diff options
24 files changed, 381 insertions, 47 deletions
diff --git a/.gitignore b/.gitignore index 11c7e801d7..cb4cb34579 100644 --- a/.gitignore +++ b/.gitignore @@ -31,3 +31,6 @@ requirements.lock # Mac OS *DS_Store* + +# dist +dist diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst index 51c28c2ca3..2c1e48e01b 100644 --- a/docs/oom_quickstart_guide.rst +++ b/docs/oom_quickstart_guide.rst @@ -78,6 +78,8 @@ openssl algorithm that works with the python based Robot Framework. cd so/resources/config/mso/ /oom/kubernetes/so/resources/config/mso# echo -n "<openstack tenant password>" | openssl aes-128-ecb -e -K `cat encryption.key` -nosalt | xxd -c 256 -p`` + Use OS_PASSWORD value from openstack .RC file for "openstack tenant password" + c. Generating SO Encrypted Password: The SO Encrypted Password uses a java based encryption utility since the Java encryption library is not easy to integrate with openssl/python that @@ -87,7 +89,7 @@ Robot uses in Dublin and upper versions. To generate SO ``openStackEncryptedPasswordHere`` and ``openStackSoEncryptedPassword`` ensure `default-jdk` is installed:: - apt-get update; apt-get install default-jdk + sudo apt-get update; sudo apt-get install default-jdk Then execute:: @@ -130,6 +132,10 @@ observe the following constraints. deployment need not worry about this setting but for the demonstration VNFs the ip asssignment strategy assumes 10.0 ip prefix. +.. note:: + Copy below required openstack.yaml file and update the parameters for the variables + accordingly from openstack environment (openrc file) and replace + Example Keystone v2.0 .. literalinclude:: example-integration-override.yaml @@ -246,4 +252,17 @@ for use:: > helm undeploy dev --purge +.. note:: + After undeploy follow the below steps to cleanup everything before redeplying ONAP + +:: + + > kubectl delete namespace onap + + > kubectl delete pv -n onap --all + + > kubectl delete pvc -n onap --all + + > sudo rm -rf /dockerdata-nfs/* + More examples of using the deploy and undeploy plugins can be found here: https://wiki.onap.org/display/DW/OOM+Helm+%28un%29Deploy+plugins diff --git a/kubernetes/aaf/.gitignore b/kubernetes/aaf/.gitignore index 3a4f8ba352..71fbb5cbb9 100644 --- a/kubernetes/aaf/.gitignore +++ b/kubernetes/aaf/.gitignore @@ -1 +1,2 @@ /sms/ +components/dist diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml index f321e54fd1..9645b20cd2 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml @@ -109,11 +109,8 @@ spec: env: - name: APP_CONFIG_HOME value: {{ .Values.config.appConfigDir }} - - name: USE_SCRIPT_COMPILE_CACHE - value: {{ .Values.config.useScriptCompileCache | quote }} - # Cluster should only be enabled when replicaCount is more than 2 and useScriptCompileCache is set to false otherwise it won't work properly - name: CLUSTER_ENABLED - value: {{ if and (gt (int (.Values.replicaCount)) 2) (not .Values.config.useScriptCompileCache) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }} + value: {{ if (gt (int (.Values.replicaCount)) 2) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }} - name: CLUSTER_ID value: {{ .Values.cluster.clusterName }} - name: CLUSTER_NODE_ID diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml index 629b8252cc..1b456983f7 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml @@ -60,7 +60,6 @@ debugEnabled: false # application configuration config: appConfigDir: /opt/app/onap/config - useScriptCompileCache: false sdncDB: dbService: mariadb-galera dbPort: 3306 @@ -130,7 +129,6 @@ persistence: cluster: # Cannot have cluster enabled if the replicaCount is not at least 3 - # AND config value useScriptCompileCache is not set to false enabled: true clusterName: cds-cluster diff --git a/kubernetes/common/Makefile b/kubernetes/common/Makefile index 43d62f1a82..c7aba635c1 100644 --- a/kubernetes/common/Makefile +++ b/kubernetes/common/Makefile @@ -21,7 +21,7 @@ COMMON_CHARTS_DIR := common EXCLUDES := PROCESSED_LAST := cert-wrapper repository-wrapper -PROCESSED_FIRST := repositoryGenerator certInitializer +PROCESSED_FIRST := repositoryGenerator readinessCheck certInitializer TO_FILTER := $(PROCESSED_FIRST) $(EXCLUDES) $(PROCESSED_LAST) HELM_BIN := helm diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml index c22f9731b5..19b87b1afa 100644 --- a/kubernetes/common/cmpv2Config/values.yaml +++ b/kubernetes/common/cmpv2Config/values.yaml @@ -14,7 +14,7 @@ global: platform: certServiceClient: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.2 secretName: oom-cert-service-client-tls-secret envVariables: # Certificate related @@ -29,5 +29,5 @@ global: keystorePassword: "secret" truststorePassword: "secret" certPostProcessor: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.1 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.2 diff --git a/kubernetes/common/common/templates/_certificate.tpl b/kubernetes/common/common/templates/_certificate.tpl new file mode 100644 index 0000000000..74f81af901 --- /dev/null +++ b/kubernetes/common/common/templates/_certificate.tpl @@ -0,0 +1,192 @@ +{{/*# +# Copyright © 2020, Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License.*/}} + +{{/* +# This is a template for requesting a certificate from the cert-manager (https://cert-manager.io). +# +# To request a certificate following steps are to be done: +# - create an object 'certificates' in the values.yaml +# - create a file templates/certificates.yaml and invoke the function "commom.certificate". +# +# Here is an example of the certificate request for a component: +# +# Directory structure: +# component +# templates +# certifictes.yaml +# values.yaml +# +# To be added in the file certificates.yamll +# +# To be added in the file values.yaml +# 1. Minimal version (certificates only in PEM format) +# certificates: +# - name: onap-component-certificate +# secretName: onap-component-certificate +# commonName: component.onap.org +# 2. Extended version (with defined own issuer and additional certificate format): +# certificates: +# - name: onap-component-certificate +# secretName: onap-component-certificate +# commonName: component.onap.org +# dnsNames: +# - component.onap.org +# issuer: +# group: certmanager.onap.org +# kind: CMPv2Issuer +# name: cmpv2-issuer-for-the-component +# p12Keystore: +# create: true +# passwordSecretRef: +# name: secret-name +# key: secret-key +# jksKeystore: +# create: true +# passwordSecretRef: +# name: secret-name +# key: secret-key +# +# Fields 'name', 'secretName' and 'commonName' are mandatory and required to be defined. +# Other mandatory fields for the certificate definition do not have to be defined directly, +# in that case they will be taken from default values. +# +# Default values are defined in file onap/values.yaml (see-> global.certificate.default) +# and can be overriden during onap installation process. +# +*/}} + +{{- define "common.certificate" -}} +{{- $dot := default . .dot -}} +{{- $certificates := $dot.Values.certificates -}} + +{{ range $certificate := $certificates }} +{{/*# General certifiacate attributes #*/}} +{{- $name := $certificate.name -}} +{{- $secretName := $certificate.secretName -}} +{{- $commonName := default $dot.Values.global.certificate.default.commonName $certificate.commonName -}} +{{- $renewBefore := default $dot.Values.global.certificate.default.renewBefore $certificate.renewBefore -}} +{{- $duration := $certificate.duration -}} +{{- $namespace := default $dot.Release.Namespace $dot.Values.global.certificate.default.namespace -}} +{{- if $certificate.namespace -}} +{{- $namespace = default $namespace $certificate.namespace -}} +{{- end -}} +{{/*# SAN's #*/}} +{{- $dnsNames := default $dot.Values.global.certificate.default.dnsNames $certificate.dnsNames -}} +{{- $ipAddresses := default $dot.Values.global.certificate.default.ipAddresses $certificate.ipAddresses -}} +{{- $uris := default $dot.Values.global.certificate.default.uris $certificate.uris -}} +{{- $emailAddresses := default $dot.Values.global.certificate.default.emailAddresses $certificate.emailAddresses -}} +{{/*# Subject #*/}} +{{- $subject := $dot.Values.global.certificate.default.subject -}} +{{- if $certificate.subject -}} +{{- $subject = mergeOverwrite $subject $certificate.subject -}} +{{- end -}} +{{/*# Issuer #*/}} +{{- $issuer := $dot.Values.global.certificate.default.issuer -}} +{{- if $certificate.issuer -}} +{{- $issuer = mergeOverwrite $issuer $certificate.issuer -}} +{{- end -}} +{{/*# Keystores #*/}} +{{- $createJksKeystore := $dot.Values.global.certificate.default.jksKeystore.create -}} +{{- $jksKeystorePasswordSecretName := $dot.Values.global.certificate.default.jksKeystore.passwordSecretRef.name -}} +{{- $jksKeystorePasswordSecreKey := $dot.Values.global.certificate.default.jksKeystore.passwordSecretRef.key -}} +{{- $createP12Keystore := $dot.Values.global.certificate.default.p12Keystore.create -}} +{{- $p12KeystorePasswordSecretName := $dot.Values.global.certificate.default.p12Keystore.passwordSecretRef.name -}} +{{- $p12KeystorePasswordSecreKey := $dot.Values.global.certificate.default.p12Keystore.passwordSecretRef.key -}} +{{- if $certificate.jksKeystore -}} +{{- $createJksKeystore = default $createJksKeystore $certificate.jksKeystore.create -}} +{{- if $certificate.jksKeystore.passwordSecretRef -}} +{{- $jksKeystorePasswordSecretName = default $jksKeystorePasswordSecretName $certificate.jksKeystore.passwordSecretRef.name -}} +{{- $jksKeystorePasswordSecreKey = default $jksKeystorePasswordSecreKey $certificate.jksKeystore.passwordSecretRef.key -}} +{{- end -}} +{{- end -}} +{{- if $certificate.p12Keystore -}} +{{- $createP12Keystore = default $createP12Keystore $certificate.p12Keystore.create -}} +{{- if $certificate.p12Keystore.passwordSecretRef -}} +{{- $p12KeystorePasswordSecretName = default $p12KeystorePasswordSecretName $certificate.p12Keystore.passwordSecretRef.name -}} +{{- $p12KeystorePasswordSecreKey = default $p12KeystorePasswordSecreKey $certificate.p12Keystore.passwordSecretRef.key -}} +{{- end -}} +{{- end -}} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ $name }} + namespace: {{ $namespace }} +spec: + secretName: {{ $secretName }} + commonName: {{ $commonName }} + renewBefore: {{ $renewBefore }} + {{- if $duration }} + duration: {{ $duration }} + {{- end }} + subject: + organizations: + - {{ $subject.organization }} + countries: + - {{ $subject.country }} + localities: + - {{ $subject.locality }} + provinces: + - {{ $subject.province }} + organizationalUnits: + - {{ $subject.organizationalUnit }} + {{- if $dnsNames }} + dnsNames: + {{- range $dnsName := $dnsNames }} + - {{ $dnsName }} + {{- end }} + {{- end }} + {{- if $ipAddresses }} + ipAddresses: + {{- range $ipAddress := $ipAddresses }} + - {{ $ipAddress }} + {{- end }} + {{- end }} + {{- if $uris }} + uris: + {{- range $uri := $uris }} + - {{ $uri }} + {{- end }} + {{- end }} + {{- if $emailAddresses }} + emailAddresses: + {{- range $emailAddress := $emailAddresses }} + - {{ $emailAddress }} + {{- end }} + {{- end }} + issuerRef: + group: {{ $issuer.group }} + kind: {{ $issuer.kind }} + name: {{ $issuer.name }} + {{- if or $createJksKeystore $createP12Keystore }} + keystores: + {{- if $createJksKeystore }} + jks: + create: {{ $createJksKeystore }} + passwordSecretRef: + name: {{ $jksKeystorePasswordSecretName }} + key: {{ $jksKeystorePasswordSecreKey }} + {{- end }} + {{- if $createP12Keystore }} + pkcs12: + create: {{ $createP12Keystore }} + passwordSecretRef: + name: {{ $p12KeystorePasswordSecretName }} + key: {{ $p12KeystorePasswordSecreKey }} + {{- end }} + {{- end }} +{{ end }} + +{{- end -}} diff --git a/kubernetes/common/readinessCheck/requirements.yaml b/kubernetes/common/readinessCheck/requirements.yaml index 51e8789caf..9ef1615aae 100644 --- a/kubernetes/common/readinessCheck/requirements.yaml +++ b/kubernetes/common/readinessCheck/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~7.x-0 repository: 'file://../common' + - name: repositoryGenerator + version: ~7.x-0 + repository: 'file://../repositoryGenerator' diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl index aa03938d28..95de6ec29f 100644 --- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl +++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl @@ -65,7 +65,7 @@ {{- $namePart := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "name" -}} {{- $jobs := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "jobs" -}} - name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $namePart) (empty $namePart) }}-readiness - image: "{{ include "common.repository" $subchartDot }}/{{ $subchartDot.Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" $subchartDot }} imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} command: - /app/ready.py diff --git a/kubernetes/common/readinessCheck/values.yaml b/kubernetes/common/readinessCheck/values.yaml index 7bd0c3d679..b15b1c2af3 100644 --- a/kubernetes/common/readinessCheck/values.yaml +++ b/kubernetes/common/readinessCheck/values.yaml @@ -13,7 +13,6 @@ # limitations under the License. global: - readinessImage: onap/oom/readiness:3.0.1 pullPolicy: Always limits: diff --git a/kubernetes/contrib/.gitignore b/kubernetes/contrib/.gitignore new file mode 100644 index 0000000000..7020381894 --- /dev/null +++ b/kubernetes/contrib/.gitignore @@ -0,0 +1 @@ +components/dist diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml index 8c2c0a217b..d05129bc10 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml @@ -21,14 +21,23 @@ {{ if .Values.componentImages.datafile_collector }} tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.datafile_collector }} {{ end }} -host_port: {{ .Values.config.address.datafile_collector.port }} -host_port_secure: {{ .Values.config.address.datafile_collector.portSecure }} -dmaap_mr_host: "{{ .Values.config.address.message_router }}" -dmaap_mr_port: 3904 -dmaap_mr_user: "admin" -dmaap_mr_passwd: "admin" -dmaap_dr_host: "{{ .Values.config.address.dmaap_dr_prov }}" -dmaap_dr_port: 8443 -dmaap_dr_user: "dradmin" -dmaap_dr_passwd: "dradmin" replicas: 1 +log_directory: "/var/log/ONAP" +topic_name: "unauthenticated.VES_NOTIFICATION_OUTPUT" +envs: {} +use_tls: true +PM_MEAS_FILES_feed0_location: "loc00" +feed0_name: "bulk_pm_feed" +consumer_id: "C12" +consumer_group: "OpenDcae-c12" +cert_directory: "/opt/app/datafile/etc/cert/" +external_port: ":0" +datafile-collector_memory_limit: "512Mi" +datafile-collector_memory_request: "512Mi" +datafile-collector_cpu_limit: "250m" +datafile-collector_cpu_request: "250m" +external_cert_use_external_tls: false +external_cert_ca_name: "RA" +external_cert_common_name: "dcae-datafile-collector" +external_cert_sans: "dcae-datafile-collector,datafile-collector,datafile" +external_cert_cert_type: "P12" diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index a3bff07fb2..b3ff95a40d 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -103,7 +103,7 @@ mongo: disableNfsProvisioner: true # application image -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.2.1 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.2.3 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager @@ -115,7 +115,8 @@ componentImages: ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.9 snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0 prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.4 - hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.1 + hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.6.0 + datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.5.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index c13d3cebe6..e187e119dc 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -49,7 +49,7 @@ config: # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.deployments.cm-container:3.4.1 +image: onap/org.onap.dcaegen2.deployments.cm-container:3.4.2 pullPolicy: Always # name of shared ConfigMap with kubeconfig for multiple clusters diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 1998539726..5376940938 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -172,11 +172,37 @@ global: aafEnabled: true aafAgentImage: onap/aaf/aaf_agent:2.1.20 + # default values for certificates + certificate: + default: + renewBefore: 8h + subject: + organization: "Linux-Foundation" + country: "US" + locality: "San-Francisco" + province: "California" + organizationalUnit: "ONAP" + issuer: + group: certmanager.onap.org + kind: CMPv2Issuer + name: cmpv2-issuer-onap + p12Keystore: + create: false + passwordSecretRef: + name: "" + key: "" + jksKeystore: + create: false + passwordSecretRef: + name: "" + key: "" + # Enabling CMPv2 cmpv2Enabled: true + CMPv2CertManagerIntegration: false platform: certServiceClient: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.2 secret: name: oom-cert-service-client-tls-secret mountPath: /etc/onap/oom/certservice/certs/ diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml index 990c36d7a3..0614819930 100644 --- a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml @@ -38,7 +38,7 @@ service: # Deployment configuration deployment: name: oom-certservice-cmpv2issuer - image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.2 proxyImage: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 # fol local development use IfNotPresent pullPolicy: Always diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml index bd415c06b1..8f31124e41 100644 --- a/kubernetes/platform/components/oom-cert-service/values.yaml +++ b/kubernetes/platform/components/oom-cert-service/values.yaml @@ -38,7 +38,7 @@ certificateGenerationImage: onap/integration-java11:7.2.0 # Deployment configuration repository: "nexus3.onap.org:10001" -image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.1 +image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.2 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/portal/components/portal-cassandra/resources/config/cassandra/docker-entrypoint-initdb.d/portal.cql b/kubernetes/portal/components/portal-cassandra/resources/config/cassandra/docker-entrypoint-initdb.d/portal.cql index 4fd368a5b8..21715a9e2a 100644 --- a/kubernetes/portal/components/portal-cassandra/resources/config/cassandra/docker-entrypoint-initdb.d/portal.cql +++ b/kubernetes/portal/components/portal-cassandra/resources/config/cassandra/docker-entrypoint-initdb.d/portal.cql @@ -1,4 +1,5 @@ -// Copyright © 2018 Amdocs, Bell Canada, AT&T +// Copyright (c) 2018 Amdocs, Bell Canada, AT&T +// Modifications Copyright (c) 2020 Nokia // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -66,3 +67,6 @@ CREATE TABLE portal.spring_session_attributes ( AND min_index_interval = 128 AND read_repair_chance = 0.0 AND speculative_retry = '99PERCENTILE'; + +CREATE TABLE portal.health_check (primary_id text PRIMARY KEY, creation_time text); +insert into portal.health_check (primary_id,creation_time) values ('ECOMPPortal-25927','2018-05-25T20:14:39.408Z'); diff --git a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml index 80197a6094..84a78ab977 100644 --- a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Copyright (c) 2017 Amdocs, Bell Canada +# Modifications Copyright (c) 2018 AT&T +# Modifications Copyright (c) 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -38,8 +39,13 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/bash + - -c + - | + /opt/bitnami/scripts/cassandra/entrypoint.sh /opt/bitnami/scripts/cassandra/run.sh ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} @@ -51,37 +57,64 @@ spec: exec: command: - /bin/bash - - -c - - nodetool status | grep $POD_IP | awk '$1!="UN" { exit 1; }' + - -ec + - | + nodetool status initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} + successThreshold: {{ .Values.liveness.successThreshold }} + failureThreshold: {{ .Values.liveness.failureThreshold }} {{ end }} readinessProbe: exec: command: - /bin/bash - - -c - - nodetool status | grep $POD_IP | awk '$1!="UN" { exit 1; }' + - -ec + - | + nodetool status | grep -E "^UN\\s+${POD_IP}" initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + successThreshold: {{ .Values.readiness.successThreshold }} + failureThreshold: {{ .Values.readiness.failureThreshold }} + lifecycle: + preStop: + exec: + command: + - bash + - -ec + - nodetool decommission env: - - name: CASSUSER + - name: CASSANDRA_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12}} - - name: CASSPASS + - name: CASSANDRA_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12}} - - name: JVM_OPTS - value: "{{ .Values.config.cassandraJvmOpts }}" - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP + - name: CASSANDRA_PASSWORD_SEEDER + value: "yes" + - name: BITNAMI_DEBUG + value: "true" + - name: CASSANDRA_CLUSTER_NAME + value: cassandra + - name: CASSANDRA_NUM_TOKENS + value: "256" + - name: CASSANDRA_DATACENTER + value: dc1 + - name: CASSANDRA_ENDPOINT_SNITCH + value: SimpleSnitch + - name: CASSANDRA_RACK + value: rack1 + - name: CASSANDRA_ENABLE_RPC + value: "true" volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true - name: cassandra-docker-entrypoint-initdb - mountPath: /docker-entrypoint-initdb.d/aaa_portal_single.cql - subPath: portal_single.cql + mountPath: /docker-entrypoint-initdb.d/aaa_portal.cql + subPath: portal.cql - name: {{ include "common.fullname" . }}-data mountPath: /var/lib/cassandra/data resources: diff --git a/kubernetes/portal/components/portal-cassandra/values.yaml b/kubernetes/portal/components/portal-cassandra/values.yaml index a0488e5cc7..ec76d08b72 100644 --- a/kubernetes/portal/components/portal-cassandra/values.yaml +++ b/kubernetes/portal/components/portal-cassandra/values.yaml @@ -1,5 +1,6 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Copyright (c) 2017 Amdocs, Bell Canada +# Modifications Copyright (c) 2018 AT&T +# Modifications Copyright (c) 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,7 +23,7 @@ global: # global defaults # application image -image: onap/music/cassandra_music:3.0.0 +image: bitnami/cassandra:3.11.9-debian-10-r30 pullPolicy: Always ################################################################# @@ -56,10 +57,14 @@ liveness: # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + successThreshold: 1 + failureThreshold: 3 readiness: initialDelaySeconds: 10 periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 ## Persist data to a persitent volume persistence: diff --git a/kubernetes/sdnc/templates/certificates.yaml b/kubernetes/sdnc/templates/certificates.yaml new file mode 100644 index 0000000000..dda16176a5 --- /dev/null +++ b/kubernetes/sdnc/templates/certificates.yaml @@ -0,0 +1,19 @@ +{{/* +# Copyright © 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ if .Values.global.CMPv2CertManagerIntegration }} +{{ include "common.certificate" . }} +{{ end }} diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index f4f09107bb..1d2fa266ea 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -32,9 +32,10 @@ global: service: mariadb-galera # Enabling CMPv2 cmpv2Enabled: true + CMPv2CertManagerIntegration: false platform: certServiceClient: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.2 secret: name: oom-cert-service-client-tls-secret mountPath: /etc/onap/oom/certservice/certs/ @@ -132,6 +133,29 @@ secrets: login: '{{ .Values.config.scaleoutUser }}' password: '{{ .Values.config.scaleoutPassword }}' passwordPolicy: required + - uid: keystore-password + type: password + password: secret + passwordPolicy: required +################################################################# +# Certificates +################################################################# +certificates: + - name: onap-sdnc-certificate + secretName: onap-sdnc-certificate + commonName: sdnc.simpledemo.onap.org + dnsNames: + - sdnc.simpledemo.onap.org + p12Keystore: + create: true + passwordSecretRef: + name: keystore-password + key: password + jksKeystore: + create: true + passwordSecretRef: + name: keystore-password + key: password ################################################################# # Application configuration defaults. ################################################################# diff --git a/kubernetes/uui/components/uui-server/values.yaml b/kubernetes/uui/components/uui-server/values.yaml index a43ae6eff0..3232d828cb 100644 --- a/kubernetes/uui/components/uui-server/values.yaml +++ b/kubernetes/uui/components/uui-server/values.yaml @@ -25,7 +25,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/usecase-ui-server:3.0.6 +image: onap/usecase-ui-server:3.0.7 pullPolicy: Always # application configuration |