From 98ba056aeb855c367eb7088523b11c3c32859e21 Mon Sep 17 00:00:00 2001 From: "ning.yougang" Date: Fri, 31 Jul 2020 10:53:46 +0800 Subject: [PATCH] Add some missing configuration - nginx worker processes - containerPool akkaClient - controller and invoker use its own Couchdb username and password --- .../configMapFiles/initCouchDB/initdb.sh | 8 ++++++++ helm/openwhisk/templates/_helpers.tpl | 12 +---------- helm/openwhisk/templates/controller-pod.yaml | 10 ++++++++++ .../openwhisk/templates/couchdb-init-job.yaml | 20 +++++++++++++++++++ helm/openwhisk/templates/invoker-pod.yaml | 13 ++++++++++++ helm/openwhisk/templates/nginx-cm.yaml | 1 + helm/openwhisk/templates/ow-db-secret.yaml | 8 ++++++-- helm/openwhisk/values.yaml | 13 ++++++++++-- 8 files changed, 70 insertions(+), 15 deletions(-) diff --git a/helm/openwhisk/configMapFiles/initCouchDB/initdb.sh b/helm/openwhisk/configMapFiles/initCouchDB/initdb.sh index 4f462783..73487c0a 100755 --- a/helm/openwhisk/configMapFiles/initCouchDB/initdb.sh +++ b/helm/openwhisk/configMapFiles/initCouchDB/initdb.sh @@ -70,6 +70,10 @@ pushd /openwhisk/ansible -e db_host=$DB_HOST \ -e db_username=$COUCHDB_USER \ -e db_password=$COUCHDB_PASSWORD \ + -e db_controller_user=$COUCHDB_CONTROLLER_USERNAME \ + -e db_controller_pass=$COUCHDB_CONTROLLER_PASSWORD \ + -e db_invoker_user=$COUCHDB_INVOKER_USERNAME \ + -e db_invoker_pass=$COUCHDB_INVOKER_PASSWORD \ -e db_port=$DB_PORT \ -e openwhisk_home=/openwhisk @@ -79,6 +83,10 @@ pushd /openwhisk/ansible -e db_host=$DB_HOST \ -e db_username=$COUCHDB_USER \ -e db_password=$COUCHDB_PASSWORD \ + -e db_controller_user=$COUCHDB_CONTROLLER_USERNAME \ + -e db_controller_pass=$COUCHDB_CONTROLLER_PASSWORD \ + -e db_invoker_user=$COUCHDB_INVOKER_USERNAME \ + -e db_invoker_pass=$COUCHDB_INVOKER_PASSWORD \ -e db_port=$DB_PORT \ -e openwhisk_home=/openwhisk popd diff --git a/helm/openwhisk/templates/_helpers.tpl b/helm/openwhisk/templates/_helpers.tpl index f57c5781..7a2ca127 100644 --- a/helm/openwhisk/templates/_helpers.tpl +++ b/helm/openwhisk/templates/_helpers.tpl @@ -52,7 +52,7 @@ app: {{ template "openwhisk.fullname" . }} {{- end -}} {{- define "openwhisk.db_authentication" -}} -{{ .Values.db.auth.username }}:{{ .Values.db.auth.password }} +{{ .Values.db.auth.admin.username }}:{{ .Values.db.auth.admin.password }} {{- end -}} {{- define "openwhisk.elasticsearch_authentication" -}} @@ -114,16 +114,6 @@ app: {{ template "openwhisk.fullname" . }} {{/* Environment variables required for accessing CouchDB from a pod */}} {{- define "openwhisk.dbEnvVars" -}} -- name: "CONFIG_whisk_couchdb_username" - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-db.auth - key: db_username -- name: "CONFIG_whisk_couchdb_password" - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-db.auth - key: db_password - name: "CONFIG_whisk_couchdb_port" valueFrom: configMapKeyRef: diff --git a/helm/openwhisk/templates/controller-pod.yaml b/helm/openwhisk/templates/controller-pod.yaml index 12a2000d..e6339724 100644 --- a/helm/openwhisk/templates/controller-pod.yaml +++ b/helm/openwhisk/templates/controller-pod.yaml @@ -151,6 +151,16 @@ spec: value: "{{ include "openwhisk.kafka_connect" . }}" {{ include "openwhisk.kafkaConfigEnvVars" . | indent 8 }} + - name: "CONFIG_whisk_couchdb_username" + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-db.auth + key: db_controller_username + - name: "CONFIG_whisk_couchdb_password" + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-db.auth + key: db_controller_password # properties for DB connection {{ include "openwhisk.dbEnvVars" . | indent 8 }} diff --git a/helm/openwhisk/templates/couchdb-init-job.yaml b/helm/openwhisk/templates/couchdb-init-job.yaml index 509e2228..db3f0146 100644 --- a/helm/openwhisk/templates/couchdb-init-job.yaml +++ b/helm/openwhisk/templates/couchdb-init-job.yaml @@ -83,6 +83,26 @@ spec: secretKeyRef: name: {{ .Release.Name }}-db.auth key: db_password + - name: "COUCHDB_CONTROLLER_USERNAME" + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-db.auth + key: db_controller_username + - name: "COUCHDB_CONTROLLER_PASSWORD" + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-db.auth + key: db_controller_password + - name: "COUCHDB_INVOKER_USERNAME" + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-db.auth + key: db_invoker_username + - name: "COUCHDB_INVOKER_PASSWORD" + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-db.auth + key: db_invoker_password - name: "NODENAME" value: "couchdb0" diff --git a/helm/openwhisk/templates/invoker-pod.yaml b/helm/openwhisk/templates/invoker-pod.yaml index 8e272641..25ced915 100644 --- a/helm/openwhisk/templates/invoker-pod.yaml +++ b/helm/openwhisk/templates/invoker-pod.yaml @@ -155,6 +155,9 @@ spec: - name: "WHISK_LOGS_DIR" value: "" + - name: "CONFIG_whisk_containerPool_akkaClient" + value: "{{ .Values.whisk.containerPool.akkaClient }}" + # this version is the day it is deployed, - name: "CONFIG_whisk_info_date" valueFrom: @@ -162,6 +165,16 @@ spec: name: {{ .Release.Name }}-whisk.config key: whisk_info_date + - name: "CONFIG_whisk_couchdb_username" + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-db.auth + key: db_invoker_username + - name: "CONFIG_whisk_couchdb_password" + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-db.auth + key: db_invoker_password # properties for DB connection {{ include "openwhisk.dbEnvVars" . | indent 10 }} diff --git a/helm/openwhisk/templates/nginx-cm.yaml b/helm/openwhisk/templates/nginx-cm.yaml index fb3a906b..fa2483f7 100644 --- a/helm/openwhisk/templates/nginx-cm.yaml +++ b/helm/openwhisk/templates/nginx-cm.yaml @@ -24,6 +24,7 @@ metadata: {{ include "openwhisk.label_boilerplate" . | indent 4 }} data: nginx.conf: | + worker_processes {{ .Values.nginx.workerProcesses }}; worker_rlimit_nofile 4096; events { diff --git a/helm/openwhisk/templates/ow-db-secret.yaml b/helm/openwhisk/templates/ow-db-secret.yaml index 1af67d97..0572dbaa 100644 --- a/helm/openwhisk/templates/ow-db-secret.yaml +++ b/helm/openwhisk/templates/ow-db-secret.yaml @@ -23,5 +23,9 @@ metadata: {{ include "openwhisk.label_boilerplate" . | indent 4 }} type: Opaque data: - db_username: {{ .Values.db.auth.username | b64enc }} - db_password: {{ .Values.db.auth.password | b64enc }} + db_username: {{ .Values.db.auth.admin.username | b64enc }} + db_password: {{ .Values.db.auth.admin.password | b64enc }} + db_controller_username: {{ .Values.db.auth.controller.username | b64enc }} + db_controller_password: {{ .Values.db.auth.controller.password | b64enc }} + db_invoker_username: {{ .Values.db.auth.invoker.username | b64enc }} + db_invoker_password: {{ .Values.db.auth.invoker.password | b64enc }} diff --git a/helm/openwhisk/values.yaml b/helm/openwhisk/values.yaml index a28ece2f..088901d0 100644 --- a/helm/openwhisk/values.yaml +++ b/helm/openwhisk/values.yaml @@ -123,6 +123,7 @@ whisk: retentionMs: "" containerPool: userMemory: "2048m" + akkaClient: false runtimes: "runtimes.json" testing: includeTests: true @@ -220,8 +221,15 @@ db: protocol: "http" # Production deployments _MUST_ override the default user/password values auth: - username: "whisk_admin" - password: "some_passw0rd" + admin: + username: "test_admin" + password: "some_passw0rd" + controller: + username: "test_controller0" + password: "some_controller_passw0rd" + invoker: + username: "test_invoker" + password: "some_invoker_passw0rd" dbPrefix: "test_" activationsTable: "test_activations" actionsTable: "test_whisks" @@ -239,6 +247,7 @@ nginx: imagePullPolicy: "IfNotPresent" replicaCount: 1 restartPolicy: "Always" + workerProcesses: 1 httpPort: 80 httpsPort: 443 httpsNodePort: 31001