Google Git
Sign in
apache / openwhisk-deploy-openshift / HEAD / . / template.yml
blob: 74b306d7140b1e0c8ddb1dea03d216640a4ef457 [file] [log] [blame]
apiVersion: v1
kind: Template
metadata:
name: openwhisk-ephemeral
annotations:
openshift.io/display-name: Apache OpenWhisk (Ephemeral)
description: Apache OpenWhisk serverless platform, without persistent storage. You can leave all parameters blank and sensible defaults will be used.
iconClass: icon-apache
tags: serverless, openwhisk
openshift.io/long-description: This template provides a small OpenWhisk installation. Data is not stored on persistent storage, so any restart of the service will result in all data being lost.
openshift.io/provider-display-name: Red Hat, Inc.
openshift.io/documentation-url: https://github.com/projectodd/openwhisk-openshift/
openshift.io/support-url: https://github.com/projectodd/openwhisk-openshift/issues
message: "To get started download the `wsk` CLI from https://github.com/apache/incubator-openwhisk-cli/releases/\n\nYour OpenWhisk authentication token: ${WHISK_SYSTEM_AUTH}\n\nYour OpenWhisk api endpoint can be found in the console UI after closing the template wizard.\n\nConfigure your `wsk` client with `wsk property set --auth <your_auth> --apihost <your_apihost>`"
labels:
template: openwhisk-ephemeral-template
parameters:
- name: CONTROLLER_INSTANCES
description: The desired number of controllers
value: "1"
required: true
- name: CONTROLLER_MEMORY_REQUEST
description: The minimum container memory for each Controller
value: "512Mi"
required: true
- name: CONTROLLER_MEMORY_LIMIT
description: The maximum container memory for each Controller
value: "512Mi"
required: true
- name: CONTROLLER_JAVA_OPTS
description: JVM options to pass to the Controller - recommended to set at least Xmx here
value: "-Xmx256m"
required: true
- name: CONTROLLER_HA
description: Boolean denoting whether HA mode
value: "FALSE"
required: true
- name: CONTROLLER_LOCALBOOKKEEPING
description: Boolean denoting whether load balancer data is local or shared
value: "TRUE"
required: true
- name: CONTROLLER_INVOKER_BUSYTHRESHOLD
description: Value that controllers when the Controller(s) considers the Invoker(s) to be full. This should be less than or equal to INVOKER_MAX_CONTAINERS. Making them equal will give the highest function density but setting it a bit less than INVOKER_MAX_CONTAINERS can improve overall system throughput and reduce Invoker function container thrashing.
value: "8"
required: true
- name: CONTROLLER_INVOKER_BLACKBOXFRACTION
description: What percent of Invokers should be used for blackbox (user-provider container image) actions. At least one Invoker will be dedicated for blackbox actions as long as 2 or more Invokers are deployed no matter what percentage is set here.
value: "10%"
required: true
- name: AKKA_CLUSTER_SEED_NODES
description: Hostnames of akka seed nodes
value: "controller-0.controller:2551"
required: true
- name: INVOKER_INSTANCES
description: The desired number of invokers
value: "1"
required: true
- name: INVOKER_CPU_REQUEST
description: The minimum cpu cores for each Invoker
value: "500m"
required: true
- name: INVOKER_MEMORY_REQUEST
description: The minimum container memory for each Invoker
value: "1Gi"
required: true
- name: INVOKER_MEMORY_LIMIT
description: The maximum container memory for each Invoker
value: "1Gi"
required: true
- name: INVOKER_JAVA_OPTS
description: JVM options to pass to the Invoker - recommended to set at least Xmx here
value: "-Xmx512m"
required: true
- name: INVOKER_MAX_CONTAINERS
description: Maximum function containers per Invoker
value: "8"
required: true
- name : INVOKER_CONTAINER_TIMEOUT
description: Maximum time an idle function container should stick around before the Invoker deletes it. The longer the timeout, the longer functions stay warm. The shorter the timeout, the less resources consumed by idle function containers. Example values - "5 minutes", "30 seconds", etc.
value: "2 minutes"
required: true
- name: INVOKER_CONTAINER_PAUSE_TIMEOUT
description: Maximum time an idle function container should stick around before the Invoker marks it as paused. Example values - "5 seconds", "500 milliseconds", etc.
value: "5 seconds"
required: true
- name: INVOKER_CONTAINER_CONCURRENT_STARTS
description: Maximum number of action containers each Invoker will attempt to start at once. Raise or lower this number depending on your throughput requirements, cold start rate, number of Invokers you deploy, and how quickly your cluster can spin up new pods.
value: "10"
required: true
- name: INVOKER_LOGSTORE_PROVIDER
description: Apache OpenWhisk LogStoreProvider implementation. Setting this to whisk.core.containerpool.logging.LogDriverLogStoreProvider will increase throughput but users will have to find logs another way, like via Kibana.
value: "whisk.core.containerpool.logging.DockerToActivationLogStoreProvider"
required: true
- name: COUCHDB_INSTANCES
description: The desired number of CouchDB nodes
value: "1"
required: true
- name: COUCHDB_CPU_REQUEST
description: The minimum cpu cores for each CouchDB
value: "500m"
required: true
- name: COUCHDB_MEMORY_REQUEST
description: The minimum container memory for each CouchDB
value: "256Mi"
required: true
- name: COUCHDB_MEMORY_LIMIT
description: The maximum container memory for each CouchDB
value: "512Mi"
required: true
- name: COUCHDB_USER
description: CouchDB Username
generate: expression
from: "user[A-Z0-9]{3}"
required: true
- name: COUCHDB_PASSWORD
description: CouchDB Password
generate: expression
from: "[a-zA-Z0-9]{16}"
required: true
- name: COUCHDB_SECRET
description: CouchDB Replication Secret
generate: expression
from: "[a-zA-Z0-9]{16}"
required: true
- name: ZOOKEEPER_NODE_COUNT
description: Number of Zookeper cluster nodes which will be deployed (odd number of nodes is recomended)
displayName: Number of Zookeper cluster nodes (odd number of nodes is recomended)
required: true
value: "1"
- name: KAFKA_NODE_COUNT
description: Number of Kafka cluster nodes which will be deployed
displayName: Number of Kafka cluster nodes
required: true
value: "1"
- name: WHISK_SYSTEM_AUTH
description: OpenWhisk Auth token for whisk.system account
generate: expression
from: "789c46b1-71f6-4ed5-8c54-816aa4f8c502:[a-zA-Z0-9]{64}"
required: true
- name: WHISK_GUEST_AUTH
description: OpenWhisk Auth token for guest account
generate: expression
from: "23bc46b1-71f6-4ed5-8c54-816aa4f8c502:[a-zA-Z0-9]{64}"
required: true
- name: WHISK_ACTIONS_INVOKES_CONCURRENT
description: Default number of concurrenct actions per user
value: "30"
required: true
- name: WHISK_ACTIONS_INVOKES_CONCURRENT_IN_SYSTEM
description: Number of concurrent actions allowed across the entire system
value: "1000"
required: true
- name: WHISK_ACTIONS_INVOKES_PER_MINUTE
description: Default number of action invocations per minute per user
value: "60"
required: true
- name: WHISK_TRIGGERS_FIRES_PER_MINUTE
description: Default number of triggers that can fire per minute per user
value: "60"
required: true
- name: WHISK_DAYS_TO_KEEP_LOGS
description: Number of days to keep activation logs before pruning them from the database
value: "7"
required: true
- name: WHISK_DAYS_TO_KEEP_ACTIVATIONS
description: Number of days to keep activation records before pruning them from the database
value: "30"
required: true
- name: WHISK_ACTIONS_MEMORY_MAX
description: Maximum memory an action is allowed to request.
value: "1024 m"
required: true
- name: WHISK_ACTIONS_MEMORY_MIN
description: Minimum memory an action is allowed to request.
value: "128 m"
required: true
- name: WHISK_ACTIONS_MEMORY_STD
description: Default memory an action requests if unspecified.
value: "256 m"
required: true
- name: WHISK_KAFKA_REPLICATION_FACTOR
description: Replication factor for all OpenWhisk topics
value: "1"
required: true
- name: WHISK_KAFKA_TOPICS_COMPLETED_RETENTION_BYTES
description: Maximum bytes to retain for the completed activations topic for each Controller. Each kafka node will consume this many bytes times the number of Controllers just for the completed topics. So, if this is set to 1GB and you have 3 Controllers then expect up to 3GB of disk space used by the Controller topics.
value: "268435456"
required: true
- name: WHISK_KAFKA_TOPICS_INVOKER_RETENTION_BYTES
description: Maximum bytes to retain for each Invoker topic. Each Kafka node will consume this many bytes times the number of Invokers just for the Invoker topics. So, if this is set to 1GB and you have 10 Invokers then expect up to 10GB of disk space used by the Invoker topics.
value: "268435456"
required: true
- name: OPENWHISK_VERSION
description: The DockerHub tag for openwhisk/{controller,invoker}
value: "rhdemo-9717f07a"
required: true
- name: PROJECTODD_VERSION
description: The DockerHub tag for projectodd images
value: "8ee5579"
required: true
- name: STRIMZI_VERSION
description: The DockerHub tag for strimzi images
value: "0.3.1"
required: true
objects:
- apiVersion: v1
kind: ConfigMap
metadata:
name: whisk.config
data:
whisk_system_namespace: /whisk.system
whisk_version_date: 2018-01-01T00:00:00Z
whisk_version_name: OpenWhisk
whisk_version_tag: latest
- apiVersion: v1
kind: ConfigMap
metadata:
creationTimestamp: null
name: whisk.limits
data:
actions_invokes_concurrent: "${WHISK_ACTIONS_INVOKES_CONCURRENT}"
actions_invokes_concurrentInSystem: "${WHISK_ACTIONS_INVOKES_CONCURRENT_IN_SYSTEM}"
actions_invokes_perMinute: "${WHISK_ACTIONS_INVOKES_PER_MINUTE}"
actions_sequence_maxLength: "50"
triggers_fires_perMinute: "${WHISK_TRIGGERS_FIRES_PER_MINUTE}"
- apiVersion: v1
kind: ConfigMap
metadata:
name: whisk.runtimes
data:
runtimes: |
{
"bypassPullForLocalImages": false,
"defaultImagePrefix": "openwhisk",
"defaultImageTag": "latest",
"runtimes": {
"nodejs": [
{
"kind": "nodejs",
"image": {
"name": "action-nodejs-6"
},
"deprecated": true
},
{
"kind": "nodejs:6",
"default": true,
"image": {
"name": "action-nodejs-6"
},
"deprecated": false
},
{
"kind": "nodejs:8",
"default": false,
"image": {
"name": "action-nodejs-8"
},
"deprecated": false
}
],
"python": [
{
"kind": "python",
"image": {
"name": "action-python-2"
},
"deprecated": false
},
{
"kind": "python:2",
"default": true,
"image": {
"name": "action-python-2"
},
"deprecated": false
},
{
"kind": "python:3",
"image": {
"name": "action-python-3"
},
"deprecated": false
}
],
"swift": [
{
"kind": "swift",
"image": {
"name": "action-swift-3"
},
"deprecated": true
},
{
"kind": "swift:3",
"image": {
"name": "action-swift-3"
},
"deprecated": true
},
{
"kind": "swift:3.1.1",
"default": true,
"image": {
"name": "action-swift-3"
},
"deprecated": false
}
],
"java": [
{
"kind": "java",
"default": true,
"image": {
"name": "action-java-8"
},
"deprecated": false,
"attached": {
"attachmentName": "jarfile",
"attachmentType": "application/java-archive"
},
"sentinelledLogs": false,
"requireMain": true
}
],
"php": [
{
"kind": "php:7.1",
"default": true,
"deprecated": false,
"image": {
"name": "action-php-7"
}
}
]
},
"blackboxes": [
{
"name": "dockerskeleton"
}
]
}
- apiVersion: v1
kind: ConfigMap
metadata:
name: strimzi-openwhisk
labels:
strimzi.io/type: kafka
strimzi.io/kind: cluster
data:
kafka-nodes: "${KAFKA_NODE_COUNT}"
kafka-image: "strimzi/kafka:${STRIMZI_VERSION}"
kafka-healthcheck-delay: "60"
kafka-healthcheck-timeout: "5"
zookeeper-nodes: "${ZOOKEEPER_NODE_COUNT}"
zookeeper-image: "strimzi/zookeeper:${STRIMZI_VERSION}"
zookeeper-healthcheck-delay: "30"
zookeeper-healthcheck-timeout: "5"
KAFKA_DEFAULT_REPLICATION_FACTOR: "${KAFKA_NODE_COUNT}"
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: "${KAFKA_NODE_COUNT}"
KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: "${KAFKA_NODE_COUNT}"
kafka-storage: |-
{ "type": "ephemeral" }
zookeeper-storage: |-
{ "type": "ephemeral" }
- apiVersion: v1
kind: Service
metadata:
name: controller
labels:
name: controller
spec:
selector:
name: controller
clusterIP: None
ports:
- port: 8080
targetPort: 8080
name: http
- apiVersion: v1
kind: ConfigMap
metadata:
name: controller.config
data:
controller_opts: "-Dwhisk.spi.LoadBalancerProvider=whisk.core.loadBalancer.ShardingContainerPoolBalancer"
java_opts: "${CONTROLLER_JAVA_OPTS}"
- apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: controller
annotations:
template.alpha.openshift.io/wait-for-ready: "true"
labels:
name: controller
spec:
replicas: ${CONTROLLER_INSTANCES}
serviceName: "controller"
template:
metadata:
labels:
name: controller
spec:
restartPolicy: Always
containers:
- name: controller
imagePullPolicy: IfNotPresent
image: projectodd/controller:${OPENWHISK_VERSION}
command: ["/bin/bash", "-c", "COMPONENT_NAME=$(hostname | cut -d'-' -f2) CONFIG_akka_remote_netty_tcp_hostname=$(hostname).controller /init.sh `hostname | cut -d'-' -f2`"]
ports:
- name: controller
containerPort: 8080
- name: akka
containerPort: 2551
resources:
requests:
memory: ${CONTROLLER_MEMORY_REQUEST}
limits:
memory: ${CONTROLLER_MEMORY_LIMIT}
env:
# Properties for controller HA configuration
# Must change these if changing number of replicas
- name: "CONTROLLER_LOCALBOOKKEEPING"
value: ${CONTROLLER_LOCALBOOKKEEPING}
- name: "CONTROLLER_HA"
value: ${CONTROLLER_HA}
- name: "CONTROLLER_INSTANCES"
value: ${CONTROLLER_INSTANCES}
- name: "AKKA_CLUSTER_SEED_NODES"
value: ${AKKA_CLUSTER_SEED_NODES}
- name: "CONFIG_akka_actor_provider"
value: "cluster"
- name: "CONFIG_akka_remote_netty_tcp_bindPort"
value: "2551"
- name: "CONFIG_akka_remote_netty_tcp_port"
value: "2551"
- name: "CONFIG_whisk_loadbalancer_invokerBusyThreshold"
value: "${CONTROLLER_INVOKER_BUSYTHRESHOLD}"
- name: "CONFIG_whisk_loadbalancer_blackboxFraction"
value: "${CONTROLLER_INVOKER_BLACKBOXFRACTION}"
- name: "CONFIG_whisk_memory_max"
value: "${WHISK_ACTIONS_MEMORY_MAX}"
- name: "CONFIG_whisk_memory_min"
value: "${WHISK_ACTIONS_MEMORY_MIN}"
- name: "CONFIG_whisk_memory_std"
value: "${WHISK_ACTIONS_MEMORY_STD}"
- name: "CONFIG_whisk_kafka_replicationFactor"
value: "${WHISK_KAFKA_REPLICATION_FACTOR}"
- name: "CONFIG_whisk_kafka_topics_completed_retentionBytes"
value: "${WHISK_KAFKA_TOPICS_COMPLETED_RETENTION_BYTES}"
# extra JVM arguments
- name: "JAVA_OPTS"
valueFrom:
configMapKeyRef:
name: controller.config
key: java_opts
# extra controller arguments
- name: "CONTROLLER_OPTS"
valueFrom:
configMapKeyRef:
name: controller.config
key: controller_opts
# action runtimes
- name: "RUNTIMES_MANIFEST"
valueFrom:
configMapKeyRef:
name: whisk.runtimes
key: runtimes
# deployment version information
- name: "WHISK_VERSION_NAME"
valueFrom:
configMapKeyRef:
name: whisk.config
key: whisk_version_name
- name: "WHISK_VERSION_DATE"
valueFrom:
configMapKeyRef:
name: whisk.config
key: whisk_version_date
- name: "WHISK_VERSION_BUILDNO"
valueFrom:
configMapKeyRef:
name: whisk.config
key: whisk_version_tag
# specify limits
- name: "LIMITS_ACTIONS_INVOKES_PERMINUTE"
valueFrom:
configMapKeyRef:
name: whisk.limits
key: actions_invokes_perMinute
- name: "LIMITS_ACTIONS_INVOKES_CONCURRENT"
valueFrom:
configMapKeyRef:
name: whisk.limits
key: actions_invokes_concurrent
- name: "LIMITS_ACTIONS_INVOKES_CONCURRENTINSYSTEM"
valueFrom:
configMapKeyRef:
name: whisk.limits
key: actions_invokes_concurrentInSystem
- name: "LIMITS_TRIGGERS_FIRES_PERMINUTE"
valueFrom:
configMapKeyRef:
name: whisk.limits
key: triggers_fires_perMinute
- name: "LIMITS_ACTIONS_SEQUENCE_MAXLENGTH"
valueFrom:
configMapKeyRef:
name: whisk.limits
key: actions_sequence_maxLength
# properties for Kafka connection
- name: "KAFKA_HOSTS"
value: "$(STRIMZI_OPENWHISK_KAFKA_SERVICE_HOST):$(STRIMZI_OPENWHISK_KAFKA_SERVICE_PORT_CLIENTS)"
# properties for DB connection
- name: "CONFIG_whisk_couchdb_username"
valueFrom:
secretKeyRef:
name: db.auth
key: db_username
- name: "CONFIG_whisk_couchdb_password"
valueFrom:
secretKeyRef:
name: db.auth
key: db_password
- name: "CONFIG_whisk_couchdb_protocol"
valueFrom:
configMapKeyRef:
name: db.config
key: db_protocol
- name: "CONFIG_whisk_couchdb_host"
value: "$(COUCHDB_SERVICE_HOST)"
- name: "CONFIG_whisk_couchdb_port"
value: "$(COUCHDB_SERVICE_PORT_COUCHDB)"
- name: "CONFIG_whisk_couchdb_provider"
valueFrom:
configMapKeyRef:
name: db.config
key: db_provider
- name: "CONFIG_whisk_couchdb_databases_WhiskActivation"
valueFrom:
configMapKeyRef:
name: db.config
key: db_whisk_activations
- name: "CONFIG_whisk_couchdb_databases_WhiskEntity"
valueFrom:
configMapKeyRef:
name: db.config
key: db_whisk_actions
- name: "CONFIG_whisk_couchdb_databases_WhiskAuth"
valueFrom:
configMapKeyRef:
name: db.config
key: db_whisk_auths
# must match port used in livenessProbe below
- name: "PORT"
value: "8080"
livenessProbe:
httpGet:
path: "/ping"
port: 8080
scheme: "HTTP"
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 10
failureThreshold: 5
readinessProbe:
httpGet:
path: "/ping"
port: 8080
scheme: "HTTP"
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 10
failureThreshold: 5
initContainers:
- name: wait-for-services
image: busybox
command: ['sh', '-cu', 'until nslookup couchdb && nslookup strimzi-openwhisk-kafka; do echo waiting for services; sleep 1; done']
- name: wait-for-couchdb
image: busybox
command: ['sh', '-c', 'until wget -T 5 --spider http://${COUCHDB_SERVICE_HOST}:${COUCHDB_SERVICE_PORT}/${DB_WHISK_ACTIVATIONS}; do echo waiting for couchdb; sleep 2; done;']
env:
- name: "DB_WHISK_ACTIVATIONS"
valueFrom:
configMapKeyRef:
name: db.config
key: db_whisk_activations
- apiVersion: batch/v1
kind: Job
metadata:
name: install-catalog
spec:
activeDeadlineSeconds: 600
template:
metadata:
name: install-catalog
spec:
containers:
- name: catalog
image: projectodd/whisk_catalog:${PROJECTODD_VERSION}
env:
- name: "WHISK_AUTH"
valueFrom:
secretKeyRef:
name: whisk.auth
key: system
- name: "WHISK_API_HOST_NAME"
value: "http://controller:8080"
initContainers:
- name: wait-for-controller
image: busybox
command: ['sh', '-c', 'until wget -T 5 --spider http://controller:8080/ping; do echo waiting for controller; sleep 2; done;']
restartPolicy: Never
- apiVersion: v1
kind: Service
metadata:
name: couchdb
labels:
name: couchdb
spec:
selector:
name: couchdb
ports:
- port: 5984
targetPort: 5984
name: couchdb
- apiVersion: v1
kind: Service
metadata:
name: couchdb-headless
labels:
name: couchdb-headless
spec:
selector:
name: couchdb
ports:
- name: couchdb
port: 5984
clusterIP: None
- apiVersion: v1
kind: ConfigMap
metadata:
name: db.config
data:
db_prefix: test_
db_protocol: http
db_provider: CouchDB
db_whisk_actions: test_whisks
db_whisk_activations: test_activations
db_whisk_auths: test_subjects
db_days_to_keep_logs: "${WHISK_DAYS_TO_KEEP_LOGS}"
db_days_to_keep_activations: "${WHISK_DAYS_TO_KEEP_ACTIVATIONS}"
- apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: couchdb
labels:
name: couchdb
spec:
replicas: ${COUCHDB_INSTANCES}
serviceName: couchdb-headless
template:
metadata:
labels:
name: couchdb
spec:
restartPolicy: Always
volumes:
- name: couchdb-data
emptyDir: {}
containers:
- name: couchdb
imagePullPolicy: IfNotPresent
image: projectodd/whisk_couchdb:${PROJECTODD_VERSION}
command: ["/init.sh"]
ports:
- name: couchdb
containerPort: 5984
- name: epmd
containerPort: 4369
- containerPort: 9100
resources:
requests:
cpu: "${COUCHDB_CPU_REQUEST}"
memory: ${COUCHDB_MEMORY_REQUEST}
limits:
memory: ${COUCHDB_MEMORY_LIMIT}
env:
- name: "DB_PREFIX"
valueFrom:
configMapKeyRef:
name: db.config
key: db_prefix
- name: "DB_HOST"
value: "127.0.0.1"
- name: "DB_PORT"
value: "$(COUCHDB_SERVICE_PORT_COUCHDB)"
- name: "COUCHDB_USER"
valueFrom:
secretKeyRef:
name: db.auth
key: db_username
- name: "COUCHDB_PASSWORD"
valueFrom:
secretKeyRef:
name: db.auth
key: db_password
- name: "COUCHDB_SECRET"
valueFrom:
secretKeyRef:
name: db.auth
key: db_secret
- name: "NODENAME_HOSTNAME"
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: "NODENAME_SUBDOMAIN"
value: "couchdb-headless"
- name: "COUCHDB_NODE_COUNT"
value: "${COUCHDB_INSTANCES}"
- name: "AUTH_WHISK_SYSTEM"
valueFrom:
secretKeyRef:
name: whisk.auth
key: system
- name: "AUTH_GUEST"
valueFrom:
secretKeyRef:
name: whisk.auth
key: guest
volumeMounts:
- name: couchdb-data
mountPath: "/opt/couchdb/data"
readinessProbe:
httpGet:
port: 5984
path: "/_utils/"
initialDelaySeconds: 10
periodSeconds: 15
failureThreshold: 10
timeoutSeconds: 3
- apiVersion: v1
kind: ConfigMap
metadata:
name: invoker.config
data:
docker_image_prefix: "projectodd"
docker_image_tag: ${PROJECTODD_VERSION}
docker_registry: ""
invoker_container_dns: ""
invoker_container_network: bridge
invoker_logs_dir: ""
invoker_opts: "-Dwhisk.spi.ContainerFactoryProvider=whisk.core.containerpool.kubernetes.KubernetesContainerFactoryProvider"
invoker_use_runc: "false"
java_opts: "${INVOKER_JAVA_OPTS}"
- apiVersion: v1
kind: ConfigMap
metadata:
name: invoker
data:
init: |
export COMPONENT_NAME=$(hostname | cut -d'-' -f2)
# Dynamically determine API gateway host
export TOKEN="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"
export NAMESPACE="$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)"
export APIGW_HOST=$(curl -s --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H "Authorization: Bearer ${TOKEN}" "https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}/oapi/v1/namespaces/${NAMESPACE}/routes/openwhisk?pretty=true" | grep '"host":' | head -n 1 | awk -F '"' '{print $4}')
export APIGW_HOST_V2=${APIGW_HOST}
export WHISK_API_HOST_NAME=${APIGW_HOST}
exec /init.sh
- apiVersion: v1
kind: ServiceAccount
metadata:
name: openwhisk
- apiVersion: v1
kind: RoleBinding
metadata:
name: openwhisk
roleRef:
name: edit
subjects:
- kind: ServiceAccount
name: openwhisk
- apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: invoker
labels:
name: invoker
spec:
replicas: ${INVOKER_INSTANCES}
serviceName: "invoker"
template:
metadata:
labels:
name: invoker
spec:
restartPolicy: Always
volumes:
- name: invoker-config
configMap:
name: invoker
serviceAccountName: openwhisk
initContainers:
- name: wait-for-services
image: busybox
command: ['sh', '-cu', 'until nslookup couchdb && nslookup strimzi-openwhisk-zookeeper && nslookup strimzi-openwhisk-kafka; do echo waiting for services; sleep 1; done']
- name: wait-for-controller
image: busybox
command: ['sh', '-c', 'until wget -T 5 --spider http://controller:8080/ping; do echo waiting for controller; sleep 2; done;']
containers:
- name: invoker
imagePullPolicy: IfNotPresent
image: projectodd/invoker:${OPENWHISK_VERSION}
command: [ "/bin/bash", "-o", "allexport", "/invoker_config/init" ]
ports:
- name: invoker
containerPort: 8080
resources:
requests:
cpu: "${INVOKER_CPU_REQUEST}"
memory: ${INVOKER_MEMORY_REQUEST}
limits:
memory: ${INVOKER_MEMORY_LIMIT}
volumeMounts:
- name: invoker-config
mountPath: "/invoker_config"
env:
- name: "PORT"
value: "8080"
# Generate stable invoker names from the StatefulSet names
- name: "INVOKER_NAME"
valueFrom:
fieldRef:
fieldPath: metadata.name
# Docker-related options
- name: "INVOKER_CONTAINER_NETWORK"
valueFrom:
configMapKeyRef:
name: invoker.config
key: invoker_container_network
- name: "INVOKER_CONTAINER_DNS"
valueFrom:
configMapKeyRef:
name: invoker.config
key: invoker_container_dns
- name: "INVOKER_USE_RUNC"
valueFrom:
configMapKeyRef:
name: invoker.config
key: invoker_use_runc
- name: "INVOKER_CORESHARE"
value: "1"
- name: "INVOKER_NUMCORE"
value: "${INVOKER_MAX_CONTAINERS}"
- name: "CONFIG_whisk_containerProxy_timeouts_idleContainer"
value: "${INVOKER_CONTAINER_TIMEOUT}"
- name: "CONFIG_whisk_containerProxy_timeouts_pauseGrace"
value: "${INVOKER_CONTAINER_PAUSE_TIMEOUT}"
- name: "CONFIG_whisk_kubernetes_concurrentStarts"
value: "${INVOKER_CONTAINER_CONCURRENT_STARTS}"
- name: "CONFIG_whisk_memory_max"
value: "${WHISK_ACTIONS_MEMORY_MAX}"
- name: "CONFIG_whisk_memory_min"
value: "${WHISK_ACTIONS_MEMORY_MIN}"
- name: "CONFIG_whisk_memory_std"
value: "${WHISK_ACTIONS_MEMORY_STD}"
- name: "CONFIG_whisk_kafka_replicationFactor"
value: "${WHISK_KAFKA_REPLICATION_FACTOR}"
- name: "CONFIG_whisk_kafka_topics_invoker_retentionBytes"
value: "${WHISK_KAFKA_TOPICS_INVOKER_RETENTION_BYTES}"
- name: "DOCKER_IMAGE_PREFIX"
valueFrom:
configMapKeyRef:
name: invoker.config
key: docker_image_prefix
- name: "DOCKER_IMAGE_TAG"
valueFrom:
configMapKeyRef:
name: invoker.config
key: docker_image_tag
- name: "DOCKER_REGISTRY"
valueFrom:
configMapKeyRef:
name: invoker.config
key: docker_registry
# action runtimes
- name: "RUNTIMES_MANIFEST"
valueFrom:
configMapKeyRef:
name: whisk.runtimes
key: runtimes
# extra JVM arguments
- name: "JAVA_OPTS"
valueFrom:
configMapKeyRef:
name: invoker.config
key: java_opts
# extra Invoker arguments
- name: "INVOKER_OPTS"
valueFrom:
configMapKeyRef:
name: invoker.config
key: invoker_opts
# Recommend using "" because logs should go to stdout on kube
- name: "WHISK_LOGS_DIR"
valueFrom:
configMapKeyRef:
name: invoker.config
key: invoker_logs_dir
# properties for Kafka connection
- name: "KAFKA_HOSTS"
value: "$(STRIMZI_OPENWHISK_KAFKA_SERVICE_HOST):$(STRIMZI_OPENWHISK_KAFKA_SERVICE_PORT_CLIENTS)"
# properties for zookeeper connection
- name: "ZOOKEEPER_HOSTS"
value: "$(STRIMZI_OPENWHISK_ZOOKEEPER_SERVICE_HOST):$(STRIMZI_OPENWHISK_ZOOKEEPER_SERVICE_PORT_CLIENTS)"
# properties for DB connection
- name: "CONFIG_whisk_couchdb_username"
valueFrom:
secretKeyRef:
name: db.auth
key: db_username
- name: "CONFIG_whisk_couchdb_password"
valueFrom:
secretKeyRef:
name: db.auth
key: db_password
- name: "CONFIG_whisk_couchdb_protocol"
valueFrom:
configMapKeyRef:
name: db.config
key: db_protocol
- name: "CONFIG_whisk_couchdb_host"
value: "$(COUCHDB_SERVICE_HOST)"
- name: "CONFIG_whisk_couchdb_port"
value: "$(COUCHDB_SERVICE_PORT_COUCHDB)"
- name: "CONFIG_whisk_couchdb_provider"
valueFrom:
configMapKeyRef:
name: db.config
key: db_provider
- name: "CONFIG_whisk_couchdb_databases_WhiskActivation"
valueFrom:
configMapKeyRef:
name: db.config
key: db_whisk_activations
- name: "CONFIG_whisk_couchdb_databases_WhiskEntity"
valueFrom:
configMapKeyRef:
name: db.config
key: db_whisk_actions
- name: "CONFIG_whisk_couchdb_databases_WhiskAuth"
valueFrom:
configMapKeyRef:
name: db.config
key: db_whisk_auths
- name: CONFIG_whisk_kubernetes_namespace
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# Increase Kube API timeouts until we handle timeouts nicer
- name: "CONFIG_whisk_kubernetes_timeouts_run"
value: "10 minutes"
- name: "CONFIG_whisk_kubernetes_timeouts_rm"
value: "10 minutes"
- name: "CONFIG_whisk_kubernetes_timeouts_logs"
value: "10 minutes"
- name: "CONFIG_whisk_spi_LogStoreProvider"
value: "${INVOKER_LOGSTORE_PROVIDER}"
- apiVersion: batch/v1
kind: Job
metadata:
name: preload-openwhisk-runtimes
labels:
name: preload-openwhisk-runtimes
spec:
completions: 1
serviceAccountName: openwhisk
template:
metadata:
labels:
name: preload-openwhisk-runtimes
spec:
restartPolicy: Never
initContainers:
- name: preload-openwhisk-nodejs6
image: projectodd/action-nodejs-6:${PROJECTODD_VERSION}
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-c", "echo", "success"]
- name: preload-openwhisk-java8
image: projectodd/action-java-8:${PROJECTODD_VERSION}
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-c", "echo", "success"]
- name: preload-openwhisk-python3
image: projectodd/action-python-3:${PROJECTODD_VERSION}
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-c", "echo", "success"]
- name: preload-openwhisk-python2
image: projectodd/action-python-2:${PROJECTODD_VERSION}
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-c", "echo", "success"]
- name: preload-openwhisk-php7
image: projectodd/action-php-7:${PROJECTODD_VERSION}
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-c", "echo", "success"]
containers:
- name: preload-openwhisk-nodejs8
image: projectodd/action-nodejs-8:${PROJECTODD_VERSION}
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-c", "echo", "success"]
- apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
name: nginx
spec:
type: NodePort
selector:
name: nginx
ports:
- port: 80
targetPort: 8080
name: http
- port: 8443
targetPort: 8443
name: https-admin
- apiVersion: v1
kind: Route
metadata:
name: openwhisk
annotations:
template.openshift.io/expose-apihost: "{.spec.host}"
labels:
name: nginx
spec:
port:
targetPort: http
to:
kind: Service
name: nginx
weight: 100
wildcardPolicy: None
tls:
termination: edge
insecureEdgeTerminationPolicy: Redirect
- apiVersion: v1
kind: ConfigMap
metadata:
name: nginx
data:
init: |
cp /nginx_config/nginx.conf /tmp/nginx.conf
sed -i "s/<kubernetes_service_host>/$(grep nameserver /etc/resolv.conf | head -1 | awk '{print $2}')/" /tmp/nginx.conf
sed -i "s/<kubernetes_namespace>/${KUBERNETES_NAMESPACE}/" /tmp/nginx.conf
exec nginx -c /tmp/nginx.conf -g "daemon off;"
nginx.conf: |
worker_rlimit_nofile 4096;
events {
worker_connections 4096;
}
http {
client_max_body_size 50M;
rewrite_log on;
log_format combined-upstream '$remote_addr - $remote_user [$time_local] '
'$request $status $body_bytes_sent '
'$http_referer $http_user_agent $upstream_addr';
access_log /logs/nginx_access.log combined-upstream;
error_log /logs/nginx_error.log;
proxy_http_version 1.1;
proxy_set_header Connection "";
server {
listen 8080 default;
# Make sure nginx dynamically resolves dns entries
# instead of resolving once and caching that result
# forever
resolver <kubernetes_service_host>;
set $controller controller.<kubernetes_namespace>.svc.cluster.local;
# match namespace, note while OpenWhisk allows a richer character set for a
# namespace, not all those characters are permitted in the (sub)domain name;
# if namespace does not match, no vanity URL rewriting takes place.
server_name ~^(?<namespace>[0-9a-zA-Z-]+)\.localhost$;
# proxy to the web action path
location / {
if ($namespace) {
rewrite /(.*) /api/v1/web/${namespace}/$1 break;
}
proxy_pass http://$controller:8080;
proxy_read_timeout 75s; # 70+5 additional seconds to allow controller to terminate request
}
# proxy to 'public/html' web action by convention
location = / {
if ($namespace) {
rewrite ^ /api/v1/web/${namespace}/public/index.html break;
}
proxy_pass http://$controller:8080;
proxy_read_timeout 75s; # 70+5 additional seconds to allow controller to terminate request
}
location /blackbox.tar.gz {
return 301 https://github.com/apache/incubator-openwhisk-runtime-docker/releases/download/sdk%400.1.0/blackbox-0.1.0.tar.gz;
}
# leaving this for a while for clients out there to update to the new endpoint
location /blackbox-0.1.0.tar.gz {
return 301 /blackbox.tar.gz;
}
location /OpenWhiskIOSStarterApp.zip {
return 301 https://github.com/openwhisk/openwhisk-client-swift/releases/download/0.2.3/starterapp-0.2.3.zip;
}
# redirect requests for specific binaries to the matching one from the latest openwhisk-cli release.
location /cli/go/download/linux/amd64 {
return 301 https://github.com/projectodd/openwhisk-openshift/releases/download/latest/OpenWhisk_CLI-latest-linux-amd64.tgz;
}
location /cli/go/download/linux/386 {
return 301 https://github.com/projectodd/openwhisk-openshift/releases/download/latest/OpenWhisk_CLI-latest-linux-386.tgz;
}
location /cli/go/download/mac/amd64 {
return 301 https://github.com/projectodd/openwhisk-openshift/releases/download/latest/OpenWhisk_CLI-latest-mac-amd64.zip;
}
location /cli/go/download/mac/386 {
return 301 https://github.com/projectodd/openwhisk-openshift/releases/download/latest/OpenWhisk_CLI-latest-mac-386.zip;
}
location /cli/go/download/windows/amd64 {
return 301 https://github.com/projectodd/openwhisk-openshift/releases/download/latest/OpenWhisk_CLI-latest-windows-amd64.zip;
}
location /cli/go/download/windows/386 {
return 301 https://github.com/projectodd/openwhisk-openshift/releases/download/latest/OpenWhisk_CLI-latest-windows-386.zip;
}
# redirect top-level cli downloads to the latest openwhisk-cli release.
location /cli/go/download {
return 301 https://github.com/projectodd/openwhisk-openshift/releases/latest;
}
}
}
- apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx
annotations:
template.alpha.openshift.io/wait-for-ready: "true"
labels:
name: nginx
spec:
replicas: 1
template:
metadata:
labels:
name: nginx
spec:
restartPolicy: Always
volumes:
- name: nginx-conf
configMap:
name: nginx
- name: logs
emptyDir: {}
containers:
- name: nginx
imagePullPolicy: IfNotPresent
# Image from Mar 22nd
image: centos/nginx-112-centos7@sha256:42330f7f29ba1ad67819f4ff3ae2472f62de13a827a74736a5098728462212e7
command: [ "/bin/bash", "-o", "allexport", "/nginx_config/init" ]
env:
- name: KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 8080
- name: https-admin
containerPort: 8443
volumeMounts:
- name: nginx-conf
mountPath: "/nginx_config"
- name: logs
mountPath: "/logs"
initContainers:
- name: wait-for-controller
image: busybox
command: ['sh', '-c', 'until wget -T 5 --spider http://controller:8080/ping; do echo waiting for controller; sleep 2; done;']
- apiVersion: v1
kind: Secret
metadata:
name: whisk.auth
annotations:
template.openshift.io/expose-auth: "{.data['system']}"
stringData:
guest: "${WHISK_GUEST_AUTH}"
system: "${WHISK_SYSTEM_AUTH}"
- apiVersion: v1
kind: Secret
metadata:
name: db.auth
stringData:
db_username: "${COUCHDB_USER}"
db_password: "${COUCHDB_PASSWORD}"
db_secret: "${COUCHDB_SECRET}"
- apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: strimzi-cluster-controller
spec:
replicas: 1
template:
metadata:
labels:
name: strimzi-cluster-controller
spec:
serviceAccountName: openwhisk
containers:
- name: strimzi-cluster-controller
image: strimzi/cluster-controller:${STRIMZI_VERSION}
env:
- name: STRIMZI_CONFIGMAP_LABELS
value: "strimzi.io/kind=cluster"
- name: STRIMZI_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: STRIMZI_OPERATION_TIMEOUT_MS
value: "600000"
livenessProbe:
httpGet:
path: /healthy
port: 8080
initialDelaySeconds: 10
periodSeconds: 30
readinessProbe:
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 10
periodSeconds: 30
initContainers:
- name: preload-strimzi-zookeeper
image: strimzi/zookeeper:${STRIMZI_VERSION}
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-c", "echo", "success"]
- name: preload-strimzi-kafka
image: strimzi/kafka:${STRIMZI_VERSION}
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-c", "echo", "success"]
- apiVersion: v1
kind: ConfigMap
metadata:
name: alarmprovider
data:
PORT: "8080"
DB_PREFIX: "whisk_alarms_"
CONTROLLER_HOST: "controller"
CONTROLLER_PORT: "8080"
env: |
export TOKEN="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"
export NAMESPACE="$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)"
export ROUTER_HOST=$(curl -s --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H "Authorization: Bearer ${TOKEN}" "https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}/oapi/v1/namespaces/${NAMESPACE}/routes/openwhisk?pretty=true" | grep '"host":' | head -n 1 | awk -F '"' '{print $4}')
- apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: alarmprovider
labels:
name: alarmprovider
spec:
replicas: 1
template:
metadata:
labels:
name: alarmprovider
spec:
restartPolicy: Always
serviceAccountName: openwhisk
volumes:
- name: alarmprovider-config
configMap:
name: alarmprovider
containers:
- name: alarmprovider
imagePullPolicy: IfNotPresent
image: openwhisk/alarmprovider:1.9.0
command: [ "/bin/bash", "-c", "source /alarmprovider_config/env; node /alarmsTrigger/app.js" ]
envFrom:
- configMapRef:
name: alarmprovider
env:
- name: "DB_HOST"
value: "$(COUCHDB_SERVICE_HOST):$(COUCHDB_SERVICE_PORT_COUCHDB)"
- name: "DB_PROTOCOL"
valueFrom:
configMapKeyRef:
name: db.config
key: db_protocol
- name: "DB_USERNAME"
valueFrom:
secretKeyRef:
name: db.auth
key: db_username
- name: "DB_PASSWORD"
valueFrom:
secretKeyRef:
name: db.auth
key: db_password
volumeMounts:
- name: alarmprovider-config
mountPath: "/alarmprovider_config"
initContainers:
- name: wait-for-couchdb
image: busybox
command: ['sh', '-cu', 'echo "$COUCHDB_SERVICE_HOST"']
- name: install-alarms-catalog
imagePullPolicy: IfNotPresent
image: projectodd/whisk_alarms:${PROJECTODD_VERSION}
envFrom:
- configMapRef:
name: alarmprovider
env:
- name: "DB_HOST"
value: "$(COUCHDB_SERVICE_HOST):$(COUCHDB_SERVICE_PORT_COUCHDB)"
- name: "DB_PROTOCOL"
valueFrom:
configMapKeyRef:
name: db.config
key: db_protocol
- name: "AUTH_WHISK_SYSTEM"
valueFrom:
secretKeyRef:
name: whisk.auth
key: system
volumeMounts:
- name: alarmprovider-config
mountPath: "/alarmprovider_config"
- apiVersion: batch/v2alpha1
kind: CronJob
metadata:
name: refresh-activations
labels:
name: refresh-activations
spec:
schedule: "*/5 * * * *"
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
jobTemplate:
spec:
template:
metadata:
labels:
parent: "cronjob-refresh-activations"
spec:
serviceAccountName: openwhisk
restartPolicy: Never
containers:
- name: refresh-activations
image: projectodd/whisk_alarms:${PROJECTODD_VERSION}
command: ["/bin/bash", "-c", "/openwhisk/bin/wsk --auth $AUTH_GUEST --apihost http://controller:8080 -i activation list"]
env:
- name: "AUTH_GUEST"
valueFrom:
secretKeyRef:
name: whisk.auth
key: guest
initContainers:
- name: wait-for-controller
image: busybox
command: ['sh', '-c', 'until wget -T 5 --spider http://controller:8080/ping; do echo waiting for controller; sleep 2; done;']
restartPolicy: Never
- apiVersion: batch/v2alpha1
kind: CronJob
metadata:
name: prune-activations
labels:
name: prune-activations
spec:
schedule: "0 0 * * *"
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
jobTemplate:
spec:
template:
metadata:
labels:
parent: "cronjob-prune-activations"
spec:
restartPolicy: Never
containers:
- name: prune-activations
image: projectodd/whisk_couchdb:${PROJECTODD_VERSION}
command: ["/bin/bash", "-c", "set -x; curl -H \"Content-Type: application/json\" -X PUT -d \"100\" \"http://$DB_USERNAME:$DB_PASSWORD@$COUCHDB_SERVICE_HOST:$COUCHDB_SERVICE_PORT_COUCHDB/$DB_ACTIONS/_revs_limit\"; curl -H \"Content-Type: application/json\" -X PUT -d \"5\" \"http://$DB_USERNAME:$DB_PASSWORD@$COUCHDB_SERVICE_HOST:$COUCHDB_SERVICE_PORT_COUCHDB/$DB_ACTIVATIONS/_revs_limit\"; /openwhisk/tools/db/deleteLogsFromActivations.py --dbUrl http://$DB_USERNAME:$DB_PASSWORD@$COUCHDB_SERVICE_HOST:$COUCHDB_SERVICE_PORT_COUCHDB --dbName $DB_ACTIVATIONS --days $DB_DAYS_TO_KEEP_LOGS; /openwhisk/tools/db/cleanUpActivations.py --dbUrl http://$DB_USERNAME:$DB_PASSWORD@$COUCHDB_SERVICE_HOST:$COUCHDB_SERVICE_PORT_COUCHDB --dbName $DB_ACTIVATIONS --days $DB_DAYS_TO_KEEP_ACTIVATIONS"]
env:
- name: "DB_USERNAME"
valueFrom:
secretKeyRef:
name: db.auth
key: db_username
- name: "DB_PASSWORD"
valueFrom:
secretKeyRef:
name: db.auth
key: db_password
- name: "DB_ACTIVATIONS"
valueFrom:
configMapKeyRef:
name: db.config
key: db_whisk_activations
- name: "DB_ACTIONS"
valueFrom:
configMapKeyRef:
name: db.config
key: db_whisk_actions
- name: "DB_DAYS_TO_KEEP_LOGS"
valueFrom:
configMapKeyRef:
name: db.config
key: db_days_to_keep_logs
- name: "DB_DAYS_TO_KEEP_ACTIVATIONS"
valueFrom:
configMapKeyRef:
name: db.config
key: db_days_to_keep_activations
initContainers:
- name: wait-for-couchdb
image: busybox
command: ['sh', '-c', 'until wget -T 5 --spider http://${COUCHDB_SERVICE_HOST}:${COUCHDB_SERVICE_PORT}/${DB_WHISK_ACTIVATIONS}; do echo waiting for couchdb; sleep 2; done;']
env:
- name: "DB_WHISK_ACTIVATIONS"
valueFrom:
configMapKeyRef:
name: db.config
key: db_whisk_activations