[COMMON] New templates to handle repositories

Current repository templates handles only ONAP "nexus" repository
configuration.
So, all images coming from another repository (currently, OOM is using 4
repository, including nexus one) cannot simply be retrieved from another
one.
This commit add new templates, in a specific chart, in order to change
that.
Now, each for repository can be overidden and all 4 can have a
credentials.

Also, in order to minimize global variables, templates aimed to
retrieve usual utility images (busybox, envsubst, readiness, ...) are
created.

Issue-ID: OOM-2634
Change-Id: I27eb33d830d56ec28f9de68599f5108a262983b3
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
[Reduce code size, add missing busyboxRepository]
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>

3 files changed, 62 insertions, 47 deletions

diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml
index daa2b1e9ca..51f1743773 100755
--- a/kubernetes/onap/requirements.yaml
+++ b/kubernetes/onap/requirements.yaml
@@ -114,6 +114,9 @@ dependencies:
     version: ~6.x-0
     repository: '@local'
     condition: oof.enabled
+  - name: repository-wrapper
+    version: ~6.x-0
+    repository: '@local'
   - name: robot
     version: ~6.x-0
     repository: '@local'
diff --git a/kubernetes/onap/templates/secrets.yaml b/kubernetes/onap/templates/secrets.yaml
deleted file mode 100644
index 725b6d1d41..0000000000
--- a/kubernetes/onap/templates/secrets.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.namespace" . }}-docker-registry-key
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-data:
-  .dockercfg: {{ include "common.repository.secret" . }}
-type: kubernetes.io/dockercfg
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 9473a6abcb..5e5e249f71 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -40,34 +40,73 @@ global:
   addTestingComponents: &testing false
 
   # ONAP Repository
-  # Uncomment the following to enable the use of a single docker
-  # repository but ONLY if your repository mirrors all ONAP
-  # docker images. This includes all images from dockerhub and
-  # any other repository that hosts images for ONAP components.
-  #repository: nexus3.onap.org:10001
+  # Four different repositories are used
+  # You can change individually these repositories to ones that will serve the
+  # right images. If credentials are needed for one of them, see below.
+  repository: nexus3.onap.org:10001
+  dockerHubRepository: &dockerHubRepository docker.io
+  elasticRepository: &elasticRepository docker.elastic.co
+  googleK8sRepository: k8s.gcr.io
+ 
+
+  #/!\ DEPRECATED /!\
+  # Legacy repositories which will be removed at the end of migration.
+  # Please don't use
+  loggingRepository: *elasticRepository
+  busyboxRepository: *dockerHubRepository
+
+  # Default credentials
+  # they're optional. If the target repository doesn't need them, comment them
   repositoryCred:
     user: docker
     password: docker
-  dockerHubRepository: docker.io
-
-  # readiness check
-  readinessImage: onap/oom/readiness:3.0.1
+  # If you want / need authentication on the repositories, please set
+  # Don't set them if the target repo is the same than others
+  # so id you've set repository to value `my.private.repo` and same for
+  # dockerHubRepository, you'll have to configure only repository (exclusive) OR
+  # dockerHubCred.
+  # dockerHubCred:
+  #   user: myuser
+  #   password: mypassord
+  # elasticCred:
+  #   user: myuser
+  #   password: mypassord
+  # googleK8sCred:
+  #   user: myuser
+  #   password: mypassord
+
+
+  # common global images
+  # Busybox for simple shell manipulation
+  busyboxImage: busybox:1.32
 
   # curl image
   curlImage: curlimages/curl:7.69.1
 
-  # logging agent - temporary repo until images migrated to nexus3
-  loggingRepository: docker.elastic.co
+  # env substitution image
+  envsubstImage: dibi/envsubst:1
+
+  # generate htpasswd files image
+  # there's only latest image for htpasswd
+  htpasswdImage: xmartlabs/htpasswd:latest
+
+  # kubenretes client image
+  kubectlImage: bitnami/kubectl:1.19
 
-  # dockerHub main repository
-  dockerHubRepository: docker.io
+  # logging agent
+  loggingImage: beats/filebeat:5.5.0
 
-  # busybox repo and image
-  busyboxRepository: docker.io
-  busyboxImage: busybox:1.30
+  # mariadb client image
+  mariadbImage: mariadb:10.1.48
 
-  # kubeclt image
-  kubectlImage: "bitnami/kubectl:1.15"
+  # nginx server image
+  nginxImage: bitnami/nginx:1.18-debian-10
+
+  # postgreSQL client and server image
+  postgresImage: crunchydata/crunchy-postgres:centos7-10.11-4.2.1
+
+  # readiness check image
+  readinessImage: onap/oom/readiness:3.0.1
 
   # image pull policy
   pullPolicy: Always
@@ -320,3 +359,5 @@ a1policymanagement:
 
 cert-wrapper:
   enabled: true
+repository-wrapper:
+  enabled: true