├── .asf.yaml ├── .gitattributes ├── .gitignore ├── .travis.yml ├── CHANGELOG.md ├── CONTRIBUTING.md ├── LICENSE.txt ├── NOTICE.txt ├── README.md ├── deploy ├── README.md ├── docker-macOS │ └── mycluster.yaml ├── docker-windows │ └── mycluster.yaml ├── ibm-public │ ├── mycluster-iks.yaml │ └── mycluster-roks.yaml └── kind │ ├── kind-cluster.yaml │ ├── mycluster.yaml │ └── start-kind.sh ├── docker └── README.md ├── docs ├── configurationChoices.md ├── k8s-aws.md ├── k8s-custom-build-cluster-scaleup.md ├── k8s-diy-ubuntu.md ├── k8s-diy.md ├── k8s-docker-for-mac.md ├── k8s-docker-for-windows.md ├── k8s-google.md ├── k8s-ibm-public.md ├── k8s-kind.md ├── k8s-nfs-dynamic-storage.md ├── k8s-technical-requirements.md ├── openshift-4.md ├── openshift-technical-requirements.md ├── private-docker-registry.md └── troubleshooting.md ├── helm └── openwhisk │ ├── Chart.yaml │ ├── LICENSE │ ├── README.md │ ├── configMapFiles │ ├── README.md │ ├── configureDNS │ │ └── configureDNS.sh │ ├── dockerPullRuntimes │ │ └── playbook.yml │ ├── genCerts │ │ └── gencerts.sh │ ├── initCouchDB │ │ └── initdb.sh │ ├── installPackages │ │ └── myTask.sh │ ├── prometheus │ │ └── prometheus.yaml │ └── tests │ │ ├── packageChecker │ │ └── myTask.sh │ │ ├── smoketest │ │ └── myTask.sh │ │ └── systemTest │ │ └── myTask.sh │ ├── runtimes-minimal-travis.json │ ├── runtimes.json │ ├── templates │ ├── NOTES.txt │ ├── _affinity.tpl │ ├── _helpers.tpl │ ├── _invoker-helpers.tpl │ ├── _readiness.tpl │ ├── _tolerations.tpl │ ├── apigateway-pod.yaml │ ├── apigateway-svc.yaml │ ├── controller-pdb.yaml │ ├── controller-pod.yaml │ ├── controller-svc.yaml │ ├── core-rolebind.yaml │ ├── core-svcacct.yaml │ ├── couchdb-init-cm.yaml │ ├── couchdb-init-job.yaml │ ├── couchdb-pod.yaml │ ├── couchdb-pvc.yaml │ ├── couchdb-svc.yaml │ ├── elasticsearch-cm.yaml │ ├── elasticsearch-pdb.yaml │ ├── elasticsearch-pod.yaml │ ├── elasticsearch-psp.yaml │ ├── elasticsearch-role.yaml │ ├── elasticsearch-rolebind.yaml │ ├── elasticsearch-svc.yaml │ ├── elasticsearch-svcacct.yaml │ ├── etcd-pod.yaml │ ├── etcd-pvc.yaml │ ├── etcd-svc.yaml │ ├── frontdoor-ingress.yaml │ ├── frontdoor-secrets.yaml │ ├── gen-certs-cm.yaml │ ├── gen-certs-job.yaml │ ├── grafana-cm-dashboard.yaml │ ├── grafana-cm-datasource.yaml │ ├── grafana-cm-download.yaml │ ├── grafana-pod.yaml │ ├── grafana-svc.yaml │ ├── init-role.yaml │ ├── init-rolebind.yaml │ ├── init-svcact.yaml │ ├── install-packages-cm.yaml │ ├── install-packages-job.yaml │ ├── invoker-cm.yaml │ ├── invoker-pdb.yaml │ ├── invoker-pod.yaml │ ├── invoker-role.yaml │ ├── invoker-rolebind.yaml │ ├── invoker-svcacct.yaml │ ├── kafka-pdb.yaml │ ├── kafka-pod.yaml │ ├── kafka-pvc.yaml │ ├── kafka-svc.yaml │ ├── network-policy.yaml │ ├── nginx-cm.yaml │ ├── nginx-pod.yaml │ ├── nginx-svc.yaml │ ├── ow-db-cm.yaml │ ├── ow-db-secret.yaml │ ├── ow-docker-registry-secret.yaml │ ├── ow-whisk-cm.yaml │ ├── ow-whisk-secret.yaml │ ├── private-registry-secret.yml │ ├── prometheus-cm.yaml │ ├── prometheus-pod.yaml │ ├── prometheus-pvc.yaml │ ├── prometheus-role.yaml │ ├── prometheus-rolebind.yaml │ ├── prometheus-svc.yaml │ ├── prometheus-svcacct.yaml │ ├── provider-alarm-pod.yaml │ ├── provider-alarm-pvc.yaml │ ├── provider-kafka-pod.yaml │ ├── redis-pod.yaml │ ├── redis-pvc.yaml │ ├── redis-svc.yaml │ ├── scheduler-pdb.yaml │ ├── scheduler-pod.yaml │ ├── scheduler-svc.yaml │ ├── tests │ │ ├── package-checker-cm.yaml │ │ ├── package-checker-pod.yaml │ │ ├── smoketest-cm.yaml │ │ ├── smoketest-pod.yaml │ │ ├── systemtest-cm.yaml │ │ └── systemtest-pod.yaml │ ├── user-events-pod.yaml │ ├── user-events-svc.yaml │ ├── wskadmin-pod.yaml │ ├── zookeeper-cm.yaml │ ├── zookeeper-pdb.yaml │ ├── zookeeper-pod.yaml │ ├── zookeeper-pvc-data.yaml │ ├── zookeeper-pvc-datalog.yaml │ └── zookeeper-svc.yaml │ ├── values.schema.json │ ├── values.yaml │ └── whiskconfig.conf └── tools └── travis ├── box-upload.py ├── collect-logs.sh ├── deploy-chart.sh ├── publish-images.sh ├── publish.sh ├── run-tests.sh ├── scancode.sh ├── setup.sh └── setupscan.sh /.asf.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | github: 19 | description: "The Apache OpenWhisk Kubernetes Deployment repository supports deploying the Apache OpenWhisk system on Kubernetes and OpenShift clusters." 20 | homepage: https://openwhisk.apache.org/ 21 | labels: 22 | - openwhisk 23 | - apache 24 | - serverless 25 | - faas 26 | - functions-as-a-service 27 | - cloud 28 | - serverless-architectures 29 | - serverless-functions 30 | - docker 31 | - kubernetes 32 | - functions 33 | - openshift 34 | protected_branches: 35 | master: 36 | required_status_checks: 37 | strict: false 38 | required_pull_request_reviews: 39 | required_approving_review_count: 1 40 | required_signatures: false 41 | enabled_merge_buttons: 42 | merge: false 43 | squash: true 44 | rebase: true 45 | features: 46 | issues: true 47 | 48 | notifications: 49 | commits: commits@openwhisk.apache.org 50 | issues_status: issues@openwhisk.apache.org 51 | issues_comment: issues@openwhisk.apache.org 52 | pullrequests_status: issues@openwhisk.apache.org 53 | pullrequests_comment: issues@openwhisk.apache.org 54 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization. 2 | # Resources: 3 | # - https://www.kernel.org/pub/software/scm/git/docs/gitattributes.html 4 | # - http://davidlaing.com/2012/09/19/customise-your-gitattributes-to-become-a-git-ninja/ 5 | # - https://help.github.com/articles/dealing-with-line-endings/ 6 | * text=auto 7 | 8 | *.go text eol=lf 9 | *.java text 10 | *.js text 11 | *.md text 12 | *.py text eol=lf 13 | *.scala text 14 | *.sh text eol=lf 15 | *.gradle text 16 | *.xml text 17 | *.bat text eol=crlf 18 | 19 | *.jar binary 20 | *.png binary -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | kubernetes/nginx/certs 2 | myruntimes.json 3 | .DS_Store 4 | *~ 5 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | 19 | 20 | # Changelog 21 | 22 | ## 1.0.0 23 | * First Apache Release 24 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | 19 | 20 | [![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](http://www.apache.org/licenses/LICENSE-2.0) 21 | 22 | # Contributing to Apache OpenWhisk 23 | 24 | Anyone can contribute to the OpenWhisk project and we welcome your contributions. 25 | 26 | There are multiple ways to contribute: report bugs, improve the docs, and 27 | contribute code, but you must follow these prerequisites and guidelines: 28 | 29 | - [Contributor License Agreement](#contributor-license-agreement) 30 | - [Raising issues](#raising-issues) 31 | - [Coding Standards](#coding-standards) 32 | 33 | ### Contributor License Agreement 34 | 35 | All contributors must sign and submit an Apache CLA (Contributor License Agreement). 36 | 37 | Instructions on how to do this can be found here: 38 | [http://www.apache.org/licenses/#clas](http://www.apache.org/licenses/#clas) 39 | 40 | Once submitted, you will receive a confirmation email from the Apache Software Foundation (ASF) and be added to 41 | the following list: http://people.apache.org/unlistedclas.html. 42 | 43 | Project committers will use this list to verify pull requests (PRs) come from contributors that have signed a CLA. 44 | 45 | We look forward to your contributions! 46 | 47 | ## Raising issues 48 | 49 | Please raise any bug reports or enhancement requests on the respective project repository's GitHub issue tracker. Be sure to search the 50 | list to see if your issue has already been raised. 51 | 52 | A good bug report is one that make it easy for us to understand what you were trying to do and what went wrong. 53 | Provide as much context as possible so we can try to recreate the issue. 54 | 55 | A good enhancement request comes with an explanation of what you are trying to do and how that enhancement would help you. 56 | 57 | ### Discussion 58 | 59 | Please use the project's developer email list to engage our community: 60 | [dev@openwhisk.apache.org](dev@openwhisk.apache.org) 61 | 62 | In addition, we provide a "dev" Slack team channel for conversations at: 63 | https://openwhisk-team.slack.com/messages/dev/ 64 | 65 | ### Coding standards 66 | 67 | Please ensure you follow the coding standards used throughout the existing 68 | code base. Some basic rules include: 69 | 70 | - all files must have the Apache license in the header. 71 | - all PRs must have passing builds for all operating systems. 72 | -------------------------------------------------------------------------------- /NOTICE.txt: -------------------------------------------------------------------------------- 1 | Apache OpenWhisk Deploy Kubernetes 2 | Copyright 2016-2021 The Apache Software Foundation 3 | 4 | This product includes software developed at 5 | The Apache Software Foundation (http://www.apache.org/). 6 | -------------------------------------------------------------------------------- /deploy/README.md: -------------------------------------------------------------------------------- 1 | 19 | 20 | This directory contains scripts and configuration files for configuring 21 | various flavors of Kubernetes cluster providers. 22 | 23 | -------------------------------------------------------------------------------- /deploy/docker-macOS/mycluster.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | whisk: 19 | ingress: 20 | type: NodePort 21 | apiHostName: localhost 22 | apiHostPort: 31001 23 | useInternally: false 24 | 25 | nginx: 26 | httpsNodePort: 31001 27 | 28 | # A single node cluster; so disable affinity 29 | affinity: 30 | enabled: false 31 | toleration: 32 | enabled: false 33 | invoker: 34 | options: "-Dwhisk.kubernetes.user-pod-node-affinity.enabled=false" 35 | -------------------------------------------------------------------------------- /deploy/docker-windows/mycluster.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | whisk: 19 | ingress: 20 | type: NodePort 21 | apiHostName: localhost 22 | apiHostPort: 31001 23 | useInternally: false 24 | 25 | nginx: 26 | httpsNodePort: 31001 27 | 28 | # A single node cluster; so disable affinity 29 | affinity: 30 | enabled: false 31 | toleration: 32 | enabled: false 33 | invoker: 34 | options: "-Dwhisk.kubernetes.user-pod-node-affinity.enabled=false" 35 | -------------------------------------------------------------------------------- /deploy/ibm-public/mycluster-iks.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | whisk: 19 | ingress: 20 | # NOTE: Replace with your cluster's actual domain 21 | apiHostName: openwhisk. 22 | apiHostPort: 443 23 | apiHostProto: https 24 | type: Standard 25 | useInternally: true 26 | # NOTE: Replace with your cluster's actual domain 27 | domain: openwhisk. 28 | tls: 29 | enabled: true 30 | secretenabled: true 31 | createsecret: false 32 | # NOTE: Replace with your cluster's actual tlssecret 33 | secretname: 34 | annotations: 35 | kubernetes.io/ingress.class: public-iks-k8s-nginx 36 | nginx.ingress.kubernetes.io/use-regex: "true" 37 | nginx.ingress.kubernetes.io/configuration-snippet: | 38 | proxy_set_header X-Request-ID $request_id; 39 | nginx.ingress.kubernetes.io/proxy-body-size: 50m 40 | nginx.ingress.kubernetes.io/proxy-read-timeout: "75" 41 | 42 | invoker: 43 | containerFactory: 44 | impl: kubernetes 45 | -------------------------------------------------------------------------------- /deploy/ibm-public/mycluster-roks.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | whisk: 19 | ingress: 20 | # NOTE: Replace with your cluster's actual domain 21 | apiHostName: openwhisk. 22 | apiHostPort: 443 23 | apiHostProto: https 24 | type: Standard 25 | useInternally: true 26 | # NOTE: Replace with your cluster's actual domain 27 | domain: openwhisk. 28 | tls: 29 | enabled: true 30 | secretenabled: true 31 | createsecret: false 32 | # NOTE: Replace with your cluster's actual tlssecret 33 | secretname: 34 | annotations: 35 | kubernetes.io/ingress.class: public-iks-k8s-nginx 36 | nginx.ingress.kubernetes.io/use-regex: "true" 37 | nginx.ingress.kubernetes.io/configuration-snippet: | 38 | proxy_set_header X-Request-ID $request_id; 39 | nginx.ingress.kubernetes.io/proxy-body-size: 50m 40 | nginx.ingress.kubernetes.io/proxy-read-timeout: "75" 41 | 42 | k8s: 43 | dns: dns-default.openshift-dns 44 | 45 | invoker: 46 | containerFactory: 47 | impl: kubernetes 48 | -------------------------------------------------------------------------------- /deploy/kind/kind-cluster.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | kind: Cluster 19 | apiVersion: kind.x-k8s.io/v1alpha4 20 | nodes: 21 | - role: control-plane 22 | - role: worker 23 | extraPortMappings: 24 | - hostPort: 31001 25 | containerPort: 31001 26 | - role: worker 27 | -------------------------------------------------------------------------------- /deploy/kind/mycluster.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | whisk: 19 | ingress: 20 | type: NodePort 21 | apiHostName: localhost 22 | apiHostPort: 31001 23 | useInternally: false 24 | 25 | nginx: 26 | httpsNodePort: 31001 27 | 28 | # disable affinity 29 | affinity: 30 | enabled: false 31 | toleration: 32 | enabled: false 33 | invoker: 34 | options: "-Dwhisk.kubernetes.user-pod-node-affinity.enabled=false" 35 | # must use KCF as kind uses containerd as its container runtime 36 | containerFactory: 37 | impl: "kubernetes" 38 | -------------------------------------------------------------------------------- /deploy/kind/start-kind.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Licensed to the Apache Software Foundation (ASF) under one or more 4 | # contributor license agreements. See the NOTICE file distributed with 5 | # this work for additional information regarding copyright ownership. 6 | # The ASF licenses this file to You under the Apache License, Version 2.0 7 | # (the "License"); you may not use this file except in compliance with 8 | # the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | 19 | set -x 20 | 21 | SCRIPTDIR=$(cd $(dirname "$0") && pwd) 22 | 23 | TRAVIS_KUBE_VERSION=${TRAVIS_KUBE_VERSION:="v1.20"} 24 | 25 | # Map from Kubernetes major versions to the kind node image tag 26 | case $TRAVIS_KUBE_VERSION in 27 | v1.19) KIND_NODE_TAG=v1.19.11@sha256:07db187ae84b4b7de440a73886f008cf903fcf5764ba8106a9fd5243d6f32729 ;; 28 | v1.20) KIND_NODE_TAG=v1.20.7@sha256:cbeaf907fc78ac97ce7b625e4bf0de16e3ea725daf6b04f930bd14c67c671ff9 ;; 29 | v1.21) KIND_NODE_TAG=v1.21.1@sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6 ;; 30 | *) echo "Unsupported Kubernetes version $TRAVIS_KUBE_VERSION"; exit 1 ;; 31 | esac 32 | 33 | # Boot cluster 34 | kind create cluster --config "$SCRIPTDIR/kind-cluster.yaml" --name kind --image kindest/node:${KIND_NODE_TAG} --wait 10m || exit 1 35 | 36 | echo "Kubernetes cluster is deployed and reachable" 37 | kubectl describe nodes 38 | -------------------------------------------------------------------------------- /docker/README.md: -------------------------------------------------------------------------------- 1 | 19 | 20 | This directory contains the Dockerfiles and other artifacts to 21 | build specialized docker images for deploying OpenWhisk to Kubernetes. 22 | 23 | These images are built automatically and published 24 | to DockerHub under the openwhisk userid. Docker images are 25 | published on all successful Travis CI builds of the master branch. 26 | The built images are: 27 | * currently no images are being actively built. 28 | -------------------------------------------------------------------------------- /docs/k8s-diy.md: -------------------------------------------------------------------------------- 1 | 19 | 20 | # Deploying OpenWhisk on "build-it-yourself" Kubernetes clusters 21 | 22 | ## Overview 23 | 24 | This document is an attempt to summarize configuration choices to make 25 | when deploying OpenWhisk on a Kubernetes cluster you have built 26 | yourself (ie, not on a public cloud managed Kubernetes service). 27 | 28 | First, make sure your cluster is compatible with the 29 | [technical requirements](k8s-technical-requirements.md). 30 | 31 | ### Configuring OpenWhisk 32 | 33 | #### NodePort Ingress 34 | 35 | The simplest type of ingress to configure for OpenWhisk is a NodePort ingress. 36 | 37 | Add the following to your `mycluster.yaml`, substituting a real IP address 38 | for YOUR_WORKERS_PUBLIC_IP_ADDR: 39 | ```yaml 40 | whisk: 41 | ingress: 42 | type: NodePort 43 | apiHostName: YOUR_WORKERS_PUBLIC_IP_ADDR 44 | apiHostPort: 31001 45 | 46 | nginx: 47 | httpsNodePort: 31001 48 | ``` 49 | 50 | ### Using an ingress controller 51 | 52 | Properly configuring TLS can be challenging, but if you know how to get TLS 53 | to work with your ingress controller for other services on your cluster, 54 | you can probably get it to work for OpenWhisk as well. 55 | You will need something like the following in your `mycluster.yaml`. 56 | ```yaml 57 | whisk: 58 | ingress: 59 | apiHostName: 60 | apiHostPort: 443 61 | apiHostProto: https 62 | type: Standard 63 | domain: 64 | tls: 65 | enabled: true 66 | 67 | annotations: 68 | 69 | ``` 70 | You can see how these values are used and what other values you might 71 | need by inspecting 72 | [frontdoor-ingress.yaml](../helm/openwhisk/templates/frontdoor-ingress.yaml) 73 | and 74 | [frontdoor-secrets.yaml](../helm/openwhisk/templates/frontdoor-secrets.yaml). 75 | 76 | 77 | -------------------------------------------------------------------------------- /docs/k8s-docker-for-mac.md: -------------------------------------------------------------------------------- 1 | 19 | 20 | # Deploying OpenWhisk on Kubernetes in Docker for Mac 21 | 22 | ## Overview 23 | 24 | If you are using a Mac as your development machine, the simplest way 25 | to get a Kubernetes cluster for local development is to use the 26 | built-in support for running a single node Kubernetes cluster that is 27 | available in Docker 18.06 and later. This will let you use Helm to 28 | deploy Apache OpenWhisk to Kubernetes on your laptop without needing 29 | any additional virtualization software installed. 30 | 31 | ## Initial setup 32 | 33 | ### Creating the Kubernetes Cluster 34 | 35 | Step-by-step instructions on enabling Kubernetes in Docker are 36 | available as part of the 37 | [Getting started](https://docs.docker.com/docker-for-mac/#Kubernetes) 38 | documentation from Docker. 39 | 40 | In a nutshell, open the Docker preferences window, switch to the 41 | `Advanced` panel and make sure you have at least 4GB of Memory 42 | allocated to Docker. Then switch to the Kubernetes panel, and check 43 | the box to enable Kubernetes. It is recommended that you use the 44 | `kubectl` cli that is installed by Docker in `/usr/local/bin`, so 45 | please make sure it is appears in your path before any `kubectl` you 46 | might also have installed on your machine. Finally, pick the 47 | `docker-desktop` config for `kubectl` by executing the command 48 | `kubectl config use-context docker-desktop`. 49 | 50 | ### Configuring OpenWhisk 51 | 52 | You will be using a NodePort ingress to access OpenWhisk. Assuming 53 | port 31001 is available to be used on your host machine, a 54 | [mycluster.yaml](../deploy/docker-macOS/mycluster.yaml] 55 | for a standard deployment of OpenWhisk would be: 56 | ```yaml 57 | whisk: 58 | ingress: 59 | type: NodePort 60 | apiHostName: localhost 61 | apiHostPort: 31001 62 | useInternally: false 63 | 64 | nginx: 65 | httpsNodePort: 31001 66 | 67 | # A single node cluster; so disable affinity 68 | affinity: 69 | enabled: false 70 | toleration: 71 | enabled: false 72 | invoker: 73 | options: "-Dwhisk.kubernetes.user-pod-node-affinity.enabled=false" 74 | ``` 75 | 76 | ## Hints and Tips 77 | 78 | One nice feature of using Kubernetes in Docker, is that the 79 | containers being run in Kubernetes are also directly 80 | visible/accessible via the usual Docker commands. Furthermore, it is 81 | straightforward to deploy local images by adding a stanza to your 82 | mycluster.yaml. For example, to use a locally built controller image, 83 | just add the stanza below to your `mycluster.yaml` to override the default 84 | behavior of pulling a stable `openwhisk/controller` image from Docker Hub. 85 | ```yaml 86 | controller: 87 | imageName: "whisk/controller" 88 | imageTag: "latest" 89 | ``` 90 | 91 | ## Limitations 92 | 93 | Using Kubernetes in Docker for Mac is only appropriate for development 94 | and testing purposes. It is not recommended for production 95 | deployments of OpenWhisk. 96 | 97 | TLS termination will be handled by OpenWhisk's `nginx` service and 98 | will use self-signed certificates. You will need to invoke `wsk` with 99 | the `-i` command line argument to bypass certificate checking. 100 | -------------------------------------------------------------------------------- /docs/k8s-google.md: -------------------------------------------------------------------------------- 1 | 19 | 20 | # Deploying OpenWhisk on Google GKE 21 | 22 | ## Overview 23 | 24 | ## Initial setup 25 | 26 | ### Creating the Kubernetes Cluster 27 | 28 | Follow Google's instructions to provision your cluster. 29 | 30 | ### Configuring OpenWhisk 31 | 32 | We recommend using an nginx ingress when running OpenWhisk on GKE. 33 | 34 | According to your nginx ingress settings you can define a value of your choice. Check the official Google Cloud documentation here: https://cloud.google.com/kubernetes-engine/docs/tutorials/configuring-domain-name-static-ip. As stated you can create a domain of the type: `openwhisk..com` 35 | 36 | You can choose to create a tls secret for that and provide values for and in base64. 37 | 38 | To generate the values for and you can use the openssl tool: 39 | 40 | ``` 41 | openssl req -newkey rsa:2048 -nodes -keyout tls.key -x509 -days 365 -out tls.crt 42 | cat tls.key | base64 43 | cat tls.crt | base64 44 | ``` 45 | 46 | Now define `mycluster.yaml` as below: 47 | 48 | ```yaml 49 | whisk: 50 | ingress: 51 | apiHostName: 52 | apiHostPort: 443 53 | apiHostProto: https 54 | type: Standard 55 | domain: 56 | tls: 57 | enabled: true 58 | secretenabled: true 59 | createsecret: true 60 | secretname: openwhisk-ingress-tls-secret 61 | secrettype: kubernetes.io/tls 62 | crt: 63 | key: 64 | annotations: 65 | kubernetes.io/ingress.class: nginx 66 | kubernetes.io/tls-acme: true 67 | nginx.ingress.kubernetes.io/proxy-body-size: 0 68 | ``` 69 | 70 | ## Hints and Tips 71 | 72 | 73 | ## Limitations 74 | 75 | -------------------------------------------------------------------------------- /docs/k8s-technical-requirements.md: -------------------------------------------------------------------------------- 1 | 19 | 20 | # Technical Requirements for Kubernetes 21 | 22 | The Kubernetes cluster on which you are deploying OpenWhisk must meet 23 | the following requirements: 24 | * [Kubernetes](https://github.com/kubernetes/kubernetes) version 1.19+. 25 | Our automated testing currently covers Kubernetes versions 1.19, 1.20, and 1.21. 26 | * The ability to create Ingresses to make a Kubernetes service 27 | available outside of the cluster so you can actually use OpenWhisk. 28 | * Unless you disable persistence (see 29 | [configurationChoices.md](configurationChoices.md)), 30 | either your cluster must be configured to support [Dynamic Volume 31 | Provision](https://kubernetes.io/docs/concepts/storage/dynamic-provisioning/) 32 | and you must have a DefaultStorageClass admission controller enabled 33 | or you must manually create any necessary PersistentVolumes when 34 | deploying the Helm chart. 35 | * Endpoints of Kubernetes services must be able to loopback to 36 | themselves (the kubelet's `hairpin-mode` must not be `none`). 37 | 38 | -------------------------------------------------------------------------------- /docs/openshift-technical-requirements.md: -------------------------------------------------------------------------------- 1 | 19 | 20 | # Technical Requirements for OpenShift 21 | 22 | The OpenShift cluster on which you are deploying OpenWhisk must meet 23 | the following requirements: 24 | * OpenShift version 4.5 or newer (these instructions were tested on 4.5). 25 | * The ability to create Ingresses to make a Kubernetes service 26 | available outside of the cluster so you can actually use OpenWhisk. 27 | * Unless you disable persistence (see 28 | [configurationChoices.md](configurationChoices.md)), 29 | either your cluster must be configured to support [Dynamic Volume 30 | Provision](https://kubernetes.io/docs/concepts/storage/dynamic-provisioning/) 31 | and you must have a DefaultStorageClass admission controller enabled 32 | or you must manually create any necessary PersistentVolumes when 33 | deploying the Helm chart. 34 | -------------------------------------------------------------------------------- /docs/private-docker-registry.md: -------------------------------------------------------------------------------- 1 | 19 | 20 | # Using private docker registry 21 | 22 | By default, helm charts currently use docker hub to download images to deploy OpenWhisk components on Kubernetes. If your Kubernetes provider does not allow public docker registry, you can use your hosted docker image registry to deploy OpenWhisk on Kubernetes. 23 | 24 | - All openwhisk images should be uploaded to your hosted docker registry server. 25 | - openwhisk/apigateway 26 | - apache/couchdb 27 | - openwhisk/controller 28 | - openwhisk/invoker 29 | - wurstmeister/kafka 30 | - openwhisk/ow-utils 31 | - zookeeper 32 | - nginx 33 | - redis 34 | - busybox 35 | - openwhisk/alarmprovider 36 | - openwhisk/kafkaprovider 37 | 38 | - Add details of your docker registry information in mycluster.yml. 39 | 40 | ```yaml 41 | docker: 42 | registry: 43 | name: "registry-name/" 44 | username: username 45 | password: "Password" 46 | ``` 47 | 48 | > - enabling registry information will cause all your images to be pulled from private docker registry only. 49 | > - Append / in your docker registry name. 50 | 51 | Enabling *registry.name* will create a docker-registry secret as *{ReleaseName}-private-registry.auth* in Kubernetes which will be used in pod/jobs as *imagePullSecrets*. 52 | 53 | ```yaml 54 | # If ReleaseName is owdev and namespace is openwhisk 55 | # kubectl get secrets owdev-private-registry.auth -o yaml 56 | 57 | apiVersion: v1 58 | data: 59 | .dockerconfigjson: 60 | kind: Secret 61 | metadata: 62 | annotations: 63 | kubectl.kubernetes.io/last-applied-configuration: | 64 | {"apiVersion":"v1","data":{".dockerconfigjson":"Base64 Encoded"},"kind":"Secret","metadata":{"annotations":{},"labels":{"app":"owdev-openwhisk","chart":"openwhisk-0.1.4","heritage":"Tiller","release":"owdev"},"name":"owdev-private-registry.auth","namespace":"openwhisk"},"type":"kubernetes.io/dockerconfigjson"} 65 | creationTimestamp: "2019-04-04T06:44:43Z" 66 | labels: 67 | app: owdev-openwhisk 68 | chart: openwhisk-0.1.4 69 | heritage: Tiller 70 | release: owdev 71 | name: owdev-private-registry.auth 72 | namespace: openwhisk 73 | resourceVersion: "18273580" 74 | selfLink: /api/v1/namespaces/openwhisk/secrets/owdev-private-registry.auth 75 | uid: 20f03275-56a5-11e9-9164-005056a3e755 76 | type: kubernetes.io/dockerconfigjson 77 | ``` 78 | -------------------------------------------------------------------------------- /helm/openwhisk/Chart.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | apiVersion: v2 19 | type: application 20 | name: openwhisk 21 | version: 1.0.1 22 | home: https://openwhisk.apache.org 23 | description: Apache OpenWhisk is an open source serverless cloud platform 24 | icon: https://raw.githubusercontent.com/apache/openwhisk/682eb5b62ee6ba8017ab54226c2ace3637f4f1ec/docs/images/whisk_icon_full-color_with_tm_64x64-300dpi.png 25 | keywords: 26 | - Apache OpenWhisk 27 | - amd64 28 | maintainers: 29 | - name: Apache OpenWhisk Community 30 | email: dev@openwhisk.apache.org 31 | kubeVersion: ">=v1.19.0-r0" 32 | -------------------------------------------------------------------------------- /helm/openwhisk/configMapFiles/README.md: -------------------------------------------------------------------------------- 1 | 19 | 20 | This directory contains files that are used to create ConfigMaps 21 | that are volume-mounted into containers. By keeping them as separate 22 | files, we avoid needing to escape {{ or }} and can use natural indentation. 23 | 24 | -------------------------------------------------------------------------------- /helm/openwhisk/configMapFiles/configureDNS/configureDNS.sh: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | exportVars() { 19 | vname=$1 20 | vals=$2 21 | 22 | let "idx=0" 23 | for v in $vals; do 24 | export $(echo $vname$idx)=$v 25 | let "idx=idx+1" 26 | done 27 | } 28 | 29 | echo "The contents of /etc/resolv.conf are:" 30 | cat /etc/resolv.conf 31 | 32 | nameservers=$(grep -e ^nameserver /etc/resolv.conf | sed 's/nameserver //') 33 | search=$(grep -e ^search /etc/resolv.conf | sed 's/search //') 34 | options=$(grep -e ^option /etc/resolv.conf | sed 's/option //') 35 | 36 | exportVars "CONFIG_whisk_containerFactory_containerArgs_dnsServers_" "$nameservers" 37 | exportVars "CONFIG_whisk_containerFactory_containerArgs_dnsSearch_" "$search" 38 | exportVars "CONFIG_whisk_containerFactory_containerArgs_dnsOptions_" "$options" 39 | -------------------------------------------------------------------------------- /helm/openwhisk/configMapFiles/dockerPullRuntimes/playbook.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | --- 18 | 19 | # Playbook to prefetch runtime action images from a docker registry for an invoker node 20 | # as specified by the RUNTIMES_MANIFEST environment variable 21 | # Note: If RUNTIMES_REGISTRY is not "", it must include a trailing '/' 22 | 23 | - hosts: localhost 24 | vars: 25 | docker_pull_retries: 10 26 | docker_pull_delay: 10 27 | runtimes_registry: "{{ lookup('env', 'RUNTIMES_REGISTRY') | default() }}" 28 | runtimes_registry_username: "{{ lookup('env', 'RUNTIMES_REGISTRY_USERNAME') | default() }}" 29 | runtimes_registry_password: "{{ lookup('env', 'RUNTIMES_REGISTRY_PASSWORD') | default() }}" 30 | runtimes_manifest: "{{ lookup('env', 'RUNTIMES_MANIFEST') }}" 31 | runtimes_manifest_json: "{{ lookup('env', 'RUNTIMES_MANIFEST') | from_json }}" 32 | 33 | tasks: 34 | - name: docker login 35 | docker_login: 36 | registry: "{{ runtimes_registry }}" 37 | username: "{{ runtimes_registry_username }}" 38 | password: "{{ runtimes_registry_password }}" 39 | when: runtimes_registry != "" and runtimes_registry_password is defined 40 | 41 | - name: "Display runtime manifest" 42 | debug: 43 | var: runtimes_manifest 44 | 45 | - name: "Process runtime manifest" 46 | set_fact: 47 | docker_images_managed: "{{ runtimes_manifest_json.runtimes.values() | sum(start=[]) | selectattr('deprecated', 'equalto', false) | map(attribute='image') | list | unique }}" 48 | docker_images_blackbox: "{{ runtimes_manifest_json.blackboxes }}" 49 | 50 | - name: "pull runtime action images per manifest" 51 | shell: "docker pull {{runtimes_registry}}{{item.prefix}}/{{item.name}}:{{item.tag | default()}}" 52 | with_items: 53 | - "{{ docker_images_managed }}" 54 | retries: "{{ docker_pull_retries }}" 55 | delay: "{{ docker_pull_delay }}" 56 | 57 | - name: "pull blackboxes action images per manifest" 58 | shell: "docker pull {{runtimes_registry}}{{item.prefix}}/{{item.name}}:{{item.tag | default()}}" 59 | with_items: 60 | - "{{ docker_images_blackbox }}" 61 | retries: "{{ docker_pull_retries }}" 62 | delay: "{{ docker_pull_delay }}" 63 | -------------------------------------------------------------------------------- /helm/openwhisk/configMapFiles/genCerts/gencerts.sh: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | if kubectl get secret $NGINX_CERT_SECRET; then 19 | echo "using existing $NGINX_CERT_SECRET secret" 20 | else 21 | echo "generating new $NGINX_CERT_SECRET secret" 22 | genssl.sh "*.$WHISK_API_HOST_NAME" server /cert-gen 23 | kubectl create secret tls $NGINX_CERT_SECRET --cert=/cert-gen/openwhisk-server-cert.pem --key=/cert-gen/openwhisk-server-key.pem 24 | fi 25 | 26 | -------------------------------------------------------------------------------- /helm/openwhisk/configMapFiles/prometheus/prometheus.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | # See https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml 19 | # For details on various options 20 | global: 21 | scrape_interval: 10s 22 | scrape_configs: 23 | 24 | - job_name: 'kubernetes-pods' 25 | kubernetes_sd_configs: 26 | - role: pod 27 | relabel_configs: 28 | - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] 29 | action: keep 30 | regex: true 31 | - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] 32 | action: replace 33 | target_label: __metrics_path__ 34 | regex: (.+) 35 | - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] 36 | action: replace 37 | regex: ([^:]+)(?::\d+)?;(\d+) 38 | replacement: $1:$2 39 | target_label: __address__ 40 | - action: labelmap 41 | regex: __meta_kubernetes_pod_label_(.+) 42 | - source_labels: [__meta_kubernetes_namespace] 43 | action: replace 44 | target_label: kubernetes_namespace 45 | - source_labels: [__meta_kubernetes_pod_name] 46 | action: replace 47 | target_label: kubernetes_pod_name 48 | -------------------------------------------------------------------------------- /helm/openwhisk/configMapFiles/tests/packageChecker/myTask.sh: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | # This test verifies that the catalog of system packages has been properly 19 | # installed and is accessible using the guest auth. 20 | 21 | packageListingCheck() { 22 | echo "Looking for package $1" 23 | if [ -z "$1" ]; then 24 | echo "Error, package listing check called without a package name" 25 | exit 1 26 | fi 27 | 28 | # Try several times to accommodate eventual consistency of CouchDB 29 | PACKAGE_LIST_PASSED=false 30 | PACKAGE_LIST_ATTEMPTS=0 31 | until $PACKAGE_LIST_PASSED; do 32 | RESULT=$(wsk package list /whisk.system -i | grep "$1") 33 | if [ -z "$RESULT" ]; then 34 | let PACKAGE_LIST_ATTEMPTS=PACKAGE_LIST_ATTEMPTS+1 35 | if [ $PACKAGE_LIST_ATTEMPTS -gt 5 ]; then 36 | echo "FAILED! Could not list package $1" 37 | exit 1 38 | fi 39 | echo "wsk package list did not find $1; sleep 5 seconds and try again" 40 | sleep 5 41 | else 42 | echo "success: wsk package list included $1" 43 | PACKAGE_LIST_PASSED=true 44 | fi 45 | done 46 | } 47 | 48 | # Configure wsk CLI 49 | wsk property set --auth $WSK_AUTH --apihost $WSK_API_HOST_URL 50 | 51 | 52 | # Check for the standard catalog of packages 53 | packageListingCheck "github" 54 | packageListingCheck "slack" 55 | packageListingCheck "utils" 56 | packageListingCheck "samples" 57 | packageListingCheck "websocket" 58 | 59 | # Check packages for installed event providers 60 | if [ "$OW_INSTALL_ALARM_PROVIDER" == "yes" ]; then 61 | packageListingCheck "alarms" 62 | fi 63 | if [ "$OW_INSTALL_KAFKA_PROVIDER" == "yes" ]; then 64 | packageListingCheck "messaging" 65 | fi 66 | 67 | # Invoke /whisk.system/utils.echo as a smoketest of the installed actions 68 | RESULT=$(wsk -i action invoke --blocking /whisk.system/utils/echo -p msg HelloWhisker | grep "\"msg\": \"HelloWhisker\"") 69 | if [ -z "$RESULT" ]; then 70 | echo "FAILED! Did not get expected result from invoking /whisk.system/utils/echo" 71 | echo $RESULT 72 | exit 1 73 | fi 74 | 75 | echo "PASSED! Listed all expected packages and successfully invoked echo action" 76 | 77 | 78 | 79 | -------------------------------------------------------------------------------- /helm/openwhisk/configMapFiles/tests/smoketest/myTask.sh: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | # A short smoketest to verify basic functionality of an OpenWhisk deployment 19 | 20 | # Configure wsk CLI 21 | wsk property set --auth $WSK_AUTH --apihost $WSK_API_HOST_URL 22 | 23 | # create wsk action 24 | cat > /tmp/hello.js << EOL 25 | function main() { 26 | return {body: 'Hello world'} 27 | } 28 | EOL 29 | 30 | echo "Creating action" 31 | wsk -i action create hello /tmp/hello.js --web true || (echo "FAILED! Could not create a hello action!"; exit 1) 32 | 33 | # first list actions and expect to see hello 34 | # Try several times to accommodate eventual consistency of CouchDB 35 | echo "Listing action" 36 | ACTION_LIST_PASSED=false 37 | ACTION_LIST_ATTEMPTS=0 38 | until $ACTION_LIST_PASSED; do 39 | RESULT=$(wsk -i action list | grep hello) 40 | if [ -z "$RESULT" ]; then 41 | let ACTION_LIST_ATTEMPTS=ACTION_LIST_ATTEMPTS+1 42 | if [ $ACTION_LIST_ATTEMPTS -gt 5 ]; then 43 | echo "FAILED! Could not list hello action via CLI" 44 | exit 1 45 | fi 46 | echo "wsk action list did not include hello; sleep 5 seconds and try again" 47 | sleep 5 48 | else 49 | echo "success: wsk action list included hello" 50 | ACTION_LIST_PASSED=true 51 | fi 52 | done 53 | 54 | # next invoke the new hello world action via the CLI 55 | echo "Invoking action via CLI" 56 | RESULT=$(wsk -i action invoke --blocking hello | grep "\"status\": \"success\"") 57 | if [ -z "$RESULT" ]; then 58 | echo "FAILED! Could not invoke hello action via CLI" 59 | exit 1 60 | fi 61 | 62 | # now run it as a web action 63 | echo "Invoking as web action" 64 | HELLO_URL=$(wsk -i action get hello --url | grep "https://") 65 | if [ -z "$HELLO_URL" ]; then 66 | HELLO_URL=$(wsk -i action get hello --url | grep "http://") 67 | fi 68 | RESULT=$(wget --no-check-certificate -qO- $HELLO_URL | grep 'Hello world') 69 | if [ -z "$RESULT" ]; then 70 | echo "FAILED! Could not invoke hello as a web action" 71 | exit 1 72 | fi 73 | 74 | # now define it as an api and invoke it that way 75 | echo "Registering as an api" 76 | wsk -i api create /demo /hello get hello || (echo "FAILED: unable to create API"; exit 1) 77 | echo "Invoking action via the api" 78 | API_URL=$(wsk -i api list | grep hello | awk '{print $4}') 79 | echo "External api URL: $API_URL" 80 | INTERNAL_URL=$(echo $API_URL | sed s#^http.*/api/#$WSK_API_HOST_URL/api/#) 81 | echo "Internal api URL: $INTERNAL_URL" 82 | RESULT=$(wget --no-check-certificate -qO- "$INTERNAL_URL" | grep 'Hello world') 83 | if [ -z "$RESULT" ]; then 84 | echo "FAILED! Could not invoke hello via apigateway" 85 | exit 1 86 | fi 87 | 88 | # now delete the resources so the test could be run again 89 | wsk -i api delete /demo || (echo "FAILED! failed to delete API"; exit 1) 90 | wsk -i action delete hello || (echo "FAILED! failed to delete action"; exit 1) 91 | 92 | echo "PASSED! Created Hello action and invoked via cli, web and apigateway" 93 | 94 | 95 | 96 | -------------------------------------------------------------------------------- /helm/openwhisk/configMapFiles/tests/systemTest/myTask.sh: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | set -ex 19 | 20 | # Clone openwhisk repo at specified tag to get test suite 21 | git clone -q https://github.com/apache/openwhisk openwhisk 22 | cd /openwhisk 23 | git checkout $OW_GIT_TAG_OPENWHISK 24 | 25 | # compile test suite 26 | ./gradlew --console=plain compileTestScala tests:buildArtifacts 27 | 28 | # run tests:testSystemKCF 29 | ./gradlew --console=plain :tests:testSystemKCF -Dwhisk.auth="$WSK_AUTH" -Dwhisk.server=$WSK_API_HOST_URL -Dopenwhisk.home=/openwhisk 30 | 31 | echo "PASSED! Successfully executed tests:testSystemKCF" 32 | -------------------------------------------------------------------------------- /helm/openwhisk/runtimes-minimal-travis.json: -------------------------------------------------------------------------------- 1 | 2 | { 3 | "runtimes": { 4 | "nodejs": [ 5 | { 6 | "kind": "nodejs:14", 7 | "default": true, 8 | "image": { 9 | "prefix": "openwhisk", 10 | "name": "action-nodejs-v14", 11 | "tag": "1.19.0" 12 | }, 13 | "deprecated": false, 14 | "attached": { 15 | "attachmentName": "codefile", 16 | "attachmentType": "text/plain" 17 | } 18 | } 19 | ], 20 | "python": [ 21 | { 22 | "kind": "python:3", 23 | "default": true, 24 | "image": { 25 | "prefix": "openwhisk", 26 | "name": "action-python-v3.7", 27 | "tag": "1.17.0" 28 | }, 29 | "deprecated": false, 30 | "attached": { 31 | "attachmentName": "codefile", 32 | "attachmentType": "text/plain" 33 | } 34 | } 35 | ], 36 | "swift": [ 37 | { 38 | "kind": "swift:4.2", 39 | "default": true, 40 | "image": { 41 | "prefix": "openwhisk", 42 | "name": "action-swift-v4.2", 43 | "tag": "1.17.0" 44 | }, 45 | "deprecated": false, 46 | "attached": { 47 | "attachmentName": "codefile", 48 | "attachmentType": "text/plain" 49 | } 50 | } 51 | ] 52 | }, 53 | "blackboxes": [ 54 | { 55 | "prefix": "openwhisk", 56 | "name": "dockerskeleton", 57 | "tag": "1.14.0" 58 | } 59 | ] 60 | } 61 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{/* 2 | Licensed to the Apache Software Foundation (ASF) under one or more 3 | contributor license agreements. See the NOTICE file distributed with 4 | this work for additional information regarding copyright ownership. 5 | The ASF licenses this file to You under the Apache License, Version 2.0 6 | (the "License"); you may not use this file except in compliance with 7 | the License. You may obtain a copy of the License at 8 | 9 | http://www.apache.org/licenses/LICENSE-2.0 10 | 11 | Unless required by applicable law or agreed to in writing, software 12 | distributed under the License is distributed on an "AS IS" BASIS, 13 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | See the License for the specific language governing permissions and 15 | limitations under the License. 16 | */}} 17 | Apache OpenWhisk 18 | Copyright 2016-2021 The Apache Software Foundation 19 | 20 | This product includes software developed at 21 | The Apache Software Foundation (http://www.apache.org/). 22 | 23 | To configure your wsk cli to connect to it, set the apihost property 24 | {{- if eq .Values.whisk.ingress.type "LoadBalancer" }} 25 | by running the command `kubectl get services -o wide` and 26 | use the hostname of the `EXTERNAL-IP` of the {{ .Release.Name }}-nginx service 27 | and port 443 in the command below: 28 | 29 | $ wsk property set --apihost NGINX_SERVICE_EXTERNAL_IP:443 30 | {{- else }} 31 | using the command below: 32 | 33 | $ wsk property set --apihost {{ .Values.whisk.ingress.apiHostName -}}:{{- .Values.whisk.ingress.apiHostPort }} 34 | {{- end }} 35 | 36 | Your release is named {{ .Release.Name }}. 37 | 38 | To learn more about the release, try: 39 | 40 | $ helm status {{ .Release.Name }} 41 | $ helm get {{ .Release.Name }} 42 | 43 | Once the '{{ .Release.Name }}-install-packages' Pod is in the Completed state, your OpenWhisk deployment is ready to be used. 44 | 45 | Once the deployment is ready, you can verify it using: 46 | 47 | $ helm test {{ .Release.Name }} --cleanup 48 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/_affinity.tpl: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | # This file defines template snippets for scheduler affinity and anti-affinity 19 | 20 | {{/* Generic core affinity */}} 21 | {{- define "openwhisk.affinity.core" -}} 22 | # prefer to not run on an invoker node (only prefer because of single node clusters) 23 | nodeAffinity: 24 | preferredDuringSchedulingIgnoredDuringExecution: 25 | - weight: 100 26 | preference: 27 | matchExpressions: 28 | - key: openwhisk-role 29 | operator: NotIn 30 | values: 31 | - {{ .Values.affinity.invokerNodeLabel }} 32 | - weight: 80 33 | preference: 34 | matchExpressions: 35 | - key: openwhisk-role 36 | operator: In 37 | values: 38 | - {{ .Values.affinity.coreNodeLabel }} 39 | {{- end -}} 40 | 41 | 42 | {{/* Generic edge affinity */}} 43 | {{- define "openwhisk.affinity.edge" -}} 44 | # prefer to not run on an invoker node (only prefer because of single node clusters) 45 | nodeAffinity: 46 | preferredDuringSchedulingIgnoredDuringExecution: 47 | - weight: 100 48 | preference: 49 | matchExpressions: 50 | - key: openwhisk-role 51 | operator: NotIn 52 | values: 53 | - {{ .Values.affinity.invokerNodeLabel }} 54 | - weight: 80 55 | preference: 56 | matchExpressions: 57 | - key: openwhisk-role 58 | operator: In 59 | values: 60 | - {{ .Values.affinity.edgeNodeLabel }} 61 | {{- end -}} 62 | 63 | 64 | {{/* Generic provider affinity */}} 65 | {{- define "openwhisk.affinity.provider" -}} 66 | # prefer to not run on an invoker node (only prefer because of single node clusters) 67 | nodeAffinity: 68 | preferredDuringSchedulingIgnoredDuringExecution: 69 | - weight: 100 70 | preference: 71 | matchExpressions: 72 | - key: openwhisk-role 73 | operator: NotIn 74 | values: 75 | - {{ .Values.affinity.invokerNodeLabel }} 76 | - weight: 80 77 | preference: 78 | matchExpressions: 79 | - key: openwhisk-role 80 | operator: In 81 | values: 82 | - {{ .Values.affinity.providerNodeLabel }} 83 | {{- end -}} 84 | 85 | 86 | {{/* Invoker node affinity */}} 87 | {{- define "openwhisk.affinity.invoker" -}} 88 | # run only on nodes labeled with openwhisk-role={{ .Values.affinity.invokerNodeLabel }} 89 | nodeAffinity: 90 | requiredDuringSchedulingIgnoredDuringExecution: 91 | nodeSelectorTerms: 92 | - matchExpressions: 93 | - key: openwhisk-role 94 | operator: In 95 | values: 96 | - {{ .Values.affinity.invokerNodeLabel }} 97 | {{- end -}} 98 | 99 | 100 | {{/* Self anti-affinity */}} 101 | {{- define "openwhisk.affinity.selfAntiAffinity" -}} 102 | # Fault tolerance: prevent multiple instances of {{ . }} from running on the same node 103 | podAntiAffinity: 104 | requiredDuringSchedulingIgnoredDuringExecution: 105 | - labelSelector: 106 | matchExpressions: 107 | - key: name 108 | operator: In 109 | values: 110 | - {{ . }} 111 | topologyKey: "kubernetes.io/hostname" 112 | {{- end -}} -------------------------------------------------------------------------------- /helm/openwhisk/templates/_invoker-helpers.tpl: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- define "openwhisk.docker_volumes" -}} 19 | - name: cgroup 20 | hostPath: 21 | path: "/sys/fs/cgroup" 22 | - name: runc 23 | hostPath: 24 | path: "/run/runc" 25 | - name: dockerrootdir 26 | hostPath: 27 | path: "/var/lib/docker/containers" 28 | - name: dockersock 29 | hostPath: 30 | path: "/var/run/docker.sock" 31 | {{- end -}} 32 | 33 | {{- define "openwhisk.docker_volume_mounts" -}} 34 | - name: cgroup 35 | mountPath: "/sys/fs/cgroup" 36 | - name: runc 37 | mountPath: "/run/runc" 38 | - name: dockersock 39 | mountPath: "/var/run/docker.sock" 40 | - name: dockerrootdir 41 | mountPath: "/containers" 42 | {{- end -}} 43 | 44 | {{- define "openwhisk.docker_pull_runtimes" -}} 45 | - name: docker-pull-runtimes 46 | image: "{{- .Values.docker.registry.name -}}{{- .Values.utility.imageName -}}:{{- .Values.utility.imageTag -}}" 47 | imagePullPolicy: {{ .Values.utility.imagePullPolicy | quote }} 48 | command: ["/usr/local/bin/ansible-playbook", "/invoker-scripts/playbook.yml"] 49 | volumeMounts: 50 | - name: dockersock 51 | mountPath: "/var/run/docker.sock" 52 | - name: scripts-dir 53 | mountPath: "/invoker-scripts/playbook.yml" 54 | subPath: "playbook.yml" 55 | env: 56 | # action runtimes 57 | - name: "RUNTIMES_MANIFEST" 58 | value: {{ template "openwhisk.runtimes_manifest" . }} 59 | {{- if ne .Values.docker.registry.name "" }} 60 | - name: "RUNTIMES_REGISTRY" 61 | value: "{{- .Values.docker.registry.name -}}" 62 | - name: "RUNTIMES_REGISTRY_USERNAME" 63 | valueFrom: 64 | secretKeyRef: 65 | name: {{ .Release.Name }}-docker.registry.auth 66 | key: docker_registry_username 67 | - name: "RUNTIMES_REGISTRY_PASSWORD" 68 | valueFrom: 69 | secretKeyRef: 70 | name: {{ .Release.Name }}-docker.registry.auth 71 | key: docker_registry_password 72 | {{- end -}} 73 | {{- end -}} 74 | 75 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/_tolerations.tpl: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{/* Core toleration */}} 19 | {{- define "openwhisk.toleration.core" -}} 20 | - key: "openwhisk-role" 21 | operator: "Equal" 22 | value: {{ .Values.toleration.coreValue }} 23 | effect: "NoSchedule" 24 | {{- end -}} 25 | 26 | {{/* Edge toleration */}} 27 | {{- define "openwhisk.toleration.edge" -}} 28 | - key: "openwhisk-role" 29 | operator: "Equal" 30 | value: {{ .Values.toleration.edgeValue }} 31 | effect: "NoSchedule" 32 | {{- end -}} 33 | 34 | {{/* Invoker toleration */}} 35 | {{- define "openwhisk.toleration.invoker" -}} 36 | - key: "openwhisk-role" 37 | operator: "Equal" 38 | value: {{ .Values.toleration.invokerValue }} 39 | effect: "NoSchedule" 40 | {{- end -}} 41 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/apigateway-pod.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | apiVersion: apps/v1 19 | kind: Deployment 20 | metadata: 21 | name: {{ .Release.Name }}-apigateway 22 | labels: 23 | name: {{ .Release.Name }}-apigateway 24 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 25 | spec: 26 | replicas: {{ .Values.apigw.replicaCount }} 27 | selector: 28 | matchLabels: 29 | name: {{ .Release.Name }}-apigateway 30 | template: 31 | metadata: 32 | labels: 33 | name: {{ .Release.Name }}-apigateway 34 | {{ include "openwhisk.label_boilerplate" . | indent 8 }} 35 | spec: 36 | restartPolicy: {{ .Values.apigw.restartPolicy }} 37 | 38 | {{- if .Values.affinity.enabled }} 39 | affinity: 40 | {{ include "openwhisk.affinity.core" . | indent 8 }} 41 | {{ include "openwhisk.affinity.selfAntiAffinity" ( printf "%s-apigateway" .Release.Name ) | indent 8 }} 42 | {{- end }} 43 | 44 | {{- if .Values.toleration.enabled }} 45 | tolerations: 46 | {{ include "openwhisk.toleration.core" . | indent 8 }} 47 | {{- end }} 48 | 49 | {{ include "openwhisk.docker.imagePullSecrets" . | indent 6 }} 50 | containers: 51 | - name: apigateway 52 | imagePullPolicy: {{ .Values.apigw.imagePullPolicy | quote }} 53 | image: "{{- .Values.docker.registry.name -}}{{- .Values.apigw.imageName -}}:{{- .Values.apigw.imageTag -}}" 54 | ports: 55 | - name: mgmt 56 | containerPort: {{ .Values.apigw.mgmtPort }} 57 | - name: api 58 | containerPort: {{ .Values.apigw.apiPort }} 59 | env: 60 | - name: "REDIS_HOST" 61 | value: "{{ include "openwhisk.redis_host" . }}" 62 | - name: "REDIS_PORT" 63 | value: {{ .Values.redis.port | quote }} 64 | - name: "PUBLIC_GATEWAY_URL" 65 | valueFrom: 66 | configMapKeyRef: 67 | name: {{ .Release.Name }}-whisk.config 68 | key: whisk_external_api_host_url 69 | - name: "BACKEND_HOST" 70 | valueFrom: 71 | configMapKeyRef: 72 | name: {{ .Release.Name }}-whisk.config 73 | key: whisk_internal_api_host_url 74 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/apigateway-svc.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | apiVersion: v1 19 | kind: Service 20 | metadata: 21 | name: {{ .Release.Name }}-apigateway 22 | labels: 23 | name: {{ .Release.Name }}-apigateway 24 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 25 | spec: 26 | selector: 27 | name: {{ .Release.Name }}-apigateway 28 | ports: 29 | - port: {{ .Values.apigw.mgmtPort }} 30 | name: mgmt 31 | - port: {{ .Values.apigw.apiPort }} 32 | name: api 33 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/controller-pdb.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if and .Values.pdb.enable (gt (int .Values.controller.replicaCount) 1) }} 19 | --- 20 | apiVersion: policy/v1beta1 21 | kind: PodDisruptionBudget 22 | metadata: 23 | name: {{ .Release.Name }}-controller-pdb 24 | labels: 25 | name: {{ .Release.Name }}-controller-pdb 26 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 27 | spec: 28 | selector: 29 | matchLabels: 30 | name: {{ .Release.Name }}-controller 31 | maxUnavailable: {{ .Values.pdb.controller.maxUnavailable | default 1 }} 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/controller-svc.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | apiVersion: v1 19 | kind: Service 20 | metadata: 21 | name: {{ .Release.Name }}-controller 22 | labels: 23 | name: {{ .Release.Name }}-controller 24 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 25 | spec: 26 | selector: 27 | name: {{ .Release.Name }}-controller 28 | ports: 29 | - port: {{ .Values.controller.port }} 30 | name: http 31 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/core-rolebind.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | # Core pods are allowed to have view access to k8s APIs 19 | apiVersion: rbac.authorization.k8s.io/v1 20 | kind: RoleBinding 21 | metadata: 22 | name: {{ .Release.Name }}-allow-view 23 | labels: 24 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 25 | roleRef: 26 | apiGroup: rbac.authorization.k8s.io 27 | kind: ClusterRole 28 | name: view 29 | subjects: 30 | - kind: ServiceAccount 31 | name: {{ .Release.Name }}-core 32 | namespace: {{ .Release.Namespace | quote }} 33 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/core-svcacct.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | # Core pods are allowed to have view access to k8s APIs 19 | apiVersion: v1 20 | kind: ServiceAccount 21 | metadata: 22 | name: {{ .Release.Name }}-core 23 | labels: 24 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 25 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/couchdb-init-cm.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if .Values.db.wipeAndInit }} 19 | apiVersion: v1 20 | kind: ConfigMap 21 | metadata: 22 | name: {{ .Release.Name }}-init-couchdb 23 | labels: 24 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 25 | data: 26 | {{ (.Files.Glob "configMapFiles/initCouchDB/initdb.sh").AsConfig | indent 2 }} 27 | {{ end }} 28 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/couchdb-init-job.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if .Values.db.wipeAndInit }} 19 | apiVersion: batch/v1 20 | kind: Job 21 | metadata: 22 | name: {{ .Release.Name }}-init-couchdb 23 | labels: 24 | name: {{ .Release.Name }}-init-couchdb 25 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 26 | spec: 27 | backoffLimit: 3 28 | template: 29 | metadata: 30 | name: {{ .Release.Name }}-init-couchdb 31 | labels: 32 | name: {{ .Release.Name }}-init-couchdb 33 | {{ include "openwhisk.label_boilerplate" . | indent 8 }} 34 | spec: 35 | restartPolicy: Never 36 | volumes: 37 | - name: task-dir 38 | configMap: 39 | name: {{ .Release.Name }}-init-couchdb 40 | - name: whisk-auth 41 | secret: 42 | secretName: {{ .Release.Name }}-whisk.auth 43 | {{ include "openwhisk.docker.imagePullSecrets" . | indent 6 }} 44 | containers: 45 | - name: init-couchdb 46 | image: "{{- .Values.docker.registry.name -}}{{- .Values.utility.imageName -}}:{{- .Values.utility.imageTag -}}" 47 | imagePullPolicy: {{ .Values.utility.imagePullPolicy | quote }} 48 | command: ["/bin/bash", "-c", "set -e; . /task/initdb.sh"] 49 | volumeMounts: 50 | - name: task-dir 51 | mountPath: "/task/initdb.sh" 52 | subPath: "initdb.sh" 53 | - name: whisk-auth 54 | mountPath: "/etc/whisk-auth" 55 | env: 56 | - name: "DB_PROTOCOL" 57 | valueFrom: 58 | configMapKeyRef: 59 | name: {{ .Release.Name }}-db.config 60 | key: db_protocol 61 | - name: "DB_HOST" 62 | valueFrom: 63 | configMapKeyRef: 64 | name: {{ .Release.Name }}-db.config 65 | key: db_host 66 | - name: "DB_PORT" 67 | valueFrom: 68 | configMapKeyRef: 69 | name: {{ .Release.Name }}-db.config 70 | key: db_port 71 | - name: "DB_PREFIX" 72 | valueFrom: 73 | configMapKeyRef: 74 | name: {{ .Release.Name }}-db.config 75 | key: db_prefix 76 | - name: "COUCHDB_USER" 77 | valueFrom: 78 | secretKeyRef: 79 | name: {{ .Release.Name }}-db.auth 80 | key: db_username 81 | - name: "COUCHDB_PASSWORD" 82 | valueFrom: 83 | secretKeyRef: 84 | name: {{ .Release.Name }}-db.auth 85 | key: db_password 86 | - name: "NODENAME" 87 | value: "couchdb0" 88 | 89 | # tag to use for git clone to get ansible files to initialize couchdb 90 | - name: "OW_GIT_TAG_OPENWHISK" 91 | value: {{ .Values.whisk.versions.openwhisk.gitTag | quote }} 92 | {{ end }} 93 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/couchdb-pod.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if not .Values.db.external }} 19 | apiVersion: apps/v1 20 | kind: Deployment 21 | metadata: 22 | name: {{ .Release.Name }}-couchdb 23 | labels: 24 | name: {{ .Release.Name }}-couchdb 25 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 26 | spec: 27 | replicas: {{ .Values.db.replicaCount }} 28 | selector: 29 | matchLabels: 30 | name: {{ .Release.Name }}-couchdb 31 | {{- if .Values.k8s.persistence.enabled }} 32 | strategy: 33 | type: "Recreate" 34 | {{- end }} 35 | template: 36 | metadata: 37 | labels: 38 | name: {{ .Release.Name }}-couchdb 39 | {{ include "openwhisk.label_boilerplate" . | indent 8 }} 40 | spec: 41 | restartPolicy: {{ .Values.db.restartPolicy }} 42 | 43 | {{- if .Values.affinity.enabled }} 44 | affinity: 45 | {{ include "openwhisk.affinity.core" . | indent 8 }} 46 | {{ include "openwhisk.affinity.selfAntiAffinity" ( printf "%s-couchdb" .Release.Name ) | indent 8 }} 47 | {{- end }} 48 | 49 | {{- if .Values.toleration.enabled }} 50 | tolerations: 51 | {{ include "openwhisk.toleration.core" . | indent 8 }} 52 | {{- end }} 53 | 54 | {{ include "openwhisk.docker.imagePullSecrets" . | indent 6 }} 55 | containers: 56 | - name: couchdb 57 | image: "{{- .Values.docker.registry.name -}}{{- .Values.db.imageName -}}:{{- .Values.db.imageTag -}}" 58 | imagePullPolicy: {{ .Values.db.imagePullPolicy | quote }} 59 | ports: 60 | - name: couchdb 61 | containerPort: {{ .Values.db.port }} 62 | env: 63 | - name: "COUCHDB_USER" 64 | valueFrom: 65 | secretKeyRef: 66 | name: {{ .Release.Name }}-db.auth 67 | key: db_username 68 | - name: "COUCHDB_PASSWORD" 69 | valueFrom: 70 | secretKeyRef: 71 | name: {{ .Release.Name }}-db.auth 72 | key: db_password 73 | - name: "NODENAME" 74 | value: "couchdb0" 75 | {{- if .Values.k8s.persistence.enabled }} 76 | volumeMounts: 77 | - name: database-storage 78 | mountPath: /opt/couchdb/data 79 | {{- end }} 80 | {{- if .Values.k8s.persistence.enabled }} 81 | volumes: 82 | - name: database-storage 83 | persistentVolumeClaim: 84 | claimName: {{ .Release.Name }}-couchdb-pvc 85 | {{- end }} 86 | {{ end }} 87 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/couchdb-pvc.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if and (not .Values.db.external) .Values.k8s.persistence.enabled }} 19 | apiVersion: v1 20 | kind: PersistentVolumeClaim 21 | metadata: 22 | name: {{ .Release.Name }}-couchdb-pvc 23 | labels: 24 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 25 | spec: 26 | {{- if not .Values.k8s.persistence.hasDefaultStorageClass }} 27 | storageClassName: {{ .Values.k8s.persistence.explicitStorageClass }} 28 | {{- end }} 29 | accessModes: 30 | - ReadWriteOnce 31 | resources: 32 | requests: 33 | storage: {{ .Values.db.persistence.size }} 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/couchdb-svc.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if not .Values.db.external }} 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: {{ .Release.Name }}-couchdb 23 | labels: 24 | name: {{ .Release.Name }}-couchdb 25 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 26 | spec: 27 | selector: 28 | name: {{ .Release.Name }}-couchdb 29 | ports: 30 | - port: {{ .Values.db.port }} 31 | name: couchdb 32 | {{ end }} 33 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/elasticsearch-cm.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if and (not .Values.elasticsearch.external) (eq .Values.activationStoreBackend "ElasticSearch") .Values.elasticsearch.esConfig }} 19 | apiVersion: v1 20 | kind: ConfigMap 21 | metadata: 22 | name: {{ .Release.Name }}-elasticsearch-cm 23 | labels: 24 | {{ include "openwhisk.label_boilerplate" .| indent 4 }} 25 | data: 26 | {{- range $path, $config := .Values.elasticsearch.esConfig }} 27 | {{ $path }}: | 28 | {{ $config | indent 4 -}} 29 | {{- end -}} 30 | {{- end -}} 31 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/elasticsearch-pdb.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | --- 19 | {{- if and .Values.pdb.enable (not .Values.elasticsearch.external) (eq .Values.activationStoreBackend "ElasticSearch") }} 20 | apiVersion: policy/v1beta1 21 | kind: PodDisruptionBudget 22 | metadata: 23 | name: {{ .Release.Name }}-elasticsearch-pdb 24 | labels: 25 | {{ include "openwhisk.label_boilerplate" .| indent 4 }} 26 | spec: 27 | maxUnavailable: {{ .Values.pdb.elasticsearch.maxUnavailable | default 1 }} 28 | selector: 29 | matchLabels: 30 | name: {{ .Release.Name }}-elasticsearch 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/elasticsearch-psp.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if and .Values.elasticsearch.podSecurityPolicy.create (not .Values.elasticsearch.external) (eq .Values.activationStoreBackend "ElasticSearch") }} 19 | {{- $fullName := include "elasticsearch.uname" . -}} 20 | apiVersion: policy/v1beta1 21 | kind: PodSecurityPolicy 22 | metadata: 23 | name: {{ default $fullName .Values.elasticsearch.podSecurityPolicy.name | quote }} 24 | labels: 25 | {{ include "openwhisk.label_boilerplate" .| indent 4 }} 26 | spec: 27 | {{ toYaml .Values.elasticsearch.podSecurityPolicy.spec | indent 2 }} 28 | {{- end -}} 29 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/elasticsearch-role.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if and .Values.elasticsearch.rbac.create (not .Values.elasticsearch.external) (eq .Values.activationStoreBackend "ElasticSearch") }} 19 | {{- $fullName := include "elasticsearch.uname" . -}} 20 | apiVersion: rbac.authorization.k8s.io/v1 21 | kind: Role 22 | metadata: 23 | name: {{ .Release.Name }}-elasticsearch 24 | labels: 25 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 26 | rules: 27 | - apiGroups: 28 | - extensions 29 | resources: 30 | - podsecuritypolicies 31 | resourceNames: 32 | {{- if eq .Values.elasticsearch.podSecurityPolicy.name "" }} 33 | - {{ $fullName | quote }} 34 | {{- else }} 35 | - {{ .Values.elasticsearch.podSecurityPolicy.name | quote }} 36 | {{- end }} 37 | verbs: 38 | - use 39 | {{- end -}} 40 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/elasticsearch-rolebind.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if and .Values.elasticsearch.rbac.create (not .Values.elasticsearch.external) (eq .Values.activationStoreBackend "ElasticSearch") }} 19 | {{- $fullName := include "elasticsearch.uname" . -}} 20 | apiVersion: rbac.authorization.k8s.io/v1 21 | kind: RoleBinding 22 | metadata: 23 | name: {{ .Release.Name }}-elasticsearch 24 | labels: 25 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 26 | subjects: 27 | - kind: ServiceAccount 28 | {{- if eq .Values.elasticsearch.rbac.serviceAccountName "" }} 29 | name: {{ $fullName | quote }} 30 | {{- else }} 31 | name: {{ .Values.elasticsearch.rbac.serviceAccountName | quote }} 32 | {{- end }} 33 | namespace: {{ .Release.Namespace | quote }} 34 | roleRef: 35 | kind: Role 36 | name: {{ $fullName | quote }} 37 | apiGroup: rbac.authorization.k8s.io 38 | {{- end -}} 39 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/elasticsearch-svc.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if and (not .Values.elasticsearch.external) (eq .Values.activationStoreBackend "ElasticSearch") }} 19 | --- 20 | kind: Service 21 | apiVersion: v1 22 | metadata: 23 | name: {{ .Release.Name }}-elasticsearch 24 | labels: 25 | name: {{ .Release.Name }}-elasticsearch 26 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 27 | {{- if .Values.elasticsearch.service.labelsHeadless }} 28 | {{ toYaml .Values.elasticsearch.service.labelsHeadless | indent 4 }} 29 | {{- end }} 30 | annotations: 31 | service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" 32 | spec: 33 | clusterIP: None # This is needed for statefulset hostnames like elasticsearch-0 to resolve 34 | # Create endpoints also if the related pod isn't ready 35 | publishNotReadyAddresses: true 36 | selector: 37 | name: {{ .Release.Name }}-elasticsearch 38 | ports: 39 | - name: {{ .Values.elasticsearch.service.httpPortName | default "http" }} 40 | port: {{ .Values.elasticsearch.httpPort }} 41 | - name: {{ .Values.elasticsearch.service.transportPortName | default "transport" }} 42 | port: {{ .Values.elasticsearch.transportPort }} 43 | {{- end -}} 44 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/elasticsearch-svcacct.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if and .Values.elasticsearch.rbac.create (not .Values.elasticsearch.external) (eq .Values.activationStoreBackend "ElasticSearch") }} 19 | {{- $fullName := include "elasticsearch.uname" . -}} 20 | apiVersion: v1 21 | kind: ServiceAccount 22 | metadata: 23 | {{- if eq .Values.elasticsearch.rbac.serviceAccountName "" }} 24 | name: {{ $fullName | quote }} 25 | {{- else }} 26 | name: {{ .Values.elasticsearch.rbac.serviceAccountName | quote }} 27 | {{- end }} 28 | labels: 29 | heritage: {{ .Release.Service | quote }} 30 | release: {{ .Release.Name | quote }} 31 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 32 | app: {{ $fullName | quote }} 33 | {{- end -}} 34 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/etcd-pvc.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if and (not .Values.etcd.external) .Values.k8s.persistence.enabled (.Values.scheduler.enabled) }} 19 | apiVersion: v1 20 | kind: PersistentVolumeClaim 21 | metadata: 22 | name: {{ .Release.Name }}-etcd-pvc 23 | labels: 24 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 25 | spec: 26 | {{- if not .Values.k8s.persistence.hasDefaultStorageClass }} 27 | storageClassName: {{ .Values.k8s.persistence.explicitStorageClass }} 28 | {{- end }} 29 | accessModes: 30 | - ReadWriteOnce 31 | resources: 32 | requests: 33 | storage: {{ .Values.etcd.persistence.size }} 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/etcd-svc.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if not .Values.etcd.external }} 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: {{ .Release.Name }}-etcd 23 | labels: 24 | name: {{ .Release.Name }}-etcd 25 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 26 | spec: 27 | selector: 28 | name: {{ .Release.Name }}-etcd 29 | ports: 30 | - port: {{ .Values.etcd.port }} 31 | name: etcd 32 | {{ end }} 33 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/frontdoor-ingress.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if eq .Values.whisk.ingress.type "Standard" }} 19 | apiVersion: networking.k8s.io/v1 20 | kind: Ingress 21 | metadata: 22 | name: {{ .Release.Name }}-ingress 23 | labels: 24 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 25 | annotations: 26 | {{- range $key, $value := .Values.whisk.ingress.annotations }} 27 | {{ $key }}: {{ $value | quote }} 28 | {{- end }} 29 | spec: 30 | {{- if .Values.whisk.ingress.tls.enabled }} 31 | tls: 32 | - hosts: 33 | - {{ .Values.whisk.ingress.domain }} 34 | {{- if ne .Values.whisk.ingress.tls.secretname "" }} 35 | secretName: {{ .Values.whisk.ingress.tls.secretname | quote }} 36 | {{- end }} 37 | {{- end }} 38 | rules: 39 | - host: {{ .Values.whisk.ingress.domain }} 40 | http: 41 | paths: 42 | - path: /api/v1/web 43 | pathType: Prefix 44 | backend: 45 | service: 46 | name: {{ .Release.Name }}-controller 47 | port: 48 | name: http 49 | - path: /api/v1 50 | pathType: Prefix 51 | backend: 52 | service: 53 | name: {{ .Release.Name }}-controller 54 | port: 55 | name: http 56 | # API GW generated API invocation 57 | - path: /api 58 | pathType: Prefix 59 | backend: 60 | service: 61 | name: {{ .Release.Name }}-apigateway 62 | port: 63 | name: mgmt 64 | # API GW health status 65 | - path: /v1/health-check 66 | pathType: Prefix 67 | backend: 68 | service: 69 | name: {{ .Release.Name }}-apigateway 70 | port: 71 | name: api 72 | # API management REST APIs 73 | - path: /v2 74 | pathType: Prefix 75 | backend: 76 | service: 77 | name: {{ .Release.Name }}-apigateway 78 | port: 79 | name: api 80 | - path: / 81 | pathType: Prefix 82 | backend: 83 | service: 84 | name: {{ .Release.Name }}-nginx 85 | port: 86 | name: http 87 | {{- end }} 88 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/frontdoor-secrets.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if eq .Values.whisk.ingress.type "Standard" }} 19 | {{- if .Values.whisk.ingress.tls.createsecret }} 20 | apiVersion: v1 21 | kind: Secret 22 | metadata: 23 | name: {{ .Values.whisk.ingress.tls.secretname | quote }} 24 | labels: 25 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 26 | type: {{ .Values.whisk.ingress.tls.secrettype | quote }} 27 | data: 28 | tls.crt: {{ .Values.whisk.ingress.tls.crt }} 29 | tls.key: {{ .Values.whisk.ingress.tls.key }} 30 | {{- end}} 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/gen-certs-cm.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if or (eq .Values.whisk.ingress.type "NodePort") (eq .Values.whisk.ingress.type "LoadBalancer") }} 19 | apiVersion: v1 20 | kind: ConfigMap 21 | metadata: 22 | name: {{ .Release.Name }}-gen-certs 23 | labels: 24 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 25 | data: 26 | {{- if .Values.nginx.certificate.external }} 27 | tls.crt: | 28 | {{ include "openwhisk.nginx_cert" . | indent 4 }} 29 | tls.key: | 30 | {{ include "openwhisk.nginx_key" . | indent 4 }} 31 | sslPassword: | 32 | {{ .Values.nginx.certificate.sslPassword }} 33 | {{- else }} 34 | {{ (.Files.Glob "configMapFiles/genCerts/gencerts.sh").AsConfig | indent 2 }} 35 | {{- end }} 36 | {{- end }} 37 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/gen-certs-job.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if or (eq .Values.whisk.ingress.type "NodePort") (eq .Values.whisk.ingress.type "LoadBalancer") }} 19 | {{- if not .Values.nginx.certificate.external }} 20 | apiVersion: batch/v1 21 | kind: Job 22 | metadata: 23 | name: {{ .Release.Name }}-gen-certs 24 | labels: 25 | name: {{ .Release.Name }}-gen-certs 26 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 27 | spec: 28 | backoffLimit: 3 29 | template: 30 | metadata: 31 | name: {{ .Release.Name }}-gen-certs 32 | labels: 33 | name: {{ .Release.Name }}-gen-certs 34 | {{ include "openwhisk.label_boilerplate" . | indent 8 }} 35 | spec: 36 | serviceAccountName: {{ .Release.Name }}-init-sa 37 | restartPolicy: Never 38 | volumes: 39 | - name: task-dir 40 | configMap: 41 | name: {{ .Release.Name }}-gen-certs 42 | {{ include "openwhisk.docker.imagePullSecrets" . | indent 6 }} 43 | containers: 44 | - name: gen-certs 45 | image: "{{- .Values.docker.registry.name -}}{{- .Values.utility.imageName -}}:{{- .Values.utility.imageTag -}}" 46 | imagePullPolicy: {{ .Values.utility.imagePullPolicy | quote }} 47 | command: ["/bin/bash", "-c", "set -e; . /task/gencerts.sh"] 48 | volumeMounts: 49 | - name: task-dir 50 | mountPath: "/task/gencerts.sh" 51 | subPath: "gencerts.sh" 52 | env: 53 | - name: "NGINX_CERT_SECRET" 54 | value: {{ .Release.Name }}-nginx 55 | - name: "WHISK_API_HOST_NAME" 56 | valueFrom: 57 | configMapKeyRef: 58 | name: {{ .Release.Name }}-whisk.config 59 | key: whisk_external_api_host_name 60 | {{- end }} 61 | {{- end }} 62 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/grafana-cm-dashboard.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if or .Values.metrics.prometheusEnabled .Values.metrics.userMetricsEnabled }} 19 | apiVersion: v1 20 | kind: ConfigMap 21 | metadata: 22 | name: {{ .Release.Name }}-grafana-dsb-cfg 23 | labels: 24 | name: {{ .Release.Name }}-grafana-dsb-cfg 25 | data: 26 | dashboard.yml: | 27 | apiVersion: 1 28 | providers: 29 | - name: 'Prometheus' 30 | orgId: 1 31 | folder: '' 32 | type: file 33 | disableDeletion: false 34 | editable: true 35 | options: 36 | path: /var/lib/grafana/dashboards 37 | {{- end }} 38 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/grafana-cm-datasource.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if or .Values.metrics.prometheusEnabled .Values.metrics.userMetricsEnabled }} 19 | apiVersion: v1 20 | kind: ConfigMap 21 | metadata: 22 | name: {{ .Release.Name }}-grafana-ds-cfg 23 | labels: 24 | name: {{ .Release.Name }}-grafana-ds-cfg 25 | data: 26 | datasource.yml: | 27 | datasources: 28 | - name: Prometheus 29 | type: prometheus 30 | access: proxy 31 | isDefault: true 32 | url: http://{{ include "openwhisk.prometheus_server_host" . }}:{{ .Values.prometheus.port }} 33 | {{- end }} 34 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/grafana-cm-download.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if or .Values.metrics.prometheusEnabled .Values.metrics.userMetricsEnabled }} 19 | apiVersion: v1 20 | kind: ConfigMap 21 | metadata: 22 | name: {{ .Release.Name }}-grafana-download 23 | labels: 24 | name: {{ .Release.Name }}-grafana-download 25 | data: 26 | download_dashboards.sh: | 27 | #!/usr/bin/env sh 28 | {{- range $index, $url := .Values.grafana.dashboards }} 29 | curl -sk \ 30 | --connect-timeout 60 \ 31 | --max-time 60 \ 32 | -H "Accept: application/json" \ 33 | -H "Content-Type: application/json;charset=UTF-8" \ 34 | {{ $url }} > /var/lib/grafana/dashboards/{{ $index }}.json 35 | {{- end }} 36 | {{- end }} 37 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/grafana-svc.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if or .Values.metrics.prometheusEnabled .Values.metrics.userMetricsEnabled }} 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: {{ .Release.Name }}-grafana 23 | labels: 24 | name: {{ .Release.Name }}-grafana 25 | spec: 26 | selector: 27 | name: {{ .Release.Name }}-grafana 28 | ports: 29 | - port: {{ .Values.grafana.port }} 30 | name: http 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/init-role.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | # A role to allow initialization jobs to create secrets and config maps 19 | apiVersion: rbac.authorization.k8s.io/v1 20 | kind: Role 21 | metadata: 22 | name: {{ .Release.Name }}-init-role 23 | labels: 24 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 25 | rules: 26 | - apiGroups: [""] 27 | resources: ["secrets", "configmaps"] 28 | verbs: ["create", "get"] 29 | 30 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/init-rolebind.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | kind: RoleBinding 19 | apiVersion: rbac.authorization.k8s.io/v1 20 | metadata: 21 | name: {{ .Release.Name }}-init-rb 22 | labels: 23 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 24 | subjects: 25 | - kind: ServiceAccount 26 | namespace: {{ .Release.Namespace | quote }} 27 | name: {{ .Release.Name }}-init-sa 28 | roleRef: 29 | kind: Role 30 | name: {{ .Release.Name }}-init-role 31 | apiGroup: rbac.authorization.k8s.io 32 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/init-svcact.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | apiVersion: v1 19 | kind: ServiceAccount 20 | metadata: 21 | name: {{ .Release.Name }}-init-sa 22 | labels: 23 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 24 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/install-packages-cm.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | apiVersion: v1 19 | kind: ConfigMap 20 | metadata: 21 | name: {{ .Release.Name }}-install-packages-cm 22 | labels: 23 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 24 | data: 25 | {{ (.Files.Glob "configMapFiles/installPackages/myTask.sh").AsConfig | indent 2 }} 26 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/invoker-cm.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | apiVersion: v1 19 | kind: ConfigMap 20 | metadata: 21 | name: {{ .Release.Name }}-invoker-scripts 22 | labels: 23 | {{ include "openwhisk.label_boilerplate" .| indent 4 }} 24 | data: 25 | {{ (.Files.Glob "configMapFiles/dockerPullRuntimes/playbook.yml").AsConfig | indent 2 }} 26 | {{ (.Files.Glob "configMapFiles/configureDNS/configureDNS.sh").AsConfig | indent 2 }} 27 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/invoker-pdb.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if and .Values.pdb.enable (eq .Values.invoker.containerFactory.impl "kubernetes") (gt (int .Values.invoker.containerFactory.kubernetes.replicaCount) 1) }} 19 | --- 20 | apiVersion: policy/v1beta1 21 | kind: PodDisruptionBudget 22 | metadata: 23 | name: {{ .Release.Name }}-invoker-pdb 24 | labels: 25 | name: {{ .Release.Name }}-invoker-pdb 26 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 27 | spec: 28 | selector: 29 | matchLabels: 30 | name: {{ .Release.Name }}-invoker 31 | maxUnavailable: {{ .Values.pdb.invoker.maxUnavailable | default 1 }} 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/invoker-role.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if eq .Values.invoker.containerFactory.impl "kubernetes" }} 19 | # When using KubernetesContainerFactory, invoker pods need extensive 20 | # permissions to manage pods and deployments. The ability to create 21 | # pods can enable privilege escalation attacks, so restrict it to a 22 | # ServiceAccount that is only used for the invokers and only defined 23 | # when using KubernetesContainerFactory. 24 | kind: Role 25 | apiVersion: rbac.authorization.k8s.io/v1 26 | metadata: 27 | name: {{ .Release.Name }}-invoker 28 | labels: 29 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 30 | rules: 31 | - apiGroups: ["extensions", "apps"] 32 | resources: ["deployments"] 33 | verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] 34 | - apiGroups: [""] 35 | resources: ["pods"] 36 | verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] 37 | - apiGroups: [""] 38 | resources: ["events"] 39 | verbs: ["get", "list"] 40 | - apiGroups: [""] 41 | resources: ["pods/log"] 42 | verbs: ["get", "list"] 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/invoker-rolebind.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if eq .Values.invoker.containerFactory.impl "kubernetes" }} 19 | # When using KubernetesContainerFactory, invoker pods need extensive 20 | # permissions to manage pods and deployments. The ability to create 21 | # pods can enable privilege escalation attacks, so restrict it to a 22 | # ServiceAccount that is only used for the invokers and only defined 23 | # when using KubernetesContainerFactory. 24 | kind: RoleBinding 25 | apiVersion: rbac.authorization.k8s.io/v1 26 | metadata: 27 | name: {{ .Release.Name }}-invoker 28 | labels: 29 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 30 | subjects: 31 | - kind: ServiceAccount 32 | namespace: {{ .Release.Namespace | quote }} 33 | name: {{ if .Values.controller.lean }} {{ .Release.Name }}-core {{ else }} {{ .Release.Name }}-invoker {{ end }} 34 | roleRef: 35 | kind: Role 36 | name: {{ .Release.Name }}-invoker 37 | apiGroup: rbac.authorization.k8s.io 38 | {{- end }} 39 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/invoker-svcacct.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | # When using KubernetesContainerFactory, invoker pods need extensive 19 | # permissions to manage pods and deployments. The ability to create 20 | # pods can enable privilege escalation attacks, so restrict it to a 21 | # ServiceAccount that is only used for the invokers and only defined 22 | # when using KubernetesContainerFactory. 23 | 24 | {{- if and (eq .Values.invoker.containerFactory.impl "kubernetes") (not .Values.controller.lean) }} 25 | --- 26 | apiVersion: v1 27 | kind: ServiceAccount 28 | metadata: 29 | name: {{ .Release.Name }}-invoker 30 | labels: 31 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/kafka-pdb.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if and .Values.pdb.enable (gt (int .Values.kafka.replicaCount) 1) (not .Values.kafka.external) }} 19 | --- 20 | apiVersion: policy/v1beta1 21 | kind: PodDisruptionBudget 22 | metadata: 23 | name: {{ .Release.Name }}-kafka-pdb 24 | labels: 25 | name: {{ .Release.Name }}-kafka-pdb 26 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 27 | spec: 28 | selector: 29 | matchLabels: 30 | name: {{ .Release.Name }}-kafka 31 | maxUnavailable: {{ .Values.pdb.kafka.maxUnavailable | default 1 }} 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/kafka-pvc.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if and .Values.k8s.persistence.enabled (eq (int .Values.kafka.replicaCount) 1 ) (not .Values.controller.lean) (not .Values.kafka.external) }} 19 | apiVersion: v1 20 | kind: PersistentVolumeClaim 21 | metadata: 22 | name: {{ .Release.Name }}-kafka-pvc 23 | labels: 24 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 25 | spec: 26 | {{- if not .Values.k8s.persistence.hasDefaultStorageClass }} 27 | storageClassName: {{ .Values.k8s.persistence.explicitStorageClass }} 28 | {{- end }} 29 | accessModes: 30 | - ReadWriteOnce 31 | resources: 32 | requests: 33 | storage: {{ .Values.kafka.persistence.size }} 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/kafka-svc.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if and (not .Values.controller.lean) (not .Values.kafka.external) }} 19 | --- 20 | apiVersion: v1 21 | kind: Service 22 | metadata: 23 | name: {{ .Release.Name }}-kafka 24 | labels: 25 | name: {{ .Release.Name }}-kafka 26 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 27 | spec: 28 | selector: 29 | name: {{ .Release.Name }}-kafka 30 | clusterIP: None 31 | ports: 32 | - name: broker 33 | port: {{ .Values.kafka.port }} 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/network-policy.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if .Values.invoker.containerFactory.kubernetes.isolateUserActions }} 19 | 20 | # Default deny all ingress 21 | apiVersion: networking.k8s.io/v1 22 | kind: NetworkPolicy 23 | metadata: 24 | name: {{ .Release.Name }}-default-no-ingress-np 25 | labels: 26 | {{ include "openwhisk.label_boilerplate" .| indent 4 }} 27 | spec: 28 | podSelector: {} 29 | policyTypes: 30 | - Ingress 31 | --- 32 | 33 | # Backend control plane pods only accept connections from non-user-action-pods 34 | apiVersion: networking.k8s.io/v1 35 | kind: NetworkPolicy 36 | metadata: 37 | name: {{ .Release.Name }}-backend-np 38 | labels: 39 | {{ include "openwhisk.label_boilerplate" .| indent 4 }} 40 | spec: 41 | podSelector: 42 | matchExpressions: 43 | - {key: user-action-pod, operator: DoesNotExist} 44 | policyTypes: 45 | - Ingress 46 | ingress: 47 | - from: 48 | - podSelector: 49 | matchExpressions: 50 | - {key: user-action-pod, operator: DoesNotExist} 51 | --- 52 | 53 | # Frontend pods (nginx, controller, apigateway) accept connections from anyone 54 | apiVersion: networking.k8s.io/v1 55 | kind: NetworkPolicy 56 | metadata: 57 | name: {{ .Release.Name }}-frontend-np 58 | labels: 59 | {{ include "openwhisk.label_boilerplate" .| indent 4 }} 60 | spec: 61 | podSelector: 62 | matchExpressions: 63 | - {key: name, operator: In, values: ["{{ .Release.Name }}-controller", "{{ .Release.Name }}-apigateway", "{{ .Release.Name }}-nginx"]} 64 | policyTypes: 65 | - Ingress 66 | ingress: 67 | - {} 68 | --- 69 | 70 | # User action pods will only accept connections from invokers 71 | apiVersion: networking.k8s.io/v1 72 | kind: NetworkPolicy 73 | metadata: 74 | name: {{ .Release.Name }}-actions-allow-invoker-np 75 | labels: 76 | {{ include "openwhisk.label_boilerplate" .| indent 4 }} 77 | spec: 78 | podSelector: 79 | matchExpressions: 80 | - {key: user-action-pod, operator: In, values: ["true"]} 81 | policyTypes: 82 | - Ingress 83 | ingress: 84 | - from: 85 | - podSelector: 86 | matchLabels: 87 | name: {{ .Release.Name }}-invoker 88 | {{- end }} 89 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/nginx-pod.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | apiVersion: apps/v1 19 | kind: Deployment 20 | metadata: 21 | name: {{ .Release.Name }}-nginx 22 | labels: 23 | name: {{ .Release.Name }}-nginx 24 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 25 | spec: 26 | replicas: {{ .Values.nginx.replicaCount }} 27 | selector: 28 | matchLabels: 29 | name: {{ .Release.Name }}-nginx 30 | template: 31 | metadata: 32 | labels: 33 | name: {{ .Release.Name }}-nginx 34 | {{ include "openwhisk.label_boilerplate" . | indent 8 }} 35 | spec: 36 | restartPolicy: {{ .Values.nginx.restartPolicy }} 37 | 38 | {{- if .Values.affinity.enabled }} 39 | affinity: 40 | {{ include "openwhisk.affinity.edge" . | indent 8 }} 41 | {{ include "openwhisk.affinity.selfAntiAffinity" ( printf "%s-nginx" .Release.Name ) | indent 8 }} 42 | {{- end }} 43 | 44 | {{- if .Values.toleration.enabled }} 45 | tolerations: 46 | {{ include "openwhisk.toleration.edge" . | indent 8 }} 47 | {{- end }} 48 | 49 | volumes: 50 | {{- if or (eq .Values.whisk.ingress.type "NodePort") (eq .Values.whisk.ingress.type "LoadBalancer") }} 51 | {{- if .Values.nginx.certificate.external }} 52 | - name: nginx-certs 53 | configMap: 54 | name: {{ .Release.Name }}-gen-certs 55 | {{- else }} 56 | - name: nginx-certs 57 | secret: 58 | secretName: {{ .Release.Name }}-nginx 59 | {{- end }} 60 | {{- end }} 61 | - name: nginx-conf 62 | configMap: 63 | name: {{ .Release.Name }}-nginx 64 | - name: logs 65 | emptyDir: {} 66 | {{ include "openwhisk.docker.imagePullSecrets" . | indent 6 }} 67 | initContainers: 68 | # Wait for a controller to be up (which implies kafka, zookeeper, couchdb are all up as well). 69 | {{ include "openwhisk.readiness.waitForController" . | indent 6 }} 70 | containers: 71 | - name: nginx 72 | image: "{{- .Values.docker.registry.name -}}{{- .Values.nginx.imageName -}}:{{- .Values.nginx.imageTag -}}" 73 | imagePullPolicy: {{ .Values.nginx.imagePullPolicy | quote }} 74 | ports: 75 | - name: http 76 | containerPort: {{ .Values.nginx.httpPort }} 77 | - name: https 78 | containerPort: {{ .Values.nginx.httpsPort }} 79 | volumeMounts: 80 | - name: nginx-conf 81 | mountPath: "/etc/nginx/nginx.conf" 82 | subPath: "nginx.conf" 83 | {{- if or (eq .Values.whisk.ingress.type "NodePort") (eq .Values.whisk.ingress.type "LoadBalancer") }} 84 | - name: nginx-certs 85 | mountPath: "/etc/nginx/certs" 86 | {{- end }} 87 | - name: logs 88 | mountPath: "/logs" 89 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/nginx-svc.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | apiVersion: v1 19 | kind: Service 20 | metadata: 21 | {{- if eq .Values.whisk.ingress.type "LoadBalancer" }} 22 | annotations: 23 | {{- range $key, $value := .Values.whisk.ingress.annotations }} 24 | {{ $key }}: {{ $value | quote }} 25 | {{- end }} 26 | {{- end }} 27 | name: {{ .Release.Name }}-nginx 28 | labels: 29 | name: {{ .Release.Name }}-nginx 30 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 31 | spec: 32 | {{- if eq .Values.whisk.ingress.type "LoadBalancer" }} 33 | type: LoadBalancer 34 | {{- else if eq .Values.whisk.ingress.type "NodePort" }} 35 | type: NodePort 36 | {{- end }} 37 | selector: 38 | name: {{ .Release.Name }}-nginx 39 | ports: 40 | - port: {{ .Values.nginx.httpPort }} 41 | name: http 42 | targetPort: http 43 | - port: {{ .Values.nginx.httpsPort }} 44 | {{- if eq .Values.whisk.ingress.type "NodePort" }} 45 | nodePort: {{ .Values.nginx.httpsNodePort }} 46 | {{- end }} 47 | name: https 48 | {{- if eq .Values.whisk.ingress.awsSSL "true"}} 49 | targetPort: http 50 | {{- else }} 51 | targetPort: https 52 | {{- end}} 53 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/ow-db-cm.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | apiVersion: v1 19 | kind: ConfigMap 20 | metadata: 21 | name: {{ .Release.Name }}-db.config 22 | labels: 23 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 24 | data: 25 | db_prefix: {{ .Values.db.dbPrefix | quote }} 26 | db_protocol: {{ .Values.db.protocol | quote }} 27 | db_provider: {{ .Values.db.provider | quote }} 28 | db_host: {{ include "openwhisk.db_host" . | quote }} 29 | db_port: {{ .Values.db.port | quote }} 30 | db_url: "{{ .Values.db.protocol }}://{{ include "openwhisk.db_host" . }}:{{ .Values.db.port }}" 31 | db_host_port: "{{ include "openwhisk.db_host" . }}:{{ .Values.db.port }}" 32 | db_whisk_actions: {{ .Values.db.actionsTable | quote }} 33 | db_whisk_activations: {{ .Values.db.activationsTable | quote }} 34 | db_whisk_auths: {{ .Values.db.authsTable | quote }} 35 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/ow-db-secret.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | apiVersion: v1 19 | kind: Secret 20 | metadata: 21 | name: {{ .Release.Name }}-db.auth 22 | labels: 23 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 24 | type: Opaque 25 | data: 26 | db_username: {{ .Values.db.auth.username | b64enc }} 27 | db_password: {{ .Values.db.auth.password | b64enc }} 28 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/ow-docker-registry-secret.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if ne .Values.docker.registry.name "" }} 19 | apiVersion: v1 20 | kind: Secret 21 | metadata: 22 | name: {{ .Release.Name }}-docker.registry.auth 23 | labels: 24 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 25 | type: Opaque 26 | data: 27 | docker_registry_username: {{ .Values.docker.registry.username | b64enc }} 28 | docker_registry_password: {{ .Values.docker.registry.password | b64enc }} 29 | {{- end -}} 30 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/ow-whisk-cm.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | apiVersion: v1 19 | kind: ConfigMap 20 | metadata: 21 | name: {{ .Release.Name }}-whisk.config 22 | labels: 23 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 24 | data: 25 | whisk_info_date: {{ .Values.whisk.versions.openwhisk.buildDate | quote }} 26 | whisk_info_buildNo: {{ .Values.whisk.versions.openwhisk.buildNo | quote }} 27 | whisk_cli_version_tag: {{ .Values.whisk.versions.openwhiskCli.tag | quote }} 28 | whisk_system_namespace: {{ .Values.whisk.systemNameSpace | quote }} 29 | whisk_external_api_host_proto: {{ .Values.whisk.ingress.apiHostProto | quote }} 30 | whisk_external_api_host_port: {{ .Values.whisk.ingress.apiHostPort | quote }} 31 | whisk_external_api_host_name: {{ .Values.whisk.ingress.apiHostName | quote }} 32 | whisk_external_api_host_nameAndPort: "{{ .Values.whisk.ingress.apiHostName }}:{{ .Values.whisk.ingress.apiHostPort }}" 33 | whisk_external_api_host_url: "{{ .Values.whisk.ingress.apiHostProto }}://{{ .Values.whisk.ingress.apiHostName }}:{{ .Values.whisk.ingress.apiHostPort }}" 34 | {{- if .Values.whisk.ingress.useInternally }} 35 | whisk_internal_api_host_proto: {{ .Values.whisk.ingress.apiHostProto | quote }} 36 | whisk_internal_api_host_port: {{ .Values.whisk.ingress.apiHostPort | quote }} 37 | whisk_internal_api_host_name: {{ .Values.whisk.ingress.apiHostName | quote }} 38 | whisk_internal_api_host_nameAndPort: "{{ .Values.whisk.ingress.apiHostName }}:{{ .Values.whisk.ingress.apiHostPort }}" 39 | whisk_internal_api_host_url: "{{ .Values.whisk.ingress.apiHostProto }}://{{ .Values.whisk.ingress.apiHostName }}:{{ .Values.whisk.ingress.apiHostPort }}" 40 | {{- else }} 41 | whisk_internal_api_host_proto: "http" 42 | whisk_internal_api_host_port: {{ .Values.nginx.httpPort | quote }} 43 | whisk_internal_api_host_name: "{{ .Release.Name }}-nginx.{{ .Release.Namespace }}.svc.{{ .Values.k8s.domain }}" 44 | whisk_internal_api_host_nameAndPort: "{{ .Release.Name }}-nginx.{{ .Release.Namespace }}.svc.{{ .Values.k8s.domain }}:{{ .Values.nginx.httpPort }}" 45 | whisk_internal_api_host_url: "http://{{ .Release.Name }}-nginx.{{ .Release.Namespace }}.svc.{{ .Values.k8s.domain }}:{{ .Values.nginx.httpPort }}" 46 | {{- end }} 47 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/ow-whisk-secret.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | apiVersion: v1 19 | kind: Secret 20 | metadata: 21 | name: {{ .Release.Name }}-whisk.auth 22 | labels: 23 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 24 | type: Opaque 25 | data: 26 | system: {{ .Values.whisk.auth.system | b64enc }} 27 | guest: {{ .Values.whisk.auth.guest | b64enc }} 28 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/private-registry-secret.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if ne .Values.docker.registry.name "" }} 19 | 20 | apiVersion: v1 21 | kind: Secret 22 | metadata: 23 | name: {{ .Release.Name }}-private-registry.auth 24 | labels: 25 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 26 | type: kubernetes.io/dockerconfigjson 27 | data: 28 | .dockerconfigjson: {{ template "openwhisk.dockerRegistrySecret" . }} 29 | {{- end }} 30 | 31 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/prometheus-cm.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if or .Values.metrics.prometheusEnabled .Values.metrics.userMetricsEnabled }} 19 | apiVersion: v1 20 | kind: ConfigMap 21 | metadata: 22 | name: {{ .Release.Name }}-prometheus-configuration 23 | labels: 24 | name: {{ .Release.Name }}-prometheus-configuration 25 | data: 26 | {{ (.Files.Glob "configMapFiles/prometheus/prometheus.yaml").AsConfig | indent 2 }} 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/prometheus-pod.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if or .Values.metrics.prometheusEnabled .Values.metrics.userMetricsEnabled }} 19 | apiVersion: apps/v1 20 | kind: StatefulSet 21 | metadata: 22 | name: {{ .Release.Name }}-prometheus-server 23 | labels: 24 | name: {{ .Release.Name }}-prometheus-server 25 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 26 | spec: 27 | serviceName: {{ .Release.Name }}-prometheus-server 28 | replicas: {{ .Values.prometheus.replicaCount }} 29 | selector: 30 | matchLabels: 31 | name: {{ .Release.Name }}-prometheus-server 32 | template: 33 | metadata: 34 | labels: 35 | name: {{ .Release.Name }}-prometheus-server 36 | {{ include "openwhisk.label_boilerplate" . | indent 8 }} 37 | spec: 38 | restartPolicy: {{ .Values.user_events.restartPolicy }} 39 | {{- if .Values.affinity.enabled }} 40 | affinity: 41 | {{ include "openwhisk.affinity.core" . | indent 8 }} 42 | {{ include "openwhisk.affinity.selfAntiAffinity" ( printf "%s-prometheus-server" .Release.Name ) | indent 8 }} 43 | {{- end }} 44 | 45 | {{- if .Values.toleration.enabled }} 46 | tolerations: 47 | {{ include "openwhisk.toleration.core" . | indent 8 }} 48 | {{- end }} 49 | 50 | securityContext: 51 | fsGroup: 2000 52 | runAsUser: 1000 53 | runAsNonRoot: true 54 | serviceAccountName: {{ .Release.Name }}-prometheus-server 55 | containers: 56 | - name: prometheus 57 | imagePullPolicy: {{ .Values.prometheus.imagePullPolicy | quote }} 58 | image: "{{- .Values.docker.registry.name -}}{{- .Values.prometheus.imageName -}}:{{- .Values.prometheus.imageTag -}}" 59 | args: 60 | - "--config.file=/etc/prometheus/prometheus.yaml" 61 | - "--storage.tsdb.path={{ .Values.prometheus.persistentVolume.mountPath }}" 62 | ports: 63 | - containerPort: {{ .Values.prometheus.port }} 64 | livenessProbe: 65 | httpGet: 66 | path: /-/healthy 67 | port: {{ .Values.prometheus.port }} 68 | initialDelaySeconds: 30 69 | timeoutSeconds: 5 70 | readinessProbe: 71 | httpGet: 72 | path: /-/healthy 73 | port: {{ .Values.prometheus.port }} 74 | 75 | volumeMounts: 76 | - name: prometheus-config-volume 77 | mountPath: /etc/prometheus/ 78 | - name: prometheus-storage-volume 79 | mountPath: {{ .Values.prometheus.persistentVolume.mountPath }} 80 | 81 | volumes: 82 | - name: prometheus-config-volume 83 | configMap: 84 | name: "{{ .Release.Name }}-prometheus-configuration" 85 | - name: prometheus-storage-volume 86 | {{- if and .Values.k8s.persistence.enabled (eq (int .Values.prometheus.replicaCount) 1) }} 87 | persistentVolumeClaim: 88 | claimName: "{{ .Release.Name }}-prometheus-pvc" 89 | {{- else }} 90 | emptyDir: {} 91 | {{- end }} 92 | {{- end }} 93 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/prometheus-pvc.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if and .Values.k8s.persistence.enabled (eq (int .Values.prometheus.replicaCount) 1 ) }} 19 | {{ if or .Values.metrics.prometheusEnabled .Values.metrics.userMetricsEnabled }} 20 | apiVersion: v1 21 | kind: PersistentVolumeClaim 22 | metadata: 23 | name: {{ .Release.Name }}-prometheus-pvc 24 | labels: 25 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 26 | spec: 27 | {{- if not .Values.k8s.persistence.hasDefaultStorageClass }} 28 | storageClassName: {{ .Values.k8s.persistence.explicitStorageClass }} 29 | {{- end }} 30 | accessModes: 31 | - ReadWriteOnce 32 | resources: 33 | requests: 34 | storage: {{ .Values.prometheus.persistence.size }} 35 | {{- end }} 36 | {{- end }} 37 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/prometheus-role.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if or .Values.metrics.prometheusEnabled .Values.metrics.userMetricsEnabled }} 19 | apiVersion: rbac.authorization.k8s.io/v1 20 | kind: ClusterRole 21 | metadata: 22 | name: {{ .Release.Name }}-prometheus-server 23 | rules: 24 | - apiGroups: [""] 25 | resources: 26 | - services 27 | - endpoints 28 | - pods 29 | verbs: ["get", "list", "watch"] 30 | {{- end }} 31 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/prometheus-rolebind.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if or .Values.metrics.prometheusEnabled .Values.metrics.userMetricsEnabled }} 19 | apiVersion: rbac.authorization.k8s.io/v1 20 | kind: ClusterRoleBinding 21 | metadata: 22 | name: {{ .Release.Name }}-prometheus-server 23 | roleRef: 24 | apiGroup: rbac.authorization.k8s.io 25 | kind: ClusterRole 26 | name: {{ .Release.Name }}-prometheus-server 27 | subjects: 28 | - kind: ServiceAccount 29 | name: {{ .Release.Name }}-prometheus-server 30 | namespace: {{ .Release.Namespace }} 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/prometheus-svc.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if or .Values.metrics.prometheusEnabled .Values.metrics.userMetricsEnabled }} 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: {{ .Release.Name }}-prometheus-server 23 | annotations: 24 | prometheus.io/scrape: 'true' 25 | prometheus.io/port: '{{ .Values.prometheus.port }}' 26 | spec: 27 | selector: 28 | name: {{ .Release.Name }}-prometheus-server 29 | ports: 30 | - port: {{ .Values.prometheus.port }} 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/prometheus-svcacct.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if or .Values.metrics.prometheusEnabled .Values.metrics.userMetricsEnabled }} 19 | apiVersion: v1 20 | kind: ServiceAccount 21 | metadata: 22 | name: {{ .Release.Name }}-prometheus-server 23 | {{- end}} 24 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/provider-alarm-pvc.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if and .Values.providers.alarm.enabled .Values.k8s.persistence.enabled }} 19 | apiVersion: v1 20 | kind: PersistentVolumeClaim 21 | metadata: 22 | name: {{ .Release.Name }}-alarmprovider-pvc 23 | labels: 24 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 25 | spec: 26 | {{- if not .Values.k8s.persistence.hasDefaultStorageClass }} 27 | storageClassName: {{ .Values.k8s.persistence.explicitStorageClass }} 28 | {{- end }} 29 | accessModes: 30 | - ReadWriteOnce 31 | resources: 32 | requests: 33 | storage: {{ .Values.providers.alarm.persistence.size }} 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/provider-kafka-pod.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if .Values.providers.kafka.enabled }} 19 | apiVersion: apps/v1 20 | kind: Deployment 21 | metadata: 22 | name: {{ .Release.Name }}-kafkaprovider 23 | labels: 24 | name: {{ .Release.Name }}-kafkaprovider 25 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 26 | spec: 27 | replicas: {{ .Values.providers.kafka.replicaCount }} 28 | selector: 29 | matchLabels: 30 | name: {{ .Release.Name }}-kafkaprovider 31 | template: 32 | metadata: 33 | labels: 34 | name: {{ .Release.Name }}-kafkaprovider 35 | {{ include "openwhisk.label_boilerplate" . | indent 8 }} 36 | spec: 37 | restartPolicy: {{ .Values.providers.kafka.restartPolicy }} 38 | {{- if .Values.affinity.enabled }} 39 | affinity: 40 | {{ include "openwhisk.affinity.provider" . | indent 8 }} 41 | {{- end }} 42 | initContainers: 43 | # Wait for a controller to be up (which implies couchdb and kafka are up as well). 44 | {{ include "openwhisk.readiness.waitForController" . | indent 6 }} 45 | {{ include "openwhisk.docker.imagePullSecrets" . | indent 6 }} 46 | containers: 47 | - name: kafkaprovider 48 | image: "{{- .Values.docker.registry.name -}}{{- .Values.providers.kafka.imageName -}}:{{- .Values.providers.kafka.imageTag -}}" 49 | imagePullPolicy: {{ .Values.providers.kafka.imagePullPolicy | quote }} 50 | ports: 51 | - name: kafkaprovider 52 | containerPort: {{ .Values.providers.kafka.apiPort }} 53 | env: 54 | {{- if .Values.providers.db.external }} 55 | # Config database using the external instance 56 | - name: "DB_URL" 57 | value: {{ .Values.providers.db.protocol }}://{{ .Values.providers.db.host }}:{{ .Values.providers.db.port }} 58 | - name: "DB_USER" 59 | value: {{ .Values.providers.db.username | quote }} 60 | - name: "DB_PASS" 61 | value: {{ .Values.providers.db.password | quote }} 62 | {{- else }} 63 | # Config database using the same openwhisk couchdb instance 64 | - name: "DB_URL" 65 | valueFrom: 66 | configMapKeyRef: 67 | name: {{ .Release.Name }}-db.config 68 | key: db_url 69 | - name: "DB_USER" 70 | valueFrom: 71 | secretKeyRef: 72 | name: {{ .Release.Name }}-db.auth 73 | key: db_username 74 | - name: "DB_PASS" 75 | valueFrom: 76 | secretKeyRef: 77 | name: {{ .Release.Name }}-db.auth 78 | key: db_password 79 | {{- end }} 80 | - name: "DB_PREFIX" 81 | value: {{ .Values.providers.kafka.dbPrefix | quote }} 82 | - name: "LOCAL_DEV" 83 | value: "true" 84 | - name: "ROUTER_HOST" 85 | valueFrom: 86 | configMapKeyRef: 87 | name: {{ .Release.Name }}-whisk.config 88 | key: whisk_internal_api_host_nameAndPort 89 | - name: "ENDPOINT_AUTH" 90 | valueFrom: 91 | configMapKeyRef: 92 | name: {{ .Release.Name }}-whisk.config 93 | key: whisk_internal_api_host_nameAndPort 94 | {{- end }} 95 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/redis-pod.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if not .Values.redis.external }} 19 | apiVersion: apps/v1 20 | kind: Deployment 21 | metadata: 22 | name: {{ .Release.Name }}-redis 23 | labels: 24 | name: {{ .Release.Name }}-redis 25 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 26 | spec: 27 | replicas: {{ .Values.redis.replicaCount }} 28 | selector: 29 | matchLabels: 30 | name: {{ .Release.Name }}-redis 31 | {{- if .Values.k8s.persistence.enabled }} 32 | strategy: 33 | type: "Recreate" 34 | {{- end }} 35 | template: 36 | metadata: 37 | labels: 38 | name: {{ .Release.Name }}-redis 39 | {{ include "openwhisk.label_boilerplate" . | indent 8 }} 40 | spec: 41 | restartPolicy: {{ .Values.redis.restartPolicy }} 42 | 43 | {{- if .Values.affinity.enabled }} 44 | affinity: 45 | {{ include "openwhisk.affinity.core" . | indent 8 }} 46 | {{ include "openwhisk.affinity.selfAntiAffinity" ( printf "%s-redis" .Release.Name | quote ) | indent 8 }} 47 | {{- end }} 48 | 49 | {{- if .Values.toleration.enabled }} 50 | tolerations: 51 | {{ include "openwhisk.toleration.core" . | indent 8 }} 52 | {{- end }} 53 | 54 | {{- if .Values.k8s.persistence.enabled }} 55 | volumes: 56 | - name: redis-data 57 | persistentVolumeClaim: 58 | claimName: {{ .Release.Name }}-redis-pvc 59 | {{- end }} 60 | 61 | {{- if .Values.k8s.persistence.enabled }} 62 | initContainers: 63 | - name: redis-init 64 | image: "{{- .Values.docker.registry.name -}}{{- .Values.busybox.imageName -}}:{{- .Values.busybox.imageTag -}}" 65 | command: 66 | - chown 67 | - -v 68 | - -R 69 | - 999:999 70 | - /data 71 | volumeMounts: 72 | - mountPath: /data 73 | name: redis-data 74 | readOnly: false 75 | {{- end }} 76 | {{ include "openwhisk.docker.imagePullSecrets" . | indent 6 }} 77 | containers: 78 | - name: redis 79 | image: "{{- .Values.docker.registry.name -}}{{- .Values.redis.imageName -}}:{{- .Values.redis.imageTag -}}" 80 | imagePullPolicy: {{ .Values.redis.imagePullPolicy | quote }} 81 | {{- if .Values.k8s.persistence.enabled }} 82 | volumeMounts: 83 | - mountPath: /data 84 | name: redis-data 85 | readOnly: false 86 | {{- end }} 87 | ports: 88 | - name: redis 89 | containerPort: {{ .Values.redis.port }} 90 | {{ end }} 91 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/redis-pvc.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if and (not .Values.redis.external) .Values.k8s.persistence.enabled }} 19 | apiVersion: v1 20 | kind: PersistentVolumeClaim 21 | metadata: 22 | name: {{ .Release.Name }}-redis-pvc 23 | labels: 24 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 25 | spec: 26 | {{- if not .Values.k8s.persistence.hasDefaultStorageClass }} 27 | storageClassName: {{ .Values.k8s.persistence.explicitStorageClass }} 28 | {{- end }} 29 | accessModes: 30 | - ReadWriteOnce 31 | resources: 32 | requests: 33 | storage: {{ .Values.redis.persistence.size }} 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/redis-svc.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if not .Values.redis.external }} 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: {{ .Release.Name }}-redis 23 | labels: 24 | name: {{ .Release.Name }}-redis 25 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 26 | spec: 27 | selector: 28 | name: {{ .Release.Name }}-redis 29 | ports: 30 | - port: {{ .Values.redis.port }} 31 | name: redis 32 | {{ end }} 33 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/scheduler-pdb.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if .Values.scheduler.enabled }} 19 | {{- if and .Values.pdb.enable (gt (int .Values.scheduler.replicaCount) 1) }} 20 | --- 21 | apiVersion: policy/v1beta1 22 | kind: PodDisruptionBudget 23 | metadata: 24 | name: {{ .Release.Name }}-scheduler-pdb 25 | labels: 26 | name: {{ .Release.Name }}-scheduler-pdb 27 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 28 | spec: 29 | selector: 30 | matchLabels: 31 | name: {{ .Release.Name }}-scheduler 32 | maxUnavailable: {{ .Values.pdb.scheduler.maxUnavailable | default 1 }} 33 | {{- end }} 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/scheduler-svc.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if .Values.scheduler.enabled }} 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: {{ .Release.Name }}-scheduler 23 | labels: 24 | name: {{ .Release.Name }}-scheduler 25 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 26 | spec: 27 | selector: 28 | name: {{ .Release.Name }}-scheduler 29 | ports: 30 | - port: {{ .Values.scheduler.endpoints.port }} 31 | name: http 32 | - port: {{ .Values.scheduler.endpoints.rpcPort }} 33 | name: grpc 34 | - port: {{ .Values.scheduler.endpoints.akkaPort }} 35 | name: akka 36 | {{- end }} 37 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/tests/package-checker-cm.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if .Values.whisk.testing.includeTests }} 19 | apiVersion: v1 20 | kind: ConfigMap 21 | metadata: 22 | name: {{ .Release.Name }}-tests-package-checker 23 | labels: 24 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 25 | data: 26 | {{ (.Files.Glob "configMapFiles/tests/packageChecker/myTask.sh").AsConfig | indent 2 }} 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/tests/package-checker-pod.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if .Values.whisk.testing.includeTests }} 19 | apiVersion: v1 20 | kind: Pod 21 | metadata: 22 | name: {{ .Release.Name }}-tests-package-checker 23 | labels: 24 | name: {{ .Release.Name }}-tests-package-checker 25 | ow-testpod: "true" 26 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 27 | annotations: 28 | "helm.sh/hook": test-success 29 | spec: 30 | restartPolicy: Never 31 | volumes: 32 | - name: task-dir 33 | configMap: 34 | name: {{ .Release.Name }}-tests-package-checker 35 | {{ include "openwhisk.docker.imagePullSecrets" . | indent 2 }} 36 | containers: 37 | - name: package-checker 38 | image: "{{- .Values.docker.registry.name -}}{{- .Values.utility.imageName -}}:{{- .Values.utility.imageTag -}}" 39 | imagePullPolicy: {{ .Values.utility.imagePullPolicy | quote }} 40 | command: ["/bin/bash", "/task/myTask.sh"] 41 | volumeMounts: 42 | - name: task-dir 43 | mountPath: "/task/myTask.sh" 44 | subPath: "myTask.sh" 45 | env: 46 | - name: "WSK_AUTH" 47 | valueFrom: 48 | secretKeyRef: 49 | name: {{ .Release.Name }}-whisk.auth 50 | key: guest 51 | - name: "WSK_API_HOST_URL" 52 | valueFrom: 53 | configMapKeyRef: 54 | name: {{ .Release.Name }}-whisk.config 55 | key: whisk_internal_api_host_url 56 | 57 | # Which of the providers was installed (and thus should be checked)? 58 | - name: "OW_INSTALL_ALARM_PROVIDER" 59 | value: {{ if .Values.providers.alarm.enabled }} "yes" {{ else }} "no" {{ end }} 60 | - name: "OW_INSTALL_KAFKA_PROVIDER" 61 | value: {{ if .Values.providers.kafka.enabled }} "yes" {{ else }} "no" {{ end }} 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/tests/smoketest-cm.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if .Values.whisk.testing.includeTests }} 19 | apiVersion: v1 20 | kind: ConfigMap 21 | metadata: 22 | name: {{ .Release.Name }}-tests-smoketest 23 | labels: 24 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 25 | data: 26 | {{ (.Files.Glob "configMapFiles/tests/smoketest/myTask.sh").AsConfig | indent 2 }} 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/tests/smoketest-pod.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if .Values.whisk.testing.includeTests }} 19 | apiVersion: v1 20 | kind: Pod 21 | metadata: 22 | name: {{ .Release.Name }}-tests-smoketest 23 | labels: 24 | name: {{ .Release.Name }}-tests-smoketest 25 | ow-testpod: "true" 26 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 27 | annotations: 28 | "helm.sh/hook": test-success 29 | spec: 30 | restartPolicy: Never 31 | volumes: 32 | - name: task-dir 33 | configMap: 34 | name: {{ .Release.Name }}-tests-smoketest 35 | {{ include "openwhisk.docker.imagePullSecrets" . | indent 2 }} 36 | containers: 37 | - name: smoketest 38 | image: "{{- .Values.docker.registry.name -}}{{- .Values.utility.imageName -}}:{{- .Values.utility.imageTag -}}" 39 | imagePullPolicy: {{ .Values.utility.imagePullPolicy | quote }} 40 | command: ["/bin/bash", "/task/myTask.sh"] 41 | volumeMounts: 42 | - name: task-dir 43 | mountPath: "/task/myTask.sh" 44 | subPath: "myTask.sh" 45 | env: 46 | - name: "WSK_AUTH" 47 | valueFrom: 48 | secretKeyRef: 49 | name: {{ .Release.Name }}-whisk.auth 50 | key: guest 51 | - name: "WSK_API_HOST_URL" 52 | valueFrom: 53 | configMapKeyRef: 54 | name: {{ .Release.Name }}-whisk.config 55 | key: whisk_internal_api_host_url 56 | {{- end }} 57 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/tests/systemtest-cm.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if .Values.whisk.testing.includeSystemTests }} 19 | apiVersion: v1 20 | kind: ConfigMap 21 | metadata: 22 | name: {{ .Release.Name }}-tests-systemtest 23 | labels: 24 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 25 | data: 26 | {{ (.Files.Glob "configMapFiles/tests/systemTest/myTask.sh").AsConfig | indent 2 }} 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/tests/systemtest-pod.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if .Values.whisk.testing.includeSystemTests }} 19 | apiVersion: v1 20 | kind: Pod 21 | metadata: 22 | name: {{ .Release.Name }}-tests-systemtest 23 | labels: 24 | name: {{ .Release.Name }}-tests-systemtest 25 | ow-testpod: "true" 26 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 27 | annotations: 28 | "helm.sh/hook": test-success 29 | spec: 30 | restartPolicy: Never 31 | volumes: 32 | - name: task-dir 33 | configMap: 34 | name: {{ .Release.Name }}-tests-systemtest 35 | {{ include "openwhisk.docker.imagePullSecrets" . | indent 2 }} 36 | containers: 37 | - name: systemtest 38 | image: "{{- .Values.docker.registry.name -}}{{- .Values.utility.imageName -}}:{{- .Values.utility.imageTag -}}" 39 | imagePullPolicy: {{ .Values.utility.imagePullPolicy | quote }} 40 | command: ["/bin/bash", "/task/myTask.sh"] 41 | volumeMounts: 42 | - name: task-dir 43 | mountPath: "/task/myTask.sh" 44 | subPath: "myTask.sh" 45 | env: 46 | - name: "WSK_AUTH" 47 | valueFrom: 48 | secretKeyRef: 49 | name: {{ .Release.Name }}-whisk.auth 50 | key: guest 51 | - name: "WSK_API_HOST_URL" 52 | valueFrom: 53 | configMapKeyRef: 54 | name: {{ .Release.Name }}-whisk.config 55 | key: whisk_internal_api_host_url 56 | - name: "OW_GIT_TAG_OPENWHISK" 57 | value: {{ .Values.whisk.versions.openwhisk.gitTag | quote }} 58 | {{- end }} 59 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/user-events-pod.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if .Values.metrics.userMetricsEnabled }} 19 | apiVersion: apps/v1 20 | kind: Deployment 21 | metadata: 22 | name: {{ .Release.Name }}-user-events 23 | labels: 24 | name: {{ .Release.Name }}-user-events 25 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 26 | spec: 27 | replicas: {{ .Values.user_events.replicaCount }} 28 | selector: 29 | matchLabels: 30 | name: {{ .Release.Name }}-user-events 31 | template: 32 | metadata: 33 | labels: 34 | name: {{ .Release.Name }}-user-events 35 | {{ include "openwhisk.label_boilerplate" . | indent 8 }} 36 | annotations: 37 | prometheus.io/scrape: 'true' 38 | prometheus.io/port: '{{ .Values.user_events.port }}' 39 | spec: 40 | restartPolicy: {{ .Values.user_events.restartPolicy }} 41 | 42 | {{- if and .Values.affinity.enabled .Values.metrics.userMetricsEnabled }} 43 | affinity: 44 | {{ include "openwhisk.affinity.core" . | indent 8 }} 45 | {{ include "openwhisk.affinity.selfAntiAffinity" ( printf "%s-user-events" .Release.Name ) | indent 8 }} 46 | {{- end }} 47 | 48 | {{- if .Values.toleration.enabled }} 49 | tolerations: 50 | {{ include "openwhisk.toleration.core" . | indent 8 }} 51 | {{- end }} 52 | 53 | containers: 54 | - name: user-events 55 | imagePullPolicy: {{ .Values.user_events.imagePullPolicy | quote }} 56 | image: "{{- .Values.docker.registry.name -}}{{- .Values.user_events.imageName -}}:{{- .Values.user_events.imageTag -}}" 57 | env: 58 | - name: "KAFKA_HOSTS" 59 | value: "{{ include "openwhisk.kafka_connect" . }}" 60 | {{ include "openwhisk.kafkaConfigEnvVars" . | indent 10 }} 61 | ports: 62 | - containerPort: {{ .Values.user_events.port }} 63 | livenessProbe: 64 | httpGet: 65 | path: /ping 66 | port: {{ .Values.user_events.port }} 67 | initialDelaySeconds: 30 68 | timeoutSeconds: 5 69 | readinessProbe: 70 | httpGet: 71 | path: /ping 72 | port: {{ .Values.user_events.port }} 73 | {{- end }} 74 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/user-events-svc.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if .Values.metrics.userMetricsEnabled }} 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: {{ .Release.Name }}-user-events 23 | labels: 24 | name: {{ .Release.Name }}-user-events 25 | spec: 26 | selector: 27 | name: {{ .Release.Name }}-user-events 28 | ports: 29 | - port: {{ .Values.user_events.port }} 30 | name: http 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/wskadmin-pod.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | apiVersion: v1 19 | kind: Pod 20 | metadata: 21 | name: {{ .Release.Name }}-wskadmin 22 | labels: 23 | name: {{ .Release.Name }}-wskadmin 24 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 25 | spec: 26 | restartPolicy: Always 27 | {{ include "openwhisk.docker.imagePullSecrets" . | indent 2 }} 28 | containers: 29 | - name: wskadmin 30 | image: "{{- .Values.docker.registry.name -}}{{- .Values.utility.imageName -}}:{{- .Values.utility.imageTag -}}" 31 | imagePullPolicy: {{ .Values.utility.imagePullPolicy | quote }} 32 | command: ["/bin/bash", "-c", "tail -f /dev/null"] 33 | env: 34 | - name: "WHISK_LOGS_DIR" 35 | value: "/var/log" 36 | # Provider database configuration 37 | {{- if .Values.providers.db.external }} 38 | # Use an external CouchDB instance for the providers 39 | - name: "DB_PROTOCOL" 40 | value: {{ .Values.providers.db.protocol | quote }} 41 | - name: "DB_HOST" 42 | value: {{ .Values.providers.db.host | quote }} 43 | - name: "DB_USERNAME" 44 | value: {{ .Values.providers.db.username | quote }} 45 | - name: "DB_PASSWORD" 46 | value: {{ .Values.providers.db.password | quote }} 47 | - name: "DB_PORT" 48 | value: {{ .Values.providers.db.port | quote }} 49 | {{- else }} 50 | # Use the internally deployed CouchDB service for the providers 51 | - name: "DB_HOST" 52 | valueFrom: 53 | configMapKeyRef: 54 | name: {{ .Release.Name }}-db.config 55 | key: db_host 56 | - name: "DB_PROTOCOL" 57 | valueFrom: 58 | configMapKeyRef: 59 | name: {{ .Release.Name }}-db.config 60 | key: db_protocol 61 | - name: "DB_PORT" 62 | valueFrom: 63 | configMapKeyRef: 64 | name: {{ .Release.Name }}-db.config 65 | key: db_port 66 | - name: "DB_USERNAME" 67 | valueFrom: 68 | secretKeyRef: 69 | name: {{ .Release.Name }}-db.auth 70 | key: db_username 71 | - name: "DB_PASSWORD" 72 | valueFrom: 73 | secretKeyRef: 74 | name: {{ .Release.Name }}-db.auth 75 | key: db_password 76 | {{ end }} 77 | - name: "DB_WHISK_ACTIONS" 78 | {{- if .Values.providers.db.whisk_actions }} 79 | value: {{ .Values.providers.db.whisk_actions }} 80 | {{ else }} 81 | valueFrom: 82 | configMapKeyRef: 83 | name: {{ .Release.Name }}-db.config 84 | key: db_whisk_actions 85 | {{ end }} 86 | - name: "DB_WHISK_AUTHS" 87 | {{- if .Values.providers.db.whisk_auths }} 88 | value: {{ .Values.providers.db.whisk_auths }} 89 | {{ else }} 90 | valueFrom: 91 | configMapKeyRef: 92 | name: {{ .Release.Name }}-db.config 93 | key: db_whisk_auths 94 | {{ end }} 95 | - name: "DB_WHISK_ACTIVATIONS" 96 | {{- if .Values.providers.db.whisk_activations }} 97 | value: {{ .Values.providers.db.whisk_activations }} 98 | {{ else }} 99 | valueFrom: 100 | configMapKeyRef: 101 | name: {{ .Release.Name }}-db.config 102 | key: db_whisk_activations 103 | {{ end }} 104 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/zookeeper-cm.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if add (not .Values.controller.lean) (not .Values.zookeeper.external) }} 19 | --- 20 | apiVersion: v1 21 | kind: ConfigMap 22 | metadata: 23 | name: {{ .Release.Name }}-zookeeper 24 | labels: 25 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 26 | data: 27 | zoo.cfg: | 28 | tickTime={{ .Values.zookeeper.config.tickTime }} 29 | clientPort={{ .Values.zookeeper.port }} 30 | initLimit={{ .Values.zookeeper.config.initLimit }} 31 | syncLimit={{ .Values.zookeeper.config.syncLimit }} 32 | dataDir={{ .Values.zookeeper.config.dataDir }} 33 | dataLogDir={{ .Values.zookeeper.config.dataLogDir }} 34 | {{- $kubeDomain := .Values.k8s.domain }} 35 | {{- $zkname := printf "%s-zookeeper" .Release.Name }} 36 | {{- $zkserverport := .Values.zookeeper.serverPort }} 37 | {{- $zkelectionport := .Values.zookeeper.leaderElectionPort }} 38 | {{- range $i, $e := until (int .Values.zookeeper.replicaCount) }} 39 | server.{{ . }}={{ $zkname }}-{{ . }}.{{ $zkname }}.{{ $.Release.Namespace }}.svc.{{ $kubeDomain }}:{{ $zkserverport }}:{{ $zkelectionport }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/zookeeper-pdb.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if and .Values.pdb.enable (gt (int .Values.zookeeper.replicaCount) 1) (not .Values.zookeeper.external) }} 19 | --- 20 | apiVersion: policy/v1beta1 21 | kind: PodDisruptionBudget 22 | metadata: 23 | name: {{ .Release.Name }}-zookeeper-pdb 24 | labels: 25 | name: {{ .Release.Name }}-zookeeper-pdb 26 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 27 | spec: 28 | selector: 29 | matchLabels: 30 | name: {{ .Release.Name }}-zookeeper 31 | maxUnavailable: {{ .Values.pdb.zookeeper.maxUnavailable | default 1 }} 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/zookeeper-pvc-data.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if and .Values.k8s.persistence.enabled (eq (int .Values.zookeeper.replicaCount) 1 ) (not .Values.zookeeper.external) }} 19 | apiVersion: v1 20 | kind: PersistentVolumeClaim 21 | metadata: 22 | name: "{{ .Release.Name }}-zookeeper-pvc-data" 23 | labels: 24 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 25 | spec: 26 | {{- if not .Values.k8s.persistence.hasDefaultStorageClass }} 27 | storageClassName: {{ .Values.k8s.persistence.explicitStorageClass }} 28 | {{- end }} 29 | accessModes: 30 | - ReadWriteOnce 31 | resources: 32 | requests: 33 | storage: {{ .Values.zookeeper.persistence.size }} 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/zookeeper-pvc-datalog.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{ if and .Values.k8s.persistence.enabled (eq (int .Values.zookeeper.replicaCount) 1 ) (not .Values.zookeeper.external) }} 19 | apiVersion: v1 20 | kind: PersistentVolumeClaim 21 | metadata: 22 | name: "{{ .Release.Name }}-zookeeper-pvc-datalog" 23 | labels: 24 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 25 | spec: 26 | {{- if not .Values.k8s.persistence.hasDefaultStorageClass }} 27 | storageClassName: {{ .Values.k8s.persistence.explicitStorageClass }} 28 | {{- end }} 29 | accessModes: 30 | - ReadWriteOnce 31 | resources: 32 | requests: 33 | storage: {{ .Values.zookeeper.persistence.size }} 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /helm/openwhisk/templates/zookeeper-svc.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | {{- if and (not .Values.controller.lean) (not .Values.zookeeper.external) }} 19 | --- 20 | apiVersion: v1 21 | kind: Service 22 | metadata: 23 | name: {{ .Release.Name }}-zookeeper 24 | labels: 25 | name: {{ .Release.Name }}-zookeeper 26 | {{ include "openwhisk.label_boilerplate" . | indent 4 }} 27 | spec: 28 | selector: 29 | name: {{ .Release.Name }}-zookeeper 30 | clusterIP: None 31 | ports: 32 | - port: {{ .Values.zookeeper.port }} 33 | name: "zookeeper" 34 | - port: {{ .Values.zookeeper.serverPort }} 35 | name: "server" 36 | - port: {{ .Values.zookeeper.leaderElectionPort }} 37 | name: "leader-election" 38 | {{- end }} 39 | -------------------------------------------------------------------------------- /helm/openwhisk/whiskconfig.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | include classpath("application.conf") 19 | 20 | whisk { 21 | metrics { 22 | prometheus-enabled = true 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /tools/travis/box-upload.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | """Executable Python script for compressing folders to Box. 3 | 4 | Compresses the contents of a folder and upload the result to Box. 5 | 6 | Run this script as: 7 | $ upload-logs.py LOG_DIR DEST_NAME 8 | 9 | e.g.: $ upload-logs.py /tmp/wsklogs logs-5512.tar.gz 10 | 11 | /* 12 | * Licensed to the Apache Software Foundation (ASF) under one or more 13 | * contributor license agreements. See the NOTICE file distributed with 14 | * this work for additional information regarding copyright ownership. 15 | * The ASF licenses this file to You under the Apache License, Version 2.0 16 | * (the "License"); you may not use this file except in compliance with 17 | * the License. You may obtain a copy of the License at 18 | * 19 | * http://www.apache.org/licenses/LICENSE-2.0 20 | * 21 | * Unless required by applicable law or agreed to in writing, software 22 | * distributed under the License is distributed on an "AS IS" BASIS, 23 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 24 | * See the License for the specific language governing permissions and 25 | * limitations under the License. 26 | */ 27 | """ 28 | 29 | from __future__ import print_function 30 | 31 | import os 32 | import subprocess 33 | import sys 34 | import tempfile 35 | import urllib 36 | import humanize 37 | import requests 38 | import hashlib 39 | 40 | 41 | def upload_file(local_file, remote_file): 42 | """Upload file.""" 43 | if remote_file[0] == '/': 44 | remote_file = remote_file[1:] 45 | 46 | url = "http://DamCYhF8.mybluemix.net/upload?%s" % \ 47 | urllib.urlencode({"name": remote_file}) 48 | 49 | r = requests.post(url, 50 | headers={"Content-Type": "application/gzip"}, 51 | data=open(local_file, 'rb')) 52 | 53 | print("Posting result", r) 54 | print(r.text) 55 | 56 | 57 | def tar_gz_dir(dir_path): 58 | """Create TAR (ZIP) of path and its contents.""" 59 | _, dst = tempfile.mkstemp(suffix=".tar.gz") 60 | subprocess.call(["tar", "-cvzf", dst, dir_path]) 61 | return dst 62 | 63 | 64 | def print_tarball_size(tarball): 65 | """Get and print the size of the tarball""" 66 | tarballsize = os.path.getsize(tarball) 67 | print("Size of tarball", tarball, "is", humanize.naturalsize(tarballsize)) 68 | 69 | sha256_hash = hashlib.sha256() 70 | with open(tarball, "rb") as f: 71 | for byte_block in iter(lambda: f.read(4096), b""): 72 | sha256_hash.update(byte_block) 73 | print("SHA256 hash of tarball is", sha256_hash.hexdigest()) 74 | 75 | 76 | if __name__ == "__main__": 77 | dir_path = sys.argv[1] 78 | dst_path = sys.argv[2] 79 | 80 | if not os.path.isdir(dir_path): 81 | print("Directory doesn't exist: %s." % dir_path) 82 | sys.exit(0) 83 | 84 | print("Compressing logs dir...") 85 | tar = tar_gz_dir(dir_path) 86 | print_tarball_size(tar) 87 | 88 | print("Uploading to Box...") 89 | upload_file(tar, dst_path) 90 | -------------------------------------------------------------------------------- /tools/travis/collect-logs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Licensed to the Apache Software Foundation (ASF) under one or more 4 | # contributor license agreements. See the NOTICE file distributed with 5 | # this work for additional information regarding copyright ownership. 6 | # The ASF licenses this file to You under the Apache License, Version 2.0 7 | # (the "License"); you may not use this file except in compliance with 8 | # the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | 19 | set -x 20 | 21 | SCRIPTDIR=$(cd $(dirname "$0") && pwd) 22 | ROOTDIR="$SCRIPTDIR/../../" 23 | 24 | cd $ROOTDIR 25 | 26 | echo "Gathering logs to upload to https://app.box.com/v/openwhisk-travis-logs" 27 | 28 | mkdir logs 29 | 30 | # Logs from all the pods 31 | kubectl -n openwhisk logs -lname=ow4travis-couchdb >& logs/couchdb.log 32 | kubectl -n openwhisk logs -lname=ow4travis-zookeeper >& logs/zookeeper.log 33 | kubectl -n openwhisk logs -lname=ow4travis-kafka >& logs/kafka.log 34 | kubectl -n openwhisk logs -lname=ow4travis-controller >& logs/controller.log 35 | kubectl -n openwhisk logs -lname=ow4travis-scheduler >& logs/scheduler.log 36 | kubectl -n openwhisk logs -lname=ow4travis-invoker -c docker-pull-runtimes >& logs/invoker-docker-pull.log 37 | kubectl -n openwhisk logs -lname=ow4travis-invoker -c invoker >& logs/invoker-invoker.log 38 | kubectl -n openwhisk logs -lname=ow4travis-nginx >& logs/nginx.log 39 | kubectl -n openwhisk logs -lname=ow4travis-install-packages >& logs/install-packages.log 40 | kubectl -n openwhisk logs -lname=ow4travis-init-couchdb >& logs/init-couchdb.log 41 | kubectl logs -n openwhisk -low-testpod=true --tail=-1 >& logs/helm-tests.log 42 | kubectl -n openwhisk logs -lname=ow4travis-alarmprovider >& logs/kafkaprovider.log 43 | kubectl -n openwhisk logs -lname=ow4travis-kafkaprovider >& logs/kafkaprovider.log 44 | kubectl -n openwhisk logs -lname=ow4travis-user-events >& logs/user-events.log 45 | kubectl -n openwhisk logs -lname=ow4travis-prometheus >& logs/prometheus.log 46 | kubectl -n openwhisk logs -lname=ow4travis-grafana >& logs/grafana.log 47 | kubectl get pods --all-namespaces -o wide >& logs/all-pods.txt 48 | -------------------------------------------------------------------------------- /tools/travis/publish-images.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Licensed to the Apache Software Foundation (ASF) under one or more 4 | # contributor license agreements. See the NOTICE file distributed with 5 | # this work for additional information regarding copyright ownership. 6 | # The ASF licenses this file to You under the Apache License, Version 2.0 7 | # (the "License"); you may not use this file except in compliance with 8 | # the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | 19 | set -x 20 | 21 | SCRIPTDIR=$(cd $(dirname "$0") && pwd) 22 | ROOTDIR="$SCRIPTDIR/../../" 23 | 24 | cd $ROOTDIR 25 | -------------------------------------------------------------------------------- /tools/travis/publish.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Licensed to the Apache Software Foundation (ASF) under one or more 4 | # contributor license agreements. See the NOTICE file distributed with 5 | # this work for additional information regarding copyright ownership. 6 | # The ASF licenses this file to You under the Apache License, Version 2.0 7 | # (the "License"); you may not use this file except in compliance with 8 | # the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | 19 | set -exu 20 | 21 | dockerhub_image_prefix="$1" 22 | dockerhub_image_name="$2" 23 | dockerhub_image_tag="$3" 24 | dir_to_build="$4" 25 | dockerhub_image="${dockerhub_image_prefix}/${dockerhub_image_name}:${dockerhub_image_tag}" 26 | 27 | docker login -u "${DOCKER_USER}" -p "${DOCKER_PASSWORD}" 28 | docker build ${dir_to_build} --tag ${dockerhub_image} 29 | docker push ${dockerhub_image} 30 | 31 | if [ ${dockerhub_image_tag} == "nightly" ]; then 32 | short_commit=`git rev-parse --short HEAD` 33 | dockerhub_image_alias="${dockerhub_image_prefix}/${dockerhub_image_name}:${short_commit}" 34 | docker tag ${dockerhub_image} ${dockerhub_image_alias} 35 | docker push ${dockerhub_image_alias} 36 | fi 37 | -------------------------------------------------------------------------------- /tools/travis/run-tests.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Licensed to the Apache Software Foundation (ASF) under one or more 4 | # contributor license agreements. See the NOTICE file distributed with 5 | # this work for additional information regarding copyright ownership. 6 | # The ASF licenses this file to You under the Apache License, Version 2.0 7 | # (the "License"); you may not use this file except in compliance with 8 | # the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | 19 | ### 20 | # Now run the tests provided in the Chart to verify the deployment 21 | ### 22 | if helm test ow4travis -n openwhisk --timeout 40m; then 23 | echo "PASSED! Deployment verification tests passed." 24 | else 25 | echo "FAILED: Deployment verification tests failed." 26 | kubectl logs -n openwhisk -low-testpod=true --tail=-1 27 | exit 1 28 | fi 29 | -------------------------------------------------------------------------------- /tools/travis/scancode.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Licensed to the Apache Software Foundation (ASF) under one or more 4 | # contributor license agreements. See the NOTICE file distributed with 5 | # this work for additional information regarding copyright ownership. 6 | # The ASF licenses this file to You under the Apache License, Version 2.0 7 | # (the "License"); you may not use this file except in compliance with 8 | # the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | 19 | set -e 20 | 21 | # Build script for Travis-CI. 22 | SCRIPTDIR=$(cd $(dirname "$0") && pwd) 23 | ROOTDIR="$SCRIPTDIR/../.." 24 | UTIL_DIR="$ROOTDIR/../openwhisk-utilities" 25 | 26 | # run scancode 27 | cd $UTIL_DIR 28 | scancode/scanCode.py --config scancode/ASF-Release.cfg $ROOTDIR 29 | -------------------------------------------------------------------------------- /tools/travis/setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Licensed to the Apache Software Foundation (ASF) under one or more 4 | # contributor license agreements. See the NOTICE file distributed with 5 | # this work for additional information regarding copyright ownership. 6 | # The ASF licenses this file to You under the Apache License, Version 2.0 7 | # (the "License"); you may not use this file except in compliance with 8 | # the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | 19 | set -x 20 | 21 | HELM_VERSION=v3.2.4 22 | # When changing KIND_VERSION, you must also update the case statement of KIND_NODE_TAG in start-kind.sh 23 | KIND_VERSION=v0.11.1 24 | KUBECTL_VERSION=v1.18.8 25 | WSK_CLI_VERSION=latest 26 | 27 | # Download and install command line tools 28 | pushd /tmp 29 | # kubectl 30 | curl -Lo ./kubectl https://storage.googleapis.com/kubernetes-release/release/$KUBECTL_VERSION/bin/linux/amd64/kubectl 31 | chmod +x kubectl 32 | sudo cp kubectl /usr/local/bin/kubectl 33 | 34 | # kind 35 | curl -Lo ./kind https://github.com/kubernetes-sigs/kind/releases/download/$KIND_VERSION/kind-linux-amd64 36 | chmod +x kind 37 | sudo cp kind /usr/local/bin/kind 38 | 39 | # wsk cli 40 | wget -q https://github.com/apache/openwhisk-cli/releases/download/$WSK_CLI_VERSION/OpenWhisk_CLI-$WSK_CLI_VERSION-linux-amd64.tgz 41 | tar xzf OpenWhisk_CLI-$WSK_CLI_VERSION-linux-amd64.tgz 42 | sudo cp wsk /usr/local/bin/wsk 43 | 44 | # helm3 45 | curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get-helm-3 > get-helm-3.sh && chmod +x get-helm-3.sh && ./get-helm-3.sh --version $HELM_VERSION 46 | popd 47 | 48 | # Install additional python packages for box-upload.py 49 | pip install --user humanize requests 50 | -------------------------------------------------------------------------------- /tools/travis/setupscan.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Licensed to the Apache Software Foundation (ASF) under one or more 4 | # contributor license agreements. See the NOTICE file distributed with 5 | # this work for additional information regarding copyright ownership. 6 | # The ASF licenses this file to You under the Apache License, Version 2.0 7 | # (the "License"); you may not use this file except in compliance with 8 | # the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | 19 | SCRIPTDIR=$(cd $(dirname "$0") && pwd) 20 | HOMEDIR="$SCRIPTDIR/../../../" 21 | 22 | # clone OpenWhisk utilities repo. in order to run scanCode.py 23 | cd $HOMEDIR 24 | git clone https://github.com/apache/openwhisk-utilities.git 25 | --------------------------------------------------------------------------------