From 865e353bdd986646eac73faa6b3bae6bd1c9c4e7 Mon Sep 17 00:00:00 2001 From: "Seonghyun, Oh" Date: Thu, 14 Jan 2021 11:50:37 +0900 Subject: [PATCH 1/4] Add jmx options --- helm/openwhisk/templates/_helpers.tpl | 2 -- helm/openwhisk/templates/controller-pod.yaml | 19 +++++++++++-- helm/openwhisk/templates/invoker-pod.yaml | 18 +++++++++++-- .../templates/jmx-remote-secret.yaml | 27 +++++++++++++++++++ helm/openwhisk/values.yaml | 9 +++++++ 5 files changed, 69 insertions(+), 6 deletions(-) create mode 100644 helm/openwhisk/templates/jmx-remote-secret.yaml diff --git a/helm/openwhisk/templates/_helpers.tpl b/helm/openwhisk/templates/_helpers.tpl index f57c5781..930c71c6 100644 --- a/helm/openwhisk/templates/_helpers.tpl +++ b/helm/openwhisk/templates/_helpers.tpl @@ -292,7 +292,6 @@ imagePullSecrets: {{/* Environment variables required for invoker volumes configuration */}} {{- define "openwhisk.invoker.volumes" -}} {{- if eq .Values.invoker.containerFactory.impl "docker" }} - volumes: {{ include "openwhisk.docker_volumes" . | indent 6 }} - name: scripts-dir configMap: @@ -303,7 +302,6 @@ imagePullSecrets: {{/* Environment variables required for invoker volumes configuration */}} {{- define "openwhisk.invoker.volume_mounts" -}} {{- if (eq .Values.invoker.containerFactory.impl "docker") }} - volumeMounts: {{ include "openwhisk.docker_volume_mounts" . | indent 8 }} {{- if .Values.invoker.containerFactory.networkConfig.dns.inheritInvokerConfig }} - name: scripts-dir diff --git a/helm/openwhisk/templates/controller-pod.yaml b/helm/openwhisk/templates/controller-pod.yaml index 28a97565..7e5d4aff 100644 --- a/helm/openwhisk/templates/controller-pod.yaml +++ b/helm/openwhisk/templates/controller-pod.yaml @@ -63,9 +63,13 @@ spec: {{- end }} {{ include "openwhisk.readiness.waitForCouchDB" . | indent 6 }} {{- if eq .Values.activationStoreBackend "ElasticSearch" }} - # The controller must wait for elasticsearch to be ready before it starts +# The controller must wait for elasticsearch to be ready before it starts {{ include "openwhisk.readiness.waitForElasticSearch" . | indent 6 }} {{- end }} + volumes: + - name: jmxremote-secret + secret: + secretName: {{ .Release.Name }}-jmxremote-secret # The lean controller requires invoker volumes mounts {{- if .Values.controller.lean }} {{ include "openwhisk.invoker.volumes" . }} @@ -84,10 +88,21 @@ spec: ports: - name: controller containerPort: {{ .Values.controller.port }} + - name: jmx + jmxPort: {{ .Values.jmx.port }} + - name: jmx-rmi + jmxPort: {{ .Values.jmx.rmiPort }} - name: akka-remoting containerPort: 2552 - name: akka-mgmt-http containerPort: 19999 + volumeMounts: + - name: jmxremote-secret + mountPath: "/conf/jmxremote.access" + subPath: "jmxremote.access" + - name: jmxremote-secret + mountPath: "/conf/jmxremote.password" + subPath: "jmxremote.password" {{- if .Values.controller.lean }} {{ include "openwhisk.invoker.volume_mounts" . }} {{- end }} @@ -127,7 +142,7 @@ spec: # Java options - name: "JAVA_OPTS" - value: "-Xmx{{- .Values.controller.jvmHeapMB -}}M {{ .Values.controller.jvmOptions }}" + value: "-Xmx{{- .Values.controller.jvmHeapMB -}}M {{ .Values.controller.jvmOptions }} {{ if .Values.jmx.enabled }} {{ .Values.jmx.jvmCommonArgs }} -Dcom.sun.management.jmxremote.rmi.port={{ .Values.jmx.rmiPort }} -Dcom.sun.management.jmxremote.port={{ .Values.jmx.port }} {{ end }}" # specific controller arguments - name: "CONTROLLER_OPTS" diff --git a/helm/openwhisk/templates/invoker-pod.yaml b/helm/openwhisk/templates/invoker-pod.yaml index dbb80289..9df79d84 100644 --- a/helm/openwhisk/templates/invoker-pod.yaml +++ b/helm/openwhisk/templates/invoker-pod.yaml @@ -68,7 +68,10 @@ spec: tolerations: {{ include "openwhisk.toleration.invoker" . | indent 8 }} {{- end }} - + volumes: + - name: jmxremote-secret + secret: + secretName: {{ .Release.Name }}-jmxremote-secret {{ include "openwhisk.invoker.volumes" . }} initContainers: @@ -138,7 +141,7 @@ spec: # Java options - name: "JAVA_OPTS" - value: "-Xmx{{- .Values.invoker.jvmHeapMB -}}M {{ .Values.invoker.jvmOptions }}" + value: "-Xmx{{- .Values.invoker.jvmHeapMB -}}M {{ .Values.invoker.jvmOptions }} {{ if .Values.jmx.enabled }} {{ .Values.jmx.jvmCommonArgs }} -Dcom.sun.management.jmxremote.rmi.port={{ .Values.jmx.rmiPort }} -Dcom.sun.management.jmxremote.port={{ .Values.jmx.port }} {{ end }}" # Invoker options - name: "INVOKER_OPTS" @@ -214,5 +217,16 @@ spec: ports: - name: invoker containerPort: {{ .Values.invoker.port }} + - name: jmx + jmxPort: {{ .Values.jmx.port }} + - name: jmx-rmi + jmxPort: {{ .Values.jmx.rmiPort }} + volumeMounts: + - name: jmxremote-secret + mountPath: "/conf/jmxremote.access" + subPath: "jmxremote.access" + - name: jmxremote-secret + mountPath: "/conf/jmxremote.password" + subPath: "jmxremote.password" {{ include "openwhisk.invoker.volume_mounts" . }} {{- end }} diff --git a/helm/openwhisk/templates/jmx-remote-secret.yaml b/helm/openwhisk/templates/jmx-remote-secret.yaml new file mode 100644 index 00000000..7eea8b5f --- /dev/null +++ b/helm/openwhisk/templates/jmx-remote-secret.yaml @@ -0,0 +1,27 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-jmxremote-secret + labels: +{{ include "openwhisk.label_boilerplate" . | indent 4 }} +type: Opaque +data: + jmxremote.access: {{ (printf "%s %s" .Values.jmx.user "readwrite") | b64enc }} + jmxremote.password: {{ (printf "%s %s" .Values.jmx.user .Values.jmx.pass) | b64enc }} diff --git a/helm/openwhisk/values.yaml b/helm/openwhisk/values.yaml index f89b8a02..ecd6f56d 100644 --- a/helm/openwhisk/values.yaml +++ b/helm/openwhisk/values.yaml @@ -289,6 +289,15 @@ invoker: isolateUserActions: true replicaCount: 1 +# JMX configurations +jmx: + enabled: false + port: 15000 + rmiPort: 16000 + user: "jmxuser" + pass: "jmxpass" + jvmCommonArgs: "-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=/home/owuser/jmxremote.password -Dcom.sun.management.jmxremote.access.file=/home/owuser/jmxremote.access" + # API Gateway configurations apigw: imageName: "openwhisk/apigateway" From d192909d87261a56d7ecb7a77ca17c08cb144b51 Mon Sep 17 00:00:00 2001 From: "Seonghyun, Oh" Date: Thu, 14 Jan 2021 12:04:06 +0900 Subject: [PATCH 2/4] Refactor indent --- helm/openwhisk/templates/_helpers.tpl | 16 ++++++++-------- helm/openwhisk/templates/controller-pod.yaml | 4 ++-- helm/openwhisk/templates/invoker-pod.yaml | 4 ++-- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/helm/openwhisk/templates/_helpers.tpl b/helm/openwhisk/templates/_helpers.tpl index 930c71c6..7fd61e70 100644 --- a/helm/openwhisk/templates/_helpers.tpl +++ b/helm/openwhisk/templates/_helpers.tpl @@ -292,21 +292,21 @@ imagePullSecrets: {{/* Environment variables required for invoker volumes configuration */}} {{- define "openwhisk.invoker.volumes" -}} {{- if eq .Values.invoker.containerFactory.impl "docker" }} -{{ include "openwhisk.docker_volumes" . | indent 6 }} - - name: scripts-dir - configMap: - name: {{ .Release.Name }}-invoker-scripts +{{ include "openwhisk.docker_volumes" . }} +- name: scripts-dir + configMap: + name: {{ .Release.Name }}-invoker-scripts {{- end }} {{- end }} {{/* Environment variables required for invoker volumes configuration */}} {{- define "openwhisk.invoker.volume_mounts" -}} {{- if (eq .Values.invoker.containerFactory.impl "docker") }} -{{ include "openwhisk.docker_volume_mounts" . | indent 8 }} +{{ include "openwhisk.docker_volume_mounts" . }} {{- if .Values.invoker.containerFactory.networkConfig.dns.inheritInvokerConfig }} - - name: scripts-dir - mountPath: "/invoker-scripts/configureDNS.sh" - subPath: "configureDNS.sh" +- name: scripts-dir + mountPath: "/invoker-scripts/configureDNS.sh" + subPath: "configureDNS.sh" {{- end }} {{- end }} {{- end }} diff --git a/helm/openwhisk/templates/controller-pod.yaml b/helm/openwhisk/templates/controller-pod.yaml index 7e5d4aff..61bc415d 100644 --- a/helm/openwhisk/templates/controller-pod.yaml +++ b/helm/openwhisk/templates/controller-pod.yaml @@ -72,7 +72,7 @@ spec: secretName: {{ .Release.Name }}-jmxremote-secret # The lean controller requires invoker volumes mounts {{- if .Values.controller.lean }} -{{ include "openwhisk.invoker.volumes" . }} +{{ include "openwhisk.invoker.volumes" . | indent 6 }} {{- end }} {{ include "openwhisk.docker.imagePullSecrets" . | indent 6 }} @@ -104,7 +104,7 @@ spec: mountPath: "/conf/jmxremote.password" subPath: "jmxremote.password" {{- if .Values.controller.lean }} -{{ include "openwhisk.invoker.volume_mounts" . }} +{{ include "openwhisk.invoker.volume_mounts" . | indent 8 }} {{- end }} livenessProbe: httpGet: diff --git a/helm/openwhisk/templates/invoker-pod.yaml b/helm/openwhisk/templates/invoker-pod.yaml index 9df79d84..9b098569 100644 --- a/helm/openwhisk/templates/invoker-pod.yaml +++ b/helm/openwhisk/templates/invoker-pod.yaml @@ -72,7 +72,7 @@ spec: - name: jmxremote-secret secret: secretName: {{ .Release.Name }}-jmxremote-secret -{{ include "openwhisk.invoker.volumes" . }} +{{ include "openwhisk.invoker.volumes" . | indent 6 }} initContainers: {{- if eq .Values.invoker.containerFactory.impl "docker" }} @@ -228,5 +228,5 @@ spec: - name: jmxremote-secret mountPath: "/conf/jmxremote.password" subPath: "jmxremote.password" -{{ include "openwhisk.invoker.volume_mounts" . }} +{{ include "openwhisk.invoker.volume_mounts" . | indent 8 }} {{- end }} From ba1c3024437e642c6027d2903a1e69a6635fbf8e Mon Sep 17 00:00:00 2001 From: "Seonghyun, Oh" Date: Thu, 14 Jan 2021 12:20:57 +0900 Subject: [PATCH 3/4] Remove space --- helm/openwhisk/templates/controller-pod.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/openwhisk/templates/controller-pod.yaml b/helm/openwhisk/templates/controller-pod.yaml index 61bc415d..6a6d9a24 100644 --- a/helm/openwhisk/templates/controller-pod.yaml +++ b/helm/openwhisk/templates/controller-pod.yaml @@ -104,7 +104,7 @@ spec: mountPath: "/conf/jmxremote.password" subPath: "jmxremote.password" {{- if .Values.controller.lean }} -{{ include "openwhisk.invoker.volume_mounts" . | indent 8 }} +{{ include "openwhisk.invoker.volume_mounts" . | indent 8 }} {{- end }} livenessProbe: httpGet: From cc4a38487598c5e5c89d7c01c92302f1656a4295 Mon Sep 17 00:00:00 2001 From: "Seonghyun, Oh" Date: Thu, 14 Jan 2021 12:22:47 +0900 Subject: [PATCH 4/4] Reformat yaml --- helm/openwhisk/templates/controller-pod.yaml | 2 +- helm/openwhisk/templates/invoker-pod.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/openwhisk/templates/controller-pod.yaml b/helm/openwhisk/templates/controller-pod.yaml index 6a6d9a24..44550a7d 100644 --- a/helm/openwhisk/templates/controller-pod.yaml +++ b/helm/openwhisk/templates/controller-pod.yaml @@ -63,7 +63,7 @@ spec: {{- end }} {{ include "openwhisk.readiness.waitForCouchDB" . | indent 6 }} {{- if eq .Values.activationStoreBackend "ElasticSearch" }} -# The controller must wait for elasticsearch to be ready before it starts + # The controller must wait for elasticsearch to be ready before it starts {{ include "openwhisk.readiness.waitForElasticSearch" . | indent 6 }} {{- end }} volumes: diff --git a/helm/openwhisk/templates/invoker-pod.yaml b/helm/openwhisk/templates/invoker-pod.yaml index 9b098569..84704414 100644 --- a/helm/openwhisk/templates/invoker-pod.yaml +++ b/helm/openwhisk/templates/invoker-pod.yaml @@ -72,7 +72,7 @@ spec: - name: jmxremote-secret secret: secretName: {{ .Release.Name }}-jmxremote-secret -{{ include "openwhisk.invoker.volumes" . | indent 6 }} +{{ include "openwhisk.invoker.volumes" . | indent 6 }} initContainers: {{- if eq .Values.invoker.containerFactory.impl "docker" }}