[MSB] Make MSB ServiceMesh compatible
Use the Service templates and update the deployment definitions
Issue-ID: OOM-3016
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I9ed22f03ea803aef0dce52c825011a2246e859db
diff --git a/kubernetes/msb/components/msb-eag/templates/deployment.yaml b/kubernetes/msb/components/msb-eag/templates/deployment.yaml
index db24152..c6cf2d1 100644
--- a/kubernetes/msb/components/msb-eag/templates/deployment.yaml
+++ b/kubernetes/msb/components/msb-eag/templates/deployment.yaml
@@ -16,26 +16,12 @@
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
{{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
@@ -57,23 +43,19 @@
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- - containerPort: {{ .Values.service.internalPortHttps }}
- name: {{ .Values.service.name }}-https
+ ports: {{- include "common.containerPorts" . | indent 10 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
@@ -90,9 +72,11 @@
readOnly: true
- mountPath: /usr/local/apiroute-works/logs
name: {{ include "common.fullname" . }}-logs
+ {{- if (include "common.needTLS" .) }}
- mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf
name: {{ include "common.fullname" . }}-nginx-conf
subPath: msbhttps.conf
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -111,9 +95,11 @@
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
+ {{- if (include "common.needTLS" .) }}
- name: {{ include "common.fullname" . }}-nginx-conf
configMap:
name: {{ include "common.fullname" . }}-nginx
+ {{- end }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
diff --git a/kubernetes/msb/components/msb-eag/templates/service.yaml b/kubernetes/msb/components/msb-eag/templates/service.yaml
index e8e3a8a..eeeafc1 100644
--- a/kubernetes/msb/components/msb-eag/templates/service.yaml
+++ b/kubernetes/msb/components/msb-eag/templates/service.yaml
@@ -13,32 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPortHttps }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePortHttps }}
- name: https-{{ .Values.service.name }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: http-{{ .Values.service.name }}
- - port: {{ .Values.service.externalPortHttps }}
- targetPort: {{ .Values.service.internalPortHttps }}
- name: https-{{ .Values.service.name }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
diff --git a/kubernetes/msb/components/msb-eag/values.yaml b/kubernetes/msb/components/msb-eag/values.yaml
index dcd4aed..45f93ed 100644
--- a/kubernetes/msb/components/msb-eag/values.yaml
+++ b/kubernetes/msb/components/msb-eag/values.yaml
@@ -82,11 +82,17 @@
service:
type: NodePort
name: msb-eag
- externalPort: 80
- internalPort: 80
- externalPortHttps: 443
- internalPortHttps: 443
- nodePortHttps: 84
+ both_tls_and_plain: true
+ # for liveness and readiness probe only
+ # internalPort:
+ internalPort: 443
+ internalPlainPort: 80
+ ports:
+ - name: msb-eag
+ port: 443
+ plain_port: 80
+ port_protocol: http
+ nodePort: '84'
ingress:
enabled: false
diff --git a/kubernetes/msb/components/msb-iag/templates/deployment.yaml b/kubernetes/msb/components/msb-iag/templates/deployment.yaml
index db24152..c6cf2d1 100644
--- a/kubernetes/msb/components/msb-iag/templates/deployment.yaml
+++ b/kubernetes/msb/components/msb-iag/templates/deployment.yaml
@@ -16,26 +16,12 @@
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
{{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
@@ -57,23 +43,19 @@
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- - containerPort: {{ .Values.service.internalPortHttps }}
- name: {{ .Values.service.name }}-https
+ ports: {{- include "common.containerPorts" . | indent 10 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
@@ -90,9 +72,11 @@
readOnly: true
- mountPath: /usr/local/apiroute-works/logs
name: {{ include "common.fullname" . }}-logs
+ {{- if (include "common.needTLS" .) }}
- mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf
name: {{ include "common.fullname" . }}-nginx-conf
subPath: msbhttps.conf
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -111,9 +95,11 @@
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
+ {{- if (include "common.needTLS" .) }}
- name: {{ include "common.fullname" . }}-nginx-conf
configMap:
name: {{ include "common.fullname" . }}-nginx
+ {{- end }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
diff --git a/kubernetes/msb/components/msb-iag/templates/service.yaml b/kubernetes/msb/components/msb-iag/templates/service.yaml
index e8e3a8a..eeeafc1 100644
--- a/kubernetes/msb/components/msb-iag/templates/service.yaml
+++ b/kubernetes/msb/components/msb-iag/templates/service.yaml
@@ -13,32 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPortHttps }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePortHttps }}
- name: https-{{ .Values.service.name }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: http-{{ .Values.service.name }}
- - port: {{ .Values.service.externalPortHttps }}
- targetPort: {{ .Values.service.internalPortHttps }}
- name: https-{{ .Values.service.name }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
diff --git a/kubernetes/msb/components/msb-iag/values.yaml b/kubernetes/msb/components/msb-iag/values.yaml
index bbf4d83..602177b 100644
--- a/kubernetes/msb/components/msb-iag/values.yaml
+++ b/kubernetes/msb/components/msb-iag/values.yaml
@@ -82,12 +82,17 @@
service:
type: NodePort
name: msb-iag
- externalPort: 80
- internalPort: 80
- nodePort: 80
- externalPortHttps: 443
- internalPortHttps: 443
- nodePortHttps: 83
+ both_tls_and_plain: true
+ # for liveness and readiness probe only
+ # internalPort:
+ internalPort: 443
+ internalPlainPort: 80
+ ports:
+ - name: msb-iag
+ port: 443
+ plain_port: 80
+ port_protocol: http
+ nodePort: '83'
ingress:
enabled: false