From 9422a57b30e5cfc77074f5fe11239bbd1b40af39 Mon Sep 17 00:00:00 2001 From: Francesco Timperi Tiberi Date: Thu, 21 Sep 2023 19:47:53 +0100 Subject: [PATCH 1/3] fix: static ingress configuration was always redirecting to index.html file in nginx-ingress --- actions/Taskfile.yml | 2 +- nuvolaris/minio_static.py | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/actions/Taskfile.yml b/actions/Taskfile.yml index 6846f01..6ff7bc6 100644 --- a/actions/Taskfile.yml +++ b/actions/Taskfile.yml @@ -109,7 +109,7 @@ tasks: upload:webtest2: - > - curl -X PUT -T ../nuvolaris/templates/index.html -H "minioauth: zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG" {{.APIHOST}}/api/v1/web/whisk-system/nuv/upload/nuvolaris/.well-known/index2.html + curl -X PUT -T ../nuvolaris/templates/content.html -H "minioauth: zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG" {{.APIHOST}}/api/v1/web/whisk-system/nuv/upload/nuvolaris/content.html login:all: diff --git a/nuvolaris/minio_static.py b/nuvolaris/minio_static.py index b694934..fb9b63a 100644 --- a/nuvolaris/minio_static.py +++ b/nuvolaris/minio_static.py @@ -34,10 +34,11 @@ def create(owner=None): "name":"nuvolaris-static", "container":"nuvolaris-static", "size":1, + "storageClass": cfg.get('nuvolaris.storageclass'), "dir":"/var/cache/nginx", "minio_host": cfg.get('minio.host') or "minio", "minio_port": cfg.get('minio.port') or "9000", - "applypodsecurity": util.get_enable_pod_security(), + "applypodsecurity": util.get_enable_pod_security() } tplp = ["nginx-static-cm.yaml","nginx-static-sts.yaml","security-set-attach.yaml","set-attach.yaml"] @@ -103,6 +104,7 @@ def deploy_content_ingress_template(namespace, bucket, url): content.with_ingress_name(static_ingress_name(namespace)) content.with_secret_name(static_secret_name(namespace)) content.with_context_path("/") + content.with_context_regexp("(.*)") content.with_prefix_target(f"/{bucket}") content.with_service_name("nuvolaris-static-svc") content.with_service_port("8080") From fd6a2c868677465fe7c2d52457151697ba0bb65e Mon Sep 17 00:00:00 2001 From: Francesco Timperi Tiberi Date: Thu, 21 Sep 2023 19:49:14 +0100 Subject: [PATCH 2/3] fix: kubegres now uses the nuvolaris.storageclass configured values when allocating postgres required volumes --- nuvolaris/templates/postgres.yaml | 1 + nuvolaris/util.py | 14 +++++++++----- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/nuvolaris/templates/postgres.yaml b/nuvolaris/templates/postgres.yaml index f5b0fbb..e51c07f 100644 --- a/nuvolaris/templates/postgres.yaml +++ b/nuvolaris/templates/postgres.yaml @@ -26,6 +26,7 @@ spec: image: postgres:14.1 database: size: {{size}}Gi + storageClassName: {{storageClass}} customConfig: nuvolaris-postgres-conf env: - name: POSTGRES_PASSWORD diff --git a/nuvolaris/util.py b/nuvolaris/util.py index 7bbe403..febd349 100644 --- a/nuvolaris/util.py +++ b/nuvolaris/util.py @@ -360,7 +360,8 @@ def get_postgres_config_data(): 'postgres_nuvolaris_user': "nuvolaris", 'postgres_nuvolaris_password': cfg.get('postgres.nuvolaris.password') or "s0meP@ass3", 'size': cfg.get('postgres.volume-size') or 10, - 'replicas': cfg.get('postgres.admin.replicas') or 2 + 'replicas': cfg.get('postgres.admin.replicas') or 2, + 'storageClass': cfg.get('nuvolaris.storageclass') } return data @@ -393,11 +394,14 @@ def get_value_from_config_map(namespace="nuvolaris", path='{.metadata.annotation def get_enable_pod_security(): """ Return true if there is the need to enable pod security context - for some specific pod. This is currently used for bitnami based images. + for some specific pod. This is currently used for bitnami based images + when using storage classes block based """ - runtime = cfg.get('nuvolaris.kube') - storage_provisioner = cfg.get('nuvolaris.provisioner') - return runtime in ["eks","gke","aks","generic"] or "rook" in storage_provisioner + #runtime = cfg.get('nuvolaris.kube') + #return runtime in ["eks","gke","aks","generic"] + storage_class = cfg.get('nuvolaris.storageclass') + return storage_class not in ['standard','local-path','microk8s-hostpath'] + def get_runtimes_json_from_config_map(namespace="nuvolaris", path='{.data.runtimes\.json}'): """ Return the configured runtimes.json from the config map cm/openwhisk-runtimes From acc6d2d70cff9bc97ceee1b0a11163d8e265e1cd Mon Sep 17 00:00:00 2001 From: Francesco Timperi Tiberi Date: Thu, 21 Sep 2023 19:58:58 +0100 Subject: [PATCH 3/3] chore: added extra resources for static testing in k3s saas --- nuvolaris/templates/content.html | 27 +++++ tests/k3s/whisk-saas.yaml | 173 +++++++++++++++++++++++++++++++ 2 files changed, 200 insertions(+) create mode 100644 nuvolaris/templates/content.html create mode 100644 tests/k3s/whisk-saas.yaml diff --git a/nuvolaris/templates/content.html b/nuvolaris/templates/content.html new file mode 100644 index 0000000..f4fc597 --- /dev/null +++ b/nuvolaris/templates/content.html @@ -0,0 +1,27 @@ + + + + Welcome to Nuvolaris Content Example + + +

This is another HTML page uploaded via upload action

+ + \ No newline at end of file diff --git a/tests/k3s/whisk-saas.yaml b/tests/k3s/whisk-saas.yaml new file mode 100644 index 0000000..f02d763 --- /dev/null +++ b/tests/k3s/whisk-saas.yaml @@ -0,0 +1,173 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +apiVersion: nuvolaris.org/v1 +kind: Whisk +metadata: + name: controller + namespace: nuvolaris +spec: + nuvolaris: + apihost: 146.148.119.191 + storageclass: rook-ceph-block + provisioner: rook-ceph.rbd.csi.ceph.com + components: + # start openwhisk controller + openwhisk: true + # start openwhisk invoker + invoker: false + # start couchdb + couchdb: true + # start kafka + kafka: false + # start mongodb + mongodb: true + # start redis + redis: true + # start cron based action parser + cron: true + # enable TLS + tls: false + # minio enabled or not + minio: true + # zookeeper enabled or not + zookeeper: false + # minio static enabled or not + static: true + # monitoring enabled or not + monitoring: false + # postgres enabled or not + postgres: true + openwhisk: + namespaces: + whisk-system: 789c46b1-71f6-4ed5-8c54-816aa4f8c502:abcfO3xZCLrMN6v2BKK1dXYFpXlPkccOFqm12CdAsMgRU4VrNZ9lyGVCGuMDGIwP + nuvolaris: cbd68075-dac2-475e-8c07-d62a30c7e683:123zO3xKCLrMN6v2BKK1dXYFpXlPkccOFqm12CdAsMgRU4VrNZ9lyGVCGuMDGIwP + couchdb: + host: couchdb + volume-size: 10 + admin: + user: whisk_admin + password: some_passw0rd + controller: + user: invoker_admin + password: s0meP@ass1 + invoker: + user: controller_admin + password: s0meP@ass2 + kafka: + host: kafka + volume-size: 10 + controller: + protocol: "http" + host : "controller" + port: "3233" + image: "ghcr.io/nuvolaris/openwhisk-controller" + tag: "0.3.0-morpheus.22122609" + invoker: + protocol: "http" + host : "invoker" + port: "8080" + image: "ghcr.io/nuvolaris/openwhisk-invoker" + tag: "0.3.0-morpheus.22122609" + scheduler: + schedule: "* * * * *" + tls: + acme-registered-email: francesco@nuvolaris.io + acme-server-url: https://acme-v02.api.letsencrypt.org/directory + zookeeper: + host: zookeeper + data-volume-size: 10 + log-volume-size: 5 + configs: + limits: + actions: + sequence-maxLength: 500 + invokes-perMinute: 9999 + invokes-concurrent: 2500 + triggers: + fires-perMinute: 5000 + memory: + limit-min: 128m + limit-std: 256m + limit-max: 2048m + concurrency: + limit-min: 1 + limit-std: 1 + limit-max: 1 + loadbalancer: + timeout-factor: 2 + blackbox-fraction: 25% + controller: + javaOpts: "-Xmx2048M" + loggingLevel: "INFO" + invoker: + javaOpts: "-Xmx8192M" + loggingLevel: "INFO" + containerPool: + userMemory: "51200m" + redis: + volume-size: 5 + default: + password: s0meP@ass3 + nuvolaris: + prefix: nuv + password: s0meP@ass3 + mongodb: + host: mongodb + volume-size: 10 + admin: + user: whisk_admin + password: 0therPa55 + nuvolaris: + user: nuvolaris + password: s0meP@ass3 + exposedExternally: False + useOperator: False + minio: + volume-size: 10 + admin: + user: minioadmin + password: minioadmin + nuvolaris: + user: nuvolaris + password: zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG + monitoring: + prometheus: + volume-size: 10 + alert-manager: + enabled: true + volume-size: 2 + slack: + enabled: true + default: true + slack_channel_name: '#monitoring-nuvolaris' + slack_api_url: ${SLACK_API_URL} + gmail: + enabled: true + default: false + from: ${ALERT_EMAIL_FROM} + to: ${ALERT_EMAIL_TO} + username: ${GMAIL_USERNAME} + password: ${GMAIL_PASSWORD} + postgres: + volume-size: 5 + replicas: 2 + admin: + password: 0therPa55 + replica-password: 0therPa55RR + nuvolaris: + password: s0meP@ass3 \ No newline at end of file