diff options
author | Andreas Geissler <andreas-geissler@telekom.de> | 2024-04-10 10:45:53 +0200 |
---|---|---|
committer | Andreas Geissler <andreas-geissler@telekom.de> | 2024-04-10 11:01:08 +0200 |
commit | 4b149053969ca20ac0d1cf14fe69bf0eeb042859 (patch) | |
tree | fa446f4598edb8f9746bc944c72043d15dbd4643 /kubernetes/sdnc | |
parent | 5230ed9ba9769c93487ad66d0d1f68eec5134a90 (diff) |
[SDNC] Move dgbuilder and network-name-gen to SDNC
Move the charts from /common to sdnc/components and simplify
the DB creation.
Issue-ID: OOM-3286
Change-Id: Ib0c53e51b96ad2e1573859b9d938e700c0bea4ac
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Diffstat (limited to 'kubernetes/sdnc')
19 files changed, 919 insertions, 5 deletions
diff --git a/kubernetes/sdnc/Chart.yaml b/kubernetes/sdnc/Chart.yaml index 4a0c9eb607..f98bc4e12d 100644 --- a/kubernetes/sdnc/Chart.yaml +++ b/kubernetes/sdnc/Chart.yaml @@ -1,6 +1,7 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,7 +18,7 @@ apiVersion: v2 description: SDN Controller name: sdnc -version: 13.0.1 +version: 13.0.2 dependencies: - name: common @@ -52,19 +53,19 @@ dependencies: # conditions for sdnc-subcharts - name: dmaap-listener version: ~13.x-0 - repository: 'file://components/dmaap-listener/' + repository: '@local' condition: sdnc.dmaap-listener.enabled,dmaap-listener.enabled - name: ueb-listener version: ~13.x-0 - repository: 'file://components/ueb-listener/' + repository: '@local' condition: sdnc.ueb-listener.enabled,ueb-listener.enabled - name: sdnc-ansible-server version: ~13.x-0 - repository: 'file://components/sdnc-ansible-server/' + repository: '@local' condition: sdnc.sdnc-ansible-server.enabled,sdnc-ansible-server.enabled - name: sdnc-web version: ~13.x-0 - repository: 'file://components/sdnc-web/' + repository: '@local' condition: sdnc.sdnc-web.enabled,sdnc-web.enabled - name: repositoryGenerator version: ~13.x-0 diff --git a/kubernetes/sdnc/components/dgbuilder/.helmignore b/kubernetes/sdnc/components/dgbuilder/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/sdnc/components/dgbuilder/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/sdnc/components/dgbuilder/Chart.yaml b/kubernetes/sdnc/components/dgbuilder/Chart.yaml new file mode 100644 index 0000000000..ff32f4e8a2 --- /dev/null +++ b/kubernetes/sdnc/components/dgbuilder/Chart.yaml @@ -0,0 +1,31 @@ +# Copyright © 2018 AT&T, Amdocs, Bell Canada +# Modifications Copyright © 2021 Orange +# Modifications Copyright © 2021 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v2 +description: D.G. Builder application +name: dgbuilder +version: 13.0.0 + +dependencies: + - name: common + version: ~13.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~13.x-0 + repository: '@local' + - name: serviceAccount + version: ~13.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdnc/components/dgbuilder/resources/config/customSettings.js b/kubernetes/sdnc/components/dgbuilder/resources/config/customSettings.js new file mode 100644 index 0000000000..abaab57254 --- /dev/null +++ b/kubernetes/sdnc/components/dgbuilder/resources/config/customSettings.js @@ -0,0 +1,58 @@ +/* Copyright © 2017 AT&T, Amdocs, Bell Canada +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +module.exports={ + "name": "Release sdnc1.0", + "emailAddress": "dguser@onap.org", + "uiPort": 3100, + "mqttReconnectTime": 15000, + "serialReconnectTime": 15000, + "debugMaxLength": 1000, + "htmlPath": "releases/sdnc1.0/html/", + "xmlPath": "releases/sdnc1.0/xml/", + "flowFile": "releases/sdnc1.0/flows/flows.json", + "sharedDir": "releases/sdnc1.0/flows/shared", + "userDir": "releases/sdnc1.0", + "httpAuth": { + "user": "${HTTP_USER}", + "pass": "${HTTP_PASSWORD}" + }, + "dbHost": "{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}", + "dbPort": "3306", + "dbName": "{{.Values.config.db.dbName}}", + "dbUser": "${DB_USER}", + "dbPassword": "${DB_PASSWORD}", + "gitLocalRepository": "", + "restConfUrl": "http://localhost:8181/restconf/operations/SLI-API:execute-graph", + "restConfUser": "${REST_CONF_USER}", + "restConfPassword": "${REST_CONF_PASSWORD}", + "formatXML": "Y", + "formatJSON": "Y", + "httpRoot": "/", + "disableEditor": false, + "httpAdminRoot": "/", + "httpAdminAuth": { + "user": "${HTTP_ADMIN_USER}", + "pass": "${HTTP_ADMIN_PASSWORD}" + }, + "httpNodeRoot": "/", + "httpNodeAuth": { + "user": "${HTTP_NODE_USER}", + "pass": "${HTTP_NODE_PASSWORD}" + }, + "uiHost": "0.0.0.0", + "version": "0.9.1", + "performGitPull": "N" +} diff --git a/kubernetes/sdnc/components/dgbuilder/resources/config/svclogic.properties b/kubernetes/sdnc/components/dgbuilder/resources/config/svclogic.properties new file mode 100644 index 0000000000..01edb4d411 --- /dev/null +++ b/kubernetes/sdnc/components/dgbuilder/resources/config/svclogic.properties @@ -0,0 +1,21 @@ +{{/* +# Copyright © 2018 AT&T, Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +org.onap.ccsdk.sli.dbtype=jdbc +org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/{{.Values.config.db.dbName}} +org.onap.ccsdk.sli.jdbc.database={{.Values.config.db.dbName}} +org.onap.ccsdk.sli.jdbc.user=${DB_USER} +org.onap.ccsdk.sli.jdbc.password=${DB_PASSWORD} diff --git a/kubernetes/sdnc/components/dgbuilder/templates/NOTES.txt b/kubernetes/sdnc/components/dgbuilder/templates/NOTES.txt new file mode 100644 index 0000000000..27db4f3535 --- /dev/null +++ b/kubernetes/sdnc/components/dgbuilder/templates/NOTES.txt @@ -0,0 +1,25 @@ +# Copyright © 2018 AT&T, Amdocs, Bell Canada +# +# This file is licensed under the CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE +# +# Full license text at https://creativecommons.org/licenses/by/4.0/legalcode + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/sdnc/components/dgbuilder/templates/configmap.yaml b/kubernetes/sdnc/components/dgbuilder/templates/configmap.yaml new file mode 100644 index 0000000000..05699e6107 --- /dev/null +++ b/kubernetes/sdnc/components/dgbuilder/templates/configmap.yaml @@ -0,0 +1,28 @@ +{{/* +# Copyright © 2018 AT&T, Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-config + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/sdnc/components/dgbuilder/templates/deployment.yaml b/kubernetes/sdnc/components/dgbuilder/templates/deployment.yaml new file mode 100644 index 0000000000..ab0b21c5b6 --- /dev/null +++ b/kubernetes/sdnc/components/dgbuilder/templates/deployment.yaml @@ -0,0 +1,133 @@ +{{/* +# Copyright © 2018 AT&T, Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} + - name: HTTP_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "http-user-creds" "key" "login") | indent 10 }} + - name: HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "http-user-creds" "key" "password") | indent 10 }} + - name: HTTP_ADMIN_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "admin-creds" "key" "login") | indent 10 }} + - name: HTTP_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "admin-creds" "key" "password") | indent 10 }} + - name: HTTP_NODE_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "node-creds" "key" "login") | indent 10 }} + - name: HTTP_NODE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "node-creds" "key" "password") | indent 10 }} + - name: REST_CONF_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }} + - name: REST_CONF_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: config-input + - mountPath: /config + name: config + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - command: + - /app/ready.py + args: + - --service-name + - {{ .Values.config.dbServiceName }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + resources: + limits: + cpu: "100m" + memory: "500Mi" + requests: + cpu: "3m" + memory: "20Mi" + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/bin/bash"] + args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && ./start.sh sdnc1.0 && wait"] + ports: {{- include "common.containerPorts" . | indent 10 }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: SDNC_CONFIG_DIR + value: /opt/onap/sdnc/data/properties + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: config + mountPath: /opt/app/application.properties + subPath: application.properties + - name: config + mountPath: /opt/onap/ccsdk/dgbuilder/releases/sdnc1.0/conf/svclogic.properties + subPath: svclogic.properties + - name: config + mountPath: /opt/onap/ccsdk/dgbuilder/svclogic/svclogic.properties + subPath: svclogic.properties + - name: config + mountPath: /opt/onap/ccsdk/dgbuilder/releases/sdnc1.0/customSettings.js + subPath: customSettings.js + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: config-input + configMap: + name: {{ include "common.fullname" . }}-config + - name: config + emptyDir: + medium: Memory + {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/sdnc/components/dgbuilder/templates/ingress.yaml b/kubernetes/sdnc/components/dgbuilder/templates/ingress.yaml new file mode 100644 index 0000000000..4392308e38 --- /dev/null +++ b/kubernetes/sdnc/components/dgbuilder/templates/ingress.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright © 2020 Samsung, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ include "common.ingress" . }} diff --git a/kubernetes/sdnc/components/dgbuilder/templates/secrets.yaml b/kubernetes/sdnc/components/dgbuilder/templates/secrets.yaml new file mode 100644 index 0000000000..4b4849980c --- /dev/null +++ b/kubernetes/sdnc/components/dgbuilder/templates/secrets.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2018 AT&T, Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/sdnc/components/dgbuilder/templates/service.yaml b/kubernetes/sdnc/components/dgbuilder/templates/service.yaml new file mode 100644 index 0000000000..53f04104d9 --- /dev/null +++ b/kubernetes/sdnc/components/dgbuilder/templates/service.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2018 AT&T, Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/sdnc/components/dgbuilder/values.yaml b/kubernetes/sdnc/components/dgbuilder/values.yaml new file mode 100644 index 0000000000..68cb86bd7e --- /dev/null +++ b/kubernetes/sdnc/components/dgbuilder/values.yaml @@ -0,0 +1,180 @@ +# Copyright © 2018 AT&T, Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Global configuration default values that can be inherited by +# all subcharts. +################################################################# +global: + # Change to an unused port prefix range to prevent port conflicts + # with other instances running within the same k8s cluster + nodePortPrefix: 302 + + # image pull policy + pullPolicy: Always + + # default mount path root directory referenced + # by persistent volumes and log files + persistence: + mountPath: /dockerdata-nfs + + # flag to enable debugging - application support required + debugEnabled: true + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: 'db-root-password' + type: password + externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' + password: '{{ .Values.config.db.rootPassword }}' + - uid: 'db-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.db.userPassword }}' + - uid: 'http-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.httpCredsExternalSecret) . }}' + login: '{{ .Values.config.httpUser }}' + password: '{{ .Values.config.dgUserPassword }}' + - uid: 'admin-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.adminCredsExternalSecret) . }}' + login: '{{ .Values.config.adminUser }}' + password: '{{ .Values.config.dgUserPassword }}' + - uid: 'node-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.nodeCredsExternalSecret) . }}' + login: '{{ .Values.config.nodeUser }}' + password: '{{ .Values.config.dgUserPassword }}' + - uid: 'restconf-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.restconfCredsExternalSecret) . }}' + login: '{{ .Values.config.restconfUser }}' + password: '{{ .Values.config.restconfPassword }}' + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/ccsdk-dgbuilder-image:1.5.1 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +config: + db: + dbName: sdnctl + # unused for now to preserve the API + rootPassword: openECOMP1.0 + # rootPasswordExternalSecret: some secret + userName: sdnctl + # unused for now to preserve the API + userPassword: gamma + # userCredentialsExternalSecret: some secret + httpUser: dguser + # unused for now to preserve the API + httpPassword: cc03e747a6afbbcbf8be7668acfebee5 + # httpCredsExternalSecret: some secret + adminUser: dguser + # unused for now to preserve the API + adminPassword: cc03e747a6afbbcbf8be7668acfebee5 + # adminCredsExternalSecret: some secret + nodeUser: dguser + # unused for now to preserve the API + nodePassword: cc03e747a6afbbcbf8be7668acfebee5 + # nodeCredsExternalSecret: some secret + restconfUser: admin + # unused for now to preserve the API + restconfPassword: admin + # restconfCredsExternalSecret: some secret + + dbPodName: mysql-db + dbServiceName: sdnc-dbhost + # MD5 hash of dguser password ( default: test123 ) + dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: NodePort + name: dgbuilder + internalPort: 3100 + ports: + - name: http + port: 3100 + nodePort: 28 + +ingress: + enabled: false + service: + - baseaddr: "dgbuilder" + name: "dgbuilder" + port: 3100 + config: + ssl: "redirect" + +#Resource Limit flavor -By Default using small +flavor: small +#segregation for different envionment (Small and Large) + +resources: + small: + limits: + cpu: "2" + memory: "4Gi" + requests: + cpu: "1" + memory: "2Gi" + large: + limits: + cpu: "4" + memory: "8Gi" + requests: + cpu: "2" + memory: "4Gi" + unlimited: {} + +podAnnotations: + # Workarround to exclude K8S API from istio communication + # as init-container (readinessCheck) does not work with the + # Istio CNI plugin, see: + # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers) + traffic.sidecar.istio.io/excludeOutboundPorts: "443" + +#Pods Service Account +serviceAccount: + nameOverride: dgbuilder + roles: + - read diff --git a/kubernetes/sdnc/components/network-name-gen/Chart.yaml b/kubernetes/sdnc/components/network-name-gen/Chart.yaml new file mode 100644 index 0000000000..e998a64ecc --- /dev/null +++ b/kubernetes/sdnc/components/network-name-gen/Chart.yaml @@ -0,0 +1,34 @@ +# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2021 Orange
+# Modifications Copyright © 2021 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+description: Name Generation Micro Service
+name: network-name-gen
+version: 13.0.0
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: mariadb-init
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdnc/components/network-name-gen/resources/config/aai_keystore b/kubernetes/sdnc/components/network-name-gen/resources/config/aai_keystore Binary files differnew file mode 100644 index 0000000000..83cae95273 --- /dev/null +++ b/kubernetes/sdnc/components/network-name-gen/resources/config/aai_keystore diff --git a/kubernetes/sdnc/components/network-name-gen/templates/deployment.yaml b/kubernetes/sdnc/components/network-name-gen/templates/deployment.yaml new file mode 100644 index 0000000000..fbb8044630 --- /dev/null +++ b/kubernetes/sdnc/components/network-name-gen/templates/deployment.yaml @@ -0,0 +1,120 @@ +{{/* +# Copyright (C) 2018 AT&T Intellectual Property. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - name: {{ include "common.name" . }}-readiness + command: + - /app/ready.py + args: +{{- if .Values.global.mariadbGalera.localCluster }} + - --app-name + - {{ index .Values "mariadb-galera" "nameOverride" }} +{{- else }} + - --job-name + - {{ include "common.release" . }}-{{ index .Values "mariadb-init" "nameOverride" }}-config-job +{{- end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: + limits: + cpu: "100m" + memory: "500Mi" + requests: + cpu: "3m" + memory: "20Mi" + containers: + - name: {{ include "common.name" . }} + command: + - bash + args: + - '-c' + - 'export POL_BASIC_AUTH=`echo -n $POL_BASIC_AUTH_USER:$POL_BASIC_AUTH_PASSWORD | base64`; /startService.sh' + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: SPRING_PROFILE + value: "{{ .Values.config.springProfile }}" + - name: NENG_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "login") | indent 10}} + - name: NENG_DB_PASS + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}} + - name: NENG_DB_URL + value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-init" "config" "mysqlDatabase" }} + - name: POL_CLIENT_AUTH + value: "{{ .Values.config.polClientAuth }}" + - name: POL_BASIC_AUTH_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pol-basic-auth-secret" "key" "login") | indent 10}} + - name: POL_BASIC_AUTH_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pol-basic-auth-secret" "key" "password") | indent 10}} + - name: POL_URL + {{- if (include "common.needTLS" .) }} + value: "{{ .Values.config.polUrl.https }}" + {{- else }} + value: "{{ .Values.config.polUrl.http }}" + {{- end }} + - name: POL_ENV + value: "{{ .Values.config.polEnv }}" + - name: POL_REQ_ID + value: "{{ .Values.config.polReqId }}" + - name: AAI_CERT_PASS + value: "{{ .Values.config.aaiCertPass }}" + - name: AAI_CERT_PATH + value: "{{ .Values.config.aaiCertPath }}" + - name: AAI_URI + {{- if (include "common.needTLS" .) }} + value: "{{ .Values.config.aaiUri.https }}" + {{- else }} + value: "{{ .Values.config.aaiUri.http }}" + {{- end }} + - name: AAI_AUTH + value: "{{ .Values.config.aaiAuth }}" + - name: DISABLE_HOST_VERIFICATION + value: "{{ .Values.config.disableHostVerification }}" + volumeMounts: + - name: certs + mountPath: /opt/etc/config/aai_keystore + subPath: aai_keystore + readOnly: true + resources: {{ include "common.resources" . | nindent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: + - name: certs + secret: + secretName: {{ include "common.release" . }}-aai-keystore + {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/sdnc/components/network-name-gen/templates/secrets.yaml b/kubernetes/sdnc/components/network-name-gen/templates/secrets.yaml new file mode 100644 index 0000000000..61b83d7a9b --- /dev/null +++ b/kubernetes/sdnc/components/network-name-gen/templates/secrets.yaml @@ -0,0 +1,31 @@ +{{/* +# Copyright (c) 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} +--- +apiVersion: v1 +data: +{{ tpl (.Files.Glob "resources/config/aai_keystore").AsSecrets . | indent 2 }} +metadata: + name: {{ include "common.release" . }}-aai-keystore + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +kind: Secret +type: Opaque diff --git a/kubernetes/sdnc/components/network-name-gen/templates/service.yaml b/kubernetes/sdnc/components/network-name-gen/templates/service.yaml new file mode 100644 index 0000000000..aac71f7eb3 --- /dev/null +++ b/kubernetes/sdnc/components/network-name-gen/templates/service.yaml @@ -0,0 +1,43 @@ +{{/* +# Copyright (C) 2018 AT&T Intellectual Property. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app.kubernetes.io/name: {{ include "common.name" . }} + app.kubernetes.io/instance: {{ include "common.release" . }} + diff --git a/kubernetes/sdnc/components/network-name-gen/values.yaml b/kubernetes/sdnc/components/network-name-gen/values.yaml new file mode 100644 index 0000000000..9d6a0aef5c --- /dev/null +++ b/kubernetes/sdnc/components/network-name-gen/values.yaml @@ -0,0 +1,136 @@ +# Copyright (C) 2018 AT&T Intellectual Property. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Global configuration default values that can be inherited by +# all subcharts. +################################################################# +global: + + # Change to an unused port prefix range to prevent port conflicts + # with other instances running within the same k8s cluster + nodePortPrefix: 302 + + # image pull policy + pullPolicy: IfNotPresent + + mariadbGalera: &mariadbGalera + # flag to enable the DB creation via mariadb-operator + useOperator: true + localCluster: false + service: &dbService mariadb-galera + internalPort: &dbPort 3306 + nameOverride: mariadb-galera + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: neng-db-secret + name: &dbUserSecretName '{{ include "common.release" . }}-neng-db-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.externalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.db.userPassword }}' + - uid: pol-basic-auth-secret + name: '{{ include "common.release" . }}-pol-basic-auth-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.polBasicAuthSecret) . }}' + login: '{{ .Values.config.polBasicAuthUser }}' + password: '{{ .Values.config.polBasicAuthPassword }}' + +mariadb-init: + config: + userCredentialsExternalSecret: *dbUserSecretName + mysqlDatabase: nengdb + nameOverride: nengdb-init + mariadb-galera: + nameOverride: *dbService + service: + internalPort: *dbPort + serviceAccount: + nameOverride: nengdb-init + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/ccsdk-apps-ms-neng:1.4.0 +pullPolicy: IfNotPresent + +# application configuration +config: + db: + userName: nenguser + # userPassword: password + # userCredentialsExternalSecret: some-secret + springProfile: live + polClientAuth: cHl0aG9uOnRlc3Q= + polBasicAuthUser: healthcheck + polBasicAuthPassword: zb!XztG34 + polUrl: + https: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision + http: http://policy-xacml-pdp:6969/policy/pdpx/v1/decision + polEnv: TEST + polReqId: xx + disableHostVerification: true + aaiCertPass: changeit + aaiCertPath: /opt/etc/config/aai_keystore + aaiAuth: QUFJOkFBSQ== + aaiUri: + https: https://aai:8443/aai/v14/ + http: http://aai:80/aai/v14/ + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: false + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: ClusterIP + name: neng-serv + portName: http + internalPort: 8080 + externalPort: 8080 + +ingress: + enabled: false + +resources: {} + +podAnnotations: + # Workarround to exclude K8S API from istio communication + # as init-container (readinessCheck) does not work with the + # Istio CNI plugin, see: + # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers) + traffic.sidecar.istio.io/excludeOutboundPorts: "443" + +#Pods Service Account +serviceAccount: + nameOverride: network-name-gen + roles: + - read diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 1c7fa9eb0a..e6a12ab744 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -416,6 +416,7 @@ kafkaUser: *kafkaUser # dependency / sub-chart configuration network-name-gen: enabled: true + mariadb-galera: &mariadbGalera nameOverride: &sdnc-db sdnc-db config: &mariadbGaleraConfig |