diff options
| author |   Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-06-05 15:19:22 +0200 |
|---|---|---|
| committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-06-08 09:45:10 +0200 |
| commit | 0de302ad6212185c842ce7232319e19d994dd520 (patch) | |
| tree | 569fc7e20b36fe7b20d8634c1d54beae8448ab2f /kubernetes/aaf/components | |
| parent | 83ba0bb4bfe3978f0b0ba7c251ed28fc6686c20b (diff) | |
[AAF SMS] Use certInitializer for certificates
AAF SMS was hardcoding its certificates in the container.
This patch makes use of certInitializer in order to retrieve "fresh"
certificates.
In order to use certInitiliazer in a sub component, we had to move
charts to component and add the right requirements.
Issue-ID: AAF-1159
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6ec55eddffd54dd56b03cea1a6f0b437f8bfa299
Diffstat (limited to 'kubernetes/aaf/components')
135 files changed, 5397 insertions, 0 deletions
diff --git a/kubernetes/aaf/components/Makefile b/kubernetes/aaf/components/Makefile new file mode 100644 index 0000000000..2fc0cbe4ab --- /dev/null +++ b/kubernetes/aaf/components/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/aaf/components/aaf-cass/.helmignore b/kubernetes/aaf/components/aaf-cass/.helmignore new file mode 100644 index 0000000000..daebc7da77 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cass/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/aaf/components/aaf-cass/Chart.yaml b/kubernetes/aaf/components/aaf-cass/Chart.yaml new file mode 100644 index 0000000000..42b4076689 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cass/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF cassandra +name: aaf-cass +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-cass/requirements.yaml b/kubernetes/aaf/components/aaf-cass/requirements.yaml new file mode 100644 index 0000000000..6afaa06e8a --- /dev/null +++ b/kubernetes/aaf/components/aaf-cass/requirements.yaml @@ -0,0 +1,18 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-cass/templates/NOTES.txt b/kubernetes/aaf/components/aaf-cass/templates/NOTES.txt new file mode 100644 index 0000000000..bd74a42cd5 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cass/templates/NOTES.txt @@ -0,0 +1,33 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml new file mode 100644 index 0000000000..309a9f38c6 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml @@ -0,0 +1,113 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - name: fix-permission + command: + - /bin/sh + args: + - -c + - | + chown -R 1000:1000 /opt/app/aaf/status + chown -R 1000:1000 /var/lib/cassandra + image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /var/lib/cassandra + name: aaf-cass-vol + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 30m + memory: 100Mi + containers: + - name: {{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + # installing with cmd "onap" will not only initialize the DB, but add ONAP bootstrap data as well + command: ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh","onap"] + ports: {{ include "common.containerPorts" . | nindent 10 }} + env: + - name: CASSANDRA_CLUSTER_NAME + value: {{ .Values.config.cluster_name }} + - name: CASSANDRA_DC + value: {{ .Values.config.dc }} + - name: CQLSH + value: "/opt/cassandra/bin/cqlsh" + - name: HEAP_NEWSIZE + value: {{ .Values.config.heap_new_size }} + - name: MAX_HEAP_SIZE + value: {{ .Values.config.max_heap_size }} + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + volumeMounts: + - mountPath: /var/lib/cassandra + name: aaf-cass-vol + - mountPath: /etc/localtime + name: localtime + readOnly: true + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: tcp-cql + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: tcp-cql + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: {{ include "common.resources" . | nindent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: aaf-cass-vol + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }} + {{- else }} + emptyDir: {} + {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/components/aaf-cass/templates/pv.yaml b/kubernetes/aaf/components/aaf-cass/templates/pv.yaml new file mode 100644 index 0000000000..187e9b75de --- /dev/null +++ b/kubernetes/aaf/components/aaf-cass/templates/pv.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.PV" . }} diff --git a/kubernetes/aaf/components/aaf-cass/templates/pvc.yaml b/kubernetes/aaf/components/aaf-cass/templates/pvc.yaml new file mode 100644 index 0000000000..e56c98751c --- /dev/null +++ b/kubernetes/aaf/components/aaf-cass/templates/pvc.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.PVC" . }} diff --git a/kubernetes/aaf/components/aaf-cass/templates/service.yaml b/kubernetes/aaf/components/aaf-cass/templates/service.yaml new file mode 100644 index 0000000000..8f80ee12a2 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cass/templates/service.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-cass/values.yaml b/kubernetes/aaf/components/aaf-cass/values.yaml new file mode 100644 index 0000000000..c5e5811fd1 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cass/values.yaml @@ -0,0 +1,109 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + +flavor: small + +################################################################# +# Application configuration defaults. +################################################################# +# application configuration +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 120 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: tcp-cql + +image: onap/aaf/aaf_cass:2.1.23 + +config: + cluster_name: osaaf + heap_new_size: 512M + max_heap_size: 1024M + dc: dc1 + +readiness: + initialDelaySeconds: 5 + periodSeconds: 10 + +service: + name: aaf-cass + type: ClusterIP + ports: + - name: tcp-intra + port: 7000 + - name: tls + port: 7001 + - name: tcp-cql + port: 9042 + - name: tcp-thrift + port: 9160 + +ingress: + enabled: false + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 2100m + memory: 1792Mi + requests: + cpu: 30m + memory: 1280Mi + large: + limits: + cpu: 4 + memory: 12000Mi + requests: + cpu: 40m + memory: 9000Mi + unlimited: {} + +persistence: + enabled: true + #existingClaim: + mountPath: /dockerdata-nfs + mountSubPath: "cass" + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 20Gi diff --git a/kubernetes/aaf/components/aaf-cert-service/.helmignore b/kubernetes/aaf/components/aaf-cert-service/.helmignore new file mode 100644 index 0000000000..50af031725 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kubernetes/aaf/components/aaf-cert-service/Chart.yaml b/kubernetes/aaf/components/aaf-cert-service/Chart.yaml new file mode 100644 index 0000000000..525b2ac4b6 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF Cert Service +name: aaf-cert-service +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-cert-service/requirements.yaml b/kubernetes/aaf/components/aaf-cert-service/requirements.yaml new file mode 100644 index 0000000000..6afaa06e8a --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/requirements.yaml @@ -0,0 +1,18 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks Binary files differnew file mode 100644 index 0000000000..f24908c55d --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks Binary files differnew file mode 100644 index 0000000000..89605b6b7a --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 Binary files differnew file mode 100644 index 0000000000..2106c817ef --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/default/cmpServers.json b/kubernetes/aaf/components/aaf-cert-service/resources/default/cmpServers.json new file mode 100644 index 0000000000..358f2a82c7 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/default/cmpServers.json @@ -0,0 +1,3 @@ +{ + "cmpv2Servers": [] +}
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/root.crt b/kubernetes/aaf/components/aaf-cert-service/resources/root.crt new file mode 100644 index 0000000000..faeee81357 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/root.crt @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFlDCCA3ygAwIBAgIETsAy8jANBgkqhkiG9w0BAQwFADByMQswCQYDVQQGEwJQ
+TDEUMBIGA1UECBMLRG9sbnkgU2xhc2sxEDAOBgNVBAcTB1dyb2NsYXcxFTATBgNV
+BAoTDFJvb3QgQ29tcGFueTERMA8GA1UECxMIUm9vdCBPcmcxETAPBgNVBAMTCHJv
+b3QuY29tMB4XDTIwMDQwMzA5MTYxNloXDTMwMDQwMTA5MTYxNlowcjELMAkGA1UE
+BhMCUEwxFDASBgNVBAgTC0RvbG55IFNsYXNrMRAwDgYDVQQHEwdXcm9jbGF3MRUw
+EwYDVQQKEwxSb290IENvbXBhbnkxETAPBgNVBAsTCFJvb3QgT3JnMREwDwYDVQQD
+Ewhyb290LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAImm68wu
+rtdkVrC5JI2y53+DoVE4al7NxC2yHeVW0PRD3CgW1xba6dlSQoDQQKkDkxtuNhlU
+IQxU1bbKR6syqJgpJXwSDx4sl4J5lQGWN+iuNA72C1IyXATOgowGq6PbOVVTkApy
+3+ZZGBCmweTjhvddAO7k5p8v+ePt17VvBTxSt6rSvrkGMbpCxBGAPfGpL9xykm9Z
+okVSlA42gGhbra499QTT0Yc/WPPFotKkDKFGaDrLW3NYX1Lio11myYNvLOMwfSEV
+Xy9vkwxcdqFJpHjx+EVLLQXwkudZP+D53N4bk8nP3SacbZSQ/A85mZpWNtw+r9QL
+fZGecY1YIR0udLj66CIG3ybl3gSXX7TSRERTIMR6Um1lt+039FSa18mRBpQTCDXV
+tSL58Qs5BHFkCe0sGpY+XiSEypc6oYPf/7YjiTvMT/mHhDffrvFjhK+wP/oCIg8u
+vuPRoPWuyw41bBeFGitJgDn7E8p9B4K/1DCO/ZcjXiYMgn5Hwb3ojablYUeiXs99
+2AAV8gCceUCdgcP8d6wdAydOVljavkgHPG0IMbiVG1WT57oM3HQpejgpujlKDDsI
+bi9/lbcC/U0JoN9yAaJZFr7CXJrxRv8DWeTwzMTo203KHNu9roQiERd38P8Dp6AQ
+ivmqf0+0VZM3IpjWBYKM68tclHJcG+7wyFjvAgMBAAGjMjAwMB0GA1UdDgQWBBSN
+lFyR56zh67mnvYTmmgJQVxEJrjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+DAUAA4ICAQBczmFY0kmr1FK50glkT282ur0vukNtwXQNJONof3rYRqP2W98jID6D
+ayma0B4/H1EqCa0d66wRBxFdwW+MqOc4uWD3uUwgazrYD/Bv+V3aumaw8yX6vbyL
+hLNfpd4pViAEGtzYxYfMfFR6uzInF3NMpvt8OXCSGKiQjDMnMs0ekvUZLJm7yxwT
+Qr9aAEFYQYM/GstUC6qFfuUa4MaGvmyKWhZ10JoKXYbGGeFU4wI7Kzifh3VvawTg
+r314ZvQ3zpEwzNJpdvT5ZKuPvyN+drAKFpSPfOTFmmb3uF95FgYq33OFPpo7SR43
+tnw5u5YqKnsHmqCIRMctWiYZc8rBJ3+eBGmke6z/AN6FraG6Ejc8e4WPclrB8STb
++oB3a4Cvri1VHyodkm50Sb/d1FAMDXvzEPBfu2D0dVvOwOcISSN/MQUom8NN4YeI
+aEATdAPNkokgehOzZ1OPRv47FKYEVPCXjaZEWAC7NNmNiRn4RQOti0DlNrLL7Nx9
+vK09G0EnW01MO2ARRkZ3dog+Ph7orJQV3sd7TO4EEortqWtbegSH75ylyYw6rt/j
+uBzYtMOnEtnQKhxj4Wj7PO+StCgspoOByn0d+iSgDd2TlpWm4naP2pfFZT0R+TOH
+wzSH0F47TSfRd0++uEz/QhViybrvQK7yMt1G1YwZp2im+imuWwUC8Q== +-----END CERTIFICATE----- diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/test/cmpServers.json b/kubernetes/aaf/components/aaf-cert-service/resources/test/cmpServers.json new file mode 100644 index 0000000000..06e1087f60 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/test/cmpServers.json @@ -0,0 +1,24 @@ +{ + "cmpv2Servers": [ + { + "caName": "CLIENT", + "url": "http://ejbca:8080/ejbca/publicweb/cmp/cmp", + "issuerDN": "CN=ManagementCA", + "caMode": "CLIENT", + "authentication": { + "iak": "${CLIENT_IAK}", + "rv": "${CLIENT_RV}" + } + }, + { + "caName": "RA", + "url": "http://ejbca:8080/ejbca/publicweb/cmp/cmpRA", + "issuerDN": "CN=ManagementCA", + "caMode": "RA", + "authentication": { + "iak": "${RA_IAK}", + "rv": "${RA_RV}" + } + } + ] +}
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks Binary files differnew file mode 100644 index 0000000000..c32d37fd9d --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks diff --git a/kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml new file mode 100644 index 0000000000..76e610f169 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml @@ -0,0 +1,123 @@ +# Copyright © 2020, Nokia +# Modifications Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.global.cmpv2Enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + volumes: +{{- if .Values.global.addTestingComponents }} + - name: cmp-servers-template-volume + secret: + secretName: {{ .Values.cmpServers.secret.name }} + - name: {{ .Values.cmpServers.volume.name }} + emptyDir: + medium: Memory +{{- else }} + - name: {{ .Values.cmpServers.volume.name }} + secret: + secretName: {{ .Values.cmpServers.secret.name }} +{{- end }} + - name: {{ .Values.tls.server.volume.name }} + secret: + secretName: {{ .Values.tls.server.secret.name }} +{{- if .Values.global.addTestingComponents }} + initContainers: + - name: wait-for-ejbca + command: + - /root/ready.py + args: + - --container-name + - ejbca-ejbca + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + - name: subsitute-envs + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ['sh', '-c', "cd /config-input && envsubst < cmpServers.json > {{ .Values.cmpServers.volume.mountPath }}/cmpServers.json"] + volumeMounts: + - name: cmp-servers-template-volume + mountPath: /config-input + readOnly: true + - name: {{ .Values.cmpServers.volume.name }} + mountPath: {{ .Values.cmpServers.volume.mountPath }} + readOnly: false + env: + - name: CLIENT_IAK + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-client-iak" "key" "password") | indent 14 }} + - name: CLIENT_RV + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmp-config-client-rv" "key" "password") | indent 14 }} + - name: RA_IAK + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-ra-iak" "key" "password") | indent 14 }} + - name: RA_RV + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmp-config-ra-rv" "key" "password") | indent 14 }} +{{- end }} + containers: + - name: {{ include "common.name" . }} + image: {{ .Values.repository }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 10 }} + env: + - name: HTTPS_PORT + value: "{{ .Values.envs.httpsPort }}" + - name: KEYSTORE_PATH + value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.jksName }}" + - name: KEYSTORE_P12_PATH + value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.p12Name }}" + - name: TRUSTSTORE_PATH + value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.jksName }}" + - name: ROOT_CERT + value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.crtName }}" + - name: KEYSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 14 }} + - name: TRUSTSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 14 }} + livenessProbe: + exec: + command: + - /bin/bash + - -c + - {{ .Values.liveness.command }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + readinessProbe: + exec: + command: + - /bin/bash + - -c + - {{ .Values.readiness.command }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - name: {{ .Values.cmpServers.volume.name }} + mountPath: {{ .Values.cmpServers.volume.mountPath }} + readOnly: false + - name: {{ .Values.tls.server.volume.name }} + mountPath: {{ .Values.tls.server.volume.mountPath }} + readOnly: true + resources: {{ include "common.resources" . | nindent 12 }} +{{ end -}} diff --git a/kubernetes/aaf/components/aaf-cert-service/templates/secret.yaml b/kubernetes/aaf/components/aaf-cert-service/templates/secret.yaml new file mode 100644 index 0000000000..ac92f56487 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/templates/secret.yaml @@ -0,0 +1,56 @@ +# Copyright © 2020, Nokia +# Modifications Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.global.cmpv2Enabled }} +{{ include "common.secretFast" . }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.cmpServers.secret.name }} +type: Opaque +data: +{{ if .Values.global.addTestingComponents }} + {{ (.Files.Glob "resources/test/cmpServers.json").AsSecrets }} +{{ else }} + {{ (.Files.Glob "resources/default/cmpServers.json").AsSecrets }} +{{ end }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.global.aaf.certServiceClient.secret.name | default .Values.tls.client.secret.defaultName }} +type: Opaque +data: + certServiceClient-keystore.jks: + {{ (.Files.Glob "resources/certServiceClient-keystore.jks").AsSecrets }} + truststore.jks: + {{ (.Files.Glob "resources/truststore.jks").AsSecrets }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.tls.server.secret.name }} +type: Opaque +data: + certServiceServer-keystore.jks: + {{ (.Files.Glob "resources/certServiceServer-keystore.jks").AsSecrets }} + certServiceServer-keystore.p12: + {{ (.Files.Glob "resources/certServiceServer-keystore.p12").AsSecrets }} + truststore.jks: + {{ (.Files.Glob "resources/truststore.jks").AsSecrets }} + root.crt: + {{ (.Files.Glob "resources/root.crt").AsSecrets }} +{{ end -}}
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-cert-service/templates/service.yaml b/kubernetes/aaf/components/aaf-cert-service/templates/service.yaml new file mode 100644 index 0000000000..60e2afa41d --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/templates/service.yaml @@ -0,0 +1,17 @@ +# Copyright © 2020, Nokia +# Modifications Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.global.cmpv2Enabled }} + {{ include "common.service" . }} +{{ end -}}
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-cert-service/values.yaml b/kubernetes/aaf/components/aaf-cert-service/values.yaml new file mode 100644 index 0000000000..17b0b758cd --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/values.yaml @@ -0,0 +1,160 @@ +# Copyright © 2020, Nokia +# Modifications Copyright © 2020, Nordix Foundation, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Global +global: + envsubstImage: dibi/envsubst + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + +# Service configuration +service: + type: ClusterIP + ports: + - name: http + port: 8443 + port_protocol: http + + +# Deployment configuration +repository: nexus3.onap.org:10001 +image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0 +pullPolicy: Always +replicaCount: 1 + +liveness: + initialDelaySeconds: 60 + periodSeconds: 10 + command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD +readiness: + initialDelaySeconds: 30 + periodSeconds: 10 + command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD + +flavor: small +resources: + small: + limits: + cpu: 0.5 + memory: 1Gi + requests: + cpu: 0.2 + memory: 512Mi + large: + limits: + cpu: 1 + memory: 2Gi + requests: + cpu: 0.4 + memory: 1Gi + unlimited: {} + + +# Application configuration +cmpServers: + secret: + name: aaf-cert-service-secret + volume: + name: aaf-cert-service-volume + mountPath: /etc/onap/aaf/certservice + +tls: + server: + secret: + name: aaf-cert-service-server-tls-secret + volume: + name: aaf-cert-service-server-tls-volume + mountPath: /etc/onap/aaf/certservice/certs/ + client: + secret: + defaultName: aaf-cert-service-client-tls-secret + +envs: + keystore: + jksName: certServiceServer-keystore.jks + p12Name: certServiceServer-keystore.p12 + truststore: + jksName: truststore.jks + crtName: root.crt + httpsPort: 8443 + +# External secrets with credentials can be provided to override default credentials defined below, +# by uncommenting and filling appropriate *ExternalSecret value +credentials: + tls: + keystorePassword: secret + truststorePassword: secret + #keystorePasswordExternalSecret: + #truststorePasswordExternalSecret: + # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled + cmp: + #clientIakExternalSecret: + #clientRvExternalSecret: + #raIakExternalSecret: + #raRvExternalSecret: + client: {} + # iak: mypassword + # rv: unused + ra: {} + # iak: mypassword + # rv: unused + +secrets: + - uid: keystore-password + name: '{{ include "common.release" . }}-keystore-password' + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}' + password: '{{ .Values.credentials.tls.keystorePassword }}' + passwordPolicy: required + - uid: truststore-password + name: '{{ include "common.release" . }}-truststore-password' + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}' + password: '{{ .Values.credentials.tls.truststorePassword }}' + passwordPolicy: required + # Below values are relevant only if global addTestingComponents flag is enabled + - uid: ejbca-server-client-iak + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}' + password: '{{ .Values.credentials.cmp.client.iak }}' + - uid: cmp-config-client-rv + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}' + password: '{{ .Values.credentials.cmp.client.rv }}' + - uid: ejbca-server-ra-iak + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}' + password: '{{ .Values.credentials.cmp.ra.iak }}' + - uid: cmp-config-ra-rv + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}' + password: '{{ .Values.credentials.cmp.ra.rv }}' diff --git a/kubernetes/aaf/components/aaf-cm/.helmignore b/kubernetes/aaf/components/aaf-cm/.helmignore new file mode 100644 index 0000000000..daebc7da77 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cm/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/aaf/components/aaf-cm/Chart.yaml b/kubernetes/aaf/components/aaf-cm/Chart.yaml new file mode 100644 index 0000000000..ed453f7ac7 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cm/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T, ZTE +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF Certificate Manager +name: aaf-cm +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-cm/requirements.yaml b/kubernetes/aaf/components/aaf-cm/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cm/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-cm/templates/NOTES.txt b/kubernetes/aaf/components/aaf-cm/templates/NOTES.txt new file mode 100644 index 0000000000..bd74a42cd5 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cm/templates/NOTES.txt @@ -0,0 +1,33 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/aaf/components/aaf-cm/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cm/templates/deployment.yaml new file mode 100644 index 0000000000..5074c8bc08 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cm/templates/deployment.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/components/aaf-cm/templates/ingress.yaml b/kubernetes/aaf/components/aaf-cm/templates/ingress.yaml new file mode 100644 index 0000000000..40b4bba0ce --- /dev/null +++ b/kubernetes/aaf/components/aaf-cm/templates/ingress.yaml @@ -0,0 +1,4 @@ + +{{ include "common.ingress" . }} + + diff --git a/kubernetes/aaf/components/aaf-cm/templates/service.yaml b/kubernetes/aaf/components/aaf-cm/templates/service.yaml new file mode 100644 index 0000000000..e54c4f3057 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cm/templates/service.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-cm/values.yaml b/kubernetes/aaf/components/aaf-cm/values.yaml new file mode 100644 index 0000000000..0997c7db41 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cm/values.yaml @@ -0,0 +1,106 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + + +flavor: small + +################################################################# +# Application configuration defaults. +################################################################# +# application image +replicaCount: 1 + +binary: cm + +sequence_order: + - service + - locate + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 30 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: api + +readiness: + initialDelaySeconds: 5 + periodSeconds: 10 + port: api + +service: + name: aaf-cm + type: ClusterIP + ports: + - name: api + protocol: http + port: 8150 + +ingress: + enabled: false + service: + - baseaddr: "aafcm" + name: "aaf-cm" + port: 8150 + config: + ssl: "redirect" + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 400m + memory: 300Mi + requests: + cpu: 1m + memory: 200Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 40m + memory: 600Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-fs/.helmignore b/kubernetes/aaf/components/aaf-fs/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/aaf/components/aaf-fs/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/components/aaf-fs/Chart.yaml b/kubernetes/aaf/components/aaf-fs/Chart.yaml new file mode 100644 index 0000000000..211c4c28de --- /dev/null +++ b/kubernetes/aaf/components/aaf-fs/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF File Server +name: aaf-fs +version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-fs/requirements.yaml b/kubernetes/aaf/components/aaf-fs/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-fs/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-fs/templates/NOTES.txt b/kubernetes/aaf/components/aaf-fs/templates/NOTES.txt new file mode 100644 index 0000000000..bd74a42cd5 --- /dev/null +++ b/kubernetes/aaf/components/aaf-fs/templates/NOTES.txt @@ -0,0 +1,33 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/aaf/components/aaf-fs/templates/deployment.yaml b/kubernetes/aaf/components/aaf-fs/templates/deployment.yaml new file mode 100644 index 0000000000..c36750809c --- /dev/null +++ b/kubernetes/aaf/components/aaf-fs/templates/deployment.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/components/aaf-fs/templates/ingress.yaml b/kubernetes/aaf/components/aaf-fs/templates/ingress.yaml new file mode 100644 index 0000000000..40b4bba0ce --- /dev/null +++ b/kubernetes/aaf/components/aaf-fs/templates/ingress.yaml @@ -0,0 +1,4 @@ + +{{ include "common.ingress" . }} + + diff --git a/kubernetes/aaf/components/aaf-fs/templates/service.yaml b/kubernetes/aaf/components/aaf-fs/templates/service.yaml new file mode 100644 index 0000000000..e54c4f3057 --- /dev/null +++ b/kubernetes/aaf/components/aaf-fs/templates/service.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-fs/values.yaml b/kubernetes/aaf/components/aaf-fs/values.yaml new file mode 100644 index 0000000000..9bffb95724 --- /dev/null +++ b/kubernetes/aaf/components/aaf-fs/values.yaml @@ -0,0 +1,107 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + +flavor: small + +################################################################# +# Application configuration defaults. +################################################################# +# application image +pullPolicy: Always + +replicaCount: 1 + +binary: fs + +sequence_order: + - service + - locate + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 120 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: api + +readiness: + initialDelaySeconds: 5 + periodSeconds: 10 + port: api + +service: + name: aaf-fs + type: ClusterIP + ports: + - name: api + port: 8096 + protocol: http + +ingress: + enabled: false + service: + - baseaddr: "aaffs" + name: "aaf-fs" + port: 8096 + config: + ssl: "none" + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 200m + memory: 110Mi + requests: + cpu: 1m + memory: 80Mi + large: + limits: + cpu: 500m + memory: 700Mi + requests: + cpu: 100m + memory: 400Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-gui/.helmignore b/kubernetes/aaf/components/aaf-gui/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/aaf/components/aaf-gui/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/components/aaf-gui/Chart.yaml b/kubernetes/aaf/components/aaf-gui/Chart.yaml new file mode 100644 index 0000000000..7e81a70759 --- /dev/null +++ b/kubernetes/aaf/components/aaf-gui/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF GUI +name: aaf-gui +version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-gui/requirements.yaml b/kubernetes/aaf/components/aaf-gui/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-gui/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-gui/templates/NOTES.txt b/kubernetes/aaf/components/aaf-gui/templates/NOTES.txt new file mode 100644 index 0000000000..bd74a42cd5 --- /dev/null +++ b/kubernetes/aaf/components/aaf-gui/templates/NOTES.txt @@ -0,0 +1,33 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/aaf/components/aaf-gui/templates/deployment.yaml b/kubernetes/aaf/components/aaf-gui/templates/deployment.yaml new file mode 100644 index 0000000000..c36750809c --- /dev/null +++ b/kubernetes/aaf/components/aaf-gui/templates/deployment.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/components/aaf-gui/templates/ingress.yaml b/kubernetes/aaf/components/aaf-gui/templates/ingress.yaml new file mode 100644 index 0000000000..40b4bba0ce --- /dev/null +++ b/kubernetes/aaf/components/aaf-gui/templates/ingress.yaml @@ -0,0 +1,4 @@ + +{{ include "common.ingress" . }} + + diff --git a/kubernetes/aaf/components/aaf-gui/templates/service.yaml b/kubernetes/aaf/components/aaf-gui/templates/service.yaml new file mode 100644 index 0000000000..e54c4f3057 --- /dev/null +++ b/kubernetes/aaf/components/aaf-gui/templates/service.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-gui/values.yaml b/kubernetes/aaf/components/aaf-gui/values.yaml new file mode 100644 index 0000000000..8639d6c0f0 --- /dev/null +++ b/kubernetes/aaf/components/aaf-gui/values.yaml @@ -0,0 +1,107 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + +flavor: small +################################################################# +# Application configuration defaults. +################################################################# +# application image +pullPolicy: Always + +replicaCount: 1 + +binary: gui + +sequence_order: + - service + - locate + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 30 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: gui + +readiness: + initialDelaySeconds: 5 + periodSeconds: 10 + port: gui + +service: + name: aaf-gui + type: NodePort + ports: + - name: gui + protocol: http + port: 8200 + nodePort: 51 + +ingress: + enabled: false + service: + - baseaddr: "aafgui" + name: "aaf-gui" + port: 8200 + config: + ssl: "redirect" + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 200m + memory: 280Mi + requests: + cpu: 1m + memory: 170Mi + large: + limits: + cpu: 200m + memory: 1Gi + requests: + cpu: 100m + memory: 500Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-hello/.helmignore b/kubernetes/aaf/components/aaf-hello/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/aaf/components/aaf-hello/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/components/aaf-hello/Chart.yaml b/kubernetes/aaf/components/aaf-hello/Chart.yaml new file mode 100644 index 0000000000..71b3242558 --- /dev/null +++ b/kubernetes/aaf/components/aaf-hello/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF Hello +name: aaf-hello +version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-hello/requirements.yaml b/kubernetes/aaf/components/aaf-hello/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-hello/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-hello/templates/NOTES.txt b/kubernetes/aaf/components/aaf-hello/templates/NOTES.txt new file mode 100644 index 0000000000..ef4d8e7d23 --- /dev/null +++ b/kubernetes/aaf/components/aaf-hello/templates/NOTES.txt @@ -0,0 +1,14 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + diff --git a/kubernetes/aaf/components/aaf-hello/templates/deployment.yaml b/kubernetes/aaf/components/aaf-hello/templates/deployment.yaml new file mode 100644 index 0000000000..891b829f43 --- /dev/null +++ b/kubernetes/aaf/components/aaf-hello/templates/deployment.yaml @@ -0,0 +1,60 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: {{ include "common.aaf-config" (dict "aafRoot" .Values.aaf_init "dot" .) | nindent 6 }} +# CONTAINER Definition + containers: + - name: {{ include "common.name" . }} + command: ["bash","-c","cd /opt/app/aaf && if [ ! -d /opt/app/osaaf/etc ]; then cp -Rf etc logs /opt/app/osaaf; fi && exec bin/hello"] + image: {{ .Values.global.repository }}/{{.Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 10 }} + volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 8 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{- end }} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} + {{- end }} + volumes: {{ include "common.aaf-config-volumes" (dict "aafRoot" .Values.aaf_init "dot" .) | nindent 6 }} + - name: localtime + hostPath: + path: /etc/localtime + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/components/aaf-hello/templates/ingress.yaml b/kubernetes/aaf/components/aaf-hello/templates/ingress.yaml new file mode 100644 index 0000000000..40b4bba0ce --- /dev/null +++ b/kubernetes/aaf/components/aaf-hello/templates/ingress.yaml @@ -0,0 +1,4 @@ + +{{ include "common.ingress" . }} + + diff --git a/kubernetes/aaf/components/aaf-hello/templates/secret.yaml b/kubernetes/aaf/components/aaf-hello/templates/secret.yaml new file mode 100644 index 0000000000..f8c32e0670 --- /dev/null +++ b/kubernetes/aaf/components/aaf-hello/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/aaf/components/aaf-hello/templates/service.yaml b/kubernetes/aaf/components/aaf-hello/templates/service.yaml new file mode 100644 index 0000000000..8f80ee12a2 --- /dev/null +++ b/kubernetes/aaf/components/aaf-hello/templates/service.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-hello/values.yaml b/kubernetes/aaf/components/aaf-hello/values.yaml new file mode 100644 index 0000000000..df3abec67c --- /dev/null +++ b/kubernetes/aaf/components/aaf-hello/values.yaml @@ -0,0 +1,105 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +global: + aafEnabled: true + +flavor: small + +################################################################# +# Application configuration defaults. +################################################################# +# application image +aaf_init: + # You might want this in your own app. For AAF, we store in global + # replicas: 1 + fqi: aaf@aaf.osaaf.org +# This MUST match what is put in AAF's "Artifact" for Certificates + fqdn: aaf-hello +# What is put in Locator for External Access + public_fqdn: aaf.osaaf.org + cadi_latitude: "38.0" + cadi_longitude: "-72.0" + credsPath: /opt/app/osaaf/local + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + secret_uid: &aaf_secret_uid nbi-aaf-deploy-creds + permission_user: 1000 + permission_group: 999 + +replicaCount: 0 + +image: onap/aaf/aaf_hello:2.1.23 + +service: + name: aaf-hello + type: ClusterIP + ports: + - name: api + protocol: http + port: 8130 + +nodeSelector: {} + +affinity: {} + +secrets: + - uid: *aaf_secret_uid + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aaf_init.aafDeployFqi }}' + password: '{{ .Values.aaf_init.aafDeployPass }}' + passwordPolicy: required + +# probe configuration parameters +liveness: + initialDelaySeconds: 30 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: api + +readiness: + initialDelaySeconds: 5 + periodSeconds: 10 + port: api + +ingress: + enabled: false + service: + - baseaddr: "aafhello" + name: "aaf-hello" + port: 8130 + config: + ssl: "none" + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 10m + memory: 200Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 20m + memory: 500Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-locate/.helmignore b/kubernetes/aaf/components/aaf-locate/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/aaf/components/aaf-locate/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/components/aaf-locate/Chart.yaml b/kubernetes/aaf/components/aaf-locate/Chart.yaml new file mode 100644 index 0000000000..3133191280 --- /dev/null +++ b/kubernetes/aaf/components/aaf-locate/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF Locate +name: aaf-locate +version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-locate/requirements.yaml b/kubernetes/aaf/components/aaf-locate/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-locate/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-locate/templates/NOTES.txt b/kubernetes/aaf/components/aaf-locate/templates/NOTES.txt new file mode 100644 index 0000000000..bd74a42cd5 --- /dev/null +++ b/kubernetes/aaf/components/aaf-locate/templates/NOTES.txt @@ -0,0 +1,33 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/aaf/components/aaf-locate/templates/deployment.yaml b/kubernetes/aaf/components/aaf-locate/templates/deployment.yaml new file mode 100644 index 0000000000..5074c8bc08 --- /dev/null +++ b/kubernetes/aaf/components/aaf-locate/templates/deployment.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/components/aaf-locate/templates/ingress.yaml b/kubernetes/aaf/components/aaf-locate/templates/ingress.yaml new file mode 100644 index 0000000000..1b33c1f8d1 --- /dev/null +++ b/kubernetes/aaf/components/aaf-locate/templates/ingress.yaml @@ -0,0 +1,2 @@ + +{{ include "common.ingress" . }} diff --git a/kubernetes/aaf/components/aaf-locate/templates/service.yaml b/kubernetes/aaf/components/aaf-locate/templates/service.yaml new file mode 100644 index 0000000000..e54c4f3057 --- /dev/null +++ b/kubernetes/aaf/components/aaf-locate/templates/service.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-locate/values.yaml b/kubernetes/aaf/components/aaf-locate/values.yaml new file mode 100644 index 0000000000..7bcf10dabb --- /dev/null +++ b/kubernetes/aaf/components/aaf-locate/values.yaml @@ -0,0 +1,104 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + + +flavor: small +################################################################# +# Application configuration defaults. +################################################################# +# application image +replicaCount: 1 + +binary: locate + +sequence_order: + - service + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 30 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: api + +readiness: + initialDelaySeconds: 5 + periodSeconds: 10 + port: api + +service: + name: aaf-locate + type: ClusterIP + ports: + - name: api + protocol: http + port: 8095 + +ingress: + enabled: false + service: + - baseaddr: "aaflocate" + name: "aaf-locate" + port: 8095 + config: + ssl: "redirect" + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 500m + memory: 320Mi + requests: + cpu: 1m + memory: 210Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 40m + memory: 500Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-oauth/.helmignore b/kubernetes/aaf/components/aaf-oauth/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/aaf/components/aaf-oauth/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/components/aaf-oauth/Chart.yaml b/kubernetes/aaf/components/aaf-oauth/Chart.yaml new file mode 100644 index 0000000000..a64a17c7b1 --- /dev/null +++ b/kubernetes/aaf/components/aaf-oauth/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF OAuth +name: aaf-oauth +version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-oauth/requirements.yaml b/kubernetes/aaf/components/aaf-oauth/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-oauth/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-oauth/templates/NOTES.txt b/kubernetes/aaf/components/aaf-oauth/templates/NOTES.txt new file mode 100644 index 0000000000..bd74a42cd5 --- /dev/null +++ b/kubernetes/aaf/components/aaf-oauth/templates/NOTES.txt @@ -0,0 +1,33 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/aaf/components/aaf-oauth/templates/deployment.yaml b/kubernetes/aaf/components/aaf-oauth/templates/deployment.yaml new file mode 100644 index 0000000000..5074c8bc08 --- /dev/null +++ b/kubernetes/aaf/components/aaf-oauth/templates/deployment.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/components/aaf-oauth/templates/ingress.yaml b/kubernetes/aaf/components/aaf-oauth/templates/ingress.yaml new file mode 100644 index 0000000000..1b33c1f8d1 --- /dev/null +++ b/kubernetes/aaf/components/aaf-oauth/templates/ingress.yaml @@ -0,0 +1,2 @@ + +{{ include "common.ingress" . }} diff --git a/kubernetes/aaf/components/aaf-oauth/templates/service.yaml b/kubernetes/aaf/components/aaf-oauth/templates/service.yaml new file mode 100644 index 0000000000..e54c4f3057 --- /dev/null +++ b/kubernetes/aaf/components/aaf-oauth/templates/service.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-oauth/values.yaml b/kubernetes/aaf/components/aaf-oauth/values.yaml new file mode 100644 index 0000000000..8771041778 --- /dev/null +++ b/kubernetes/aaf/components/aaf-oauth/values.yaml @@ -0,0 +1,107 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + + +flavor: small + +################################################################# +# Application configuration defaults. +################################################################# +# application image + +replicaCount: 1 + +binary: oauth + +sequence_order: + - service + - locate + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 30 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: api + +readiness: + initialDelaySeconds: 5 + periodSeconds: 10 + port: api + +service: + name: aaf-oauth + type: ClusterIP + ports: + - name: api + protocol: http + port: 8140 + +ingress: + enabled: false + service: + - baseaddr: "aafoauth" + name: "aaf-oauth" + port: 8140 + config: + ssl: "redirect" + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 40m + memory: 320Mi + requests: + cpu: 1m + memory: 210Mi + large: + limits: + cpu: 400m + memory: 600Mi + requests: + cpu: 40m + memory: 200Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-service/.helmignore b/kubernetes/aaf/components/aaf-service/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/aaf/components/aaf-service/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/components/aaf-service/Chart.yaml b/kubernetes/aaf/components/aaf-service/Chart.yaml new file mode 100644 index 0000000000..187e33ac6f --- /dev/null +++ b/kubernetes/aaf/components/aaf-service/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF Service +name: aaf-service +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-service/requirements.yaml b/kubernetes/aaf/components/aaf-service/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-service/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-service/templates/deployment.yaml b/kubernetes/aaf/components/aaf-service/templates/deployment.yaml new file mode 100644 index 0000000000..5074c8bc08 --- /dev/null +++ b/kubernetes/aaf/components/aaf-service/templates/deployment.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/components/aaf-service/templates/ingress.yaml b/kubernetes/aaf/components/aaf-service/templates/ingress.yaml new file mode 100644 index 0000000000..40b4bba0ce --- /dev/null +++ b/kubernetes/aaf/components/aaf-service/templates/ingress.yaml @@ -0,0 +1,4 @@ + +{{ include "common.ingress" . }} + + diff --git a/kubernetes/aaf/components/aaf-service/templates/service.yaml b/kubernetes/aaf/components/aaf-service/templates/service.yaml new file mode 100644 index 0000000000..e54c4f3057 --- /dev/null +++ b/kubernetes/aaf/components/aaf-service/templates/service.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-service/values.yaml b/kubernetes/aaf/components/aaf-service/values.yaml new file mode 100644 index 0000000000..d924bb4f54 --- /dev/null +++ b/kubernetes/aaf/components/aaf-service/values.yaml @@ -0,0 +1,106 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + + +flavor: small + +################################################################# +# Application configuration defaults. +################################################################# +# application image + +replicaCount: 1 + +binary: service + +sequence_order: + - cass + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 30 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: api + +readiness: + initialDelaySeconds: 5 + periodSeconds: 10 + port: api + +service: + name: aaf-service + type: ClusterIP + ports: + - name: api + port: 8100 + protocol: http + +ingress: + enabled: false + service: + - baseaddr: "aafservice" + name: "aaf-service" + port: 8100 + config: + ssl: "redirect" + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 250m + memory: 360Mi + requests: + cpu: 10m + memory: 250Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 40m + memory: 300Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sms/Chart.yaml b/kubernetes/aaf/components/aaf-sms/Chart.yaml new file mode 100644 index 0000000000..557894f456 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Secret Management Service +name: aaf-sms +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml new file mode 100644 index 0000000000..2dc3d49b66 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Secret Management Service Quorum Client +name: aaf-sms-quorumclient +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json new file mode 100644 index 0000000000..3a43f00019 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json @@ -0,0 +1,7 @@ +{ + "url":"https://aaf-sms.{{ include "common.namespace" . }}:10443", + "cafile": "/quorumclient/certs/aaf_root_ca.cer", + "clientcert":"client.cert", + "clientkey":"client.key", + "timeout":"10s" +}
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml new file mode 100644 index 0000000000..02f1080f29 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml @@ -0,0 +1,26 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml new file mode 100644 index 0000000000..d855ae6fdf --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml @@ -0,0 +1,45 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- $global := . }} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +{{- if eq "True" (include "common.needPV" .) }} +{{- range $i := until (int $global.Values.replicaCount)}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" $global }}-data-{{ $i }} + namespace: {{ include "common.namespace" $global }} + labels: + app: {{ include "common.name" $global }} + chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" + release: "{{ include "common.release" $global }}" + heritage: "{{ $global.Release.Service }}" + name: {{ include "common.fullname" $global }} +spec: + capacity: + storage: {{ $global.Values.persistence.size}} + accessModes: + - {{ $global.Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" $global }}-data" + hostPath: + path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} +{{if ne $i (int $global.Values.replicaCount) }} +--- +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml new file mode 100644 index 0000000000..1c6cc933f5 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml @@ -0,0 +1,107 @@ +# Copyright 2018 Intel Corporation, Inc +# Modifications © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + serviceName: + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{- if .Values.persistence.enabled }} + initContainers: + - name: fix-permission + command: + - /bin/sh + args: + - -c + - | + chmod -R 775 /quorumclient/auth + chown -R 100:1000 /quorumclient/auth + image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /quorumclient/auth + name: {{ include "common.fullname" . }}-data +{{- end }} + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + name: {{ include "common.name" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/quorumclient/bin/quorumclient"] + workingDir: /quorumclient/ + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /quorumclient/config.json + name: {{ include "common.name" .}} + subPath: config.json +{{- if .Values.persistence.enabled }} + - mountPath: /quorumclient/auth + name: {{ include "common.fullname" . }}-data +{{- end }} + resources: +{{ include "common.resources" . | indent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name : {{ include "common.name" . }} + configMap: + name: {{ include "common.fullname" . }} + items: + - key: config.json + path: config.json + mode: 0755 +{{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: {{ include "common.fullname" . }}-data + labels: + name: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ include "common.release" . }}" + heritage: "{{ .Release.Service }}" + spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + storageClassName: {{ include "common.storageClass" . }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- end }} diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/values.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/values.yaml new file mode 100644 index 0000000000..1459624536 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/values.yaml @@ -0,0 +1,71 @@ +# Copyright 2018 Intel Corporation, Inc +# Modifications © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/aaf/smsquorumclient:4.0.2 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +# Example: +# default number of instances +replicaCount: 3 + +nodeSelector: {} + +affinity: {} + +persistence: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 10Mi + mountPath: /dockerdata-nfs + mountSubPath: sms/quorum/data + +ingress: + enabled: false + +flavor: small + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 40m + memory: 40Mi + requests: + cpu: 1m + memory: 10Mi + large: + limits: + cpu: 400m + memory: 700Mi + requests: + cpu: 10m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/Chart.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/Chart.yaml new file mode 100644 index 0000000000..074958ff70 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Chart to launch Vault as SMS backend +name: aaf-sms-vault +appVersion: 0.9.5 +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml new file mode 100644 index 0000000000..2c70c23e03 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml @@ -0,0 +1,41 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-vault + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: + config.json: | + {{ .Values.config.vault | toJson }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-consul + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: + config.json: | + {{ .Values.config.consul | toJson }} diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml new file mode 100644 index 0000000000..d855ae6fdf --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml @@ -0,0 +1,45 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- $global := . }} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +{{- if eq "True" (include "common.needPV" .) }} +{{- range $i := until (int $global.Values.replicaCount)}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" $global }}-data-{{ $i }} + namespace: {{ include "common.namespace" $global }} + labels: + app: {{ include "common.name" $global }} + chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" + release: "{{ include "common.release" $global }}" + heritage: "{{ $global.Release.Service }}" + name: {{ include "common.fullname" $global }} +spec: + capacity: + storage: {{ $global.Values.persistence.size}} + accessModes: + - {{ $global.Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" $global }}-data" + hostPath: + path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} +{{if ne $i (int $global.Values.replicaCount) }} +--- +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/service.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/service.yaml new file mode 100644 index 0000000000..a3a7591b02 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/service.yaml @@ -0,0 +1,39 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.portName }} + {{if eq .Values.service.type "NodePort" -}} + port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }} + {{- else -}} + port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + {{- end}} + protocol: TCP + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml new file mode 100644 index 0000000000..4023106091 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml @@ -0,0 +1,115 @@ +# Copyright 2018 Intel Corporation, Inc +# Modifications © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + serviceName: + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: +{{- if .Values.persistence.enabled }} + initContainers: + - name: fix-permission + command: + - /bin/sh + args: + - -c + - | + chmod -R 775 /consul/data + chown -R 100:1000 /consul/data + image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /consul/data + name: {{ include "common.fullname" . }}-data +{{- end }} + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image.vault }}" + name: {{ include "common.name" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + args: ["server"] + ports: + - containerPort: {{ .Values.service.internalPort }} + volumeMounts: + - mountPath: /vault/config/config.json + name: {{ include "common.fullname" . }}-vault + subPath: config.json + - mountPath: /etc/localtime + name: localtime + readOnly: true + resources: +{{ include "common.resources" . | indent 10 }} + - image: "{{ include "common.repository" . }}/{{ .Values.image.consul }}" + name: {{ include "common.name" . }}-backend + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + args: ["agent","-server","-bind","0.0.0.0","-bootstrap-expect=1","-config-file","/consul/config/config.json"] + ports: + - name: http + containerPort: 8500 + volumeMounts: +{{- if .Values.persistence.enabled }} + - mountPath: /consul/data + name: {{ include "common.fullname" . }}-data +{{- end }} + - mountPath: /consul/config/config.json + name: {{ include "common.fullname" . }}-consulconfiguration + subPath: config.json + - mountPath: /etc/localtime + name: localtime + readOnly: true + resources: +{{ include "common.resources" . | indent 10 }} + volumes: + - name: {{ include "common.fullname" . }}-consulconfiguration + configMap: + name: {{ include "common.fullname" . }}-consul + - name: {{ include "common.fullname" . }}-vault + configMap: + name: {{ include "common.fullname" . }}-vault + - name: localtime + hostPath: + path: /etc/localtime + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: {{ include "common.fullname" . }}-data + labels: + name: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ include "common.release" . }}" + heritage: "{{ .Release.Service }}" + spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + storageClassName: {{ include "common.storageClass" . }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- end }} diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/values.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/values.yaml new file mode 100644 index 0000000000..7787f0b85d --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/values.yaml @@ -0,0 +1,111 @@ +# Copyright 2018 Intel Corporation, Inc +# Modifications © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + +# application image +repository: nexus3.onap.org:10001 +image: + consul: library/consul:1.7.1 + vault: library/vault:1.3.3 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +################################################################# +# Application configuration defaults. +################################################################# +config: + consul: + server: true + log_level: INFO + server: true + data_dir: '/consul/data' + ports: + http: 8500 + https: -1 + + vault: + storage: + consul: + address: localhost:8500 + path: smsvault + listener: + tcp: + address: '[::]:8200' + tls_disable: true + disable_mlock: true + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +persistence: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 2Gi + mountPath: /dockerdata-nfs + mountSubPath: sms/consul/data + +service: + type: ClusterIP + name: aaf-sms-db + portName: aaf-sms-db + internalPort: 8200 + externalPort: 8200 + +ingress: + enabled: false + +flavor: small + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 40m + memory: 40Mi + requests: + cpu: 10m + memory: 25Mi + large: + limits: + cpu: 400m + memory: 700Mi + requests: + cpu: 10m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sms/requirements.yaml b/kubernetes/aaf/components/aaf-sms/requirements.yaml new file mode 100644 index 0000000000..7152c37ff0 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem b/kubernetes/aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem new file mode 100644 index 0000000000..7939846bf0 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB +RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN +MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG +A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL +neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d +o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3 +nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV +v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO +15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw +gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV +M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q +ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl +u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+ ++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/ +QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht +8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX +kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3 +aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky +uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w +tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep +BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k= +-----END CERTIFICATE----- diff --git a/kubernetes/aaf/components/aaf-sms/resources/config/has.json b/kubernetes/aaf/components/aaf-sms/resources/config/has.json new file mode 100644 index 0000000000..679b5189de --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/resources/config/has.json @@ -0,0 +1,44 @@ +{ + "domain": { + "name": "has", + "secrets": [ + { + "name": "aai", + "values": { + "username": "${AAI_USER}", + "password": "${AAI_PASS}" + } + }, + { + "name": "conductor_api", + "values": { + "username": "${CONDUCTOR_USER}", + "password": "${CONDUCTOR_PASS}" + } + }, + { + "name": "sdnc", + "values": { + "username": "${SDNC_USER}", + "password": "${SDNC_PASS}" + } + }, + { + "name": "music_api", + "values": { + "aafuser": "${MUSIC_USER}", + "aafpass": "${MUSIC_PASS}", + "aafns": "conductor" + } + }, + { + "name": "aaf_api", + "values": { + "username": "${AAF_USER}", + "password": "${AAF_PASS}", + "aaf_conductor_user": "oof@oof.onap.org" + } + } + ] + } +} diff --git a/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json b/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json new file mode 100644 index 0000000000..add0808701 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json @@ -0,0 +1,105 @@ +{ + "domain": { + "name": "osdf", + "secrets": [ + { + "name": "so", + "values": { + "UserName": "${SO_USER}", + "Password": "${SO_PASS}" + } + }, + { + "name": "conductor", + "values": { + "UserName": "${CONDUCTOR_USER}", + "Password": "${CONDUCTOR_PASS}" + } + }, + { + "name": "policyPlatform", + "values": { + "UserName": "${POLICY_PLAT_USER}", + "Password": "${POLICY_PLAT_PASS}" + } + }, + { + "name": "policyClient", + "values": { + "UserName": "${POLICY_CLI_USER}", + "Password": "${POLICY_CLI_PASS}" + } + }, + { + "name": "dmaap", + "values": { + "UserName": "NA", + "Password": "NA" + } + }, + { + "name": "sdc", + "values": { + "UserName": "NA", + "Password": "NA" + } + }, + { + "name": "osdfPlacement", + "values": { + "UserName": "${OSDF_PLACEMENT_USER}", + "Password": "${OSDF_PLACEMENT_PASS}" + } + }, + { + "name": "osdfPlacementSO", + "values": { + "UserName": "${OSDF_PLACEMENT_SO_USER}", + "Password": "${OSDF_PLACEMENT_SO_PASS}" + } + }, + { + "name": "osdfPlacementVFC", + "values": { + "UserName": "${OSDF_PLACEMENT_VFC_USER}", + "Password": "${OSDF_PLACEMENT_VFC_PASS}" + } + }, + { + "name": "osdfCMScheduler", + "values": { + "UserName": "${OSDF_CM_SCHEDULER_USER}", + "Password": "${OSDF_CM_SCHEDULER_PASS}" + } + }, + { + "name": "configDb", + "values": { + "UserName": "${CONFIG_DB_USER}", + "Password": "${CONFIG_DB_PASS}" + } + }, + { + "name": "pciHMS", + "values": { + "UserName": "", + "Password": "" + } + }, + { + "name": "osdfPCIOpt", + "values": { + "UserName": "${OSDF_PCI_OPT_USER}", + "Password": "${OSDF_PCI_OPT_PASS}" + } + }, + { + "name": "osdfOptEngine", + "values": { + "UserName": "${OSDF_OPT_ENGINE_USER}", + "Password": "${OSDF_OPT_ENGINE_PASS}" + } + } + ] + } +} diff --git a/kubernetes/aaf/components/aaf-sms/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sms/templates/configmap.yaml new file mode 100644 index 0000000000..a74fe277b7 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/templates/configmap.yaml @@ -0,0 +1,42 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: + smsconfig.json: | + {{ .Values.config | toJson }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-preload + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-preload + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/aaf/components/aaf-sms/templates/deployment.yaml b/kubernetes/aaf/components/aaf-sms/templates/deployment.yaml new file mode 100644 index 0000000000..bb409f33c5 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/templates/deployment.yaml @@ -0,0 +1,144 @@ +# Copyright 2018 Intel Corporation, Inc +# Modifications © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 8 }} + # Currently intermediate certificate is not given by AAF CM so we need + # to give it "by hand" + {{- if .Values.global.aafEnabled }} + - name: {{ include "common.fullname" . }}-add-intermediate-cert + command: + - /bin/sh + args: + - -c + - | + cat /int-certs/intermediate_root_ca.pem >> {{ .Values.certInitializer.mountPath }}/local/org.onap.aaf-sms.crt + image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }} + - mountPath: /int-certs + name: {{ include "common.fullname" . }}-int-certs + readOnly: true + {{- end }} + - name: {{ include "common.fullname" . }}-fix-permission + command: + - /bin/sh + args: + - -c + - | + chmod -R 775 /sms/auth + chown -R 1000:1000 /sms/auth + image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /sms/auth + name: {{ include "common.fullname" . }}-auth + - name: {{ include "common.name" . }}-readiness + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - "aaf-sms-vault" + - --container-name + - "aaf-sms-vault-backend" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }} + command: ["/sms/bin/sms"] + workingDir: /sms/ + ports: + - containerPort: {{ .Values.service.internalPort }} + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + httpGet: + port: {{ .Values.service.internalPort }} + scheme: HTTPS + path: /v1/sms/quorum/status + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + httpGet: + port: {{ .Values.service.internalPort }} + scheme: HTTPS + path: /v1/sms/quorum/status + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /sms/smsconfig.json + name: {{ include "common.name" .}} + subPath: smsconfig.json + - mountPath: /sms/auth + name: {{ include "common.fullname" . }}-auth + resources: +{{ include "common.resources" . | indent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + - name: localtime + hostPath: + path: /etc/localtime + - name : {{ include "common.name" . }} + configMap: + name: {{ include "common.fullname" . }} + {{- if .Values.global.aafEnabled }} + - name: {{ include "common.fullname" . }}-int-certs + secret: + secretName: {{ include "common.fullname" . }}-int-certs + {{- end }} + - name: {{ include "common.fullname" . }}-auth + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }} + {{- else }} + emptyDir: {} + {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/components/aaf-sms/templates/job.yaml b/kubernetes/aaf/components/aaf-sms/templates/job.yaml new file mode 100644 index 0000000000..315d068676 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/templates/job.yaml @@ -0,0 +1,202 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-preload + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + - command: + - sh + args: + - -c + - "export AAI_PASS=${AAI_PASS_PLAIN}; + export CONDUCTOR_PASS=${CONDUCTOR_PASS_PLAIN}; + export SDNC_PASS=${SDNC_PASS_PLAIN}; + export MUSIC_PASS=${MUSIC_PASS_PLAIN}; + export AAF_PASS=${AAF_PASS_PLAIN}; + export POLICY_PLAT_PASS=${POLICY_PLAT_PASS_PLAIN}; + export POLICY_CLI_PASS=${POLICY_CLI_PASS_PLAIN}; + export OSDF_PLACEMENT_PASS=${OSDF_PLACEMENT_PASS_PLAIN}; + export OSDF_PLACEMENT_SO_PASS=${OSDF_PLACEMENT_SO_PASS_PLAIN}; + export OSDF_PLACMENET_VFC_PASS=${OSDF_PLACEMENT_VFC_PASS_PLAIN}; + export OSDF_CM_SCHEDULER_PASS=${OSDF_CM_SCHEDULER_PASS_PLAIN}; + export CONFIG_DB_PASS=${CONFIG_DB_PASS_PLAIN}; + export OSDF_PCI_OPT_PASS=${OSDF_PCI_OPT_PASS_PLAIN}; + export OSDF_OPT_ENGINE_PASS=${OSDF_OPT_ENGINE_PASS_PLAIN}; + export SO_PASS=${SO_PASS_PLAIN}; + cd /config-input; + for PFILE in `find . -not -type d | grep -v -F ..`; do + envsubst <${PFILE} >/config/${PFILE}; + done" + env: + - name: AAI_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-creds" "key" "login") | indent 10 }} + - name: AAI_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-creds" "key" "password") | indent 10 }} + + - name: CONDUCTOR_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "conductor-creds" "key" "login") | indent 10 }} + - name: CONDUCTOR_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "conductor-creds" "key" "password") | indent 10 }} + + - name: SDNC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "login") | indent 10 }} + - name: SDNC_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "password") | indent 10 }} + + - name: MUSIC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-creds" "key" "login") | indent 10 }} + - name: MUSIC_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-creds" "key" "password") | indent 10 }} + + - name: AAF_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 10 }} + - name: AAF_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 10 }} + + - name: POLICY_PLAT_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-plat-creds" "key" "login") | indent 10 }} + - name: POLICY_PLAT_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-plat-creds" "key" "password") | indent 10 }} + + - name: POLICY_CLI_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-cli-creds" "key" "login") | indent 10 }} + - name: POLICY_CLI_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-cli-creds" "key" "password") | indent 10 }} + + - name: OSDF_PLACEMENT_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-creds" "key" "login") | indent 10 }} + - name: OSDF_PLACEMENT_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-creds" "key" "password") | indent 10 }} + + - name: OSDF_PLACEMENT_SO_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-so-creds" "key" "login") | indent 10 }} + - name: OSDF_PLACEMENT_SO_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-so-creds" "key" "password") | indent 10 }} + + - name: OSDF_PLACEMENT_VFC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-vfc-creds" "key" "login") | indent 10 }} + - name: OSDF_PLACEMENT_VFC_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-vfc-creds" "key" "password") | indent 10 }} + + - name: OSDF_CM_SCHEDULER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-cm-scheduler-creds" "key" "login") | indent 10 }} + - name: OSDF_CM_SCHEDULER_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-cm-scheduler-creds" "key" "password") | indent 10 }} + + - name: CONFIG_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "config-db-creds" "key" "login") | indent 10 }} + - name: CONFIG_DB_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "config-db-creds" "key" "password") | indent 10 }} + + - name: OSDF_PCI_OPT_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-pci-opt-creds" "key" "login") | indent 10 }} + - name: OSDF_PCI_OPT_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-pci-opt-creds" "key" "password") | indent 10 }} + + - name: OSDF_OPT_ENGINE_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-opt-engine-creds" "key" "login") | indent 10 }} + - name: OSDF_OPT_ENGINE_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-opt-engine-creds" "key" "password") | indent 10 }} + + - name: SO_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-creds" "key" "login") | indent 10 }} + - name: SO_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-creds" "key" "password") | indent 10 }} + + volumeMounts: + - mountPath: /config-input + name: {{ include "common.name" . }}-preload-input + - mountPath: /config/ + name: {{ include "common.name" . }}-preload + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + command: + - /root/ready.py + args: + - --container-name + - "aaf-sms" + - --container-name + - "aaf-sms-quorumclient" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-preload + command: + - "/sms/bin/preload" + - "-cacert" + - "{{ .Values.certInitializer.mountPath }}/local/{{ .Values.certInitializer.root_ca_name }}" + - "-jsondir" + - "/preload/config" + - "-serviceport" + - "{{ .Values.service.internalPort }}" + - "-serviceurl" + - "https://aaf-sms.{{ include "common.namespace" . }}" + workingDir: /sms + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /preload/config + name: {{ include "common.name" . }}-preload + resources: +{{ include "common.resources" . | indent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.name" . }}-preload-input + configMap: + name: {{ include "common.fullname" . }}-preload + - name: {{ include "common.name" . }}-preload + emptyDir: + medium: Memory + restartPolicy: OnFailure + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/components/aaf-sms/templates/pv.yaml b/kubernetes/aaf/components/aaf-sms/templates/pv.yaml new file mode 100644 index 0000000000..d06131feb5 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/templates/pv.yaml @@ -0,0 +1,40 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if eq "True" (include "common.needPV" .) }} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: {{ include "common.release" . }} + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" . }}-data" + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} +{{- end -}} +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sms/templates/pvc.yaml b/kubernetes/aaf/components/aaf-sms/templates/pvc.yaml new file mode 100644 index 0000000000..c46d50607c --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/templates/pvc.yaml @@ -0,0 +1,39 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ include "common.release" . }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} + storageClassName: {{ include "common.storageClass" . }} +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sms/templates/secret.yaml b/kubernetes/aaf/components/aaf-sms/templates/secret.yaml new file mode 100644 index 0000000000..7a0213f16c --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/templates/secret.yaml @@ -0,0 +1,32 @@ +{{/* +# Copyright © 2020 Samsung Electronics, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} +--- +{{- if .Values.global.aafEnabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-int-certs + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} +{{- end }} diff --git a/kubernetes/aaf/components/aaf-sms/templates/service.yaml b/kubernetes/aaf/components/aaf-sms/templates/service.yaml new file mode 100644 index 0000000000..9c94202fe3 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/templates/service.yaml @@ -0,0 +1,39 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.PortName }} + {{if eq .Values.service.type "NodePort" -}} + port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }} + {{- else -}} + port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + {{- end}} + protocol: TCP + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/aaf/components/aaf-sms/values.yaml b/kubernetes/aaf/components/aaf-sms/values.yaml new file mode 100644 index 0000000000..dccf57ca96 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/values.yaml @@ -0,0 +1,257 @@ +# Copyright 2018 Intel Corporation, Inc +# Modifications © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + persistence: {} + envsubstImage: dibi/envsubst + aafEnabled: true + +flavor: small + +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: aaf-sms-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: aaf-sms + fqi: aaf-sms@aaf-sms.onap.org + public_fqdn: aaf-sms.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + mountPath: /opt/app/osaaf + keystore: truststoreONAPall.jks + keystore_pass: changeit + root_ca_alias: onaptestca + root_ca_name: aaf_root_ca.cer + permission_user: 1000 + permission_group: 1000 + aaf_add_config: > + cd {{ .Values.mountPath }}/local; + keytool -exportcert -rfc -file {{ .Values.root_ca_name }} -keystore {{ .Values.keystore }} + -alias {{ .Values.root_ca_alias }} -storepass {{ .Values.keystore_pass }}; + chown -R {{.Values.permission_user}}:{{.Values.permission_group}} + {{ .Values.mountPath }}; + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/aaf/sms:4.0.2 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +# Example: +config: + smsdbaddress: "http://aaf-sms-db:8200" + cafile: "/opt/app/osaaf/local/aaf_root_ca.cer" + servercert: "/opt/app/osaaf/local/org.onap.aaf-sms.crt" + serverkey: "/opt/app/osaaf/local/org.onap.aaf-sms.key" + password: "c2VjcmV0bWFuYWdlbWVudHNlcnZpY2VzZWNyZXRwYXNzd29yZA==" + +# subchart configuration +vault: + nameOverride: smsdb + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 30 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 30 + +service: + type: ClusterIP + name: aaf-sms + portName: aaf-sms + internalPort: 10443 + externalPort: 10443 + +persistence: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 1Gi + mountPath: /dockerdata-nfs + mountSubPath: sms/auth + +ingress: + enabled: false + +secrets: + - uid: aai-creds + type: basicAuth + login: '{{ .Values.oofCreds.aaiUsername }}' + password: '{{ .Values.oofCreds.aaiPassword }}' + passwordPolicy: required + - uid: conductor-creds + type: basicAuth + login: '{{ .Values.oofCreds.conductorUsername }}' + password: '{{ .Values.oofCreds.conductorPassword }}' + passwordPolicy: required + - uid: sdnc-creds + type: basicAuth + login: '{{ .Values.oofCreds.sdncUsername }}' + password: '{{ .Values.oofCreds.sdncPassword }}' + passwordPolicy: required + - uid: music-creds + type: basicAuth + login: '{{ .Values.oofCreds.musicUsername }}' + password: '{{ .Values.oofCreds.musicPassword }}' + passwordPolicy: required + - uid: aaf-creds + type: basicAuth + login: '{{ .Values.oofCreds.aafUsername }}' + password: '{{ .Values.oofCreds.aafPassword }}' + passwordPolicy: required + - uid: policy-plat-creds + type: basicAuth + login: '{{ .Values.oofCreds.policyPlatUsername }}' + password: '{{ .Values.oofCreds.policyPlatPassword }}' + passwordPolicy: required + - uid: policy-cli-creds + type: basicAuth + login: '{{ .Values.oofCreds.policyCliUsername }}' + password: '{{ .Values.oofCreds.policyCliPassword }}' + passwordPolicy: required + - uid: osdf-placement-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfPlacementUsername }}' + password: '{{ .Values.oofCreds.osdfPlacementPassword }}' + passwordPolicy: required + - uid: osdf-placement-so-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfPlacementSOUsername }}' + password: '{{ .Values.oofCreds.osdfPlacementSOPassword }}' + passwordPolicy: required + - uid: osdf-placement-vfc-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfPlacementVFCUsername }}' + password: '{{ .Values.oofCreds.osdfPlacementVFCPassword }}' + passwordPolicy: required + - uid: osdf-cm-scheduler-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfCMSchedulerUsername }}' + password: '{{ .Values.oofCreds.osdfCMSchedulerPassword }}' + passwordPolicy: required + - uid: config-db-creds + type: basicAuth + login: '{{ .Values.oofCreds.configDbUsername }}' + password: '{{ .Values.oofCreds.configDbPassword }}' + passwordPolicy: required + - uid: osdf-pci-opt-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfPCIOptUsername }}' + password: '{{ .Values.oofCreds.osdfPCIOptPassword }}' + passwordPolicy: required + - uid: osdf-opt-engine-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfOptEngineUsername }}' + password: '{{ .Values.oofCreds.osdfOptEnginePassword }}' + passwordPolicy: required + - uid: so-creds + type: basicAuth + login: '{{ .Values.oofCreds.soUsername }}' + password: '{{ .Values.oofCreds.soPassword }}' + passwordPolicy: required + +oofCreds: + aaiUsername: oof@oof.onap.org + aaiPassword: demo123456! + + conductorUsername: admin1 + conductorPassword: plan.15 + + sdncUsername: admin + sdncPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + + musicUsername: conductor + musicPassword: c0nduct0r + + aafUsername: aaf_admin@people.osaaf.org + aafPassword: demo123456! + + policyPlatUsername: healthcheck + policyPlatPassword: zb!XztG34 + + policyCliUsername: healthcheck + policyCliPassword: zb!XztG34 + + osdfPlacementUsername: test + osdfPlacementPassword: testpwd + + osdfPlacementSOUsername: so_test + osdfPlacementSOPassword: so_testpwd + + osdfPlacementVFCUsername: vfc_test + osdfPlacementVFCPassword: vfc_testpwd + + osdfCMSchedulerUsername: test1 + osdfCMSchedulerPassword: testpwd1 + + configDbUsername: osdf + configDbPassword: passwd + + osdfPCIOptUsername: pci_test + osdfPCIOptPassword: pci_testpwd + + osdfOptEngineUsername: opt_test + osdfOptEnginePassword: opt_testpwd + + soUsername: apihBpmn + soPassword: password1$ + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 100m + memory: 400Mi + requests: + cpu: 25m + memory: 10Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 25m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sshsm/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/Chart.yaml new file mode 100644 index 0000000000..d39b561905 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Hardware Security Components +name: aaf-sshsm +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sshsm/README.md b/kubernetes/aaf/components/aaf-sshsm/README.md new file mode 100644 index 0000000000..a6f2e62cb9 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/README.md @@ -0,0 +1,24 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Helm Chart for ONAP Hardware Security Components + +This includes the following Kubernetes services: + +1. dist-center - A service that is used to create and distribute private keys +2. abrmd - A service that manages access to the TPM device + +# Service Dependencies + +All services depend on AAF
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml new file mode 100644 index 0000000000..499b82caaf --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Trusted Platform Module Resource Manager +name: aaf-sshsm-abrmd +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml new file mode 100644 index 0000000000..8d1faf7e32 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml @@ -0,0 +1,25 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} + +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} + +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml new file mode 100644 index 0000000000..23fe79d716 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml @@ -0,0 +1,75 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} + +apiVersion: batch/v1 +kind: Job +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + backoffLimit: 2 + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + restartPolicy: Never + containers: + - name: {{ include "common.name" . }}-job + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/abrmd/bin/initialize_tpm.sh"] + workingDir: /abrmd/bin + securityContext: + privileged: true + env: + - name: TPM_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: ABRMD_DATA + value: /abrmd/data + volumeMounts: + - name: {{ include "common.fullname" . }}-data + mountPath: /abrmd/data + - name: {{ include "common.fullname" . }}-tpm-device + mountPath: /dev/tpm0 + - name: {{ include "common.fullname" . }}-tpmconfig + mountPath: "/abrmd/cred/" + readOnly: true + resources: {{ toYaml .Values.resources | nindent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} + {{- end -}} + {{- if .Values.global.tpm.enabled }} + {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} + {{- end }} + resources: {{ include "common.resources" . | nindent 10 }} + volumes: + - name: {{ include "common.fullname" . }}-data + persistentVolumeClaim: + claimName: {{ include "common.release" . }}-aaf-sshsm-data + - name: {{ include "common.fullname" . }}-tpm-device + hostPath: + path: /dev/tpm0 + - name: {{ include "common.fullname" . }}-tpmconfig + secret: + secretName: {{ include "common.release" . }}-aaf-sshsm + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml new file mode 100644 index 0000000000..c624ccfc4d --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml @@ -0,0 +1,89 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} + +apiVersion: apps/v1 +kind: StatefulSet +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + serviceName: + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-job-complete + command: + - /root/job_complete.py + args: + - -j + - "{{ include "common.fullname" . }}-init" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + name: {{ include "common.name" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/abrmd/bin/run_abrmd.sh"] + workingDir: /abrmd/bin + securityContext: + privileged: true + volumeMounts: + - name: {{ include "common.fullname" . }}-dbus + mountPath: /var/run/dbus + - name: {{ include "common.fullname" . }}-tpm-device + mountPath: /dev/tpm0 + - mountPath: /etc/localtime + name: localtime + readOnly: true + resources: {{ include "common.resources" . | nindent 10 }} + nodeSelector: + {{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.global.tpm.enabled }} + {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-dbus + persistentVolumeClaim: + claimName: {{ include "common.release" . }}-aaf-sshsm-dbus + - name: {{ include "common.fullname" . }}-tpm-device + hostPath: + path: /dev/tpm0 + +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml new file mode 100644 index 0000000000..2a733632bf --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml @@ -0,0 +1,60 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/aaf/abrmd:4.0.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +# Example: +# default number of instances +replicaCount: 1 + +# TPM specific node selection is done at parent chart aaf-sshsm +nodeSelector: {} + +affinity: {} + +ingress: + enabled: false + +# Configure resource requests and limits +flavor: small +resources: + small: + limits: + cpu: 20m + memory: 50Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 10m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml new file mode 100644 index 0000000000..22ba3da019 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Trusted Platform Module Distribution Center +name: aaf-sshsm-distcenter +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml new file mode 100644 index 0000000000..99176fcdf6 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml @@ -0,0 +1,25 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.distcenter.enabled -}} + +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} + +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml new file mode 100644 index 0000000000..fb48c7df4a --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml @@ -0,0 +1,106 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.distcenter.enabled -}} + +apiVersion: batch/v1 +kind: Job +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + serviceName: + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + restartPolicy: Never + initContainers: +{{- if .Values.global.tpm.enabled }} + - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + command: + - /root/job_complete.py + args: + - -j + - "{{ include "common.release" . }}-aaf-sshsm-abrmd-init" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{ else }} + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-gen-passphrase + command: ["sh", "-c", "/usr/bin/openssl rand -base64 12 >/distcenter/data/passphrase"] + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: {{ include "common.fullname" . }}-data + mountPath: /distcenter/data + resources: + limits: + cpu: 1 + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{- end }} + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + name: {{ include "common.name" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/entrypoint.sh"] + workingDir: /distcenter + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: {{ include "common.fullname" . }}-data + mountPath: /distcenter/data + resources: {{ include "common.resources" . | nindent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-data + persistentVolumeClaim: + claimName: {{ include "common.release" . }}-aaf-sshsm + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml new file mode 100644 index 0000000000..bf0ef74be2 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml @@ -0,0 +1,19 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.distcenter.enabled -}} +{{ include "common.PV" . }} +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml new file mode 100644 index 0000000000..a13b7f353b --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml @@ -0,0 +1,19 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.distcenter.enabled -}} +{{ include "common.PVC" . }} +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml new file mode 100644 index 0000000000..94791be713 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml @@ -0,0 +1,69 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/aaf/distcenter:4.0.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +# Example: +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +persistence: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 10Mi + mountPath: /dockerdata-nfs + mountSubPath: sshsm/distcenter/data + +ingress: + enabled: false + +# Configure resource requests and limits +flavor: small +resources: + small: + limits: + cpu: 20m + memory: 50Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 10m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml new file mode 100644 index 0000000000..b64e0c331a --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Trusted Platform Module Test CA Service +name: aaf-sshsm-testca +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml new file mode 100644 index 0000000000..a64f483d74 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml @@ -0,0 +1,131 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.testca.enabled -}} + +apiVersion: batch/v1 +kind: Job +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + restartPolicy: Never + initContainers: + - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-distcenter-ready + command: + - /root/job_complete.py + args: + - -j + - "{{ include "common.release" . }}-aaf-sshsm-distcenter" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{- if .Values.global.tpm.enabled }} + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-abrmd-ready + command: ["sh", "/sshsm/bin/abrmd_ready.sh", "300"] + workingDir: /testca/bin + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + volumeMounts: + - name: {{ include "common.fullname" . }}-dbus + mountPath: /var/run/dbus + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{- end }} + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + name: {{ include "common.name" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["./import.sh"] + workingDir: /testca/bin + env: +{{- if .Values.global.tpm.enabled }} + - name: TPM_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: DATA_FOLDER + value: /testca/data/host_$(TPM_NODE_NAME) +{{ else }} + - name: DATA_FOLDER + value: /testca/data +{{- end }} + - name: SECRETS_FOLDER + value: /testca/secrets + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: {{ include "common.fullname" . }}-data + mountPath: /testca/data + - name: {{ include "common.fullname" . }}-dbus + mountPath: /var/run/dbus + - name: {{ include "common.fullname" . }}-secrets + mountPath: /testca/secrets + readOnly: true + resources: {{ include "common.resources" . | nindent 10 }} + nodeSelector: + {{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.global.tpm.enabled }} + {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-data + persistentVolumeClaim: + claimName: {{ include "common.release" . }}-aaf-sshsm + - name: {{ include "common.fullname" . }}-dbus + persistentVolumeClaim: + claimName: {{ include "common.release" . }}-aaf-sshsm-dbus + - name: {{ include "common.fullname" . }}-secrets + secret: + secretName: {{ include "common.release" . }}-aaf-sshsm + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml new file mode 100644 index 0000000000..dd04c93bd7 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml @@ -0,0 +1,61 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# + +enabled: true + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/aaf/testcaservice:4.0.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +# Example: +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +ingress: + enabled: false + +# Configure resource requests and limits +flavor: small +resources: + small: + limits: + cpu: 50m + memory: 100Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 10m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sshsm/requirements.yaml b/kubernetes/aaf/components/aaf-sshsm/requirements.yaml new file mode 100644 index 0000000000..0704a2c9df --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-sshsm/resources/config/prk_passwd b/kubernetes/aaf/components/aaf-sshsm/resources/config/prk_passwd new file mode 100644 index 0000000000..640b325898 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/resources/config/prk_passwd @@ -0,0 +1 @@ +cHJpbWFyeXBhc3N3b3JkCg== diff --git a/kubernetes/aaf/components/aaf-sshsm/resources/config/srk_handle b/kubernetes/aaf/components/aaf-sshsm/resources/config/srk_handle new file mode 100644 index 0000000000..b8b9d8ddb0 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/resources/config/srk_handle @@ -0,0 +1 @@ +MHg4MTAwMDAyMwo= diff --git a/kubernetes/aaf/components/aaf-sshsm/templates/pv-data.yaml b/kubernetes/aaf/components/aaf-sshsm/templates/pv-data.yaml new file mode 100644 index 0000000000..b566b11458 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/templates/pv-data.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.PV" (dict "dot" . "persistenceInfos" .Values.persistence.data) }} diff --git a/kubernetes/aaf/components/aaf-sshsm/templates/pv-dbus.yaml b/kubernetes/aaf/components/aaf-sshsm/templates/pv-dbus.yaml new file mode 100644 index 0000000000..b3e7f9fabd --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/templates/pv-dbus.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.PV" (dict "dot" . "suffix" "dbus" "persistenceInfos" .Values.persistence.dbus) }} diff --git a/kubernetes/aaf/components/aaf-sshsm/templates/pvc-data.yaml b/kubernetes/aaf/components/aaf-sshsm/templates/pvc-data.yaml new file mode 100644 index 0000000000..b8971cc03c --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/templates/pvc-data.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.PVC" (dict "dot" . "persistenceInfos" .Values.persistence.data) }} diff --git a/kubernetes/aaf/components/aaf-sshsm/templates/pvc-dbus.yaml b/kubernetes/aaf/components/aaf-sshsm/templates/pvc-dbus.yaml new file mode 100644 index 0000000000..7297d6f81d --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/templates/pvc-dbus.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.PVC" (dict "dot" . "suffix" "dbus" "persistenceInfos" .Values.persistence.dbus) }} diff --git a/kubernetes/aaf/components/aaf-sshsm/templates/secret.yaml b/kubernetes/aaf/components/aaf-sshsm/templates/secret.yaml new file mode 100644 index 0000000000..50b6f36cd3 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/templates/secret.yaml @@ -0,0 +1,22 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ (.Files.Glob "resources/config/*").AsSecrets | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-sshsm/values.yaml b/kubernetes/aaf/components/aaf-sshsm/values.yaml new file mode 100644 index 0000000000..30fb0d2f2f --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/values.yaml @@ -0,0 +1,84 @@ +# Copyright 2018 Intel Corporation, Inc +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + tpm: + enabled: false + # if enabled, nodeselector will use the below + # values in the nodeselector section of the pod + nodeLabel: "tpm-node" + nodeLabelValue: "true" + abrmd: + enabled: true + distcenter: + enabled: true + testca: + enabled: true + persistence: {} + +persistence: + enabled: true + data: + enabled: true + size: 10Mi + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + mountSubPath: sshsm/data + dbus: + enabled: true + size: 10Mi + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + mountSubPath: sshsm/dbus + + + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 20m + memory: 50Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 10m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-templates/Chart.yaml b/kubernetes/aaf/components/aaf-templates/Chart.yaml new file mode 100644 index 0000000000..c8739e0105 --- /dev/null +++ b/kubernetes/aaf/components/aaf-templates/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2020 Orange +# Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Application Authorization Framework Templates +name: aaf-templates +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-templates/requirements.yaml b/kubernetes/aaf/components/aaf-templates/requirements.yaml new file mode 100644 index 0000000000..6afaa06e8a --- /dev/null +++ b/kubernetes/aaf/components/aaf-templates/requirements.yaml @@ -0,0 +1,18 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl new file mode 100644 index 0000000000..bf6931a8e3 --- /dev/null +++ b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl @@ -0,0 +1,67 @@ +{*/ +# Copyright © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/} + +{{- define "aaf.deployment" -}} +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: {{ include "aaf.initContainers" . | nindent 6 }} + containers: + - name: {{ include "common.name" . }} + workingDir: /opt/app/aaf + command: ["bin/{{ .Values.binary }}"] + image: {{ include "common.repository" . }}/{{.Values.global.aaf.image}} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 10 }} + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: aaf-config-vol + - mountPath: /etc/localtime + name: localtime + readOnly: true + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{.Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: aaf-config-vol + emptyDir: {} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl new file mode 100644 index 0000000000..43c511fd6d --- /dev/null +++ b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl @@ -0,0 +1,122 @@ +{*/ +# Copyright © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/} + +{{- define "aaf.permissionFixer" -}} +- name: fix-permission + command: + - /bin/sh + args: + - -c + - | + chown -R 1000:1000 /opt/app/aaf + chown -R 1000:1000 /opt/app/osaaf + image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /opt/app/osaaf + name: aaf-config-vol + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{- end -}} + +{{- define "aaf.podConfiguration" }} +- name: {{ include "common.name" . }}-config-container + image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/bash + args: + - -c + - | + cd /opt/app/aaf_config + bin/agent.sh + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: aaf-config-vol + env: + - name: aaf_env + value: "{{ .Values.global.aaf.aaf_env }}" + - name: cadi_latitude + value: "{{ .Values.global.aaf.cadi_latitude }}" + - name: cadi_longitude + value: "{{ .Values.global.aaf.cadi_longitude }}" + - name: cadi_x509_issuers + value: "{{ .Values.global.aaf.cadi_x509_issuers }}" + - name: aaf_locate_url + value: "https://aaf-locate.{{ .Release.Namespace}}:8095" + - name: aaf_locator_container + value: "oom" + - name: aaf_release + value: "{{ .Values.global.aaf.aaf_release }}" + - name: aaf_locator_container_ns + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: aaf_locator_public_fqdn + value: "{{.Values.global.aaf.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.global.aaf.aaf_locator_name}}" + - name: aaf_locator_name_oom + value: "{{.Values.global.aaf.aaf_locator_name_oom}}" + - name: cm_always_ignore_ips + value: "true" + - name: CASSANDRA_CLUSTER + value: "aaf-cass.{{ .Release.Namespace }}" + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{- end -}} + +{{- define "aaf.initContainers" -}} +initContainers: +{{ include "aaf.permissionFixer" . }} +{{- if .Values.sequence_order }} +- name: {{ include "common.name" . }}-aaf-readiness + command: + - /root/ready.py + args: + {{- range $container := .Values.sequence_order }} + - --container-name + - aaf-{{ $container}} + {{- end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{- end }} +{{ include "aaf.podConfiguration" . }} +{{- end }} diff --git a/kubernetes/aaf/components/aaf-templates/values.yaml b/kubernetes/aaf/components/aaf-templates/values.yaml new file mode 100644 index 0000000000..73efdc6132 --- /dev/null +++ b/kubernetes/aaf/components/aaf-templates/values.yaml @@ -0,0 +1,13 @@ +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. |