Adding Quorum client sub chart for sms
SMS uses vault for its backend which needs
an unseal operation to proceed.
Quorumclient provides the unseal operation
via 3 replicas that store each unseal shard
and provide it during unseal.
Issue-ID: AAF-255
Change-Id: I62db7a450e1e81aa6bfb2cc5b9da29ce99efd24b
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
diff --git a/kubernetes/aaf/charts/sms/Chart.yaml b/kubernetes/aaf/charts/aaf-sms/Chart.yaml
similarity index 97%
rename from kubernetes/aaf/charts/sms/Chart.yaml
rename to kubernetes/aaf/charts/aaf-sms/Chart.yaml
index 962ef38..7141875 100644
--- a/kubernetes/aaf/charts/sms/Chart.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/Chart.yaml
@@ -14,5 +14,5 @@
apiVersion: v1
description: ONAP Secret Management Service
-name: sms
+name: aaf-sms
version: 2.0.0
diff --git a/kubernetes/aaf/charts/sms/charts/vault/Chart.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml
similarity index 87%
copy from kubernetes/aaf/charts/sms/charts/vault/Chart.yaml
copy to kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml
index bf1af99..4e279e7 100644
--- a/kubernetes/aaf/charts/sms/charts/vault/Chart.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml
@@ -13,7 +13,6 @@
# limitations under the License.
apiVersion: v1
-description: Chart to launch Vault as SMS backend
-name: vault
-appVersion: 0.9.5
+description: ONAP Secret Management Service Quorum Client
+name: aaf-sms-quorumclient
version: 2.0.0
diff --git a/kubernetes/aaf/charts/sms/charts/vault/Chart.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml
similarity index 62%
copy from kubernetes/aaf/charts/sms/charts/vault/Chart.yaml
copy to kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml
index bf1af99..cacc368 100644
--- a/kubernetes/aaf/charts/sms/charts/vault/Chart.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml
@@ -13,7 +13,15 @@
# limitations under the License.
apiVersion: v1
-description: Chart to launch Vault as SMS backend
-name: vault
-appVersion: 0.9.5
-version: 2.0.0
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+ config.json: |
+ {{ .Values.config | toJson }}
diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml
new file mode 100644
index 0000000..da09498
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml
@@ -0,0 +1,37 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size}}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+{{- end -}}
diff --git a/kubernetes/aaf/charts/sms/charts/vault/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/pvc.yaml
similarity index 100%
copy from kubernetes/aaf/charts/sms/charts/vault/templates/pvc.yaml
copy to kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/pvc.yaml
diff --git a/kubernetes/aaf/charts/sms/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml
similarity index 68%
copy from kubernetes/aaf/charts/sms/templates/deployment.yaml
copy to kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml
index e5381a0..483d6c5 100644
--- a/kubernetes/aaf/charts/sms/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml
@@ -12,8 +12,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
+apiVersion: apps/v1beta1
+kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
@@ -24,6 +24,7 @@
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ serviceName:
template:
metadata:
labels:
@@ -31,32 +32,20 @@
release: {{ .Release.Name }}
spec:
containers:
- - image: "{{ .Values.repository }}/{{ .Values.image }}"
+ - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
name: {{ include "common.name" . }}
imagePullPolicy: {{ .Values.pullPolicy }}
- command: ["/sms/bin/sms"]
- workingDir: /sms/
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
+ command: ["/quorumclient/bin/quorumclient"]
+ workingDir: /quorumclient/
volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /sms/smsconfig.json
+ - mountPath: /quorumclient/config.json
name: {{ include "common.name" .}}
- subPath: smsconfig.json
+ subPath: config.json
+ - mountPath: /quorumclient/auth
+ name: {{ include "common.fullname" . }}-auth
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -74,5 +63,8 @@
- name : {{ include "common.name" . }}
configMap:
name: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-auth
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aaf/charts/sms/values.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml
similarity index 77%
copy from kubernetes/aaf/charts/sms/values.yaml
copy to kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml
index 05d4e79..d09d492 100644
--- a/kubernetes/aaf/charts/sms/values.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml
@@ -19,16 +19,17 @@
nodePortPrefix: 302
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: readiness-check:1.1.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ persistence: {}
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/sms
+image: onap/aaf/smsquorumclient
pullPolicy: Always
# flag to enable debugging - application support required
@@ -37,41 +38,27 @@
# application configuration
# Example:
config:
- smsdbaddress: "http://aaf-sms-db:8200"
- cafile: "/sms/auth/selfsignedca.pem"
- servercert: "/sms/auth/server.cert"
- serverkey: "/sms/auth/server.key"
+ url: "http://aaf-sms:10443"
+ cafile: "selfsignedca.pem"
+ clientcert: "server.cert"
+ clientkey: "server.key"
+ timeout: "60s"
disable_tls: true
-# subchart configuration
-vault:
- nameOverride: smsdb
-
# default number of instances
-replicaCount: 1
+replicaCount: 3
nodeSelector: {}
affinity: {}
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 20
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
+persistence:
enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 20
-
-service:
- type: NodePort
- name: aaf-sms
- portName: aaf-sms
- internalPort: 10443
- nodePort: 43
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 10Mi
+ mountPath: /dockerdata-nfs
+ mountSubPath: sms/quorum/data
ingress:
enabled: false
diff --git a/kubernetes/aaf/charts/sms/charts/vault/Chart.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/Chart.yaml
similarity index 96%
rename from kubernetes/aaf/charts/sms/charts/vault/Chart.yaml
rename to kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/Chart.yaml
index bf1af99..3f0b93e 100644
--- a/kubernetes/aaf/charts/sms/charts/vault/Chart.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/Chart.yaml
@@ -14,6 +14,6 @@
apiVersion: v1
description: Chart to launch Vault as SMS backend
-name: vault
+name: aaf-sms-vault
appVersion: 0.9.5
version: 2.0.0
diff --git a/kubernetes/aaf/charts/sms/charts/vault/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml
similarity index 100%
rename from kubernetes/aaf/charts/sms/charts/vault/templates/configmap.yaml
rename to kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml
diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml
new file mode 100644
index 0000000..da09498
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml
@@ -0,0 +1,37 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size}}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+{{- end -}}
diff --git a/kubernetes/aaf/charts/sms/charts/vault/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/pvc.yaml
similarity index 100%
copy from kubernetes/aaf/charts/sms/charts/vault/templates/pvc.yaml
copy to kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/pvc.yaml
diff --git a/kubernetes/aaf/charts/sms/templates/service.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/service.yaml
similarity index 100%
rename from kubernetes/aaf/charts/sms/templates/service.yaml
rename to kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/service.yaml
diff --git a/kubernetes/aaf/charts/sms/charts/vault/templates/statefulset.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml
similarity index 100%
rename from kubernetes/aaf/charts/sms/charts/vault/templates/statefulset.yaml
rename to kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml
diff --git a/kubernetes/aaf/charts/sms/charts/vault/values.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml
similarity index 97%
rename from kubernetes/aaf/charts/sms/charts/vault/values.yaml
rename to kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml
index 2bce181..07b8c33 100644
--- a/kubernetes/aaf/charts/sms/charts/vault/values.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml
@@ -24,7 +24,7 @@
repository: docker.io
image:
consul: consul:1.0.6
- vault: vault:0.9.6
+ vault: vault:0.10.0
pullPolicy: Always
# flag to enable debugging - application support required
@@ -75,10 +75,8 @@
persistence:
enabled: true
-
volumeReclaimPolicy: Retain
-
- accessMode: ReadWriteMany
+ accessMode: ReadWriteOnce
size: 2Gi
mountPath: /dockerdata-nfs
mountSubPath: sms/consul/data
diff --git a/kubernetes/aaf/charts/sms/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sms/templates/configmap.yaml
similarity index 100%
rename from kubernetes/aaf/charts/sms/templates/configmap.yaml
rename to kubernetes/aaf/charts/aaf-sms/templates/configmap.yaml
diff --git a/kubernetes/aaf/charts/sms/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml
similarity index 89%
rename from kubernetes/aaf/charts/sms/templates/deployment.yaml
rename to kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml
index e5381a0..4235ad0 100644
--- a/kubernetes/aaf/charts/sms/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml
@@ -31,7 +31,7 @@
release: {{ .Release.Name }}
spec:
containers:
- - image: "{{ .Values.repository }}/{{ .Values.image }}"
+ - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
name: {{ include "common.name" . }}
imagePullPolicy: {{ .Values.pullPolicy }}
command: ["/sms/bin/sms"]
@@ -57,6 +57,8 @@
- mountPath: /sms/smsconfig.json
name: {{ include "common.name" .}}
subPath: smsconfig.json
+ - mountPath: /sms/auth
+ name: {{ include "common.fullname" . }}-auth
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -74,5 +76,8 @@
- name : {{ include "common.name" . }}
configMap:
name: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-auth
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aaf/charts/sms/charts/vault/templates/pv.yaml b/kubernetes/aaf/charts/aaf-sms/templates/pv.yaml
similarity index 100%
rename from kubernetes/aaf/charts/sms/charts/vault/templates/pv.yaml
rename to kubernetes/aaf/charts/aaf-sms/templates/pv.yaml
diff --git a/kubernetes/aaf/charts/sms/charts/vault/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-sms/templates/pvc.yaml
similarity index 100%
rename from kubernetes/aaf/charts/sms/charts/vault/templates/pvc.yaml
rename to kubernetes/aaf/charts/aaf-sms/templates/pvc.yaml
diff --git a/kubernetes/aaf/charts/sms/charts/vault/templates/service.yaml b/kubernetes/aaf/charts/aaf-sms/templates/service.yaml
similarity index 100%
rename from kubernetes/aaf/charts/sms/charts/vault/templates/service.yaml
rename to kubernetes/aaf/charts/aaf-sms/templates/service.yaml
diff --git a/kubernetes/aaf/charts/sms/values.yaml b/kubernetes/aaf/charts/aaf-sms/values.yaml
similarity index 94%
rename from kubernetes/aaf/charts/sms/values.yaml
rename to kubernetes/aaf/charts/aaf-sms/values.yaml
index 05d4e79..cd32539 100644
--- a/kubernetes/aaf/charts/sms/values.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/values.yaml
@@ -22,6 +22,7 @@
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ persistence: {}
#################################################################
# Application configuration defaults.
@@ -73,6 +74,14 @@
internalPort: 10443
nodePort: 43
+persistence:
+ enabled: true
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 1Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: sms/auth
+
ingress:
enabled: false