summaryrefslogtreecommitdiffstats
path: root/kubernetes/sdnc
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-05-29 11:58:46 +0000
committerGerrit Code Review <gerrit@onap.org>2020-05-29 11:58:46 +0000
commit6c988d8ecf867cf1788f984120a380d386e95a9e (patch)
tree167954f19d4f6dc5be924168584381e3795f379c /kubernetes/sdnc
parente14332541c971f4f158f22a93cbcd6dc2e74c6b9 (diff)
parent305b209ee53c6b581ae0f0348d948366ecbf02b5 (diff)
Merge changes I9b3c7aab,Ia75ba66d,I66886290,I630154c4,I42bb5a88, ... into frankfurt
* changes: [COMMON] Use common aaf template in elasticsearch [PORTAL] Move portal subcharts to components [SDNC] Use common aaf template in sdnc [COMMON] Fix certInitializer to use proper global values [DMAAP] Use common aaf template in dmaap-bc [COMMON] Fix certInitializer [COMMON] Override truststore in aaf_agent image
Diffstat (limited to 'kubernetes/sdnc')
-rw-r--r--kubernetes/sdnc/requirements.yaml3
-rw-r--r--kubernetes/sdnc/templates/configmap.yaml13
-rw-r--r--kubernetes/sdnc/templates/pv-certs.yaml39
-rw-r--r--kubernetes/sdnc/templates/pvc.yaml28
-rw-r--r--kubernetes/sdnc/templates/statefulset.yaml20
-rw-r--r--kubernetes/sdnc/values.yaml44
6 files changed, 16 insertions, 131 deletions
diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml
index 3f44c6dca1..a283678bc5 100644
--- a/kubernetes/sdnc/requirements.yaml
+++ b/kubernetes/sdnc/requirements.yaml
@@ -16,6 +16,9 @@ dependencies:
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
- name: network-name-gen
version: ~6.x-0
repository: '@local'
diff --git a/kubernetes/sdnc/templates/configmap.yaml b/kubernetes/sdnc/templates/configmap.yaml
index cd39425073..087ed30055 100644
--- a/kubernetes/sdnc/templates/configmap.yaml
+++ b/kubernetes/sdnc/templates/configmap.yaml
@@ -78,16 +78,3 @@ metadata:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Get "resources/env.yaml") . | indent 2 }}
-
-{{ if .Values.global.aafEnabled }}
-{{- if .Values.aafConfig.addconfig -}}
----
-apiVersion: v1
-kind: ConfigMap
-{{- $suffix := "aaf-add-config" }}
-metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
-data:
- aaf-add-config.sh: |-
- cd /opt/app/osaaf/local && /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.aafConfig.credsPath }}/.pass 2>&1
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/sdnc/templates/pv-certs.yaml b/kubernetes/sdnc/templates/pv-certs.yaml
deleted file mode 100644
index 8aa9af4bf1..0000000000
--- a/kubernetes/sdnc/templates/pv-certs.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-{{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-
-{{ if .Values.certpersistence.enabled }}
----
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-certs
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}-certs
-spec:
- capacity:
- storage: {{ .Values.certpersistence.size }}
- accessModes:
- - {{ .Values.certpersistence.accessMode }}
- storageClassName: "{{ include "common.fullname" . }}-certs"
- persistentVolumeReclaimPolicy: {{ .Values.certpersistence.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.certpersistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.certpersistence.mountSubPath }}
-{{ end }}
diff --git a/kubernetes/sdnc/templates/pvc.yaml b/kubernetes/sdnc/templates/pvc.yaml
deleted file mode 100644
index aed3d161d3..0000000000
--- a/kubernetes/sdnc/templates/pvc.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-{{- if and .Values.certpersistence.enabled (not .Values.certpersistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" .}}-certs
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}-certs
-{{- if .Values.certpersistence.annotations }}
- annotations:
-{{ toYaml .Values.certpersistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.certpersistence.accessMode }}
- resources:
- requests:
- storage: {{ .Values.certpersistence.size }}
-{{- if eq "True" (include "common.needPV" .) }}
- storageClassName: "{{ include "common.fullname" . }}-certs"
-{{- else }}
- storageClassName: {{ include "common.storageClass" . }}
- {{- end }}
-{{- end -}}
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index 58ca866fca..6b2f6628f3 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -91,18 +91,16 @@ spec:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- {{ if .Values.global.aafEnabled }}
-{{ include "common.aaf-config" . | indent 6 }}
- {{ end }}
+
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+
- name: {{ include "common.name" . }}-chown
image: "busybox"
- command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} ; chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certpersistence.certPath }}"]
+ command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} ; chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}"]
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: {{ .Values.persistence.mdsalPath }}
name: {{ include "common.fullname" . }}-data
-{{- if .Values.global.aafEnabled }}
-{{ include "common.aaf-config-volume-mountpath" . | indent 10 }}
-{{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -151,9 +149,7 @@ spec:
- name: JAVA_HOME
value: "{{ .Values.config.javaHome}}"
volumeMounts:
- {{- if .Values.global.aafEnabled }}
-{{ include "common.aaf-config-volume-mountpath" . | indent 10 }}
- {{- end }}
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -257,9 +253,7 @@ spec:
- name: {{ include "common.fullname" . }}-data
emptyDir: {}
{{ else }}
- {{- if .Values.global.aafEnabled }}
-{{ include "common.aaf-config-volumes" . | indent 8 }}
- {{- end }}
+{{ include "common.certInitializer.volumes" . | nindent 8 }}
volumeClaimTemplates:
- metadata:
name: {{ include "common.fullname" . }}-data
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 96ea6e33fd..cbb13417b4 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -24,7 +24,6 @@ global:
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
- aafAgentImage: onap/aaf/aaf_agent:2.1.15
persistence:
mountPath: /dockerdata-nfs
aafEnabled: true
@@ -70,12 +69,6 @@ secrets:
password: '{{ .Values.config.odlPassword }}'
# For now this is left hardcoded but should be revisited in a future
passwordPolicy: required
- - uid: &aaf_secret_uid aaf-creds
- type: basicAuth
- externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
- login: '{{ .Values.aaf_init.deploy_fqi }}'
- password: '{{ .Values.aaf_init.deploy_pass }}'
- passwordPolicy: required
- uid: netbox-apikey
type: password
externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}'
@@ -195,8 +188,8 @@ config:
numberGGLogFiles: 10
# dependency / sub-chart configuration
-aafConfig:
- addconfig: true
+certInitializer:
+ nameOverride: sdnc-cert-initializer
fqdn: "sdnc"
app_ns: "org.osaaf.aaf"
fqi: "sdnc@sdnc.onap.org"
@@ -206,19 +199,10 @@ aafConfig:
aafDeployPass: demo123456!
cadi_latitude: "38.0"
cadi_longitude: "-72.0"
- secret_uid: *aaf_secret_uid
credsPath: /opt/app/osaaf/local
-
-aaf_init:
- agentImage: onap/aaf/aaf_agent:2.1.15
- app_ns: "org.osaaf.aaf"
- fqi: "sdnc@sdnc.onap.org"
- fqdn: "sdnc"
- public_fqdn: "sdnc.onap.org"
- deploy_fqi: "deployer@people.osaaf.org"
- deploy_pass: "demo123456!"
- cadi_latitude: "38.0"
- cadi_longitude: "-72.0"
+ aaf_add_config: >
+ cd /opt/app/osaaf/local;
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1
mariadb-galera: &mariadbGalera
nameOverride: sdnc-db
@@ -318,7 +302,7 @@ localElasticCluster: true
elasticsearch:
nameOverride: sdnrdb
name: sdnrdb-cluster
- aafConfig:
+ certInitializer:
fqdn: "sdnc"
fqi_namespace: org.onap.sdnc
fqi: "sdnc@sdnc.onap.org"
@@ -414,22 +398,6 @@ persistence:
mountSubPath: sdnc/mdsal
mdsalPath: /opt/opendaylight/current/daexim
-certpersistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
-
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- size: 50Mi
- mountPath: /dockerdata-nfs
- mountSubPath: sdnc/certs
- certPath: /opt/app/osaaf
- ##storageClass: "manual"
-
ingress:
enabled: false
service: