[CPS] Rolling update and prometheus changes
1. Rolling update for cps-core
2. Prometheus configuration
3. Image version update to I release
4. Only configurable parameters kept in application.yml
Issue-ID: CPS-536, CPS-365, CPS-664
Signed-off-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca>
Change-Id: I33f47750bd3899f9a420256a1d9cef4cb63dff9e
diff --git a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
index f181b82..0bc7d5b 100644
--- a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
+++ b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
@@ -16,25 +16,7 @@
# limitations under the License.
*/}}
-server:
- port: 8080
-
-rest:
- api:
- cps-base-path: /cps/api
- xnf-base-path: /cps-nf-proxy/api
-
spring:
- main:
- banner-mode: "off"
- jpa:
- ddl-auto: create
- open-in-view: false
- properties:
- hibernate:
- enable_lazy_load_no_trans: true
- dialect: org.hibernate.dialect.PostgreSQLDialect
-
datasource:
url: jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }}
username: ${DB_USERNAME}
@@ -42,46 +24,32 @@
driverClassName: org.postgresql.Driver
initialization-mode: always
- cache:
- type: caffeine
- cache-names: yangSchema
- caffeine:
- spec: maximumSize=10000,expireAfterAccess=10m
-
liquibase:
change-log: classpath:changelog/changelog-master.yaml
labels: {{ .Values.config.liquibaseLabels }}
security:
- # comma-separated uri patterns which do not require authorization
- permit-uri: /manage/health/**,/manage/info,/swagger-ui/**,/swagger-resources/**,/v3/api-docs
- auth:
- username: ${CPS_USERNAME}
- password: ${CPS_PASSWORD}
-
-# Actuator
-management:
- endpoints:
- web:
- base-path: /manage
- exposure:
- include: info,health,loggers
- endpoint:
- health:
- show-details: always
- # kubernetes probes: liveness and readiness
- probes:
- enabled: true
- loggers:
- enabled: true
-
+ # comma-separated uri patterns which do not require authorization
+ permit-uri: /manage/**,/swagger-ui/**,/swagger-resources/**,/api-docs
+ auth:
+ username: ${CPS_USERNAME}
+ password: ${CPS_PASSWORD}
logging:
level:
org:
springframework: {{ .Values.logging.level }}
+dmi:
+ auth:
+ username: ${DMI_USERNAME}
+ password: ${DMI_PASSWORD}
+
+{{- if .Values.config.eventPublisher }}
+{{ toYaml .Values.config.eventPublisher | nindent 2 }}
+{{- end }}
+
{{- if .Values.config.additional }}
{{ toYaml .Values.config.additional | nindent 2 }}
{{- end }}
-
# Last empty line is required otherwise the last property will be missing from application.yml file in the pod.
+
diff --git a/kubernetes/cps/components/cps-core/templates/deployment.yaml b/kubernetes/cps/components/cps-core/templates/deployment.yaml
index 2047a39..e6ee161 100644
--- a/kubernetes/cps/components/cps-core/templates/deployment.yaml
+++ b/kubernetes/cps/components/cps-core/templates/deployment.yaml
@@ -21,6 +21,12 @@
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
selector: {{- include "common.selectors" . | nindent 4 }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
@@ -47,6 +53,11 @@
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
- name: CPS_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
+ - name: DMI_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "login") | indent 12 }}
+ - name: DMI_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "password") | indent 12 }}
+
volumeMounts:
- mountPath: /config-input
name: init-data-input
diff --git a/kubernetes/cps/components/cps-core/templates/serviceMonitor.yaml b/kubernetes/cps/components/cps-core/templates/serviceMonitor.yaml
new file mode 100644
index 0000000..a49a662
--- /dev/null
+++ b/kubernetes/cps/components/cps-core/templates/serviceMonitor.yaml
@@ -0,0 +1,23 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if .Values.prometheus.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
\ No newline at end of file
diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml
index ae8bccd..4f788e7 100644
--- a/kubernetes/cps/components/cps-core/values.yaml
+++ b/kubernetes/cps/components/cps-core/values.yaml
@@ -17,15 +17,15 @@
#################################################################
secrets:
- uid: pg-root-pass
- name: &pgRootPassSecretName '{{ include "common.release" . }}-cps-pg-root-pass'
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-cps-core-pg-root-pass'
type: password
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "cps-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "cps-core-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
password: '{{ .Values.postgres.config.pgRootpassword }}'
policy: generate
- uid: pg-user-creds
- name: &pgUserCredsSecretName '{{ include "common.release" . }}-cps-pg-user-creds'
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-cps-core-pg-user-creds'
type: basicAuth
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "cps-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "cps-core-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
login: '{{ .Values.postgres.config.pgUserName }}'
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
@@ -35,6 +35,12 @@
login: '{{ .Values.config.appUserName }}'
password: '{{ .Values.config.appUserPassword }}'
passwordPolicy: generate
+ - uid: dmi-plugin-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.dmiPluginUserExternalSecret) . }}'
+ login: '{{ .Values.config.dmiPluginUserName }}'
+ password: '{{ .Values.config.dmiPluginUserPassword }}'
+ passwordPolicy: generate
#################################################################
# Global configuration defaults.
@@ -47,8 +53,9 @@
virtualhost:
baseurl: "simpledemo.onap.org"
-image: onap/cps-and-nf-proxy:1.0.1
+image: onap/cps-and-ncmp:2.0.0
containerPort: &svc_port 8080
+managementPort: &mgt_port 8081
service:
type: ClusterIP
@@ -56,6 +63,24 @@
ports:
- name: &port http
port: *svc_port
+ - name: management
+ port: *mgt_port
+ targetPort: *mgt_port
+
+prometheus:
+ enabled: true
+
+metrics:
+ serviceMonitor:
+ enabled: true
+ port: management
+ ## specify target port if name is not given to the port in the service definition
+ ##
+ # targetPort: 8080
+ path: /manage/prometheus
+ interval: 60s
+ basicAuth:
+ enabled: false
pullPolicy: Always
# flag to enable debugging - application support required
@@ -91,13 +116,13 @@
# in debugger so K8s doesn't restart unresponsive container
enabled: true
path: /manage/health
- port: *port
+ port: *mgt_port
readiness:
initialDelaySeconds: 15
periodSeconds: 15
path: /manage/health
- port: *port
+ port: *mgt_port
ingress:
enabled: true
@@ -130,13 +155,31 @@
spring:
profile: helm
#appUserPassword:
-
+ dmiPluginUserName: dmiuser
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format insead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
+ eventPublisher:
+ spring.kafka.bootstrap-servers: message-router-kafka:9092
+ spring.kafka.security.protocol: SASL_PLAINTEXT
+ spring.kafka.properties.sasl.mechanism: PLAIN
+ spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username=admin password=admin_secret;
+ spring.kafka.producer.client-id: cps-core
+
+ additional:
+ notification.data-updated.enabled: true
+ notification.data-updated.topic: cps.data-updated-events
+ notification.data-updated.filters.enabled-dataspaces: ""
+ notification.async.enabled: false
+ notification.async.executor.core-pool-size: 2
+ notification.async.executor.max-pool-size: 1
+ notification.async.executor.queue-capacity: 500
+ notification.async.executor.wait-for-tasks-to-complete-on-shutdown: true
+ notification.async.executor.thread-name-prefix: Async-
+
logging:
level: INFO
path: /tmp
@@ -145,18 +188,18 @@
# Postgres overriding defaults in the postgres
#################################################################
postgres:
- nameOverride: &postgresName cps-postgres
+ nameOverride: &postgresName cps-core-postgres
service:
name: *postgresName
- name2: cps-pg-primary
- name3: cps-pg-replica
+ name2: cps-core-pg-primary
+ name3: cps-core-pg-replica
container:
name:
- primary: cps-pg-primary
- replica: cps-pg-replica
+ primary: cps-core-pg-primary
+ replica: cps-core-pg-replica
persistence:
- mountSubPath: cps/data
- mountInitPath: cps
+ mountSubPath: cps-core/data
+ mountInitPath: cps-core
config:
pgUserName: cps
pgDatabase: cpsdb
@@ -165,4 +208,10 @@
readinessCheck:
wait_for:
- - cps-postgres
+ - *postgresName
+
+minReadySeconds: 10
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml
index 390a545..d4319a1 100644
--- a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml
@@ -154,4 +154,4 @@
readinessCheck:
wait_for:
- - cps-postgres
+ - cps-core
diff --git a/kubernetes/cps/values.yaml b/kubernetes/cps/values.yaml
index cda726d..28f904a 100755
--- a/kubernetes/cps/values.yaml
+++ b/kubernetes/cps/values.yaml
@@ -23,6 +23,13 @@
login: '{{ .Values.config.coreUserName }}'
password: '{{ .Values.config.coreUserPassword }}'
passwordPolicy: generate
+ - uid: dmi-plugin-user-creds
+ name: &dmi-plugin-creds-secret '{{ include "common.release" . }}-cps-dmi-plugin-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.dmiPluginUserExternalSecret) . }}'
+ login: '{{ .Values.config.dmiPluginUserName }}'
+ password: '{{ .Values.config.dmiPluginUserPassword }}'
+ passwordPolicy: generate
passwordStrengthOverride: basic
global:
@@ -32,12 +39,14 @@
config:
coreUserName: cpsuser
+ dmiPluginUserName: dmiuser
# Enable all CPS components by default
cps-core:
enabled: true
config:
appUserExternalSecret: *core-creds-secret
+ dmiPluginUserExternalSecret: *dmi-plugin-creds-secret
cps-temporal:
enabled: true
@@ -46,3 +55,4 @@
enabled: true
config:
coreCredsExternalSecret: *core-creds-secret
+ appUserExternalSecret: *dmi-plugin-creds-secret