diff --git a/deployment/helm/templates/configmaps/as-common-configmap.yaml b/deployment/helm/templates/configmaps/as-common-configmap.yaml new file mode 100644 index 00000000..7b38ab60 --- /dev/null +++ b/deployment/helm/templates/configmaps/as-common-configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: as-common-variables +data: + DATABASE_HOST: edgex-redis + {{- if (eq .Values.edgex.features.messagebusbackend "redis") }} + TRIGGER_EDGEXMESSAGEBUS_SUBSCRIBEHOST_HOST: edgex-redis + TRIGGER_EDGEXMESSAGEBUS_PUBLISHHOST_HOST: edgex-redis + {{- end}} diff --git a/deployment/helm/templates/configmaps/device-common-configmap.yaml b/deployment/helm/templates/configmaps/device-common-configmap.yaml new file mode 100644 index 00000000..8448593a --- /dev/null +++ b/deployment/helm/templates/configmaps/device-common-configmap.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: device-common-variables +data: + {{- if (eq .Values.edgex.features.messagebusbackend "redis") }} + MESSAGEQUEUE_HOST: edgex-redis + {{- end}} diff --git a/deployment/helm/templates/edgex-configmap.yaml b/deployment/helm/templates/configmaps/edgex-configmap.yaml similarity index 96% rename from deployment/helm/templates/edgex-configmap.yaml rename to deployment/helm/templates/configmaps/edgex-configmap.yaml index 6ea2c32a..2281aa02 100644 --- a/deployment/helm/templates/edgex-configmap.yaml +++ b/deployment/helm/templates/configmaps/edgex-configmap.yaml @@ -12,9 +12,11 @@ data: CLIENTS_CORE_COMMAND_HOST: {{.Values.edgex.app.core.command}} CLIENTS_SUPPORT_NOTIFICATIONS_HOST: {{.Values.edgex.app.support.notifications}} CLIENTS_SUPPORT_SCHEDULER_HOST: {{.Values.edgex.app.support.scheduler}} - MESSAGEQUEUE_HOST: {{.Values.edgex.app.redis}} REGISTRY_HOST: {{.Values.edgex.app.consul}} DATABASES_PRIMARY_HOST: {{.Values.edgex.app.redis}} +{{- if (eq .Values.edgex.features.messagebusbackend "redis") }} + MESSAGEQUEUE_HOST: {{.Values.edgex.app.redis}} +{{- end}} {{- if .Values.edgex.security.enabled }} EDGEX_SECURITY_SECRET_STORE: "true" SECRETSTORE_HOST: edgex-vault diff --git a/deployment/helm/templates/edgex-app-external-mqtt-trigger/edgex-app-external-mqtt-trigger-deployment.yaml b/deployment/helm/templates/edgex-app-external-mqtt-trigger/edgex-app-external-mqtt-trigger-deployment.yaml new file mode 100644 index 00000000..71665565 --- /dev/null +++ b/deployment/helm/templates/edgex-app-external-mqtt-trigger/edgex-app-external-mqtt-trigger-deployment.yaml @@ -0,0 +1,115 @@ +# Copyright (C) 2022 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + org.edgexfoundry.service: {{.Values.edgex.app.appservice.externalmqtttrigger}} + name: {{.Values.edgex.app.appservice.externalmqtttrigger}} +spec: + replicas: {{.Values.edgex.replicas.appservice.externalmqtttrigger}} + selector: + matchLabels: + org.edgexfoundry.service: {{.Values.edgex.app.appservice.externalmqtttrigger}} + strategy: {} + template: + metadata: + labels: + org.edgexfoundry.service: {{.Values.edgex.app.appservice.externalmqtttrigger}} + spec: + {{- if and (eq .Values.edgex.security.enabled true) (or (eq .Values.edgex.storage.sharedVolumesAccessMode "ReadWriteOnce") (eq .Values.edgex.storage.useHostPath true))}} + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + org.edgexfoundry.service: {{ .Values.edgex.app.secretstoresetup}} + topologyKey: "kubernetes.io/hostname" + {{- end}} + automountServiceAccountToken: false + containers: + - name: {{.Values.edgex.app.appservice.externalmqtttrigger}} + image: {{.Values.edgex.image.appservice.externalmqtttrigger.repository}}:{{.Values.edgex.image.appservice.externalmqtttrigger.tag}} + imagePullPolicy: {{.Values.edgex.image.appservice.externalmqtttrigger.pullPolicy}} + {{- if .Values.edgex.security.enabled }} + command: ["/edgex-init/ready_to_run_wait_install.sh"] + args: ["/app-service-configurable", "-cp=consul.http://edgex-core-consul:8500", "--registry", "--confdir=/res"] + {{- end}} + ports: + - containerPort: {{.Values.edgex.port.appservice.externalmqtttrigger}} + {{- if not .Values.edgex.security.enabled }} + hostPort: {{.Values.edgex.port.appservice.externalmqtttrigger}} + hostIP: {{.Values.edgex.hostPortInternalBind}} + {{- end}} + envFrom: + - configMapRef: + name: edgex-common-variables + env: + - name: EDGEX_PROFILE + value: "edgex-app-external-mqtt-trigger" + - name: SERVICE_HOST + value: {{.Values.edgex.app.appservice.externalmqtttrigger}} + - name: WRITABLE_LOGLEVEL + value: INFO + {{- if (eq .Values.edgex.features.messagebusbackend "redis") }} + - name: TRIGGER_EDGEXMESSAGEBUS_PUBLISHHOST_HOST + value: {{.Values.edgex.app.redis}} + - name: TRIGGER_EDGEXMESSAGEBUS_SUBSCRIBEHOST_HOST + value: {{.Values.edgex.app.redis}} + {{- end}} + {{- if (eq .Values.edgex.features.messagebusbackend "mqtt") }} + - name: WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS + value: "{{.Values.edgex.features.mqttBrokerAddress}}" + - name: WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC + value: edgex-export + - name: TRIGGER_EXTERNALMQTT_URL + value: "{{.Values.edgex.features.mqttBrokerAddress}}" + {{- end}} + + + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + httpGet: + path: /api/v2/ping + port: {{.Values.edgex.port.appservice.externalmqtttrigger}} + periodSeconds: 1 + failureThreshold: 120 + livenessProbe: + httpGet: + path: /api/v2/ping + port: {{.Values.edgex.port.appservice.externalmqtttrigger}} + {{- if .Values.edgex.security.enabled }} + volumeMounts: + - mountPath: /edgex-init + name: edgex-init + - mountPath: /tmp/edgex/secrets + name: edgex-secrets + {{- end }} + {{- if .Values.edgex.resources.appservice.externalmqtttrigger.enforceLimits }} + resources: + limits: + memory: {{ .Values.edgex.resources.appservice.externalmqtttrigger.limits.memory }} + cpu: {{ .Values.edgex.resources.appservice.externalmqtttrigger.limits.cpu }} + requests: + memory: {{ .Values.edgex.resources.appservice.externalmqtttrigger.requests.memory }} + cpu: {{ .Values.edgex.resources.appservice.externalmqtttrigger.requests.cpu }} + {{- end}} + hostname: {{.Values.edgex.app.appservice.externalmqtttrigger}} + restartPolicy: Always + securityContext: + runAsNonRoot: true + runAsUser: {{ .Values.edgex.security.runAsUser }} + runAsGroup: {{ .Values.edgex.security.runAsGroup }} + {{- if .Values.edgex.security.enabled }} + volumes: + - name: edgex-init + persistentVolumeClaim: + claimName: edgex-init + - name: edgex-secrets + persistentVolumeClaim: + claimName: edgex-secrets + {{- end}} diff --git a/deployment/helm/templates/edgex-app-external-mqtt-trigger/edgex-app-external-mqtt-trigger-service.yaml b/deployment/helm/templates/edgex-app-external-mqtt-trigger/edgex-app-external-mqtt-trigger-service.yaml new file mode 100644 index 00000000..fc3e2acd --- /dev/null +++ b/deployment/helm/templates/edgex-app-external-mqtt-trigger/edgex-app-external-mqtt-trigger-service.yaml @@ -0,0 +1,17 @@ +# Copyright (C) 2022 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# +apiVersion: v1 +kind: Service +metadata: + labels: + org.edgexfoundry.service: {{.Values.edgex.app.appservice.externalmqtttrigger}} + name: {{.Values.edgex.app.appservice.externalmqtttrigger}} +spec: + ports: + - name: "http" + port: {{.Values.edgex.port.appservice.externalmqtttrigger}} + selector: + org.edgexfoundry.service: {{.Values.edgex.app.appservice.externalmqtttrigger}} + type: {{.Values.expose.type}} diff --git a/deployment/helm/templates/edgex-app-http-export/edgex-app-http-export-deployment.yaml b/deployment/helm/templates/edgex-app-http-export/edgex-app-http-export-deployment.yaml index eee7dd5a..0bb9851b 100644 --- a/deployment/helm/templates/edgex-app-http-export/edgex-app-http-export-deployment.yaml +++ b/deployment/helm/templates/edgex-app-http-export/edgex-app-http-export-deployment.yaml @@ -49,13 +49,23 @@ spec: value: "http-export" - name: SERVICE_HOST value: {{.Values.edgex.app.appservice.httpexport}} + {{- if (eq .Values.edgex.features.messagebusbackend "redis") }} - name: TRIGGER_EDGEXMESSAGEBUS_PUBLISHHOST_HOST value: {{.Values.edgex.app.redis}} - name: TRIGGER_EDGEXMESSAGEBUS_SUBSCRIBEHOST_HOST value: {{.Values.edgex.app.redis}} + {{- end}} + {{- if (eq .Values.edgex.features.messagebusbackend "nats") }} + - name: WRITABLE_PIPELINE_FUNCTIONS_HTTPEXPORT_PARAMETERS_URL + value: "{{.Values.edgex.features.httpExportURL}}" + - name: WRITABLE_LOGLEVEL + value: INFO + {{- end}} envFrom: - configMapRef: name: edgex-common-variables + - configMapRef: + name: as-common-variables securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/deployment/helm/templates/edgex-app-metrics-influxdb/edgex-app-metrics-influxdb-deployment.yaml b/deployment/helm/templates/edgex-app-metrics-influxdb/edgex-app-metrics-influxdb-deployment.yaml index 30b589eb..b420e35d 100644 --- a/deployment/helm/templates/edgex-app-metrics-influxdb/edgex-app-metrics-influxdb-deployment.yaml +++ b/deployment/helm/templates/edgex-app-metrics-influxdb/edgex-app-metrics-influxdb-deployment.yaml @@ -46,15 +46,19 @@ spec: envFrom: - configMapRef: name: edgex-common-variables + - configMapRef: + name: as-common-variables env: - name: EDGEX_PROFILE value: "metrics-influxdb" - name: SERVICE_HOST value: {{.Values.edgex.app.appservice.metricsinfluxdb}} + {{- if (eq .Values.edgex.features.messagebusbackend "redis") }} - name: TRIGGER_EDGEXMESSAGEBUS_PUBLISHHOST_HOST value: {{.Values.edgex.app.redis}} - name: TRIGGER_EDGEXMESSAGEBUS_SUBSCRIBEHOST_HOST value: {{.Values.edgex.app.redis}} + {{end}} securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/deployment/helm/templates/edgex-app-mqtt-export/edgex-app-mqtt-export-deployment.yaml b/deployment/helm/templates/edgex-app-mqtt-export/edgex-app-mqtt-export-deployment.yaml index 10f257bc..9ff74ab3 100644 --- a/deployment/helm/templates/edgex-app-mqtt-export/edgex-app-mqtt-export-deployment.yaml +++ b/deployment/helm/templates/edgex-app-mqtt-export/edgex-app-mqtt-export-deployment.yaml @@ -46,15 +46,31 @@ spec: envFrom: - configMapRef: name: edgex-common-variables + - configMapRef: + name: as-common-variables env: - name: EDGEX_PROFILE value: "mqtt-export" - name: SERVICE_HOST value: {{.Values.edgex.app.appservice.mqttexport}} + - name: WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS + value: "{{.Values.edgex.features.mqttBrokerAddress}}" + - name: WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC + value: edgex-events + - name: WRITABLE_LOGLEVEL + value: INFO + {{- if (eq .Values.edgex.features.messagebusbackend "redis") }} - name: TRIGGER_EDGEXMESSAGEBUS_PUBLISHHOST_HOST value: {{.Values.edgex.app.redis}} - - name: TRIGGER_EDGEXMESSAGEBUS_SUBSCRIBEHOST_HOST + - name: WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS value: {{.Values.edgex.app.redis}} + {{- end}} + {{- if (eq .Values.edgex.features.messagebusbackend "nats") }} + - name: TRIGGER_EDGEXMESSAGEBUS_SUBSCRIBEHOST_HOST + value: "{{.Values.edgex.features.mqttBrokerAddress}}" + - name: WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC + value: edgex-events + {{- end}} securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/deployment/helm/templates/edgex-app-rfid-llrp-inventory/edgex-app-rfid-llrp-inventory-deployment.yaml b/deployment/helm/templates/edgex-app-rfid-llrp-inventory/edgex-app-rfid-llrp-inventory-deployment.yaml index ee725c0a..8dfa7d94 100644 --- a/deployment/helm/templates/edgex-app-rfid-llrp-inventory/edgex-app-rfid-llrp-inventory-deployment.yaml +++ b/deployment/helm/templates/edgex-app-rfid-llrp-inventory/edgex-app-rfid-llrp-inventory-deployment.yaml @@ -46,13 +46,17 @@ spec: envFrom: - configMapRef: name: edgex-common-variables + - configMapRef: + name: as-common-variables env: - name: SERVICE_HOST value: {{.Values.edgex.app.appservice.rfidllrpinventory}} + {{- if (eq .Values.edgex.features.messagebusbackend "redis") }} - name: TRIGGER_EDGEXMESSAGEBUS_PUBLISHHOST_HOST value: {{.Values.edgex.app.redis}} - name: TRIGGER_EDGEXMESSAGEBUS_SUBSCRIBEHOST_HOST value: {{.Values.edgex.app.redis}} + {{end}} securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/deployment/helm/templates/edgex-app-sample/edgex-app-sample-deployment.yaml b/deployment/helm/templates/edgex-app-sample/edgex-app-sample-deployment.yaml index b1fa80d4..a66d3dad 100644 --- a/deployment/helm/templates/edgex-app-sample/edgex-app-sample-deployment.yaml +++ b/deployment/helm/templates/edgex-app-sample/edgex-app-sample-deployment.yaml @@ -46,15 +46,19 @@ spec: envFrom: - configMapRef: name: edgex-common-variables + - configMapRef: + name: as-common-variables env: - name: EDGEX_PROFILE value: "sample" - name: SERVICE_HOST value: {{.Values.edgex.app.appservice.appsample}} + {{- if (eq .Values.edgex.features.messagebusbackend "redis") }} - name: TRIGGER_EDGEXMESSAGEBUS_PUBLISHHOST_HOST value: {{.Values.edgex.app.redis}} - name: TRIGGER_EDGEXMESSAGEBUS_SUBSCRIBEHOST_HOST value: {{.Values.edgex.app.redis}} + {{end}} securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/deployment/helm/templates/edgex-appservice-rules/edgex-app-rules-engine-deployment.yaml b/deployment/helm/templates/edgex-appservice-rules/edgex-app-rules-engine-deployment.yaml index 867d10b0..d356c550 100644 --- a/deployment/helm/templates/edgex-appservice-rules/edgex-app-rules-engine-deployment.yaml +++ b/deployment/helm/templates/edgex-appservice-rules/edgex-app-rules-engine-deployment.yaml @@ -51,10 +51,33 @@ spec: value: "rules-engine" - name: SERVICE_HOST value: {{.Values.edgex.app.appservice.rules}} + {{- if (eq .Values.edgex.features.messagebusbackend "redis") }} - name: TRIGGER_EDGEXMESSAGEBUS_PUBLISHHOST_HOST value: {{.Values.edgex.app.redis}} - name: TRIGGER_EDGEXMESSAGEBUS_SUBSCRIBEHOST_HOST value: {{.Values.edgex.app.redis}} + {{- end}} + {{- if (eq .Values.edgex.features.messagebusbackend "nats") }} + - name: TRIGGER_EDGEXMESSAGEBUS_OPTIONAL_AUTHMODE + value: none + - name: TRIGGER_EDGEXMESSAGEBUS_PUBLISHHOST_HOST + value: edgex-nats-server + - name: TRIGGER_EDGEXMESSAGEBUS_PUBLISHHOST_PORT + value: "4222" + - name: TRIGGER_EDGEXMESSAGEBUS_PUBLISHHOST_PROTOCOL + value: tcp + - name: TRIGGER_EDGEXMESSAGEBUS_PUBLISHHOST_PUBLISHTOPIC + value: edgex/rules-events + - name: TRIGGER_EDGEXMESSAGEBUS_SUBSCRIBEHOST_HOST + value: edgex-nats-server + - name: TRIGGER_EDGEXMESSAGEBUS_SUBSCRIBEHOST_PORT + value: "4222" + - name: TRIGGER_EDGEXMESSAGEBUS_SUBSCRIBEHOST_PROTOCOL + value: tcp + - name: TRIGGER_EDGEXMESSAGEBUS_TYPE + value: nats-jetstream + {{- end}} + securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/deployment/helm/templates/edgex-core-command/edgex-core-command-deployment.yaml b/deployment/helm/templates/edgex-core-command/edgex-core-command-deployment.yaml index f30e28d6..f8ebb120 100644 --- a/deployment/helm/templates/edgex-core-command/edgex-core-command-deployment.yaml +++ b/deployment/helm/templates/edgex-core-command/edgex-core-command-deployment.yaml @@ -47,6 +47,18 @@ spec: env: - name: SERVICE_HOST value: {{.Values.edgex.app.core.command}} + {{- if (eq .Values.edgex.features.messagebusbackend "nats") }} + - name: MESSAGEQUEUE_INTERNAL_AUTHMODE + value: none + - name: MESSAGEQUEUE_INTERNAL_HOST + value: edgex-nats-server + - name: MESSAGEQUEUE_INTERNAL_PORT + value: "4222" + - name: MESSAGEQUEUE_INTERNAL_PROTOCOL + value: tcp + - name: MESSAGEQUEUE_INTERNAL_TYPE + value: nats-jetstream + {{end}} envFrom: - configMapRef: name: edgex-common-variables diff --git a/deployment/helm/templates/edgex-core-data/edgex-core-data-deployment.yaml b/deployment/helm/templates/edgex-core-data/edgex-core-data-deployment.yaml index 08edf3ef..c5e85fb8 100644 --- a/deployment/helm/templates/edgex-core-data/edgex-core-data-deployment.yaml +++ b/deployment/helm/templates/edgex-core-data/edgex-core-data-deployment.yaml @@ -51,6 +51,20 @@ spec: - name: SECRETSTORE_TOKENFILE value: /tmp/edgex/secrets/core-data/secrets-token.json {{- end}} + {{- if (eq .Values.edgex.features.messagebusbackend "nats") }} + - name: MESSAGEQUEUE_AUTHMODE + value: none + - name: MESSAGEQUEUE_HOST + value: edgex-nats-server + - name: MESSAGEQUEUE_OPTIONAL_CLIENTID + value: core-data + - name: MESSAGEQUEUE_PORT + value: '4222' + - name: MESSAGEQUEUE_PROTOCOL + value: tcp + - name: MESSAGEQUEUE_TYPE + value: nats-jetstream + {{end}} envFrom: - configMapRef: name: edgex-common-variables diff --git a/deployment/helm/templates/edgex-device-bacnet/edgex-device-bacnet-deployment.yaml b/deployment/helm/templates/edgex-device-bacnet/edgex-device-bacnet-deployment.yaml index e84e9ac1..8a047b51 100644 --- a/deployment/helm/templates/edgex-device-bacnet/edgex-device-bacnet-deployment.yaml +++ b/deployment/helm/templates/edgex-device-bacnet/edgex-device-bacnet-deployment.yaml @@ -50,6 +50,8 @@ spec: envFrom: - configMapRef: name: edgex-common-variables + - configMapRef: + name: device-common-variables securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/deployment/helm/templates/edgex-device-gpio/edgex-device-gpio-deployment.yaml b/deployment/helm/templates/edgex-device-gpio/edgex-device-gpio-deployment.yaml index 40e23d6e..a041afb5 100644 --- a/deployment/helm/templates/edgex-device-gpio/edgex-device-gpio-deployment.yaml +++ b/deployment/helm/templates/edgex-device-gpio/edgex-device-gpio-deployment.yaml @@ -52,6 +52,8 @@ spec: envFrom: - configMapRef: name: edgex-common-variables + - configMapRef: + name: device-common-variables securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/deployment/helm/templates/edgex-device-modbus/edgex-device-modbus-deployment.yaml b/deployment/helm/templates/edgex-device-modbus/edgex-device-modbus-deployment.yaml index 1c420e01..ab7640f1 100644 --- a/deployment/helm/templates/edgex-device-modbus/edgex-device-modbus-deployment.yaml +++ b/deployment/helm/templates/edgex-device-modbus/edgex-device-modbus-deployment.yaml @@ -50,6 +50,8 @@ spec: envFrom: - configMapRef: name: edgex-common-variables + - configMapRef: + name: device-common-variables securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/deployment/helm/templates/edgex-device-mqtt/edgex-device-mqtt-deployment.yaml b/deployment/helm/templates/edgex-device-mqtt/edgex-device-mqtt-deployment.yaml index 25f9b1d8..1ceb65b1 100644 --- a/deployment/helm/templates/edgex-device-mqtt/edgex-device-mqtt-deployment.yaml +++ b/deployment/helm/templates/edgex-device-mqtt/edgex-device-mqtt-deployment.yaml @@ -52,6 +52,8 @@ spec: envFrom: - configMapRef: name: edgex-common-variables + - configMapRef: + name: device-common-variables securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/deployment/helm/templates/edgex-device-onvif-camera/edgex-device-onvif-camera-deployment.yaml b/deployment/helm/templates/edgex-device-onvif-camera/edgex-device-onvif-camera-deployment.yaml index 97c6f96b..77566a31 100644 --- a/deployment/helm/templates/edgex-device-onvif-camera/edgex-device-onvif-camera-deployment.yaml +++ b/deployment/helm/templates/edgex-device-onvif-camera/edgex-device-onvif-camera-deployment.yaml @@ -50,6 +50,8 @@ spec: envFrom: - configMapRef: name: edgex-common-variables + - configMapRef: + name: device-common-variables securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/deployment/helm/templates/edgex-device-rest/edgex-device-rest-deployment.yaml b/deployment/helm/templates/edgex-device-rest/edgex-device-rest-deployment.yaml index 4445c18e..2ffe7af3 100644 --- a/deployment/helm/templates/edgex-device-rest/edgex-device-rest-deployment.yaml +++ b/deployment/helm/templates/edgex-device-rest/edgex-device-rest-deployment.yaml @@ -50,6 +50,8 @@ spec: envFrom: - configMapRef: name: edgex-common-variables + - configMapRef: + name: device-common-variables securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/deployment/helm/templates/edgex-device-rfid-llrp/edgex-device-rfid-llrp-deployment.yaml b/deployment/helm/templates/edgex-device-rfid-llrp/edgex-device-rfid-llrp-deployment.yaml index bc20d503..5f1b11b1 100644 --- a/deployment/helm/templates/edgex-device-rfid-llrp/edgex-device-rfid-llrp-deployment.yaml +++ b/deployment/helm/templates/edgex-device-rfid-llrp/edgex-device-rfid-llrp-deployment.yaml @@ -50,6 +50,8 @@ spec: envFrom: - configMapRef: name: edgex-common-variables + - configMapRef: + name: device-common-variables securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/deployment/helm/templates/edgex-device-snmp/edgex-device-snmp-deployment.yaml b/deployment/helm/templates/edgex-device-snmp/edgex-device-snmp-deployment.yaml index a663e3cf..d3062f5e 100644 --- a/deployment/helm/templates/edgex-device-snmp/edgex-device-snmp-deployment.yaml +++ b/deployment/helm/templates/edgex-device-snmp/edgex-device-snmp-deployment.yaml @@ -50,6 +50,8 @@ spec: envFrom: - configMapRef: name: edgex-common-variables + - configMapRef: + name: device-common-variables securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/deployment/helm/templates/edgex-device-usb-camera/edgex-device-usb-camera-deployment.yaml b/deployment/helm/templates/edgex-device-usb-camera/edgex-device-usb-camera-deployment.yaml index 3d6e036c..c87d6045 100644 --- a/deployment/helm/templates/edgex-device-usb-camera/edgex-device-usb-camera-deployment.yaml +++ b/deployment/helm/templates/edgex-device-usb-camera/edgex-device-usb-camera-deployment.yaml @@ -50,6 +50,8 @@ spec: envFrom: - configMapRef: name: edgex-common-variables + - configMapRef: + name: device-common-variables securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/deployment/helm/templates/edgex-device-virtual/edgex-device-virtual-deployment.yaml b/deployment/helm/templates/edgex-device-virtual/edgex-device-virtual-deployment.yaml index d41455df..aa0bdd50 100644 --- a/deployment/helm/templates/edgex-device-virtual/edgex-device-virtual-deployment.yaml +++ b/deployment/helm/templates/edgex-device-virtual/edgex-device-virtual-deployment.yaml @@ -50,6 +50,8 @@ spec: envFrom: - configMapRef: name: edgex-common-variables + - configMapRef: + name: device-common-variables securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/deployment/helm/templates/edgex-ekuiper/edgex-ekuiper-deployment.yaml b/deployment/helm/templates/edgex-ekuiper/edgex-ekuiper-deployment.yaml index 57c8f776..c1c6f4fe 100644 --- a/deployment/helm/templates/edgex-ekuiper/edgex-ekuiper-deployment.yaml +++ b/deployment/helm/templates/edgex-ekuiper/edgex-ekuiper-deployment.yaml @@ -60,6 +60,7 @@ spec: value: "true" - name: KUIPER__BASIC__RESTPORT value: "{{.Values.edgex.port.ekuiper}}" + {{- if (eq .Values.edgex.features.messagebusbackend "redis") }} - name: EDGEX__DEFAULT__SERVER value: {{.Values.edgex.app.redis}} - name: EDGEX__DEFAULT__PROTOCOL @@ -68,6 +69,31 @@ spec: value: "{{.Values.edgex.port.redis}}" - name: EDGEX__DEFAULT__TOPIC value: "rules-events" + {{end}} + {{- if (eq .Values.edgex.features.messagebusbackend "nats") }} + - name: MESSAGEQUEUE_HOST + value: edgex-nats-server + - name: MESSAGEQUEUE_OPTIONAL_CLIENTID + value: kuiper-rules-engine + - name: MESSAGEQUEUE_PORT + value: '4222' + - name: MESSAGEQUEUE_PROTOCOL + value: tcp + - name: MESSAGEQUEUE_TYPE + value: nats-jetstream + - name: EDGEX__DEFAULT__OPTIONAL__CLIENTID + value: kuiper-rules-engine + - name: EDGEX__DEFAULT__PORT + value: '4222' + - name: EDGEX__DEFAULT__PROTOCOL + value: tcp + - name: EDGEX__DEFAULT__SERVER + value: edgex-nats-server + - name: EDGEX__DEFAULT__TOPIC + value: edgex/rules-events + - name: EDGEX__DEFAULT__TYPE + value: nats-jetstream + {{end}} securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: false diff --git a/deployment/helm/templates/edgex-metadata/edgex-core-metadata-deployment.yaml b/deployment/helm/templates/edgex-metadata/edgex-core-metadata-deployment.yaml index d89ce67e..aaf3e8b3 100644 --- a/deployment/helm/templates/edgex-metadata/edgex-core-metadata-deployment.yaml +++ b/deployment/helm/templates/edgex-metadata/edgex-core-metadata-deployment.yaml @@ -52,6 +52,20 @@ spec: value: {{.Values.edgex.app.core.metadata}} - name: NOTIFICATIONS_SENDER value: {{.Values.edgex.app.core.metadata}} + {{- if (eq .Values.edgex.features.messagebusbackend "nats") }} + - name: MESSAGEQUEUE_AUTHMODE + value: none + - name: MESSAGEQUEUE_HOST + value: edgex-nats-server + - name: MESSAGEQUEUE_OPTIONAL_CLIENTID + value: core-metadata + - name: MESSAGEQUEUE_PORT + value: '4222' + - name: MESSAGEQUEUE_PROTOCOL + value: tcp + - name: MESSAGEQUEUE_TYPE + value: nats-jetstream + {{end}} securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/deployment/helm/templates/edgex-mqtt-broker/edgex-mqtt-broker-deployment.yaml b/deployment/helm/templates/edgex-mqtt-broker/edgex-mqtt-broker-deployment.yaml index 841c53e4..a6ffffb9 100644 --- a/deployment/helm/templates/edgex-mqtt-broker/edgex-mqtt-broker-deployment.yaml +++ b/deployment/helm/templates/edgex-mqtt-broker/edgex-mqtt-broker-deployment.yaml @@ -46,7 +46,7 @@ spec: livenessProbe: tcpSocket: port: {{.Values.edgex.port.mqttbroker}} - {{- if .Values.edgex.resources.device.usbcamera.enforceLimits }} + {{- if .Values.edgex.resources.mqttbroker.enforceLimits }} resources: limits: memory: {{ .Values.edgex.resources.mqttbroker.limits.memory }} diff --git a/deployment/helm/templates/edgex-nats-server/edgex-nats-server-deployment.yaml b/deployment/helm/templates/edgex-nats-server/edgex-nats-server-deployment.yaml new file mode 100644 index 00000000..1781ded1 --- /dev/null +++ b/deployment/helm/templates/edgex-nats-server/edgex-nats-server-deployment.yaml @@ -0,0 +1,59 @@ +# Copyright (C) 2022 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + org.edgexfoundry.service: {{.Values.edgex.app.natsserver}} + name: {{.Values.edgex.app.natsserver}} +spec: + replicas: {{.Values.edgex.replicas.natsserver}} + selector: + matchLabels: + org.edgexfoundry.service: {{.Values.edgex.app.natsserver}} + strategy: + type: Recreate + template: + metadata: + labels: + org.edgexfoundry.service: {{.Values.edgex.app.natsserver}} + spec: + automountServiceAccountToken: false + containers: + - name: {{.Values.edgex.app.natsserver}} + image: {{.Values.edgex.image.natsserver.repository}}:{{.Values.edgex.image.natsserver.tag}} + imagePullPolicy: {{.Values.edgex.image.natsserver.pullPolicy}} + ports: + - containerPort: {{.Values.edgex.port.natsserver}} + {{- if not .Values.edgex.security.enabled }} + hostPort: {{.Values.edgex.port.natsserver}} + hostIP: {{.Values.edgex.hostPortInternalBind}} + {{- end}} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + tcpSocket: + port: {{.Values.edgex.port.natsserver}} + periodSeconds: 1 + failureThreshold: 120 + livenessProbe: + tcpSocket: + port: {{.Values.edgex.port.natsserver}} + {{- if .Values.edgex.resources.natsserver.enforceLimits }} + resources: + limits: + memory: {{ .Values.edgex.resources.natsserver.limits.memory }} + cpu: {{ .Values.edgex.resources.natsserver.limits.cpu }} + requests: + memory: {{ .Values.edgex.resources.natsserver.requests.memory }} + cpu: {{ .Values.edgex.resources.natsserver.requests.cpu }} + {{- end}} + hostname: {{.Values.edgex.app.natsserver}} + restartPolicy: Always + securityContext: + runAsNonRoot: true + runAsUser: {{ .Values.edgex.security.runAsUser }} + runAsGroup: {{ .Values.edgex.security.runAsGroup }} diff --git a/deployment/helm/templates/edgex-nats-server/edgex-nats-server-service.yaml b/deployment/helm/templates/edgex-nats-server/edgex-nats-server-service.yaml new file mode 100644 index 00000000..8c80fe94 --- /dev/null +++ b/deployment/helm/templates/edgex-nats-server/edgex-nats-server-service.yaml @@ -0,0 +1,18 @@ +# Copyright (C) 2022 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# +apiVersion: v1 +kind: Service +metadata: + labels: + org.edgexfoundry.service: {{.Values.edgex.app.natsserver}} + name: {{.Values.edgex.app.natsserver}} +spec: + ports: + - name: "{{.Values.edgex.port.natsserver}}" + port: {{.Values.edgex.port.natsserver}} + selector: + org.edgexfoundry.service: {{.Values.edgex.app.natsserver}} + type: {{.Values.expose.type}} + diff --git a/deployment/helm/templates/edgex-pv.yaml b/deployment/helm/templates/edgex-pv.yaml index fbf58fc1..18ca1570 100644 --- a/deployment/helm/templates/edgex-pv.yaml +++ b/deployment/helm/templates/edgex-pv.yaml @@ -252,4 +252,22 @@ spec: - {{.Values.edgex.storage.nonSharedVolumesAccessMode}} hostPath: path: "/mnt/edgex-app-rfid-llrp-inventory" -{{- end}} \ No newline at end of file +{{- end}} +--- +{{- if .Values.edgex.storage.useHostPath }} +apiVersion: v1 +kind: PersistentVolume +metadata: + name: edgex-nats-server +spec: + storageClassName: "" + claimRef: + name: nats-server + namespace: {{ .Release.Namespace }} + capacity: + storage: 128Mi + accessModes: + - {{.Values.edgex.storage.nonSharedVolumesAccessMode}} + hostPath: + path: "/tmp/nats" +{{- end}} diff --git a/deployment/helm/templates/edgex-pvc.yaml b/deployment/helm/templates/edgex-pvc.yaml index 16cf72e0..47fedba7 100644 --- a/deployment/helm/templates/edgex-pvc.yaml +++ b/deployment/helm/templates/edgex-pvc.yaml @@ -226,4 +226,20 @@ spec: resources: requests: storage: 128Mi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nats-server +spec: + {{- if (eq .Values.edgex.storage.useHostPath true)}} + storageClassName: "" + {{- else }} + storageClassName: "{{.Values.edgex.storage.nonSharedVolumesClassName}}" + {{- end }} + accessModes: + - {{.Values.edgex.storage.nonSharedVolumesAccessMode}} + resources: + requests: + storage: 128Mi {{- end }} diff --git a/deployment/helm/templates/edgex-security-secretstore-setup/edgex-security-secretstore-setup-deployment.yaml b/deployment/helm/templates/edgex-security-secretstore-setup/edgex-security-secretstore-setup-deployment.yaml index e66ec8d4..f2440734 100644 --- a/deployment/helm/templates/edgex-security-secretstore-setup/edgex-security-secretstore-setup-deployment.yaml +++ b/deployment/helm/templates/edgex-security-secretstore-setup/edgex-security-secretstore-setup-deployment.yaml @@ -47,6 +47,10 @@ spec: value: {{.Values.edgex.security.addServiceTokens}} - name: ADD_KNOWN_SECRETS value: {{.Values.edgex.security.addKnownSecrets}} + {{- if (eq .Values.edgex.features.messagebusbackend "redis") }} + - name: SECUREMESSAGEBUS_TYPE + value: redis + {{- end}} envFrom: - configMapRef: name: edgex-common-variables diff --git a/deployment/helm/templates/edgex-support-notifications/edgex-support-notifications-deployment.yaml b/deployment/helm/templates/edgex-support-notifications/edgex-support-notifications-deployment.yaml index a3155e8b..808b9b20 100644 --- a/deployment/helm/templates/edgex-support-notifications/edgex-support-notifications-deployment.yaml +++ b/deployment/helm/templates/edgex-support-notifications/edgex-support-notifications-deployment.yaml @@ -47,6 +47,20 @@ spec: env: - name: SERVICE_HOST value: {{.Values.edgex.app.support.notifications}} + {{- if (eq .Values.edgex.features.messagebusbackend "nats") }} + - name: MESSAGEQUEUE_AUTHMODE + value: none + - name: MESSAGEQUEUE_HOST + value: edgex-nats-server + - name: MESSAGEQUEUE_OPTIONAL_CLIENTID + value: support-notifications + - name: MESSAGEQUEUE_PORT + value: '4222' + - name: MESSAGEQUEUE_PROTOCOL + value: tcp + - name: MESSAGEQUEUE_TYPE + value: nats-jetstream + {{end}} envFrom: - configMapRef: name: edgex-common-variables diff --git a/deployment/helm/templates/edgex-support-scheduler/edgex-support-scheduler-deployment.yaml b/deployment/helm/templates/edgex-support-scheduler/edgex-support-scheduler-deployment.yaml index 1a7c5b63..e2c85577 100644 --- a/deployment/helm/templates/edgex-support-scheduler/edgex-support-scheduler-deployment.yaml +++ b/deployment/helm/templates/edgex-support-scheduler/edgex-support-scheduler-deployment.yaml @@ -54,6 +54,20 @@ spec: value: {{.Values.edgex.app.core.data}} - name: INTERVALACTIONS_SCRUBAGED_HOST value: {{.Values.edgex.app.core.data}} + {{- if (eq .Values.edgex.features.messagebusbackend "nats") }} + - name: MESSAGEQUEUE_AUTHMODE + value: none + - name: MESSAGEQUEUE_HOST + value: edgex-nats-server + - name: MESSAGEQUEUE_OPTIONAL_CLIENTID + value: support-scheduler + - name: MESSAGEQUEUE_PORT + value: '4222' + - name: MESSAGEQUEUE_PROTOCOL + value: tcp + - name: MESSAGEQUEUE_TYPE + value: nats-jetstream + {{end}} securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/deployment/helm/values.yaml b/deployment/helm/values.yaml index 8dc33711..7ad21ab5 100644 --- a/deployment/helm/values.yaml +++ b/deployment/helm/values.yaml @@ -30,6 +30,7 @@ edgex: appsample: edgex-app-sample metricsinfluxdb: edgex-app-metrics-influxdb rfidllrpinventory: edgex-app-rfid-llrp-inventory + externalmqtttrigger: edgex-app-external-mqtt-trigger device: virtual: edgex-device-virtual rest: edgex-device-rest @@ -51,6 +52,7 @@ edgex: secretstoresetup: edgex-security-secretstore-setup modbussimulator: edgex-modbus-simulator mqttbroker: edgex-mqtt-broker + natsserver: edgex-nats-server # image defines configuration properties for docker-image-level concerns image: @@ -98,8 +100,12 @@ edgex: tag: "2.3.0" pullPolicy: IfNotPresent httpexport: - repository: nexus3.edgexfoundry.org:10004/app-service-configurable - tag: "latest" + repository: edgexfoundry/app-service-configurable + tag: "2.3.0" + pullPolicy: IfNotPresent + externalmqtttrigger: + repository: edgexfoundry/app-service-configurable + tag: "2.3.0" pullPolicy: IfNotPresent device: virtual: @@ -182,6 +188,10 @@ edgex: repository: eclipse-mosquitto tag: "2.0" pullPolicy: IfNotPresent + natsserver: + repository: nats + tag: "2.9.3-alpine" + pullPolicy: IfNotPresent # port defines configuration properties for container, target and host ports port: core: @@ -198,6 +208,7 @@ edgex: appsample: 59700 metricsinfluxdb: 59707 rfidllrpinventory: 59711 + externalmqtttrigger: 59706 device: virtual: 59900 rest: 59986 @@ -216,6 +227,7 @@ edgex: ekuiper: 59720 modbussimulator: 1502 mqttbroker: 1883 + natsserver: 4222 # ports used by security bootstrapping for stage gating edgex init bootstrap: @@ -247,6 +259,7 @@ edgex: appsample: 0 metricsinfluxdb: 0 rfidllrpinventory: 0 + externalmqtttrigger: 0 device: virtual: 1 rest: 1 @@ -265,6 +278,7 @@ edgex: ekuiper: 1 modbussimulator: 0 mqttbroker: 0 + natsserver: 0 # UID/GID for container user security: @@ -369,6 +383,14 @@ edgex: requests: cpu: 0.5 memory: 256Mi + externalmqtttrigger: + enforceLimits: false + limits: + cpu: 1 + memory: 512Mi + requests: + cpu: 0.5 + memory: 256Mi device: virtual: enforceLimits: false @@ -530,6 +552,14 @@ edgex: requests: cpu: 0.5 memory: 256Mi + natsserver: + enforceLimits: false + limits: + cpu: 1 + memory: 512Mi + requests: + cpu: 0.5 + memory: 256Mi storage: useHostPath: true @@ -541,3 +571,11 @@ edgex: sharedVolumesClassName: "rook-cephfs" # If this value is set to "ReadWriteOnce" it will trigger pod affinity rules. sharedVolumesAccessMode: "ReadWriteMany" + + features: + # Available messagebus options: redis|mqtt|nats + messagebusbackend: redis + # MQTT broker address + mqttBrokerAddress: "" + # Writable pipeline functions HTTP export parameter URL + httpExportURL: ""