diff options
| author |   Andreas Geissler <andreas-geissler@telekom.de> | 2024-07-17 13:24:38 +0200 |
|---|---|---|
| committer | Andreas Geissler <andreas-geissler@telekom.de> | 2024-07-17 17:18:49 +0200 |
| commit | b2c57e00121e912eaff312ffbf19168f4d3617d2 (patch) | |
| tree | 67d97a00e7f78145e8ebbcde33993dd456a2c39c | |
| parent | 004ebce85d8214df87689db574efd7f16c87524d (diff) | |
[COMMON] Update various common charts
- add kyverno policy fixes for cassandra Operator template
- add new mongodb-init chart
- new parameter in global values to support "NativeSidecar"
which disables the deployment of the sidecar killer in jobs
- update of "killSideCar" function to use the new option
Issue-ID: OOM-3288
Issue-ID: OOM-3296
Change-Id: If7cafd10a14e9bc6b7843c0c2a62691c4e94ca71
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
| -rw-r--r-- | kubernetes/common/common/Chart.yaml | 3 | ||||
| -rw-r--r-- | kubernetes/common/common/templates/_cassOp.tpl | 63 | ||||
| -rw-r--r-- | kubernetes/common/common/templates/_serviceMesh.tpl | 17 | ||||
| -rw-r--r-- | kubernetes/common/mariadb-init/Chart.yaml | 3 | ||||
| -rw-r--r-- | kubernetes/common/mongodb-init/.helmignore | 32 | ||||
| -rw-r--r-- | kubernetes/common/mongodb-init/Chart.yaml | 32 | ||||
| -rw-r--r-- | kubernetes/common/mongodb-init/README.md | 16 | ||||
| -rw-r--r-- | kubernetes/common/mongodb-init/resources/config/setup.sql | 11 | ||||
| -rw-r--r-- | kubernetes/common/mongodb-init/templates/configmap.yaml | 29 | ||||
| -rw-r--r-- | kubernetes/common/mongodb-init/templates/job.yaml | 129 | ||||
| -rw-r--r-- | kubernetes/common/mongodb-init/templates/secrets.yaml | 15 | ||||
| -rw-r--r-- | kubernetes/common/mongodb-init/values.yaml | 108 | ||||
| -rw-r--r-- | kubernetes/common/postgres-init/Chart.yaml | 2 | ||||
| -rw-r--r-- | kubernetes/common/repositoryGenerator/templates/_repository.tpl | 5 | ||||
| -rw-r--r-- | kubernetes/common/repositoryGenerator/values.yaml | 2 | ||||
| -rwxr-xr-x | kubernetes/onap/values.yaml | 7 |
16 files changed, 468 insertions, 6 deletions
diff --git a/kubernetes/common/common/Chart.yaml b/kubernetes/common/common/Chart.yaml index 787930a473..10894bd006 100644 --- a/kubernetes/common/common/Chart.yaml +++ b/kubernetes/common/common/Chart.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2021 Orange +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,4 +17,4 @@ apiVersion: v2 description: Common templates for inclusion in other charts name: common -version: 13.2.1 +version: 13.2.3 diff --git a/kubernetes/common/common/templates/_cassOp.tpl b/kubernetes/common/common/templates/_cassOp.tpl index bdcf5caa02..588af1aa1a 100644 --- a/kubernetes/common/common/templates/_cassOp.tpl +++ b/kubernetes/common/common/templates/_cassOp.tpl @@ -1,5 +1,5 @@ {{/* -# Copyright © 2022 Deutsche Telekom AG +# Copyright © 2022-2024 Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -45,6 +45,29 @@ spec: endpoint: address: 0.0.0.0 {{- end }} + podSecurityContext: + fsGroup: 1001 + runAsGroup: 1001 + runAsUser: 1001 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + initContainerSecurityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + privileged: false + capabilities: + drop: + - ALL + - CAP_NET_RAW + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + privileged: false + capabilities: + drop: + - ALL + - CAP_NET_RAW {{- end }} {{ if .Values.k8ssandraOperator.stargate.enabled -}} stargate: @@ -111,6 +134,44 @@ spec: name: {{ $datacenter.name }} size: {{ $datacenter.size }} {{- end }} + initContainers: + - name: server-config-init-base + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + privileged: false + capabilities: + drop: + - ALL + - CAP_NET_RAW + - name: server-config-init + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + privileged: false + capabilities: + drop: + - ALL + - CAP_NET_RAW + containers: + - name: cassandra + securityContext: + allowPrivilegeEscalation: false + #readOnlyRootFilesystem: true + privileged: false + capabilities: + drop: + - ALL + - CAP_NET_RAW + - name: server-system-logger + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + privileged: false + capabilities: + drop: + - ALL + - CAP_NET_RAW podSecurityContext: fsGroup: 999 runAsGroup: 999 diff --git a/kubernetes/common/common/templates/_serviceMesh.tpl b/kubernetes/common/common/templates/_serviceMesh.tpl index 6e460d9267..505d80560d 100644 --- a/kubernetes/common/common/templates/_serviceMesh.tpl +++ b/kubernetes/common/common/templates/_serviceMesh.tpl @@ -27,10 +27,23 @@ true {{- end -}} {{/* + Calculate if we require a sidecar killer. +*/}} +{{- define "common.requireSidecarKiller" -}} +{{- if (include "common.onServiceMesh" .) }} +{{- if eq .Values.global.serviceMesh.engine "istio" }} +{{- if not (default false .Values.global.serviceMesh.nativeSidecars) -}} +true +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* Kills the sidecar proxy associated with a pod. */}} {{- define "common.serviceMesh.killSidecar" -}} -{{- if (include "common.onServiceMesh" .) }} +{{- if (include "common.requireSidecarKiller" .) }} RCODE="$?"; echo "*** script finished with exit code $RCODE" ; echo "*** killing service mesh sidecar" ; @@ -47,7 +60,7 @@ exit "$RCODE" {{- define "common.waitForJobContainer" -}} {{- $dot := default . .dot -}} {{- $wait_for_job_container := default $dot.Values.wait_for_job_container .wait_for_job_container -}} -{{- if (include "common.onServiceMesh" .) }} +{{- if (include "common.requireSidecarKiller" .) }} - name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $wait_for_job_container.name) (empty $wait_for_job_container.name) }}-service-mesh-wait-for-job-container image: {{ include "repositoryGenerator.image.quitQuit" $dot }} imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} diff --git a/kubernetes/common/mariadb-init/Chart.yaml b/kubernetes/common/mariadb-init/Chart.yaml index 6414785154..0ac3750bb1 100644 --- a/kubernetes/common/mariadb-init/Chart.yaml +++ b/kubernetes/common/mariadb-init/Chart.yaml @@ -1,6 +1,7 @@ # Copyright © 2018 Amdocs, Bell Canada # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,7 +18,7 @@ apiVersion: v2 description: Chart for MariaDB Galera init job name: mariadb-init -version: 13.0.1 +version: 13.0.2 dependencies: - name: common diff --git a/kubernetes/common/mongodb-init/.helmignore b/kubernetes/common/mongodb-init/.helmignore new file mode 100644 index 0000000000..0bab41b6b1 --- /dev/null +++ b/kubernetes/common/mongodb-init/.helmignore @@ -0,0 +1,32 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# Project/CI/CD related items +.gitlab +.gitlab-ci.yml +.dockerignore +# Helm build files +.helmignore +.cache/ +.config/ +.local/ +# OOM specific dirs +components/ diff --git a/kubernetes/common/mongodb-init/Chart.yaml b/kubernetes/common/mongodb-init/Chart.yaml new file mode 100644 index 0000000000..0cdeecf84b --- /dev/null +++ b/kubernetes/common/mongodb-init/Chart.yaml @@ -0,0 +1,32 @@ +# Copyright © 2024 Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v2 +description: Chart for MongoDB init job +name: mongodb-init +version: 13.0.2 + +dependencies: + - name: common + version: ~13.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~13.x-0 + repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local' + - name: serviceAccount + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/common/mongodb-init/README.md b/kubernetes/common/mongodb-init/README.md new file mode 100644 index 0000000000..aa6c735744 --- /dev/null +++ b/kubernetes/common/mongodb-init/README.md @@ -0,0 +1,16 @@ +# mongodb-init + +## Introduction + +Initialization scripts for mongo database. + +- not part of ONAP OOM yet + +## Requirements + +mongodb-init needs the following ONAP projects to work: + +- common/common +- common/repositoryGenerator +- common/serviceAccount +- common/readinessCheck diff --git a/kubernetes/common/mongodb-init/resources/config/setup.sql b/kubernetes/common/mongodb-init/resources/config/setup.sql new file mode 100644 index 0000000000..452ee187df --- /dev/null +++ b/kubernetes/common/mongodb-init/resources/config/setup.sql @@ -0,0 +1,11 @@ +// Database Setup +use ${MONGO_DATABASE} + +// UserCreation Setup +db.createUser( + { + user: "${MONGODB_USER}", + pwd: "${MONGODB_PASSWORD}", + roles: [ { role: "readWrite", db: "${MONGO_DATABASE}" } ] + } +) diff --git a/kubernetes/common/mongodb-init/templates/configmap.yaml b/kubernetes/common/mongodb-init/templates/configmap.yaml new file mode 100644 index 0000000000..bde790f205 --- /dev/null +++ b/kubernetes/common/mongodb-init/templates/configmap.yaml @@ -0,0 +1,29 @@ +{{/* +# Copyright © 2024 Deutsche Telekom +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/mongodb-init/templates/job.yaml b/kubernetes/common/mongodb-init/templates/job.yaml new file mode 100644 index 0000000000..5e232e26d3 --- /dev/null +++ b/kubernetes/common/mongodb-init/templates/job.yaml @@ -0,0 +1,129 @@ +{{/* +# Copyright © 2024 Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-config-job + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + backoffLimit: 20 + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} + initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }} + - name: {{ include "common.name" . }}-update-config + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} + command: + - sh + args: + - -c + - | + function prepare_password { + echo -n $1 | sed -e "s/'/''/g" + } + export MONGODB_PASSWORD=`prepare_password $MONGODB_PASSWORD_INPUT`; + export MONGODB_ROOT_PASSWORD=`prepare_password $MONGODB_ROOT_PASSWORD_INPUT`; + export MONGODB_USER=`prepare_password $MONGODB_USER_INPUT`; + export MONGODB_ROOT_USER=`prepare_password $MONGODB_ROOT_USER_INPUT`; + {{- if include "common.onServiceMesh" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s; + {{- end }} + cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done; + env: + - name: MONGODB_HOST + value: "{{ .Values.global.mongodb.service.name }}" + - name: MONGODB_USER_INPUT + #value: "{{ .Values.config.mgUserName }}" + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mgDatabase "key" "login") | indent 10 }} + - name: MONGODB_PASSWORD_INPUT + #value: "{{ .Values.config.mgUserPassword }}" + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mgDatabase "key" "password") | indent 10 }} + - name: MONGO_DATABASE + value: "{{ .Values.config.mgDatabase }}" + - name: MONGODB_ROOT_USER_INPUT + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mongodb.secret.rootPassUID" .) "key" .Values.config.mgRootUserKey) | indent 10 }} + - name: MONGODB_ROOT_PASSWORD_INPUT + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mongodb.secret.rootPassUID" .) "key" .Values.config.mgRootPasswordKey) | indent 10 }} + volumeMounts: + - mountPath: /config-input/setup.sql + name: config + subPath: setup.sql + - mountPath: /config + name: mgconf + containers: + - name: {{ include "common.name" . }}-setup-db + image: {{ include "repositoryGenerator.image.mongodbImage" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} + command: + - sh + args: + - -c + - | + function prepare_password { + echo -n $1 | sed -e "s/'/''/g" + } + export MONGODB_ROOT_USER=`prepare_password $MONGODB_ROOT_USER_INPUT`; + export MONGODB_ROOT_PASSWORD=`prepare_password $MONGODB_ROOT_PASSWORD_INPUT`; + mongosh "mongodb://${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$MONGODB_HOST" < /config/setup.sql + env: + - name: MONGODB_HOST + value: "{{ .Values.global.mongodb.service.name }}" + - name: MONGODB_ROOT_USER_INPUT + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mongodb.secret.rootPassUID" .) "key" "MONGODB_DATABASE_ADMIN_USER") | indent 10 }} + - name: MONGODB_ROOT_PASSWORD_INPUT + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mongodb.secret.rootPassUID" .) "key" "MONGODB_DATABASE_ADMIN_PASSWORD") | indent 10 }} + volumeMounts: + - mountPath: /config-input/setup.sql + name: config + subPath: setup.sql + - mountPath: /config + name: mgconf + resources: {{ include "common.resources" . | nindent 10 }} + {{ include "common.waitForJobContainer" . | indent 6 | trim }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: + - name: config + configMap: + name: {{ include "common.fullname" . }} + - name: mgconf + emptyDir: + medium: Memory + sizeLimit: 64Mi + restartPolicy: Never + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/mongodb-init/templates/secrets.yaml b/kubernetes/common/mongodb-init/templates/secrets.yaml new file mode 100644 index 0000000000..577d9d581e --- /dev/null +++ b/kubernetes/common/mongodb-init/templates/secrets.yaml @@ -0,0 +1,15 @@ +{{/* +# ## Copyright © 2024 Deutsche Telekom +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/mongodb-init/values.yaml b/kubernetes/common/mongodb-init/values.yaml new file mode 100644 index 0000000000..478fab5cdd --- /dev/null +++ b/kubernetes/common/mongodb-init/values.yaml @@ -0,0 +1,108 @@ +# Copyright © 2024 Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + mongodb: + service: + name: mgset + container: + name: mongodb + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: '{{ include "common.mongodb.secret.rootPassUID" . }}' + type: password + externalSecret: '{{ tpl (default "" .Values.config.mgExternalSecret) . }}' + password: '{{ .Values.config.mgRootPasswordKey }}' + - uid: '{{ .Values.config.mgDatabase }}' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.mgUserExternalSecret) . }}' + login: '{{ .Values.config.mgUserName }}' + password: '{{ .Values.config.mgUserPassword }}' + +################################################################# +# Application configuration defaults. +################################################################# + +pullPolicy: Always + +# application configuration +config: + mgUserName: testuser + mgUserPassword: testuser123 + mgDatabase: testdb + mgDataPath: data + #mgRootPasswordExternalSecret: '{{ include "common.namespace" . }}-mongodb-db-root-password' + mgExternalSecret: '{{ include "common.name" . }}-mongo-secrets' + mgRootUserKey: MONGODB_DATABASE_ADMIN_USER + mgRootPasswordKey: MONGODB_DATABASE_ADMIN_PASSWORD + mgUserExternalSecret: '{{ include "common.release" . }}-{{ include "common.name" . }}-mg-secret' + +nodeSelector: {} + +affinity: {} + +flavor: small + +#resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# +# Example: +# Configure resource requests and limits +# ref: http://kubernetes.io/docs/user-guide/compute-resources/ +# Minimum memory for development is 2 CPU cores and 4GB memory +# Minimum memory for production is 4 CPU cores and 8GB memory +resources: + small: + limits: + cpu: "100m" + memory: "0.3Gi" + requests: + cpu: "10m" + memory: "0.09Gi" + large: + limits: + cpu: "2" + memory: "4Gi" + requests: + cpu: "1" + memory: "2Gi" + unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: mongodb-init + roles: + - read + +securityContext: + user_id: 100 + group_id: 65533 + +readinessCheck: + wait_for: + services: + - '{{ .Values.global.mongodb.service.name }}' + +wait_for_job_container: + containers: + - '{{ include "common.name" . }}-setup-db' diff --git a/kubernetes/common/postgres-init/Chart.yaml b/kubernetes/common/postgres-init/Chart.yaml index be9ecc2f5f..342854c71a 100644 --- a/kubernetes/common/postgres-init/Chart.yaml +++ b/kubernetes/common/postgres-init/Chart.yaml @@ -16,7 +16,7 @@ apiVersion: v2 description: Chart for Postgres init job name: postgres-init -version: 13.0.1 +version: 13.0.2 dependencies: diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl index 1da838a5b9..e708926049 100644 --- a/kubernetes/common/repositoryGenerator/templates/_repository.tpl +++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl @@ -2,6 +2,7 @@ # Copyright © 2017 Amdocs, Bell Canada # Copyright © 2021 AT&T # Modifications Copyright (C) 2021 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -139,6 +140,10 @@ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "nginxImage") .) }} {{- end -}} +{{- define "repositoryGenerator.image.mongodbImage" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "mongodbImage") .) }} +{{- end -}} + {{- define "repositoryGenerator.image.postgres" -}} {{- include "repositoryGenerator.image._helper" (merge (dict "image" "postgresImage") .) }} {{- end -}} diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml index da10d82035..1c0909fce1 100644 --- a/kubernetes/common/repositoryGenerator/values.yaml +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -37,6 +37,7 @@ global: kubectlImage: bitnami/kubectl:1.22.4 loggingImage: beats/filebeat:5.5.0 mariadbImage: bitnami/mariadb:10.5.8 + mongodbImage: percona/percona-server-mongodb:7.0.5-3 nginxImage: bitnami/nginx:1.21.4 postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 readinessImage: onap/oom/readiness:6.0.3 @@ -71,6 +72,7 @@ imageRepoMapping: kubectlImage: dockerHubRepository loggingImage: elasticRepository mariadbImage: dockerHubRepository + mongodbImage: dockerHubRepository nginxImage: dockerHubRepository postgresImage: dockerHubRepository readinessImage: repository diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index c37b0fcdbc..663712cac5 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -96,6 +96,10 @@ global: # mariadb client image mariadbImage: bitnami/mariadb:10.5.8 + # mongodb server image + + mongodbImage: percona/percona-server-mongodb:7.0.5-3 + # nginx server image nginxImage: bitnami/nginx:1.21.4 @@ -199,6 +203,9 @@ global: tls: true # be aware that linkerd is not well tested engine: "istio" # valid value: istio or linkerd + # if nativeSidecars are enabled in Istio, this value can be set to "true" + # and will disable the deployment of sidecar killer containers in jobs + nativeSidecars: false # Global Istio Authorization Policy configuration authorizationPolicies: |