Attempt 2 at chart restructure
Helm value override file now supports component-specific settings:
dcae-bootstrap:
enabled: true
dcae-cloudify-manager:
enabled: true
dcae-config-binding-service:
enabled: true
dcae-healthcheck:
enabled: true
dcae-redis:
enabled: true
dcae-servicechange-handler:
enabled: true
dcae-inventory-api:
enabled: true
dcae-deployment-handler:
enabled: true
dcae-policy-handler:
enabled: true
dcae-dashboard:
enabled: true
Issue-ID: OOM-1574
Signed-off-by: Ubuntu <dgl@research.att.com>
Change-Id: I85e0fe6ae19e176d954611549ec954a5fe662307
Signed-off-by: Ubuntu <dgl@research.att.com>
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/Chart.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/Chart.yaml
new file mode 100644
index 0000000..8d9a28a
--- /dev/null
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/Chart.yaml
@@ -0,0 +1,21 @@
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP DCAE Config Binding Service
+name: dcae-config-binding-service
+version: 6.0.0
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml
new file mode 100644
index 0000000..57ee781
--- /dev/null
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/resources/config/log/filebeat/filebeat.yml b/kubernetes/dcaegen2/components/dcae-config-binding-service/resources/config/log/filebeat/filebeat.yml
new file mode 100644
index 0000000..1a3f693
--- /dev/null
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/resources/config/log/filebeat/filebeat.yml
@@ -0,0 +1,72 @@
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+filebeat.prospectors:
+#it is mandatory, in our case it's log
+- input_type: log
+ #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
+ paths:
+ - /var/log/onap/*/*/*/*.log
+ - /var/log/onap/*/*/*.log
+ - /var/log/onap/*/*.log
+ #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
+ ignore_older: 48h
+ # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
+ clean_inactive: 96h
+
+
+# Name of the registry file. If a relative path is used, it is considered relative to the
+# data path. Else full qualified file name.
+#filebeat.registry_file: ${path.data}/registry
+
+
+output.logstash:
+ #List of logstash server ip addresses with port number.
+ #But, in our case, this will be the loadbalancer IP address.
+ #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
+ hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"]
+ #If enable will do load balancing among availabe Logstash, automatically.
+ loadbalance: true
+
+ #The list of root certificates for server verifications.
+ #If certificate_authorities is empty or not set, the trusted
+ #certificate authorities of the host system are used.
+ #ssl.certificate_authorities: $ssl.certificate_authorities
+
+ #The path to the certificate for SSL client authentication. If the certificate is not specified,
+ #client authentication is not available.
+ #ssl.certificate: $ssl.certificate
+
+ #The client certificate key used for client authentication.
+ #ssl.key: $ssl.key
+
+ #The passphrase used to decrypt an encrypted key stored in the configured key file
+ #ssl.key_passphrase: $ssl.key_passphrase
+
+logging:
+ level: debug
+
+ # enable file rotation with default configuration
+ to_files: true
+
+ # do not log to syslog
+ to_syslog: false
+
+ files:
+ path: /usr/share/filebeat/logs
+ name: mybeat.log
+ keepfiles: 7
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/configmap.yaml
new file mode 100644
index 0000000..a150cbd
--- /dev/null
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/configmap.yaml
@@ -0,0 +1,26 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2019 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Release.Name }}-cbs-filebeat-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml
new file mode 100644
index 0000000..c3e63fb
--- /dev/null
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml
@@ -0,0 +1,181 @@
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - consul-server
+ - "-t"
+ - "15"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ {{- if .Values.service.secure.enabled }}
+ - name: init-tls
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.podIP
+ image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources: {}
+ volumeMounts:
+ - mountPath: /opt/tls/shared
+ name: tls-info
+ {{ end }}
+ containers:
+ {{- if .Values.service.secure.enabled }}
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ ports:
+ - containerPort: {{ .Values.service.secure.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.secure.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ httpGet:
+ scheme: "HTTPS"
+ path: {{ .Values.readiness.path }}
+ port: {{ .Values.service.secure.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /opt/logs
+ - name: tls-info
+ mountPath: /opt/tls
+ env:
+ - name: CONSUL_HOST
+ value: consul.{{ include "common.namespace" . }}
+ - name: USE_HTTPS
+ value: "1"
+ - name: HTTPS_CERT_PATH
+ value: "/opt/tls/cert.pem"
+ - name: HTTPS_KEY_PATH
+ value: "/opt/tls/key.pem"
+ - name: {{ include "common.name" . }}-fb-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-fb-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-fb
+ mountPath: /usr/share/filebeat/data
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap/config-binding-service
+ {{ end }}
+ {{- if .Values.service.insecure.enabled }}
+ - name: {{ include "common.name" . }}-insecure
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ ports:
+ - containerPort: {{ .Values.service.insecure.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.insecure.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ httpGet:
+ scheme: "HTTP"
+ path: {{ .Values.readiness.path }}
+ port: {{ .Values.service.insecure.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-logs-i
+ mountPath: /opt/logs
+ env:
+ - name: CONSUL_HOST
+ value: consul.{{ include "common.namespace" . }}
+ - name: {{ include "common.name" . }}-fb-onap-i
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-fb-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-fb-i
+ mountPath: /usr/share/filebeat/data
+ - name: {{ include "common.fullname" . }}-logs-i
+ mountPath: /var/log/onap/config-binding-service
+ {{ end }}
+ volumes:
+ - name: {{ include "common.fullname" . }}-fb-conf
+ configMap:
+ name: {{ .Release.Name }}-cbs-filebeat-configmap
+ {{- if .Values.service.secure.enabled }}
+ - name: {{ include "common.fullname" . }}-data-fb
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: tls-info
+ emptyDir: {}
+ {{ end }}
+ {{- if .Values.service.insecure.enabled }}
+ - name: {{ include "common.fullname" . }}-data-fb-i
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs-i
+ emptyDir: {}
+ {{ end }}
+
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/service.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/service.yaml
new file mode 100644
index 0000000..8176e77
--- /dev/null
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/service.yaml
@@ -0,0 +1,56 @@
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{ if eq .Values.service.type "NodePort" -}}
+ {{ if .Values.service.insecure.enabled -}}
+ - port: {{ .Values.service.insecure.externalPort }}
+ nodePort: {{ .Values.global.nodePortPrefixExt| default .Values.nodePortPrefixExt }}{{ .Values.service.insecure.nodePort }}
+ name: {{ .Values.service.name }}-insecure
+ {{- end }}
+ {{ if .Values.service.secure.enabled -}}
+ - port: {{ .Values.service.secure.externalPort }}
+ nodePort: {{ .Values.global.nodePortPrefixExt| default .Values.nodePortPrefixExt }}{{ .Values.service.secure.nodePort }}
+ name: {{ .Values.service.name }}-secure
+ {{- end }}
+ {{- else -}}
+ {{ if .Values.service.insecure.enabled -}}
+ - port: {{ .Values.service.insecure.externalPort }}
+ targetPort: {{ .Values.service.insecure.internalPort }}
+ name: {{ .Values.service.name }}-insecure
+ {{- end }}
+ {{ if .Values.service.secure.enabled -}}
+ - port: {{ .Values.service.secure.externalPort }}
+ targetPort: {{ .Values.service.secure.internalPort }}
+ name: {{ .Values.service.name }}-secure
+ {{- end }}
+ {{- end }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
new file mode 100644
index 0000000..8cff544
--- /dev/null
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
@@ -0,0 +1,102 @@
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ tlsRepository: nexus3.onap.org:10001
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ repositoryCred:
+ user: docker
+ password: docker
+
+config:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+ # Addresses of other ONAP entities
+ address:
+ consul:
+ host: consul-server
+ port: 8500
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/org.onap.dcaegen2.platform.configbinding:2.5.2
+pullPolicy: Always
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ # liveness not desirable for Cloudify Manager container
+ enabled: false
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ path: /healthcheck
+
+service:
+ type: NodePort
+ name: config-binding-service
+ # TLS service
+ secure:
+ enabled: true
+ externalPort: 10443
+ internalPort: 10443
+ nodePort: 14
+ # Non-TLS service
+ insecure:
+ enabled: true
+ externalPort: 10000
+ internalPort: 10000
+ nodePort: 15
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
+# Kubernetes namespace for components deployed via Cloudify manager
+# If empty, use the common namespace
+# dcae_ns: "dcae"