From 8ae5e5da06fcdfe30d719497ecbb4b41bf286df7 Mon Sep 17 00:00:00 2001 From: Zhe Huang Date: Sat, 29 Jun 2019 02:31:10 -0400 Subject: [PATCH] Update nexus helm charts. Docker and helm repos are exposed using separated ingress URL and external service endpoints. Signed-off-by: Zhe Huang Change-Id: I5f27b2735a4583249a6b0a5bc66e90ee4f87c961 --- .../helm/ext/templates/services-docker.yaml | 45 ++++++++++++++++ .../helm/ext/templates/services-helm.yaml | 45 ++++++++++++++++ .../{services.yaml => services-platform.yaml} | 29 ---------- .../helm/ext/templates/services-xapp.yaml | 45 ++++++++++++++++ ric-infra/10-Nexus/bin/clear_nexus_data_path | 48 +++++++++++++++++ ric-infra/10-Nexus/bin/install | 62 ++-------------------- ric-infra/10-Nexus/etc/nexus.conf | 6 +-- .../10-Nexus/helm/templates/_gen-cert.tpl | 49 ++++++++--------- ric-infra/10-Nexus/helm/templates/_helpers.tpl | 49 ----------------- ric-infra/10-Nexus/helm/templates/deployment.yaml | 43 ++++++--------- .../{ingress.yaml => docker-ingress.yaml} | 21 ++------ .../{helmingress.yaml => helm-ingress.yaml} | 17 +++--- .../{save-secret-job.yaml => job-save-certs.yaml} | 14 +++-- .../10-Nexus/helm/templates/nexus-ingress.yaml | 32 +++++++++++ .../10-Nexus/helm/templates/persistentVolume.yaml | 8 +-- .../helm/templates/persistentVolumeClaim.yaml | 6 +-- .../10-Nexus/helm/templates/secret-docker.yaml | 9 +--- ric-infra/10-Nexus/helm/templates/secret-helm.yaml | 9 +--- .../10-Nexus/helm/templates/secret-nexus.yaml | 27 ++++++++++ ric-infra/10-Nexus/helm/templates/service.yaml | 13 ++--- .../10-Nexus/helm/templates/storageClass.yaml | 2 +- ric-infra/10-Nexus/helm/values.yaml | 44 +++++++-------- ric-infra/20-Monitoring/etc/elfkp.conf | 4 +- .../55-Ext-Services/helm/ext/templates/_helper.tpl | 51 ------------------ .../templates/{services.yaml => services-aux.yaml} | 0 .../helm/ext/templates/services-docker.yaml | 45 ++++++++++++++++ .../helm/ext/templates/services-helm.yaml | 45 ++++++++++++++++ 27 files changed, 436 insertions(+), 332 deletions(-) create mode 100644 ric-aux/85-Ext-Services/helm/ext/templates/services-docker.yaml create mode 100644 ric-aux/85-Ext-Services/helm/ext/templates/services-helm.yaml rename ric-aux/85-Ext-Services/helm/ext/templates/{services.yaml => services-platform.yaml} (70%) create mode 100644 ric-aux/85-Ext-Services/helm/ext/templates/services-xapp.yaml create mode 100755 ric-infra/10-Nexus/bin/clear_nexus_data_path rename ric-aux/85-Ext-Services/helm/ext/templates/_helper.tpl => ric-infra/10-Nexus/helm/templates/_gen-cert.tpl (56%) delete mode 100644 ric-infra/10-Nexus/helm/templates/_helpers.tpl rename ric-infra/10-Nexus/helm/templates/{ingress.yaml => docker-ingress.yaml} (70%) rename ric-infra/10-Nexus/helm/templates/{helmingress.yaml => helm-ingress.yaml} (77%) rename ric-infra/10-Nexus/helm/templates/{save-secret-job.yaml => job-save-certs.yaml} (79%) create mode 100644 ric-infra/10-Nexus/helm/templates/nexus-ingress.yaml create mode 100644 ric-infra/10-Nexus/helm/templates/secret-nexus.yaml delete mode 100644 ric-platform/55-Ext-Services/helm/ext/templates/_helper.tpl rename ric-platform/55-Ext-Services/helm/ext/templates/{services.yaml => services-aux.yaml} (100%) create mode 100644 ric-platform/55-Ext-Services/helm/ext/templates/services-docker.yaml create mode 100644 ric-platform/55-Ext-Services/helm/ext/templates/services-helm.yaml diff --git a/ric-aux/85-Ext-Services/helm/ext/templates/services-docker.yaml b/ric-aux/85-Ext-Services/helm/ext/templates/services-docker.yaml new file mode 100644 index 00000000..8d6eb016 --- /dev/null +++ b/ric-aux/85-Ext-Services/helm/ext/templates/services-docker.yaml @@ -0,0 +1,45 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +kind: "Service" +apiVersion: "v1" +metadata: + name: {{ include "common.ingressurl.localdocker" . }} + namespace: {{ include "common.namespace" . }} +spec: + ports: + - name: {{ include "common.ingressurl.localdocker" . }}-http-ingress-port + protocol: "TCP" + port: 80 + - name: {{ include "common.ingressurl.localdocker" . }}-https-ingress-port + protocol: "TCP" + port: 443 +--- +kind: "Endpoints" +apiVersion: "v1" +metadata: + # match with the selector-less service + name: {{ include "common.ingressurl.localdocker" . }} + namespace: {{ include "common.namespace" . }} +subsets: + - addresses: + - ip: "{{ .Values.ext.ip }}" + ports: + - port: {{ include "common.ingresshttpport.ricinfra" . }} + name: {{ include "common.ingressurl.localdocker" . }}-http-ingress-port + - port: {{ include "common.ingresshttpsport.ricinfra" . }} + name: {{ include "common.ingressurl.localdocker" . }}-https-ingress-port diff --git a/ric-aux/85-Ext-Services/helm/ext/templates/services-helm.yaml b/ric-aux/85-Ext-Services/helm/ext/templates/services-helm.yaml new file mode 100644 index 00000000..11ab1d8c --- /dev/null +++ b/ric-aux/85-Ext-Services/helm/ext/templates/services-helm.yaml @@ -0,0 +1,45 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +kind: "Service" +apiVersion: "v1" +metadata: + name: {{ include "common.ingressurl.localhelm" . }} + namespace: {{ include "common.namespace" . }} +spec: + ports: + - name: {{ include "common.ingressurl.localhelm" . }}-http-ingress-port + protocol: "TCP" + port: 80 + - name: {{ include "common.ingressurl.localhelm" . }}-https-ingress-port + protocol: "TCP" + port: 443 +--- +kind: "Endpoints" +apiVersion: "v1" +metadata: + # match with the selector-less service + name: {{ include "common.ingressurl.localhelm" . }} + namespace: {{ include "common.namespace" . }} +subsets: + - addresses: + - ip: "{{ .Values.ext.ip }}" + ports: + - port: {{ include "common.ingresshttpport.ricinfra" . }} + name: {{ include "common.ingressurl.localhelm" . }}-http-ingress-port + - port: {{ include "common.ingresshttpsport.ricinfra" . }} + name: {{ include "common.ingressurl.localhelm" . }}-https-ingress-port diff --git a/ric-aux/85-Ext-Services/helm/ext/templates/services.yaml b/ric-aux/85-Ext-Services/helm/ext/templates/services-platform.yaml similarity index 70% rename from ric-aux/85-Ext-Services/helm/ext/templates/services.yaml rename to ric-aux/85-Ext-Services/helm/ext/templates/services-platform.yaml index e9b894a3..f1978186 100644 --- a/ric-aux/85-Ext-Services/helm/ext/templates/services.yaml +++ b/ric-aux/85-Ext-Services/helm/ext/templates/services-platform.yaml @@ -43,32 +43,3 @@ subsets: name: {{ include "common.ingressurl.ricplt" . }}-http-ingress-port - port: {{ include "common.ingresshttpsport.ricplt" . }} name: {{ include "common.ingressurl.ricplt" . }}-https-ingress-port ---- -kind: "Service" -apiVersion: "v1" -metadata: - name: {{ include "common.ingressurl.ricxapp" . }} - namespace: {{ include "common.namespace" . }} -spec: - ports: - - name: {{ include "common.ingressurl.ricxapp" . }}-http-ingress-port - protocol: "TCP" - port: 80 - - name: {{ include "common.ingressurl.ricxapp" . }}-https-ingress-port - protocol: "TCP" - port: 443 ---- -kind: "Endpoints" -apiVersion: "v1" -metadata: - # match with the selector-less service - name: {{ include "common.ingressurl.ricxapp" . }} - namespace: {{ include "common.namespace" . }} -subsets: - - addresses: - - ip: "{{ .Values.ext.ip }}" - ports: - - port: {{ include "common.ingresshttpport.ricxapp" . }} - name: {{ include "common.ingressurl.ricxapp" . }}-http-ingress-port - - port: {{ include "common.ingresshttpsport.ricxapp" . }} - name: {{ include "common.ingressurl.ricxapp" . }}-https-ingress-port \ No newline at end of file diff --git a/ric-aux/85-Ext-Services/helm/ext/templates/services-xapp.yaml b/ric-aux/85-Ext-Services/helm/ext/templates/services-xapp.yaml new file mode 100644 index 00000000..f644588d --- /dev/null +++ b/ric-aux/85-Ext-Services/helm/ext/templates/services-xapp.yaml @@ -0,0 +1,45 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +kind: "Service" +apiVersion: "v1" +metadata: + name: {{ include "common.ingressurl.ricxapp" . }} + namespace: {{ include "common.namespace" . }} +spec: + ports: + - name: {{ include "common.ingressurl.ricxapp" . }}-http-ingress-port + protocol: "TCP" + port: 80 + - name: {{ include "common.ingressurl.ricxapp" . }}-https-ingress-port + protocol: "TCP" + port: 443 +--- +kind: "Endpoints" +apiVersion: "v1" +metadata: + # match with the selector-less service + name: {{ include "common.ingressurl.ricxapp" . }} + namespace: {{ include "common.namespace" . }} +subsets: + - addresses: + - ip: "{{ .Values.ext.ip }}" + ports: + - port: {{ include "common.ingresshttpport.ricxapp" . }} + name: {{ include "common.ingressurl.ricxapp" . }}-http-ingress-port + - port: {{ include "common.ingresshttpsport.ricxapp" . }} + name: {{ include "common.ingressurl.ricxapp" . }}-https-ingress-port diff --git a/ric-infra/10-Nexus/bin/clear_nexus_data_path b/ric-infra/10-Nexus/bin/clear_nexus_data_path new file mode 100755 index 00000000..cd3684e2 --- /dev/null +++ b/ric-infra/10-Nexus/bin/clear_nexus_data_path @@ -0,0 +1,48 @@ +#!/bin/bash +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +OVERRIDEYAML=$1 +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" + + + + + + +if [ -z $OVERRIDEYAML ]; then + + DATAPATH=$(cat $DIR/../helm/values.yaml | awk '/^.*datapath:.*/{ print $2;}') + +else + + DATAPATH=$(cat $OVERRIDEYAML | awk '/^.*datapath:.*/{ print $2;}') + + + if [ -z $DATAPATH ]; then + DATAPATH=$(cat $DIR/../helm/values.yaml | awk '/^.*datapath:.*/{ print $2;}') + fi + +fi + + rm -rf $DATAPATH + + mkdir -p $DATAPATH + + + chmod -R a+rwx $DATAPATH + diff --git a/ric-infra/10-Nexus/bin/install b/ric-infra/10-Nexus/bin/install index 452924b9..f160a48e 100755 --- a/ric-infra/10-Nexus/bin/install +++ b/ric-infra/10-Nexus/bin/install @@ -32,11 +32,6 @@ if [ -z "$RICINFRA_NAMESPACE" ];then else NAMESPACE=$RICINFRA_NAMESPACE fi -if [ -z "$INGRESS_PORT" ];then - INGRESS_PORT_NEXUS=$ingress_port -else - INGRESS_PORT_NEXUS=$INGRESS_PORT -fi @@ -44,37 +39,22 @@ echo "Deploying nexus repo managers for local docker registry and helm repo." echo "Name Space: $NAMESPACE" echo "Helm Release: $RELEASE_NAME" -HOSTPOSTFIX=$(cat $DIR/../helm/values.yaml | grep hostpostfix | awk '{print $2}') - - -echo "****************************************************************************************************************" -echo " WARNING " -echo "****************************************************************************************************************" - -echo "Nexus is deployed using default admin password. It is not for production deployment." -echo "If you want to secure the repositories, you should change the admin password immediately." -echo "You can access this nexus here: http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS" -echo "If nexus.$HOSTPOSTFIX is not resolved by your DNS server, please add an entry in your /etc/hosts file." -echo "****************************************************************************************************************" - -. ./deploy_nexus_data $OVERRIDEYAML NODENAME=$(kubectl get node | awk 'NR==2{print $1}') kubectl label --overwrite nodes $NODENAME nexus-node=enable +. ./clear_nexus_data_path - - -COMMON_CHART_VERSION=$(cat $DIR/../../../ric-platform/50-RIC-Platform/helm/common/Chart.yaml | grep version | awk '{print $2}') -helm package -d /tmp $DIR/../../../ric-platform/50-RIC-Platform/helm/common +COMMON_CHART_VERSION=$(cat $DIR/../../../ric-common/Common-Template/helm/ric-common/Chart.yaml | grep version | awk '{print $2}') +helm package -d /tmp $DIR/../../../ric-common/Common-Template/helm/ric-common mkdir -p $DIR/../helm/charts/ -cp /tmp/common-$COMMON_CHART_VERSION.tgz $DIR/../helm/charts/ +cp /tmp/ric-common-$COMMON_CHART_VERSION.tgz $DIR/../helm/charts/ if [ -z $OVERRIDEYAML ]; then helm install --namespace "${NAMESPACE}" --name "${RELEASE_NAME}-nexus" $DIR/../helm @@ -84,38 +64,4 @@ fi -NEXUS_POD_NAME=$(kubectl get pod -n $NAMESPACE | grep nexus | grep -v "Terminating" | awk '{print $1}') - - -echo "Waiting Nexus to be ready." -echo " " - -sleep 10 - -IS_NEXUS_READY=$(kubectl logs -n $NAMESPACE $NEXUS_POD_NAME | grep "Started Sonatype Nexus OSS") - -COUNTER=1 -while [[ -z $IS_NEXUS_READY ]]; do - echo -e "\033[2AWaiting Nexus to be ready." - echo -e "\033[2K" - PROGRESS=$(printf "%0.s-" $(seq 1 $COUNTER)) - echo -e "\033[1A$PROGRESS" - - - COUNTER=$((COUNTER+1)) - if [ $COUNTER -gt 5 ]; then - COUNTER=1 - fi - - IS_NEXUS_READY=$(kubectl logs -n $NAMESPACE $NEXUS_POD_NAME | grep "Started Sonatype Nexus OSS") - - sleep 5 -done - -echo $IS_NEXUS_READY - - -. ./change_password $OVERRIDEYAML - - diff --git a/ric-infra/10-Nexus/etc/nexus.conf b/ric-infra/10-Nexus/etc/nexus.conf index ce00f724..f706d463 100644 --- a/ric-infra/10-Nexus/etc/nexus.conf +++ b/ric-infra/10-Nexus/etc/nexus.conf @@ -23,11 +23,7 @@ helm_release_name=r0 # namespace defines the namespace that helm will use to deploy nexus # It will be overrided by RICINFRA_NAMESPACE -namespace=ric-infra - -# ingress port number of the K8S cluster -# It will be overrided by INGRESS_PORT -ingress_port=30000 +namespace=ricinfra default_admin_password=admin123 diff --git a/ric-aux/85-Ext-Services/helm/ext/templates/_helper.tpl b/ric-infra/10-Nexus/helm/templates/_gen-cert.tpl similarity index 56% rename from ric-aux/85-Ext-Services/helm/ext/templates/_helper.tpl rename to ric-infra/10-Nexus/helm/templates/_gen-cert.tpl index 64a5876c..c2755bbb 100644 --- a/ric-aux/85-Ext-Services/helm/ext/templates/_helper.tpl +++ b/ric-infra/10-Nexus/helm/templates/_gen-cert.tpl @@ -13,39 +13,32 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # # See the License for the specific language governing permissions and # # limitations under the License. # -################################################################################ +################################################################################i -{{/* vim: set filetype=mustache: */}} {{/* -Expand the name of the chart. +Generate certificates for the docker registry */}} -{{- define "ext.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- define "nexus.gen-docker-cert" -}} +{{- $altNames := list ( include "common.ingressurl.localdocker" . ) -}} +{{- $ca := genCA "docker-registry-ca" 365 -}} +{{- $cert := genSignedCert ( include "common.ingressurl.localdocker" . ) nil $altNames 365 $ca -}} +tls.crt: {{ $cert.Cert | b64enc }} +tls.key: {{ $cert.Key | b64enc }} {{- end -}} -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec) -. -If release name contains chart name it will be used as a full name. -*/}} -{{- define "ext.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} +{{- define "nexus.gen-helm-cert" -}} +{{- $altNames := list ( include "common.ingressurl.localhelm" . ) -}} +{{- $ca := genCA "docker-registry-ca" 365 -}} +{{- $cert := genSignedCert ( include "common.ingressurl.localhelm" . ) nil $altNames 365 $ca -}} +tls.crt: {{ $cert.Cert | b64enc }} +tls.key: {{ $cert.Key | b64enc }} {{- end -}} -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "ext.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- define "nexus.gen-nexus-cert" -}} +{{- $altNames := list ( include "common.ingressurl.localnexus" . ) -}} +{{- $ca := genCA "docker-registry-ca" 365 -}} +{{- $cert := genSignedCert ( include "common.ingressurl.localnexus" . ) nil $altNames 365 $ca -}} +tls.crt: {{ $cert.Cert | b64enc }} +tls.key: {{ $cert.Key | b64enc }} +{{- end -}} diff --git a/ric-infra/10-Nexus/helm/templates/_helpers.tpl b/ric-infra/10-Nexus/helm/templates/_helpers.tpl deleted file mode 100644 index fba2b965..00000000 --- a/ric-infra/10-Nexus/helm/templates/_helpers.tpl +++ /dev/null @@ -1,49 +0,0 @@ -################################################################################ -# Copyright (c) 2019 AT&T Intellectual Property. # -# Copyright (c) 2019 Nokia. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "nexus.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "nexus.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nexus.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/ric-infra/10-Nexus/helm/templates/deployment.yaml b/ric-infra/10-Nexus/helm/templates/deployment.yaml index 2ba358c2..f76899f2 100644 --- a/ric-infra/10-Nexus/helm/templates/deployment.yaml +++ b/ric-infra/10-Nexus/helm/templates/deployment.yaml @@ -18,38 +18,43 @@ apiVersion: apps/v1beta2 kind: Deployment metadata: - name: {{ template "nexus.fullname" . }} + name: {{ include "common.deploymentname.nexus" .}} labels: - app: {{ template "nexus.name" . }} - chart: {{ template "nexus.chart" . }} + app: {{ include "common.namespace" . }}-{{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: - replicas: {{ .Values.replicaCount }} + replicas: {{ .Values.nexus.replicaCount }} selector: matchLabels: - app: {{ template "nexus.name" . }} + app: {{ include "common.namespace" . }}-{{ include "common.name" . }} release: {{ .Release.Name }} template: metadata: labels: - app: {{ template "nexus.name" . }} + app: {{ include "common.namespace" . }}-{{ include "common.name" . }} release: {{ .Release.Name }} spec: + hostname: {{ .Chart.Name }} + imagePullSecrets: + - name: {{ include "common.repositoryCred" . }} containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + - name: {{ include "common.namespace" . }}-{{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.nexus.image.name }}:{{ .Values.nexus.image.tag }} + imagePullPolicy: {{ include "common.pullPolicy" . }} # volumeMounts: #- name: certs # mountPath: /var/run/certs # readOnly: true ports: - name: nexus - containerPort: 8081 + containerPort: {{ .Values.nexus.service.nexus.containerPort }} + #containerPort: 8081 protocol: TCP - name: docker - containerPort: 10001 + containerPort: {{ .Values.nexus.service.docker.containerPort }} + #containerPort: 10001 protocol: TCP volumeMounts: - name: nexus-config @@ -57,18 +62,4 @@ spec: volumes: - name: nexus-config persistentVolumeClaim: - claimName: nexus-claim - - - # livenessProbe: - # httpGet: - # path: / - # port: nexus -# readinessProbe: -# httpGet: -# path: / -# port: http -# volumes: -# - name: certs -# secret: -# secretName: {{ template "nexus.name" . }}-certs + claimName: pvc-{{ include "common.name.nexus" . }} diff --git a/ric-infra/10-Nexus/helm/templates/ingress.yaml b/ric-infra/10-Nexus/helm/templates/docker-ingress.yaml similarity index 70% rename from ric-infra/10-Nexus/helm/templates/ingress.yaml rename to ric-infra/10-Nexus/helm/templates/docker-ingress.yaml index d1bbf2af..eda06639 100644 --- a/ric-infra/10-Nexus/helm/templates/ingress.yaml +++ b/ric-infra/10-Nexus/helm/templates/docker-ingress.yaml @@ -17,27 +17,16 @@ apiVersion: extensions/v1beta1 kind: Ingress metadata: - name: {{ include "nexus.fullname" . }} - labels: - app: {{ template "nexus.name" . }} - chart: {{ template "nexus.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + name: {{ include "common.ingressname.nexus" . }}-docker spec: tls: - hosts: - - docker.{{ .Values.ingress.hostpostfix }} - secretName: {{ include "common.repositorycert" . }} + - {{ include "common.ingressurl.localdocker" . }} + secretName: secret-{{ include "common.name.nexus" . }}-docker rules: - - host: nexus.{{ .Values.ingress.hostpostfix }} + - host: {{ include "common.ingressurl.localdocker" . }} http: paths: - backend: - serviceName: {{ include "nexus.fullname" . }} - servicePort: nexus - - host: docker.{{ .Values.ingress.hostpostfix }} - http: - paths: - - backend: - serviceName: {{ include "nexus.fullname" . }} + serviceName: {{ include "common.servicename.nexus.http" . }} servicePort: docker diff --git a/ric-infra/10-Nexus/helm/templates/helmingress.yaml b/ric-infra/10-Nexus/helm/templates/helm-ingress.yaml similarity index 77% rename from ric-infra/10-Nexus/helm/templates/helmingress.yaml rename to ric-infra/10-Nexus/helm/templates/helm-ingress.yaml index 291a1030..22e19380 100644 --- a/ric-infra/10-Nexus/helm/templates/helmingress.yaml +++ b/ric-infra/10-Nexus/helm/templates/helm-ingress.yaml @@ -19,22 +19,17 @@ kind: Ingress metadata: annotations: nginx.ingress.kubernetes.io/rewrite-target: /repository/helm.local/ - name: {{ include "nexus.fullname" . }}-helm - labels: - app: {{ template "nexus.name" . }} - chart: {{ template "nexus.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + name: {{ include "common.ingressname.nexus" . }}-helm spec: tls: - hosts: - - helm.{{ .Values.ingress.hostpostfix }} - secretName: {{ include "common.helmrepositorycert" . }} + - {{ include "common.ingressurl.localhelm" . }} + secretName: secret-{{ include "common.name.nexus" . }}-helm rules: - - host: helm.{{ .Values.ingress.hostpostfix }} + - host: {{ include "common.ingressurl.localhelm" . }} http: paths: - backend: - serviceName: {{ include "nexus.fullname" . }} - servicePort: nexus + serviceName: {{ include "common.servicename.nexus.http" . }} + servicePort: helm path: / diff --git a/ric-infra/10-Nexus/helm/templates/save-secret-job.yaml b/ric-infra/10-Nexus/helm/templates/job-save-certs.yaml similarity index 79% rename from ric-infra/10-Nexus/helm/templates/save-secret-job.yaml rename to ric-infra/10-Nexus/helm/templates/job-save-certs.yaml index 1d0e1be2..6ed84d13 100644 --- a/ric-infra/10-Nexus/helm/templates/save-secret-job.yaml +++ b/ric-infra/10-Nexus/helm/templates/job-save-certs.yaml @@ -18,14 +18,14 @@ apiVersion: batch/v1 kind: Job metadata: - name: cert-copy + name: job-{{ include "common.name.nexus" . }}-save-certs spec: template: spec: containers: - name: cert-copy image: alpine - command: [ "/bin/sh","-c","cp -rL /var/run/dockercerts/..data/tls.crt /var/run/certs-copy/dockertls.crt && cp -rL /var/run/helmcerts/..data/tls.crt /var/run/certs-copy/helmtls.crt"] + command: [ "/bin/sh","-c","cp -rL /var/run/dockercerts/..data/tls.crt /var/run/certs-copy/dockertls.crt && cp -rL /var/run/helmcerts/..data/tls.crt /var/run/certs-copy/helmtls.crt && cp -rL /var/run/nexuscerts/..data/tls.crt /var/run/certs-copy/nexustls.crt"] # command: ["tail", "-f", "/dev/null"] volumeMounts: - name: dockercerts @@ -34,15 +34,21 @@ spec: - name: helmcerts mountPath: /var/run/helmcerts readOnly: true + - name: nexuscerts + mountPath: /var/run/nexuscerts + readOnly: true - name: write-to-volume mountPath: /var/run/certs-copy volumes: - name: dockercerts secret: - secretName: {{ include "common.repositorycert" . }} + secretName: secret-{{ include "common.name.nexus" . }}-docker - name: helmcerts secret: - secretName: {{ include "common.helmrepositorycert" . }} + secretName: secret-{{ include "common.name.nexus" . }}-helm + - name: nexuscerts + secret: + secretName: secret-{{ include "common.name.nexus" . }}-nexus - name: write-to-volume hostPath: path: /tmp diff --git a/ric-infra/10-Nexus/helm/templates/nexus-ingress.yaml b/ric-infra/10-Nexus/helm/templates/nexus-ingress.yaml new file mode 100644 index 00000000..b109c068 --- /dev/null +++ b/ric-infra/10-Nexus/helm/templates/nexus-ingress.yaml @@ -0,0 +1,32 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "common.ingressname.nexus" . }}-nexus +spec: + tls: + - hosts: + - {{ include "common.ingressurl.localnexus" . }} + secretName: secret-{{ include "common.name.nexus" . }}-nexus + rules: + - host: {{ include "common.ingressurl.localnexus" . }} + http: + paths: + - backend: + serviceName: {{ include "common.servicename.nexus.http" . }} + servicePort: nexus diff --git a/ric-infra/10-Nexus/helm/templates/persistentVolume.yaml b/ric-infra/10-Nexus/helm/templates/persistentVolume.yaml index dfdbd21c..08861a74 100644 --- a/ric-infra/10-Nexus/helm/templates/persistentVolume.yaml +++ b/ric-infra/10-Nexus/helm/templates/persistentVolume.yaml @@ -1,16 +1,16 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: nexus3-configuration + name: pv-{{ include "common.name.nexus" . }} spec: capacity: - storage: {{ .Values.storagesize }} + storage: {{ .Values.nexus.storagesize }} accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain - storageClassName: nexus3-storage + storageClassName: storageclass-{{ include "common.name.nexus" . }} local: - path: {{ .Values.datapath }} + path: {{ .Values.nexus.datapath }} nodeAffinity: required: nodeSelectorTerms: diff --git a/ric-infra/10-Nexus/helm/templates/persistentVolumeClaim.yaml b/ric-infra/10-Nexus/helm/templates/persistentVolumeClaim.yaml index b0f29ba4..0133e09f 100644 --- a/ric-infra/10-Nexus/helm/templates/persistentVolumeClaim.yaml +++ b/ric-infra/10-Nexus/helm/templates/persistentVolumeClaim.yaml @@ -1,11 +1,11 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: nexus-claim + name: pvc-{{ include "common.name.nexus" . }} spec: accessModes: - ReadWriteOnce - storageClassName: nexus3-storage + storageClassName: storageclass-{{ include "common.name.nexus" . }} resources: requests: - storage: {{ .Values.storagesize }} + storage: {{ .Values.nexus.storagesize }} diff --git a/ric-infra/10-Nexus/helm/templates/secret-docker.yaml b/ric-infra/10-Nexus/helm/templates/secret-docker.yaml index d113b382..0dec66ca 100644 --- a/ric-infra/10-Nexus/helm/templates/secret-docker.yaml +++ b/ric-infra/10-Nexus/helm/templates/secret-docker.yaml @@ -19,14 +19,9 @@ apiVersion: v1 kind: Secret type: kubernetes.io/tls metadata: - name: {{ include "common.repositorycert" . }} - labels: - app: {{ template "nexus.name" . }} - chart: {{ template "nexus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} + name: secret-{{ include "common.name.nexus" . }}-docker annotations: "helm.sh/hook": "pre-install" "helm.sh/hook-delete-policy": "before-hook-creation" data: -{{ ( include "common.repository.gen-certs" . ) | indent 2 }} +{{ ( include "nexus.gen-docker-cert" . ) | indent 2 }} diff --git a/ric-infra/10-Nexus/helm/templates/secret-helm.yaml b/ric-infra/10-Nexus/helm/templates/secret-helm.yaml index 49e47da6..ce7bec62 100644 --- a/ric-infra/10-Nexus/helm/templates/secret-helm.yaml +++ b/ric-infra/10-Nexus/helm/templates/secret-helm.yaml @@ -19,14 +19,9 @@ apiVersion: v1 kind: Secret type: kubernetes.io/tls metadata: - name: {{ include "common.helmrepositorycert" . }} - labels: - app: {{ template "nexus.name" . }} - chart: {{ template "nexus.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} + name: secret-{{ include "common.name.nexus" . }}-helm annotations: "helm.sh/hook": "pre-install" "helm.sh/hook-delete-policy": "before-hook-creation" data: -{{ ( include "common.helmrepository.gen-certs" . ) | indent 2 }} +{{ ( include "nexus.gen-helm-cert" . ) | indent 2 }} diff --git a/ric-infra/10-Nexus/helm/templates/secret-nexus.yaml b/ric-infra/10-Nexus/helm/templates/secret-nexus.yaml new file mode 100644 index 00000000..680e1235 --- /dev/null +++ b/ric-infra/10-Nexus/helm/templates/secret-nexus.yaml @@ -0,0 +1,27 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +kind: Secret +type: kubernetes.io/tls +metadata: + name: secret-{{ include "common.name.nexus" . }}-nexus + annotations: + "helm.sh/hook": "pre-install" + "helm.sh/hook-delete-policy": "before-hook-creation" +data: +{{ ( include "nexus.gen-nexus-cert" . ) | indent 2 }} diff --git a/ric-infra/10-Nexus/helm/templates/service.yaml b/ric-infra/10-Nexus/helm/templates/service.yaml index 796206f2..75afbb94 100644 --- a/ric-infra/10-Nexus/helm/templates/service.yaml +++ b/ric-infra/10-Nexus/helm/templates/service.yaml @@ -18,23 +18,24 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "nexus.fullname" . }} + name: {{ include "common.servicename.nexus.http" . }} + namespace: {{ include "common.namespace" . }} labels: - app: {{ template "nexus.name" . }} - chart: {{ template "nexus.chart" . }} + app: {{ include "common.namespace" . }}-{{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: type: ClusterIP ports: - - port: {{ .Values.service.port.nexus }} + - port: {{ .Values.nexus.service.nexus.port }} targetPort: nexus protocol: TCP name: nexus - - port: {{ .Values.service.port.docker }} + - port: {{ .Values.nexus.service.docker.port }} targetPort: docker protocol: TCP name: docker selector: - app: {{ template "nexus.name" . }} + app: {{ include "common.namespace" . }}-{{ include "common.name" . }} release: {{ .Release.Name }} diff --git a/ric-infra/10-Nexus/helm/templates/storageClass.yaml b/ric-infra/10-Nexus/helm/templates/storageClass.yaml index 97ccd0f9..7a5b988d 100644 --- a/ric-infra/10-Nexus/helm/templates/storageClass.yaml +++ b/ric-infra/10-Nexus/helm/templates/storageClass.yaml @@ -1,6 +1,6 @@ kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: - name: nexus3-storage + name: storageclass-{{ include "common.name.nexus" . }} provisioner: kubernetes.io/no-provisioner volumeBindingMode: WaitForFirstConsumer diff --git a/ric-infra/10-Nexus/helm/values.yaml b/ric-infra/10-Nexus/helm/values.yaml index 31f8a72c..91ba957c 100644 --- a/ric-infra/10-Nexus/helm/values.yaml +++ b/ric-infra/10-Nexus/helm/values.yaml @@ -18,36 +18,30 @@ # Default values for nexus. # This is a YAML-formatted file. # Declare variables to be passed into your templates. - -replicaCount: 1 - -# This is the name of K8S secret that contains the docker registry cert -# You can override this by using -# repositoryCertOverride: "" -repositoryCert: docker-reg-certs - -# This is the name of K8S secret that contains the helm repository cert -# You can override this by using -# helmRepositoryCertOverride: "" +repository: "nexus3.o-ran-sc.org:10004" +imagePullPolicy: IfNotPresent +repositoryCred: docker-reg-cred helmRepositoryCert: xapp-mgr-certs +nexus: + replicaCount: 1 -# This is the admin password -adminPassword: admin123 + # This is the admin password + adminPassword: admin123 # This is designed to be deployed using local image -image: - repository: nexus-repository-helm-apt - tag: 1.0.0 - pullPolicy: Never + image: + name: nexus-repository-helm-apt + tag: 1.0.0 -service: - port: - nexus: 80 - docker: 10001 -ingress: - hostpostfix: ricinfra.local + service: + nexus: + port: 80 + containerPort: 8081 + docker: + port: 10001 + containerPort: 10001 -storagesize: 20Gi -datapath: /tmp/nexus3-data/ + storagesize: 20Gi + datapath: /tmp/nexus3-data/ diff --git a/ric-infra/20-Monitoring/etc/elfkp.conf b/ric-infra/20-Monitoring/etc/elfkp.conf index e9e4100d..700ad791 100644 --- a/ric-infra/20-Monitoring/etc/elfkp.conf +++ b/ric-infra/20-Monitoring/etc/elfkp.conf @@ -18,8 +18,8 @@ # helm_release_name defines the release name helm will use to deploy RIC # It will be overrided by RICAUX_RELEASE_NAME -helm_release_name=ttt +helm_release_name=r0 # namespace defines the namespace that helm will use to deploy RIC # It will be overrided by RICAUX_NAMESPACE -namespace=ricmon +namespace=ricinfra diff --git a/ric-platform/55-Ext-Services/helm/ext/templates/_helper.tpl b/ric-platform/55-Ext-Services/helm/ext/templates/_helper.tpl deleted file mode 100644 index 64a5876c..00000000 --- a/ric-platform/55-Ext-Services/helm/ext/templates/_helper.tpl +++ /dev/null @@ -1,51 +0,0 @@ -################################################################################ -# Copyright (c) 2019 AT&T Intellectual Property. # -# Copyright (c) 2019 Nokia. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "ext.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec) -. -If release name contains chart name it will be used as a full name. -*/}} -{{- define "ext.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "ext.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - diff --git a/ric-platform/55-Ext-Services/helm/ext/templates/services.yaml b/ric-platform/55-Ext-Services/helm/ext/templates/services-aux.yaml similarity index 100% rename from ric-platform/55-Ext-Services/helm/ext/templates/services.yaml rename to ric-platform/55-Ext-Services/helm/ext/templates/services-aux.yaml diff --git a/ric-platform/55-Ext-Services/helm/ext/templates/services-docker.yaml b/ric-platform/55-Ext-Services/helm/ext/templates/services-docker.yaml new file mode 100644 index 00000000..019b1a2b --- /dev/null +++ b/ric-platform/55-Ext-Services/helm/ext/templates/services-docker.yaml @@ -0,0 +1,45 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +kind: "Service" +apiVersion: "v1" +metadata: + name: {{ include "common.ingressurl.localdocker" . }} + namespace: {{ include "common.namespace" . }} +spec: + ports: + - name: {{ include "common.ingressurl.localdocker" . }}-http-ingress-port + protocol: "TCP" + port: 80 + - name: {{ include "common.ingressurl.localdocker" . }}-https-ingress-port + protocol: "TCP" + port: 443 +--- +kind: "Endpoints" +apiVersion: "v1" +metadata: + # match with the selector-less service + name: {{ include "common.ingressurl.localdocker" . }} + namespace: {{ include "common.namespace" . }} +subsets: + - addresses: + - ip: "{{ .Values.ext.ip }}" + ports: + - port: {{ include "common.ingresshttpport.ricinfra" . }} + name: {{ include "common.ingressurl.localdocker" . }}-http-ingress-port + - port: {{ include "common.ingresshttpport.ricinfra" . }} + name: {{ include "common.ingressurl.localdocker" . }}-https-ingress-port diff --git a/ric-platform/55-Ext-Services/helm/ext/templates/services-helm.yaml b/ric-platform/55-Ext-Services/helm/ext/templates/services-helm.yaml new file mode 100644 index 00000000..8bb2338b --- /dev/null +++ b/ric-platform/55-Ext-Services/helm/ext/templates/services-helm.yaml @@ -0,0 +1,45 @@ +################################################################################ +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +kind: "Service" +apiVersion: "v1" +metadata: + name: {{ include "common.ingressurl.localhelm" . }} + namespace: {{ include "common.namespace" . }} +spec: + ports: + - name: {{ include "common.ingressurl.localhelm" . }}-http-ingress-port + protocol: "TCP" + port: 80 + - name: {{ include "common.ingressurl.localhelm" . }}-https-ingress-port + protocol: "TCP" + port: 443 +--- +kind: "Endpoints" +apiVersion: "v1" +metadata: + # match with the selector-less service + name: {{ include "common.ingressurl.localhelm" . }} + namespace: {{ include "common.namespace" . }} +subsets: + - addresses: + - ip: "{{ .Values.ext.ip }}" + ports: + - port: {{ include "common.ingresshttpport.ricinfra" . }} + name: {{ include "common.ingressurl.localhelm" . }}-http-ingress-port + - port: {{ include "common.ingresshttpport.ricinfra" . }} + name: {{ include "common.ingressurl.localhelm" . }}-https-ingress-port -- 2.16.6