zeaslity/CmiiDeploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add

Browse Source
This commit is contained in:
zeaslity
2024-10-30 16:30:51 +08:00
commit 437acbeb63
3363 changed files with 653948 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
1-outside-deploy/1-base-env-shell/0.0-dependencies.sh Normal file
View File

@@ -0,0 +1,24 @@
#!/usr/bin/env bash
# 需要在所有的节点执行
hostnamectl set-hostname storage-1
# sed -i "/search/ a nameserver 223.5.5.5" /etc/resolv.conf
echo "AllowTcpForwarding yes" >> /etc/ssh/sshd_config
systemctl restart sshd
cat >> /etc/hosts << EOF
192.168.8.65 master-node
192.168.8.66 worker-1
192.168.8.67 worker-2
192.168.8.68 storage-1
EOF
bash <(curl -L -s https://cdn.jsdelivr.net/gh/teddysun/across/bbr.sh)

80
1-outside-deploy/1-base-env-shell/0.1-mountNodeVolume.sh Normal file
View File

@@ -0,0 +1,80 @@
#! /bin/bash
## 关闭虚拟缓存
#swapoff -a
#cp -f /etc/fstab /etc/fstab_bak
#cat /etc/fstab_bak | grep -v swap >/etc/fstab
# echo "-----------------------------------------------------------------------"
# RootVolumeSizeBefore=$(df -TH | grep -w "/dev/mapper/centos-root" | awk '{print $3}')
# echo "扩容之前的root目录的容量为${RootVolumeSizeBefore}"
# echo "y
# " | lvremove /dev/mapper/centos-swap
# freepesize=$(vgdisplay centos | grep 'Free PE' | awk '{print $5}')
# lvextend -l+${freepesize} /dev/mapper/centos-root
# ## #自动扩展XFS文件系统到最大的可用大小
# xfs_growfs /dev/mapper/centos-root
# df -TH | grep -w "/dev/mapper/centos-root" | awk '{print $3}'
# echo "-----------------------------------------------------------------------"
# RootVolumeSizeAfter=$(df -TH | grep -w "/dev/mapper/centos-root" | awk '{print $3}')
# echo "扩容之后的root目录的容量为${RootVolumeSizeAfter}"
# RootVolumeSizeBeforeNum=$(echo $RootVolumeSizeBefore | cut -d "G" -f1)
# RootVolumeSizeAfterNum=$(echo $RootVolumeSizeAfter | cut -d "G" -f1)
# echo "恭喜您的root目录容量增加了+++++++$(( ${RootVolumeSizeAfterNum}-${RootVolumeSizeBeforeNum} ))GB+++++"
echo ""
echo ""
echo ""
echo "-----------------------------------------------------------------------"
VG_NAME=datavg
echo "n
p
t
8e
w
" | fdisk /dev/vdb
partprobe
# 如果已经存在卷组,直接进行添加
# vgextend /dev/mapper/centos /dev/vda3
vgcreate ${VG_NAME} /dev/vdb1
selfpesize=$(vgdisplay ${VG_NAME} | grep 'Total PE' | awk '{print $3}')
# 大小根据实际情况调整
lvcreate -l ${selfpesize} -n lvdata ${VG_NAME}
mkfs.xfs /dev/mapper/${VG_NAME}-lvdata
mkdir -p /data
selffstab="/dev/mapper/${VG_NAME}-lvdata /data xfs defaults 0 0"
echo "${selffstab}" >> /etc/fstab
mount -a
echo ""
echo ""
echo ""
df -TH
echo "-----------------------------------------------------------------------"
# 扩容根目录,${VG_NAME}-root 通过df -Th获取需要扩容的文件系统
# lvextend -l +100%FREE /dev/mapper/${VG_NAME}-root
# xfs_growfs /dev/mapper/${VG_NAME}-roo
#
#
VG_NAME=sata-data
# vgcreate ${VG_NAME} /dev/vdb1
selfpesize=$(vgdisplay ${VG_NAME} | grep 'Total PE' | awk '{print $3}')
## 大小根据实际情况调整
lvcreate -l ${selfpesize} -n lvdata ${VG_NAME}

2002
1-outside-deploy/1-base-env-shell/1-nodeImportant.sh Normal file
View File

File diff suppressed because it is too large Load Diff

143
1-outside-deploy/1-base-env-shell/2-imageDownSync.sh Normal file
View File

@@ -0,0 +1,143 @@
#!/usr/bin/env bash
### 需要修改以下的内容 ###
#### 需要修改以下的内容 ###
#### 需要修改以下的内容 ###
cmlc_app_image_list="cmlc-app-images.txt" # 需要修改版本
rancher_image_list="kubernetes-images-2.5.7.txt" # 一般不需要修改
middleware_image_list="middleware-images.txt" # 一般不需要修改
DockerRegisterDomain="192.168.8.65:8033" # 需要根据实际修改
HarborAdminPass=V2ryStr@ngPss # 需要跟第一脚本中的密码保持一致
#### 需要修改以上的内容 ###
#### 需要修改以上的内容 ###
#### 需要修改以上的内容 ###
downloadAllNeededImages() {
while [[ $# > 0 ]]; do
pulled=""
while IFS= read -r i; do
[ -z "${i}" ] && continue
echo "开始下载:${i}"
if docker pull "${i}" >/dev/null 2>&1; then
echo "Image pull success: ${i}"
pulled="${pulled} ${i}"
else
if docker inspect "${i}" >/dev/null 2>&1; then
pulled="${pulled} ${i}"
else
echo "Image pull failed: ${i}"
fi
fi
echo "-------------------------------------------------"
done <"${1}"
shift
done
}
downloadAllNeededImagesAndCompress() {
while [[ $# > 0 ]]; do
pulled=""
while IFS= read -r i; do
[ -z "${i}" ] && continue
echo "开始下载:${i}"
if docker pull "${i}" >/dev/null 2>&1; then
echo "Image pull success: ${i}"
pulled="${pulled} ${i}"
else
if docker inspect "${i}" >/dev/null 2>&1; then
pulled="${pulled} ${i}"
else
echo "Image pull failed: ${i}"
fi
fi
echo "-------------------------------------------------"
done <"${1}"
compressPacName="$(echo ${1} | cut -d"." -f1).tar.gz"
echo "Creating ${compressPacName} with $(echo ${pulled} | wc -w | tr -d '[:space:]') images"
docker save $(echo ${pulled}) | gzip --stdout > ${compressPacName}
shift
done
}
pushRKEImageToHarbor(){
linux_images=()
while IFS= read -r i; do
[ -z "${i}" ] && continue
linux_images+=("${i}");
done < "${rancher_image_list}"
docker login -u admin -p ${HarborAdminPass} ${DockerRegisterDomain}
for i in "${linux_images[@]}"; do
[ -z "${i}" ] && continue
case $i in
*/*)
image_name="${DockerRegisterDomain}/${i}"
;;
*)
image_name="${DockerRegisterDomain}/rancher/${i}"
;;
esac
echo "开始镜像至私有仓库推送:${image_name}"
docker tag "${i}" "${image_name}"
docker push "${image_name}"
echo "-------------------------------------------------"
done
}
pushCMLCAPPImageToHarbor(){
app_images=()
while IFS= read -r i; do
[ -z "${i}" ] && continue
app_images+=("${i}");
done < "${cmlc_app_image_list}"
docker login -u admin -p ${HarborAdminPass} ${DockerRegisterDomain}
for app in "${app_images[@]}"; do
[ -z "${app}" ] && continue
image_name="${DockerRegisterDomain}/$(echo ${app} | cut -d"/" -f2-8)"
echo "开始镜像至私有仓库推送:${image_name}"
docker tag "${app}" "${image_name}"
docker push "${image_name}"
echo "-------------------------------------------------"
done
}
pushMiddlewareImageToHarbor(){
middleware_image=()
while IFS= read -r i; do
[ -z "${i}" ] && continue
middleware_image+=("${i}");
done < "${middleware_image_list}"
docker login -u admin -p ${HarborAdminPass} ${DockerRegisterDomain}
for app in "${middleware_image[@]}"; do
[ -z "${app}" ] && continue
case ${app} in
*/*/*)
image_name="${DockerRegisterDomain}/cmii/$(echo "${app}" | cut -d"/" -f3-8)"
;;
*/*)
image_name="${DockerRegisterDomain}/cmii/$(echo "${app}" | cut -d"/" -f2-8)"
;;
esac
echo "开始镜像至私有仓库推送:${image_name}"
docker tag "${app}" "${image_name}"
docker push "${image_name}"
echo "-------------------------------------------------"
done
}
#downloadAllNeededImagesAndCompress "kubernetes-images-2.5.7.txt" "middleware-images.txt"
#downloadAllNeededImages "kubernetes-images-2.5.7.txt" "middleware-images.txt"
pushRKEImageToHarbor
pushMiddlewareImageToHarbor

235
1-outside-deploy/1-base-env-shell/3-bootUPk8s.sh Normal file
View File

@@ -0,0 +1,235 @@
#!/usr/bin/env bash
### 需要修改以下的内容 ###
### 需要修改以下的内容 ###
### 需要修改以下的内容 ###
# 理论上来说,能访问公网的服务器 用来部署Harbor服务器
# 所有的主机均可以访问公网的话,填写 除了harbor服务器的 其他所有主机的地址
PrivateServerIPs=(192.168.8.66 192.168.8.67 192.168.8.68) # 内网服务器的IP地址不包括可以访问公网IP的服务器
### 需要修改以上的内容 ###
### 需要修改以上的内容 ###
### 需要修改以上的内容 ###
RED="31m" ## 姨妈红
GREEN="32m" ## 水鸭青
YELLOW="33m" ## 鸭屎黄
PURPLE="35m" ## 基佬紫
BLUE="36m" ## 天依蓝
colorEcho() {
# shellcheck disable=SC2145
echo -e "\033[${1}${@:2}\033[0m" 1>&2
}
check_root() {
if [[ $EUID != 0 ]]; then
colorEcho ${RED} "当前非root账号(或没有root权限)无法继续操作请更换root账号!"
colorEcho ${YELLOW} "使用sudo -命令获取临时root权限执行后可能会提示输入root密码"
exit 1
fi
}
startFunc(){
colorEcho ${PURPLE} "---------------------------------------------------------------------------------"
colorEcho ${BLUE} "开始执行 启动RKE集群的操作 ………"
echo ""
colorEcho ${BLUE} "本脚本的运行有一些列的前提依赖,请确定以下的项目都已完成!!!!"
colorEcho ${YELLOW} "----------------------------------------------------------"
colorEcho ${RED} "1. 完成基础环境初始化将rke系统镜像均上传至私有Harbor中"
colorEcho ${RED} "2. 配置并修改好 rke集群的模板文件命名为 cluster.yml !!"
colorEcho ${RED} "3. ……"
colorEcho ${YELLOW} "----------------------------------------------------------"
while true; do
colorEcho ${RED} "请确保您已经将上述的项目完成!!"
read -r -p "请输入yes进行确认脚本才可继续运行" input
case $input in
yes)
colorEcho ${GREEN} "您已确认上述的项目均已完成!!"
colorEcho ${GREEN} "----------------------------------------------------------"
echo ""
colorEcho ${BLUE} "开始执行 RKE集群的启动过程"
echo ""
main
break
;;
*)
echo ""
colorEcho ${RED} "输入有误!!! 请输入 >> yes << 进行确认"
break
colorEcho ${RED} "-----------------------------------------------------"
echo ""
;;
esac
done
}
installRKE(){
colorEcho ${PURPLE} "---------------------------------------------------------------------------------"
colorEcho ${BLUE} "开始下载并安装 RKE 工具 ………"
echo ""
colorEcho ${BLUE} "开始从rancher镜像下载rke工具……"
wget http://rancher-mirror.cnrancher.com/rke/v1.2.6/rke_linux-amd64
if [ -s rke_linux-amd64 ]; then
colorEcho ${GREEN} "rke工具下载完成"
chmod +x rke_linux-amd64
mv ./rke_linux-amd64 /usr/local/bin/rke
colorEcho ${GREEN} "----------------------------------------------------------"
rke --version
colorEcho ${GREEN} "----------------------------------------------------------"
rke config --list-version --all
echo ""
colorEcho ${BLUE} "开始从rancher镜像下载 kubectl 工具……"
wget http://rancher-mirror.cnrancher.com/kubectl/v1.20.4/linux-amd64-v1.20.4-kubectl
chmod +x linux-amd64-v1.20.4-kubectl
mv linux-amd64-v1.20.4-kubectl /usr/local/bin/kubectl
colorEcho ${GREEN} "----------------------------------------------------------"
kubectl version
colorEcho ${GREEN} "----------------------------------------------------------"
else
colorEcho ${RED} "rke工具下载失败脚本无法继续运行请手动下载rke工具"
colorEcho ${RED} "rke工具下载失败脚本无法继续运行请手动下载rke工具"
colorEcho ${RED} "rke工具下载失败脚本无法继续运行请手动下载rke工具"
return 1
fi
}
createRKEInstallerUser(){
colorEcho ${PURPLE} "---------------------------------------------------------------------------------"
colorEcho ${BLUE} "开始创建 rke-installer 用户………"
echo ""
useradd rke-installer
echo "rke-installer
rke-installer
" | passwd rke-installer
#将登陆用户develop加入到docker用户组中
gpasswd -a rke-installer docker
#更新用户组
newgrp docker
echo ""
if [ -d /home/rke-installer ]; then
colorEcho ${GREEN} "rke-installer 用户创建成功!! "
echo ""
else
colorEcho ${YELLOW} "检测到 rke-installer 用户已经存在"
fi
if [[ -s cluster.yaml || -s cluster.yml ]]; then
colorEcho ${BLUE} "开始将 cluster.yaml文件复制到 rke-installer目录下…………"
mv cluster.y* /home/rke-installer/cluster.yml
if [ -s /home/rke-installer/cluster.yml ]; then
colorEcho ${BLUE} "cluster.yml文件已经放置完成"
chown rke-installer:rke-installer /home/rke-installer/cluster.yml
else
colorEcho ${RED} "当前目录下未检测到 rke集群的模板文件"
colorEcho ${RED} "程序无法继续,将退出!!"
return 1
fi
else
colorEcho ${RED} "当前目录下未检测到 rke集群的模板文件"
colorEcho ${RED} "程序无法继续,将退出!!"
echo ""
colorEcho ${YELLOW} "--------------------------------------------------"
colorEcho ${RED} "请创建RKE集群的模板文件并命名为 cluster.yml "
colorEcho ${RED} "请创建RKE集群的模板文件并命名为 cluster.yml "
colorEcho ${RED} "请创建RKE集群的模板文件并命名为 cluster.yml "
colorEcho ${YELLOW} "--------------------------------------------------"
return 1
fi
colorEcho ${BLUE} "开始切换当前用户至 rke-installer "
su rke-installer
echo ""
colorEcho ${BLUE} "请检查rke-installer用户能否执行 docker ps 命令!!"
docker ps
colorEcho ${BLUE} "----------------------------------------------------------"
}
generateRKEUserKey(){
colorEcho ${PURPLE} "---------------------------------------------------------------------------------"
colorEcho ${BLUE} "开始创建 rke-installer用户的 ssh key ……"
echo ""
su rke-installer
ssh-keygen -t rsa -P "" -f ~/.ssh/id_rsa
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
colorEcho ${GREEN} "--------------------------------------------------------------"
colorEcho ${GREEN} "-----------本机配置完成!-------------"
echo ""
for ip in "${PrivateServerIPs[@]}"; do
colorEcho ${BLUE} "请手动将如下的命令,以 root 权限在主机 ${ip} 上运行"
colorEcho ${BLUE} "请手动将如下的命令,以 root 权限在主机 ${ip} 上运行"
colorEcho ${BLUE} "请手动将如下的命令,以 root 权限在主机 ${ip} 上运行"
colorEcho ${BLUE} "-----------------------------------------------"
echo ""
echo ""
colorEcho ${RED} " 请以 root 角色 运行!!! "
colorEcho ${RED} " 请以 root 角色 运行!!! "
colorEcho ${RED} " 请以 root 角色 运行!!! "
echo ""
echo "useradd rke-installer && echo \"rke-installer
rke-installer
\" | passwd rke-installer && gpasswd -a rke-installer docker && newgrp docker && su rke-installer && docker ps "
echo ""
echo "clear && ssh-keygen -t rsa -P \"\" -f ~/.ssh/id_rsa && echo \"$(cat ~/.ssh/id_rsa.pub)\" >> ~/.ssh/authorized_keys && echo \"\" && cat ~/.ssh/authorized_keys"
echo ""
echo ""
while true; do
colorEcho ${RED} "请确保您已经将上述的命令在主机${ip}上执行了!!"
read -r -p "请输入yes进行确认脚本才可继续运行" input
case $input in
yes)
colorEcho ${GREEN} "您已确认在主机${ip}上添加了私有的ssh key"
echo ""
break
;;
*)
echo ""
colorEcho ${RED} "输入有误!!! 请输入 >> yes << 进行确认"
colorEcho ${RED} "请在主机${ip}上执行上述命令!!!"
colorEcho ${RED} "否则本脚本的功能会失效!!"
colorEcho ${RED} "-----------------------------------------------------"
echo ""
;;
esac
done
done
}
startRKECLuster(){
colorEcho ${PURPLE} "---------------------------------------------------------------------------------"
colorEcho ${BLUE} "开始 启动 rke集群 "
colorEcho ${BLUE} "开始 启动 rke集群 "
colorEcho ${BLUE} "开始 启动 rke集群 "
echo ""
if [[ $(pwd) == "/home/rke-installer" ]]; then
colorEcho ${BLUE} "检测到当前目录为 /home/rke-installer"
echo ""
colorEcho ${BLUE} "开始执行 RKE 集群的启动过程 "
colorEcho ${BLUE} "-------------------------------------------------------------"
for i in {3..1..-1}; do
colorEcho ${BLUE} "倒计时开始 ->> $i 秒 <<-准备启动RKE上文的日志输出将会消失"
sleep 2
done
clear
rke up
else
colorEcho ${BLUE} "当前目录不为 /home/rke-installer开始跳转目录"
cd /home/rke-installer
startRKECLuster
fi
}
main(){
check_root
generateRKEUserKey || return $?
startRKECLuster || return $?
}
startFunc

36
1-outside-deploy/1-base-env-shell/cmlc-app-images.txt Normal file
View File

@@ -0,0 +1,36 @@
harbor-qa.sre.cdcyy.cn/cmii/cmii-admin-data:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-admin-gateway:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-admin-user:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-open-gateway:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-airspace:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-brain:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-cloud-live:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-clusters:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-data-post-process:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-developer:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-device:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-gateway:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-hyperspectral-consumer:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-hyperspectral-provider:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-kpi-monitor:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-logger:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-material-warehouse:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-mission:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-mqtthandler:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-notice:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-oauth:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-process:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-security-system:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-surveillance:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-user:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-waypoint:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-platform:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-platform-ai-brain:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-platform-hyperspectral:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-platform-mws:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-platform-mws-admin:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-platform-oms:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-platform-open:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-platform-splice:2.1.14
harbor-qa.sre.cdcyy.cn/cmii/cmii-uav-platform-splice-visual:2.1.14

20
1-outside-deploy/1-base-env-shell/kubernetes-admin-user-rbac.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system

299
1-outside-deploy/1-base-env-shell/kubernetes-dashboad.yaml Normal file
View File

@@ -0,0 +1,299 @@
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Namespace
metadata:
name: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
kubernetes.io/cluster-service: "true"
name: kubernetes-dashboard
namespace: kube-system
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
type: NodePort
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kube-system
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-csrf
namespace: kube-system
type: Opaque
data:
csrf: ""
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-key-holder
namespace: kube-system
type: Opaque
---
kind: ConfigMap
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-settings
namespace: kube-system
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
rules:
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
verbs: ["get", "update", "delete"]
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Allow Dashboard to get metrics.
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster", "dashboard-metrics-scraper"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
verbs: ["get"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
rules:
# Allow Metrics Scraper to get metrics from the Metrics server
- apiGroups: ["metrics.k8s.io"]
resources: ["pods", "nodes"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.0.1
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
- --namespace=kube-system
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kube-system
spec:
ports:
- port: 8000
targetPort: 8000
selector:
k8s-app: dashboard-metrics-scraper
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: dashboard-metrics-scraper
template:
metadata:
labels:
k8s-app: dashboard-metrics-scraper
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
spec:
containers:
- name: dashboard-metrics-scraper
image: kubernetesui/metrics-scraper:v1.0.4
ports:
- containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 30
volumeMounts:
- mountPath: /tmp
name: tmp-volume
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
serviceAccountName: kubernetes-dashboard
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
volumes:
- name: tmp-volume
emptyDir: {}

64
1-outside-deploy/1-base-env-shell/kubernetes-images-2.5.7-1.18.6.txt Normal file
View File

@@ -0,0 +1,64 @@
busybox
rancher/backup-restore-operator:v1.0.3
rancher/calico-cni:v3.13.4
rancher/calico-ctl:v3.13.4
rancher/calico-kube-controllers:v3.13.4
rancher/calico-node:v3.13.4
rancher/calico-pod2daemon-flexvol:v3.13.4
rancher/cis-operator:v1.0.3
rancher/cluster-proportional-autoscaler:1.7.1
rancher/configmap-reload:v0.3.0-rancher4
rancher/coredns-coredns:1.6.9
rancher/coreos-etcd:v3.4.3-rancher1
rancher/coreos-flannel:v0.12.0
rancher/coreos-flannel:v0.13.0-rancher1
rancher/coreos-kube-state-metrics:v1.9.7
rancher/coreos-prometheus-config-reloader:v0.39.0
rancher/coreos-prometheus-operator:v0.39.0
rancher/externalip-webhook:v0.1.6
rancher/flannel-cni:v0.3.0-rancher6
rancher/fleet-agent:v0.3.4
rancher/fleet:v0.3.4
rancher/fluentd:v0.1.24
rancher/grafana-grafana:7.1.5
rancher/hyperkube:v1.18.16-rancher1
rancher/jimmidyson-configmap-reload:v0.3.0
rancher/k8s-dns-dnsmasq-nanny:1.15.2
rancher/k8s-dns-kube-dns:1.15.2
rancher/k8s-dns-node-cache:1.15.7
rancher/k8s-dns-sidecar:1.15.2
rancher/klipper-lb:v0.1.2
rancher/kube-api-auth:v0.1.4
rancher/kubectl:v1.18.6
rancher/kubernetes-external-dns:v0.7.3
rancher/library-busybox:1.31.1
rancher/library-busybox:1.32.1
rancher/library-nginx:1.19.2-alpine
rancher/library-traefik:1.7.19
rancher/local-path-provisioner:v0.0.11
rancher/local-path-provisioner:v0.0.14
rancher/local-path-provisioner:v0.0.19
rancher/log-aggregator:v0.1.7
rancher/istio-kubectl:1.5.10
rancher/metrics-server:v0.3.6
rancher/nginx-ingress-controller-defaultbackend:1.5-rancher1
rancher/nginx-ingress-controller:nginx-0.35.0-rancher2
rancher/opa-gatekeeper:v3.1.0-beta.7
rancher/openzipkin-zipkin:2.14.2
rancher/pause:3.1
rancher/plugins-docker:18.09
rancher/prom-alertmanager:v0.21.0
rancher/prom-node-exporter:v1.0.1
rancher/prom-prometheus:v2.12.0
rancher/prom-prometheus:v2.18.2
rancher/prometheus-auth:v0.2.1
rancher/rancher-agent:v2.5.7
rancher/rancher-webhook:v0.1.0-beta9
rancher/rancher:v2.5.7
rancher/rke-tools:v0.1.72
rancher/security-scan:v0.1.14
rancher/security-scan:v0.2.2
rancher/shell:v0.1.6
rancher/sonobuoy-sonobuoy:v0.16.3
rancher/system-upgrade-controller:v0.6.2

61
1-outside-deploy/1-base-env-shell/kubernetes-images-2.5.7-1.20.4.txt Normal file
View File

@@ -0,0 +1,61 @@
busybox
rancher/backup-restore-operator:v1.0.3
rancher/calico-cni:v3.17.2
rancher/calico-ctl:v3.17.2
rancher/calico-kube-controllers:v3.17.2
rancher/calico-node:v3.17.2
rancher/calico-pod2daemon-flexvol:v3.17.2
rancher/cis-operator:v1.0.3
rancher/cluster-proportional-autoscaler:1.7.1
rancher/coredns-coredns:1.8.0
rancher/coreos-etcd:v3.4.14-rancher1
rancher/coreos-kube-state-metrics:v1.9.7
rancher/coreos-prometheus-config-reloader:v0.39.0
rancher/coreos-prometheus-operator:v0.39.0
rancher/externalip-webhook:v0.1.6
rancher/flannel-cni:v0.3.0-rancher6
rancher/fleet-agent:v0.3.4
rancher/fleet:v0.3.4
rancher/fluentd:v0.1.24
rancher/grafana-grafana:7.1.5
rancher/hyperkube:v1.20.4-rancher1
rancher/jimmidyson-configmap-reload:v0.3.0
rancher/k8s-dns-dnsmasq-nanny:1.15.2
rancher/k8s-dns-kube-dns:1.15.2
rancher/k8s-dns-node-cache:1.15.13
rancher/k8s-dns-sidecar:1.15.2
rancher/klipper-lb:v0.1.2
rancher/kube-api-auth:v0.1.4
rancher/kubectl:v1.20.4
rancher/kubernetes-external-dns:v0.7.3
rancher/library-busybox:1.31.1
rancher/library-busybox:1.32.1
rancher/library-nginx:1.19.2-alpine
rancher/library-traefik:1.7.19
rancher/local-path-provisioner:v0.0.11
rancher/local-path-provisioner:v0.0.14
rancher/local-path-provisioner:v0.0.19
rancher/log-aggregator:v0.1.7
rancher/istio-kubectl:1.5.10
rancher/metrics-server:v0.4.1
rancher/configmap-reload:v0.3.0-rancher4
rancher/nginx-ingress-controller-defaultbackend:1.5-rancher1
rancher/nginx-ingress-controller:nginx-0.43.0-rancher1
rancher/opa-gatekeeper:v3.1.0-beta.7
rancher/openzipkin-zipkin:2.14.2
rancher/pause:3.2
rancher/plugins-docker:18.09
rancher/prom-alertmanager:v0.21.0
rancher/prom-node-exporter:v1.0.1
rancher/prom-prometheus:v2.18.2
rancher/prometheus-auth:v0.2.1
rancher/rancher-agent:v2.5.7
rancher/rancher-webhook:v0.1.0-beta9
rancher/rancher:v2.5.7
rancher/rke-tools:v0.1.72
rancher/security-scan:v0.1.14
rancher/security-scan:v0.2.2
rancher/shell:v0.1.6
rancher/sonobuoy-sonobuoy:v0.16.3
rancher/system-upgrade-controller:v0.6.2

18
1-outside-deploy/1-base-env-shell/middleware-images.txt Normal file
View File

@@ -0,0 +1,18 @@
docker.io/bitnami/redis:6.2.6-debian-10-r0
docker.io/bitnami/mysql:8.0.26-debian-10-r0
docker.io/bitnami/bitnami-shell:10-debian-10-r140
docker.io/bitnami/rabbitmq:3.9.12-debian-10-r3
docker.io/bitnami/minio:2021.3.26-debian-10-r0
docker.io/ossrs/srs:v4.0.136
docker.io/emqx/emqx:4.2.12
docker.io/nacos/nacos-server:2.0.1
docker.io/mongo:5.0
docker.io/rabbitmq:3.7-management
docker.io/v2fly/v2fly-core:v4.38.3
docker.io/pollyduan/ingress-nginx-controller:v0.44.0
docker.io/jettech/kube-webhook-certgen:v1.5.1
docker.io/minio/minio:RELEASE.2022-03-26T06-49-28Z
docker.io/minio/minio:RELEASE.2022.5.4
docker.io/ossrs/srs:v4.0-b9
docker.io/kubernetesui/dashboard:v2.0.1
docker.io/kubernetesui/metrics-scraper:v1.0.4

252
1-outside-deploy/1-base-env-shell/rke-cluster.yml Normal file
View File

@@ -0,0 +1,252 @@
nodes:
- address: 192.168.8.65
user: rke-installer
role:
- controlplane
- etcd
- worker
internal_address: 192.168.8.65
- address: 192.168.8.66
user: rke-installer
role:
- worker
labels:
ingress-deploy: true
internal_address: 192.168.8.66
- address: 192.168.8.67
user: rke-installer
role:
- worker
internal_address: 192.168.8.67
labels:
mysql-deploy: true
- address: 192.168.8.68
user: rke-installer
role:
- worker
internal_address: 192.168.8.68
labels:
minio-deploy: true
authentication:
strategy: x509
sans:
- "192.168.8.6"
private_registries:
- url: 192.168.8.65:8033 # 私有镜像库地址
user: admin
password: "V2ryStr@ngPss"
is_default: true
##############################################################################
# 默认值为false如果设置为true当发现不支持的Docker版本时RKE不会报错
ignore_docker_version: true
# Set the name of the Kubernetes cluster
cluster_name: rke-cluster
kubernetes_version: v1.20.4-rancher1-1
ssh_key_path: /home/rke-installer/.ssh/id_rsa
# Enable running cri-dockerd
# Up to Kubernetes 1.23, kubelet contained code called dockershim
# to support Docker runtime. The replacement is called cri-dockerd
# and should be enabled if you want to keep using Docker as your
# container runtime
# Only available to enable in Kubernetes 1.21 and higher
enable_cri_dockerd: true
services:
etcd:
backup_config:
enabled: false
interval_hours: 72
retention: 3
safe_timestamp: false
timeout: 300
creation: 12h
extra_args:
election-timeout: 5000
heartbeat-interval: 500
gid: 0
retention: 72h
snapshot: false
uid: 0
kube-api:
# IP range for any services created on Kubernetes
# This must match the service_cluster_ip_range in kube-controller
service_cluster_ip_range: 10.74.0.0/16
# Expose a different port range for NodePort services
service_node_port_range: 30000-40000
always_pull_images: true
pod_security_policy: false
# Add additional arguments to the kubernetes API server
# This WILL OVERRIDE any existing defaults
extra_args:
# Enable audit log to stdout
audit-log-path: "-"
# Increase number of delete workers
delete-collection-workers: 3
# Set the level of log output to warning-level
v: 1
kube-controller:
# CIDR pool used to assign IP addresses to pods in the cluster
cluster_cidr: 10.100.0.0/16
# IP range for any services created on Kubernetes
# This must match the service_cluster_ip_range in kube-api
service_cluster_ip_range: 10.74.0.0/16
# Add additional arguments to the kubernetes API server
# This WILL OVERRIDE any existing defaults
extra_args:
# Set the level of log output to debug-level
v: 1
# Enable RotateKubeletServerCertificate feature gate
feature-gates: RotateKubeletServerCertificate=true
# Enable TLS Certificates management
# https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/
cluster-signing-cert-file: "/etc/kubernetes/ssl/kube-ca.pem"
cluster-signing-key-file: "/etc/kubernetes/ssl/kube-ca-key.pem"
kubelet:
# Base domain for the cluster
cluster_domain: cluster.local
# IP address for the DNS service endpoint
cluster_dns_server: 10.74.0.10
# Fail if swap is on
fail_swap_on: false
# Set max pods to 250 instead of default 110
extra_binds:
- "/data/minio-pv:/hostStorage" # 不要修改 为minio的pv添加
extra_args:
max-pods: 122
# Optionally define additional volume binds to a service
scheduler:
extra_args:
# Set the level of log output to warning-level
v: 0
kubeproxy:
extra_args:
# Set the level of log output to warning-level
v: 0
authorization:
mode: rbac
addon_job_timeout: 30
# Specify network plugin-in (canal, calico, flannel, weave, or none)
#network:
# mtu: 1440
# options:
# flannel_backend_type: vxlan
# plugin: calico
# tolerations:
# - key: "node.kubernetes.io/unreachable"
# operator: "Exists"
# effect: "NoExecute"
# tolerationseconds: 300
# - key: "node.kubernetes.io/not-ready"
# operator: "Exists"
# effect: "NoExecute"
# tolerationseconds: 300
network:
options:
flannel_backend_type: vxlan
flannel_iface: eth0
flannel_autoscaler_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+
flannel_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+
plugin: flannel
tolerations:
- key: "node.kubernetes.io/unreachable"
operator: "Exists"
effect: "NoExecute"
tolerationseconds: 300
- key: "node.kubernetes.io/not-ready"
operator: "Exists"
effect: "NoExecute"
tolerationseconds: 300
# Specify DNS provider (coredns or kube-dns)
dns:
provider: coredns
nodelocal:
ip_address: '10.74.0.99'
node_selector: null
update_strategy:
# Available as of v1.1.0
update_strategy:
strategy: RollingUpdate
rollingUpdate:
maxUnavailable: 20%
maxSurge: 15%
linear_autoscaler_params:
cores_per_replica: 0.34
nodes_per_replica: 4
prevent_single_point_failure: true
min: 2
max: 3
tolerations:
- key: "node.kubernetes.io/unreachable"
operator: "Exists"
effect: "NoExecute"
tolerationseconds: 300
- key: "node.kubernetes.io/not-ready"
operator: "Exists"
effect: "NoExecute"
tolerationseconds: 300
# Specify monitoring provider (metrics-server)
monitoring:
provider: metrics-server
# Available as of v1.1.0
update_strategy:
strategy: RollingUpdate
rollingUpdate:
maxUnavailable: 8
ingress:
provider: nginx
default_backend: true
http_port: 30500
https_port: 31500
extra_envs:
- name: TZ
value: Asia/Shanghai
node_selector:
ingress-deploy: true
options:
use-forwarded-headers: "true"
access-log-path: /var/log/nginx/access.log
client-body-timeout: '6000'
compute-full-forwarded-for: 'true'
enable-underscores-in-headers: 'true'
log-format-escape-json: 'true'
log-format-upstream: >-
{ "msec": "$msec", "connection": "$connection", "connection_requests":
"$connection_requests", "pid": "$pid", "request_id": "$request_id",
"request_length": "$request_length", "remote_addr": "$remote_addr",
"remote_user": "$remote_user", "remote_port": "$remote_port",
"http_x_forwarded_for": "$http_x_forwarded_for", "time_local":
"$time_local", "time_iso8601": "$time_iso8601", "request": "$request",
"request_uri": "$request_uri", "args": "$args", "status": "$status",
"body_bytes_sent": "$body_bytes_sent", "bytes_sent": "$bytes_sent",
"http_referer": "$http_referer", "http_user_agent": "$http_user_agent",
"http_host": "$http_host", "server_name": "$server_name", "request_time":
"$request_time", "upstream": "$upstream_addr", "upstream_connect_time":
"$upstream_connect_time", "upstream_header_time": "$upstream_header_time",
"upstream_response_time": "$upstream_response_time",
"upstream_response_length": "$upstream_response_length",
"upstream_cache_status": "$upstream_cache_status", "ssl_protocol":
"$ssl_protocol", "ssl_cipher": "$ssl_cipher", "scheme": "$scheme",
"request_method": "$request_method", "server_protocol": "$server_protocol",
"pipe": "$pipe", "gzip_ratio": "$gzip_ratio", "http_cf_ray": "$http_cf_ray",
"geoip_country_code": "$geoip_country_code" }
proxy-body-size: 5120m
proxy-read-timeout: '6000'
proxy-send-timeout: '6000'

8
1-outside-deploy/1.json Normal file
View File

@@ -0,0 +1,8 @@
server {
listen 30080 default;
location /rtc/v1/ {
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
proxy_pass http://localhost:30985/rtc/v1/;
}
}

26
1-outside-deploy/2-helm-chart/.helmignore Normal file
View File

@@ -0,0 +1,26 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
.vscode/
charts/frontend-app/templates/traefik.yaml
charts/all-middleware/charts/rabbitmq-backup
charts/minio-pv
charts/minio-storage

4948
1-outside-deploy/2-helm-chart/1.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

17
1-outside-deploy/2-helm-chart/2.yaml Normal file
View File

@@ -0,0 +1,17 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-logistic-application
namespace: uavcloud-devflight
labels:
app.kubernetes.io/managed-by: Helm
data:
ingress-config.js: |-
// 从ConfigMap中注入
// injected from ConfigMap
var __GlobalIngressConfig = {
TenantEnvironment: "devflight",
CloudHOST: "lab.uavcmlc.com",
ApplicationShortName: "logistic",
AppClientId: "APP_PvdfRRRBPL8xbIwl"
}

19
1-outside-deploy/2-helm-chart/Chart.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v2
name: outside-deploy
description: 中移凌云平台对外交付部署标准化Charts。提供业务应用前端、后端中间件mysql、redis、minio等一键式部署的能力
deprecated: true
type: application
version: 1.1.0
appVersion: 2.2.2
kubeVersion: ^1.16.0-0
maintainers:
- name: super wdd
email: wangziwen@cmii.chinamobile.com

24
1-outside-deploy/2-helm-chart/charts/all-ingress-config/.helmignore Normal file
View File

@@ -0,0 +1,24 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
ci/*

30
1-outside-deploy/2-helm-chart/charts/all-ingress-config/Chart.yaml Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: v2
name: all-ingress-config
description: 中移凌云平台所有的Ingress配置包含前端后端Api/Gateway等
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: 2.2.2
keywords:
- uavcloud
- ingress
- template
- function
- chinamobile

33
1-outside-deploy/2-helm-chart/charts/all-ingress-config/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,33 @@
{{- if or .Values.frontendApplication.enabled .Values.backendApplication.enabled .Values.apiGatewayApplication.enabled }}
{{- if .Values.frontendApplication.enabled }}
-- 已经开启前端应用的Ingress
-- The Ingress of the front-end application has been opened!
{{- end }}
{{- if .Values.backendApplication.enabled }}
-- 已经开启后端应用的Ingress
-- The Ingress of the back-end application has been opened!
{{- end }}
{{- if .Values.apiGatewayApplication.enabled }}
-- 已经开启Api和Gateway应用的Ingress
-- Ingress of Api and Gateway applications has been opened!
{{- end }}
{{- else }}
[ERROR] 您并没有选择开启任何应用的Ingress仅仅更新ConfigMap
[ERROR] You did not choose to open Ingress for any app! Just update the ConfigMap! !
{{- end }}
{{ if .Values.global.domain.IsPrivateDeployment }}
-- 您选择了【私有化】域名部署!!
-- [INFO] 请注意域名中不包含前缀!
-- 当前中移凌云的主页访问地址为:{{- if .Values.global.ingress.tls_enabled -}}https://{{- else -}}http://{{- end -}}{{ .Values.global.domain.DeployDomainName }}/
-- You have chosen [Private] domain name deployment! !
-- [INFO] Please note that the domain name does not contain a prefix!
-- The current homepage access address of China Mobile Lingyun is{{- if .Values.global.ingress.tls_enabled -}}https://{{- else -}}http://{{- end -}}{{ .Values.global.domain.DeployDomainName }}/
{{- else }}
-- 当前部署的租户环境为:{{ .Values.global.domain.TenantEnvironment }}
-- 当前中移凌云的主页访问地址为:{{- if .Values.global.ingress.tls_enabled -}}https://{{- else -}}http://{{- end -}}{{ .Values.global.domain.DeployDomainName }}/{{ .Values.global.domain.TenantEnvironment }}/
-- The currently deployed tenant environment is: {{ .Values.global.domain.TenantEnvironment }}
-- The current homepage access address of China Mobile Lingyun is{{- if .Values.global.ingress.tls_enabled -}}https://{{- else -}}http://{{- end -}}{{ .Values.global.domain.DeployDomainName }}/{{ .Values.global.domain.TenantEnvironment }}/
{{- end }}
[SUCCESS] Ingress Deployment has been accomplished !!!

50
1-outside-deploy/2-helm-chart/charts/all-ingress-config/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,50 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Create chart name and version as used by the chart label.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "all-ingress.name" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 }}
{{- end }}
{{/*
Create the tls configuration for https to enable trafik-ingress
*/}}
{{- define "all-ingress-front.full.applications" -}}
- cmii-uav-platform
- cmii-uav-platform-ai-brain
- cmii-uav-platform-hyperspectral
- cmii-uav-platform-mws
- cmii-uav-platform-oms
- cmii-uav-platform-open
- cmii-uav-platform-splice
- cmii-uav-platform-splice-visual
{{- end }}
{{/*
common annotations of frontend applications
*/}}
{{- define "all-ingress.frontend.commom.annotations" -}}
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
{{- end }}
{{/*
Specific annotations created for api applications
*/}}
{{- define "all-ingress.all-apis.commom.annotations" -}}
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$2
{{- end }}
{{/*
the specific annotations for project-minio
*/}}
{{/*{{- define "uavcloud-ingress.apiGateway.project-minio.annotations" -}}*/}}
{{/*kubernetes.io/ingress.class: "nginx"*/}}
{{/*nginx.ingress.kubernetes.io/enable-cors: "true"*/}}
{{/*nginx.ingress.kubernetes.io/rewrite-target: /api/uav/minio/$2*/}}
{{/*{{- end }}*/}}

51
1-outside-deploy/2-helm-chart/charts/all-ingress-config/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,51 @@
{{- if .Values.enabled }}
{{- $namespace := .Release.Namespace -}}
{{- $TenantEnvironment := .Values.global.domain.TenantEnvironment -}}
{{- $DeployDomainName := .Values.global.domain.DeployDomainName -}}
{{- $IsPrivateDeployment := .Values.global.domain.IsPrivateDeployment -}}
{{- range $applicationName, $values := .Values.frontendApplication.manifest }}
---
kind: ConfigMap
apiVersion: v1
metadata:
{{- if eq $values.shortname "" }}
name: tenant-prefix-platform
{{- else }}
name: tenant-prefix-{{ $values.shortname }}
{{- end }}
namespace: {{ $namespace }}
data:
ingress-config.js: |-
// 从ConfigMap中注入
// injected from ConfigMap
var __GlobalIngressConfig = {
{{- if $IsPrivateDeployment }}
TenantEnvironment: "",
{{- else }}
TenantEnvironment: {{ $TenantEnvironment | quote -}},
{{- end }}
CloudHOST: {{ $DeployDomainName | quote -}},
{{- if not (contains "appli" $values.shortname ) }}
{{- /* short name not contains application, judge for situations */}}
{{- if contains "cms-portal" $values.shortname }}
ApplicationShortName: "cmsportal",
{{- else if contains "-rescue" $values.shortname }}
ApplicationShortName: {{ trimSuffix "-rescue" $values.shortname | quote -}},
{{- else if contains "screen" $values.shortname }}
ApplicationShortName: {{ trimSuffix "-screen" $values.shortname | quote -}},
{{- else }}
ApplicationShortName: {{ $values.shortname | quote }},
{{- end }}
{{- else }}
ApplicationShortName: {{ trimSuffix "-application" $values.shortname | quote -}},
{{- end }}
{{- range $appShortNamePlusTenantEnv, $appClientId := $values}}
{{- $realApplicationNamePlusTenantEnv := cat $values.shortname $TenantEnvironment | replace " " "-" }}
{{- if hasPrefix $appShortNamePlusTenantEnv $realApplicationNamePlusTenantEnv }}
AppClientId: {{ $appClientId | quote }}
{{- end }}
{{- end }}
}
---
{{- end }}
{{- end }}

215
1-outside-deploy/2-helm-chart/charts/all-ingress-config/templates/ingress-api-gateway.yaml Normal file
View File

@@ -0,0 +1,215 @@
{{- if and .Values.enabled .Values.apiGatewayApplication.enabled }}
{{- $namespace := .Release.Namespace -}}
{{- $TenantEnvironment := .Values.global.domain.TenantEnvironment -}}
{{- $DeployDomainName := ternary (first (regexSplit ":" .Values.global.domain.DeployDomainName -1)) ( .Values.global.domain.DeployDomainName ) (contains ":" .Values.global.domain.DeployDomainName) -}}
{{- $IsPrivateDeployment := .Values.global.domain.IsPrivateDeployment -}}
{{- $IsTlsEnables := .Values.global.ingress.tls_enabled -}}
{{- $scope := $ -}}
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: all-gateways-ingress
namespace: {{ $namespace }}
labels:
type: {{ $.Values.apiGatewayApplication.type }}
accessmode: {{ $.Values.apiGatewayApplication.accessmode }}
helm.sh/chart: {{ include "all-ingress.name" $scope }}
app.kubernetes.io/managed-by: {{ $.Release.Service }}
{{- if $.Values.global.image.tag }}
app.kubernetes.io/version: {{ $.Values.global.image.tag | quote }}
{{- end }}
annotations:
{{- include "all-ingress.frontend.commom.annotations" $scope | nindent 4 }}
{{- if $IsTlsEnables }}
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/permanent-redirect-code: '301'
{{- end }}
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
spec:
rules:
- host: {{ $DeployDomainName }}
http:
paths:
{{- if $IsPrivateDeployment }}
{{- range $key,$value := .Values.apiGatewayApplication.manifest }}
{{- if eq $value false }}
{{- $applicationName := ternary (trimPrefix "cmii-uav-" $key) (trimPrefix "cmii-" $key) (contains "cmii-uav" $key) -}}
{{- if eq $applicationName "material-warehouse" }}
- path: /api/warehouses/?(.*)
{{- else if eq $applicationName "gateway" }}
- path: /api/?(.*)
{{- else if eq $applicationName "admin-gateway" }}
- path: /oms/api/?(.*)
{{- /* {{- else if eq $applicationName "project-minio" }}*/}}
{{- /* - path: /?(.*)/api/minios/?(.*)*/}}
{{- else if eq $applicationName "open-gateway" }}
- path: /open/api/?(.*)
{{- else }}
- path: /{{ $applicationName }}/?(.*)
{{- end }}
pathType: ImplementationSpecific
backend:
serviceName: {{ $key }}
servicePort: 8080
{{- end }}
{{- end }}
{{- else }}
{{- range $key,$value := .Values.apiGatewayApplication.manifest }}
{{- if eq $value false }}
{{- $applicationName := ternary (trimPrefix "cmii-uav-" $key) (trimPrefix "cmii-" $key) (contains "cmii-uav" $key) -}}
{{- if eq $applicationName "material-warehouse" }}
- path: /{{ $TenantEnvironment }}/api/warehouses/?(.*)
{{- else if eq $applicationName "gateway" }}
- path: /{{ $TenantEnvironment }}/api/?(.*)
{{- else if eq $applicationName "admin-gateway" }}
- path: /{{ $TenantEnvironment }}/oms/api/?(.*)
{{- /* {{- else if eq $applicationName "project-minio" }}*/}}
{{- /* - path: /{{ $TenantEnvironment }}/?(.*)/api/minios/?(.*)*/}}
{{- else if eq $applicationName "open-gateway" }}
- path: /{{ $TenantEnvironment }}/open/api/?(.*)
{{- else }}
- path: /{{ $applicationName }}/?(.*)
{{- end }}
pathType: ImplementationSpecific
backend:
serviceName: {{ $key }}
servicePort: 8080
{{- end }}
{{- end }}
{{- end }}
{{- if $IsTlsEnables }}
tls:
- hosts:
- {{ $DeployDomainName }}
- secretName: {{ $DeployDomainName | quote }}
{{- end }}
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: all-apis-ingress
namespace: {{ $namespace }}
labels:
type: {{ $.Values.apiGatewayApplication.type }}
accessmode: {{ $.Values.apiGatewayApplication.accessmode }}
helm.sh/chart: {{ include "all-ingress.name" $scope }}
app.kubernetes.io/managed-by: {{ $.Release.Service }}
{{- if $.Values.global.image.tag }}
app.kubernetes.io/version: {{ $.Values.global.image.tag | quote }}
{{- end }}
annotations:
{{- include "all-ingress.all-apis.commom.annotations" $scope | nindent 4 }}
{{- if $IsTlsEnables }}
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/permanent-redirect-code: '301'
{{- end }}
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
spec:
rules:
- host: {{ $DeployDomainName }}
http:
paths:
{{- if $IsPrivateDeployment }}
{{- range $key,$value := .Values.apiGatewayApplication.manifest }}
{{- $applicationName := ternary (trimPrefix "cmii-uav-" $key) (trimPrefix "cmii-" $key) (contains "cmii-uav" $key) -}}
{{- if $value }}
{{- if eq $applicationName "material-warehouse" }}
- path: /?(.*)/api/warehouses/?(.*)
{{- else if eq $applicationName "gateway" }}
- path: /api/?(.*)
{{- else if eq $applicationName "admin-gateway" }}
- path: /oms/api/?(.*)
{{- /* {{- else if eq $applicationName "project-minio" }}*/}}
{{- /* - path: /?(.*)/api/minios/?(.*)*/}}
{{- else if eq $applicationName "open-gateway" }}
- path: /open/api/?(.*)
{{- else }}
- path: /{{ $applicationName }}/?(.*)
{{- end }}
pathType: ImplementationSpecific
backend:
serviceName: {{ $key }}
servicePort: 8080
{{- end }}
{{- end }}
{{- else }}
{{- range $key,$value := .Values.apiGatewayApplication.manifest }}
{{- if $value }}
{{- $applicationName := ternary (trimPrefix "cmii-uav-" $key) (trimPrefix "cmii-" $key) (contains "cmii-uav" $key) -}}
{{- if eq $applicationName "material-warehouse" }}
- path: /{{ $TenantEnvironment }}/?(.*)/api/warehouses/?(.*)
{{- else if eq $applicationName "gateway" }}
- path: /{{ $TenantEnvironment }}/api/?(.*)
{{- else if eq $applicationName "admin-gateway" }}
- path: /{{ $TenantEnvironment }}/oms/api/?(.*)
{{- /* {{- else if eq $applicationName "project-minio" }}*/}}
{{- /* - path: /{{ $TenantEnvironment }}/?(.*)/api/minios/?(.*)*/}}
{{- else if eq $applicationName "open-gateway" }}
- path: /{{ $TenantEnvironment }}/open/api/?(.*)
{{- else }}
- path: /{{ $applicationName }}/?(.*)
{{- end }}
pathType: ImplementationSpecific
backend:
serviceName: {{ $key }}
servicePort: 8080
{{- end }}
{{- end }}
{{- end }}
{{- if $IsTlsEnables }}
tls:
- hosts:
- {{ $DeployDomainName }}
- secretName: {{ $DeployDomainName | quote }}
{{- end }}
---
{{- end }}
{{/*apiVersion: networking.k8s.io/v1beta1*/}}
{{/*kind: Ingress*/}}
{{/*metadata:*/}}
{{/* name: project-minio-ingress*/}}
{{/* namespace: {{ $namespace }}*/}}
{{/* labels:*/}}
{{/* type: {{ $.Values.apiGatewayApplication.type }}*/}}
{{/* accessmode: {{ $.Values.apiGatewayApplication.accessmode }}*/}}
{{/* helm.sh/chart: {{ include "uavcloud-ingress.name" $scope }}*/}}
{{/* app.kubernetes.io/managed-by: {{ $.Release.Service }}*/}}
{{/* {{- if $.Values.global.image.tag }}*/}}
{{/* app.kubernetes.io/version: {{ $.Values.global.image.tag | quote }}*/}}
{{/* {{- end }}*/}}
{{/* annotations:*/}}
{{/* {{- include "uavcloud-ingress.apiGateway.project-minio.annotations" $scope | nindent 4 }}*/}}
{{/* {{- if $IsTlsEnables }}*/}}
{{/* nginx.ingress.kubernetes.io/ssl-redirect: "true"*/}}
{{/* nginx.ingress.kubernetes.io/permanent-redirect-code: '301'*/}}
{{/* {{- end }}*/}}
{{/* nginx.ingress.kubernetes.io/configuration-snippet: |*/}}
{{/* proxy_set_header Upgrade $http_upgrade;*/}}
{{/* proxy_set_header Connection "Upgrade";*/}}
{{/*spec:*/}}
{{/* rules:*/}}
{{/* - host: {{ $DeployDomainName }}*/}}
{{/* http:*/}}
{{/* paths:*/}}
{{/* {{- if $IsPrivateDeployment }}*/}}
{{/* - path: /?(.*)/api/minio/?(.*)*/}}
{{/* {{- else }}*/}}
{{/* - path: /{{ $TenantEnvironment }}/?(.*)/api/minio/?(.*)*/}}
{{/* {{- end }}*/}}
{{/* pathType: ImplementationSpecific*/}}
{{/* backend:*/}}
{{/* serviceName: cmii-project-minio*/}}
{{/* servicePort: 8080*/}}
{{/* {{- if $IsTlsEnables }}*/}}
{{/* tls:*/}}
{{/* - hosts:*/}}
{{/* - {{ $DeployDomainName }}*/}}
{{/* - secretName: {{ $DeployDomainName | quote }}*/}}
{{/* {{- end }}*/}}
{{/*---*/}}

35
1-outside-deploy/2-helm-chart/charts/all-ingress-config/templates/ingress-backend.yaml Normal file
View File

@@ -0,0 +1,35 @@
{{- if and .Values.enabled .Values.backendApplication.enabled }}
{{- $namespace := .Release.Namespace -}}
{{- $TenantEnvironment := .Values.global.domain.TenantEnvironment -}}
{{- $scope := $ -}}
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: backend-applications-ingress
namespace: {{ $namespace }}
labels:
type: {{ .Values.backendApplication.type }}
accessmode: {{ $.Values.backendApplication.accessmode }}
helm.sh/chart: {{ include "all-ingress.name" $scope }}
app.kubernetes.io/managed-by: {{ $.Release.Service }}
{{- if $.Values.global.image.tag }}
app.kubernetes.io/version: {{ $.Values.global.image.tag | quote }}
{{- end }}
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/enable-cors: "true"
spec:
rules:
{{- range $key,$value := .Values.backendApplication.manifest }}
{{- $applicationName := $key | trunc 63 }}
- host: {{ $applicationName }}.uavcloud-{{ $TenantEnvironment }}.io
http:
paths:
- path: /
backend:
serviceName: {{ $applicationName }}
servicePort: 8080
{{- end }}
---
{{- end }}

121
1-outside-deploy/2-helm-chart/charts/all-ingress-config/templates/ingress-frontend.yaml Normal file
View File

@@ -0,0 +1,121 @@
{{- if and .Values.enabled .Values.frontendApplication.enabled }}
{{- $namespace := .Release.Namespace -}}
{{- $TenantEnvironment := .Values.global.domain.TenantEnvironment -}}
{{- $DeployDomainName := ternary (first (regexSplit ":" .Values.global.domain.DeployDomainName -1)) ( .Values.global.domain.DeployDomainName ) (contains ":" .Values.global.domain.DeployDomainName) -}}
{{- $IsPrivateDeployment := .Values.global.domain.IsPrivateDeployment -}}
{{- $scope := $ -}}
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: frontend-applications-ingress
namespace: {{ $namespace }}
labels:
type: {{ .Values.frontendApplication.type }}
accessmode: {{ $.Values.frontendApplication.accessmode }}
helm.sh/chart: {{ include "all-ingress.name" $scope }}
app.kubernetes.io/managed-by: {{ $.Release.Service }}
{{- if $.Values.global.image.tag }}
app.kubernetes.io/version: {{ $.Values.global.image.tag | quote }}
{{- end }}
annotations:
{{- include "all-ingress.frontend.commom.annotations" $scope | nindent 4 }}
{{- if .Values.global.ingress.tls_enabled }}
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/permanent-redirect-code: '301'
{{- end }}
nginx.ingress.kubernetes.io/configuration-snippet: |
{{- range $applicationName, $values := .Values.frontendApplication.manifest }}
{{- if $IsPrivateDeployment }}
{{- if eq $values.shortname "" }}
{{- /* 主域名的情况, 域名改造 */}}
rewrite ^(/green)$ $1/ redirect;
rewrite ^(/supervision)$ $1/ redirect;
rewrite ^(/inspection)$ $1/ redirect;
rewrite ^(/pangu)$ $1/ redirect;
{{- /* 主域名的情况, 域名改造 end end end */}}
{{- else if not (contains "appli" $values.shortname) }}
{{- /* 特殊短域名的情况 */}}
{{- /* short name not contains application, judge for situations */}}
{{- if contains "-portal" $values.shortname}}
rewrite ^(/cmsportal)$ $1/ redirect;
{{- else if contains "-rescue" $values.shortname }}
rewrite ^(/{{ trimSuffix "-rescue" $values.shortname }})$ $1/ redirect;
{{- else if contains "screen" $values.shortname }}
rewrite ^(/ {{ trimSuffix "-screen" $values.shortname }})$ $1/ redirect;
{{- else }}
{{- /* 没有特殊规则的域名 全部会出现在这里 */}}
rewrite ^(/{{ $values.shortname }})$ $1/ redirect;
{{- end }}
{{- else if (contains "appli" $values.shortname) }}
rewrite ^(/{{ trimSuffix "-application" $values.shortname }})$ $1/ redirect;
{{- else }}
{{- /* 备份一下 以防万一 */}}
rewrite ^(/{{ $values.shortname }})$ $1/ redirect;
{{- end }}
{{- else }}
{{- if eq $values.shortname "" }}
rewrite ^(/{{- $TenantEnvironment -}})$ $1/ redirect;
{{- else }}
rewrite ^(/{{- cat $TenantEnvironment $values.shortname | replace " " "/" -}})$ $1/ redirect;
{{- end }}
{{- end }}
{{- end }}
spec:
rules:
- host: {{ $DeployDomainName }}
http:
paths:
{{- /* 域名改造, add for demo */}}
- path: /inspection/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform
servicePort: 9528
- path: /supervision/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform
servicePort: 9528
- path: /green/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform
servicePort: 9528
- path: /pangu/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform
servicePort: 9528
{{- /* 域名改造, end end end */}}
{{- range $applicationName, $values := .Values.frontendApplication.manifest }}
{{- if $IsPrivateDeployment }}
{{- if eq $values.shortname ""}}
- path: /?(.*)
{{- else if (contains "appli" $values.shortname) }}
- path: /{{ trimSuffix "-application" $values.shortname }}/?(.*)
{{- else }}
- path: /{{ $values.shortname }}/?(.*)
{{- end }}
{{- else }}
{{- if eq $values.shortname ""}}
- path: /{{ $TenantEnvironment }}/?(.*)
{{- else if not (contains "appli" $values.shortname) }}
- path: /{{ $TenantEnvironment }}/{{ trimSuffix "-application" $values.shortname }}/?(.*)
{{- else }}
- path: /{{- cat $TenantEnvironment $values.shortname | replace " " "/" -}}/?(.*)
{{- end }}
{{- end }}
pathType: ImplementationSpecific
backend:
serviceName: {{ $applicationName }}
servicePort: 9528
{{- end }}
{{- if .Values.global.ingress.tls_enabled }}
tls:
- hosts:
- {{ $DeployDomainName }}
- secretName: {{ $DeployDomainName | quote }}
{{- end }}
{{- end }}

0
1-outside-deploy/2-helm-chart/charts/all-ingress-config/templates/tests/test-connection.yaml Normal file
View File

156
1-outside-deploy/2-helm-chart/charts/all-ingress-config/values.yaml Normal file
View File

@@ -0,0 +1,156 @@
# Default values for uavcloud-ingress-core.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
domain:
DeployDomainName: "lab.uavcmlc.com:31500" # will be overridden by upper values
TenantEnvironment: "outside" # please don't modify this, unless you know what you are doing
IsPrivateDeployment: true # please don't modify this, unless you know what you are doing
ingress:
tls_enabled: false
enabled: true
frontendApplication:
enabled: true
type: frontend
accessmode: public
manifest:
# AppFullName vs AppShortName for frontend applications
cmii-uav-platform:
shortname: ""
cmii-uav-platform-ai-brain:
shortname: "ai-brain"
ai-brain-dev: APP_i6mlNKODBo42OIVn
ai-brain-test: APP_0BF17ayVaSpY89O4
ai-brain-feature: APP_0BF17ayVaSpY89O4
ai-brain-devbase: APP_0BF17ayVaSpY89O4
ai-brain-uat: APP_kZeiSXxg9qZxj6ue
ai-brain-demo: APP_rafnuCAmBESIVYMH
ai-brain-outside: APP_rafnuCAmBESIVYMH # this is actually outside works, copy from demo
cmii-uav-platform-hyperspectral:
shortname: "hyper"
hyper-dev: APP_CN713PC4qwViGj1d
hyper-test: APP_xtN9XF2L1J4IRHaB
hyper-devbase: APP_xtN9XF2L1J4IRHaB
hyper-feature: APP_xtN9XF2L1J4IRHaB
hyper-uat: APP_OT4l1kYrzWT4tiif
hyper-demo: APP_xbMkKdsbsbv8SH4w
hyper-outside: APP_xbMkKdsbsbv8SH4w # this is actually outside works, copy from demo
cmii-uav-platform-mws:
shortname: "mws"
mws-dev: APP_4lVSVI0ZGxTssir8
mws-test: APP_MEeBJHp1fSVD1Wuw
mws-devbase: APP_MEeBJHp1fSVD1Wuw
mws-feature: APP_MEeBJHp1fSVD1Wuw
mws-uat: APP_U4GEiHutGQL5prSP
mws-demo: APP_uKniXPELlRERBBwK
mws-outside: APP_uKniXPELlRERBBwK # this is actually outside works, copy from demo
cmii-uav-platform-mws-admin:
shortname: "mws-admin"
cmii-uav-platform-oms:
shortname: "oms"
cmii-uav-platform-cms:
shortname: "cms"
cmii-uav-platform-cms-portal:
shortname: "cmsportal"
cmii-uav-platform-open:
shortname: "open"
cmii-uav-platform-splice:
shortname: "splice"
splice-dev: APP_bYdlPsBBIncZdaYR
splice-test: APP_l4HIMixfIXhlCTi9
splice-devbase: APP_l4HIMixfIXhlCTi9
splice-feature: APP_l4HIMixfIXhlCTi9
splice-uat: APP
splice-demo: APP_zE0M3sTRXrCIJS8Y
splice-outside: APP_zE0M3sTRXrCIJS8Y # this is actually outside works, copy from demo
cmii-uav-platform-splice-visual:
shortname: "splice-visual"
cmii-uav-platform-detection:
shortname: "detection"
detectiondemo: APP_FDHW2VLVDWPnnOCy
detection-outside: APP_FDHW2VLVDWPnnOCy # this is actually outside works, copy from demo
cmii-uav-platform-security:
shortname: "security"
security-demo: APP_JUSEMc7afyWXxvE7
security-outside: APP_JUSEMc7afyWXxvE7 # this is actually outside works, copy from demo
cmii-uav-platform-visualization:
shortname: "visualization"
visualization-demo: APP_Jc8i2wOQ1t73QEJS
visualization-outside: APP_Jc8i2wOQ1t73QEJS # this is actually outside works, copy from demo
cmii-uav-platform-logistics:
shortname: "logistics"
logistics-demo: APP_PvdfRRRBPL8xbIwl
logistics-outside: APP_PvdfRRRBPL8xbIwl
cmii-uav-platform-share:
shortname: "share"
share-demo: APP_4lVSVI0ZGxTssir8
share-outside: APP_4lVSVI0ZGxTssir8
cmii-uav-platform-base:
shortname: "base"
base-demo: APP_9LY41OaKSqk2btY0
base-outside: APP_9LY41OaKSqk2btY0 # this is actually outside works, copy from demo
cmii-uav-platform-traffic-screen:
shortname: "traffic"
traffic-demo: APP_PvdfRRRBPL8xbIwl
traffic-outside: APP_PvdfRRRBPL8xbIwl
cmii-uav-platform-emergency-rescue:
shortname: "emergency"
emergency-demo: APP_aGsTAY1uMZrpKdfk
emergency-outside: APP_aGsTAY1uMZrpKdfk
backendApplication:
enabled: true
type: backend
# this ingress is for swagger url, CI/CD url,they can only be accessed only by internal network
accessmode: internal
manifest:
# all backend applications
cmii-admin-data: false
cmii-admin-user: false
cmii-uav-airspace: false
cmii-uav-brain: false
cmii-uav-clusters: false
cmii-uav-data-post-process: false
cmii-uav-developer: false
cmii-uav-device: false
cmii-uav-kpi-monitor: false
cmii-uav-live: false
cmii-uav-logger: false
cmii-uav-mission: false
cmii-uav-monitor: false
cmii-uav-mqtthandler: false
cmii-uav-notice: false
cmii-uav-oauth: false
cmii-uav-process: false
cmii-uav-security-system: false
cmii-uav-surveillance: false
cmii-uav-user: false
cmii-uav-waypoint: false
cmii-uav-cms: false
cmii-uav-industrial-portfolio: false
cmii-project-minio: false
cmii-uav-material-warehouse: false
cmii-uav-gateway: false
cmii-open-gateway: false
cmii-admin-gateway: false
apiGatewayApplication:
enabled: true
type: "api-gateway"
# this ingress is for apis and gateways
accessmode: pulic
manifest:
# all applications need to expose api/gateway to public network
# cmii-project-minio: false # deprecated
cmii-uav-material-warehouse: true
cmii-uav-gateway: false
cmii-open-gateway: false
cmii-admin-gateway: false

24
1-outside-deploy/2-helm-chart/charts/all-middleware/.helmignore Normal file
View File

@@ -0,0 +1,24 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
ci/*

31
1-outside-deploy/2-helm-chart/charts/all-middleware/Chart.yaml Normal file
View File

@@ -0,0 +1,31 @@
apiVersion: v2
name: all-middleware
description: including all middlewares for the uavcloud platform,
such as mysql, redis, emqx, mongo, rabbitmq, nacos
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: 2.2.2
keywords:
- uavcloud
- middleware
- template
- function
- chinamobile

22
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/.helmignore Normal file
View File

@@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

23
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/Chart.yaml Normal file
View File

@@ -0,0 +1,23 @@
annotations:
category: Infrastructure
apiVersion: v2
appVersion: 1.7.0
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://github.com/bitnami/charts/tree/master/bitnami/common
icon: https://bitnami.com/downloads/logos/bitnami-mark.png
keywords:
- common
- helper
- template
- function
- bitnami
maintainers:
- email: containers@bitnami.com
name: Bitnami
name: common
sources:
- https://github.com/bitnami/charts
- http://www.bitnami.com/
type: library
version: 1.7.0

326
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/README.md Normal file
View File

@@ -0,0 +1,326 @@
# Bitnami Common Library Chart
A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts.
## TL;DR
```yaml
dependencies:
- name: common
version: 0.x.x
repository: https://charts.bitnami.com/bitnami
```
```bash
$ helm dependency update
```
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}
data:
myvalue: "Hello World"
```
## Introduction
This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications.
## Prerequisites
- Kubernetes 1.12+
- Helm 3.1.0
## Parameters
The following table lists the helpers available in the library which are scoped in different sections.
### Affinities
| Helper identifier | Description | Expected Input |
|-------------------------------|------------------------------------------------------|------------------------------------------------|
| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
| `common.affinities.node.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
| `common.affinities.pod.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
| `common.affinities.pod.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
### Capabilities
| Helper identifier | Description | Expected Input |
|----------------------------------------------|------------------------------------------------------------------------------------------------|-------------------|
| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context |
| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context |
| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context |
| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context |
| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context |
| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context |
| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for policy | `.` Chart context |
| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context |
### Errors
| Helper identifier | Description | Expected Input |
|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------|
| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` |
### Images
| Helper identifier | Description | Expected Input |
|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. |
| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` |
| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` |
### Ingress
| Helper identifier | Description | Expected Input |
|-------------------------------------------|----------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences |
| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context |
| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context |
### Labels
| Helper identifier | Description | Expected Input |
|-----------------------------|------------------------------------------------------|-------------------|
| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context |
| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context |
### Names
| Helper identifier | Description | Expected Inpput |
|-------------------------|------------------------------------------------------------|-------------------|
| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context |
| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context |
| `common.names.chart` | Chart name plus version | `.` Chart context |
### Secrets
| Helper identifier | Description | Expected Input |
|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. |
| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. |
| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. |
| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` |
### Storage
| Helper identifier | Description | Expected Input |
|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------|
| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. |
### TplValues
| Helper identifier | Description | Expected Input |
|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` |
### Utils
| Helper identifier | Description | Expected Input |
|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------|
| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` |
| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` |
| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` |
| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` |
### Validations
| Helper identifier | Description | Expected Input |
|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) |
| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) |
| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. |
| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. |
| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis<sup>TM</sup> are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. |
| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. |
| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB&reg; are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. |
### Warnings
| Helper identifier | Description | Expected Input |
|------------------------------|----------------------------------|------------------------------------------------------------|
| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. |
## Special input schemas
### ImageRoot
```yaml
registry:
type: string
description: Docker registry where the image is located
example: docker.io
repository:
type: string
description: Repository and image name
example: bitnami/nginx
tag:
type: string
description: image tag
example: 1.16.1-debian-10-r63
pullPolicy:
type: string
description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
pullSecrets:
type: array
items:
type: string
description: Optionally specify an array of imagePullSecrets (evaluated as templates).
debug:
type: boolean
description: Set to true if you would like to see extra information on logs
example: false
## An instance would be:
# registry: docker.io
# repository: bitnami/nginx
# tag: 1.16.1-debian-10-r63
# pullPolicy: IfNotPresent
# debug: false
```
### Persistence
```yaml
enabled:
type: boolean
description: Whether enable persistence.
example: true
storageClass:
type: string
description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning.
example: "-"
accessMode:
type: string
description: Access mode for the Persistent Volume Storage.
example: ReadWriteOnce
size:
type: string
description: Size the Persistent Volume Storage.
example: 8Gi
path:
type: string
description: Path to be persisted.
example: /bitnami
## An instance would be:
# enabled: true
# storageClass: "-"
# accessMode: ReadWriteOnce
# size: 8Gi
# path: /bitnami
```
### ExistingSecret
```yaml
name:
type: string
description: Name of the existing secret.
example: mySecret
keyMapping:
description: Mapping between the expected key name and the name of the key in the existing secret.
type: object
## An instance would be:
# name: mySecret
# keyMapping:
# password: myPasswordKey
```
#### Example of use
When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets.
```yaml
# templates/secret.yaml
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}
labels:
app: {{ include "common.names.fullname" . }}
type: Opaque
data:
password: {{ .Values.password | b64enc | quote }}
# templates/dpl.yaml
---
...
env:
- name: PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }}
key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }}
...
# values.yaml
---
name: mySecret
keyMapping:
password: myPasswordKey
```
### ValidateValue
#### NOTES.txt
```console
{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}}
{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}}
{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
```
If we force those values to be empty we will see some alerts
```console
$ helm install test mychart --set path.to.value00="",path.to.value01=""
'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value:
export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode)
'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value:
export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode)
```
## Upgrading
### To 1.0.0
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
**What changes were introduced in this major version?**
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information.
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
**Considerations when upgrading to this version**
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
**Useful links**
- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/
- https://helm.sh/docs/topics/v2_v3_migration/
- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/

102
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/templates/_affinities.tpl Normal file
View File

@@ -0,0 +1,102 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return a soft nodeAffinity definition
{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.nodes.soft" -}}
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: {{ .key }}
operator: In
values:
{{- range .values }}
- {{ . | quote }}
{{- end }}
weight: 1
{{- end -}}
{{/*
Return a hard nodeAffinity definition
{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.nodes.hard" -}}
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: {{ .key }}
operator: In
values:
{{- range .values }}
- {{ . | quote }}
{{- end }}
{{- end -}}
{{/*
Return a nodeAffinity definition
{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.nodes" -}}
{{- if eq .type "soft" }}
{{- include "common.affinities.nodes.soft" . -}}
{{- else if eq .type "hard" }}
{{- include "common.affinities.nodes.hard" . -}}
{{- end -}}
{{- end -}}
{{/*
Return a soft podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}}
*/}}
{{- define "common.affinities.pods.soft" -}}
{{- $component := default "" .component -}}
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }}
{{- if not (empty $component) }}
{{ printf "app.kubernetes.io/component: %s" $component }}
{{- end }}
{{- range $key, $value := $extraMatchLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
namespaces:
- {{ .context.Release.Namespace | quote }}
topologyKey: kubernetes.io/hostname
weight: 1
{{- end -}}
{{/*
Return a hard podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}}
*/}}
{{- define "common.affinities.pods.hard" -}}
{{- $component := default "" .component -}}
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }}
{{- if not (empty $component) }}
{{ printf "app.kubernetes.io/component: %s" $component }}
{{- end }}
{{- range $key, $value := $extraMatchLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
namespaces:
- {{ .context.Release.Namespace | quote }}
topologyKey: kubernetes.io/hostname
{{- end -}}
{{/*
Return a podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.pods" -}}
{{- if eq .type "soft" }}
{{- include "common.affinities.pods.soft" . -}}
{{- else if eq .type "hard" }}
{{- include "common.affinities.pods.hard" . -}}
{{- end -}}
{{- end -}}

106
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/templates/_capabilities.tpl Normal file
View File

@@ -0,0 +1,106 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the target Kubernetes version
*/}}
{{- define "common.capabilities.kubeVersion" -}}
{{- if .Values.global }}
{{- if .Values.global.kubeVersion }}
{{- .Values.global.kubeVersion -}}
{{- else }}
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
{{- end -}}
{{- else }}
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for policy.
*/}}
{{- define "common.capabilities.policy.apiVersion" -}}
{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "policy/v1beta1" -}}
{{- else -}}
{{- print "policy/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}
{{- define "common.capabilities.deployment.apiVersion" -}}
{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for statefulset.
*/}}
{{- define "common.capabilities.statefulset.apiVersion" -}}
{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apps/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for ingress.
*/}}
{{- define "common.capabilities.ingress.apiVersion" -}}
{{- if .Values.ingress -}}
{{- if .Values.ingress.apiVersion -}}
{{- .Values.ingress.apiVersion -}}
{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end }}
{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for RBAC resources.
*/}}
{{- define "common.capabilities.rbac.apiVersion" -}}
{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "rbac.authorization.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "rbac.authorization.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for CRDs.
*/}}
{{- define "common.capabilities.crd.apiVersion" -}}
{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiextensions.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "apiextensions.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Returns true if the used Helm version is 3.3+.
A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure.
This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error.
**To be removed when the catalog's minimun Helm version is 3.3**
*/}}
{{- define "common.capabilities.supportsHelmVersion" -}}
{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }}
{{- true -}}
{{- end -}}
{{- end -}}

23
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/templates/_errors.tpl Normal file
View File

@@ -0,0 +1,23 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Through error when upgrading using empty passwords values that must not be empty.
Usage:
{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}}
{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}}
{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }}
Required password params:
- validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error.
- context - Context - Required. Parent context.
*/}}
{{- define "common.errors.upgrade.passwords.empty" -}}
{{- $validationErrors := join "" .validationErrors -}}
{{- if and $validationErrors .context.Release.IsUpgrade -}}
{{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}}
{{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}}
{{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}}
{{- $errorString = print $errorString "\n%s" -}}
{{- printf $errorString $validationErrors | fail -}}
{{- end -}}
{{- end -}}

111
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/templates/_images.tpl Normal file
View File

@@ -0,0 +1,111 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper image name
{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }}
*/}}
{{- define "common.images.image" -}}
{{- $registryName := .imageRoot.registry -}}
{{- $repositoryName := .imageRoot.repository -}}
{{- $tag := .imageRoot.tag | toString -}}
{{- if .global }}
{{- if .global.imageRegistry }}
{{- $registryName = .global.imageRegistry -}}
{{- end -}}
{{- end -}}
{{- if $registryName }}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- else -}}
{{- printf "%s:%s" $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{- define "common.images.mysqlImage" -}}
{{/* mysql image */}}
{{- $registryName := .imageRoot.registry -}}
{{- $repositoryName := .imageRoot.repository -}}
{{- $tag := .imageRoot.tag | toString -}}
{{- if .global }}
{{- if .global.image.repository }}
{{- $registryName = .global.image.repository -}}
{{- end -}}
{{- end -}}
{{- if .global.image.repository }}
{{/* the only defrence is shown below */}}
{{- printf "%s/mysql:%s" $registryName $tag -}}
{{- else }}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{- define "common.images.mysqlPermissionsImage" -}}
{{/* mysql image */}}
{{- $registryName := .imageRoot.registry -}}
{{- $repositoryName := .imageRoot.repository -}}
{{- $tag := .imageRoot.tag | toString -}}
{{- if .global }}
{{- if .global.image.repository }}
{{- $registryName = .global.image.repository -}}
{{- end -}}
{{- end -}}
{{- if .global.image.repository }}
{{/* the only defrence is shown below */}}
{{- printf "%s/bitnami-shell:%s" $registryName $tag -}}
{{- else }}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead)
{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }}
*/}}
{{- define "common.images.pullSecrets" -}}
{{- $pullSecrets := list }}
{{- if .global }}
{{- range .global.imagePullSecrets -}}
{{- $pullSecrets = append $pullSecrets . -}}
{{- end -}}
{{- end -}}
{{- range .images -}}
{{- range .pullSecrets -}}
{{- $pullSecrets = append $pullSecrets . -}}
{{- end -}}
{{- end -}}
{{- if (not (empty $pullSecrets)) }}
imagePullSecrets:
{{- range $pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names evaluating values as templates
{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }}
*/}}
{{- define "common.images.renderPullSecrets" -}}
{{- $pullSecrets := list }}
{{- $context := .context }}
{{- if $context.Values.global }}
{{- range $context.Values.global.imagePullSecrets -}}
{{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
{{- end -}}
{{- end -}}
{{- range .images -}}
{{- range .pullSecrets -}}
{{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
{{- end -}}
{{- end -}}
{{- if (not (empty $pullSecrets)) }}
imagePullSecrets:
{{- range $pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- end -}}

55
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/templates/_ingress.tpl Normal file
View File

@@ -0,0 +1,55 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Generate backend entry that is compatible with all Kubernetes API versions.
Usage:
{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }}
Params:
- serviceName - String. Name of an existing service backend
- servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer.
- context - Dict - Required. The context for the template evaluation.
*/}}
{{- define "common.ingress.backend" -}}
{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}}
{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}}
serviceName: {{ .serviceName }}
servicePort: {{ .servicePort }}
{{- else -}}
service:
name: {{ .serviceName }}
port:
{{- if typeIs "string" .servicePort }}
name: {{ .servicePort }}
{{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }}
number: {{ .servicePort | int }}
{{- end }}
{{- end -}}
{{- end -}}
{{/*
Print "true" if the API pathType field is supported
Usage:
{{ include "common.ingress.supportsPathType" . }}
*/}}
{{- define "common.ingress.supportsPathType" -}}
{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}}
{{- print "false" -}}
{{- else -}}
{{- print "true" -}}
{{- end -}}
{{- end -}}
{{/*
Returns true if the ingressClassname field is supported
Usage:
{{ include "common.ingress.supportsIngressClassname" . }}
*/}}
{{- define "common.ingress.supportsIngressClassname" -}}
{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "false" -}}
{{- else -}}
{{- print "true" -}}
{{- end -}}
{{- end -}}

58
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/templates/_labels.tpl Normal file
View File

@@ -0,0 +1,58 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Kubernetes standard labels
*/}}
{{- define "common.labels.middleware.minio" -}}
{{ include "common.labels.standard.middleware" . }}
cmii.app: minio
{{- end -}}
{{- define "common.labels.matchLabels.minio" -}}
{{ include "common.labels.matchLabels.middleware" . }}
cmii.app: minio
{{- end -}}
{{- define "common.labels.middleware.mysql" -}}
{{ include "common.labels.standard.middleware" . }}
cmii.app: mysql
{{- end -}}
{{- define "common.labels.matchLabels.mysql" -}}
{{ include "common.labels.matchLabels.middleware" . }}
cmii.app: mysql
{{- end -}}
{{- define "common.labels.middleware.redis" -}}
{{ include "common.labels.standard.middleware" . }}
cmii.app: redis
{{- end -}}
{{- define "common.labels.matchLabels.redis" -}}
{{ include "common.labels.matchLabels.middleware" . }}
cmii.app: redis
{{- end -}}
{{- define "common.labels.standard.middleware" -}}
{{ include "common.labels.standard" . }}
cmii.type: middleware
{{- end -}}
{{- define "common.labels.matchLabels.middleware" -}}
{{ include "common.labels.matchLabels" . }}
cmii.type: middleware
{{- end -}}
{{- define "common.labels.standard" -}}
app.kubernetes.io/name: {{ include "common.names.name" . }}
helm.sh/chart: {{ include "common.names.chart" . }}
app.kubernetes.io/release: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Chart.Name }}
{{- end -}}
{{/*
Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
*/}}
{{- define "common.labels.matchLabels" -}}
app.kubernetes.io/name: {{ include "common.names.name" . }}
app.kubernetes.io/release: {{ .Release.Name }}
{{- end -}}

32
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/templates/_names.tpl Normal file
View File

@@ -0,0 +1,32 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "common.names.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "common.names.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "common.names.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}

129
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/templates/_secrets.tpl Normal file
View File

@@ -0,0 +1,129 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Generate secret name.
Usage:
{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }}
Params:
- existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
+info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret
- defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment.
- context - Dict - Required. The context for the template evaluation.
*/}}
{{- define "common.secrets.name" -}}
{{- $name := (include "common.names.fullname" .context) -}}
{{- if .defaultNameSuffix -}}
{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- with .existingSecret -}}
{{- if not (typeIs "string" .) -}}
{{- with .name -}}
{{- $name = . -}}
{{- end -}}
{{- else -}}
{{- $name = . -}}
{{- end -}}
{{- end -}}
{{- printf "%s" $name -}}
{{- end -}}
{{/*
Generate secret key.
Usage:
{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }}
Params:
- existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
+info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret
- key - String - Required. Name of the key in the secret.
*/}}
{{- define "common.secrets.key" -}}
{{- $key := .key -}}
{{- if .existingSecret -}}
{{- if not (typeIs "string" .existingSecret) -}}
{{- if .existingSecret.keyMapping -}}
{{- $key = index .existingSecret.keyMapping $.key -}}
{{- end -}}
{{- end }}
{{- end -}}
{{- printf "%s" $key -}}
{{- end -}}
{{/*
Generate secret password or retrieve one if already created.
Usage:
{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }}
Params:
- secret - String - Required - Name of the 'Secret' resource where the password is stored.
- key - String - Required - Name of the key in the secret.
- providedValues - List<String> - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value.
- length - int - Optional - Length of the generated random password.
- strong - Boolean - Optional - Whether to add symbols to the generated random password.
- chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
- context - Context - Required - Parent context.
*/}}
{{- define "common.secrets.passwords.manage" -}}
{{- $password := "" }}
{{- $subchart := "" }}
{{- $chartName := default "" .chartName }}
{{- $passwordLength := default 10 .length }}
{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }}
{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }}
{{- if $secret }}
{{- if index $secret.data .key }}
{{- $password = index $secret.data .key }}
{{- end -}}
{{- else if $providedPasswordValue }}
{{- $password = $providedPasswordValue | toString | b64enc | quote }}
{{- else }}
{{- if .context.Values.enabled }}
{{- $subchart = $chartName }}
{{- end -}}
{{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}}
{{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}}
{{- $passwordValidationErrors := list $requiredPasswordError -}}
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}}
{{- if .strong }}
{{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
{{- $password = randAscii $passwordLength }}
{{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
{{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
{{- else }}
{{- $password = randAlphaNum $passwordLength | b64enc | quote }}
{{- end }}
{{- end -}}
{{- printf "%s" $password -}}
{{- end -}}
{{/*
Returns whether a previous generated secret already exists
Usage:
{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }}
Params:
- secret - String - Required - Name of the 'Secret' resource where the password is stored.
- context - Context - Required - Parent context.
*/}}
{{- define "common.secrets.exists" -}}
{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }}
{{- if $secret }}
{{- true -}}
{{- end -}}
{{- end -}}

23
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/templates/_storage.tpl Normal file
View File

@@ -0,0 +1,23 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper Storage Class
{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }}
*/}}
{{- define "common.storage.class" -}}
{{- $storageClass := .persistence.storageClass -}}
{{- if .global -}}
{{- if .global.storageClass -}}
{{- $storageClass = .global.storageClass -}}
{{- end -}}
{{- end -}}
{{- if $storageClass -}}
{{- if (eq "-" $storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" $storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}

13
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/templates/_tplvalues.tpl Normal file
View File

@@ -0,0 +1,13 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Renders a value that contains template.
Usage:
{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }}
*/}}
{{- define "common.tplvalues.render" -}}
{{- if typeIs "string" .value }}
{{- tpl .value .context }}
{{- else }}
{{- tpl (.value | toYaml) .context }}
{{- end }}
{{- end -}}

62
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/templates/_utils.tpl Normal file
View File

@@ -0,0 +1,62 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Print instructions to get a secret value.
Usage:
{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }}
*/}}
{{- define "common.utils.secret.getvalue" -}}
{{- $varname := include "common.utils.fieldToEnvVar" . -}}
export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode)
{{- end -}}
{{/*
Build env var name given a field
Usage:
{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }}
*/}}
{{- define "common.utils.fieldToEnvVar" -}}
{{- $fieldNameSplit := splitList "-" .field -}}
{{- $upperCaseFieldNameSplit := list -}}
{{- range $fieldNameSplit -}}
{{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}}
{{- end -}}
{{ join "_" $upperCaseFieldNameSplit }}
{{- end -}}
{{/*
Gets a value from .Values given
Usage:
{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }}
*/}}
{{- define "common.utils.getValueFromKey" -}}
{{- $splitKey := splitList "." .key -}}
{{- $value := "" -}}
{{- $latestObj := $.context.Values -}}
{{- range $splitKey -}}
{{- if not $latestObj -}}
{{- printf "please review the entire path of '%s' exists in values" $.key | fail -}}
{{- end -}}
{{- $value = ( index $latestObj . ) -}}
{{- $latestObj = $value -}}
{{- end -}}
{{- printf "%v" (default "" $value) -}}
{{- end -}}
{{/*
Returns first .Values key with a defined value or first of the list if all non-defined
Usage:
{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }}
*/}}
{{- define "common.utils.getKeyFromList" -}}
{{- $key := first .keys -}}
{{- $reverseKeys := reverse .keys }}
{{- range $reverseKeys }}
{{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }}
{{- if $value -}}
{{- $key = . }}
{{- end -}}
{{- end -}}
{{- printf "%s" $key -}}
{{- end -}}

14
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/templates/_warnings.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Warning about using rolling tag.
Usage:
{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }}
*/}}
{{- define "common.warnings.rollingTag" -}}
{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }}
WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
{{- end }}
{{- end -}}

72
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/templates/validations/_cassandra.tpl Normal file
View File

@@ -0,0 +1,72 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate Cassandra required passwords are not empty.
Usage:
{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret"
- subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.cassandra.passwords" -}}
{{- $existingSecret := include "common.cassandra.values.existingSecret" . -}}
{{- $enabled := include "common.cassandra.values.enabled" . -}}
{{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}}
{{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}}
{{- if and (not $existingSecret) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.cassandra.values.existingSecret" (dict "context" $) }}
Params:
- subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
*/}}
{{- define "common.cassandra.values.existingSecret" -}}
{{- if .subchart -}}
{{- .context.Values.cassandra.dbUser.existingSecret | quote -}}
{{- else -}}
{{- .context.Values.dbUser.existingSecret | quote -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled cassandra.
Usage:
{{ include "common.cassandra.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.cassandra.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.cassandra.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key dbUser
Usage:
{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
*/}}
{{- define "common.cassandra.values.key.dbUser" -}}
{{- if .subchart -}}
cassandra.dbUser
{{- else -}}
dbUser
{{- end -}}
{{- end -}}

103
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/templates/validations/_mariadb.tpl Normal file
View File

@@ -0,0 +1,103 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate MariaDB required passwords are not empty.
Usage:
{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret"
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.mariadb.passwords" -}}
{{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}}
{{- $enabled := include "common.mariadb.values.enabled" . -}}
{{- $architecture := include "common.mariadb.values.architecture" . -}}
{{- $authPrefix := include "common.mariadb.values.key.auth" . -}}
{{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
{{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
{{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
{{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}}
{{- if and (not $existingSecret) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
{{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
{{- if not (empty $valueUsername) -}}
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
{{- end -}}
{{- if (eq $architecture "replication") -}}
{{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.mariadb.values.auth.existingSecret" -}}
{{- if .subchart -}}
{{- .context.Values.mariadb.auth.existingSecret | quote -}}
{{- else -}}
{{- .context.Values.auth.existingSecret | quote -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled mariadb.
Usage:
{{ include "common.mariadb.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.mariadb.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.mariadb.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for architecture
Usage:
{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.mariadb.values.architecture" -}}
{{- if .subchart -}}
{{- .context.Values.mariadb.architecture -}}
{{- else -}}
{{- .context.Values.architecture -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key auth
Usage:
{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.mariadb.values.key.auth" -}}
{{- if .subchart -}}
mariadb.auth
{{- else -}}
auth
{{- end -}}
{{- end -}}

108
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/templates/validations/_mongodb.tpl Normal file
View File

@@ -0,0 +1,108 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate MongoDB(R) required passwords are not empty.
Usage:
{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where MongoDB(R) values are stored, e.g: "mongodb-passwords-secret"
- subchart - Boolean - Optional. Whether MongoDB(R) is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.mongodb.passwords" -}}
{{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}}
{{- $enabled := include "common.mongodb.values.enabled" . -}}
{{- $authPrefix := include "common.mongodb.values.key.auth" . -}}
{{- $architecture := include "common.mongodb.values.architecture" . -}}
{{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
{{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
{{- $valueKeyDatabase := printf "%s.database" $authPrefix -}}
{{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
{{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}}
{{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}}
{{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}}
{{- if and (not $existingSecret) (eq $enabled "true") (eq $authEnabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
{{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
{{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }}
{{- if and $valueUsername $valueDatabase -}}
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
{{- end -}}
{{- if (eq $architecture "replicaset") -}}
{{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false
*/}}
{{- define "common.mongodb.values.auth.existingSecret" -}}
{{- if .subchart -}}
{{- .context.Values.mongodb.auth.existingSecret | quote -}}
{{- else -}}
{{- .context.Values.auth.existingSecret | quote -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled mongodb.
Usage:
{{ include "common.mongodb.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.mongodb.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.mongodb.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key auth
Usage:
{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MongoDB(R) is used as subchart or not. Default: false
*/}}
{{- define "common.mongodb.values.key.auth" -}}
{{- if .subchart -}}
mongodb.auth
{{- else -}}
auth
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for architecture
Usage:
{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.mongodb.values.architecture" -}}
{{- if .subchart -}}
{{- .context.Values.mongodb.architecture -}}
{{- else -}}
{{- .context.Values.architecture -}}
{{- end -}}
{{- end -}}

131
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/templates/validations/_postgresql.tpl Normal file
View File

@@ -0,0 +1,131 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate PostgreSQL required passwords are not empty.
Usage:
{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret"
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.postgresql.passwords" -}}
{{- $existingSecret := include "common.postgresql.values.existingSecret" . -}}
{{- $enabled := include "common.postgresql.values.enabled" . -}}
{{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}}
{{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}}
{{- if and (not $existingSecret) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}}
{{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}}
{{- if (eq $enabledReplication "true") -}}
{{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to decide whether evaluate global values.
Usage:
{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }}
Params:
- key - String - Required. Field to be evaluated within global, e.g: "existingSecret"
*/}}
{{- define "common.postgresql.values.use.global" -}}
{{- if .context.Values.global -}}
{{- if .context.Values.global.postgresql -}}
{{- index .context.Values.global.postgresql .key | quote -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.postgresql.values.existingSecret" (dict "context" $) }}
*/}}
{{- define "common.postgresql.values.existingSecret" -}}
{{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}}
{{- if .subchart -}}
{{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}}
{{- else -}}
{{- default (.context.Values.existingSecret | quote) $globalValue -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled postgresql.
Usage:
{{ include "common.postgresql.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.postgresql.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.postgresql.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key postgressPassword.
Usage:
{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.postgresql.values.key.postgressPassword" -}}
{{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}}
{{- if not $globalValue -}}
{{- if .subchart -}}
postgresql.postgresqlPassword
{{- else -}}
postgresqlPassword
{{- end -}}
{{- else -}}
global.postgresql.postgresqlPassword
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled.replication.
Usage:
{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.postgresql.values.enabled.replication" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.postgresql.replication.enabled -}}
{{- else -}}
{{- printf "%v" .context.Values.replication.enabled -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key replication.password.
Usage:
{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.postgresql.values.key.replicationPassword" -}}
{{- if .subchart -}}
postgresql.replication.password
{{- else -}}
replication.password
{{- end -}}
{{- end -}}

76
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/templates/validations/_redis.tpl Normal file
View File

@@ -0,0 +1,76 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate Redis(TM) required passwords are not empty.
Usage:
{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret"
- subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.redis.passwords" -}}
{{- $enabled := include "common.redis.values.enabled" . -}}
{{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}}
{{- $standarizedVersion := include "common.redis.values.standarized.version" . }}
{{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }}
{{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }}
{{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }}
{{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }}
{{- if and (not $existingSecretValue) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}}
{{- if eq $useAuth "true" -}}
{{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled redis.
Usage:
{{ include "common.redis.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.redis.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.redis.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right prefix path for the values
Usage:
{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false
*/}}
{{- define "common.redis.values.keys.prefix" -}}
{{- if .subchart -}}redis.{{- else -}}{{- end -}}
{{- end -}}
{{/*
Checks whether the redis chart's includes the standarizations (version >= 14)
Usage:
{{ include "common.redis.values.standarized.version" (dict "context" $) }}
*/}}
{{- define "common.redis.values.standarized.version" -}}
{{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}}
{{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }}
{{- if $standarizedAuthValues -}}
{{- true -}}
{{- end -}}
{{- end -}}

46
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/templates/validations/_validations.tpl Normal file
View File

@@ -0,0 +1,46 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate values must not be empty.
Usage:
{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}}
{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}}
{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
Validate value params:
- valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
- secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
- field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
*/}}
{{- define "common.validations.values.multiple.empty" -}}
{{- range .required -}}
{{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}}
{{- end -}}
{{- end -}}
{{/*
Validate a value must not be empty.
Usage:
{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }}
Validate value params:
- valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
- secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
- field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
- subchart - String - Optional - Name of the subchart that the validated password is part of.
*/}}
{{- define "common.validations.values.single.empty" -}}
{{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }}
{{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }}
{{- if not $value -}}
{{- $varname := "my-value" -}}
{{- $getCurrentValue := "" -}}
{{- if and .secret .field -}}
{{- $varname = include "common.utils.fieldToEnvVar" . -}}
{{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}}
{{- end -}}
{{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}}
{{- end -}}
{{- end -}}

3
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/values.yaml Normal file
View File

@@ -0,0 +1,3 @@
## bitnami/common
## It is required by CI/CD tools and processes.
exampleValue: common-chart

26
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/emqx/.helmignore Normal file
View File

@@ -0,0 +1,26 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
Jenkinsfile
chart_template.yaml
emqx.conf

24
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/emqx/Chart.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: v2
name: emqx
description: emqx middleware, can by deployed in clusterMode or standaloneMode
dependend on PVCs in helm-emqxs
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: 2.2.0

2288
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/emqx/emqx.conf Normal file
View File

File diff suppressed because it is too large Load Diff

33
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/emqx/templates/_labels.tpl Normal file
View File

@@ -0,0 +1,33 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Kubernetes standard labels
*/}}
{{- define "uavcloud-middleware.emqx.labels.standard" -}}
cmii.type: {{ .Values.global.application.type }}
{{- if .Values.enabled.clusterMode}}
cmii.app: {{ .Values.appName.clusterMode }}
cmii.emqx.architecture: cluster
{{- else }}
cmii.app: {{ .Values.appName.standaloneMode }}
cmii.emqx.architecture: standalone
{{- end }}
helm.sh/chart: {{ include "uavcloud-middleware.chart" . }}
app.kubernetes.io/managed-by: {{ $.Release.Service }}
{{- if .Values.global.image.tag }}
app.kubernetes.io/version: {{ .Values.global.image.tag | quote }}
{{- end }}
{{- end -}}
{{/*
Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
*/}}
{{- define "uavcloud-middleware.emqx.labels.matchLabels" -}}
cmii.type: {{ .Values.global.application.type }}
{{- if .Values.enabled.clusterMode}}
cmii.app: {{ .Values.appName.clusterMode }}
cmii.emqx.architecture: cluster
{{- else }}
cmii.app: {{ .Values.appName.standaloneMode }}
cmii.emqx.architecture: standalone
{{- end }}
{{- end -}}

24
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/emqx/templates/cluster/_config.tpl Normal file
View File

@@ -0,0 +1,24 @@
{{- define "uavcloud-middleware.emqx.cluster.config.acl" -}}
{allow, {user, "admin"}, pubsub, ["admin/#"]}.
{allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}.
{allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}.
{deny, all, subscribe, ["$SYS/#", {eq, "#"}]}.
{allow, all}.
{{- end -}}
{{- define "uavcloud-middleware.emqx.cluster.config.emqx_auth_username" -}}
auth.user.1.username = {{ .Values.auth.username }}
auth.user.1.password = {{ .Values.auth.password }}
auth.user.password_hash = sha256
{{- end -}}
{{- define "uavcloud-middleware.emqx.cluster.config.loaded_plugins" -}}
{emqx_auth_username,true}.
{emqx_management, true}.
{emqx_recon, true}.
{emqx_retainer, false}.
{emqx_dashboard, true}.
{emqx_telemetry, true}.
{emqx_rule_engine, true}.
{emqx_bridge_mqtt, false}.
{{- end -}}

41
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/emqx/templates/cluster/configmap-cluster.yaml Normal file
View File

@@ -0,0 +1,41 @@
{{- if .Values.enabled.clusterMode }}
{{- $namespace := .Release.Namespace -}}
{{- $applicationName := .Values.appName.clusterMode -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $applicationName }}-env
namespace: {{ $namespace }}
labels:
{{- include "uavcloud-middleware.emqx.labels.standard" . | nindent 4 }}
data:
EMQX_CLUSTER__K8S__ADDRESS_TYPE: hostname
EMQX_CLUSTER__K8S__APISERVER: https://kubernetes.default.svc:443
EMQX_CLUSTER__K8S__SUFFIX: svc.cluster.local
EMQX_NAME: {{ $applicationName }}
EMQX_CLUSTER__K8S__APP_NAME: {{ $applicationName }}
EMQX_CLUSTER__DISCOVERY: k8s
EMQX_CLUSTER__K8S__SERVICE_NAME: {{ $applicationName }}-headless
EMQX_CLUSTER__K8S__NAMESPACE: {{ $namespace }}
EMQX_ALLOW_ANONYMOUS: "false"
EMQX_ACL_NOMATCH: "deny"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $applicationName }}-cm
namespace: {{ $namespace }}
labels:
{{- include "uavcloud-middleware.emqx.labels.standard" . | nindent 4 }}
data:
emqx_auth_username.conf: |-
{{- include "uavcloud-middleware.emqx.cluster.config.emqx_auth_username" . | nindent 4 }}
acl.conf: |-
{{- include "uavcloud-middleware.emqx.cluster.config.acl" . | nindent 4 }}
loaded_plugins: |-
{{- include "uavcloud-middleware.emqx.cluster.config.loaded_plugins" . | nindent 4 }}
---
{{- end }}

30
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/emqx/templates/cluster/ingress-cluster.yaml Normal file
View File

@@ -0,0 +1,30 @@
{{- if and .Values.enabled.clusterMode .Values.ingress.enabled }}
{{- $namespace := .Release.Namespace -}}
{{- $applicationName := .Values.appName.clusterMode -}}
{{- $DeployDomainName := ternary (first (regexSplit ":" .Values.global.domain.DeployDomainName -1)) ( .Values.global.domain.DeployDomainName ) (contains ":" .Values.global.domain.DeployDomainName) -}}
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ $applicationName }}
namespace: {{ $namespace }}
labels:
{{- include "uavcloud-middleware.emqx.labels.standard" . | nindent 4 }}
spec:
rules:
- host: "emqx.{{ $DeployDomainName }}"
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: {{ $applicationName }}
servicePort: {{ .Values.containerPort.dashboard }}
{{- if .Values.global.ingress.tls_enabled }}
tls:
- hosts:
- "emqx.{{ $DeployDomainName }}"
secretName: "x.{{ $DeployDomainName }}-tls"
{{- end }}
---
{{- end }}

22
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/emqx/templates/cluster/pvc-cluster.yaml Normal file
View File

@@ -0,0 +1,22 @@
{{- if and .Values.enabled.clusterMode .Values.enabled.standaloneMode }}
{{/* 不要用这个使用统一生成的PVC */}}
{{- $namespace := .Release.Namespace -}}
{{- $applicationName := .Values.appName.clusterMode -}}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ $applicationName }}
namespace: {{ $namespace }}
labels:
{{- include "uavcloud-middleware.emqx.labels.standard" . | nindent 4 }}
spec:
storageClassName: {{ .Values.global.storageClass.name }}
accessModes:
- {{ .Values.storageClass.accessMode }}
volumeMode: {{ .Values.storageClass.volumeMode }}
resources:
requests:
storage: {{ .Values.storageClass.resources.requests.storage }}
---
{{- end }}

40
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/emqx/templates/cluster/rbac-cluster.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if .Values.enabled.clusterMode }}
{{- $namespace := .Release.Namespace -}}
{{- $applicationName := .Values.appName.clusterMode -}}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ $applicationName }}
namespace: {{ $namespace }}
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ $applicationName }}
namespace: {{ $namespace }}
rules:
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- watch
- list
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ $applicationName }}
namespace: {{ $namespace }}
subjects:
- kind: ServiceAccount
name: {{ $applicationName }}
namespace: {{ $namespace }}
roleRef:
kind: Role
name: {{ $applicationName }}
apiGroup: rbac.authorization.k8s.io
---
{{- end }}

94
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/emqx/templates/cluster/statefulset-cluster.yaml Normal file
View File

@@ -0,0 +1,94 @@
{{- if .Values.enabled.clusterMode }}
{{- $namespace := .Release.Namespace -}}
{{- $applicationName := .Values.appName.clusterMode -}}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ $applicationName }}
namespace: {{ $namespace }}
labels:
{{- include "uavcloud-middleware.emqx.labels.standard" . | nindent 4 }}
spec:
replicas: {{ .Values.replicas.clusterMode }}
serviceName: {{ $applicationName }}-headless
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
{{- include "uavcloud-middleware.emqx.labels.matchLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "uavcloud-middleware.emqx.labels.standard" . | nindent 8 }}
spec:
{{- if .Values.global.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.global.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
{{- /* podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.global.podAffinityPreset "context" $) | nindent 10 -}}*/}}
{{- /* podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.global.podAntiAffinityPreset "context" $) | nindent 10 }}*/}}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.global.nodeAffinityPreset.type "key" .Values.global.nodeAffinityPreset.key "values" .Values.global.nodeAffinityPreset.values) | nindent 10 -}}
{{- end }}
serviceAccountName: {{ $applicationName }}
containers:
- name: {{ $applicationName }}
image: "{{ .Values.global.image.repository | default .Values.image.repository }}/emqx:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
ports:
- name: mqtt
containerPort: {{ .Values.containerPort.mqtt }}
- name: mqttssl
containerPort: {{ .Values.containerPort.mqttssl }}
- name: mgmt
containerPort: {{ .Values.containerPort.mgmt }}
- name: ws
containerPort: {{ .Values.containerPort.websocket }}
- name: wss
containerPort: {{ .Values.containerPort.wss }}
- name: dashboard
containerPort: {{ .Values.containerPort.dashboard }}
- name: ekka
containerPort: 4370
envFrom:
- configMapRef:
name: {{ $applicationName }}-env
resources:
{{- toYaml .Values.resources | nindent 12 }}
readinessProbe:
httpGet:
path: /status
port: {{ .Values.containerPort.mgmt | default 8081 }}
initialDelaySeconds: 5
periodSeconds: 5
volumeMounts:
- name: emqx-data
mountPath: "/opt/emqx/data/mnesia"
readOnly: false
- name: {{ $applicationName }}-cm
mountPath: "/opt/emqx/etc/plugins/emqx_auth_username.conf"
subPath: emqx_auth_username.conf
readOnly: false
- name: {{ $applicationName }}-cm
mountPath: "/opt/emqx/etc/acl.conf"
subPath: "acl.conf"
readOnly: false
- name: {{ $applicationName }}-cm
mountPath: "/opt/emqx/data/loaded_plugins"
subPath: loaded_plugins
readOnly: false
volumes:
- name: emqx-data
persistentVolumeClaim:
claimName: helm-emqxs
- name: {{ $applicationName }}-cm
configMap:
name: {{ $applicationName }}-cm
items:
- key: emqx_auth_username.conf
path: emqx_auth_username.conf
- key: acl.conf
path: acl.conf
- key: loaded_plugins
path: loaded_plugins
{{- end }}

36
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/emqx/templates/cluster/svc-cluster.yaml Normal file
View File

@@ -0,0 +1,36 @@
{{- if .Values.enabled.clusterMode }}
{{- $namespace := .Release.Namespace -}}
{{- $applicationName := .Values.appName.clusterMode -}}
---
apiVersion: v1
kind: Service
metadata:
name: {{ $applicationName }}
namespace: {{ $namespace }}
labels:
{{- include "uavcloud-middleware.emqx.labels.standard" . | nindent 4 }}
spec:
type: NodePort
selector:
{{- include "uavcloud-middleware.emqx.labels.matchLabels" . | nindent 4 }}
ports:
- port: {{ .Values.containerPort.mqtt }}
name: mqtt
targetPort: {{ .Values.containerPort.mqtt }}
{{- if .Values.nodePort.enabled }}
nodePort: {{ .Values.nodePort.mqtt }}
{{- end }}
- port: {{ .Values.containerPort.dashboard }}
name: dashboard
targetPort: {{ .Values.containerPort.dashboard }}
{{- if .Values.nodePort.enabled }}
nodePort: {{ .Values.nodePort.dashboard }}
{{- end }}
- port: {{ .Values.containerPort.websocket }}
name: mqtt-websocket
targetPort: {{ .Values.containerPort.websocket }}
{{- if .Values.nodePort.enabled }}
nodePort: {{ .Values.nodePort.mqttWebSocket }}
{{- end }}
---
{{- end }}

47
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/emqx/templates/cluster/svc-headless.yaml Normal file
View File

@@ -0,0 +1,47 @@
{{- if and .Values.enabled.clusterMode}}
{{- $namespace := .Release.Namespace -}}
{{- $applicationName := .Values.appName.clusterMode -}}
---
apiVersion: v1
kind: Service
metadata:
name: {{ $applicationName }}-headless
namespace: {{ $namespace }}
labels:
{{- include "uavcloud-middleware.emqx.labels.standard" . | nindent 4 }}
spec:
type: ClusterIP
clusterIP: None
selector:
{{- include "uavcloud-middleware.emqx.labels.matchLabels" . | nindent 4 }}
ports:
- name: mqtt
port: {{ .Values.containerPort.mqtt }}
protocol: TCP
targetPort: {{ .Values.containerPort.mqtt }}
- name: mqttssl
port: {{ .Values.containerPort.mqttssl }}
protocol: TCP
targetPort: {{ .Values.containerPort.mqttssl }}
- name: mgmt
port: {{ .Values.containerPort.mgmt }}
protocol: TCP
targetPort: {{ .Values.containerPort.mgmt }}
- name: websocket
port: {{ .Values.containerPort.websocket }}
protocol: TCP
targetPort: {{ .Values.containerPort.websocket }}
- name: wss
port: {{ .Values.containerPort.wss }}
protocol: TCP
targetPort: {{ .Values.containerPort.wss }}
- name: dashboard
port: {{ .Values.containerPort.dashboard }}
protocol: TCP
targetPort: {{ .Values.containerPort.dashboard }}
- name: ekka
port: 4370
protocol: TCP
targetPort: 4370
---
{{- end }}

2470
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/emqx/templates/standalone/configmap.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

30
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/emqx/templates/standalone/ingress.yaml Normal file
View File

@@ -0,0 +1,30 @@
{{- if and .Values.enabled.standaloneMode .Values.ingress.enabled }}
{{- $namespace := .Release.Namespace -}}
{{- $applicationName := .Values.appName.standaloneMode -}}
{{- $DeployDomainName := ternary (first (regexSplit ":" .Values.global.domain.DeployDomainName -1)) ( .Values.global.domain.DeployDomainName ) (contains ":" .Values.global.domain.DeployDomainName) -}}
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ $applicationName }}
namespace: {{ $namespace }}
labels:
{{- include "uavcloud-middleware.emqx.labels.standard" . | nindent 4 }}
spec:
rules:
- host: "emqx.{{ $DeployDomainName }}"
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: {{ $applicationName }}
servicePort: {{ .Values.containerPort.dashboard }}
{{- if .Values.global.ingress.tls_enabled }}
tls:
- hosts:
- "emqx.{{ $DeployDomainName }}"
secretName: "x.{{ $DeployDomainName }}-tls"
{{- end }}
---
{{- end }}

82
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/emqx/templates/standalone/statefulset.yaml Normal file
View File

@@ -0,0 +1,82 @@
{{- if and .Values.enabled.standaloneMode (not .Values.enabled.clusterMode) }}
{{- $namespace := .Release.Namespace -}}
{{- $applicationName := .Values.appName.standaloneMode -}}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ $applicationName }}
namespace: {{ $namespace }}
labels:
{{- include "uavcloud-middleware.emqx.labels.standard" . | nindent 4 }}
spec:
serviceName: {{ $applicationName }}
replicas: {{ .Values.replicas.standaloneMode }}
selector:
matchLabels:
{{- include "uavcloud-middleware.emqx.labels.matchLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "uavcloud-middleware.emqx.labels.standard" . | nindent 8 }}
annotations:
pod.alpha.kubernetes.io/initialized: "true"
spec:
{{- if .Values.global.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.global.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
{{- /* podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.global.podAffinityPreset "context" $) | nindent 10 -}}*/}}
{{- /* podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.global.podAntiAffinityPreset "context" $) | nindent 10 }}*/}}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.global.nodeAffinityPreset.type "key" .Values.global.nodeAffinityPreset.key "values" .Values.global.nodeAffinityPreset.values) | nindent 10 -}}
{{- end }}
containers:
- name: {{ $applicationName }}
image: "{{ .Values.global.image.repository | default .Values.image.repository }}/emqx:{{ .Values.image.tag }}"
securityContext:
privileged: true
resources:
{{- toYaml .Values.resources | nindent 12 }}
ports:
- containerPort: {{ .Values.containerPort.mqtt }}
name: mqtt
protocol: TCP
- containerPort: {{ .Values.containerPort.dashboard }}
name: dashboard
protocol: TCP
- containerPort: {{ .Values.containerPort.websocket }}
name: mqtt-websocket
protocol: TCP
volumeMounts:
- name: {{ $applicationName }}-plugins
mountPath: /opt/emqx/data/loaded_plugins
subPath: loaded_plugins
- name: {{ $applicationName }}-auth
mountPath: /opt/emqx/etc/plugins/emqx_auth_username.conf
subPath: emqx_auth_username.conf
- name: emqx-data
mountPath: /opt/emqx/data/emqx_erl_pipes
readOnly: false
subPath: {{ $namespace }}/{{ $applicationName }}/data
- name: emqx-data
mountPath: /opt/emqx/log
readOnly: false
subPath: {{ $namespace }}/{{ $applicationName }}/log
volumes:
- name: emqx-data
persistentVolumeClaim:
claimName: helm-emqxs
- name: {{ $applicationName }}-plugins
configMap:
name: {{ $applicationName }}-plugins
items:
- key: loaded_plugins
path: loaded_plugins
- name: {{ $applicationName }}-auth
configMap:
name: {{ $applicationName }}-auth
items:
- key: emqx_auth_username.conf
path: emqx_auth_username.conf
---
{{- end }}

36
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/emqx/templates/standalone/svc.yaml Normal file
View File

@@ -0,0 +1,36 @@
{{- if and .Values.enabled.standaloneMode (not .Values.enabled.clusterMode) }}
{{- $namespace := .Release.Namespace -}}
{{- $applicationName := .Values.appName.standaloneMode -}}
---
apiVersion: v1
kind: Service
metadata:
name: {{ $applicationName }}
namespace: {{ $namespace }}
labels:
{{- include "uavcloud-middleware.emqx.labels.standard" . | nindent 4 }}
spec:
type: {{ .Values.global.middlewareService.type }}
selector:
{{- include "uavcloud-middleware.emqx.labels.matchLabels" . | nindent 4 }}
ports:
- port: {{ .Values.containerPort.mqtt }}
name: mqtt
targetPort: {{ .Values.containerPort.mqtt }}
{{- if eq .Values.global.middlewareService.type "NodePort" }}
nodePort: {{ .Values.nodePort.mqtt }}
{{- end }}
- port: {{ .Values.containerPort.dashboard }}
name: dashboard
targetPort: {{ .Values.containerPort.dashboard }}
{{- if eq .Values.global.middlewareService.type "NodePort" }}
nodePort: {{ .Values.nodePort.dashboard }}
{{- end }}
- port: {{ .Values.containerPort.websocket }}
name: mqtt-websocket
targetPort: {{ .Values.containerPort.websocket }}
{{- if eq .Values.global.middlewareService.type "NodePort" }}
nodePort: {{ .Values.nodePort.mqttWebSocket }}
{{- end }}
---
{{- end }}

54
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/emqx/values.yaml Normal file
View File

@@ -0,0 +1,54 @@
enabled:
clusterMode: true
standaloneMode: false
auth:
username: cmii
password: odD8#Ve7.B
storageClass:
accessMode: "ReadWriteOnce"
volumeMode: Filesystem
resources:
requests:
storage: 16Gi
nodePort:
enabled: true
mqtt: 31883
dashboard: 48083
mqttWebSocket: 38083
ingress:
enabled: false
image:
repository: docker.io/emqx # commonly no use
tag: 4.2.12
replicas:
clusterMode: 3
standaloneMode: 1
appName:
clusterMode: helm-emqxs
standaloneMode: helm-emqx
# please don't modify this values below !!!
containerPort:
mqtt: 1883
mgmt: 8081
websocket: 8083
wss: 8084
mqttssl: 8883
dashboard: 18083
resources:
limits:
memory: 2Gi
cpu: "1"
requests:
memory: 1Gi
cpu: 300m

25
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/mongo/.helmignore Normal file
View File

@@ -0,0 +1,25 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
Jenkinsfile
chart_template.yaml

24
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/mongo/Chart.yaml Normal file
View File

@@ -0,0 +1,24 @@
# Just template
apiVersion: v2
name: mongo
description: uavcloud middleware for mongo
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: 2.2.2

21
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/mongo/templates/_labels.tpl Normal file
View File

@@ -0,0 +1,21 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Kubernetes standard labels
*/}}
{{- define "uavcloud-middleware.mongo.labels.standard" -}}
cmii.app: {{ .Values.appName }}
cmii.type: {{ .Values.global.application.type }}
helm.sh/chart: {{ include "uavcloud-middleware.chart" . }}
app.kubernetes.io/managed-by: {{ $.Release.Service }}
{{- if $.Values.global.image.tag }}
app.kubernetes.io/version: {{ $.Values.global.image.tag | quote }}
{{- end }}
{{- end -}}
{{/*
Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
*/}}
{{- define "uavcloud-middleware.mongo.labels.matchLabels" -}}
cmii.app: {{ .Values.appName }}
cmii.type: {{ .Values.global.application.type }}
{{- end -}}

57
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/mongo/templates/statefulset.yaml Normal file
View File

@@ -0,0 +1,57 @@
{{- if .Values.enabled }}
{{- $namespace := .Release.Namespace -}}
{{- $applicationName := .Values.appName -}}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ $applicationName }}
namespace: {{ $namespace }}
labels:
{{- include "uavcloud-middleware.mongo.labels.standard" . | nindent 4 }}
spec:
serviceName: {{ $applicationName }}
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "uavcloud-middleware.mongo.labels.matchLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "uavcloud-middleware.mongo.labels.standard" . | nindent 8 }}
annotations:
pod.alpha.kubernetes.io/initialized: "true"
spec:
{{- if .Values.global.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.global.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
{{- /* podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.global.podAffinityPreset "context" $) | nindent 10 -}}*/}}
{{- /* podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.global.podAntiAffinityPreset "context" $) | nindent 10 }}*/}}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.global.nodeAffinityPreset.type "key" .Values.global.nodeAffinityPreset.key "values" .Values.global.nodeAffinityPreset.values) | nindent 10 -}}
{{- end }}
containers:
- name: {{ $applicationName }}
image: "{{ .Values.global.image.repository | default .Values.image.repository }}/mongo:{{ .Values.image.tag }}"
resources:
{{- toYaml .Values.resources | nindent 12 }}
ports:
- containerPort: {{ .Values.containerPort.mongo }}
name: mongo27017
protocol: TCP
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: {{ .Values.auth.username }}
- name: MONGO_INITDB_ROOT_PASSWORD
value: {{ .Values.auth.password }}
volumeMounts:
- name: mongo-data
mountPath: /data/db
readOnly: false
subPath: {{ $namespace }}/{{ $applicationName }}/data/db
volumes:
- name: mongo-data
persistentVolumeClaim:
claimName: helm-mongo
---
{{- end }}

24
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/mongo/templates/svc.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- if .Values.enabled }}
{{- $namespace := .Release.Namespace -}}
{{- $applicationName := .Values.appName -}}
---
apiVersion: v1
kind: Service
metadata:
name: {{ $applicationName }}
namespace: {{ $namespace }}
labels:
{{- include "uavcloud-middleware.mongo.labels.standard" . | nindent 4 }}
spec:
type: {{ .Values.global.middlewareService.type }}
selector:
{{- include "uavcloud-middleware.mongo.labels.matchLabels" . | nindent 4 }}
ports:
- port: 27017
name: server-27017
targetPort: 27017
{{- if eq .Values.global.middlewareService.type "NodePort" }}
nodePort: {{ .Values.nodePort.mongo }}
{{- end }}
---
{{- end }}

35
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/mongo/values.yaml Normal file
View File

@@ -0,0 +1,35 @@
image:
repository: docker.io
tag: "5.0"
replicaCount: 1
enabled: true
appName: helm-mongo
auth:
username: cmlc
password: REdPza8#oVlt
nodePort:
mongo: 37017
containerPort:
mongo: 27017
resources:
limits:
memory: 4Gi
cpu: "2"
requests:
memory: 2Gi
cpu: "1"
storageClass:
accessMode: "ReadWriteMany"
volumeMode: Filesystem
resources:
requests:
storage: 16Gi

23
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/nacos/Chart.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: v2
name: nacos
description: uavcloud middleware for nacos
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.1.1
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: 2.2.2

253
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/nacos/sql/init.sql Normal file
View File

@@ -0,0 +1,253 @@
/*
* Copyright 1999-2018 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/******************************************/
/* 数据库全名 = cmii_nacos_config */
/* 表名称 = config_info */
/******************************************/
# CREATE SCHEMA cmii_nacos_config;
CREATE TABLE `config_info`
(
`id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'id',
`data_id` varchar(255) NOT NULL COMMENT 'data_id',
`group_id` varchar(255) DEFAULT NULL,
`content` longtext NOT NULL COMMENT 'content',
`md5` varchar(32) DEFAULT NULL COMMENT 'md5',
`gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
`gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间',
`src_user` text COMMENT 'source user',
`src_ip` varchar(50) DEFAULT NULL COMMENT 'source ip',
`app_name` varchar(128) DEFAULT NULL,
`tenant_id` varchar(128) DEFAULT '' COMMENT '租户字段',
`c_desc` varchar(256) DEFAULT NULL,
`c_use` varchar(64) DEFAULT NULL,
`effect` varchar(64) DEFAULT NULL,
`type` varchar(64) DEFAULT NULL,
`c_schema` text,
PRIMARY KEY (`id`),
UNIQUE KEY `uk_configinfo_datagrouptenant` (`data_id`, `group_id`, `tenant_id`)
) ENGINE = InnoDB
DEFAULT CHARSET = utf8
COLLATE = utf8_bin COMMENT ='config_info';
/******************************************/
/* 数据库全名 = nacos_config */
/* 表名称 = config_info_aggr */
/******************************************/
CREATE TABLE `config_info_aggr`
(
`id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'id',
`data_id` varchar(255) NOT NULL COMMENT 'data_id',
`group_id` varchar(255) NOT NULL COMMENT 'group_id',
`datum_id` varchar(255) NOT NULL COMMENT 'datum_id',
`content` longtext NOT NULL COMMENT '内容',
`gmt_modified` datetime NOT NULL COMMENT '修改时间',
`app_name` varchar(128) DEFAULT NULL,
`tenant_id` varchar(128) DEFAULT '' COMMENT '租户字段',
PRIMARY KEY (`id`),
UNIQUE KEY `uk_configinfoaggr_datagrouptenantdatum` (`data_id`, `group_id`, `tenant_id`, `datum_id`)
) ENGINE = InnoDB
DEFAULT CHARSET = utf8
COLLATE = utf8_bin COMMENT ='增加租户字段';
/******************************************/
/* 数据库全名 = nacos_config */
/* 表名称 = config_info_beta */
/******************************************/
CREATE TABLE `config_info_beta`
(
`id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'id',
`data_id` varchar(255) NOT NULL COMMENT 'data_id',
`group_id` varchar(128) NOT NULL COMMENT 'group_id',
`app_name` varchar(128) DEFAULT NULL COMMENT 'app_name',
`content` longtext NOT NULL COMMENT 'content',
`beta_ips` varchar(1024) DEFAULT NULL COMMENT 'betaIps',
`md5` varchar(32) DEFAULT NULL COMMENT 'md5',
`gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
`gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间',
`src_user` text COMMENT 'source user',
`src_ip` varchar(50) DEFAULT NULL COMMENT 'source ip',
`tenant_id` varchar(128) DEFAULT '' COMMENT '租户字段',
PRIMARY KEY (`id`),
UNIQUE KEY `uk_configinfobeta_datagrouptenant` (`data_id`, `group_id`, `tenant_id`)
) ENGINE = InnoDB
DEFAULT CHARSET = utf8
COLLATE = utf8_bin COMMENT ='config_info_beta';
/******************************************/
/* 数据库全名 = nacos_config */
/* 表名称 = config_info_tag */
/******************************************/
CREATE TABLE `config_info_tag`
(
`id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'id',
`data_id` varchar(255) NOT NULL COMMENT 'data_id',
`group_id` varchar(128) NOT NULL COMMENT 'group_id',
`tenant_id` varchar(128) DEFAULT '' COMMENT 'tenant_id',
`tag_id` varchar(128) NOT NULL COMMENT 'tag_id',
`app_name` varchar(128) DEFAULT NULL COMMENT 'app_name',
`content` longtext NOT NULL COMMENT 'content',
`md5` varchar(32) DEFAULT NULL COMMENT 'md5',
`gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
`gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间',
`src_user` text COMMENT 'source user',
`src_ip` varchar(50) DEFAULT NULL COMMENT 'source ip',
PRIMARY KEY (`id`),
UNIQUE KEY `uk_configinfotag_datagrouptenanttag` (`data_id`, `group_id`, `tenant_id`, `tag_id`)
) ENGINE = InnoDB
DEFAULT CHARSET = utf8
COLLATE = utf8_bin COMMENT ='config_info_tag';
/******************************************/
/* 数据库全名 = nacos_config */
/* 表名称 = config_tags_relation */
/******************************************/
CREATE TABLE `config_tags_relation`
(
`id` bigint(20) NOT NULL COMMENT 'id',
`tag_name` varchar(128) NOT NULL COMMENT 'tag_name',
`tag_type` varchar(64) DEFAULT NULL COMMENT 'tag_type',
`data_id` varchar(255) NOT NULL COMMENT 'data_id',
`group_id` varchar(128) NOT NULL COMMENT 'group_id',
`tenant_id` varchar(128) DEFAULT '' COMMENT 'tenant_id',
`nid` bigint(20) NOT NULL AUTO_INCREMENT,
PRIMARY KEY (`nid`),
UNIQUE KEY `uk_configtagrelation_configidtag` (`id`, `tag_name`, `tag_type`),
KEY `idx_tenant_id` (`tenant_id`)
) ENGINE = InnoDB
DEFAULT CHARSET = utf8
COLLATE = utf8_bin COMMENT ='config_tag_relation';
/******************************************/
/* 数据库全名 = nacos_config */
/* 表名称 = group_capacity */
/******************************************/
CREATE TABLE `group_capacity`
(
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '主键ID',
`group_id` varchar(128) NOT NULL DEFAULT '' COMMENT 'Group ID空字符表示整个集群',
`quota` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '配额0表示使用默认值',
`usage` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '使用量',
`max_size` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '单个配置大小上限单位为字节0表示使用默认值',
`max_aggr_count` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '聚合子配置最大个数0表示使用默认值',
`max_aggr_size` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '单个聚合数据的子配置大小上限单位为字节0表示使用默认值',
`max_history_count` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '最大变更历史数量',
`gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
`gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间',
PRIMARY KEY (`id`),
UNIQUE KEY `uk_group_id` (`group_id`)
) ENGINE = InnoDB
DEFAULT CHARSET = utf8
COLLATE = utf8_bin COMMENT ='集群、各Group容量信息表';
/******************************************/
/* 数据库全名 = nacos_config */
/* 表名称 = his_config_info */
/******************************************/
CREATE TABLE `his_config_info`
(
`id` bigint(64) unsigned NOT NULL,
`nid` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`data_id` varchar(255) NOT NULL,
`group_id` varchar(128) NOT NULL,
`app_name` varchar(128) DEFAULT NULL COMMENT 'app_name',
`content` longtext NOT NULL,
`md5` varchar(32) DEFAULT NULL,
`gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
`gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
`src_user` text,
`src_ip` varchar(50) DEFAULT NULL,
`op_type` char(10) DEFAULT NULL,
`tenant_id` varchar(128) DEFAULT '' COMMENT '租户字段',
PRIMARY KEY (`nid`),
KEY `idx_gmt_create` (`gmt_create`),
KEY `idx_gmt_modified` (`gmt_modified`),
KEY `idx_did` (`data_id`)
) ENGINE = InnoDB
DEFAULT CHARSET = utf8
COLLATE = utf8_bin COMMENT ='多租户改造';
/******************************************/
/* 数据库全名 = nacos_config */
/* 表名称 = tenant_capacity */
/******************************************/
CREATE TABLE `tenant_capacity`
(
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '主键ID',
`tenant_id` varchar(128) NOT NULL DEFAULT '' COMMENT 'Tenant ID',
`quota` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '配额0表示使用默认值',
`usage` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '使用量',
`max_size` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '单个配置大小上限单位为字节0表示使用默认值',
`max_aggr_count` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '聚合子配置最大个数',
`max_aggr_size` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '单个聚合数据的子配置大小上限单位为字节0表示使用默认值',
`max_history_count` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '最大变更历史数量',
`gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
`gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间',
PRIMARY KEY (`id`),
UNIQUE KEY `uk_tenant_id` (`tenant_id`)
) ENGINE = InnoDB
DEFAULT CHARSET = utf8
COLLATE = utf8_bin COMMENT ='租户容量信息表';
CREATE TABLE `tenant_info`
(
`id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'id',
`kp` varchar(128) NOT NULL COMMENT 'kp',
`tenant_id` varchar(128) default '' COMMENT 'tenant_id',
`tenant_name` varchar(128) default '' COMMENT 'tenant_name',
`tenant_desc` varchar(256) DEFAULT NULL COMMENT 'tenant_desc',
`create_source` varchar(32) DEFAULT NULL COMMENT 'create_source',
`gmt_create` bigint(20) NOT NULL COMMENT '创建时间',
`gmt_modified` bigint(20) NOT NULL COMMENT '修改时间',
PRIMARY KEY (`id`),
UNIQUE KEY `uk_tenant_info_kptenantid` (`kp`, `tenant_id`),
KEY `idx_tenant_id` (`tenant_id`)
) ENGINE = InnoDB
DEFAULT CHARSET = utf8
COLLATE = utf8_bin COMMENT ='tenant_info';
CREATE TABLE `users`
(
`username` varchar(50) NOT NULL PRIMARY KEY,
`password` varchar(500) NOT NULL,
`enabled` boolean NOT NULL
);
CREATE TABLE `roles`
(
`username` varchar(50) NOT NULL,
`role` varchar(50) NOT NULL,
UNIQUE INDEX `idx_user_role` (`username` ASC, `role` ASC) USING BTREE
);
CREATE TABLE `permissions`
(
`role` varchar(50) NOT NULL,
`resource` varchar(255) NOT NULL,
`action` varchar(8) NOT NULL,
UNIQUE INDEX `uk_role_permission` (`role`, `resource`, `action`) USING BTREE
);
INSERT INTO users (username, password, enabled)
VALUES ('nacos', '$2a$10$EuWPZHzz32dJN7jexM34MOeYirDdFAZm2kuWj7VEOJhhZkDrxfvUu', TRUE);
INSERT INTO roles (username, role)
VALUES ('nacos', 'ROLE_ADMIN');

21
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/nacos/templates/_labels.tpl Normal file
View File

@@ -0,0 +1,21 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Kubernetes standard labels
*/}}
{{- define "uavcloud-middleware.nacos.labels.standard" -}}
cmii.app: {{ .Values.appName }}
cmii.type: {{ .Values.global.application.type }}
helm.sh/chart: {{ include "uavcloud-middleware.chart" . }}
app.kubernetes.io/managed-by: {{ $.Release.Service }}
{{- if $.Values.global.image.tag }}
app.kubernetes.io/version: {{ $.Values.global.image.tag | quote }}
{{- end }}
{{- end -}}
{{/*
Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
*/}}
{{- define "uavcloud-middleware.nacos.labels.matchLabels" -}}
cmii.app: {{ .Values.appName }}
cmii.type: {{ .Values.global.application.type }}
{{- end -}}

19
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/nacos/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if .Values.enabled }}
{{- $namespace := .Release.Namespace -}}
{{- $applicationName := .Values.appName -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $applicationName }}-cm
namespace: {{ $namespace }}
labels:
{{- include "uavcloud-middleware.nacos.labels.standard" . | nindent 4 }}
data:
mysql.db.name: "{{ .Values.database.db_name }}"
mysql.db.host: "{{ .Values.database.host }}"
mysql.port: "{{ .Values.database.port }}"
mysql.user: "{{ .Values.database.username }}"
mysql.password: "{{ .Values.database.password }}"
---
{{- end }}

30
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/nacos/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,30 @@
{{- if and .Values.enabled .Values.ingress.enabled }}
{{- $namespace := .Release.Namespace -}}
{{- $applicationName := .Values.appName -}}
{{- $DeployDomainName := ternary (first (regexSplit ":" .Values.global.domain.DeployDomainName -1)) ( .Values.global.domain.DeployDomainName ) (contains ":" .Values.global.domain.DeployDomainName) -}}
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ $applicationName }}
namespace: {{ $namespace }}
labels:
{{- include "uavcloud-middleware.nacos.labels.standard" . | nindent 4 }}
spec:
rules:
- host: "nacos.{{ $DeployDomainName }}"
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: {{ $applicationName }}
servicePort: {{ .Values.containerPort.dashboard }}
{{- if .Values.global.ingress.tls_enabled }}
tls:
- hosts:
- "nacos.{{ $DeployDomainName }}"
secretName: "x.{{ $DeployDomainName }}-tls"
{{- end }}
---
{{- end }}

82
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/nacos/templates/statefulset.yaml Normal file
View File

@@ -0,0 +1,82 @@
{{- if .Values.enabled }}
{{- $namespace := .Release.Namespace -}}
{{- $applicationName := .Values.appName -}}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ $applicationName }}
namespace: {{ $namespace }}
labels:
{{- include "uavcloud-middleware.nacos.labels.standard" . | nindent 4 }}
spec:
serviceName: {{ $applicationName }}
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "uavcloud-middleware.nacos.labels.matchLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "uavcloud-middleware.nacos.labels.standard" . | nindent 8 }}
annotations:
pod.alpha.kubernetes.io/initialized: "true"
spec:
{{- if .Values.global.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.global.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
{{- /* podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.global.podAffinityPreset "context" $) | nindent 10 -}}*/}}
{{- /* podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.global.podAntiAffinityPreset "context" $) | nindent 10 }}*/}}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.global.nodeAffinityPreset.type "key" .Values.global.nodeAffinityPreset.key "values" .Values.global.nodeAffinityPreset.values) | nindent 10 -}}
{{- end }}
containers:
- name: nacos-server
image: "{{ .Values.global.image.repository | default .Values.image.repository }}/nacos-server:{{ .Values.image.tag }}"
ports:
- containerPort: {{ .Values.containerPort.dashboard }}
name: dashboard
env:
- name: NACOS_AUTH_ENABLE
value: "true"
- name: NACOS_REPLICAS
value: "1"
- name: MYSQL_SERVICE_DB_NAME
valueFrom:
configMapKeyRef:
name: {{ $applicationName }}-cm
key: mysql.db.name
- name: MYSQL_SERVICE_PORT
valueFrom:
configMapKeyRef:
name: {{ $applicationName }}-cm
key: mysql.port
- name: MYSQL_SERVICE_USER
valueFrom:
configMapKeyRef:
name: {{ $applicationName }}-cm
key: mysql.user
- name: MYSQL_SERVICE_PASSWORD
valueFrom:
configMapKeyRef:
name: {{ $applicationName }}-cm
key: mysql.password
- name: MYSQL_SERVICE_HOST
valueFrom:
configMapKeyRef:
name: {{ $applicationName }}-cm
key: mysql.db.host
- name: NACOS_SERVER_PORT
value: "{{ .Values.containerPort.dashboard }}"
- name: NACOS_APPLICATION_PORT
value: "{{ .Values.containerPort.dashboard }}"
- name: PREFER_HOST_MODE
value: "hostname"
- name: MODE
value: standalone
- name: SPRING_DATASOURCE_PLATFORM
value: mysql
resources:
{{- toYaml .Values.resources | nindent 12 }}
---
{{- end }}

24
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/nacos/templates/svc.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- if .Values.enabled }}
{{- $namespace := .Release.Namespace -}}
{{- $applicationName := .Values.appName -}}
---
apiVersion: v1
kind: Service
metadata:
name: {{ $applicationName }}
namespace: {{ $namespace }}
labels:
{{- include "uavcloud-middleware.nacos.labels.standard" . | nindent 4 }}
spec:
type: {{ .Values.global.middlewareService.type }}
selector:
{{- include "uavcloud-middleware.nacos.labels.matchLabels" . | nindent 4 }}
ports:
- port: {{ .Values.containerPort.dashboard }}
name: server
targetPort: {{ .Values.containerPort.dashboard }}
{{- if eq .Values.global.middlewareService.type "NodePort" }}
nodePort: {{ .Values.nodePort.dashboard }}
{{- end }}
---
{{- end }}

34
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/nacos/values.yaml Normal file
View File

@@ -0,0 +1,34 @@
image:
repository: docker.io/nacos
tag: 2.0.1
replicaCount: 1
ingress:
enabled: false
enabled: true
appName: helm-nacos
nodePort:
dashboard: 38848
database:
host: helm-mysql
port: 6033
username: k8s_admin
password: EWde2cKP9w.G
db_name: nacos_config
containerPort:
dashboard: 8848
resources:
limits:
memory: 2Gi
cpu: "1"
requests:
memory: 1Gi
cpu: 500m

21
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/.helmignore Normal file
View File

@@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

6
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
version: 1.10.3
digest: sha256:710e8247ae70ea63a2fb2fde4320511ff28c7b5c7a738861427f104a7718bdf4
generated: "2021-12-02T17:29:16.053850737Z"

26
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/Chart.yaml Normal file
View File

@@ -0,0 +1,26 @@
annotations:
category: Infrastructure
apiVersion: v2
appVersion: 3.9.12
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
tags:
- bitnami-common
version: 1.x.x
description: Open source message broker software that implements the Advanced Message
Queuing Protocol (AMQP)
home: https://github.com/bitnami/charts/tree/master/bitnami/rabbitmq
icon: https://bitnami.com/assets/stacks/rabbitmq/img/rabbitmq-stack-220x234.png
keywords:
- rabbitmq
- message queue
- AMQP
maintainers:
- email: containers@bitnami.com
name: Bitnami
name: rabbitmq
sources:
- https://github.com/bitnami/bitnami-docker-rabbitmq
- https://www.rabbitmq.com
version: 8.26.1

592
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/README.md Normal file
View File

@@ -0,0 +1,592 @@
# RabbitMQ
[RabbitMQ](https://www.rabbitmq.com/) is an open source multi-protocol message broker.
## TL;DR
```bash
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm install my-release bitnami/rabbitmq
```
## Introduction
This chart bootstraps a [RabbitMQ](https://github.com/bitnami/bitnami-docker-rabbitmq) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/).
## Prerequisites
- Kubernetes 1.12+
- Helm 3.1.0
- PV provisioner support in the underlying infrastructure
## Installing the Chart
To install the chart with the release name `my-release`:
```bash
$ helm install my-release bitnami/rabbitmq
```
The command deploys RabbitMQ on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```bash
$ helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Parameters
### Global parameters
| Name | Description | Value |
| ------------------------- | ----------------------------------------------- | ----- |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
### RabbitMQ Image parameters
| Name | Description | Value |
| ------------------- | -------------------------------------------------------------- | --------------------- |
| `image.registry` | RabbitMQ image registry | `docker.io` |
| `image.repository` | RabbitMQ image repository | `bitnami/rabbitmq` |
| `image.tag` | RabbitMQ image tag (immutable tags are recommended) | `3.9.12-debian-10-r0` |
| `image.pullPolicy` | RabbitMQ image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Set to true if you would like to see extra information on logs | `false` |
### Common parameters
| Name | Description | Value |
| ---------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- |
| `nameOverride` | String to partially override rabbitmq.fullname template (will maintain the release name) | `""` |
| `fullnameOverride` | String to fully override rabbitmq.fullname template | `""` |
| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` |
| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` |
| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` |
| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` |
| `hostAliases` | Deployment pod host aliases | `[]` |
| `commonAnnotations` | Annotations to add to all deployed objects | `{}` |
| `auth.username` | RabbitMQ application username | `user` |
| `auth.password` | RabbitMQ application password | `""` |
| `auth.existingPasswordSecret` | Existing secret with RabbitMQ credentials (must contain a value for `rabbitmq-password` key) | `""` |
| `auth.erlangCookie` | Erlang cookie to determine whether different nodes are allowed to communicate with each other | `""` |
| `auth.existingErlangSecret` | Existing secret with RabbitMQ Erlang cookie (must contain a value for `rabbitmq-erlang-cookie` key) | `""` |
| `auth.tls.enabled` | Enable TLS support on RabbitMQ | `false` |
| `auth.tls.autoGenerated` | Generate automatically self-signed TLS certificates | `false` |
| `auth.tls.failIfNoPeerCert` | When set to true, TLS connection will be rejected if client fails to provide a certificate | `true` |
| `auth.tls.sslOptionsVerify` | Should [peer verification](https://www.rabbitmq.com/ssl.html#peer-verification) be enabled? | `verify_peer` |
| `auth.tls.caCertificate` | Certificate Authority (CA) bundle content | `""` |
| `auth.tls.serverCertificate` | Server certificate content | `""` |
| `auth.tls.serverKey` | Server private key content | `""` |
| `auth.tls.existingSecret` | Existing secret with certificate content to RabbitMQ credentials | `""` |
| `auth.tls.existingSecretFullChain` | Whether or not the existing secret contains the full chain in the certificate (`tls.crt`). Will be used in place of `ca.cert` if `true`. | `false` |
| `logs` | Path of the RabbitMQ server's Erlang log file. Value for the `RABBITMQ_LOGS` environment variable | `-` |
| `ulimitNofiles` | RabbitMQ Max File Descriptors | `65536` |
| `maxAvailableSchedulers` | RabbitMQ maximum available scheduler threads | `""` |
| `onlineSchedulers` | RabbitMQ online scheduler threads | `""` |
| `memoryHighWatermark.enabled` | Enable configuring Memory high watermark on RabbitMQ | `false` |
| `memoryHighWatermark.type` | Memory high watermark type. Either `absolute` or `relative` | `relative` |
| `memoryHighWatermark.value` | Memory high watermark value | `0.4` |
| `plugins` | List of default plugins to enable (should only be altered to remove defaults; for additional plugins use `extraPlugins`) | `rabbitmq_management rabbitmq_peer_discovery_k8s` |
| `communityPlugins` | List of Community plugins (URLs) to be downloaded during container initialization | `""` |
| `extraPlugins` | Extra plugins to enable (single string containing a space-separated list) | `rabbitmq_auth_backend_ldap` |
| `clustering.enabled` | Enable RabbitMQ clustering | `true` |
| `clustering.addressType` | Switch clustering mode. Either `ip` or `hostname` | `hostname` |
| `clustering.rebalance` | Rebalance master for queues in cluster when new replica is created | `false` |
| `clustering.forceBoot` | Force boot of an unexpectedly shut down cluster (in an unexpected order). | `false` |
| `clustering.partitionHandling` | Switch Partition Handling Strategy. Either `autoheal` or `pause-minority` or `pause-if-all-down` or `ignore` | `autoheal` |
| `loadDefinition.enabled` | Enable loading a RabbitMQ definitions file to configure RabbitMQ | `false` |
| `loadDefinition.existingSecret` | Existing secret with the load definitions file | `""` |
| `command` | Override default container command (useful when using custom images) | `[]` |
| `args` | Override default container args (useful when using custom images) | `[]` |
| `terminationGracePeriodSeconds` | Default duration in seconds k8s waits for container to exit before sending kill signal. | `120` |
| `extraEnvVars` | Extra environment variables to add to RabbitMQ pods | `[]` |
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables | `""` |
| `extraEnvVarsSecret` | Name of existing Secret containing extra environment variables (in case of sensitive data) | `""` |
| `extraContainerPorts` | Extra ports to be included in container spec, primarily informational | `[]` |
| `configuration` | RabbitMQ Configuration file content: required cluster configuration | `""` |
| `extraConfiguration` | Configuration file content: extra configuration to be appended to RabbitMQ configuration | `""` |
| `advancedConfiguration` | Configuration file content: advanced configuration | `""` |
| `ldap.enabled` | Enable LDAP support | `false` |
| `ldap.servers` | List of LDAP servers hostnames | `[]` |
| `ldap.port` | LDAP servers port | `389` |
| `ldap.user_dn_pattern` | Pattern used to translate the provided username into a value to be used for the LDAP bind | `cn=${username},dc=example,dc=org` |
| `ldap.tls.enabled` | If you enable TLS/SSL you can set advanced options using the `advancedConfiguration` parameter | `false` |
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts | `[]` |
| `extraVolumes` | Optionally specify extra list of additional volumes . | `[]` |
| `extraSecrets` | Optionally specify extra secrets to be created by the chart. | `{}` |
| `extraSecretsPrependReleaseName` | Set this flag to true if extraSecrets should be created with <release-name> prepended. | `false` |
### Statefulset parameters
| Name | Description | Value |
| ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------ | --------------- |
| `replicaCount` | Number of RabbitMQ replicas to deploy | `1` |
| `schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `podManagementPolicy` | Pod management policy | `OrderedReady` |
| `podLabels` | RabbitMQ Pod labels. Evaluated as a template | `{}` |
| `podAnnotations` | RabbitMQ Pod annotations. Evaluated as a template | `{}` |
| `updateStrategyType` | Update strategy type for RabbitMQ statefulset | `RollingUpdate` |
| `statefulsetLabels` | RabbitMQ statefulset labels. Evaluated as a template | `{}` |
| `priorityClassName` | Name of the priority class to be used by RabbitMQ pods, priority class needs to be created beforehand | `""` |
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` |
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
| `affinity` | Affinity for pod assignment. Evaluated as a template | `{}` |
| `nodeSelector` | Node labels for pod assignment. Evaluated as a template | `{}` |
| `tolerations` | Tolerations for pod assignment. Evaluated as a template | `[]` |
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `podSecurityContext.enabled` | Enable RabbitMQ pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | Group ID for the filesystem used by the containers | `1001` |
| `podSecurityContext.runAsUser` | User ID for the service user running the pod | `1001` |
| `containerSecurityContext` | RabbitMQ containers' Security Context | `{}` |
| `resources.limits` | The resources limits for RabbitMQ containers | `{}` |
| `resources.requests` | The requested resources for RabbitMQ containers | `{}` |
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` |
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `20` |
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` |
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` |
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `20` |
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `customLivenessProbe` | Override default liveness probe | `{}` |
| `customReadinessProbe` | Override default readiness probe | `{}` |
| `customStartupProbe` | Define a custom startup probe | `{}` |
| `initContainers` | Add init containers to the RabbitMQ pod | `[]` |
| `sidecars` | Add sidecar containers to the RabbitMQ pod | `[]` |
| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` |
| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` |
| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` |
### RBAC parameters
| Name | Description | Value |
| --------------------------------------------- | --------------------------------------------------- | ------ |
| `serviceAccount.create` | Enable creation of ServiceAccount for RabbitMQ pods | `true` |
| `serviceAccount.name` | Name of the created serviceAccount | `""` |
| `serviceAccount.automountServiceAccountToken` | Auto-mount the service account token in the pod | `true` |
| `rbac.create` | Whether RBAC rules should be created | `true` |
### Persistence parameters
| Name | Description | Value |
| --------------------------- | ------------------------------------------------ | --------------- |
| `persistence.enabled` | Enable RabbitMQ data persistence using PVC | `true` |
| `persistence.storageClass` | PVC Storage Class for RabbitMQ data volume | `""` |
| `persistence.selector` | Selector to match an existing Persistent Volume | `{}` |
| `persistence.accessMode` | PVC Access Mode for RabbitMQ data volume | `ReadWriteOnce` |
| `persistence.existingClaim` | Provide an existing PersistentVolumeClaims | `""` |
| `persistence.size` | PVC Storage Request for RabbitMQ data volume | `8Gi` |
| `persistence.volumes` | Additional volumes without creating PVC | `[]` |
| `persistence.annotations` | Persistence annotations. Evaluated as a template | `{}` |
### Exposure parameters
| Name | Description | Value |
| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
| `service.type` | Kubernetes Service type | `ClusterIP` |
| `service.portEnabled` | Amqp port. Cannot be disabled when `auth.tls.enabled` is `false`. Listener can be disabled with `listeners.tcp = none`. | `true` |
| `service.port` | Amqp port | `5672` |
| `service.portName` | Amqp service port name | `amqp` |
| `service.tlsPort` | Amqp TLS port | `5671` |
| `service.tlsPortName` | Amqp TLS service port name | `amqp-ssl` |
| `service.nodePort` | Node port override for `amqp` port, if serviceType is `NodePort` or `LoadBalancer` | `""` |
| `service.tlsNodePort` | Node port override for `amqp-ssl` port, if serviceType is `NodePort` or `LoadBalancer` | `""` |
| `service.distPort` | Erlang distribution server port | `25672` |
| `service.distPortName` | Erlang distribution service port name | `dist` |
| `service.distNodePort` | Node port override for `dist` port, if serviceType is `NodePort` | `""` |
| `service.managerPortEnabled` | RabbitMQ Manager port | `true` |
| `service.managerPort` | RabbitMQ Manager port | `15672` |
| `service.managerPortName` | RabbitMQ Manager service port name | `http-stats` |
| `service.managerNodePort` | Node port override for `http-stats` port, if serviceType `NodePort` | `""` |
| `service.metricsPort` | RabbitMQ Prometheues metrics port | `9419` |
| `service.metricsPortName` | RabbitMQ Prometheues metrics service port name | `metrics` |
| `service.metricsNodePort` | Node port override for `metrics` port, if serviceType is `NodePort` | `""` |
| `service.epmdNodePort` | Node port override for `epmd` port, if serviceType is `NodePort` | `""` |
| `service.epmdPortName` | EPMD Discovery service port name | `epmd` |
| `service.extraPorts` | Extra ports to expose in the service | `[]` |
| `service.loadBalancerSourceRanges` | Address(es) that are allowed when service is `LoadBalancer` | `[]` |
| `service.externalIPs` | Set the ExternalIPs | `[]` |
| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `service.loadBalancerIP` | Set the LoadBalancerIP | `""` |
| `service.labels` | Service labels. Evaluated as a template | `{}` |
| `service.annotations` | Service annotations. Evaluated as a template | `{}` |
| `service.annotationsHeadless` | Headless Service annotations. Evaluated as a template | `{}` |
| `ingress.enabled` | Enable ingress resource for Management console | `false` |
| `ingress.path` | Path for the default host. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` |
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
| `ingress.hostname` | Default host for the ingress resource | `rabbitmq.local` |
| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |
| `ingress.tls` | Enable TLS configuration for the hostname defined at `ingress.hostname` parameter | `false` |
| `ingress.selfSigned` | Set this to true in order to create a TLS secret for this ingress record | `false` |
| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` |
| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` |
| `ingress.secrets` | Custom TLS certificates as secrets | `[]` |
| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` |
| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` |
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
| `networkPolicy.additionalRules` | Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed. | `[]` |
### Metrics Parameters
| Name | Description | Value |
| ------------------------------------------ | ------------------------------------------------------------------------------------------------------ | --------------------- |
| `metrics.enabled` | Enable exposing RabbitMQ metrics to be gathered by Prometheus | `false` |
| `metrics.plugins` | Plugins to enable Prometheus metrics in RabbitMQ | `rabbitmq_prometheus` |
| `metrics.podAnnotations` | Annotations for enabling prometheus to access the metrics endpoint | `{}` |
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` |
| `metrics.serviceMonitor.namespace` | Specify the namespace in which the serviceMonitor resource will be created | `""` |
| `metrics.serviceMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` |
| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` |
| `metrics.serviceMonitor.relabellings` | MetricsRelabelConfigs to apply to samples before ingestion. DEPRECATED: Will be removed in next major. | `[]` |
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` |
| `metrics.serviceMonitor.metricRelabelings` | MetricsRelabelConfigs to apply to samples before ingestion. | `[]` |
| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` |
| `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are required by the installed Prometheus Operator | `{}` |
| `metrics.serviceMonitor.targetLabels` | Used to keep given service's labels in target | `{}` |
| `metrics.serviceMonitor.podTargetLabels` | Used to keep given pod's labels in target | `{}` |
| `metrics.serviceMonitor.path` | Define the path used by ServiceMonitor to scrap metrics | `""` |
| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` |
| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` |
| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | `""` |
| `metrics.prometheusRule.rules` | List of rules, used as template by Helm. | `[]` |
### Init Container Parameters
| Name | Description | Value |
| -------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag | `10-debian-10-r301` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
The above parameters map to the env variables defined in [bitnami/rabbitmq](https://github.com/bitnami/bitnami-docker-rabbitmq). For more information please refer to the [bitnami/rabbitmq](https://github.com/bitnami/bitnami-docker-rabbitmq) image documentation.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```bash
$ helm install my-release \
--set auth.username=admin,auth.password=secretpassword,auth.erlangCookie=secretcookie \
bitnami/rabbitmq
```
The above command sets the RabbitMQ admin username and password to `admin` and `secretpassword` respectively. Additionally the secure erlang cookie is set to `secretcookie`.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```bash
$ helm install my-release -f values.yaml bitnami/rabbitmq
```
> **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details
### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### Set pod affinity
This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters.
### Scale horizontally
To horizontally scale this chart once it has been deployed, two options are available:
- Use the `kubectl scale` command.
- Upgrade the chart modifying the `replicaCount` parameter.
> NOTE: It is mandatory to specify the password and Erlang cookie that was set the first time the chart was installed when upgrading the chart.
When scaling down the solution, unnecessary RabbitMQ nodes are automatically stopped, but they are not removed from the cluster. You need to manually remove them by running the `rabbitmqctl forget_cluster_node` command.
Refer to the chart documentation for [more information on scaling the Rabbit cluster horizontally](https://docs.bitnami.com/kubernetes/infrastructure/rabbitmq/administration/scale-deployment/).
### Enable TLS support
To enable TLS support, first generate the certificates as described in the [RabbitMQ documentation for SSL certificate generation](https://www.rabbitmq.com/ssl.html#automated-certificate-generation).
Once the certificates are generated, you have two alternatives:
* Create a secret with the certificates and associate the secret when deploying the chart
* Include the certificates in the *values.yaml* file when deploying the chart
Set the *auth.tls.failIfNoPeerCert* parameter to *false* to allow a TLS connection if the client fails to provide a certificate.
Set the *auth.tls.sslOptionsVerify* to *verify_peer* to force a node to perform peer verification. When set to *verify_none*, peer verification will be disabled and certificate exchange won't be performed.
Refer to the chart documentation for [more information and examples of enabling TLS and using Let's Encrypt certificates](https://docs.bitnami.com/kubernetes/infrastructure/rabbitmq/administration/enable-tls-ingress/).
### Load custom definitions
It is possible to [load a RabbitMQ definitions file to configure RabbitMQ](https://www.rabbitmq.com/management.html#load-definitions).
Because definitions may contain RabbitMQ credentials, [store the JSON as a Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod). Within the secret's data, choose a key name that corresponds with the desired load definitions filename (i.e. `load_definition.json`) and use the JSON object as the value.
Next, specify the `load_definitions` property as an `extraConfiguration` pointing to the load definition file path within the container (i.e. `/app/load_definition.json`) and set `loadDefinition.enable` to `true`. Any load definitions specified will be available within in the container at `/app`.
> NOTE: Loading a definition will take precedence over any configuration done through [Helm values](#parameters).
If needed, you can use `extraSecrets` to let the chart create the secret for you. This way, you don't need to manually create it before deploying a release. These secrets can also be templated to use supplied chart values.
Refer to the chart documentation for [more information and configuration examples of loading custom definitions](https://docs.bitnami.com/kubernetes/infrastructure/rabbitmq/configuration/load-files/).
### Configure LDAP support
LDAP support can be enabled in the chart by specifying the `ldap.*` parameters while creating a release. Refer to the chart documentation for [more information and a configuration example](https://docs.bitnami.com/kubernetes/infrastructure/rabbitmq/configuration/configure-ldap/).
### Configure memory high watermark
It is possible to configure a memory high watermark on RabbitMQ to define [memory thresholds](https://www.rabbitmq.com/memory.html#threshold) using the `memoryHighWatermark.*` parameters. To do so, you have two alternatives:
* Set an absolute limit of RAM to be used on each RabbitMQ node, as shown in the configuration example below:
```
memoryHighWatermark.enabled="true"
memoryHighWatermark.type="absolute"
memoryHighWatermark.value="512MB"
```
* Set a relative limit of RAM to be used on each RabbitMQ node. To enable this feature, define the memory limits at pod level too. An example configuration is shown below:
```
memoryHighWatermark.enabled="true"
memoryHighWatermark.type="relative"
memoryHighWatermark.value="0.4"
resources.limits.memory="2Gi"
```
### Add extra environment variables
In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property.
```yaml
extraEnvVars:
- name: LOG_LEVEL
value: error
```
Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `.extraEnvVarsCM` or the `extraEnvVarsSecret` properties.
### Use plugins
The Bitnami Docker RabbitMQ image ships a set of plugins by default. By default, this chart enables `rabbitmq_management` and `rabbitmq_peer_discovery_k8s` since they are required for RabbitMQ to work on K8s.
To enable extra plugins, set the `extraPlugins` parameter with the list of plugins you want to enable. In addition to this, the `communityPlugins` parameter can be used to specify a list of URLs (separated by spaces) for custom plugins for RabbitMQ.
Refer to the chart documentation for [more information on using RabbitMQ plugins](https://docs.bitnami.com/kubernetes/infrastructure/rabbitmq/configuration/use-plugins/).
### Recover the cluster from complete shutdown
> IMPORTANT: Some of these procedures can lead to data loss. Always make a backup beforehand.
The RabbitMQ cluster is able to support multiple node failures but, in a situation in which all the nodes are brought down at the same time, the cluster might not be able to self-recover.
This happens if the pod management policy of the statefulset is not `Parallel` and the last pod to be running wasn't the first pod of the statefulset. If that happens, update the pod management policy to recover a healthy state:
```console
$ kubectl delete statefulset STATEFULSET_NAME --cascade=false
$ helm upgrade RELEASE_NAME bitnami/rabbitmq \
--set podManagementPolicy=Parallel \
--set replicaCount=NUMBER_OF_REPLICAS \
--set auth.password=PASSWORD \
--set auth.erlangCookie=ERLANG_COOKIE
```
For a faster resyncronization of the nodes, you can temporarily disable the readiness probe by setting `readinessProbe.enabled=false`. Bear in mind that the pods will be exposed before they are actually ready to process requests.
If the steps above don't bring the cluster to a healthy state, it could be possible that none of the RabbitMQ nodes think they were the last node to be up during the shutdown. In those cases, you can force the boot of the nodes by specifying the `clustering.forceBoot=true` parameter (which will execute [`rabbitmqctl force_boot`](https://www.rabbitmq.com/rabbitmqctl.8.html#force_boot) in each pod):
```console
$ helm upgrade RELEASE_NAME bitnami/rabbitmq \
--set podManagementPolicy=Parallel \
--set clustering.forceBoot=true \
--set replicaCount=NUMBER_OF_REPLICAS \
--set auth.password=PASSWORD \
--set auth.erlangCookie=ERLANG_COOKIE
```
More information: [Clustering Guide: Restarting](https://www.rabbitmq.com/clustering.html#restarting).
### Known issues
- Changing the password through RabbitMQ's UI can make the pod fail due to the default liveness probes. If you do so, remember to make the chart aware of the new password. Updating the default secret with the password you set through RabbitMQ's UI will automatically recreate the pods. If you are using your own secret, you may have to manually recreate the pods.
## Persistence
The [Bitnami RabbitMQ](https://github.com/bitnami/bitnami-docker-rabbitmq) image stores the RabbitMQ data and configurations at the `/opt/bitnami/rabbitmq/var/lib/rabbitmq/` path of the container.
The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) at this location. By default, the volume is created using dynamic volume provisioning. An existing PersistentVolumeClaim can also be defined.
### Use existing PersistentVolumeClaims
1. Create the PersistentVolume
1. Create the PersistentVolumeClaim
1. Install the chart
```bash
$ helm install my-release --set persistence.existingClaim=PVC_NAME bitnami/rabbitmq
```
### Adjust permissions of the persistence volume mountpoint
As the image runs as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it.
By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions.
As an alternative, this chart supports using an `initContainer` to change the ownership of the volume before mounting it in the final destination.
You can enable this `initContainer` by setting `volumePermissions.enabled` to `true`.
### Configure the default user/vhost
If you want to create default user/vhost and set the default permission. you can use `extraConfiguration`:
```yaml
auth:
username: default-user
extraConfiguration: |-
default_vhost = default-vhost
default_permissions.configure = .*
default_permissions.read = .*
default_permissions.write = .*
```
## Troubleshooting
Find more information about how to deal with common errors related to Bitnamis Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
## Upgrading
It's necessary to set the `auth.password` and `auth.erlangCookie` parameters when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Credentials' section. Please note down the password and the cookie, and run the command below to upgrade your chart:
```bash
$ helm upgrade my-release bitnami/rabbitmq --set auth.password=[PASSWORD] --set auth.erlangCookie=[RABBITMQ_ERLANG_COOKIE]
```
| Note: you need to substitute the placeholders [PASSWORD] and [RABBITMQ_ERLANG_COOKIE] with the values obtained in the installation notes.
### To 8.21.0
This new version of the chart bumps the RabbitMQ version to `3.9.1`. It is considered a minor release, and no breaking changes are expected. Additionally, RabbitMQ `3.9.X` nodes can run alongside `3.8.X` nodes.
See the [Upgrading guide](https://www.rabbitmq.com/upgrade.html) and the [RabbitMQ change log](https://www.rabbitmq.com/changelog.html) for further documentation.
### To 8.0.0
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/rabbitmq/administration/upgrade-helm3/).
### To 7.0.0
- Several parameters were renamed or disappeared in favor of new ones on this major version:
- `replicas` is renamed to `replicaCount`.
- `securityContext.*` is deprecated in favor of `podSecurityContext` and `containerSecurityContext`.
- Authentication parameters were reorganized under the `auth.*` parameter:
- `rabbitmq.username`, `rabbitmq.password`, and `rabbitmq.erlangCookie` are now `auth.username`, `auth.password`, and `auth.erlangCookie` respectively.
- `rabbitmq.tls.*` parameters are now under `auth.tls.*`.
- Parameters prefixed with `rabbitmq.` were renamed removing the prefix. E.g. `rabbitmq.configuration` -> renamed to `configuration`.
- `rabbitmq.rabbitmqClusterNodeName` is deprecated.
- `rabbitmq.setUlimitNofiles` is deprecated.
- `forceBoot.enabled` is renamed to `clustering.forceBoot`.
- `loadDefinition.secretName` is renamed to `loadDefinition.existingSecret`.
- `metics.port` is remamed to `service.metricsPort`.
- `service.extraContainerPorts` is renamed to `extraContainerPorts`.
- `service.nodeTlsPort` is renamed to `service.tlsNodePort`.
- `podDisruptionBudget` is deprecated in favor of `pdb.create`, `pdb.minAvailable`, and `pdb.maxUnavailable`.
- `rbacEnabled` -> deprecated in favor of `rbac.create`.
- New parameters: `serviceAccount.create`, and `serviceAccount.name`.
- New parameters: `memoryHighWatermark.enabled`, `memoryHighWatermark.type`, and `memoryHighWatermark.value`.
- Chart labels and Ingress configuration were adapted to follow the Helm charts best practices.
- Initialization logic now relies on the container.
- This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade.
Consequences:
- Backwards compatibility is not guaranteed.
- Compatibility with non Bitnami images is not guaranteed anymore.
### To 6.0.0
This new version updates the RabbitMQ image to a [new version based on bash instead of node.js](https://github.com/bitnami/bitnami-docker-rabbitmq#3715-r18-3715-ol-7-r19). However, since this Chart overwrites the container's command, the changes to the container shouldn't affect the Chart. To upgrade, it may be needed to enable the `fastBoot` option, as it is already the case from upgrading from 5.X to 5.Y.
### To 5.0.0
This major release changes the clustering method from `ip` to `hostname`.
This change is needed to fix the persistence. The data dir will now depend on the hostname which is stable instead of the pod IP that might change.
> IMPORTANT: Note that if you upgrade from a previous version you will lose your data.
### To 3.0.0
Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments.
Use the workaround below to upgrade from versions previous to 3.0.0. The following example assumes that the release name is rabbitmq:
```console
$ kubectl delete statefulset rabbitmq --cascade=false
```
## Bitnami Kubernetes Documentation
Bitnami Kubernetes documentation is available at [https://docs.bitnami.com/](https://docs.bitnami.com/). You can find there the following resources:
- [Documentation for RabbitMQ Helm chart](https://docs.bitnami.com/kubernetes/infrastructure/rabbitmq/)
- [Get Started with Kubernetes guides](https://docs.bitnami.com/kubernetes/)
- [Bitnami Helm charts documentation](https://docs.bitnami.com/kubernetes/apps/)
- [Kubernetes FAQs](https://docs.bitnami.com/kubernetes/faq/)
- [Kubernetes Developer guides](https://docs.bitnami.com/tutorials/)
## License
Copyright &copy; 2022 Bitnami
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

163
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,163 @@
CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
{{- $servicePort := or (.Values.service.portEnabled) (not .Values.auth.tls.enabled) | ternary .Values.service.port .Values.service.tlsPort -}}
{{- $serviceNodePort := or (.Values.service.portEnabled) (not .Values.auth.tls.enabled) | ternary .Values.service.nodePort .Values.service.tlsNodePort -}}
** Please be patient while the chart is being deployed **
{{- if .Values.diagnosticMode.enabled }}
The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
Get the list of pods by executing:
kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
Access the pod you want to debug by executing
kubectl exec --namespace {{ .Release.Namespace }} -ti <NAME OF THE POD> -- bash
In order to replicate the container startup scripts execute this command:
/opt/bitnami/scripts/rabbitmq/entrypoint.sh /opt/bitnami/scripts/rabbitmq/run.sh
{{- else }}
Credentials:
{{- if not .Values.loadDefinition.enabled }}
echo "Username : {{ .Values.auth.username }}"
echo "Password : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "rabbitmq.secretPasswordName" . }} -o jsonpath="{.data.rabbitmq-password}" | base64 --decode)"
{{- end }}
echo "ErLang Cookie : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "rabbitmq.secretErlangName" . }} -o jsonpath="{.data.rabbitmq-erlang-cookie}" | base64 --decode)"
Note that the credentials are saved in persistent volume claims and will not be changed upon upgrade or reinstallation unless the persistent volume claim has been deleted. If this is not the first installation of this chart, the credentials may not be valid.
This is applicable when no passwords are set and therefore the random password is autogenerated. In case of using a fixed password, you should specify it when upgrading.
More information about the credentials may be found at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases.
RabbitMQ can be accessed within the cluster on port {{ $serviceNodePort }} at {{ include "rabbitmq.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clustering.k8s_domain }}
To access for outside the cluster, perform the following steps:
{{- if .Values.ingress.enabled }}
{{- if contains "NodePort" .Values.service.type }}
To Access the RabbitMQ AMQP port:
1. Obtain the NodePort IP and ports:
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
export NODE_PORT_AMQP=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[1].nodePort}" services {{ include "rabbitmq.fullname" . }})
echo "URL : amqp://$NODE_IP:$NODE_PORT_AMQP/"
{{- else if contains "LoadBalancer" .Values.service.type }}
To Access the RabbitMQ AMQP port:
1. Obtain the LoadBalancer IP:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "rabbitmq.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "rabbitmq.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
echo "URL : amqp://$SERVICE_IP:{{ $servicePort }}/"
{{- else if contains "ClusterIP" .Values.service.type }}
To Access the RabbitMQ AMQP port:
1. Create a port-forward to the AMQP port:
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "rabbitmq.fullname" . }} {{ $servicePort }}:{{ $servicePort }} &
echo "URL : amqp://127.0.0.1:{{ $servicePort }}/"
{{- end }}
2. Access RabbitMQ using using the obtained URL.
To Access the RabbitMQ Management interface:
1. Get the RabbitMQ Management URL and associate its hostname to your cluster external IP:
export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
echo "RabbitMQ Management: http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}/"
echo "$CLUSTER_IP {{ .Values.ingress.hostname }}" | sudo tee -a /etc/hosts
2. Open a browser and access RabbitMQ Management using the obtained URL.
{{- else }}
{{- if contains "NodePort" .Values.service.type }}
Obtain the NodePort IP and ports:
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
export NODE_PORT_AMQP=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[1].nodePort}" services {{ include "rabbitmq.fullname" . }})
export NODE_PORT_STATS=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[3].nodePort}" services {{ include "rabbitmq.fullname" . }})
To Access the RabbitMQ AMQP port:
echo "URL : amqp://$NODE_IP:$NODE_PORT_AMQP/"
To Access the RabbitMQ Management interface:
echo "URL : http://$NODE_IP:$NODE_PORT_STATS/"
{{- else if contains "LoadBalancer" .Values.service.type }}
Obtain the LoadBalancer IP:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "rabbitmq.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "rabbitmq.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
To Access the RabbitMQ AMQP port:
echo "URL : amqp://$SERVICE_IP:{{ $servicePort }}/"
To Access the RabbitMQ Management interface:
echo "URL : http://$SERVICE_IP:{{ .Values.service.managerPort }}/"
{{- else if contains "ClusterIP" .Values.service.type }}
To Access the RabbitMQ AMQP port:
echo "URL : amqp://127.0.0.1:{{ $servicePort }}/"
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "rabbitmq.fullname" . }} {{ $servicePort }}:{{ $servicePort }}
To Access the RabbitMQ Management interface:
echo "URL : http://127.0.0.1:{{ .Values.service.managerPort }}/"
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "rabbitmq.fullname" . }} {{ .Values.service.managerPort }}:{{ .Values.service.managerPort }}
{{- end }}
{{- end }}
{{- if .Values.metrics.enabled }}
To access the RabbitMQ Prometheus metrics, get the RabbitMQ Prometheus URL by running:
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "rabbitmq.fullname" . }} {{ .Values.service.metricsPort }}:{{ .Values.service.metricsPort }} &
echo "Prometheus Metrics URL: http://127.0.0.1:{{ .Values.service.metricsPort }}/metrics"
Then, open the obtained URL in a browser.
{{- end }}
{{- include "common.warnings.rollingTag" .Values.image }}
{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
{{- include "rabbitmq.validateValues" . -}}
{{- $requiredPassword := list -}}
{{- $secretNameRabbitmq := include "rabbitmq.secretPasswordName" . -}}
{{- if and (not .Values.auth.existingPasswordSecret) (not .Values.loadDefinition.enabled) -}}
{{- $requiredRabbitmqPassword := dict "valueKey" "auth.password" "secret" $secretNameRabbitmq "field" "rabbitmq-password" -}}
{{- $requiredPassword = append $requiredPassword $requiredRabbitmqPassword -}}
{{- end -}}
{{- end }}

257
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,257 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "rabbitmq.name" -}}
{{- include "common.names.name" . -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "rabbitmq.fullname" -}}
{{- include "common.names.fullname" . -}}
{{- end -}}
{{/*
Return the proper RabbitMQ image name
*/}}
{{- define "rabbitmq.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "rabbitmq.volumePermissions.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "rabbitmq.imagePullSecrets" -}}
{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) }}
{{- end -}}
{{/*
Return podAnnotations
*/}}
{{- define "rabbitmq.podAnnotations" -}}
{{- if .Values.podAnnotations }}
{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }}
{{- end }}
{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }}
{{- end }}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "rabbitmq.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "rabbitmq.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Get the password secret.
*/}}
{{- define "rabbitmq.secretPasswordName" -}}
{{- if .Values.auth.existingPasswordSecret -}}
{{- printf "%s" (tpl .Values.auth.existingPasswordSecret $) -}}
{{- else -}}
{{- printf "%s" (include "rabbitmq.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Get the erlang secret.
*/}}
{{- define "rabbitmq.secretErlangName" -}}
{{- if .Values.auth.existingErlangSecret -}}
{{- printf "%s" (tpl .Values.auth.existingErlangSecret $) -}}
{{- else -}}
{{- printf "%s" (include "rabbitmq.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Get the TLS secret.
*/}}
{{- define "rabbitmq.tlsSecretName" -}}
{{- if .Values.auth.tls.existingSecret -}}
{{- printf "%s" (tpl .Values.auth.tls.existingSecret $) -}}
{{- else -}}
{{- printf "%s-certs" (include "rabbitmq.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a TLS credentials secret object should be created
*/}}
{{- define "rabbitmq.createTlsSecret" -}}
{{- if and .Values.auth.tls.enabled (not .Values.auth.tls.existingSecret) }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper RabbitMQ plugin list
*/}}
{{- define "rabbitmq.plugins" -}}
{{- $plugins := .Values.plugins -}}
{{- if .Values.extraPlugins -}}
{{- $plugins = printf "%s %s" $plugins .Values.extraPlugins -}}
{{- end -}}
{{- if .Values.metrics.enabled -}}
{{- $plugins = printf "%s %s" $plugins .Values.metrics.plugins -}}
{{- end -}}
{{- printf "%s" $plugins | replace " " ", " -}}
{{- end -}}
{{/*
Return the number of bytes given a value
following a base 2 o base 10 number system.
Usage:
{{ include "rabbitmq.toBytes" .Values.path.to.the.Value }}
*/}}
{{- define "rabbitmq.toBytes" -}}
{{- $value := int (regexReplaceAll "([0-9]+).*" . "${1}") }}
{{- $unit := regexReplaceAll "[0-9]+(.*)" . "${1}" }}
{{- if eq $unit "Ki" }}
{{- mul $value 1024 }}
{{- else if eq $unit "Mi" }}
{{- mul $value 1024 1024 }}
{{- else if eq $unit "Gi" }}
{{- mul $value 1024 1024 1024 }}
{{- else if eq $unit "Ti" }}
{{- mul $value 1024 1024 1024 1024 }}
{{- else if eq $unit "Pi" }}
{{- mul $value 1024 1024 1024 1024 1024 }}
{{- else if eq $unit "Ei" }}
{{- mul $value 1024 1024 1024 1024 1024 1024 }}
{{- else if eq $unit "K" }}
{{- mul $value 1000 }}
{{- else if eq $unit "M" }}
{{- mul $value 1000 1000 }}
{{- else if eq $unit "G" }}
{{- mul $value 1000 1000 1000 }}
{{- else if eq $unit "T" }}
{{- mul $value 1000 1000 1000 1000 }}
{{- else if eq $unit "P" }}
{{- mul $value 1000 1000 1000 1000 1000 }}
{{- else if eq $unit "E" }}
{{- mul $value 1000 1000 1000 1000 1000 1000 }}
{{- end }}
{{- end -}}
{{/*
Return true if cert-manager required annotations for TLS signed certificates are set in the Ingress annotations
Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
*/}}
{{- define "rabbitmq.ingress.certManagerRequest" -}}
{{ if or (hasKey . "cert-manager.io/cluster-issuer") (hasKey . "cert-manager.io/issuer") }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Compile all warnings into a single message, and call fail.
*/}}
{{- define "rabbitmq.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "rabbitmq.validateValues.ldap" .) -}}
{{- $messages := append $messages (include "rabbitmq.validateValues.memoryHighWatermark" .) -}}
{{- $messages := append $messages (include "rabbitmq.validateValues.ingress.tls" .) -}}
{{- $messages := append $messages (include "rabbitmq.validateValues.auth.tls" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
{{- end -}}
{{- end -}}
{{/*
Validate values of rabbitmq - LDAP support
*/}}
{{- define "rabbitmq.validateValues.ldap" -}}
{{- if .Values.ldap.enabled }}
{{- $serversListLength := len .Values.ldap.servers }}
{{- if or (not (gt $serversListLength 0)) (not (and .Values.ldap.port .Values.ldap.user_dn_pattern)) }}
rabbitmq: LDAP
Invalid LDAP configuration. When enabling LDAP support, the parameters "ldap.servers",
"ldap.port", and "ldap. user_dn_pattern" are mandatory. Please provide them:
$ helm install {{ .Release.Name }} bitnami/rabbitmq \
--set ldap.enabled=true \
--set ldap.servers[0]="lmy-ldap-server" \
--set ldap.port="389" \
--set user_dn_pattern="cn=${username},dc=example,dc=org"
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Validate values of rabbitmq - Memory high watermark
*/}}
{{- define "rabbitmq.validateValues.memoryHighWatermark" -}}
{{- if and (not (eq .Values.memoryHighWatermark.type "absolute")) (not (eq .Values.memoryHighWatermark.type "relative")) }}
rabbitmq: memoryHighWatermark.type
Invalid Memory high watermark type. Valid values are "absolute" and
"relative". Please set a valid mode (--set memoryHighWatermark.type="xxxx")
{{- else if and .Values.memoryHighWatermark.enabled (not .Values.resources.limits.memory) (eq .Values.memoryHighWatermark.type "relative") }}
rabbitmq: memoryHighWatermark
You enabled configuring memory high watermark using a relative limit. However,
no memory limits were defined at POD level. Define your POD limits as shown below:
$ helm install {{ .Release.Name }} bitnami/rabbitmq \
--set memoryHighWatermark.enabled=true \
--set memoryHighWatermark.type="relative" \
--set memoryHighWatermark.value="0.4" \
--set resources.limits.memory="2Gi"
Altenatively, user an absolute value for the memory memory high watermark :
$ helm install {{ .Release.Name }} bitnami/rabbitmq \
--set memoryHighWatermark.enabled=true \
--set memoryHighWatermark.type="absolute" \
--set memoryHighWatermark.value="512MB"
{{- end -}}
{{- end -}}
{{/*
Validate values of rabbitmq - TLS configuration for Ingress
*/}}
{{- define "rabbitmq.validateValues.ingress.tls" -}}
{{- if and .Values.ingress.enabled .Values.ingress.tls (not (include "rabbitmq.ingress.certManagerRequest" .Values.ingress.annotations)) (not .Values.ingress.selfSigned) (empty .Values.ingress.extraTls) }}
rabbitmq: ingress.tls
You enabled the TLS configuration for the default ingress hostname but
you did not enable any of the available mechanisms to create the TLS secret
to be used by the Ingress Controller.
Please use any of these alternatives:
- Use the `ingress.extraTls` and `ingress.secrets` parameters to provide your custom TLS certificates.
- Relay on cert-manager to create it by setting the corresponding annotations
- Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
{{- end -}}
{{- end -}}
{{/*
Validate values of RabbitMQ - Auth TLS enabled
*/}}
{{- define "rabbitmq.validateValues.auth.tls" -}}
{{- if and .Values.auth.tls.enabled (not .Values.auth.tls.autoGenerated) (not .Values.auth.tls.existingSecret) (not .Values.auth.tls.caCertificate) (not .Values.auth.tls.serverCertificate) (not .Values.auth.tls.serverKey) }}
rabbitmq: auth.tls
You enabled TLS for RabbitMQ but you did not enable any of the available mechanisms to create the TLS secret.
Please use any of these alternatives:
- Provide an existing secret containing the TLS certificates using `auth.tls.existingSecret`
- Provide the plain text certificates using `auth.tls.caCertificate`, `auth.tls.serverCertificate` and `auth.tls.serverKey`.
- Enable auto-generated certificates using `auth.tls.autoGenerated`.
{{- end -}}
{{- end -}}

18
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/configuration.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if .Values.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "rabbitmq.fullname" . }}-config
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
rabbitmq.conf: |-
{{- include "common.tplvalues.render" (dict "value" .Values.configuration "context" $) | nindent 4 }}
{{- if .Values.advancedConfiguration }}
advanced.config: |-
{{- include "common.tplvalues.render" (dict "value" .Values.advancedConfiguration "context" $) | nindent 4 }}
{{- end }}
{{- end }}

4
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/extra-list.yaml Normal file
View File

@@ -0,0 +1,4 @@
{{- range .Values.extraDeploy }}
---
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}

59
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,59 @@
{{- if .Values.enabled }}
{{- if .Values.ingress.enabled }}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ include "rabbitmq.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
annotations:
{{- if .Values.ingress.certManager }}
kubernetes.io/tls-acme: "true"
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.ingress.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
{{- end }}
rules:
{{- if .Values.ingress.domain }}
- host: {{ include "common.tplvalues.render" ( dict "value" .Values.ingress.hostname "context" $ ) }}
http:
paths:
{{- if .Values.ingress.extraPaths }}
{{- toYaml .Values.ingress.extraPaths | nindent 10 }}
{{- end }}
- path: {{ .Values.ingress.path }}
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
pathType: {{ .Values.ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" .Values.service.managerPortName "context" $) | nindent 14 }}
{{- end }}
{{- range .Values.ingress.extraHosts }}
- host: {{ include "common.tplvalues.render" ( dict "value" .name "context" $ ) }}
http:
paths:
- path: {{ default "/" .path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http-stats" "context" $) | nindent 14 }}
{{- end }}
{{- if or (and .Values.ingress.tls (or (include "rabbitmq.ingress.certManagerRequest" .Values.ingress.annotations) .Values.ingress.selfSigned)) .Values.ingress.extraTls }}
tls:
{{- if and .Values.ingress.tls (or (include "rabbitmq.ingress.certManagerRequest" .Values.ingress.annotations) .Values.ingress.selfSigned) }}
- hosts:
- {{ .Values.ingress.domain | quote }}
secretName: {{ printf "%s-tls" .Values.ingress.domain }}
{{- end }}
{{- if .Values.ingress.extraTls }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

39
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,39 @@
{{- if .Values.enabled }}
{{- if .Values.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: {{ include "rabbitmq.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
podSelector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
ingress:
# Allow inbound connections
- ports:
- port: 4369 # EPMD
- port: {{ .Values.service.port }}
- port: {{ .Values.service.tlsPort }}
- port: {{ .Values.service.distPort }}
- port: {{ .Values.service.managerPort }}
{{- if not .Values.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels:
{{ template "rabbitmq.fullname" . }}-client: "true"
- podSelector:
matchLabels:
{{- include "common.labels.matchLabels" . | nindent 14 }}
{{- if .Values.networkPolicy.additionalRules }}
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.additionalRules "context" $) | nindent 8 }}
{{- end }}
{{- end }}
# Allow prometheus scrapes
- ports:
- port: {{ .Values.service.metricsPort }}
{{- end }}
{{- end }}

22
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/pdb.yaml Normal file
View File

@@ -0,0 +1,22 @@
{{- if .Values.enabled }}
{{- if .Values.pdb.create }}
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "rabbitmq.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.pdb.minAvailable }}
minAvailable: {{ .Values.pdb.minAvailable }}
{{- end }}
{{- if .Values.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.pdb.maxUnavailable }}
{{- end }}
selector:
matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }}
{{- end }}
{{- end }}

26
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/prometheusrule.yaml Normal file
View File

@@ -0,0 +1,26 @@
{{- if .Values.enabled }}
{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ include "rabbitmq.fullname" . }}
{{- if .Values.metrics.prometheusRule.namespace }}
namespace: {{ .Values.metrics.prometheusRule.namespace }}
{{- else }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.metrics.prometheusRule.additionalLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
groups:
{{- with .Values.metrics.prometheusRule.rules }}
- name: {{ template "rabbitmq.name" $ }}
rules: {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

21
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/role.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- if .Values.enabled }}
{{- if .Values.rbac.create }}
kind: Role
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
metadata:
name: {{ template "rabbitmq.fullname" . }}-endpoint-reader
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create"]
{{- end }}
{{- end }}

20
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/rolebinding.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- if .Values.enabled }}
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: RoleBinding
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
metadata:
name: {{ template "rabbitmq.fullname" . }}-endpoint-reader
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
subjects:
- kind: ServiceAccount
name: {{ template "rabbitmq.serviceAccountName" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "rabbitmq.fullname" . }}-endpoint-reader
{{- end }}
{{- end }}

48
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/secrets.yaml Normal file
View File

@@ -0,0 +1,48 @@
{{- if .Values.enabled }}
{{- if or (not .Values.auth.existingErlangSecret) (not .Values.auth.existingPasswordSecret) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "rabbitmq.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
{{- if and (not .Values.auth.existingPasswordSecret) (not .Values.loadDefinition.enabled) }}
{{- if .Values.auth.password }}
rabbitmq-password: {{ .Values.auth.password | b64enc | quote }}
{{- else }}
rabbitmq-password: {{ randAlphaNum 10 | b64enc | quote }}
{{- end }}
{{- end }}
{{- if not .Values.auth.existingErlangSecret }}
{{- if .Values.auth.erlangCookie }}
rabbitmq-erlang-cookie: {{ .Values.auth.erlangCookie | b64enc | quote }}
{{- else }}
rabbitmq-erlang-cookie: {{ randAlphaNum 32 | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- $extraSecretsPrependReleaseName := .Values.extraSecretsPrependReleaseName }}
{{- range $key, $value := .Values.extraSecrets }}
---
apiVersion: v1
kind: Secret
metadata:
{{- if $extraSecretsPrependReleaseName }}
name: {{ $.Release.Name }}-{{ $key }}
{{- else }}
name: {{ $key }}
{{- end }}
namespace: {{ $.Release.Namespace | quote }}
labels: {{- include "common.labels.standard" $ | nindent 4 }}
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
stringData: {{- include "common.tplvalues.render" (dict "value" $value "context" $) | nindent 2 }}
{{- end }}
{{- end }}

17
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{- if .Values.enabled }}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "rabbitmq.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
secrets:
- name: {{ include "rabbitmq.fullname" . }}
{{- end }}
{{- end }}

56
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,56 @@
{{- if .Values.enabled }}
{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "rabbitmq.fullname" . }}
{{- if .Values.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.metrics.serviceMonitor.namespace }}
{{- else }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.metrics.serviceMonitor.additionalLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: metrics
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabelings }}
relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabellings }}
metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }}
{{- else if .Values.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.path }}
path: {{ .Values.metrics.serviceMonitor.path }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace | quote }}
{{- with .Values.metrics.serviceMonitor.podTargetLabels }}
podTargetLabels:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.metrics.serviceMonitor.targetLabels }}
targetLabels:
{{- toYaml . | nindent 4 }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
{{- end }}
{{- end }}

388
1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/statefulset.yaml Normal file
View File

@@ -0,0 +1,388 @@
{{- if .Values.enabled }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "rabbitmq.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.statefulsetLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.statefulsetLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
serviceName: {{ template "rabbitmq.fullname" . }}-headless
podManagementPolicy: {{ .Values.podManagementPolicy }}
replicas: {{ .Values.replicaCount }}
updateStrategy:
type: {{ .Values.updateStrategyType }}
{{- if (eq "OnDelete" .Values.updateStrategyType) }}
rollingUpdate: null
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
{{- if .Values.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }}
{{- end }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }}
{{- end }}
checksum/config: {{ include (print $.Template.BasePath "/configuration.yaml") . | sha256sum }}
{{- if or (not .Values.auth.existingErlangSecret) (not .Values.auth.existingPasswordSecret) .Values.extraSecrets }}
checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
{{- end }}
{{- if or .Values.podAnnotations .Values.metrics.enabled }}
{{- include "rabbitmq.podAnnotations" . | nindent 8 }}
{{- end }}
spec:
{{- include "rabbitmq.imagePullSecrets" . | nindent 6 }}
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName | quote }}
{{- end }}
serviceAccountName: {{ template "rabbitmq.serviceAccountName" . }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" .) | nindent 8 }}
{{- else }}
affinity:
{{- /* podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.global.podAffinityPreset "context" $) | nindent 10 -}}*/}}
{{- /* podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.global.podAntiAffinityPreset "context" $) | nindent 10 }}*/}}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.global.nodeAffinityPreset.type "key" .Values.global.nodeAffinityPreset.key "values" .Values.global.nodeAffinityPreset.values) | nindent 10 -}}
{{- end }}
{{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- if or (.Values.initContainers) (and .Values.volumePermissions.enabled .Values.persistence.enabled .Values.podSecurityContext) }}
initContainers:
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled .Values.podSecurityContext }}
- name: volume-permissions
{{- /* image: {{ include "rabbitmq.volumePermissions.image" . }}*/}}
image: "{{ .Values.global.image.repository | default .Values.volumePermissions.image.repository}}/bitnami-shell:{{ .Values.volumePermissions.image.tag }}"
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
args:
- -ec
- |
mkdir -p "/bitnami/rabbitmq/mnesia"
chown -R "{{ .Values.podSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" "/bitnami/rabbitmq/mnesia"
securityContext:
runAsUser: 0
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /bitnami/rabbitmq/mnesia
{{- end }}
{{- if .Values.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: rabbitmq
{{- /* image: {{ template "rabbitmq.image" . }}*/}}
image: "{{ .Values.global.image.repository | default .Values.image.repository }}/rabbitmq:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.containerSecurityContext }}
securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: K8S_SERVICE_NAME
value: "{{ template "rabbitmq.fullname" . }}-headless"
- name: K8S_ADDRESS_TYPE
value: {{ .Values.clustering.addressType }}
- name: RABBITMQ_FORCE_BOOT
value: {{ ternary "yes" "no" .Values.clustering.forceBoot | quote }}
{{- if (eq "hostname" .Values.clustering.addressType) }}
- name: RABBITMQ_NODE_NAME
value: "rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}"
- name: K8S_HOSTNAME_SUFFIX
value: ".$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}"
{{- else }}
- name: RABBITMQ_NODE_NAME
value: "rabbit@$(MY_POD_NAME)"
{{- end }}
- name: RABBITMQ_MNESIA_DIR
value: "/bitnami/rabbitmq/mnesia/$(RABBITMQ_NODE_NAME)"
- name: RABBITMQ_LDAP_ENABLE
value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }}
{{- if .Values.ldap.enabled }}
- name: RABBITMQ_LDAP_TLS
value: {{ ternary "yes" "no" .Values.ldap.tls.enabled | quote }}
- name: RABBITMQ_LDAP_SERVERS
value: {{ .Values.ldap.servers | join "," | quote }}
- name: RABBITMQ_LDAP_SERVERS_PORT
value: {{ .Values.ldap.port | quote }}
- name: RABBITMQ_LDAP_USER_DN_PATTERN
value: {{ .Values.ldap.user_dn_pattern }}
{{- end }}
- name: RABBITMQ_LOGS
value: {{ .Values.logs | quote }}
- name: RABBITMQ_ULIMIT_NOFILES
value: {{ .Values.ulimitNofiles | quote }}
{{- if and .Values.maxAvailableSchedulers }}
- name: RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS
value: {{ printf "+S %s:%s" (toString .Values.maxAvailableSchedulers) (toString .Values.onlineSchedulers) -}}
{{- end }}
- name: RABBITMQ_USE_LONGNAME
value: "true"
- name: RABBITMQ_ERL_COOKIE
valueFrom:
secretKeyRef:
name: {{ template "rabbitmq.secretErlangName" . }}
key: rabbitmq-erlang-cookie
{{- if .Values.loadDefinition.enabled }}
- name: RABBITMQ_LOAD_DEFINITIONS
value: "yes"
- name: RABBITMQ_SECURE_PASSWORD
value: "no"
{{- else }}
- name: RABBITMQ_LOAD_DEFINITIONS
value: "no"
- name: RABBITMQ_SECURE_PASSWORD
value: "yes"
- name: RABBITMQ_USERNAME
value: {{ .Values.auth.username | quote }}
- name: RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "rabbitmq.secretPasswordName" . }}
key: rabbitmq-password
{{- end }}
- name: RABBITMQ_PLUGINS
value: {{ include "rabbitmq.plugins" . | quote }}
{{- if .Values.communityPlugins }}
- name: RABBITMQ_COMMUNITY_PLUGINS
value: {{ .Values.communityPlugins | quote }}
{{- end }}
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
{{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }}
envFrom:
{{- if .Values.extraEnvVarsCM }}
- configMapRef:
name: {{ tpl .Values.extraEnvVarsCM . | quote }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ tpl .Values.extraEnvVarsSecret . | quote }}
{{- end }}
{{- end }}
ports:
{{- if or (.Values.service.portEnabled) (not .Values.auth.tls.enabled) }}
- name: amqp
containerPort: 5672
{{- end }}
{{- if .Values.auth.tls.enabled }}
- name: amqp-ssl
containerPort: {{ .Values.service.tlsPort }}
{{- end }}
- name: dist
containerPort: 25672
- name: dashboard
containerPort: 15672
- name: epmd
containerPort: 4369
{{- if .Values.metrics.enabled }}
- name: metrics
containerPort: 9419
{{- end }}
{{- if .Values.extraContainerPorts }}
{{- toYaml .Values.extraContainerPorts | nindent 12 }}
{{- end }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
exec:
command:
- /bin/bash
- -ec
- rabbitmq-diagnostics -q ping
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- else if .Values.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
exec:
command:
- /bin/bash
- -ec
- rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- else if .Values.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
lifecycle:
{{- if and .Values.clustering.rebalance (gt (.Values.replicaCount | int) 1) }}
postStart:
exec:
command:
- /bin/bash
- -ec
- |
until rabbitmqctl cluster_status >/dev/null; do
echo "Waiting for cluster readiness..."
sleep 5
done
rabbitmq-queues rebalance "all"
{{- end }}
preStop:
exec:
command:
- /bin/bash
- -ec
- |
if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then
/opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t {{ .Values.terminationGracePeriodSeconds | quote }} -d {{ ternary "true" "false" .Values.image.debug | quote }}
else
rabbitmqctl stop_app
fi
{{- end }}
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: configuration
mountPath: /bitnami/rabbitmq/conf
- name: data
mountPath: /bitnami/rabbitmq/mnesia
{{- if .Values.auth.tls.enabled }}
- name: certs
mountPath: /opt/bitnami/rabbitmq/certs
{{- end }}
{{- if .Values.loadDefinition.enabled }}
- name: load-definition-volume
mountPath: /app
readOnly: true
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- if .Values.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
{{- if .Values.persistence.volumes }}
{{- toYaml .Values.persistence.volumes | nindent 8 }}
{{- end }}
{{- if .Values.auth.tls.enabled }}
- name: certs
secret:
secretName: {{ template "rabbitmq.tlsSecretName" . }}
items:
- key: {{ ternary "tls.crt" "ca.crt" .Values.auth.tls.existingSecretFullChain }}
path: ca_certificate.pem
- key: tls.crt
path: server_certificate.pem
- key: tls.key
path: server_key.pem
{{- end }}
- name: configuration
configMap:
name: {{ template "rabbitmq.fullname" . }}-config
items:
- key: rabbitmq.conf
path: rabbitmq.conf
{{- if .Values.advancedConfiguration }}
- key: advanced.config
path: advanced.config
{{- end }}
{{- if .Values.loadDefinition.enabled }}
- name: load-definition-volume
secret:
secretName: {{ tpl .Values.loadDefinition.existingSecret . | quote }}
{{- end }}
{{- if .Values.extraVolumes }}
{{- toYaml .Values.extraVolumes | nindent 8 }}
{{- end }}
{{- if not (contains "data" (quote .Values.persistence.volumes)) }}
{{- if not .Values.persistence.enabled }}
- name: data
emptyDir: {}
{{- else if .Values.persistence.existingClaim }}
- name: data
persistentVolumeClaim:
{{- with .Values.persistence.existingClaim }}
claimName: {{ tpl . $ }}
{{- end }}
{{- else }}
volumeClaimTemplates:
- metadata:
name: data
labels: {{- include "common.labels.matchLabels" . | nindent 10 }}
{{- if .Values.persistence.annotations }}
annotations:
{{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 10 }}
{{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }}
{{- if .Values.persistence.selector }}
selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 10 }}
{{- end -}}
{{- end }}
{{- end }}
{{- end }}

Some files were not shown because too many files have changed in this diff Show More