Test rosa and gcp

Signed-off-by: clyang82 <chuyang@redhat.com>

Author: clyang82

charts/maestro-agent/templates/deployment.yaml

@@ -30,7 +30,7 @@ spec:
           - --consumer-name={{ .Values.consumerName }}
           - --workload-source-driver={{ .Values.messageBroker.type }}
           - --workload-source-config=/secrets/{{ .Values.messageBroker.type }}/config.yaml
-          - --cloudevents-client-id={{ .Values.consumerName }}-work-agent
+          - --cloudevents-client-id={{ .Values.cloudeventsClientId }}
           - -v={{ .Values.logging.klogV }}
         volumeMounts:
         - name: {{ .Values.messageBroker.type }}

charts/maestro-agent/values.yaml

@@ -11,6 +11,9 @@ installCRDs: true
 # Consumer name - identifies the agent/cluster
 consumerName: cluster1
 
+# cloudevents client Id. in rosa, only consumer name is used to create certs
+cloudeventsClientId: cluster1-work-agent
+
 # default client certificate refresh/reload duration for message broker
 clientCertRefreshDuration: 5m
 

charts/maestro-server/templates/deployment.yaml

@@ -18,6 +18,10 @@ spec:
     metadata:
       labels:
         {{- include "maestro-server.selectorLabels" . | nindent 8 }}
+      {{- with .Values.server.annotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
     spec:
       serviceAccountName: {{ include "maestro-server.serviceAccountName" . }}
       volumes:
@@ -47,12 +51,6 @@ spec:
           secretName: maestro-grpc-broker-cert
           optional: true
       {{- end }}
-      {{- if eq .Values.messageBroker.type "pubsub" }}
-      - name: pubsub-creds
-        secret:
-          secretName: maestro-pubsub-creds
-          optional: true
-      {{- end }}
       {{- if .Values.server.https.enabled }}
       - name: https-certs
         secret:
@@ -74,8 +72,6 @@ spec:
         - "--structured-logs"
         - "--port=5432"
         - {{ .Values.database.cloudSqlProxy.instanceConnectionName | quote }}
-        securityContext:
-          runAsNonRoot: true
       {{- end }}
       - name: migration
         image: {{ include "maestro-server.image" . }}
@@ -116,10 +112,6 @@ spec:
         - name: grpc-broker-cert
           mountPath: /secrets/grpc-broker-cert
         {{- end }}
-        {{- if eq .Values.messageBroker.type "pubsub" }}
-        - name: pubsub-creds
-          mountPath: /secrets/pubsub
-        {{- end }}
         {{- if .Values.server.https.enabled }}
         - name: https-certs
           mountPath: /secrets/https-certs
@@ -163,10 +155,10 @@ spec:
         - --grpc-tls-key-file={{ .Values.server.grpc.tls.keyFile }}
         - --grpc-client-ca-file={{ .Values.server.grpc.tls.clientCAFile }}
         {{- end }}
-        {{- if and (eq .Values.messageBroker.type "grpc") .Values.grpc.tls.enabled }}
-        - --grpc-broker-tls-cert-file={{ .Values.grpc.tls.certFile }}
-        - --grpc-broker-tls-key-file={{ .Values.grpc.tls.keyFile }}
-        - --grpc-broker-client-ca-file={{ .Values.grpc.tls.clientCAFile }}
+        {{- if and (eq .Values.messageBroker.type "grpc") .Values.messageBroker.grpc.tls.enabled }}
+        - --grpc-broker-tls-cert-file={{ .Values.messageBroker.grpc.tls.certFile }}
+        - --grpc-broker-tls-key-file={{ .Values.messageBroker.grpc.tls.keyFile }}
+        - --grpc-broker-client-ca-file={{ .Values.messageBroker.grpc.tls.clientCAFile }}
         {{- end }}
         - --server-hostname={{ .Values.server.hostname }}
         - --http-server-bindport={{ .Values.server.http.bindPort }}

charts/maestro-server/templates/grpc.yaml

@@ -1,4 +1,4 @@
-{{- if and (eq .Values.messageBroker.type "grpc") .Values.grpc.enabled -}}
+{{- if eq .Values.messageBroker.type "grpc" -}}
 ---
 apiVersion: v1
 kind: Secret
@@ -8,5 +8,5 @@ metadata:
     {{- include "maestro-server.labels" . | nindent 4 }}
 stringData:
   config.yaml: |
-    url: {{ .Values.grpc.url }}
+    url: {{ .Values.messageBroker.grpc.url }}
 {{- end }}

charts/maestro-server/templates/mosquitto.yaml

@@ -0,0 +1,88 @@
+{{- if .Values.mosquitto.enabled -}}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.mosquitto.service.name }}
+  labels:
+    {{- include "maestro-server.labels" . | nindent 4 }}
+  annotations:
+    template.openshift.io/expose-uri: tcp://{.spec.clusterIP}:{.spec.ports[?(.name==\mosquitto\)].port}
+spec:
+  ports:
+  - name: mosquitto
+    protocol: TCP
+    port: {{ .Values.mosquitto.service.port }}
+    targetPort: {{ .Values.mosquitto.service.port }}
+  selector:
+    name: {{ .Values.mosquitto.service.name }}
+  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Values.mosquitto.service.name }}
+  labels:
+    {{- include "maestro-server.labels" . | nindent 4 }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: {{ .Values.mosquitto.service.name }}
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        name: {{ .Values.mosquitto.service.name }}
+    spec:
+      serviceAccountName: {{ include "maestro-server.serviceAccountName" . }}
+      containers:
+      - image: {{ .Values.mosquitto.image }}
+        imagePullPolicy: IfNotPresent
+        name: mosquitto
+        ports:
+        - containerPort: {{ .Values.mosquitto.service.port }}
+          name: mosquitto
+        volumeMounts:
+        - name: mosquitto-persistent-storage
+          mountPath: /mosquitto/data
+        - name: mosquitto-config
+          mountPath: /mosquitto/config/mosquitto.conf
+          subPath: mosquitto.conf
+        {{- if .Values.mosquitto.tls.enabled }}
+        - name: mosquitto-certs
+          mountPath: /mosquitto/certs
+          readOnly: true
+        {{- end }}
+      volumes:
+      - name: mosquitto-persistent-storage
+        emptyDir: {}
+      - name: mosquitto-config
+        configMap:
+          name: {{ .Values.mosquitto.service.name }}
+      {{- if .Values.mosquitto.tls.enabled }}
+      - name: mosquitto-certs
+        secret:
+          secretName: maestro-mqtt-certs
+      {{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Values.mosquitto.service.name }}
+  labels:
+    {{- include "maestro-server.labels" . | nindent 4 }}
+data:
+  mosquitto.conf: |
+    listener {{ .Values.mosquitto.service.port }} 0.0.0.0
+    {{- if .Values.mosquitto.tls.enabled }}
+    cafile /mosquitto/certs/ca.crt
+    certfile /mosquitto/certs/server.crt
+    keyfile /mosquitto/certs/server.key
+    require_certificate true
+    use_identity_as_username true
+    {{- else }}
+    allow_anonymous true
+    {{- end }}
+{{- end }}

charts/maestro-server/templates/mqtt.yaml

@@ -1,90 +1,4 @@
-{{- if and (eq .Values.messageBroker.type "mqtt") .Values.mqtt.enabled -}}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Values.mqtt.service.name }}
-  labels:
-    {{- include "maestro-server.labels" . | nindent 4 }}
-  annotations:
-    template.openshift.io/expose-uri: tcp://{.spec.clusterIP}:{.spec.ports[?(.name==\mosquitto\)].port}
-spec:
-  ports:
-  - name: mosquitto
-    protocol: TCP
-    port: {{ .Values.mqtt.service.port }}
-    targetPort: {{ .Values.mqtt.service.port }}
-  selector:
-    name: {{ .Values.mqtt.service.name }}
-  type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ .Values.mqtt.service.name }}
-  labels:
-    {{- include "maestro-server.labels" . | nindent 4 }}
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      name: {{ .Values.mqtt.service.name }}
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        name: {{ .Values.mqtt.service.name }}
-    spec:
-      serviceAccountName: {{ include "maestro-server.serviceAccountName" . }}
-      containers:
-      - image: {{ .Values.mqtt.image }}
-        imagePullPolicy: IfNotPresent
-        name: mosquitto
-        ports:
-        - containerPort: {{ .Values.mqtt.service.port }}
-          name: mosquitto
-        volumeMounts:
-        - name: mosquitto-persistent-storage
-          mountPath: /mosquitto/data
-        - name: mosquitto-config
-          mountPath: /mosquitto/config/mosquitto.conf
-          subPath: mosquitto.conf
-        {{- if .Values.mqtt.tls.enabled }}
-        - name: mosquitto-certs
-          mountPath: /mosquitto/certs
-          readOnly: true
-        {{- end }}
-      volumes:
-      - name: mosquitto-persistent-storage
-        emptyDir: {}
-      - name: mosquitto-config
-        configMap:
-          name: {{ .Values.mqtt.service.name }}
-      {{- if .Values.mqtt.tls.enabled }}
-      - name: mosquitto-certs
-        secret:
-          secretName: maestro-mqtt-certs
-      {{- end }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ .Values.mqtt.service.name }}
-  labels:
-    {{- include "maestro-server.labels" . | nindent 4 }}
-data:
-  mosquitto.conf: |
-    listener {{ .Values.mqtt.service.port }} 0.0.0.0
-    {{- if .Values.mqtt.tls.enabled }}
-    cafile /mosquitto/certs/ca.crt
-    certfile /mosquitto/certs/server.crt
-    keyfile /mosquitto/certs/server.key
-    require_certificate true
-    use_identity_as_username true
-    {{- else }}
-    allow_anonymous true
-    {{- end }}
+{{- if and (eq .Values.messageBroker.type "mqtt") .Values.messageBroker.secretName }}
 ---
 apiVersion: v1
 kind: Secret
@@ -94,19 +8,25 @@ metadata:
     {{- include "maestro-server.labels" . | nindent 4 }}
 stringData:
   config.yaml: |
-    brokerHost: {{ .Values.mqtt.host }}:{{ .Values.mqtt.service.port }}
-    {{- if .Values.mqtt.user }}
-    username: {{ .Values.mqtt.user }}
+    brokerHost: {{ .Values.messageBroker.mqtt.host }}:{{ .Values.messageBroker.mqtt.port }}
+    {{- if .Values.messageBroker.mqtt.user }}
+    username: {{ .Values.messageBroker.mqtt.user }}
     {{- end }}
-    {{- if .Values.mqtt.password }}
-    password: {{ .Values.mqtt.password }}
+    {{- if .Values.messageBroker.mqtt.password }}
+    password: {{ .Values.messageBroker.mqtt.password }}
     {{- end }}
-    {{- if .Values.mqtt.tls.enabled }}
-    caFile: {{ .Values.mqtt.tls.caFile }}
-    clientCertFile: {{ .Values.mqtt.tls.clientCertFile }}
-    clientKeyFile: {{ .Values.mqtt.tls.clientKeyFile }}
+    {{- if .Values.messageBroker.mqtt.tls.enabled }}
+    caFile: {{ .Values.messageBroker.mqtt.tls.caFile }}
+    clientCertFile: {{ .Values.messageBroker.mqtt.tls.clientCertFile }}
+    clientKeyFile: {{ .Values.messageBroker.mqtt.tls.clientKeyFile }}
     {{- end }}
+    {{- if .Values.messageBroker.mqtt.topics }}
     topics:
-      sourceEvents: sources/maestro/consumers/+/sourceevents
-      agentEvents: {{ .Values.mqtt.agentTopic }}
+      {{- if .Values.messageBroker.mqtt.topics.sourceEvents }}
+      sourceEvents: {{ .Values.messageBroker.mqtt.topics.sourceEvents }}
+      {{- end }}
+      {{- if .Values.messageBroker.mqtt.topics.agentEvents }}
+      agentEvents: {{ .Values.messageBroker.mqtt.topics.agentEvents }}
+      {{- end }}
+    {{- end }}
 {{- end }}

charts/maestro-server/templates/pubsub.yaml

@@ -1,4 +1,4 @@
-{{- if and (eq .Values.messageBroker.type "pubsub") .Values.pubsub.enabled -}}
+{{- if eq .Values.messageBroker.type "pubsub" -}}
 ---
 apiVersion: v1
 kind: Secret
@@ -8,39 +8,25 @@ metadata:
     {{- include "maestro-server.labels" . | nindent 4 }}
 stringData:
   config.yaml: |
-    {{- if .Values.pubsub.projectID }}
-    projectID: {{ .Values.pubsub.projectID }}
+    {{- if .Values.messageBroker.pubsub.projectID }}
+    projectID: {{ .Values.messageBroker.pubsub.projectID }}
     {{- end }}
-    {{- if .Values.pubsub.credentialsJSON }}
-    credentialsFile: {{ .Values.pubsub.credentialsFile }}
-    {{- end }}
-    {{- if .Values.pubsub.topics }}
+    {{- if .Values.messageBroker.pubsub.topics }}
     topics:
-      {{- if .Values.pubsub.topics.sourceEvents }}
-      sourceEvents: {{ .Values.pubsub.topics.sourceEvents }}
+      {{- if .Values.messageBroker.pubsub.topics.sourceEvents }}
+      sourceEvents: {{ .Values.messageBroker.pubsub.topics.sourceEvents }}
       {{- end }}
-      {{- if .Values.pubsub.topics.sourceBroadcast }}
-      sourceBroadcast: {{ .Values.pubsub.topics.sourceBroadcast }}
+      {{- if .Values.messageBroker.pubsub.topics.sourceBroadcast }}
+      sourceBroadcast: {{ .Values.messageBroker.pubsub.topics.sourceBroadcast }}
       {{- end }}
     {{- end }}
-    {{- if .Values.pubsub.subscriptions }}
+    {{- if .Values.messageBroker.pubsub.subscriptions }}
     subscriptions:
-      {{- if .Values.pubsub.subscriptions.agentEvents }}
-      agentEvents: {{ .Values.pubsub.subscriptions.agentEvents }}
+      {{- if .Values.messageBroker.pubsub.subscriptions.agentEvents }}
+      agentEvents: {{ .Values.messageBroker.pubsub.subscriptions.agentEvents }}
       {{- end }}
-      {{- if .Values.pubsub.subscriptions.agentBroadcast }}
-      agentBroadcast: {{ .Values.pubsub.subscriptions.agentBroadcast }}
+      {{- if .Values.messageBroker.pubsub.subscriptions.agentBroadcast }}
+      agentBroadcast: {{ .Values.messageBroker.pubsub.subscriptions.agentBroadcast }}
       {{- end }}
     {{- end }}
----
-{{- if .Values.pubsub.credentialsJSON }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: maestro-pubsub-creds
-  labels:
-    {{- include "maestro-server.labels" . | nindent 4 }}
-stringData:
-  credentials.json: {{ .Values.pubsub.credentialsJSON | quote }}
-{{- end }}
 {{- end }}