Merge pull request #46 from pubudu538/2.1.0-nfs

Adding pattern 3 and pattern 4
wso2 · Sep 21, 2017 · 8bbf927 · 8bbf927
2 parents 444e60e + 172a738
commit 8bbf927
Show file tree

Hide file tree

Showing 102 changed files with 150 additions and 15,260 deletions.
diff --git a/README.md b/README.md
@@ -9,15 +9,13 @@
 ##### 1. Checkout WSO2 kubernetes-apim  repository using `git clone`:
 ```
 git clone https://github.com/wso2/kubernetes-apim.git
-git checkout tags/v2.1.0-1
+git checkout tags/v2.1.0-2
 ```
 
 ##### 2. Pull required Docker images from [`WSO2 Docker Registry`](https://docker.wso2.com) using `docker pull`:
 ```
 docker login docker.wso2.com
 
-docker pull docker.wso2.com/sshd-kubernetes:1.0.0
-docker pull docker.wso2.com/rsync-kubernetes:1.0.0
 docker pull docker.wso2.com/wso2am-analytics-kubernetes:2.1.0
 docker pull docker.wso2.com/wso2am-kubernetes:2.1.0
 docker pull docker.wso2.com/apim-rdbms-kubernetes:2.1.0
@@ -30,8 +28,20 @@ Copy the required Docker images over to the Kubernetes Nodes (ex: use `docker sa
 required image, `scp` the tar file to each node, and then use `docker load` to load the image from the copied tar file 
 on the nodes). Alternatively, if a private Docker registry is used, transfer the images there.
 
-##### 4. Deploy Kubernetes/Openshift Resources:
+##### 4. Prerequisites for the deployment
+
+ * Network File System (NFS) is used as the persistent volume for API Manager servers. Therefore setting up NFS is required to deploy any pattern.
+   Complete the following.  
+
+     1. Update the NFS server IP in `KUBERNETES_HOME/pattern-X/artifacts/volumes/persistent-volumes.yaml'
+     2. Create required directories in NFS server for each pattern as mentioned in `KUBERNETES_HOME/pattern-X/artifacts/volumes/persistent-volumes.yaml`
+        eg: For pattern-1, create directories as '/exports/pattern-1/apim'
+
+  * It is recommend to use a mysql or any database cluster in a production environment. Only 1 mysql container is used with host path mount in these deployments.
+
 
+##### 5. Deploy Kubernetes/Openshift Resources:
+
 * Deploy on Kubernetes 
 
     1. Create a namespace called wso2.
@@ -101,7 +111,17 @@ on the nodes). Alternatively, if a private Docker registry is used, transfer the
     ```
     ./undeploy-openshift.sh
     ```
- <br>
 
+##### 6. How to customize for a deployment
+
+* Configurations are bind with wso2 namespace. If you are changing the hostnames or the namespace, do the following.
+    1. Change wso2.svc to `<namespace>.svc` in all the configuration files.
+    2. Update the KUBERNETES_NAMESPACE parameter with the correct namespace in all the axis2.xml files.
+    3. Update docker base images.
+        - Use a CA signed certificate and update client-truststore.jks and wso2carbon.jks files
+
+<br>
 
 > Tested in OpenShift v3.6.0 and Kubernetes v1.6.1
+
+> NFS is tested in Kubernetes v1.6.1
diff --git a/base/README.md b/base/README.md
@@ -23,7 +23,7 @@ For apim
 
 Add the above files to apim/files location.
 
-> mysql docker images do not need any files.
+> mysql docker image does not need any files.
 
 ##### 2. Build docker images
 

diff --git a/base/build.sh b/base/build.sh
@@ -16,7 +16,7 @@
 # limitations under the License
 # ------------------------------------------------------------------------
 
-# builds the base images - apim-base, analytics, rsync, sshd
+# builds the base images - apim, analytics
 
 set -e
 

diff --git a/pattern-1/artifacts/apim/wso2apim-manager-worker-deployment.yaml b/pattern-1/artifacts/apim/wso2apim-manager-worker-deployment.yaml
@@ -18,7 +18,7 @@ metadata:
   name: wso2apim-manager-worker
   labels:
     app: wso2apim
-    node: manager-worker
+    node-m: manager-worker
     pattern: wso2apim-pattern-1
 spec:
   strategy:
@@ -27,7 +27,7 @@ spec:
     metadata:
       labels:
         app: wso2apim
-        node: manager-worker
+        node-m: manager-worker
         pattern: wso2apim-pattern-1
     spec:
       containers:

diff --git a/pattern-1/artifacts/apim/wso2apim-manager-worker-service.yaml b/pattern-1/artifacts/apim/wso2apim-manager-worker-service.yaml
@@ -17,7 +17,7 @@ kind: Service
 metadata:
   name: wso2apim-manager-worker
   labels:
-    node: manager-worker
+    node-m: manager-worker
     pattern: wso2apim-pattern-1
 spec:
   ports:
@@ -52,6 +52,6 @@ spec:
       port: 7611
   # label keys and values that must match in order to receive traffic for this service
   selector:
-    node: manager-worker
+    node-m: manager-worker
     pattern: wso2apim-pattern-1
   clusterIP: None
diff --git a/pattern-1/artifacts/apim/wso2apim-worker-deployment.yaml b/pattern-1/artifacts/apim/wso2apim-worker-deployment.yaml
@@ -18,7 +18,7 @@ metadata:
   name: wso2apim-worker
   labels:
     app: wso2apim
-    node: worker
+    node-w: worker
     pattern: wso2apim-pattern-1
 spec:
   strategy:
@@ -27,7 +27,7 @@ spec:
     metadata:
       labels:
         app: wso2apim
-        node: worker
+        node-w: worker
         pattern: wso2apim-pattern-1
     spec:
       containers:

diff --git a/pattern-1/artifacts/apim/wso2apim-worker-service.yaml b/pattern-1/artifacts/apim/wso2apim-worker-service.yaml
@@ -17,7 +17,7 @@ kind: Service
 metadata:
   name: wso2apim-worker
   labels:
-    node: worker
+    node-w: worker
     pattern: wso2apim-pattern-1
 spec:
   ports:
@@ -52,6 +52,6 @@ spec:
       port: 7611
   # label keys and values that must match in order to receive traffic for this service
   selector:
-    node: worker
+    node-w: worker
     pattern: wso2apim-pattern-1
   clusterIP: None
diff --git a/pattern-1/artifacts/volumes/persistent-volumes.yaml b/pattern-1/artifacts/volumes/persistent-volumes.yaml
@@ -42,8 +42,6 @@ spec:
     storage: 20Gi
   accessModes:
     - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Recycle
-  nfs:
-    # FIXME: use the right IP
-    server: 10.23.245.15
-    path: "/exports/pattern-1/mysql"
+  persistentVolumeReclaimPolicy: Delete
+  hostPath:
+    path: /tmp/data/pattern-1-pv-2
diff --git a/pattern-1/confs/apim-manager-worker/repository/conf/api-manager.xml b/pattern-1/confs/apim-manager-worker/repository/conf/api-manager.xml
@@ -16,7 +16,7 @@
          logic relies on this. -->
     <AuthManager>
         <!-- Server URL of the Authentication service -->
-        <ServerURL>https://wso2apim-manager-worker.wso2.svc:9443${carbon.context}services/</ServerURL>
+        <ServerURL>https://wso2apim.wso2.svc:9443${carbon.context}services/</ServerURL>
         <!-- Admin username for the Authentication manager. -->
         <Username>${admin.username}</Username>
         <!-- Admin password for the Authentication manager. -->
@@ -202,7 +202,7 @@
     -->
     <APIKeyValidator>
         <!-- Server URL of the API key manager -->
-        <ServerURL>https://wso2apim-manager-worker.wso2.svc:9443${carbon.context}services/</ServerURL>
+        <ServerURL>https://wso2apim.wso2.svc:9443${carbon.context}services/</ServerURL>
 
         <!-- Admin username for API key manager. -->
         <Username>${admin.username}</Username>
@@ -216,11 +216,11 @@
              -If you need to start two API Manager instances in the same machine, you need to give different ports to "ThriftServerPort" value in two nodes.
              -ThriftServerHost - Allows to configure a hostname for the thrift server. It uses the carbon hostname by default.
 	         -The Gateway uses this parameter to connect to the key validation thrift service. -->
-        <KeyValidatorClientType>ThriftClient</KeyValidatorClientType>
+        <KeyValidatorClientType>WSClient</KeyValidatorClientType>
         <ThriftClientConnectionTimeOut>10000</ThriftClientConnectionTimeOut>
         <!--ThriftClientPort>10397</ThriftClientPort-->
 
-        <EnableThriftServer>true</EnableThriftServer>
+        <EnableThriftServer>false</EnableThriftServer>
         <ThriftServerHost>localhost</ThriftServerHost>
         <!--ThriftServerPort>10397</ThriftServerPort-->
 

diff --git a/pattern-1/confs/apim-worker/repository/conf/api-manager.xml b/pattern-1/confs/apim-worker/repository/conf/api-manager.xml
@@ -16,7 +16,7 @@
          logic relies on this. -->
     <AuthManager>
         <!-- Server URL of the Authentication service -->
-        <ServerURL>https://wso2apim-worker.wso2.svc:${mgt.transport.https.port}${carbon.context}services/</ServerURL>
+        <ServerURL>https://wso2apim.wso2.svc:${mgt.transport.https.port}${carbon.context}services/</ServerURL>
         <!-- Admin username for the Authentication manager. -->
         <Username>${admin.username}</Username>
         <!-- Admin password for the Authentication manager. -->
@@ -202,7 +202,7 @@
     -->
     <APIKeyValidator>
         <!-- Server URL of the API key manager -->
-        <ServerURL>https://wso2apim-worker.wso2.svc:${mgt.transport.https.port}${carbon.context}services/</ServerURL>
+        <ServerURL>https://wso2apim.wso2.svc:${mgt.transport.https.port}${carbon.context}services/</ServerURL>
 
         <!-- Admin username for API key manager. -->
         <Username>${admin.username}</Username>
@@ -216,11 +216,11 @@
              -If you need to start two API Manager instances in the same machine, you need to give different ports to "ThriftServerPort" value in two nodes.
              -ThriftServerHost - Allows to configure a hostname for the thrift server. It uses the carbon hostname by default.
 	         -The Gateway uses this parameter to connect to the key validation thrift service. -->
-        <KeyValidatorClientType>ThriftClient</KeyValidatorClientType>
+        <KeyValidatorClientType>WSClient</KeyValidatorClientType>
         <ThriftClientConnectionTimeOut>10000</ThriftClientConnectionTimeOut>
         <!--ThriftClientPort>10397</ThriftClientPort-->
 
-        <EnableThriftServer>true</EnableThriftServer>
+        <EnableThriftServer>false</EnableThriftServer>
         <ThriftServerHost>localhost</ThriftServerHost>
         <!--ThriftServerPort>10397</ThriftServerPort-->
 

diff --git a/pattern-2/artifacts/apim-km/wso2apim-key-manager-service.yaml b/pattern-2/artifacts/apim-km/wso2apim-key-manager-service.yaml
@@ -30,12 +30,8 @@ spec:
       name: "https"
       protocol: TCP
       port: 9443
-    -
-      name: "ssh"
-      protocol: TCP
-      port: 8022
   # label keys and values that must match in order to receive traffic for this service
   selector:
     node: key-manager
   clusterIP: None
-  sessionAffinity: ClientIP
+  sessionAffinity: ClientIP
diff --git a/pattern-2/artifacts/apim-pubstore-tm/wso2apim-pubstore-tm-1-deployment.yaml b/pattern-2/artifacts/apim-pubstore-tm/wso2apim-pubstore-tm-1-deployment.yaml
@@ -18,7 +18,7 @@ metadata:
   name: wso2apim-pubstore-tm-1
   labels:
     app: wso2apim
-    node: pubstore-tm-1
+    node-1: pubstore-tm-1
     pattern: wso2apim-pattern-2
 spec:
   strategy:
@@ -27,7 +27,7 @@ spec:
     metadata:
       labels:
         app: wso2apim
-        node: pubstore-tm-1
+        node-1: pubstore-tm-1
     spec:
       containers:
       - image: docker.wso2.com/wso2am-kubernetes:2.1.0

diff --git a/pattern-2/artifacts/apim-pubstore-tm/wso2apim-pubstore-tm-1-service.yaml b/pattern-2/artifacts/apim-pubstore-tm/wso2apim-pubstore-tm-1-service.yaml
@@ -17,7 +17,7 @@ kind: Service
 metadata:
   name: wso2apim-pubstore-tm-1
   labels:
-    node: pubstore-tm-1
+    node-1: pubstore-tm-1
     pattern: wso2apim-pattern-2
 spec:
   ports:
@@ -42,10 +42,6 @@ spec:
       name: "thrift"
       protocol: TCP
       port: 7611
-    -
-      name: "ssh"
-      protocol: TCP
-      port: 8022
     -
       name: "http"
       protocol: TCP
@@ -56,5 +52,5 @@ spec:
       port: 9443
   # label keys and values that must match in order to receive traffic for this service
   selector:
-    node: pubstore-tm-1
+    node-1: pubstore-tm-1
   clusterIP: None
diff --git a/pattern-2/artifacts/apim-pubstore-tm/wso2apim-pubstore-tm-2-deployment.yaml b/pattern-2/artifacts/apim-pubstore-tm/wso2apim-pubstore-tm-2-deployment.yaml
@@ -18,7 +18,7 @@ metadata:
   name: wso2apim-pubstore-tm-2
   labels:
     app: wso2apim
-    node: pubstore-tm-2
+    node-2: pubstore-tm-2
     pattern: wso2apim-pattern-2
 spec:
   strategy:
@@ -27,7 +27,7 @@ spec:
     metadata:
       labels:
         app: wso2apim
-        node: pubstore-tm-2
+        node-2: pubstore-tm-2
     spec:
       containers:
       - image: docker.wso2.com/wso2am-kubernetes:2.1.0

diff --git a/pattern-2/artifacts/apim-pubstore-tm/wso2apim-pubstore-tm-2-service.yaml b/pattern-2/artifacts/apim-pubstore-tm/wso2apim-pubstore-tm-2-service.yaml
@@ -17,7 +17,7 @@ kind: Service
 metadata:
   name: wso2apim-pubstore-tm-2
   labels:
-    node: pubstore-tm-2
+    node-2: pubstore-tm-2
     pattern: wso2apim-pattern-2
 spec:
   ports:
@@ -52,5 +52,5 @@ spec:
       port: 9443
   # label keys and values that must match in order to receive traffic for this service
   selector:
-    node: pubstore-tm-2
+    node-2: pubstore-tm-2
   clusterIP: None
diff --git a/pattern-2/artifacts/volumes/persistent-volumes.yaml b/pattern-2/artifacts/volumes/persistent-volumes.yaml
@@ -60,8 +60,6 @@ spec:
     storage: 20Gi
   accessModes:
     - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Recycle
-  nfs:
-    # FIXME: use the right IP
-    server: 10.23.245.15
-    path: "/exports/pattern-2/mysql"
+  persistentVolumeReclaimPolicy: Delete
+  hostPath:
+    path: /tmp/data/pattern-2-pv-3
diff --git a/pattern-3/artifacts/apim-gateway/wso2apim-manager-worker-deployment.yaml b/pattern-3/artifacts/apim-gateway/wso2apim-manager-worker-deployment.yaml
@@ -21,6 +21,7 @@ metadata:
     node: manager-worker
     pattern: wso2apim-pattern-3
 spec:
+  replicas: 2
   strategy:
     type: Recreate
   template:
@@ -70,19 +71,6 @@ spec:
             port: 9443
           initialDelaySeconds: 300
           periodSeconds: 20
-      -
-        image: docker.wso2.com/sshd-kubernetes:1.0.0
-        name: wso2apim-sshd
-        imagePullPolicy: IfNotPresent
-        ports:
-        -
-          containerPort: 8022
-          protocol: "TCP"
-
-        volumeMounts:
-        -
-          mountPath: "/home/wso2user/apim-artifacts"
-          name: apim-mgt-storage-volume
       serviceAccountName: "wso2svcacct"
       volumes:
       - name: apim-mgt-storage-volume

diff --git a/pattern-3/artifacts/apim-gateway/wso2apim-manager-worker-service.yaml b/pattern-3/artifacts/apim-gateway/wso2apim-manager-worker-service.yaml
@@ -30,11 +30,8 @@ spec:
       name: "https"
       protocol: TCP
       port: 9443
-    -
-      name: "ssh"
-      protocol: TCP
-      port: 8022
   # label keys and values that must match in order to receive traffic for this service
   selector:
     node: manager-worker
   clusterIP: None
+  sessionAffinity: ClientIP