chart configs +postgresql: + enabled: true + postgresqlUsername: kong + postgresqlDatabase: kong + service: + port: 5432 + +# Kong Ingress Controller's primary purpose is to satisfy Ingress resources +# created in k8s. It uses CRDs for more fine grained control over routing and +# for Kong specific configuration. +ingressController: + enabled: false + image: + repository: kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller + tag: 0.5.0 + replicaCount: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + + installCRDs: true + + rbac: + # Specifies whether RBAC resources should be created + create: true + + serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + + ingressClass: kong + + podDisruptionBudget: + enabled: false + maxUnavailable: "50%" + +# We pass the dbless (declarative) config over here. +dblessConfig: + # Either Kong's configuration is managed from an existing ConfigMap (with Key: kong.yml) + configMap: "" + # Or the configuration is passed in full-text below + config: + _format_version: "1.1" + services: + # Example configuration + # - name: example.com + # url: http://example.com + # routes: + # - name: example + # paths: + # - "/example" + +serviceMonitor: + # Specifies whether ServiceMonitor for Prometheus operator should be created + enabled: false + # interval: 10s + # Specifies namespace, where ServiceMonitor should be installed + # namespace: monitoring diff --git a/helm/infrastructure/subcharts/kong/ci/ingressController-values.yaml b/helm/infrastructure/subcharts/kong/ci/ingressController-values.yaml new file mode 100755 index 0000000..e36fed4 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/ci/ingressController-values.yaml @@ -0,0 +1,3 @@ +# CI test for Ingress controller basic installation +ingressController: + enabled: true diff --git a/helm/infrastructure/subcharts/kong/ci/loadbalancer-values.yaml b/helm/infrastructure/subcharts/kong/ci/loadbalancer-values.yaml new file mode 100755 index 0000000..7a24b87 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/ci/loadbalancer-values.yaml @@ -0,0 +1,50 @@ +# CI test for LoadBalancer admin/proxy types + +admin: + useTLS: true + type: LoadBalancer + loadBalancerSourceRanges: + - 192.168.1.1/32 + - 10.10.10.10/32 + +proxy: + useTLS: true + type: LoadBalancer + loadBalancerSourceRanges: + - 192.168.1.1/32 + - 10.10.10.10/32 + +updateStrategy: + type: "RollingUpdate" + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + +readinessProbe: + httpGet: + path: "/status" + port: admin + scheme: HTTPS + initialDelaySeconds: 30 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 5 + +livenessProbe: + httpGet: + path: "/status" + port: admin + scheme: HTTPS + initialDelaySeconds: 30 + timeoutSeconds: 5 + periodSeconds: 30 + successThreshold: 1 + failureThreshold: 5 + +postgresql: + enabled: true + postgresUser: kong + postgresDatabase: kong + service: + port: 5432 diff --git a/helm/infrastructure/subcharts/kong/requirements.yaml b/helm/infrastructure/subcharts/kong/requirements.yaml new file mode 100755 index 0000000..ef0c8eb --- /dev/null +++ b/helm/infrastructure/subcharts/kong/requirements.yaml @@ -0,0 +1,25 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +dependencies: +- name: postgresql + version: ~3.9.1 + repository: https://kubernetes-charts.storage.googleapis.com/ + condition: postgresql.enabled +- name: cassandra + version: ~0.10.5 + repository: https://kubernetes-charts-incubator.storage.googleapis.com/ + condition: cassandra.enabled diff --git a/helm/infrastructure/subcharts/kong/templates/NOTES.txt b/helm/infrastructure/subcharts/kong/templates/NOTES.txt new file mode 100755 index 0000000..7724fdc --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/NOTES.txt @@ -0,0 +1,81 @@ +1. Kong Admin can be accessed inside the cluster using: + DNS={{ template "kong.fullname" . }}-admin.{{ .Release.Namespace }}.svc.cluster.local + PORT={{ .Values.admin.servicePort }} + +To connect from outside the K8s cluster: + {{- if contains "LoadBalancer" .Values.admin.type }} + HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "kong.fullname" . }}-admin -o jsonpath='{.status.loadBalancer.ingress.ip}') + PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "kong.fullname" . }}-admin -o jsonpath='{.spec.ports[0].nodePort}') + + {{- else if contains "NodePort" .Values.admin.type }} + HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath='{.items[0].status.addresses[0].address}') + PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "kong.fullname" . }}-admin -o jsonpath='{.spec.ports[0].nodePort}') + + {{- else if .Values.admin.ingress.enabled }} + +use one of the addresses listed below + + {{- $path := .Values.admin.ingress.path -}} + {{- if .Values.admin.ingress.tls }} + {{- range .Values.admin.ingress.hosts }} + https://{{ . }}{{ $path }} + {{- end }} + {{- else }} + {{- range .Values.admin.ingress.hosts }} + http://{{ . }}{{ $path }} + {{- end }} + {{- end }} + + {{- else if contains "ClusterIP" .Values.admin.type }} + HOST=127.0.0.1 + + # Execute the following commands to route the connection to Admin SSL port: + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "release={{ .Release.Name }}, app={{ template "kong.name" . }}" -o jsonpath="{.items[0].metadata.name}") + kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME {{ .Values.admin.servicePort }}:{{ .Values.admin.servicePort }} + {{- end }} + + +2. Kong Proxy can be accessed inside the cluster using: + DNS={{ template "kong.fullname" . }}-proxy.{{ .Release.Namespace }}.svc.cluster.local + {{- if .Values.proxy.tls.enabled -}} + PORT={{ .Values.proxy.tls.servicePort }} + {{- else -}} + PORT={{ .Values.proxy.http.servicePort }} + {{- end -}} + + +To connect from outside the K8s cluster: + {{- if contains "LoadBalancer" .Values.proxy.type }} + HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "kong.fullname" . }}-proxy -o jsonpath='{.status.loadBalancer.ingress.ip}') + PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "kong.fullname" . }}-proxy -o jsonpath='{.spec.ports[0].nodePort}') + + {{- else if contains "NodePort" .Values.proxy.type }} + HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath='{.items[0].status.addresses[0].address}') + PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "kong.fullname" . }}-proxy -o jsonpath='{.spec.ports[0].nodePort}') + + {{- else if .Values.proxy.ingress.enabled }} + +use one of the addresses listed below + + {{- $path := .Values.proxy.ingress.path -}} + {{- if .Values.proxy.ingress.tls }} + {{- range .Values.proxy.ingress.hosts }} + https://{{ . }}{{ $path }} + {{- end }} + {{- else }} + {{- range .Values.proxy.ingress.hosts }} + http://{{ . }}{{ $path }} + {{- end }} + {{- end }} + + {{- else if contains "ClusterIP" .Values.proxy.type }} + HOST=127.0.0.1 + + # Execute the following commands to route the connection to proxy SSL port: + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "release={{ .Release.Name }}, app={{ template "kong.name" . }}" -o jsonpath="{.items[0].metadata.name}") + {{- if .Values.proxy.tls.enabled -}} + kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME {{ .Values.proxy.tls.servicePort }}:{{ .Values.proxy.tls.servicePort }} + {{- else -}} + kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME {{ .Values.proxy.http.servicePort }}:{{ .Values.proxy.http.servicePort }} + {{- end -}} + {{- end }} diff --git a/helm/infrastructure/subcharts/kong/templates/_helpers.tpl b/helm/infrastructure/subcharts/kong/templates/_helpers.tpl new file mode 100755 index 0000000..0a39678 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/_helpers.tpl @@ -0,0 +1,227 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} + +{{- define "kong.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "kong.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "kong.postgresql.fullname" -}} +{{- $name := default "postgresql" .Values.postgresql.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "kong.cassandra.fullname" -}} +{{- $name := default "cassandra" .Values.cassandra.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "kong.dblessConfig.fullname" -}} +{{- $name := default "kong-custom-dbless-config" .Values.dblessConfig.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kong.serviceAccountName" -}} +{{- if .Values.ingressController.serviceAccount.create -}} + {{ default (include "kong.fullname" .) .Values.ingressController.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the KONG_PROXY_LISTEN value string +*/}} +{{- define "kong.kongProxyListenValue" -}} + +{{- if and .Values.proxy.http.enabled .Values.proxy.tls.enabled -}} + 0.0.0.0:{{ .Values.proxy.http.containerPort }},0.0.0.0:{{ .Values.proxy.tls.containerPort }} ssl +{{- else -}} +{{- if .Values.proxy.http.enabled -}} + 0.0.0.0:{{ .Values.proxy.http.containerPort }} +{{- end -}} +{{- if .Values.proxy.tls.enabled -}} + 0.0.0.0:{{ .Values.proxy.tls.containerPort }} ssl +{{- end -}} +{{- end -}} + +{{- end }} + +{{/* +Create the KONG_ADMIN_GUI_LISTEN value string +*/}} +{{- define "kong.kongManagerListenValue" -}} + +{{- if and .Values.manager.http.enabled .Values.manager.tls.enabled -}} + 0.0.0.0:{{ .Values.manager.http.containerPort }},0.0.0.0:{{ .Values.manager.tls.containerPort }} ssl +{{- else -}} +{{- if .Values.manager.http.enabled -}} + 0.0.0.0:{{ .Values.manager.http.containerPort }} +{{- end -}} +{{- if .Values.manager.tls.enabled -}} + 0.0.0.0:{{ .Values.manager.tls.containerPort }} ssl +{{- end -}} +{{- end -}} + +{{- end }} + +{{/* +Create the KONG_PORTAL_GUI_LISTEN value string +*/}} +{{- define "kong.kongPortalListenValue" -}} + +{{- if and .Values.portal.http.enabled .Values.portal.tls.enabled -}} + 0.0.0.0:{{ .Values.portal.http.containerPort }},0.0.0.0:{{ .Values.portal.tls.containerPort }} ssl +{{- else -}} +{{- if .Values.portal.http.enabled -}} + 0.0.0.0:{{ .Values.portal.http.containerPort }} +{{- end -}} +{{- if .Values.portal.tls.enabled -}} + 0.0.0.0:{{ .Values.portal.tls.containerPort }} ssl +{{- end -}} +{{- end -}} + +{{- end }} + +{{/* +Create the KONG_PORTAL_API_LISTEN value string +*/}} +{{- define "kong.kongPortalApiListenValue" -}} + +{{- if and .Values.portalapi.http.enabled .Values.portalapi.tls.enabled -}} + 0.0.0.0:{{ .Values.portalapi.http.containerPort }},0.0.0.0:{{ .Values.portalapi.tls.containerPort }} ssl +{{- else -}} +{{- if .Values.portalapi.http.enabled -}} + 0.0.0.0:{{ .Values.portalapi.http.containerPort }} +{{- end -}} +{{- if .Values.portalapi.tls.enabled -}} + 0.0.0.0:{{ .Values.portalapi.tls.containerPort }} ssl +{{- end -}} +{{- end -}} + +{{- end }} + +{{/* +Create the ingress servicePort value string +*/}} + +{{- define "kong.ingress.servicePort" -}} +{{- if .tls.enabled -}} + {{ .tls.servicePort }} +{{- else -}} + {{ .http.servicePort }} +{{- end -}} +{{- end -}} + + +{{- define "kong.env" -}} +{{- range $key, $val := .Values.env }} +- name: KONG_{{ $key | upper}} +{{- $valueType := printf "%T" $val -}} +{{ if eq $valueType "map[string]interface {}" }} +{{ toYaml $val | indent 2 -}} +{{- else }} + value: {{ $val | quote -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "kong.wait-for-db" -}} +- name: wait-for-db + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + {{- if .Values.enterprise.enabled }} + {{- include "kong.license" . | nindent 2 }} + {{- end }} + {{- if .Values.postgresql.enabled }} + - name: KONG_PG_HOST + value: {{ template "kong.postgresql.fullname" . }} + - name: KONG_PG_PORT + value: "{{ .Values.postgresql.service.port }}" + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "kong.postgresql.fullname" . }} + key: postgresql-password + {{- end }} + {{- if .Values.cassandra.enabled }} + - name: KONG_CASSANDRA_CONTACT_POINTS + value: {{ template "kong.cassandra.fullname" . }} + {{- end }} + {{- include "kong.env" . | nindent 2 }} + command: [ "/bin/sh", "-c", "until kong start; do echo 'waiting for db'; sleep 1; done; kong stop" ] +{{- end -}} + +{{- define "kong.controller-container" -}} +- name: ingress-controller + args: + - /kong-ingress-controller + # Service from were we extract the IP address/es to use in Ingress status + - --publish-service={{ .Release.Namespace }}/{{ template "kong.fullname" . }}-proxy + # Set the ingress class + - --ingress-class={{ .Values.ingressController.ingressClass }} + - --election-id=kong-ingress-controller-leader-{{ .Values.ingressController.ingressClass }} + # the kong URL points to the kong admin api server + {{- if .Values.admin.useTLS }} + - --kong-url=https://localhost:{{ .Values.admin.containerPort }} + - --admin-tls-skip-verify # TODO make this configurable + {{- else }} + - --kong-url=http://localhost:{{ .Values.admin.containerPort }} + {{- end }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.ingressController.image.repository }}:{{ .Values.ingressController.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: +{{ toYaml .Values.ingressController.resources | indent 10 }} +{{- end -}} + +{{/* +Retrieve Kong Enterprise license from a secret and make it available in env vars +*/}} +{{- define "kong.license" -}} +- name: KONG_LICENSE_DATA + valueFrom: + secretKeyRef: + name: {{ .Values.enterprise.license_secret }} + key: license +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/templates/config-custom-server-blocks.yaml b/helm/infrastructure/subcharts/kong/templates/config-custom-server-blocks.yaml new file mode 100755 index 0000000..466aa72 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/config-custom-server-blocks.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "kong.fullname" . }}-default-custom-server-blocks + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: + servers.conf: | + # Prometheus metrics server + server { + server_name kong_prometheus_exporter; + listen 0.0.0.0:9542; # can be any other port as well + access_log off; + location /metrics { + default_type text/plain; + content_by_lua_block { + local prometheus = require "kong.plugins.prometheus.exporter" + prometheus:collect() + } + } + location /nginx_status { + internal; + access_log off; + stub_status; + } + } diff --git a/helm/infrastructure/subcharts/kong/templates/config-dbless.yaml b/helm/infrastructure/subcharts/kong/templates/config-dbless.yaml new file mode 100755 index 0000000..186c0fa --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/config-dbless.yaml @@ -0,0 +1,16 @@ +{{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off")) }} +{{- if not .Values.dblessConfig.configMap }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "kong.dblessConfig.fullname" . }} + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: + kong.yml: | +{{ .Values.dblessConfig.config | toYaml | indent 4 }} +{{- end }} +{{- end }} diff --git a/helm/infrastructure/subcharts/kong/templates/controller-cluster-role.yaml b/helm/infrastructure/subcharts/kong/templates/controller-cluster-role.yaml new file mode 100755 index 0000000..a555c0a --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/controller-cluster-role.yaml @@ -0,0 +1,76 @@ +{{- if and .Values.ingressController.rbac.create .Values.ingressController.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ template "kong.fullname" . }} +rules: + - apiGroups: + - "" + resources: + - endpoints + - nodes + - pods + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - "networking.k8s.io" + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "networking.k8s.io" + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - "configuration.konghq.com" + resources: + - kongplugins + - kongcredentials + - kongconsumers + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - "networking.k8s.io" + resources: + - ingresses + verbs: + - get + - list + - watch +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/templates/controller-deployment.yaml b/helm/infrastructure/subcharts/kong/templates/controller-deployment.yaml new file mode 100755 index 0000000..2bb7f08 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/controller-deployment.yaml @@ -0,0 +1,96 @@ +{{- if (and (.Values.ingressController.enabled) (not (eq .Values.env.database "off"))) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ template "kong.fullname" . }}-controller" + labels: + app: "{{ template "kong.name" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + component: "controller" +spec: + replicas: {{ .Values.ingressController.replicaCount }} + selector: + matchLabels: + app: {{ template "kong.name" . }} + release: {{ .Release.Name }} + component: "controller" + template: + metadata: + {{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + labels: + app: {{ template "kong.name" . }} + release: {{ .Release.Name }} + component: "controller" + spec: + serviceAccountName: {{ template "kong.serviceAccountName" . }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + initContainers: + {{- include "kong.wait-for-db" . | nindent 6 }} + containers: + - name: admin-api + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: KONG_PROXY_LISTEN + value: 'off' + {{- if .Values.enterprise.enabled }} + {{- if .Values.enterprise.rbac.enabled }} + # TODO: uncomment this once we have a means of securely providing the + # controller its token using a secret. + #- name: KONG_ENFORCE_RBAC + # value: "on" + {{- end }} + # the controller admin API should not receive requests to create admins or developers + # never enable SMTP on it as such + {{- if .Values.enterprise.smtp.enabled }} + - name: KONG_SMTP_MOCK + value: "on" + {{- else }} + - name: KONG_SMTP_MOCK + value: "on" + {{- end }} + {{- include "kong.license" . | nindent 8 }} + {{- end }} + {{- if .Values.admin.useTLS }} + - name: KONG_ADMIN_LISTEN + value: "0.0.0.0:{{ .Values.admin.containerPort }} ssl" + {{- else }} + - name: KONG_ADMIN_LISTEN + value: 0.0.0.0:{{ .Values.admin.containerPort }} + {{- end }} + {{- if .Values.postgresql.enabled }} + - name: KONG_PG_HOST + value: {{ template "kong.postgresql.fullname" . }} + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "kong.postgresql.fullname" . }} + key: postgresql-password + {{- end }} + {{- if .Values.cassandra.enabled }} + - name: KONG_CASSANDRA_CONTACT_POINTS + value: {{ template "kong.cassandra.fullname" . }} + {{- end }} + {{- include "kong.env" . | indent 8 }} + ports: + - name: admin + containerPort: {{ .Values.admin.containerPort }} + protocol: TCP + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 10 }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 10 }} + resources: +{{ toYaml .Values.resources | indent 10 }} + {{- include "kong.controller-container" . | nindent 6 }} +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/templates/controller-pdb.yaml b/helm/infrastructure/subcharts/kong/templates/controller-pdb.yaml new file mode 100755 index 0000000..d032781 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/controller-pdb.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.ingressController.enabled .Values.ingressController.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: "{{ template "kong.fullname" . }}-controller" + labels: + app: "{{ template "kong.name" . }}" +spec: + {{- if .Values.ingressController.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.ingressController.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.ingressController.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.ingressController.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + app: {{ template "kong.name" . }} + release: {{ .Release.Name }} + component: controller +{{- end }} \ No newline at end of file diff --git a/helm/infrastructure/subcharts/kong/templates/controller-rbac-cluster-role-binding.yaml b/helm/infrastructure/subcharts/kong/templates/controller-rbac-cluster-role-binding.yaml new file mode 100755 index 0000000..2e4e752 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/controller-rbac-cluster-role-binding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.ingressController.rbac.create .Values.ingressController.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kong.fullname" . }} + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kong.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kong.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/templates/controller-rbac-role-binding.yaml b/helm/infrastructure/subcharts/kong/templates/controller-rbac-role-binding.yaml new file mode 100755 index 0000000..6dad019 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/controller-rbac-role-binding.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.ingressController.rbac.create .Values.ingressController.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: {{ template "kong.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kong.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kong.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/templates/controller-rbac-role.yaml b/helm/infrastructure/subcharts/kong/templates/controller-rbac-role.yaml new file mode 100755 index 0000000..90e0767 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/controller-rbac-role.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.ingressController.rbac.create .Values.ingressController.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: {{ template "kong.fullname" . }} + namespace: {{ .Release.namespace }} + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + resourceNames: + # Defaults to "-" + # Here: "-" + # This has to be adapted if you change either parameter + # when launching the nginx-ingress-controller. + - "kong-ingress-controller-leader-{{ .Values.ingressController.ingressClass }}-{{ .Values.ingressController.ingressClass }}" + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/templates/controller-service-account.yaml b/helm/infrastructure/subcharts/kong/templates/controller-service-account.yaml new file mode 100755 index 0000000..050b860 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/controller-service-account.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.ingressController.enabled .Values.ingressController.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kong.serviceAccountName" . }} + namespace: {{ .Release.namespace }} + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/templates/crd-kongconsumer.yaml b/helm/infrastructure/subcharts/kong/templates/crd-kongconsumer.yaml new file mode 100755 index 0000000..a25eff5 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/crd-kongconsumer.yaml @@ -0,0 +1,36 @@ +{{- if and .Values.ingressController.enabled .Values.ingressController.installCRDs -}} +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: kongconsumers.configuration.konghq.com + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + group: configuration.konghq.com + version: v1 + scope: Namespaced + names: + kind: KongConsumer + plural: kongconsumers + shortNames: + - kc + additionalPrinterColumns: + - name: Username + type: string + description: Username of a Kong Consumer + JSONPath: .username + - name: Age + type: date + description: Age + JSONPath: .metadata.creationTimestamp + validation: + openAPIV3Schema: + properties: + username: + type: string + custom_id: + type: string +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/templates/crd-kongcredential.yaml b/helm/infrastructure/subcharts/kong/templates/crd-kongcredential.yaml new file mode 100755 index 0000000..d442157 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/crd-kongcredential.yaml @@ -0,0 +1,41 @@ +{{- if and .Values.ingressController.enabled .Values.ingressController.installCRDs -}} +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: kongcredentials.configuration.konghq.com + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + group: configuration.konghq.com + version: v1 + scope: Namespaced + names: + kind: KongCredential + plural: kongcredentials + additionalPrinterColumns: + - name: Credential-type + type: string + description: Type of credential + JSONPath: .type + - name: Age + type: date + description: Age + JSONPath: .metadata.creationTimestamp + - name: Consumer-Ref + type: string + description: Owner of the credential + JSONPath: .consumerRef + validation: + openAPIV3Schema: + required: + - consumerRef + - type + properties: + consumerRef: + type: string + type: + type: string +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/templates/crd-kongingress.yaml b/helm/infrastructure/subcharts/kong/templates/crd-kongingress.yaml new file mode 100755 index 0000000..17d4ce7 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/crd-kongingress.yaml @@ -0,0 +1,137 @@ +{{- if and .Values.ingressController.enabled .Values.ingressController.installCRDs -}} +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: kongingresses.configuration.konghq.com + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + group: configuration.konghq.com + version: v1 + scope: Namespaced + names: + kind: KongIngress + plural: kongingresses + shortNames: + - ki + validation: + openAPIV3Schema: + properties: + upstream: + type: object + route: + properties: + methods: + type: array + items: + type: string + regex_priority: + type: integer + strip_path: + type: boolean + preserve_host: + type: boolean + protocols: + type: array + items: + type: string + enum: + - http + - https + proxy: + type: object + properties: + protocol: + type: string + enum: + - http + - https + path: + type: string + pattern: ^/.*$ + retries: + type: integer + minimum: 0 + connect_timeout: + type: integer + minimum: 0 + read_timeout: + type: integer + minimum: 0 + write_timeout: + type: integer + minimum: 0 + upstream: + type: object + properties: + hash_on: + type: string + hash_on_cookie: + type: string + hash_on_cookie_path: + type: string + hash_on_header: + type: string + hash_fallback_header: + type: string + hash_fallback: + type: string + slots: + type: integer + minimum: 10 + healthchecks: + type: object + properties: + active: + type: object + properties: + concurrency: + type: integer + minimum: 1 + timeout: + type: integer + minimum: 0 + http_path: + type: string + pattern: ^/.*$ + healthy: &healthy + type: object + properties: + http_statuses: + type: array + items: + type: integer + interval: + type: integer + minimum: 0 + successes: + type: integer + minimum: 0 + unhealthy: &unhealthy + type: object + properties: + http_failures: + type: integer + minimum: 0 + http_statuses: + type: array + items: + type: integer + interval: + type: integer + minimum: 0 + tcp_failures: + type: integer + minimum: 0 + timeout: + type: integer + minimum: 0 + passive: + type: object + properties: + healthy: *healthy + unhealthy: *unhealthy +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/templates/crd-kongplugins.yaml b/helm/infrastructure/subcharts/kong/templates/crd-kongplugins.yaml new file mode 100755 index 0000000..bdd9604 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/crd-kongplugins.yaml @@ -0,0 +1,50 @@ +{{- if and .Values.ingressController.enabled .Values.ingressController.installCRDs -}} +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: kongplugins.configuration.konghq.com + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + group: configuration.konghq.com + version: v1 + scope: Namespaced + names: + kind: KongPlugin + plural: kongplugins + shortNames: + - kp + additionalPrinterColumns: + - name: Plugin-Type + type: string + description: Name of the plugin + JSONPath: .plugin + - name: Age + type: date + description: Age + JSONPath: .metadata.creationTimestamp + - name: Disabled + type: boolean + description: Indicates if the plugin is disabled + JSONPath: .disabled + priority: 1 + - name: Config + type: string + description: Configuration of the plugin + JSONPath: .config + priority: 1 + validation: + openAPIV3Schema: + required: + - plugin + properties: + plugin: + type: string + disabled: + type: boolean + config: + type: object +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/templates/deployment.yaml b/helm/infrastructure/subcharts/kong/templates/deployment.yaml new file mode 100755 index 0000000..9bcbab0 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/deployment.yaml @@ -0,0 +1,281 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ template "kong.fullname" . }}" + labels: + app: "{{ template "kong.name" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + component: app +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "kong.name" . }} + release: {{ .Release.Name }} + component: app + {{- if .Values.updateStrategy }} + strategy: +{{ toYaml .Values.updateStrategy | indent 4 }} + {{- end }} + + template: + metadata: + annotations: + {{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off" )) }} + {{- if .Values.dblessConfig.config }} + checksum/dbless.config: {{ toYaml .Values.dblessConfig.config | sha256sum }} + {{- end }} + {{- end }} + {{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + labels: + app: {{ template "kong.name" . }} + release: {{ .Release.Name }} + component: app + spec: + {{- if (and (.Values.ingressController.enabled) (eq .Values.env.database "off")) }} + serviceAccountName: {{ template "kong.serviceAccountName" . }} + {{ end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + {{- if not (eq .Values.env.database "off") }} + initContainers: + {{- include "kong.wait-for-db" . | nindent 6 }} + {{ end }} + containers: + {{- if (and (.Values.ingressController.enabled) (eq .Values.env.database "off")) }} + {{- include "kong.controller-container" . | nindent 6 }} + {{ end }} + - name: {{ template "kong.name" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + {{- if not .Values.env.admin_listen }} + {{- if .Values.admin.useTLS }} + - name: KONG_ADMIN_LISTEN + value: "0.0.0.0:{{ .Values.admin.containerPort }} ssl" + {{- else }} + - name: KONG_ADMIN_LISTEN + value: 0.0.0.0:{{ .Values.admin.containerPort }} + {{- end }} + {{- end }} + {{- if not .Values.env.proxy_listen }} + - name: KONG_PROXY_LISTEN + value: {{ template "kong.kongProxyListenValue" . }} + {{- end }} + {{- if and (not .Values.env.admin_gui_listen) (.Values.enterprise.enabled) }} + - name: KONG_ADMIN_GUI_LISTEN + value: {{ template "kong.kongManagerListenValue" . }} + {{- end }} + {{- if and (not .Values.env.portal_gui_listen) (.Values.enterprise.enabled) (.Values.enterprise.portal.enabled) }} + - name: KONG_PORTAL_GUI_LISTEN + value: {{ template "kong.kongPortalListenValue" . }} + {{- end }} + {{- if and (not .Values.env.portal_api_listen) (.Values.enterprise.enabled) (.Values.enterprise.portal.enabled) }} + - name: KONG_PORTAL_API_LISTEN + value: {{ template "kong.kongPortalApiListenValue" . }} + {{- end }} + - name: KONG_NGINX_DAEMON + value: "off" + {{- if .Values.enterprise.enabled }} + {{- if .Values.enterprise.vitals.enabled }} + - name: KONG_VITALS + value: "on" + {{- end }} + {{- if .Values.enterprise.portal.enabled }} + - name: KONG_PORTAL + value: "on" + {{- if .Values.enterprise.portal.portal_auth }} + - name: KONG_PORTAL_AUTH + value: {{ .Values.enterprise.portal.portal_auth }} + - name: KONG_PORTAL_SESSION_CONF + valueFrom: + secretKeyRef: + name: {{ .Values.enterprise.portal.session_conf_secret }} + key: portal_session_conf + {{- end }} + {{- end }} + {{- if .Values.enterprise.rbac.enabled }} + - name: KONG_ENFORCE_RBAC + value: "on" + - name: KONG_ADMIN_GUI_AUTH + value: {{ .Values.enterprise.rbac.admin_gui_auth | default "basic-auth" }} + - name: KONG_ADMIN_GUI_AUTH_CONF + value: '{{ toJson .Values.enterprise.rbac.admin_gui_auth_conf }}' + - name: KONG_ADMIN_GUI_SESSION_CONF + valueFrom: + secretKeyRef: + name: {{ .Values.enterprise.rbac.session_conf_secret }} + key: admin_gui_session_conf + {{- end }} + {{- if .Values.enterprise.smtp.enabled }} + - name: KONG_PORTAL_EMAILS_FROM + value: {{ .Values.enterprise.smtp.portal_emails_from }} + - name: KONG_PORTAL_EMAILS_REPLY_TO + value: {{ .Values.enterprise.smtp.portal_emails_reply_to }} + - name: KONG_ADMIN_EMAILS_FROM + value: {{ .Values.enterprise.smtp.admin_emails_from }} + - name: KONG_ADMIN_EMAILS_REPLY_TO + value: {{ .Values.enterprise.smtp.admin_emails_reply_to }} + - name: KONG_SMTP_HOST + value: {{ .Values.enterprise.smtp.smtp_host }} + - name: KONG_SMTP_PORT + value: {{ .Values.enterprise.smtp.smtp_port }} + - name: KONG_SMTP_STARTTLS + value: {{ .Values.enterprise.smtp.smtp_starttls }} + {{- if .Values.enterprise.smtp.auth.smtp_username }} + - name: KONG_SMTP_USERNAME + value: {{ .Values.enterprise.smtp.auth.smtp_username }} + - name: KONG_SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.enterprise.smtp.auth.smtp_password }} + key: smtp_password + {{- end }} + {{- else }} + - name: KONG_SMTP_MOCK + value: "on" + {{- end }} + {{- include "kong.license" . | nindent 8 }} + {{- end }} + - name: KONG_NGINX_HTTP_INCLUDE + value: /kong/servers.conf + {{- if .Values.postgresql.enabled }} + - name: KONG_PG_HOST + value: {{ template "kong.postgresql.fullname" . }} + - name: KONG_PG_PORT + value: "{{ .Values.postgresql.service.port }}" + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "kong.postgresql.fullname" . }} + key: postgresql-password + {{- end }} + {{- if .Values.cassandra.enabled }} + - name: KONG_CASSANDRA_CONTACT_POINTS + value: {{ template "kong.cassandra.fullname" . }} + {{- end }} + {{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off")) }} + - name: KONG_DECLARATIVE_CONFIG + value: "/kong_dbless/kong.yml" + {{- end }} + {{- include "kong.env" . | indent 8 }} + ports: + - name: admin + containerPort: {{ .Values.admin.containerPort }} + {{- if .Values.admin.hostPort }} + hostPort: {{ .Values.admin.hostPort }} + {{- end}} + protocol: TCP + {{- if .Values.proxy.http.enabled }} + - name: proxy + containerPort: {{ .Values.proxy.http.containerPort }} + {{- if .Values.proxy.http.hostPort }} + hostPort: {{ .Values.proxy.http.hostPort }} + {{- end}} + protocol: TCP + {{- end }} + {{- if .Values.proxy.tls.enabled }} + - name: proxy-tls + containerPort: {{ .Values.proxy.tls.containerPort }} + {{- if .Values.proxy.tls.hostPort }} + hostPort: {{ .Values.proxy.tls.hostPort }} + {{- end}} + protocol: TCP + {{- end }} + - name: metrics + containerPort: 9542 + protocol: TCP + {{- if .Values.enterprise.enabled }} + {{- if .Values.manager.http.enabled }} + - name: manager + containerPort: {{ .Values.manager.http.containerPort }} + {{- if .Values.manager.http.hostPort }} + hostPort: {{ .Values.manager.http.hostPort }} + {{- end}} + protocol: TCP + {{- end }} + {{- if .Values.manager.tls.enabled }} + - name: manager-tls + containerPort: {{ .Values.manager.tls.containerPort }} + {{- if .Values.manager.tls.hostPort }} + hostPort: {{ .Values.manager.tls.hostPort }} + {{- end}} + protocol: TCP + {{- end }} + {{- if .Values.portal.http.enabled }} + - name: portal + containerPort: {{ .Values.portal.http.containerPort }} + {{- if .Values.portal.http.hostPort }} + hostPort: {{ .Values.portal.http.hostPort }} + {{- end}} + protocol: TCP + {{- end }} + {{- if .Values.portal.tls.enabled }} + - name: portal-tls + containerPort: {{ .Values.portal.tls.containerPort }} + {{- if .Values.portal.tls.hostPort }} + hostPort: {{ .Values.portal.tls.hostPort }} + {{- end}} + protocol: TCP + {{- end }} + {{- if .Values.portalapi.http.enabled }} + - name: portalapi + containerPort: {{ .Values.portalapi.http.containerPort }} + {{- if .Values.portalapi.http.hostPort }} + hostPort: {{ .Values.portalapi.http.hostPort }} + {{- end}} + protocol: TCP + {{- end }} + {{- if .Values.portalapi.tls.enabled }} + - name: portalapi-tls + containerPort: {{ .Values.portalapi.tls.containerPort }} + {{- if .Values.portalapi.tls.hostPort }} + hostPort: {{ .Values.portalapi.tls.hostPort }} + {{- end}} + protocol: TCP + {{- end }} + {{- end }} + volumeMounts: + - name: custom-nginx-template-volume + mountPath: /kong + {{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off")) }} + - name: kong-custom-dbless-config-volume + mountPath: /kong_dbless/ + {{- end }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 10 }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 10 }} + resources: +{{ toYaml .Values.resources | indent 10 }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + volumes: + - name: custom-nginx-template-volume + configMap: + name: {{ template "kong.fullname" . }}-default-custom-server-blocks +{{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off")) }} + - name: kong-custom-dbless-config-volume + configMap: + {{- if .Values.dblessConfig.configMap }} + name: {{ .Values.dblessConfig.configMap }} + {{- else }} + name: {{ template "kong.dblessConfig.fullname" . }} + {{- end }} +{{- end }} diff --git a/helm/infrastructure/subcharts/kong/templates/ingress-admin.yaml b/helm/infrastructure/subcharts/kong/templates/ingress-admin.yaml new file mode 100755 index 0000000..3ca0587 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/ingress-admin.yaml @@ -0,0 +1,33 @@ +{{- if .Values.admin.ingress.enabled -}} +{{- $serviceName := include "kong.fullname" . -}} +{{- $servicePort := .Values.admin.servicePort -}} +{{- $path := .Values.admin.ingress.path -}} +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ template "kong.fullname" . }}-admin + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + {{- range $key, $value := .Values.admin.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + {{- range $host := .Values.admin.ingress.hosts }} + - host: {{ $host }} + http: + paths: + - path: {{ $path }} + backend: + serviceName: {{ $serviceName }}-admin + servicePort: {{ $servicePort }} + {{- end -}} + {{- if .Values.admin.ingress.tls }} + tls: +{{ toYaml .Values.admin.ingress.tls | indent 4 }} + {{- end -}} +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/templates/ingress-manager.yaml b/helm/infrastructure/subcharts/kong/templates/ingress-manager.yaml new file mode 100755 index 0000000..76c798d --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/ingress-manager.yaml @@ -0,0 +1,35 @@ +{{- if .Values.enterprise.enabled }} +{{- if .Values.manager.ingress.enabled -}} +{{- $serviceName := include "kong.fullname" . -}} +{{- $servicePort := include "kong.ingress.servicePort" .Values.manager -}} +{{- $path := .Values.manager.ingress.path -}} +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ template "kong.fullname" . }}-manager + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + {{- range $key, $value := .Values.manager.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + {{- range $host := .Values.manager.ingress.hosts }} + - host: {{ $host }} + http: + paths: + - path: {{ $path }} + backend: + serviceName: {{ $serviceName }}-manager + servicePort: {{ $servicePort }} + {{- end -}} + {{- if .Values.manager.ingress.tls }} + tls: +{{ toYaml .Values.manager.ingress.tls | indent 4 }} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/templates/ingress-portal-api.yaml b/helm/infrastructure/subcharts/kong/templates/ingress-portal-api.yaml new file mode 100755 index 0000000..e6fa104 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/ingress-portal-api.yaml @@ -0,0 +1,35 @@ +{{- if .Values.enterprise.enabled }} +{{- if .Values.portalapi.ingress.enabled -}} +{{- $serviceName := include "kong.fullname" . -}} +{{- $servicePort := include "kong.ingress.servicePort" .Values.portalapi -}} +{{- $path := .Values.portalapi.ingress.path -}} +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ template "kong.fullname" . }}-portalapi + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + {{- range $key, $value := .Values.portalapi.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + {{- range $host := .Values.portalapi.ingress.hosts }} + - host: {{ $host }} + http: + paths: + - path: {{ $path }} + backend: + serviceName: {{ $serviceName }}-portalapi + servicePort: {{ $servicePort }} + {{- end -}} + {{- if .Values.portalapi.ingress.tls }} + tls: +{{ toYaml .Values.portalapi.ingress.tls | indent 4 }} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/templates/ingress-portal.yaml b/helm/infrastructure/subcharts/kong/templates/ingress-portal.yaml new file mode 100755 index 0000000..da399b5 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/ingress-portal.yaml @@ -0,0 +1,35 @@ +{{- if .Values.enterprise.enabled }} +{{- if .Values.portal.ingress.enabled -}} +{{- $serviceName := include "kong.fullname" . -}} +{{- $servicePort := include "kong.ingress.servicePort" .Values.portal -}} +{{- $path := .Values.portal.ingress.path -}} +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ template "kong.fullname" . }}-portal + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + {{- range $key, $value := .Values.portal.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + {{- range $host := .Values.portal.ingress.hosts }} + - host: {{ $host }} + http: + paths: + - path: {{ $path }} + backend: + serviceName: {{ $serviceName }}-portal + servicePort: {{ $servicePort }} + {{- end -}} + {{- if .Values.portal.ingress.tls }} + tls: +{{ toYaml .Values.portal.ingress.tls | indent 4 }} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/templates/ingress-proxy.yaml b/helm/infrastructure/subcharts/kong/templates/ingress-proxy.yaml new file mode 100755 index 0000000..002f0cd --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/ingress-proxy.yaml @@ -0,0 +1,33 @@ +{{- if .Values.proxy.ingress.enabled -}} +{{- $serviceName := include "kong.fullname" . -}} +{{- $servicePort := include "kong.ingress.servicePort" .Values.proxy -}} +{{- $path := .Values.proxy.ingress.path -}} +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ template "kong.fullname" . }}-proxy + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + {{- range $key, $value := .Values.proxy.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + {{- range $host := .Values.proxy.ingress.hosts }} + - host: {{ $host }} + http: + paths: + - path: {{ $path }} + backend: + serviceName: {{ $serviceName }}-proxy + servicePort: {{ $servicePort }} + {{- end -}} + {{- if .Values.proxy.ingress.tls }} + tls: +{{ toYaml .Values.proxy.ingress.tls | indent 4 }} + {{- end -}} +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/templates/migrations-post-upgrade.yaml b/helm/infrastructure/subcharts/kong/templates/migrations-post-upgrade.yaml new file mode 100755 index 0000000..dcc9b77 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/migrations-post-upgrade.yaml @@ -0,0 +1,76 @@ +{{- if (and (.Values.runMigrations) (not (eq .Values.env.database "off"))) }} +# Why is this Job duplicated and not using only helm hooks? +# See: https://github.com/helm/charts/pull/7362 +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "kong.fullname" . }}-post-upgrade-migrations + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + component: post-upgrade-migrations + annotations: + helm.sh/hook: "post-upgrade" + helm.sh/hook-delete-policy: "before-hook-creation" +spec: + template: + metadata: + name: {{ template "kong.name" . }}-post-upgrade-migrations + labels: + app: {{ template "kong.name" . }} + release: "{{ .Release.Name }}" + component: post-upgrade-migrations + spec: + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.postgresql.enabled }} + initContainers: + - name: wait-for-postgres + image: "{{ .Values.waitImage.repository }}:{{ .Values.waitImage.tag }}" + env: + - name: KONG_PG_HOST + value: {{ template "kong.postgresql.fullname" . }} + - name: KONG_PG_PORT + value: "{{ .Values.postgresql.service.port }}" + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "kong.postgresql.fullname" . }} + key: postgresql-password + command: [ "/bin/sh", "-c", "until nc -zv $KONG_PG_HOST $KONG_PG_PORT -w1; do echo 'waiting for db'; sleep 1; done" ] + {{- end }} + containers: + - name: {{ template "kong.name" . }}-post-upgrade-migrations + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: KONG_NGINX_DAEMON + value: "off" + {{- if .Values.enterprise.enabled }} + {{- include "kong.license" . | nindent 8 }} + {{- end }} + {{- if .Values.postgresql.enabled }} + - name: KONG_PG_HOST + value: {{ template "kong.postgresql.fullname" . }} + - name: KONG_PG_PORT + value: "{{ .Values.postgresql.service.port }}" + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "kong.postgresql.fullname" . }} + key: postgresql-password + {{- end }} + {{- if .Values.cassandra.enabled }} + - name: KONG_CASSANDRA_CONTACT_POINTS + value: {{ template "kong.cassandra.fullname" . }} + {{- end }} + {{- include "kong.env" . | indent 8 }} + command: [ "/bin/sh", "-c", "kong migrations finish" ] + restartPolicy: OnFailure +{{- end }} diff --git a/helm/infrastructure/subcharts/kong/templates/migrations-pre-upgrade.yaml b/helm/infrastructure/subcharts/kong/templates/migrations-pre-upgrade.yaml new file mode 100755 index 0000000..1839871 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/migrations-pre-upgrade.yaml @@ -0,0 +1,76 @@ +{{- if (and (.Values.runMigrations) (not (eq .Values.env.database "off"))) }} +# Why is this Job duplicated and not using only helm hooks? +# See: https://github.com/helm/charts/pull/7362 +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "kong.fullname" . }}-pre-upgrade-migrations + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + component: pre-upgrade-migrations + annotations: + helm.sh/hook: "pre-upgrade" + helm.sh/hook-delete-policy: "before-hook-creation" +spec: + template: + metadata: + name: {{ template "kong.name" . }}-pre-upgrade-migrations + labels: + app: {{ template "kong.name" . }} + release: "{{ .Release.Name }}" + component: pre-upgrade-migrations + spec: + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.postgresql.enabled }} + initContainers: + - name: wait-for-postgres + image: "{{ .Values.waitImage.repository }}:{{ .Values.waitImage.tag }}" + env: + - name: KONG_PG_HOST + value: {{ template "kong.postgresql.fullname" . }} + - name: KONG_PG_PORT + value: "{{ .Values.postgresql.service.port }}" + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "kong.postgresql.fullname" . }} + key: postgresql-password + command: [ "/bin/sh", "-c", "until nc -zv $KONG_PG_HOST $KONG_PG_PORT -w1; do echo 'waiting for db'; sleep 1; done" ] + {{- end }} + containers: + - name: {{ template "kong.name" . }}-upgrade-migrations + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: KONG_NGINX_DAEMON + value: "off" + {{- if .Values.enterprise.enabled }} + {{- include "kong.license" . | nindent 8 }} + {{- end }} + {{- if .Values.postgresql.enabled }} + - name: KONG_PG_HOST + value: {{ template "kong.postgresql.fullname" . }} + - name: KONG_PG_PORT + value: "{{ .Values.postgresql.service.port }}" + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "kong.postgresql.fullname" . }} + key: postgresql-password + {{- end }} + {{- if .Values.cassandra.enabled }} + - name: KONG_CASSANDRA_CONTACT_POINTS + value: {{ template "kong.cassandra.fullname" . }} + {{- end }} + {{- include "kong.env" . | indent 8 }} + command: [ "/bin/sh", "-c", "kong migrations up" ] + restartPolicy: OnFailure +{{- end }} diff --git a/helm/infrastructure/subcharts/kong/templates/migrations.yaml b/helm/infrastructure/subcharts/kong/templates/migrations.yaml new file mode 100755 index 0000000..76c9b29 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/migrations.yaml @@ -0,0 +1,71 @@ +{{- if (and (.Values.runMigrations) (not (eq .Values.env.database "off"))) }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "kong.fullname" . }}-init-migrations + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + component: init-migrations +spec: + template: + metadata: + name: {{ template "kong.name" . }}-init-migrations + labels: + app: {{ template "kong.name" . }} + release: "{{ .Release.Name }}" + component: init-migrations + spec: + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.postgresql.enabled }} + initContainers: + - name: wait-for-postgres + image: "{{ .Values.waitImage.repository }}:{{ .Values.waitImage.tag }}" + env: + - name: KONG_PG_HOST + value: {{ template "kong.postgresql.fullname" . }} + - name: KONG_PG_PORT + value: "{{ .Values.postgresql.service.port }}" + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "kong.postgresql.fullname" . }} + key: postgresql-password + command: [ "/bin/sh", "-c", "until nc -zv $KONG_PG_HOST $KONG_PG_PORT -w1; do echo 'waiting for db'; sleep 1; done" ] + {{- end }} + containers: + - name: {{ template "kong.name" . }}-migrations + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: KONG_NGINX_DAEMON + value: "off" + {{- if .Values.enterprise.enabled }} + {{- include "kong.license" . | nindent 8 }} + {{- end }} + {{- if .Values.postgresql.enabled }} + - name: KONG_PG_HOST + value: {{ template "kong.postgresql.fullname" . }} + - name: KONG_PG_PORT + value: "{{ .Values.postgresql.service.port }}" + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "kong.postgresql.fullname" . }} + key: postgresql-password + {{- end }} + {{- if .Values.cassandra.enabled }} + - name: KONG_CASSANDRA_CONTACT_POINTS + value: {{ template "kong.cassandra.fullname" . }} + {{- end }} + {{- include "kong.env" . | indent 8 }} + command: [ "/bin/sh", "-c", "kong migrations bootstrap" ] + restartPolicy: OnFailure +{{- end }} diff --git a/helm/infrastructure/subcharts/kong/templates/pdb.yaml b/helm/infrastructure/subcharts/kong/templates/pdb.yaml new file mode 100755 index 0000000..f52b6fb --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/pdb.yaml @@ -0,0 +1,20 @@ +{{- if .Values.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: "{{ template "kong.fullname" . }}" + labels: + app: "{{ template "kong.name" . }}" +spec: + {{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + app: {{ template "kong.name" . }} + release: {{ .Release.Name }} + component: app +{{- end }} \ No newline at end of file diff --git a/helm/infrastructure/subcharts/kong/templates/service-kong-admin.yaml b/helm/infrastructure/subcharts/kong/templates/service-kong-admin.yaml new file mode 100755 index 0000000..40107cb --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/service-kong-admin.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kong.fullname" . }}-admin + annotations: + {{- range $key, $value := .Values.admin.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + type: {{ .Values.admin.type }} + {{- if eq .Values.admin.type "LoadBalancer" }} + {{- if .Values.admin.loadBalancerIP }} + loadBalancerIP: {{ .Values.admin.loadBalancerIP }} + {{- end }} + {{- if .Values.admin.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.admin.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} + {{- end }} + {{- end }} + ports: + - name: kong-admin + port: {{ .Values.admin.servicePort }} + targetPort: {{ .Values.admin.containerPort }} + {{- if (and (eq .Values.admin.type "NodePort") (not (empty .Values.admin.nodePort))) }} + nodePort: {{ .Values.admin.nodePort }} + {{- end }} + protocol: TCP + selector: + app: {{ template "kong.name" . }} + release: {{ .Release.Name }} + component: app diff --git a/helm/infrastructure/subcharts/kong/templates/service-kong-manager.yaml b/helm/infrastructure/subcharts/kong/templates/service-kong-manager.yaml new file mode 100755 index 0000000..f9a370c --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/service-kong-manager.yaml @@ -0,0 +1,57 @@ +{{- if .Values.enterprise.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kong.fullname" . }}-manager + annotations: + {{- range $key, $value := .Values.manager.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + type: {{ .Values.manager.type }} + {{- if eq .Values.manager.type "LoadBalancer" }} + {{- if .Values.manager.loadBalancerIP }} + loadBalancerIP: {{ .Values.manager.loadBalancerIP }} + {{- end }} + {{- if .Values.manager.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.manager.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} + {{- end }} + {{- end }} + externalIPs: + {{- range $ip := .Values.manager.externalIPs }} + - {{ $ip }} + {{- end }} + ports: + {{- if .Values.manager.http.enabled }} + - name: kong-manager + port: {{ .Values.manager.http.servicePort }} + targetPort: {{ .Values.manager.http.containerPort }} + {{- if (and (eq .Values.manager.type "NodePort") (not (empty .Values.manager.http.nodePort))) }} + nodePort: {{ .Values.manager.http.nodePort }} + {{- end }} + protocol: TCP + {{- end }} + {{- if or .Values.manager.tls.enabled }} + - name: kong-manager-tls + port: {{ .Values.manager.tls.servicePort }} + targetPort: {{ .Values.manager.tls.containerPort }} + {{- if (and (eq .Values.manager.type "NodePort") (not (empty .Values.manager.tls.nodePort))) }} + nodePort: {{ .Values.manager.tls.nodePort }} + {{- end }} + protocol: TCP + {{- end }} + + + selector: + app: {{ template "kong.name" . }} + release: {{ .Release.Name }} + component: app +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/templates/service-kong-portal-api.yaml b/helm/infrastructure/subcharts/kong/templates/service-kong-portal-api.yaml new file mode 100755 index 0000000..aedd1b0 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/service-kong-portal-api.yaml @@ -0,0 +1,57 @@ +{{- if .Values.enterprise.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kong.fullname" . }}-portalapi + annotations: + {{- range $key, $value := .Values.portalapi.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + type: {{ .Values.portalapi.type }} + {{- if eq .Values.portalapi.type "LoadBalancer" }} + {{- if .Values.portalapi.loadBalancerIP }} + loadBalancerIP: {{ .Values.portalapi.loadBalancerIP }} + {{- end }} + {{- if .Values.portalapi.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.portalapi.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} + {{- end }} + {{- end }} + externalIPs: + {{- range $ip := .Values.portalapi.externalIPs }} + - {{ $ip }} + {{- end }} + ports: + {{- if .Values.portalapi.http.enabled }} + - name: kong-portalapi + port: {{ .Values.portalapi.http.servicePort }} + targetPort: {{ .Values.portalapi.http.containerPort }} + {{- if (and (eq .Values.portalapi.type "NodePort") (not (empty .Values.portalapi.http.nodePort))) }} + nodePort: {{ .Values.portalapi.http.nodePort }} + {{- end }} + protocol: TCP + {{- end }} + {{- if or .Values.portalapi.tls.enabled }} + - name: kong-portalapi-tls + port: {{ .Values.portalapi.tls.servicePort }} + targetPort: {{ .Values.portalapi.tls.containerPort }} + {{- if (and (eq .Values.portalapi.type "NodePort") (not (empty .Values.portalapi.tls.nodePort))) }} + nodePort: {{ .Values.portalapi.tls.nodePort }} + {{- end }} + protocol: TCP + {{- end }} + + + selector: + app: {{ template "kong.name" . }} + release: {{ .Release.Name }} + component: app +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/templates/service-kong-portal.yaml b/helm/infrastructure/subcharts/kong/templates/service-kong-portal.yaml new file mode 100755 index 0000000..1e336da --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/service-kong-portal.yaml @@ -0,0 +1,57 @@ +{{- if .Values.enterprise.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kong.fullname" . }}-portal + annotations: + {{- range $key, $value := .Values.portal.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + type: {{ .Values.portal.type }} + {{- if eq .Values.portal.type "LoadBalancer" }} + {{- if .Values.portal.loadBalancerIP }} + loadBalancerIP: {{ .Values.portal.loadBalancerIP }} + {{- end }} + {{- if .Values.portal.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.portal.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} + {{- end }} + {{- end }} + externalIPs: + {{- range $ip := .Values.portal.externalIPs }} + - {{ $ip }} + {{- end }} + ports: + {{- if .Values.portal.http.enabled }} + - name: kong-portal + port: {{ .Values.portal.http.servicePort }} + targetPort: {{ .Values.portal.http.containerPort }} + {{- if (and (eq .Values.portal.type "NodePort") (not (empty .Values.portal.http.nodePort))) }} + nodePort: {{ .Values.portal.http.nodePort }} + {{- end }} + protocol: TCP + {{- end }} + {{- if or .Values.portal.tls.enabled }} + - name: kong-portal-tls + port: {{ .Values.portal.tls.servicePort }} + targetPort: {{ .Values.portal.tls.containerPort }} + {{- if (and (eq .Values.portal.type "NodePort") (not (empty .Values.portal.tls.nodePort))) }} + nodePort: {{ .Values.portal.tls.nodePort }} + {{- end }} + protocol: TCP + {{- end }} + + + selector: + app: {{ template "kong.name" . }} + release: {{ .Release.Name }} + component: app +{{- end -}} diff --git a/helm/infrastructure/subcharts/kong/templates/service-kong-proxy.yaml b/helm/infrastructure/subcharts/kong/templates/service-kong-proxy.yaml new file mode 100755 index 0000000..ff3454a --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/service-kong-proxy.yaml @@ -0,0 +1,57 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kong.fullname" . }}-proxy + annotations: + {{- range $key, $value := .Values.proxy.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + type: {{ .Values.proxy.type }} + {{- if eq .Values.proxy.type "LoadBalancer" }} + {{- if .Values.proxy.loadBalancerIP }} + loadBalancerIP: {{ .Values.proxy.loadBalancerIP }} + {{- end }} + {{- if .Values.proxy.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.proxy.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} + {{- end }} + {{- end }} + externalIPs: + {{- range $ip := .Values.proxy.externalIPs }} + - {{ $ip }} + {{- end }} + ports: + {{- if .Values.proxy.http.enabled }} + - name: kong-proxy + port: {{ .Values.proxy.http.servicePort }} + targetPort: {{ .Values.proxy.http.containerPort }} + {{- if (and (eq .Values.proxy.type "NodePort") (not (empty .Values.proxy.http.nodePort))) }} + nodePort: {{ .Values.proxy.http.nodePort }} + {{- end }} + protocol: TCP + {{- end }} + {{- if or .Values.proxy.tls.enabled }} + - name: kong-proxy-tls + port: {{ .Values.proxy.tls.servicePort }} + targetPort: {{ .Values.proxy.tls.containerPort }} + {{- if (and (eq .Values.proxy.type "NodePort") (not (empty .Values.proxy.tls.nodePort))) }} + nodePort: {{ .Values.proxy.tls.nodePort }} + {{- end }} + protocol: TCP + {{- end }} + {{- if .Values.proxy.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.proxy.externalTrafficPolicy }} + {{- end }} + + selector: + app: {{ template "kong.name" . }} + release: {{ .Release.Name }} + component: app diff --git a/helm/infrastructure/subcharts/kong/templates/servicemonitor.yaml b/helm/infrastructure/subcharts/kong/templates/servicemonitor.yaml new file mode 100755 index 0000000..d138d05 --- /dev/null +++ b/helm/infrastructure/subcharts/kong/templates/servicemonitor.yaml @@ -0,0 +1,29 @@ +{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kong.fullname" . }} + {{- if .Values.serviceMonitor.namespace }} + namespace: {{ .Values.serviceMonitor.namespace }} + {{- end }} + labels: + app: {{ template "kong.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + endpoints: + - targetPort: metrics + scheme: http + {{- if .Values.serviceMonitor.interval }} + interval: {{ .Values.serviceMonitor.interval }} + {{- end }} + jobLabel: {{ .Release.Name }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app: {{ template "kong.name" . }} + release: {{ .Release.Name }} +{{- end }} diff --git a/helm/infrastructure/subcharts/kong/values.yaml b/helm/infrastructure/subcharts/kong/values.yaml new file mode 100755 index 0000000..c61f97f --- /dev/null +++ b/helm/infrastructure/subcharts/kong/values.yaml @@ -0,0 +1,444 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +# Default values for kong. +# Declare variables to be passed into your templates. + +image: + repository: kong + # repository: kong-docker-kong-enterprise-edition-docker.bintray.io/kong-enterprise-edition + tag: 1.3 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## If using the official Kong Enterprise registry above, you MUST provide a secret. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName + +waitImage: + repository: busybox + tag: latest + +# Specify Kong admin and proxy services configurations +admin: + # If you want to specify annotations for the admin service, uncomment the following + # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'. + annotations: {} + # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" + + # HTTPS traffic on the admin port + # if set to false also set readinessProbe and livenessProbe httpGet scheme's to 'HTTP' + useTLS: true + servicePort: 8444 + containerPort: 8444 + # Kong admin service type + type: NodePort + # Set a nodePort which is available + # nodePort: 32444 + # Kong admin ingress settings. + ingress: + # Enable/disable exposure using ingress. + enabled: false + # TLS secret name. + # tls: kong-admin.example.com-tls + # Array of ingress hosts. + hosts: [] + # Map of ingress annotations. + annotations: {} + # Ingress path. + path: / + +proxy: + # If you want to specify annotations for the proxy service, uncomment the following + # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'. + annotations: {} + # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" + + # HTTP plain-text traffic + http: + enabled: true + servicePort: 80 + containerPort: 8000 + # Set a nodePort which is available if service type is NodePort + nodePort: 32080 + + tls: + enabled: true + servicePort: 443 + containerPort: 8443 + # Set a nodePort which is available if service type is NodePort + nodePort: 32443 + + type: NodePort + + # Kong proxy ingress settings. + ingress: + # Enable/disable exposure using ingress. + enabled: false + # TLS secret name. + # tls: kong-proxy.example.com-tls + # Array of ingress hosts. + hosts: [] + # Map of ingress annotations. + annotations: {} + # Ingress path. + path: / + + externalIPs: [] + +manager: + # If you want to specify annotations for the Manager service, uncomment the following + # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'. + annotations: {} + # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" + + # HTTP plain-text traffic + http: + enabled: true + servicePort: 8002 + containerPort: 8002 + # Set a nodePort which is available if service type is NodePort + # nodePort: 32080 + + tls: + enabled: true + servicePort: 8445 + containerPort: 8445 + # Set a nodePort which is available if service type is NodePort + # nodePort: 32443 + + type: NodePort + + # Kong proxy ingress settings. + ingress: + # Enable/disable exposure using ingress. + enabled: false + # TLS secret name. + # tls: kong-proxy.example.com-tls + # Array of ingress hosts. + hosts: [] + # Map of ingress annotations. + annotations: {} + # Ingress path. + path: / + + externalIPs: [] + +portal: + # If you want to specify annotations for the Portal service, uncomment the following + # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'. + annotations: {} + # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" + + # HTTP plain-text traffic + http: + enabled: true + servicePort: 8003 + containerPort: 8003 + # Set a nodePort which is available if service type is NodePort + # nodePort: 32080 + + tls: + enabled: true + servicePort: 8446 + containerPort: 8446 + # Set a nodePort which is available if service type is NodePort + # nodePort: 32443 + + type: NodePort + + # Kong proxy ingress settings. + ingress: + # Enable/disable exposure using ingress. + enabled: false + # TLS secret name. + # tls: kong-proxy.example.com-tls + # Array of ingress hosts. + hosts: [] + # Map of ingress annotations. + annotations: {} + # Ingress path. + path: / + + externalIPs: [] + +portalapi: + # If you want to specify annotations for the Portal API service, uncomment the following + # line, add additional or adjust as needed, and remove the curly braces after 'annotations:'. + annotations: {} + # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" + + # HTTP plain-text traffic + http: + enabled: true + servicePort: 8004 + containerPort: 8004 + # Set a nodePort which is available if service type is NodePort + # nodePort: 32080 + + tls: + enabled: true + servicePort: 8447 + containerPort: 8447 + # Set a nodePort which is available if service type is NodePort + # nodePort: 32443 + + type: NodePort + + # Kong proxy ingress settings. + ingress: + # Enable/disable exposure using ingress. + enabled: false + # TLS secret name. + # tls: kong-proxy.example.com-tls + # Array of ingress hosts. + hosts: [] + # Map of ingress annotations. + annotations: {} + # Ingress path. + path: / + + externalIPs: [] + +# Toggle Kong Enterprise features on or off +# RBAC and SMTP configuration have additional options that must all be set together +# Other settings should be added to the "env" settings below +enterprise: + enabled: false + # Kong Enterprise license secret name + # This secret must contain a single 'license' key, containing your base64-encoded license data + # The license secret is required for all Kong Enterprise deployments + license_secret: you-must-create-a-kong-license-secret + # Session configuration secret + # The session conf secret is required if using RBAC or the Portal + vitals: + enabled: true + portal: + enabled: false + # portal_auth here sets the default authentication mechanism for the Portal + # FIXME This can be changed per-workspace, but must currently default to + # basic-auth to work around limitations with session configuration + portal_auth: basic-auth + # If the Portal is enabled and any workspace's Portal uses authentication, + # this Secret must contain an portal_session_conf key + # The key value must be a secret configuration, following the example at https://docs.konghq.com/enterprise/0.35-x/kong-manager/authentication/sessions/ + session_conf_secret: you-must-create-a-portal-session-conf-secret + rbac: + enabled: false + admin_gui_auth: basic-auth + # If RBAC is enabled, this Secret must contain an admin_gui_session_conf key + # The key value must be a secret configuration, following the example at https://docs.konghq.com/enterprise/0.35-x/kong-manager/authentication/sessions/ + session_conf_secret: you-must-create-an-rbac-session-conf-secret + # Set to the appropriate plugin config JSON if not using basic-auth + admin_gui_auth_conf: {} + smtp: + enabled: false + portal_emails_from: none@example.com + portal_emails_reply_to: none@example.com + admin_emails_from: none@example.com + admin_emails_reply_to: none@example.com + smtp_admin_emails: none@example.com + smtp_host: smtp.example.com + smtp_port: 587 + smtp_starttls: true + auth: + # If your SMTP server does not require authentication, this section can + # be left as-is. If smtp_username is set to anything other than an empty + # string, you must create a Secret with an smtp_password key containing + # your SMTP password and specify its name here. + smtp_username: '' # e.g. postmaster@example.com + smtp_password_secret: you-must-create-an-smtp-password + +# Set runMigrations to run Kong migrations +runMigrations: true + +# update strategy +updateStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: "100%" + # maxUnavailable: "0%" + +# Specify Kong configurations +# Kong configurations guide https://getkong.org/docs/latest/configuration/ +# Values here take precedence over values from other sections of values.yaml, +# e.g. setting pg_user here will override the value normally set when postgresql.enabled +# is set below. In general, you should not set values here if they are set elsewhere. +env: + database: off + proxy_access_log: /dev/stdout + admin_access_log: /dev/stdout + admin_gui_access_log: /dev/stdout + portal_api_access_log: /dev/stdout + proxy_error_log: /dev/stderr + admin_error_log: /dev/stderr + admin_gui_error_log: /dev/stderr + portal_api_error_log: /dev/stderr + +# If you want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +# readinessProbe for Kong pods +# If using Kong Enterprise with RBAC, you must add a Kong-Admin-Token header +readinessProbe: + httpGet: + path: "/status" + port: admin + scheme: HTTPS + initialDelaySeconds: 30 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 5 + +# livenessProbe for Kong pods +# If using Kong Enterprise with RBAC, you must add a Kong-Admin-Token header +livenessProbe: + httpGet: + path: "/status" + port: admin + scheme: HTTPS + initialDelaySeconds: 30 + timeoutSeconds: 5 + periodSeconds: 30 + successThreshold: 1 + failureThreshold: 5 + +# Affinity for pod assignment +# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +# affinity: {} + +# Tolerations for pod assignment +# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# Node labels for pod assignment +# Ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} + +# Annotation to be added to Kong pods +podAnnotations: {} + +# Kong pod count +replicaCount: 1 + +# Kong Pod Disruption Budget +podDisruptionBudget: + enabled: false + maxUnavailable: "50%" + +# Kong has a choice of either Postgres or Cassandra as a backend datatstore. +# This chart allows you to choose either of them with the `database.type` +# parameter. Postgres is chosen by default. + +# Additionally, this chart allows you to use your own database or spin up a new +# instance by using the `postgres.enabled` or `cassandra.enabled` parameters. +# Enabling both will create both databases in your cluster, but only one +# will be used by Kong based on the `env.database` parameter. +# Postgres is enabled by default. + +# Cassandra chart configs +cassandra: + enabled: false + +# PostgreSQL chart configs +postgresql: + enabled: false + postgresqlUsername: kong + postgresqlDatabase: kong + service: + port: 5432 + +# Kong Ingress Controller's primary purpose is to satisfy Ingress resources +# created in k8s. It uses CRDs for more fine grained control over routing and +# for Kong specific configuration. +ingressController: + enabled: true + image: + repository: kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller + tag: 0.6.0 + replicaCount: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + + installCRDs: true + + rbac: + # Specifies whether RBAC resources should be created + create: true + + serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + + ingressClass: kong + + podDisruptionBudget: + enabled: false + maxUnavailable: "50%" + +# We pass the dbless (declarative) config over here. +dblessConfig: + # Either Kong's configuration is managed from an existing ConfigMap (with Key: kong.yml) + configMap: "" + # Or the configuration is passed in full-text below + config: + _format_version: "1.1" + services: + # Example configuration + # - name: example.com + # url: http://example.com + # routes: + # - name: example + # paths: + # - "/example" + +serviceMonitor: + # Specifies whether ServiceMonitor for Prometheus operator should be created + enabled: false + # interval: 10s + # Specifies namespace, where ServiceMonitor should be installed + # namespace: monitoring diff --git a/helm/infrastructure/templates/deployment-tiller.yaml b/helm/infrastructure/templates/deployment-tiller.yaml new file mode 100644 index 0000000..e2d58b0 --- /dev/null +++ b/helm/infrastructure/templates/deployment-tiller.yaml @@ -0,0 +1,206 @@ +{{/* + Copyright (c) 2019 AT&T Intellectual Property. + Copyright (c) 2019 Nokia. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/}} +{{- if .Values.common }} +{{- if .Values.common.tillers }} +{{- $topCtx := . }} +{{- range keys .Values.common.tillers }} +{{- $key := . }} +{{- with index $topCtx.Values.common.tillers . }} +{{- $nameSpace := .nameSpace }} +{{- $deployNameSpace := .deployNameSpace }} +{{- $img := .image.tiller }} +{{- $secretName := default "tiller-secret" .secret.tillerSecretName }} +{{- $imgPullPolicy := .imagePullPolicy }} +{{- $ctx := dict "ctx" $topCtx "key" $key }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "common.serviceaccountname.tiller" $ctx }} + namespace: {{ $deployNameSpace }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: {{ include "common.tillerName" $ctx }}-tiller-base + namespace: {{ $nameSpace }} +rules: +- apiGroups: [""] + resources: ["secrets"] + resourceNames: [ {{ $secretName }} ] + verbs: ["get"] +- apiGroups: [""] + resources: ["pods/portforward"] + verbs: ["create"] +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get"] +- apiGroups: [""] + resources: ["pods", "configmaps", "deployments", "services"] + verbs: ["get", "list", "create", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: {{ include "common.serviceaccountname.tiller" $ctx }}-{{ $nameSpace }}-tiller-base + namespace: {{ $nameSpace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "common.tillerName" $ctx }}-tiller-base +subjects: + - kind: ServiceAccount + name: {{ include "common.serviceaccountname.tiller" $ctx }} + namespace: {{ $deployNameSpace }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: {{ include "common.tillerName" $ctx }}-tiller-operation + namespace: {{ $deployNameSpace }} +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "create", "delete", "update"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: {{ include "common.serviceaccountname.tiller" $ctx }}-{{ $nameSpace }}-tiller-operation + namespace: {{ $deployNameSpace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "common.tillerName" $ctx }}-tiller-operation +subjects: + - kind: ServiceAccount + name: {{ include "common.serviceaccountname.tiller" $ctx }} + namespace: {{ $deployNameSpace }} +{{- if .serviceAccount.role }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: {{ include "common.tillerName" $ctx }}-tiller-deployer + namespace: {{ $nameSpace }} +rules: +{{ toYaml .serviceAccount.role }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: {{ include "common.serviceaccountname.tiller" $ctx }}-{{ $nameSpace }}-tiller-deployer + namespace: {{ $nameSpace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "common.tillerName" $ctx }}-tiller-deployer +subjects: + - kind: ServiceAccount + name: {{ include "common.serviceaccountname.tiller" $ctx }} + namespace: {{ $deployNameSpace }} +{{- end }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: helm + name: tiller + name: {{ include "common.deploymentname.tiller" $ctx }} + namespace: {{ $deployNameSpace }} +spec: + replicas: 1 + selector: + matchLabels: + app: helm + name: tiller + template: + metadata: + labels: + app: helm + name: tiller + spec: + automountServiceAccountToken: true + {{- $newctx := dict "ctx" $topCtx "defaultregistry" $img.registry }} + imagePullSecrets: + - name: {{ include "common.dockerregistry.credential" $newctx }} + containers: + - env: + - name: TILLER_NAMESPACE + value: {{ $deployNameSpace }} + - name: TILLER_HISTORY_MAX + value: "0" + - name: TILLER_TLS_VERIFY + value: "1" + - name: TILLER_TLS_ENABLE + value: "1" + - name: TILLER_TLS_CERTS + value: /etc/certs + image: {{ include "common.dockerregistry.url" $newctx }}/{{- $img.name -}}:{{- $img.tag }} + {{- $newctx := dict "ctx" $topCtx "defaultpullpolicy" $imgPullPolicy }} + imagePullPolicy: {{ include "common.dockerregistry.pullpolicy" $newctx }} + livenessProbe: + httpGet: + path: /liveness + port: 44135 + initialDelaySeconds: 1 + timeoutSeconds: 1 + name: tiller + ports: + - containerPort: 44134 + name: tiller + - containerPort: 44135 + name: http + readinessProbe: + httpGet: + path: /readiness + port: 44135 + initialDelaySeconds: 1 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /etc/certs + name: tiller-certs + readOnly: true + serviceAccountName: {{ include "common.serviceaccountname.tiller" $ctx }} + volumes: + - name: tiller-certs + secret: + secretName: {{ $secretName }} +--- +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app: helm + name: tiller + name: {{ include "common.servicename.tiller" $ctx }} + namespace: {{ $deployNameSpace }} +spec: + ports: + - name: tiller + port: {{ default 44134 .port }} + targetPort: tiller + selector: + app: helm + name: tiller + type: ClusterIP +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/helm/infrastructure/templates/job-tiller-secrets.yaml b/helm/infrastructure/templates/job-tiller-secrets.yaml new file mode 100644 index 0000000..b2f270d --- /dev/null +++ b/helm/infrastructure/templates/job-tiller-secrets.yaml @@ -0,0 +1,103 @@ +{{/* + Copyright (c) 2019 AT&T Intellectual Property. + Copyright (c) 2019 Nokia. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/}} +{{- if .Values.common }} +{{- $kubeapiServerEndpoint := .Values.common.k8sAPIHost }} +{{- if .Values.common.tillers }} +{{- $topCtx := . }} +{{- range keys .Values.common.tillers }} +{{- $key := . }} +{{- with index $topCtx.Values.common.tillers . }} +{{- $img := .image.tillerTLSSecrets }} +{{- $imgPullPolicy := .imagePullPolicy }} +{{- $tillerSecret := default "tiller-secret" .secret.tillerSecretName }} +{{- $helmSecret := default "helm-secret" .secret.helmSecretName }} +{{- $serviceAccountName := default "tiller" .serviceAccount }} +{{- $nameSpace := .nameSpace }} +{{- $deployNameSpace := .deployNameSpace }} +{{- $img := .image.tillerTLSSecrets }} +{{- $ctx := dict "ctx" $topCtx "key" $key }} +{{- if .secret.create }} +{{- $serviceAccountName := randAlpha 6 | lower | printf "tiller-secret-creator-%s" }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $serviceAccountName }} + namespace: {{ $deployNameSpace }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: {{ $serviceAccountName }}-secret-create + namespace: {{ $deployNameSpace }} +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["create", "get", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: {{ $serviceAccountName }}-secret-create + namespace: {{ $deployNameSpace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ $serviceAccountName }}-secret-create +subjects: + - kind: ServiceAccount + name: {{ $serviceAccountName }} + namespace: {{ $deployNameSpace }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: tiller-secret-generator + namespace: {{ $deployNameSpace }} +spec: + template: + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: Never + {{- $newctx := dict "ctx" $topCtx "defaultregistry" $img.registry }} + imagePullSecrets: + - name: {{ include "common.dockerregistry.credential" $newctx }} + containers: + - name: tiller-secret-generator + image: {{ include "common.dockerregistry.url" $newctx }}/{{- $img.name -}}:{{- $img.tag }} + {{- $newctx := dict "ctx" $topCtx "defaultpullpolicy" $imgPullPolicy }} + imagePullPolicy: {{ include "common.dockerregistry.pullpolicy" $newctx }} + env: + - name: ENTITIES + value: {{ tuple $tillerSecret $helmSecret | join " " }} + - name: TILLER_KEY_NAME + value: {{ $tillerSecret }}.key.pem + - name: TILLER_CERT_NAME + value: {{ $tillerSecret }}.cert.pem + - name: HELM_KEY_NAME + value: {{ $helmSecret }}.key.pem + - name: HELM_CERT_NAME + value: {{ $helmSecret }}.cert.pem + - name: TILLER_CN + value: {{ default ( include "common.servicename.tiller" $ctx ) .hostname }} + - name: CLUSTER_SERVER + value: {{ default "https://kubernetes.default.svc.cluster.local/" $kubeapiServerEndpoint }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/helm/infrastructure/values.yaml b/helm/infrastructure/values.yaml new file mode 100644 index 0000000..dfb96e9 --- /dev/null +++ b/helm/infrastructure/values.yaml @@ -0,0 +1,99 @@ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + + +common: + k8sAPIHost: https://kubernetes.default.svc.cluster.local/ + tillers: + ricxapp: + name: ricxapp + nameSpace: ricxapp + deployNameSpace: ricinfra + imagePullPolicy: IfNotPresent + image: + tillerTLSSecrets: + registry: nexus3.o-ran-sc.org:10002/o-ran-sc + name: it-dep-secret + tag: 0.0.2 + tiller: + registry: gcr.io + name: kubernetes-helm/tiller + tag: v2.12.3 + secret: + create: true + tillerSecretName: ricxapp-tiller-secret + helmSecretName: ricxapp-helm-secret + tls: + authenticate: true + verify: true + serviceAccount: + name: tiller + role: + - apiGroups: [""] + resources: ["pods", "configmaps", "services"] + verbs: ["get", "list", "create", "delete"] + - apiGroups: ["extensions", "apps"] + resources: ["deployments"] + verbs: ["get", "list", "create", "delete"] + + +extsvcplt: + enabled: true + ricip: "10.0.0.1" + auxip: "10.0.0.1" + +chartmuseum: + enabled: false + +docker-credential: + enabled: true + credential: + oran: + registry: "nexus3.o-ran-sc.org:10002" + credential: + user: "docker" + password: "docker" + email: "@" + +certificate-manager: + enabled: true + + +kong: + enabled: true + ingressController: + enabled: true + + postgresql: + enabled: false + + env: + database: "off" + + proxy: + http: + nodePort: 32080 + tls: + nodePort: 32443 + # These port numbers MUST matche with what's in + # ric-common/Common-Template/helm/ric-common/templates/_ingresscontroller.tpl file. + # If need to change a proxy port here, do not forget to update the + # _ingresscontroller.tpl file with the new port number. +postgresql: + enabled: false + +env: + database: off diff --git a/helm/jaegeradapter/.helmignore b/helm/jaegeradapter/.helmignore new file mode 100644 index 0000000..d29b399 --- /dev/null +++ b/helm/jaegeradapter/.helmignore @@ -0,0 +1,37 @@ +# Copyright (c) 2019 AT&T Intellectual Property. +# Copyright (c) 2019 Nokia. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/jaegeradapter/Chart.yaml b/helm/jaegeradapter/Chart.yaml new file mode 100644 index 0000000..09cf9c2 --- /dev/null +++ b/helm/jaegeradapter/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright (c) 2019 AT&T Intellectual Property. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: jaegeradapter +version: 3.0.0 diff --git a/helm/jaegeradapter/requirements.yaml b/helm/jaegeradapter/requirements.yaml new file mode 100644 index 0000000..18add19 --- /dev/null +++ b/helm/jaegeradapter/requirements.yaml @@ -0,0 +1,20 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +dependencies: + - name: ric-common + version: ~3.0.0 + repository: "@local" diff --git a/helm/jaegeradapter/templates/agent-service.yaml b/helm/jaegeradapter/templates/agent-service.yaml new file mode 100644 index 0000000..13b44cb --- /dev/null +++ b/helm/jaegeradapter/templates/agent-service.yaml @@ -0,0 +1,43 @@ +# Copyright (c) 2019 AT&T Intellectual Property. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename.jaegeradapter.agent" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.jaegeradapter" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + ports: + - name: {{ include "common.portname.jaegeradapter.zipkincompact" . }} + port: {{ include "common.serviceport.jaegeradapter.zipkincompact" . }} + protocol: UDP + targetPort: {{ include "common.serviceport.jaegeradapter.zipkincompact" . }} + - name: {{ include "common.portname.jaegeradapter.jaegercompact" . }} + port: {{ include "common.serviceport.jaegeradapter.jaegercompact" . }} + protocol: UDP + targetPort: {{ include "common.serviceport.jaegeradapter.jaegercompact" . }} + - name: {{ include "common.portname.jaegeradapter.jaegerbinary" . }} + port: {{ include "common.serviceport.jaegeradapter.jaegerbinary" . }} + protocol: UDP + targetPort: {{ include "common.serviceport.jaegeradapter.jaegerbinary" . }} + selector: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.jaegeradapter" . }} + release: {{ .Release.Name }} + diff --git a/helm/jaegeradapter/templates/collector-service.yaml b/helm/jaegeradapter/templates/collector-service.yaml new file mode 100644 index 0000000..130055c --- /dev/null +++ b/helm/jaegeradapter/templates/collector-service.yaml @@ -0,0 +1,43 @@ +# Copyright (c) 2019 AT&T Intellectual Property. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename.jaegeradapter.collector" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.jaegeradapter" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + ports: + - name: {{ include "common.portname.jaegeradapter.jaegerhttpt" . }} + port: {{ include "common.serviceport.jaegeradapter.jaegerhttpt" . }} + protocol: TCP + targetPort: {{ include "common.serviceport.jaegeradapter.jaegerhttpt" . }} + - name: {{ include "common.portname.jaegeradapter.jaegerhttp" . }} + port: {{ include "common.serviceport.jaegeradapter.jaegerhttp" . }} + protocol: TCP + targetPort: {{ include "common.serviceport.jaegeradapter.jaegerhttp" . }} + - name: {{ include "common.portname.jaegeradapter.zipkinhttp" . }} + port: {{ include "common.serviceport.jaegeradapter.zipkinhttp" . }} + protocol: TCP + targetPort: {{ include "common.serviceport.jaegeradapter.zipkinhttp" . }} + selector: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.jaegeradapter" . }} + release: {{ .Release.Name }} + diff --git a/helm/jaegeradapter/templates/deployment.yaml b/helm/jaegeradapter/templates/deployment.yaml new file mode 100644 index 0000000..ef319dd --- /dev/null +++ b/helm/jaegeradapter/templates/deployment.yaml @@ -0,0 +1,85 @@ +# Copyright (c) 2019 AT&T Intellectual Property. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- $imagectx := dict "ctx" . "defaultregistry" .Values.jaegeradapter.image.registry }} +{{- $pullpolicyctx := dict "ctx" . "defaultpullpolicy" .Values.jaegeradapter.imagePullPolicy }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.deploymentname.jaegeradapter" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.jaegeradapter" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.jaegeradapter.replicaCount }} + selector: + matchLabels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.jaegeradapter" . }} + release: {{ .Release.Name }} + template: + metadata: + {{- if .Values.jaegeradapter.annotations }} + annotations: + {{- .Values.jaegeradapter.annotations | nindent 8 -}} + {{ end }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.jaegeradapter" . }} + release: {{ .Release.Name }} + spec: + hostname: {{ include "common.name.jaegeradapter" . }} + imagePullSecrets: + - name: {{ include "common.dockerregistry.credential" $imagectx }} + containers: + - name: {{ include "common.containername.jaegeradapter" . }} + image: {{ include "common.dockerregistry.url" $imagectx }}/{{ .Values.jaegeradapter.image.name }}:{{ .Values.jaegeradapter.image.tag }} + imagePullPolicy: {{ include "common.dockerregistry.pullpolicy" $pullpolicyctx }} + envFrom: + - configMapRef: + name: {{ include "common.configmapname.jaegeradapter" . }} + ports: + - name: {{ include "common.portname.jaegeradapter.zipkincompact" . }} + containerPort: {{ include "common.serviceport.jaegeradapter.zipkincompact" . }} + protocol: UDP + - name: {{ include "common.portname.jaegeradapter.jaegercompact" . }} + containerPort: {{ include "common.serviceport.jaegeradapter.jaegercompact" . }} + protocol: UDP + - name: {{ include "common.portname.jaegeradapter.jaegerbinary" . }} + containerPort: {{ include "common.serviceport.jaegeradapter.jaegerbinary" . }} + protocol: UDP + - name: {{ include "common.portname.jaegeradapter.httpquery" . }} + containerPort: {{ include "common.serviceport.jaegeradapter.httpquery" . }} + protocol: TCP + - name: {{ include "common.portname.jaegeradapter.httpconfig" . }} + containerPort: {{ include "common.serviceport.jaegeradapter.httpconfig" . }} + protocol: TCP + - name: {{ include "common.portname.jaegeradapter.zipkinhttp" . }} + containerPort: {{ include "common.serviceport.jaegeradapter.zipkinhttp" . }} + protocol: TCP + - name: {{ include "common.portname.jaegeradapter.jaegerhttp" . }} + containerPort: {{ include "common.serviceport.jaegeradapter.jaegerhttp" . }} + protocol: TCP + - name: {{ include "common.portname.jaegeradapter.jaegerhttpt" . }} + containerPort: {{ include "common.serviceport.jaegeradapter.jaegerhttpt" . }} + protocol: TCP + livenessProbe: + httpGet: + path: / + port: {{ include "common.serviceport.jaegeradapter.httpquery" . }} + readinessProbe: + httpGet: + path: / + port: {{ include "common.serviceport.jaegeradapter.httpquery" . }} + initialDelaySeconds: 5 diff --git a/helm/jaegeradapter/templates/env.yaml b/helm/jaegeradapter/templates/env.yaml new file mode 100644 index 0000000..e21b8d9 --- /dev/null +++ b/helm/jaegeradapter/templates/env.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.configmapname.jaegeradapter" . }} + namespace: {{ include "common.namespace.platform" . }} +data: + TRACING_ENABLED: "0" + TRACING_JAEGER_SAMPLER_TYPE: "const" + TRACING_JAEGER_SAMPLER_PARAM: "1" + TRACING_JAEGER_AGENT_ADDR: {{ include "common.servicename.jaegeradapter.agent" . }}.{{ include "common.namespace.platform" . }} + TRACING_JAEGER_LOG_LEVEL: "error" diff --git a/helm/jaegeradapter/templates/query-service.yaml b/helm/jaegeradapter/templates/query-service.yaml new file mode 100644 index 0000000..dc0f6ba --- /dev/null +++ b/helm/jaegeradapter/templates/query-service.yaml @@ -0,0 +1,35 @@ +# Copyright (c) 2019 AT&T Intellectual Property. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename.jaegeradapter.query" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.jaegeradapter" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + ports: + - name: {{ include "common.portname.jaegeradapter.httpquery" . }} + port: {{ include "common.serviceport.jaegeradapter.httpquery" . }} + protocol: TCP + targetPort: {{ include "common.serviceport.jaegeradapter.httpquery" . }} + selector: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.jaegeradapter" . }} + release: {{ .Release.Name }} + diff --git a/helm/jaegeradapter/values.yaml b/helm/jaegeradapter/values.yaml new file mode 100644 index 0000000..e17bf05 --- /dev/null +++ b/helm/jaegeradapter/values.yaml @@ -0,0 +1,34 @@ +# Copyright (c) 2019 AT&T Intellectual Property. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for jaeger-all-in-one. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +jaegeradapter: + replicaCount: 1 + + imagePullPolicy: IfNotPresent + image: + name: jaegertracing/all-in-one + tag: 1.12 + registry: "docker.io" + + nameOverride: "" + fullnameOverride: "" + + ingress: + enabled: false + annotations: {} + tls: [] diff --git a/helm/rsm/Chart.yaml b/helm/rsm/Chart.yaml new file mode 100644 index 0000000..5fde757 --- /dev/null +++ b/helm/rsm/Chart.yaml @@ -0,0 +1,21 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +appVersion: "1.0" +apiVersion: v1 +description: Oran rsm Helm charts +name: rsm +version: 3.0.0 diff --git a/helm/rsm/requirements.yaml b/helm/rsm/requirements.yaml new file mode 100644 index 0000000..18add19 --- /dev/null +++ b/helm/rsm/requirements.yaml @@ -0,0 +1,20 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +dependencies: + - name: ric-common + version: ~3.0.0 + repository: "@local" diff --git a/helm/rsm/templates/configmap.yaml b/helm/rsm/templates/configmap.yaml new file mode 100644 index 0000000..c8eca96 --- /dev/null +++ b/helm/rsm/templates/configmap.yaml @@ -0,0 +1,139 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.configmapname.rsm" . }}-router-configmap + namespace: {{ include "common.namespace.platform" . }} +data: + rmr_verbose: | + 0 + router.txt: | + newrt|start + rte|10090|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }} + newrt|end +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.configmapname.rsm" . }} + namespace: {{ include "common.namespace.platform" . }} +data: + configuration.yaml: | + logging: + {{- if hasKey .Values.rsm "logLevel" }} + logLevel: {{ .Values.rsm.logLevel }} + {{- else }} + logLevel: "info" + {{- end }} + http: + {{- if hasKey .Values.rsm "httpPort" }} + port: {{ .Values.rsm.httpPort }} + {{- else }} + port: 4800 + {{- end }} + rmr: + {{- if hasKey .Values.rsm "rmrPort" }} + port: {{ .Values.rsm.rmrPort }} + {{- else }} + port: 4801 + {{- end }} + {{- if hasKey .Values.rsm "maxMsgSize" }} + maxMsgSize: {{ .Values.rsm.maxMsgSize }} + {{- else }} + maxMsgSize: 4096 + {{- end }} + {{- if hasKey .Values.rsm "readyIntervalSec" }} + readyIntervalSec: {{ .Values.rsm.readyIntervalSec }} + {{- else }} + readyIntervalSec: 1 + {{- end }} + rnib: + {{- if hasKey .Values.rsm "maxRnibConnectionAttempts" }} + maxRnibConnectionAttempts: {{ .Values.rsm.maxRnibConnectionAttempts }} + {{- else }} + maxRnibConnectionAttempts: 3 + {{- end }} + {{- if hasKey .Values.rsm "rnibRetryIntervalMs" }} + rnibRetryIntervalMs: {{ .Values.rsm.rnibRetryIntervalMs }} + {{- else }} + rnibRetryIntervalMs: 10 + {{- end }} + characteristics: + {{- if hasKey .Values.rsm "enableResourceStatus" }} + enableResourceStatus: {{ .Values.rsmenableResourceStatus }} + {{- else }} + enableResourceStatus: true + {{- end }} + {{- if hasKey .Values.rsm "prbPeriodic" }} + prbPeriodic: {{ .Values.rsm.prbPeriodic }} + {{- else }} + prbPeriodic: true + {{- end }} + {{- if hasKey .Values.rsm "tnlLoadIndPeriodic" }} + tnlLoadIndPeriodic: {{ .Values.rsm.tnlLoadIndPeriodic }} + {{- else }} + tnlLoadIndPeriodic: true + {{- end }} + {{- if hasKey .Values.rsm "hwLoadIndPeriodic" }} + hwLoadIndPeriodic: {{ .Values.rsm.hwLoadIndPeriodic }} + {{- else }} + hwLoadIndPeriodic: true + {{- end }} + {{- if hasKey .Values.rsm "absStatusPeriodic" }} + absStatusPeriodic: {{ .Values.rsm.absStatusPeriodic }} + {{- else }} + absStatusPeriodic: true + {{- end }} + {{- if hasKey .Values.rsm "rsrpMeasurementPeriodic" }} + rsrpMeasurementPeriodic: {{ .Values.rsm.rsrpMeasurementPeriodic }} + {{- else }} + rsrpMeasurementPeriodic: true + {{- end }} + {{- if hasKey .Values.rsm "csiPeriodic" }} + csiPeriodic: {{ .Values.rsm.csiPeriodic }} + {{- else }} + csiPeriodic: true + {{- end }} + {{- if hasKey .Values.rsm "periodicityMs" }} + periodicityMs: {{ .Values.rsm.periodicityMs }} + {{- else }} + periodicityMs: 1 + {{- end }} + {{- if hasKey .Values.rsm "periodicityRsrpMeasurementMs" }} + periodicityRsrpMeasurementMs: {{ .Values.rsm.periodicityRsrpMeasurementMs }} + {{- else }} + periodicityRsrpMeasurementMs: 120 + {{- end }} + {{- if hasKey .Values.rsm "periodicityCsiMs" }} + periodicityCsiMs: {{ .Values.rsm.periodicityCsiMs }} + {{- else }} + periodicityCsiMs: 5 + {{- end }} + resourceStatusParams: + enableResourceStatus: true + partialSuccessAllowed: true + prbPeriodic: true + tnlLoadIndPeriodic: true + hwLoadIndPeriodic: true + absStatusPeriodic: true + rsrpMeasurementPeriodic: true + csiPeriodic: true + periodicityMs: 1000 + periodicityRsrpMeasurementMs: 480 + periodicityCsiMs: 20 +--- diff --git a/helm/rsm/templates/deployment.yaml b/helm/rsm/templates/deployment.yaml new file mode 100644 index 0000000..edcfeee --- /dev/null +++ b/helm/rsm/templates/deployment.yaml @@ -0,0 +1,78 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +{{- $imagectx := dict "ctx" . "defaultregistry" .Values.rsm.image.registry }} +{{- $pullpolicyctx := dict "ctx" . "defaultpullpolicy" .Values.rsm.imagePullPolicy }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.deploymentname.rsm" .}} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.rsm" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.rsm.replicaCount }} + selector: + matchLabels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.rsm" . }} + release: {{ .Release.Name }} + template: + metadata: + {{- if .Values.rsm.annotations }} + annotations: + {{- .Values.rsm.annotations | nindent 8 -}} + {{ end }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.rsm" . }} + release: {{ .Release.Name }} + spec: + hostname: {{ include "common.name.rsm" . }} + imagePullSecrets: + - name: {{ include "common.dockerregistry.credential" $imagectx }} + containers: + - name: {{ include "common.containername.rsm" . }} + image: {{ include "common.dockerregistry.url" $imagectx }}/{{ .Values.rsm.image.name }}:{{ .Values.rsm.image.tag }} + imagePullPolicy: {{ include "common.dockerregistry.pullpolicy" $pullpolicyctx }} + volumeMounts: + - mountPath: /opt/RSM/router.txt + name: local-router-file + subPath: router.txt + - mountPath: /opt/RSM/resources/configuration.yaml + name: local-configuration-file + subPath: configuration.yaml + envFrom: + - configMapRef: + name: {{ include "common.configmapname.rsm" . }}-env + ports: + - name: "http" + containerPort: {{ include "common.serviceport.rsm.http" . }} + - name: "rmrroute" + containerPort: {{ include "common.serviceport.rsm.rmr.route" . }} + - name: "rmrdata" + containerPort: {{ include "common.serviceport.rsm.rmr.data" . }} + stdin: true + tty: true + securityContext: + privileged: {{ .Values.rsm.privilegedmode}} + volumes: + - name: local-router-file + configMap: + name: {{ include "common.configmapname.rsm" . }}-router-configmap + - name: local-configuration-file + configMap: + name: {{ include "common.configmapname.rsm" . }} diff --git a/helm/rsm/templates/env.yaml b/helm/rsm/templates/env.yaml new file mode 100644 index 0000000..9fad361 --- /dev/null +++ b/helm/rsm/templates/env.yaml @@ -0,0 +1,28 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.configmapname.rsm" . }}-env +data: + DBAAS_SERVICE_HOST: {{ include "common.servicename.dbaas.tcp" . | quote }} + DBAAS_SERVICE_PORT: {{ include "common.serviceport.dbaas.tcp" . | quote }} + DBAAS_PORT_6379_TCP_ADDR: {{ include "common.servicename.dbaas.tcp" . | quote }} + DBAAS_PORT_6379_TCP_PORT: {{ include "common.serviceport.dbaas.tcp" . | quote }} + RMR_RTG_SVC: {{ include "common.serviceport.rsm.rmr.route" . | quote }} + + + diff --git a/helm/rsm/templates/ingress-rsm.yaml b/helm/rsm/templates/ingress-rsm.yaml new file mode 100644 index 0000000..bbafd62 --- /dev/null +++ b/helm/rsm/templates/ingress-rsm.yaml @@ -0,0 +1,27 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "common.ingressname.rsm" . }} +spec: + rules: + - http: + paths: + - path: {{ include "common.kongpath.ric.rsm" . }} + backend: + serviceName: {{ include "common.servicename.rsm.http" . }} + servicePort: {{ include "common.serviceport.rsm.http" . }} diff --git a/helm/rsm/templates/service-http.yaml b/helm/rsm/templates/service-http.yaml new file mode 100644 index 0000000..05dbb50 --- /dev/null +++ b/helm/rsm/templates/service-http.yaml @@ -0,0 +1,36 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename.rsm.http" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.rsm" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + ports: + - port: {{ include "common.serviceport.rsm.http" . }} + protocol: "TCP" + name: "http" + targetPort: "http" + selector: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.rsm" . }} + release: {{ .Release.Name }} diff --git a/helm/rsm/templates/service-rmr.yaml b/helm/rsm/templates/service-rmr.yaml new file mode 100644 index 0000000..c328bc8 --- /dev/null +++ b/helm/rsm/templates/service-rmr.yaml @@ -0,0 +1,40 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename.rsm.rmr" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.rsm" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + ports: + - port: {{ include "common.serviceport.rsm.rmr.route" . }} + protocol: "TCP" + name: "rmrroute" + targetPort: "rmrroute" + - port: {{ include "common.serviceport.rsm.rmr.data" . }} + protocol: "TCP" + name: "rmrdata" + targetPort: "rmrdata" + selector: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.rsm" . }} + release: {{ .Release.Name }} diff --git a/helm/rsm/values.yaml b/helm/rsm/values.yaml new file mode 100644 index 0000000..cc355e7 --- /dev/null +++ b/helm/rsm/values.yaml @@ -0,0 +1,38 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +################################################################# +# Application configuration defaults. +################################################################# +# application image + +rsm: + imagePullPolicy: IfNotPresent + image: + name: ric-plt-resource-status-manager + tag: 3.0.1 + registry: "nexus3.o-ran-sc.org:10002/o-ran-sc" + + privilegedmode: false + + replicaCount: 1 + enableResourceStatus: true + + + # Service ports are now defined in + # ric-common/Common-Template/helm/ric-common/templates/_ports.tpl file. + # If need to change a service port, make the code change necessary, then + # update the _ports.tpl file with the new port number. diff --git a/helm/rtmgr/.helmignore b/helm/rtmgr/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/helm/rtmgr/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/rtmgr/Chart.yaml b/helm/rtmgr/Chart.yaml new file mode 100644 index 0000000..1b0ea2e --- /dev/null +++ b/helm/rtmgr/Chart.yaml @@ -0,0 +1,22 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +appVersion: "1.0" +description: Helm chart for RIC Routing Manager +name: rtmgr +version: 3.0.0 diff --git a/helm/rtmgr/requirements.yaml b/helm/rtmgr/requirements.yaml new file mode 100644 index 0000000..db3a74b --- /dev/null +++ b/helm/rtmgr/requirements.yaml @@ -0,0 +1,21 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +dependencies: + - name: ric-common + version: ~3.0.0 + repository: "@local" diff --git a/helm/rtmgr/templates/config.yaml b/helm/rtmgr/templates/config.yaml new file mode 100644 index 0000000..6b3f579 --- /dev/null +++ b/helm/rtmgr/templates/config.yaml @@ -0,0 +1,51 @@ +# +#================================================================================== +# Copyright (c) 2019 AT&T Intellectual Property. +# Copyright (c) 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +#================================================================================== +# +# +# Abstract: Configuration values for the routing manager +# Date: 29 May 2019 +# +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.configmapname.rtmgr" . }}-rtmgrcfg +data: + # FQDN and port info of the platform components for routing manager to form + # and distribute corresponding routes to them + rtmgrcfg: | + { + "PlatformComponents": + [ + { + "name": "E2TERM", + "fqdn": "{{ printf "%s.%s" (include "common.servicename.e2term.rmr" .) (include "common.namespace.platform" .) }}", + "port": {{ include "common.serviceport.e2term.rmr.data" . }} + }, + { + "name": "SUBMAN", + "fqdn": "{{ printf "%s.%s" (include "common.servicename.submgr.rmr" .) (include "common.namespace.platform" .) }}", + "port": {{ include "common.serviceport.submgr.rmr.data" . }} + }, + { + "name": "E2MAN", + "fqdn": "{{ printf "%s.%s" (include "common.servicename.e2mgr.rmr" .) (include "common.namespace.platform" .) }}", + "port": {{ include "common.serviceport.e2mgr.rmr.data" . }} + } + ] + } + diff --git a/helm/rtmgr/templates/deployment.yaml b/helm/rtmgr/templates/deployment.yaml new file mode 100644 index 0000000..73de33c --- /dev/null +++ b/helm/rtmgr/templates/deployment.yaml @@ -0,0 +1,76 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +{{- $imagectx := dict "ctx" . "defaultregistry" .Values.rtmgr.image.registry }} +{{- $pullpolicyctx := dict "ctx" . "defaultpullpolicy" .Values.rtmgr.imagePullPolicy }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.deploymentname.rtmgr" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.rtmgr" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.rtmgr.replicaCount }} + selector: + matchLabels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.rtmgr" . }} + release: {{ .Release.Name }} + template: + metadata: + {{- if .Values.rtmgr.annotations }} + annotations: + {{- .Values.rtmgr.annotations | nindent 8 -}} + {{ end }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.rtmgr" . }} + release: {{ .Release.Name }} + spec: + hostname: {{ include "common.name.rtmgr" . }} + imagePullSecrets: + - name: {{ include "common.dockerregistry.credential" $imagectx }} + containers: + - name: {{ include "common.containername.rtmgr" . }} + image: {{ include "common.dockerregistry.url" $imagectx }}/{{ .Values.rtmgr.image.name }}:{{ .Values.rtmgr.image.tag }} + imagePullPolicy: {{ include "common.dockerregistry.pullpolicy" $pullpolicyctx }} + command: ["/run_rtmgr.sh"] + #command: ["/bin/sh"] + #args: ["-c", "while true; do echo hello; sleep 10;done"] + envFrom: + - configMapRef: + name: {{ include "common.configmapname.rtmgr" . }}-env + volumeMounts: + - mountPath: /cfg + name: rtmgrcfg + readOnly: true + ports: + - name: "http" + containerPort: {{ include "common.serviceport.rtmgr.http" . }} + - name: "rmrroute" + containerPort: {{ include "common.serviceport.rtmgr.rmr.route" . }} + - name: "rmrdata" + containerPort: {{ include "common.serviceport.rtmgr.rmr.data" . }} + volumes: + - name: "rtmgrcfg" + configMap: + name: {{ include "common.configmapname.rtmgr" . }}-rtmgrcfg + items: + - key: rtmgrcfg + path: rtmgr-config.json + mode: 0644 diff --git a/helm/rtmgr/templates/env.yaml b/helm/rtmgr/templates/env.yaml new file mode 100644 index 0000000..2fb3115 --- /dev/null +++ b/helm/rtmgr/templates/env.yaml @@ -0,0 +1,35 @@ +############################################################################### +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.configmapname.rtmgr" . }}-env +data: + DBAAS_SERVICE_HOST: {{ include "common.servicename.dbaas.tcp" . | quote }} + DBAAS_SERVICE_PORT: {{ include "common.serviceport.dbaas.tcp" . | quote }} + DBAAS_PORT_6379_TCP_ADDR: {{ include "common.servicename.dbaas.tcp" . | quote }} + DBAAS_PORT_6379_TCP_PORT: {{ include "common.serviceport.dbaas.tcp" . | quote }} + RMR_RTG_SVC: {{ include "common.serviceport.rtmgr.rmr.route" . | quote }} + XMURL: "http://{{ include "common.servicename.appmgr.http" . }}:{{ include "common.serviceport.appmgr.http" . }}/ric/v1/xapps" + RTFILE: "/db/rt.json" + CFGFILE: "/cfg/rtmgr-config.json" + RPE: "{{ .Values.rtmgr.rpe }}" + SBI: "{{ .Values.rtmgr.sbi }}" + SBIURL: "{{ .Values.rtmgr.sbiurl }}" + NBI: "{{ .Values.rtmgr.nbi }}" + NBIURL: "http://{{ include "common.servicename.rtmgr.http" . }}:{{ include "common.serviceport.rtmgr.http" . }}" + LOGLEVEL: "{{ .Values.rtmgr.loglevel }}" diff --git a/helm/rtmgr/templates/service-http.yaml b/helm/rtmgr/templates/service-http.yaml new file mode 100644 index 0000000..7132a15 --- /dev/null +++ b/helm/rtmgr/templates/service-http.yaml @@ -0,0 +1,38 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename.rtmgr.http" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.rtmgr" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + ports: + - port: {{ include "common.serviceport.rtmgr.http" . }} + protocol: "TCP" + name: "http" + targetPort: "http" + selector: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.rtmgr" . }} + release: {{ .Release.Name }} + diff --git a/helm/rtmgr/templates/service-rmr.yaml b/helm/rtmgr/templates/service-rmr.yaml new file mode 100644 index 0000000..ac2f31e --- /dev/null +++ b/helm/rtmgr/templates/service-rmr.yaml @@ -0,0 +1,41 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename.rtmgr.rmr" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.rtmgr" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + ports: + - port: {{ include "common.serviceport.rtmgr.rmr.route" . }} + protocol: TCP + targetPort: "rmrroute" + name: "rmrroute" + - port: {{ include "common.serviceport.rtmgr.rmr.data" . }} + protocol: TCP + targetPort: "rmrdata" + name: "rmrdata" + selector: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.rtmgr" . }} + release: {{ .Release.Name }} diff --git a/helm/rtmgr/values.yaml b/helm/rtmgr/values.yaml new file mode 100644 index 0000000..e4e6d64 --- /dev/null +++ b/helm/rtmgr/values.yaml @@ -0,0 +1,34 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +rtmgr: + imagePullPolicy: IfNotPresent + image: + name: ric-plt-rtmgr + tag: 0.3.8 + registry: "nexus3.o-ran-sc.org:10002/o-ran-sc" + + rpe: rmrpush + sbi: nngpush + sbiurl: 0.0.0.0 + nbi: httpRESTful + nbiurl: http://0.0.0.0:8888 + loglevel: DEBUG + + # Service ports are now defined in + # ric-common/Common-Template/helm/ric-common/templates/_ports.tpl file. + # If need to change a service port, make the code change necessary, then + # update the _ports.tpl file with the new port number. diff --git a/helm/submgr/Chart.yaml b/helm/submgr/Chart.yaml new file mode 100644 index 0000000..10af40b --- /dev/null +++ b/helm/submgr/Chart.yaml @@ -0,0 +1,22 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +appVersion: "1.0" +apiVersion: v1 +description: Oran Subscription Manager Helm charts +name: submgr +version: 3.0.0 diff --git a/helm/submgr/requirements.yaml b/helm/submgr/requirements.yaml new file mode 100644 index 0000000..db3a74b --- /dev/null +++ b/helm/submgr/requirements.yaml @@ -0,0 +1,21 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +dependencies: + - name: ric-common + version: ~3.0.0 + repository: "@local" diff --git a/helm/submgr/templates/configmap.yaml b/helm/submgr/templates/configmap.yaml new file mode 100644 index 0000000..a8ee386 --- /dev/null +++ b/helm/submgr/templates/configmap.yaml @@ -0,0 +1,35 @@ +#================================================================================== +# Copyright (c) 2019 AT&T Intellectual Property. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +#================================================================================== +apiVersion: v1 +kind: ConfigMap +metadata: + name: submgrcfg + namespace: ricplt +data: + # FQDN and port info of rtmgr + submgrcfg: | + "local": + "host": ":8080" + "logger": + "level": 3 + "rmr": + "protPort" : "tcp:4560" + "maxSize": 2072 + "numWorkers": 1 + "rtmgr": + "hostAddr": {{ include "common.servicename.rtmgr.http" . | quote }} + "port" : {{ include "common.serviceport.rtmgr.http" . }} + "baseUrl" : "/ric/v1" diff --git a/helm/submgr/templates/deployment.yaml b/helm/submgr/templates/deployment.yaml new file mode 100644 index 0000000..6f502ba --- /dev/null +++ b/helm/submgr/templates/deployment.yaml @@ -0,0 +1,78 @@ +#================================================================================== +# Copyright (c) 2019 AT&T Intellectual Property. +# Copyright (c) 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +#================================================================================== + +{{- $imagectx := dict "ctx" . "defaultregistry" .Values.submgr.image.registry }} +{{- $pullpolicyctx := dict "ctx" . "defaultpullpolicy" .Values.submgr.imagePullPolicy }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.deploymentname.submgr" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.submgr" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.submgr.replicaCount }} + selector: + matchLabels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.submgr" . }} + release: {{ .Release.Name }} + template: + metadata: + {{- if .Values.submgr.annotations }} + annotations: + {{- .Values.submgr.annotations | nindent 8 -}} + {{ end }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.submgr" . }} + release: {{ .Release.Name }} + spec: + hostname: {{ include "common.name.submgr" . }} + imagePullSecrets: + - name: {{ include "common.dockerregistry.credential" $imagectx }} + containers: + - name: {{ include "common.containername.submgr" . }} + image: {{ include "common.dockerregistry.url" $imagectx }}/{{ .Values.submgr.image.name }}:{{ .Values.submgr.image.tag }} + imagePullPolicy: {{ include "common.dockerregistry.pullpolicy" $pullpolicyctx }} + command: ["/run_submgr.sh"] + envFrom: + - configMapRef: + name: {{ include "common.configmapname.submgr" . }}-env + ports: + - name: http + containerPort: {{ include "common.serviceport.submgr.http" . }} + protocol: TCP + - name: rmrroute + containerPort: {{ include "common.serviceport.submgr.rmr.route" . }} + protocol: TCP + - name: rmrdata + containerPort: {{ include "common.serviceport.submgr.rmr.data" . }} + protocol: TCP + volumeMounts: + - name: config-volume + mountPath: /cfg + volumes: + - name: config-volume + configMap: + name: submgrcfg + items: + - key: submgrcfg + path: submgr-config.yaml + mode: 0644 + diff --git a/helm/submgr/templates/env.yaml b/helm/submgr/templates/env.yaml new file mode 100644 index 0000000..9e65676 --- /dev/null +++ b/helm/submgr/templates/env.yaml @@ -0,0 +1,29 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.configmapname.submgr" . }}-env +data: + DBAAS_SERVICE_HOST: {{ include "common.servicename.dbaas.tcp" . | quote }} + DBAAS_SERVICE_PORT: {{ include "common.serviceport.dbaas.tcp" . | quote }} + DBAAS_PORT_6379_TCP_ADDR: {{ include "common.servicename.dbaas.tcp" . | quote }} + DBAAS_PORT_6379_TCP_PORT: {{ include "common.serviceport.dbaas.tcp" . | quote }} + RMR_RTG_SVC: {{ include "common.serviceport.submgr.rmr.route" . | quote }} + RMR_SRC_ID: {{ include "common.servicename.submgr.rmr" . }}.{{ include "common.namespace.platform" . }} + CFGFILE: "/cfg/submgr-config.yaml" + SUBMGR_SEED_SN: "1" diff --git a/helm/submgr/templates/service-http.yaml b/helm/submgr/templates/service-http.yaml new file mode 100644 index 0000000..ed2d790 --- /dev/null +++ b/helm/submgr/templates/service-http.yaml @@ -0,0 +1,42 @@ +# +#================================================================================== +# Copyright (c) 2019 AT&T Intellectual Property. +# Copyright (c) 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +#================================================================================== +# +# +# Abstract: Subscription Manager service manifest +# Date: 28 May 2019 +# +kind: Service +apiVersion: v1 +metadata: + name: {{ include "common.servicename.submgr.http" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.submgr" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + selector: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.submgr" . }} + release: {{ .Release.Name }} + clusterIP: None + ports: + - name: http + port: {{ include "common.serviceport.submgr.http" . }} + protocol: TCP + targetPort: http \ No newline at end of file diff --git a/helm/submgr/templates/service-rmr.yaml b/helm/submgr/templates/service-rmr.yaml new file mode 100644 index 0000000..3e8107e --- /dev/null +++ b/helm/submgr/templates/service-rmr.yaml @@ -0,0 +1,47 @@ +# +#================================================================================== +# Copyright (c) 2019 AT&T Intellectual Property. +# Copyright (c) 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +#================================================================================== +# +# +# Abstract: Subscription Manager service manifest +# Date: 28 May 2019 +# +kind: Service +apiVersion: v1 +metadata: + name: {{ include "common.servicename.submgr.rmr" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.submgr" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + selector: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.submgr" . }} + release: {{ .Release.Name }} + clusterIP: None + ports: + - name: rmrdata + port: {{ include "common.serviceport.submgr.rmr.data" . }} + protocol: TCP + targetPort: rmrdata + - name: rmrroute + port: {{ include "common.serviceport.submgr.rmr.route" . }} + protocol: TCP + targetPort: rmrroute + diff --git a/helm/submgr/values.yaml b/helm/submgr/values.yaml new file mode 100644 index 0000000..63aafb6 --- /dev/null +++ b/helm/submgr/values.yaml @@ -0,0 +1,30 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +################################################################# +# Application configuration defaults. +################################################################# +# application image + +submgr: + imagePullPolicy: IfNotPresent + image: + name: ric-plt-submgr + tag: 0.10.7 + registry: "nexus3.o-ran-sc.org:10002/o-ran-sc" + + replicaCount: 1 diff --git a/helm/vespamgr/.helmignore b/helm/vespamgr/.helmignore new file mode 100644 index 0000000..d29b399 --- /dev/null +++ b/helm/vespamgr/.helmignore @@ -0,0 +1,37 @@ +# Copyright (c) 2019 AT&T Intellectual Property. +# Copyright (c) 2019 Nokia. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/vespamgr/Chart.yaml b/helm/vespamgr/Chart.yaml new file mode 100644 index 0000000..5f72daf --- /dev/null +++ b/helm/vespamgr/Chart.yaml @@ -0,0 +1,20 @@ +# Copyright (c) 2019 AT&T Intellectual Property. +# Copyright (c) 2019 Nokia. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: vespamgr +version: 3.0.0 diff --git a/helm/vespamgr/requirements.yaml b/helm/vespamgr/requirements.yaml new file mode 100644 index 0000000..db3a74b --- /dev/null +++ b/helm/vespamgr/requirements.yaml @@ -0,0 +1,21 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +dependencies: + - name: ric-common + version: ~3.0.0 + repository: "@local" diff --git a/helm/vespamgr/templates/deployment.yaml b/helm/vespamgr/templates/deployment.yaml new file mode 100644 index 0000000..ebb1828 --- /dev/null +++ b/helm/vespamgr/templates/deployment.yaml @@ -0,0 +1,73 @@ +# Copyright (c) 2019 AT&T Intellectual Property. +# Copyright (c) 2019 Nokia. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- $imagectx := dict "ctx" . "defaultregistry" .Values.vespamgr.image.registry }} +{{- $pullpolicyctx := dict "ctx" . "defaultpullpolicy" .Values.vespamgr.imagePullPolicy }} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.deploymentname.vespamgr" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.vespamgr" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.vespamgr.replicaCount }} + selector: + matchLabels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.vespamgr" . }} + release: {{ .Release.Name }} + template: + metadata: + {{- if .Values.vespamgr.annotations }} + annotations: + {{- .Values.vespamgr.annotations | nindent 8 -}} + {{ end }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.vespamgr" . }} + release: {{ .Release.Name }} + spec: + hostname: {{ include "common.name.vespamgr" . }} + imagePullSecrets: + - name: {{ include "common.dockerregistry.credential" $imagectx }} + {{- with .Values.vespamgr.nodeselector }} + nodeSelector: {{ toYaml . | trim | nindent 8 -}} + {{- end }} + containers: + - name: {{ include "common.containername.vespamgr" . }} + image: {{ include "common.dockerregistry.url" $imagectx }}/{{ .Values.vespamgr.image.name }}:{{ .Values.vespamgr.image.tag }} + imagePullPolicy: {{ include "common.dockerregistry.pullpolicy" $pullpolicyctx }} + ports: + - name: http + containerPort: {{ include "common.serviceport.vespamgr.http" . }} + protocol: TCP + envFrom: + - configMapRef: + name: {{ include "common.configmapname.vespamgr" . }} + - secretRef: + name: vespa-secrets + env: + - name: VESMGR_APPMGRDOMAIN + value: appmgr-service + livenessProbe: + httpGet: + path: /supervision + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 60 + timeoutSeconds: 20 + diff --git a/helm/vespamgr/templates/secret.yaml b/helm/vespamgr/templates/secret.yaml new file mode 100644 index 0000000..3473c4b --- /dev/null +++ b/helm/vespamgr/templates/secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: vespa-secrets +type: Opaque +data: + VESMGR_PRICOLLECTOR_USER: "c2FtcGxlMQo=" + VESMGR_PRICOLLECTOR_PASSWORD: "c2FtcGxlMQo=" diff --git a/helm/vespamgr/templates/service.yaml b/helm/vespamgr/templates/service.yaml new file mode 100644 index 0000000..cb26519 --- /dev/null +++ b/helm/vespamgr/templates/service.yaml @@ -0,0 +1,35 @@ +# Copyright (c) 2019 AT&T Intellectual Property. +# Copyright (c) 2019 Nokia. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename.vespamgr.http" . }} + namespace: {{ include "common.namespace.platform" . }} + labels: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.vespamgr" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + ports: + - port: {{ include "common.serviceport.vespamgr.http" . }} + protocol: "TCP" + name: "http" + targetPort: "http" + selector: + app: {{ include "common.namespace.platform" . }}-{{ include "common.name.vespamgr" . }} + release: {{ .Release.Name }} diff --git a/helm/vespamgr/templates/vespa-config.yaml b/helm/vespamgr/templates/vespa-config.yaml new file mode 100644 index 0000000..3159db4 --- /dev/null +++ b/helm/vespamgr/templates/vespa-config.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.configmapname.vespamgr" . }} + namespace: {{ include "common.namespace.platform" . }} +data: + VESMGR_HB_INTERVAL: "60s" + VESMGR_MEAS_INTERVAL: "30s" + VESMGR_PRICOLLECTOR_ADDR: {{ include "common.ingresscontroller.url.aux" . | quote }} + VESMGR_PRICOLLECTOR_SERVERROOT: {{ include "common.kongpath.aux.vescollector" . | quote }} + VESMGR_PRICOLLECTOR_PORT: {{ include "common.ingresscontroller.port.https" . | quote }} + VESMGR_PRICOLLECTOR_SECURE: "false" + VESMGR_PROMETHEUS_ADDR: {{ .Values.vespamgr.prometheusurl }} diff --git a/helm/vespamgr/values.yaml b/helm/vespamgr/values.yaml new file mode 100644 index 0000000..a241eaf --- /dev/null +++ b/helm/vespamgr/values.yaml @@ -0,0 +1,35 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +################################################################# +# Application configuration defaults. +################################################################# + +vespamgr: + imagePullPolicy: IfNotPresent + replicaCount: 1 + image: + name: ric-plt-vespamgr + tag: 0.0.8 + registry: "nexus3.o-ran-sc.org:10002/o-ran-sc" + + # Service ports are now defined in + # ric-common/Common-Template/helm/ric-common/templates/_ports.tpl file. + # If need to change a service port, make the code change necessary, then + # update the _ports.tpl file with the new port number. + + prometheusurl: "http://rec-prometheus-server.default" -- 2.16.6