diff options
66 files changed, 486 insertions, 203 deletions
diff --git a/.gitignore b/.gitignore index 6d071f6cb1..8b573a454f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ +# Helm generated stuff +Chart.lock +**/charts/ # auto generated certificates kubernetes/platform/components/oom-cert-service/resources/*.jks kubernetes/platform/components/oom-cert-service/resources/*.p12 @@ -46,6 +46,11 @@ committers: company: 'Samsung' id: 'kopasiak' timezone: 'Poland/Warsaw' + - name: 'Jack Lucas' + email: 'jflos@sonoris.net' + company: 'Individual' + id: 'jackl' + timezone: 'USA/EST' tsc: approval: 'https://lists.onap.org/pipermail/onap-tsc' changes: @@ -53,3 +58,7 @@ tsc: name: 'Krzysztof Opasiak' # yamllint disable-line rule:line-length link: 'https://lists.onap.org/g/onap-tsc/topic/committer_promotion_request/70242499?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,70242499' + - type: 'Addition' + name: 'Jack Lucas' + # yamllint disable-line rule:line-length + link: 'https://wiki.onap.org/display/DW/Committer+Promotion+for+%5BOOM%5D+%3A+Jack+Lucas' diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml index 489390d8f1..e4ded1b0b2 100644 --- a/kubernetes/a1policymanagement/values.yaml +++ b/kubernetes/a1policymanagement/values.yaml @@ -63,7 +63,7 @@ certInitializer: echo "*** change ownership of certificates to targeted user" chown -R 1000 . -image: onap/ccsdk-oran-a1policymanagementservice:1.2.3 +image: onap/ccsdk-oran-a1policymanagementservice:1.2.5 userID: 1000 #Should match with image-defined user ID groupID: 999 #Should match with image-defined group ID pullPolicy: IfNotPresent diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index 3b68f4defe..f2dfd2c9c2 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -59,7 +59,7 @@ certInitializer: ################################################################# # application image -image: onap/babel:1.9.1 +image: onap/babel:1.9.2 flavor: small flavorOverride: small diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml index cccc2b1e66..d0147aa1a4 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml @@ -63,9 +63,9 @@ spec: echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) echo "*** obfuscate them " - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml index 95c3fe2fbf..07307134d8 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml @@ -68,9 +68,9 @@ spec: echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) echo "*** obfuscate them " - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml index 62e27b6321..b483489141 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml @@ -63,9 +63,9 @@ spec: echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) echo "*** obfuscate them " - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml index 07009b2fbd..0d471f7d78 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml @@ -68,9 +68,9 @@ spec: echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) echo "*** obfuscate them " - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop @@ -266,9 +266,9 @@ spec: echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) echo "*** obfuscate them " - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml index 2774609e8f..118f446b26 100644 --- a/kubernetes/aai/components/aai-graphadmin/values.yaml +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -144,7 +144,7 @@ certInitializer: chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }} # application image -image: onap/aai-graphadmin:1.9.1 +image: onap/aai-graphadmin:1.9.2 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml index c4098b1a3b..22f0dbcd05 100644 --- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml @@ -56,8 +56,8 @@ spec: echo "*** obfuscate them " export KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD} export TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD} - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop image: {{ include "repositoryGenerator.image.jetty" . }} diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index fcf7cfedef..51984947cd 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -157,7 +157,7 @@ certInitializer: chown -R 1000 {{ .Values.credsPath }} # application image -image: onap/aai-resources:1.9.1 +image: onap/aai-resources:1.9.3 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml index e4f1d72d7b..cb58120159 100644 --- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml @@ -52,8 +52,9 @@ spec: echo "*** obfuscate them " export KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD} export TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD} - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + ls -l /usr/local/jetty/lib + export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop image: {{ include "repositoryGenerator.image.jetty" . }} @@ -75,8 +76,6 @@ spec: - | echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) - echo "keystore pass: $KEYSTORE_PASSWORD" - echo "truststore pass: $TRUSTSTORE_PASSWORD" echo "*** actual launch of AAI Schema Service" /bin/bash /opt/app/aai-schema-service/docker-entrypoint.sh {{- end }} diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml index 7989bcc63d..9ca398319b 100644 --- a/kubernetes/aai/components/aai-schema-service/values.yaml +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -94,7 +94,7 @@ certInitializer: chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }} # application image -image: onap/aai-schema-service:1.9.2 +image: onap/aai-schema-service:1.9.3 pullPolicy: Always restartPolicy: Always flavorOverride: small diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index 38c7bd0da2..7de12f54a7 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -140,7 +140,7 @@ certInitializer: chown -R 1000 {{ .Values.credsPath }} # application image -image: onap/aai-traversal:1.9.1 +image: onap/aai-traversal:1.9.3 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/common/cassandra/templates/servicemonitor.yaml b/kubernetes/common/cassandra/templates/servicemonitor.yaml new file mode 100644 index 0000000000..5297e692d2 --- /dev/null +++ b/kubernetes/common/cassandra/templates/servicemonitor.yaml @@ -0,0 +1,19 @@ +{{/* +# Copyright © 2022 Amdocs, Bitnami, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.metrics.serviceMonitor.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index 840e95b490..43367ee542 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada +# Copyright © 2022 Amdocs, AT&T, Bell Canada, Bitnami # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,6 +26,15 @@ spec: type: {{ .Values.updateStrategy.type }} template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} + {{- if or .Values.podAnnotations (and .Values.metrics.serviceMonitor.enabled .Values.metrics.podAnnotations) }} + annotations: + {{- if .Values.podAnnotations }} + {{- include "common.tplValue" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.serviceMonitor.enabled .Values.metrics.podAnnotations }} + {{- include "common.tplValue" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} spec: hostNetwork: {{ .Values.hostNetwork }} imagePullSecrets: @@ -126,6 +135,41 @@ spec: command: ["/bin/sh", "-c", "PID=$(pidof java) && kill $PID && while ps -p $PID > /dev/null; do sleep 1; done"] {{- end }} resources: {{ toYaml .Values.resources | nindent 10 }} + {{- if .Values.metrics.serviceMonitor.enabled }} + - name: {{ include "common.name" . }}-metrics + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.metrics.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.metrics.pullPolicy | quote}} + {{- if (.Values.metrics.enabled) }} + ports: + {{- range $index, $metricPort := .Values.metrics.ports }} + - name: {{ $metricPort.name }} + containerPort: {{ $metricPort.port }} + protocol: TCP + {{- end }} + livenessProbe: + httpGet: + path: {{ .Values.metrics.livenessProbe.httpGet.path }} + port: {{ .Values.metrics.livenessProbe.httpGet.port }} + initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} + readinessProbe: + httpGet: + path: {{ .Values.metrics.readinessProbe.httpGet.path }} + port: {{ .Values.metrics.readinessProbe.httpGet.port }} + initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} + {{- end }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 10 }} + {{- end }} + {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} {{- end -}} diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml index 1d69993956..597174ee0a 100644 --- a/kubernetes/common/cassandra/values.yaml +++ b/kubernetes/common/cassandra/values.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 Amdocs, Bell Canada, AT&T +# Copyright © 2022 Amdocs, Bell Canada, AT&T, Bitnami # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -168,3 +168,63 @@ serviceAccount: nameOverride: cassandra roles: - nothing + +# Cassandra Metrics +metrics: + enabled: false + image: bitnami/cassandra-exporter:2.3.4-debian-10-r641 + pullPolicy: IfNotPresent + ports: + - name: tcp-metrics + port: 8080 + podAnnotations: + prometheus.io/scrape: 'true' + prometheus.io/port: '8080' + livenessProbe: + enabled: true + httpGet: + path: /metrics + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /metrics + port: 8080 + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + serviceMonitor: + enabled: false + targetPort: 8080 + path: /metrics + basicAuth: + enabled: false + ## Namespace in which Prometheus is running + ## + # namespace: monitoring + + ## Interval at which metrics should be scraped. + #interval: 30s + + ## Timeout after which the scrape is ended + # scrapeTimeout: 10s + + ## ServiceMonitor selector labels + selector: + app.kubernetes.io/name: '{{ include "common.name" . }}' + helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + app.kubernetes.io/instance: '{{ include "common.release" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + + ## RelabelConfigs to apply to samples before scraping + relabelings: [] + + ## MetricRelabelConfigs to apply to samples before ingestion + metricRelabelings: [] diff --git a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh index fa3de03ece..96b0c0c0c8 100755 --- a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh +++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh @@ -41,7 +41,7 @@ for f in $CERTS_DIR/*; do if echo $f | grep '\.sh$' >/dev/null; then continue fi - if echo $f | grep '\.b64$' >/dev/null; then + if echo $f | grep '\.b64$' >/dev/null then base64 -d $f > $WORK_DIR/`basename $f .b64` else @@ -87,4 +87,4 @@ if [ $? != 0 ] exit 1 else cp /etc/ssl/certs/ca-certificates.crt $WORK_DIR/. -fi
\ No newline at end of file +fi diff --git a/kubernetes/common/common/templates/_dmaapProvisioning.tpl b/kubernetes/common/common/templates/_dmaapProvisioning.tpl index d28494aacd..eefd00d7bf 100644 --- a/kubernetes/common/common/templates/_dmaapProvisioning.tpl +++ b/kubernetes/common/common/templates/_dmaapProvisioning.tpl @@ -138,6 +138,7 @@ args: - -c - | + set -uex -o pipefail if [ -d /opt/app/config/cache ]; then cd /opt/app/config/cache for file in $(ls feed*); do @@ -147,8 +148,6 @@ done for file in $(ls drpub*); do NUM=$(echo "$file" | sed 's/drpubConfig-\([0-9]\+\)-resp.json/\1/') - export DR_USERNAME_"$NUM"="$(grep -o '"username":"[^"]*' "$file" | cut -d '"' -f4)" - export DR_PASSWORD_"$NUM"="$(grep -o '"userpwd":"[^"]*' "$file" | cut -d '"' -f4)" export DR_FILES_PUBLISHER_ID_"$NUM"="$(grep -o '"pubId":"[^"]*' "$file" | cut -d '"' -f4)" done for file in $(ls drsub*); do diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index a488e0d5fa..f6a0f211a9 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -267,6 +267,11 @@ spec: {{- $ports := $dot.Values.service.headlessPorts -}} {{- $labels := default (dict) .labels -}} {{- $matchLabels := default (dict) .matchLabels -}} +{{- if ($dot.Values.metrics) }} +{{- range $index, $metricPort := $dot.Values.metrics.ports }} +{{- $ports = append $ports $metricPort }} +{{- end }} +{{- end }} {{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "headless" true "labels" $labels "matchLabels" $matchLabels) }} {{- end -}} diff --git a/kubernetes/common/common/templates/_serviceMesh.tpl b/kubernetes/common/common/templates/_serviceMesh.tpl index d4fc182b34..a685a73627 100644 --- a/kubernetes/common/common/templates/_serviceMesh.tpl +++ b/kubernetes/common/common/templates/_serviceMesh.tpl @@ -14,8 +14,7 @@ # limitations under the License. */}} - -{/* +{{/* Calculate if we are on service mesh. */}} {{- define "common.onServiceMesh" -}} @@ -26,6 +25,9 @@ true {{- end -}} {{- end -}} +{{/* + Kills the sidecar proxy associated with a pod. +*/}} {{- define "common.serviceMesh.killSidecar" -}} {{- if (include "common.onServiceMesh" .) }} RCODE="$?"; @@ -37,3 +39,30 @@ echo "*** exiting with script exit code" ; exit "$RCODE" {{- end }} {{- end -}} + +{{/* + Wait for job container. +*/}} +{{- define "common.waitForJobContainer" -}} +{{- $dot := default . .dot -}} +{{- $wait_for_job_container := default $dot.Values.wait_for_job_container .wait_for_job_container -}} +{{- if (include "common.onServiceMesh" .) }} +- name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $wait_for_job_container.name) (empty $wait_for_job_container.name) }}-service-mesh-wait-for-job-container + image: {{ include "repositoryGenerator.image.quitQuit" $dot }} + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} + command: + - /bin/sh + - "-c" + args: + - echo "waiting 10s for istio side cars to be up"; sleep 10s; + {{- range $container := $wait_for_job_container.containers }} + /app/ready.py --service-mesh-check {{ tpl $container $dot }} -t 45; + {{- end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace +{{- end }} +{{- end }} diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index f49a898818..9f7c882134 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -608,8 +608,8 @@ metrics: ## ServiceMonitor selector labels ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration ## - selector: - prometheus: kube-prometheus + # selector: + # prometheus: kube-prometheus ## RelabelConfigs to apply to samples before scraping ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl index 349bb4072a..f57d390477 100644 --- a/kubernetes/common/repositoryGenerator/templates/_repository.tpl +++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl @@ -141,6 +141,10 @@ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "dbcClientImage") .) }} {{- end -}} +{{- define "repositoryGenerator.image.quitQuit" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "quitQuitImage") .) }} +{{- end -}} + {{/* Resolve the image repository secret token. The value for .Values.global.repositoryCred is used if provided: diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml index a05bc13ae6..7058f865bc 100644 --- a/kubernetes/common/repositoryGenerator/values.yaml +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -1,6 +1,6 @@ # Copyright © 2020 Orange # Copyright © 2021 Nokia, AT&T -# Modifications Copyright (C) 2021 Nordix Foundation. +# Modifications Copyright (c) 2022 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,7 +28,10 @@ global: envsubstImage: dibi/envsubst:1 # there's only latest image for htpasswd htpasswdImage: xmartlabs/htpasswd:latest - jettyImage: jetty:9-jdk11-slim + # if you change jetty image, you'll also need to update jar file which is + # "hardcoded" to the value... + # (/usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar) for 9.4.45 + jettyImage: jetty:9.4.45-jdk11-slim jreImage: onap/integration-java11:10.0.0 kubectlImage: bitnami/kubectl:1.19 loggingImage: beats/filebeat:5.5.0 @@ -37,7 +40,8 @@ global: postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 readinessImage: onap/oom/readiness:3.0.1 dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 - dbcClientImage: onap/dmaap/dbc-client:2.0.7 + dbcClientImage: onap/dmaap/dbc-client:2.0.9 + quitQuitImage: onap/oom/readiness:4.1.0 # Default credentials # they're optional. If the target repository doesn't need them, comment them @@ -71,3 +75,4 @@ imageRepoMapping: readinessImage: repository dcaePolicySyncImage: repository dbcClientImage: repository + quitQuitImage: repository diff --git a/kubernetes/common/timescaledb/values.yaml b/kubernetes/common/timescaledb/values.yaml index 258f516ff0..72a4b6ffd0 100644 --- a/kubernetes/common/timescaledb/values.yaml +++ b/kubernetes/common/timescaledb/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (c) 2021 Bell Canada. +# Copyright (c) 2021 2022 Bell Canada. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,7 +23,7 @@ global: ################################################################# # Secrets. ############################################################## -image: timescale/timescaledb:2.1.1-pg13 +image: timescale/timescaledb:2.5.1-pg14 pullPolicy: Always containerPorts: 5432 @@ -125,4 +125,3 @@ secrets: externalSecret: '{{ tpl (default "" .Values.config.pgUserExternalSecret) . }}' login: '{{ .Values.config.pgUserName }}' password: '{{ .Values.config.pgUserPassword }}' - diff --git a/kubernetes/cps/Chart.yaml b/kubernetes/cps/Chart.yaml index 097bb98559..5e951d7beb 100644 --- a/kubernetes/cps/Chart.yaml +++ b/kubernetes/cps/Chart.yaml @@ -1,4 +1,4 @@ -# Copyright (C) 2021 Bell Canada +# Copyright (C) 2021 2022 Bell Canada # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation # @@ -34,4 +34,4 @@ dependencies: - name: ncmp-dmi-plugin version: ~10.x-0 repository: '@local' - condition: ncmp-dmi-plugin.enabled
\ No newline at end of file + condition: ncmp-dmi-plugin.enabled diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/secret.yaml new file mode 100644 index 0000000000..13a14a5e12 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/secret.yaml @@ -0,0 +1,19 @@ +{{/* +################################################################################ +# Copyright (c) 2022 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +{{ include "common.secretFast" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml index 7408f44416..2ce6c89775 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml @@ -1,6 +1,6 @@ # ================================ LICENSE_START ========================== # ========================================================================= -# Copyright (C) 2021 Nordix Foundation. +# Copyright (c) 2021 Nordix Foundation. # ========================================================================= # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -31,6 +31,16 @@ filebeatConfig: logstashPort: 5044 ################################################################# +# Secrets Configuration. +################################################################# +secrets: + - uid: &drPubCredsUID drpubcreds + type: basicAuth + login: '{{ .Values.drPubscriberCreds.username }}' + password: '{{ .Values.drPubscriberCreds.password }}' + passwordPolicy: required + +################################################################# # InitContainer Images. ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 @@ -116,6 +126,19 @@ applicationEnv: # It's a workaround because DMAAP specific env variables are not available in main container. CBS_CLIENT_CONFIG_PATH: '' +# Data Router Publisher Credentials +drPubscriberCreds: + username: username + password: password + +credentials: +- name: DR_USERNAME + uid: *drPubCredsUID + key: login +- name: DR_PASSWORD + uid: *drPubCredsUID + key: password + # Initial Application Configuration applicationConfig: dmaap.certificateConfig.keyCert: /opt/app/datafile/etc/cert/cert.p12 @@ -139,8 +162,8 @@ applicationConfig: location: loc00 log_url: ${DR_LOG_URL_0} publish_url: ${DR_FILES_PUBLISHER_URL_0} - username: ${DR_USERNAME_0} - password: ${DR_PASSWORD_0} + username: ${DR_USERNAME} + password: ${DR_PASSWORD} type: data_router streams_subscribes: dmaap_subscriber: @@ -159,6 +182,8 @@ drFeedConfig: # DataRouter Publisher Configuration drPubConfig: - feedName: bulk_pm_feed + username: ${DR_USERNAME} + userpwd: ${DR_PASSWORD} dcaeLocationName: loc00 # ConfigMap Configuration for Feed, Dr_Publisher diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml index 47b804660c..543b79b9c0 100644 --- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml @@ -51,7 +51,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.collectors.restconfcollector:1.2.6 +image: onap/org.onap.dcaegen2.collectors.restconfcollector:1.2.7 pullPolicy: Always # Log directory where logging sidecar should look for log files diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml index 87c1a36b8c..508cea4766 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml @@ -43,7 +43,7 @@ certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice- # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.2 +image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.3 pullPolicy: Always # log directory where logging sidecar should look for log files diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml index b29c108a8f..d11f167acf 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml @@ -40,7 +40,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.3.1 +image: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.3.2 pullPolicy: Always # Log directory where logging sidecar should look for log files diff --git a/kubernetes/onap/resources/overrides/sm-onap.yaml b/kubernetes/onap/resources/overrides/sm-onap.yaml index 312fc4b65f..06ad5b7c9b 100644 --- a/kubernetes/onap/resources/overrides/sm-onap.yaml +++ b/kubernetes/onap/resources/overrides/sm-onap.yaml @@ -44,6 +44,11 @@ ####################### global: aafEnabled: false + centralizedLoggingEnabled: false + serviceMesh: + enabled: true + tls: true + engine: "istio" aai: enabled: true global: diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 3ae58a3390..08f404a70c 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -155,6 +155,8 @@ global: serviceMesh: enabled: false tls: true + # be aware that linkerd is not well tested + engine: "istio" # valid value: istio or linkerd # metrics part # If enabled, exporters (for prometheus) will be deployed diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py index 84df722cb0..c2d1c48fe8 100644 --- a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py @@ -143,13 +143,13 @@ GLOBAL_APPC_CDT_SERVER_PROTOCOL = "https" GLOBAL_APPC_CDT_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "appc-cdt" "port" 18080) }}' GLOBAL_APPC_CDT_USERNAME = "demo" # sdc info - everything is from the private oam network (also called onap private network) -GLOBAL_SDC_SERVER_PROTOCOL = "https" -GLOBAL_SDC_FE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-fe" "port" 9443) }}' -GLOBAL_SDC_BE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-be" "port" 8443) }}' -GLOBAL_SDC_BE_ONBOARD_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-onboarding-be" "port" 8445) }}' +GLOBAL_SDC_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}' +GLOBAL_SDC_FE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-fe" "port" ( ternary 9443 8181 (eq "true" (include "common.needTLS" . )))) }}' +GLOBAL_SDC_BE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-be" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}' +GLOBAL_SDC_BE_ONBOARD_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-onboarding-be" "port" ( ternary 8445 8081 (eq "true" (include "common.needTLS" . )))) }}' GLOBAL_SDC_DCAE_BE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-dcae-be" "port" 8444) }}' -GLOBAL_SDC_USERNAME = "beep" -GLOBAL_SDC_PASSWORD = "boop" +GLOBAL_SDC_USERNAME = '{{ .Values.sdcUsername }}' +GLOBAL_SDC_PASSWORD = '{{ .Values.sdcPassword }}' GLOBAL_SDC_AUTHENTICATION = [GLOBAL_SDC_USERNAME, GLOBAL_SDC_PASSWORD] # clamp info - everything is from the private oam network (also called onap private network) GLOBAL_CLAMP_SERVER_PROTOCOL = "https" diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml index 89d83c85a3..b057fc7304 100644 --- a/kubernetes/robot/values.yaml +++ b/kubernetes/robot/values.yaml @@ -322,6 +322,9 @@ aaiPassword: "demo123456!" # APPC appcUsername: "appc@appc.onap.org" appcPassword: "demo123456!" +# SDC +sdcUsername: "beep" +sdcPassword: "boop" # DCAE dcaeUsername: "dcae@dcae.onap.org" dcaePassword: "demo123456!" diff --git a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml index 5a5fcd6f75..24f169a5b9 100644 --- a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml @@ -98,9 +98,9 @@ spec: cpu: 3m memory: 20Mi volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments-input mountPath: /config-input/ - - name: sdc-environments-output + - name: sdc-environments mountPath: /config-output/ {{- end }} containers: @@ -160,20 +160,22 @@ spec: fieldRef: fieldPath: status.podIP volumeMounts: - - name: sdc-environments-output + - name: sdc-environments mountPath: /app/jetty/chef-solo/environments/ - - name: sdc-environments-output + {{- if .Values.global.aafEnabled }} + - name: sdc-environments mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-environments-output + - name: sdc-environments mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - - name: {{ include "common.fullname" . }}-localtime + {{- end }} + - name: localtime mountPath: /etc/localtime readOnly: true - name: logs mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-logback + - name: logback mountPath: /tmp/logback.xml subPath: logback.xml lifecycle: @@ -184,19 +186,21 @@ spec: {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - - name: {{ include "common.fullname" . }}-localtime + - name: localtime hostPath: path: /etc/localtime {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - - name: {{ include "common.fullname" . }}-logback + - name: logback configMap: name : {{ include "common.fullname" . }}-logging-configmap - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments + {{- if .Values.global.aafEnabled }} + emptyDir: { medium: "Memory" } + - name: sdc-environments-input + {{- end }} configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 - - name: sdc-environments-output - emptyDir: { medium: "Memory" } - name: logs emptyDir: {} imagePullSecrets: diff --git a/kubernetes/sdc/components/sdc-be/templates/job.yaml b/kubernetes/sdc/components/sdc-be/templates/job.yaml index aaf8fada28..5f70991e6f 100644 --- a/kubernetes/sdc/components/sdc-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/job.yaml @@ -79,6 +79,7 @@ spec: requests: cpu: 200m memory: 200Mi + {{ include "common.waitForJobContainer" . | indent 6 | trim }} volumes: - name: {{ include "common.fullname" . }}-environments configMap: diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index 7b11692d4b..0ae39bf436 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -85,7 +85,7 @@ affinity: {} liveness: initialDelaySeconds: 1 periodSeconds: 10 - timeoutSeconds: 5 + timeoutSeconds: 180 successThreshold: 1 failureThreshold: 3 # necessary to disable liveness probe when setting breakpoints @@ -95,14 +95,14 @@ liveness: readiness: initialDelaySeconds: 1 periodSeconds: 10 - timeoutSeconds: 5 + timeoutSeconds: 180 successThreshold: 1 failureThreshold: 3 startup: initialDelaySeconds: 10 periodSeconds: 10 - timeoutSeconds: 5 + timeoutSeconds: 180 successThreshold: 1 failureThreshold: 60 @@ -126,7 +126,7 @@ service: visualRange: "1" serviceName: sdc-deprecated ports: - - name: api + - name: tcp-api port: 8443 plain_port: 8080 port_protocol: http @@ -168,6 +168,10 @@ serviceAccount: roles: - read +wait_for_job_container: + containers: + - '{{ include "common.name" . }}-job' + #Log configuration log: path: /var/log/onap diff --git a/kubernetes/sdc/components/sdc-cs/templates/job.yaml b/kubernetes/sdc/components/sdc-cs/templates/job.yaml index 4a8388ada4..0eeeff52da 100644 --- a/kubernetes/sdc/components/sdc-cs/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-cs/templates/job.yaml @@ -96,6 +96,7 @@ spec: requests: cpu: 200m memory: 300Mi + {{ include "common.waitForJobContainer" . | indent 6 | trim }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-environments diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index 2ac9c7f074..951249cfbd 100644 --- a/kubernetes/sdc/components/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -122,3 +122,7 @@ serviceAccount: nameOverride: sdc-cs roles: - read + +wait_for_job_container: + containers: + - '{{ include "common.name" . }}-job' diff --git a/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml b/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml index 9dc317b2b5..cc91960dbf 100644 --- a/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml +++ b/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml @@ -1,6 +1,10 @@ pluginsList: - pluginId: WORKFLOW - pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url }}" + {{- if (include "common.needTLS" .) }} + pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url.https }}" + {{- else }} + pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url.http }}" + {{- end }} pluginSourceUrl: "{{ .Values.config.plugins.workflow_source_url }}" pluginStateUrl: "workflowDesigner" pluginDisplayOptions: @@ -8,4 +12,4 @@ pluginsList: displayName: "WORKFLOW" displayRoles: ["DESIGNER", "TESTER"] -connectionTimeout: 1000
\ No newline at end of file +connectionTimeout: 1000 diff --git a/kubernetes/sdc/components/sdc-fe/templates/configmap.yaml b/kubernetes/sdc/components/sdc-fe/templates/configmap.yaml index 2ac85aead6..948a3fee99 100644 --- a/kubernetes/sdc/components/sdc-fe/templates/configmap.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/configmap.yaml @@ -39,4 +39,4 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/plugins/*").AsConfig . | indent 2 }}
\ No newline at end of file +{{ tpl (.Files.Glob "resources/config/plugins/*").AsConfig . | indent 2 }} diff --git a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml index 43f9f2c928..599e32e175 100644 --- a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml @@ -82,9 +82,9 @@ spec: chmod 0755 /config-output/${PFILE} done volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments-input mountPath: /config-input/ - - name: sdc-environments-output + - name: sdc-environments mountPath: /config-output/ resources: limits: @@ -147,23 +147,25 @@ spec: - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} volumeMounts: - - name: sdc-environments-output + - name: sdc-environments mountPath: /app/jetty/chef-solo/environments/ - - name: sdc-environments-output + {{- if .Values.global.aafEnabled }} + - name: sdc-environments mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-environments-output + - name: sdc-environments mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - - name: {{ include "common.fullname" . }}-localtime + {{- end }} + - name: localtime mountPath: /etc/localtime readOnly: true - name: logs mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-configs + - name: configs mountPath: /app/jetty/config/catalog-fe/plugins-configuration.yaml subPath: plugins-configuration.yaml - - name: {{ include "common.fullname" . }}-logback + - name: logback mountPath: /tmp/logback.xml subPath: logback.xml lifecycle: @@ -174,23 +176,25 @@ spec: {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - - name: {{ include "common.fullname" . }}-localtime + - name: localtime hostPath: path: /etc/localtime {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }} - - name: {{ include "common.fullname" . }}-configs + - name: configs configMap: name : {{ include "common.fullname" . }}-plugins-configmap defaultMode: 0777 - - name: {{ include "common.fullname" . }}-logback + - name: logback configMap: name : {{ include "common.fullname" . }}-logging-configmap - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments + {{- if .Values.global.aafEnabled }} + emptyDir: { medium: "Memory" } + - name: sdc-environments-input + {{- end }} configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 - - name: sdc-environments-output - emptyDir: { medium: "Memory" } - name: logs emptyDir: {} imagePullSecrets: diff --git a/kubernetes/sdc/components/sdc-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-fe/templates/service.yaml index db8b59c2ce..f899d58971 100644 --- a/kubernetes/sdc/components/sdc-fe/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/service.yaml @@ -39,28 +39,20 @@ metadata: spec: type: {{ .Values.service.type }} ports: - {{ if not .Values.security.disableHttp }} - # setting http port only if enabled - {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{ end }} - {{ end }} - - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName }}2 - {{- else -}} - - port: {{ .Values.service.externalPort2 }} + {{ if eq .Values.service.type "NodePort" -}} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + {{ end }} + {{ if (include "common.needTLS" .) }} + - port: {{ .Values.service.internalPort2 }} targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName }}2 - {{- end}} + name: {{ .Values.service.portName }}s + {{ if eq .Values.service.type "NodePort" -}} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} + {{ end }} + {{ end }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index a208226b76..09d9829c59 100644 --- a/kubernetes/sdc/components/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -53,11 +53,17 @@ pullPolicy: Always config: javaOptions: "-Xmx256m -Xms256m" plugins: - dcae_discovery_url: "https://sdc-dcae-fe:9444/dcaed/#/home" + dcae_discovery_url: + https: "https://sdc-dcae-fe:9444/dcaed/#/home" + http: "http://sdc-dcae-fe:8183/dcaed/#/home" dcae_source_url: "https://sdc.dcae.plugin.simpledemo.onap.org:30264/dcaed/#/home" - dcae_dt_discovery_url: "https://sdc-dcae-dt:9446/dcae/#/dcae/home" + dcae_dt_discovery_url: + https: "https://sdc-dcae-dt:9446/dcae/#/dcae/home" + http: "http://sdc-dcae-dt:8186/dcae/#/dcae/home" dcae_dt_source_url: "https://sdc.dcae.plugin.simpledemo.onap.org:30266/dcae/#/dcae/home" - workflow_discovery_url: "https://sdc-wfd-fe:8443/workflows" + workflow_discovery_url: + https: "https://sdc-wfd-fe:8443/workflows" + http: "http://sdc-wfd-fe:8080/workflows" workflow_source_url: "https://sdc.workflow.plugin.simpledemo.onap.org:30256/workflows/" #environment file @@ -105,7 +111,7 @@ service: #service being defined. type: NodePort name: sdc-fe - portName: sdc-fe + portName: http nodePort: "06" internalPort: 8181 externalPort: 8181 @@ -113,8 +119,6 @@ service: internalPort2: 9443 externalPort2: 9443 - - ingress: enabled: false service: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml index d6b8a4e026..8180cc79f1 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, AT&T, Bell Canada # Modifications Copyright © 2018 ZTE +# Modifications Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -80,9 +81,9 @@ spec: chmod 0755 /config-output/${PFILE} done volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments-input mountPath: /config-input/ - - name: sdc-environments-output + - name: sdc-environments mountPath: /config-output/ resources: limits: @@ -104,7 +105,7 @@ spec: securityContext: runAsUser: 0 volumeMounts: - - name: {{ include "common.fullname" . }}-cert-storage + - name: cert-storage mountPath: "/onboard/cert" resources: limits: @@ -172,22 +173,24 @@ spec: - name: SDC_CERT_DIR value: {{ .Values.cert.certDir }} volumeMounts: - - name: sdc-environments-output + - name: sdc-environments mountPath: /app/jetty/chef-solo/environments/ - - name: sdc-environments-output + {{- if .Values.global.aafEnabled }} + - name: sdc-environments mountPath: /app/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-environments-output + - name: sdc-environments mountPath: /app/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - - name: {{ include "common.fullname" . }}-localtime + {{- end }} + - name: localtime mountPath: /etc/localtime readOnly: true - name: logs mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-cert-storage + - name: cert-storage mountPath: "{{ .Values.cert.certDir }}" - - name: {{ include "common.fullname" . }}-logback + - name: logback mountPath: /tmp/logback.xml subPath: logback.xml lifecycle: @@ -198,22 +201,25 @@ spec: {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - - name: {{ include "common.fullname" . }}-localtime + - name: localtime hostPath: path: /etc/localtime + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - - name: {{ include "common.fullname" . }}-logback + - name: logback configMap: name : {{ include "common.fullname" . }}-logging-configmap - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments + {{- if .Values.global.aafEnabled }} + emptyDir: { medium: "Memory" } + - name: sdc-environments-input + {{- end }} configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 - - name: sdc-environments-output - emptyDir: { medium: "Memory" } - name: logs emptyDir: {} - - name: {{ include "common.fullname" . }}-cert-storage + - name: cert-storage persistentVolumeClaim: claimName: {{ include "common.fullname" . }}-cert imagePullSecrets: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml index d92b42a09c..bfc1ef8e7b 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml @@ -62,6 +62,13 @@ spec: - name: {{ include "common.name" . }}-job image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.onboardingInitImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if include "common.onServiceMesh" . }} + args: + - echo "waiting 10s for istio side cars to be up"; sleep 10s; /home/sdc/startup.sh + command: + - /bin/sh + - -c + {{- end }} volumeMounts: - name: {{ include "common.fullname" . }}-environments mountPath: /home/sdc/chef-solo/environments/ @@ -90,6 +97,7 @@ spec: requests: cpu: 200m memory: 200Mi + {{ include "common.waitForJobContainer" . | indent 6 | trim }} volumes: - name: {{ include "common.fullname" . }}-environments configMap: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml index 2ee87eeb33..ece5a439a3 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml @@ -31,18 +31,18 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.externalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName | default "http" }} + name: {{ .Values.service.portName | default "http" }}s - port: {{ .Values.service.externalPort2 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName | default "http" }}2 + name: {{ .Values.service.portName | default "http" }}} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName | default "http" }} + name: {{ .Values.service.portName | default "http" }}s - port: {{ .Values.service.externalPort2 }} targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName | default "http" }}2 + name: {{ .Values.service.portName | default "http" }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index 3ed98fef3f..f96d59b71a 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -109,9 +109,10 @@ startup: service: type: ClusterIP name: sdc-onboarding-be - portName: sdc-onboarding-be + portName: http internalPort: 8445 externalPort: 8445 + internalPort2: 8081 externalPort2: 8081 @@ -182,6 +183,10 @@ serviceAccount: roles: - read +wait_for_job_container: + containers: + - '{{ include "common.name" . }}-job' + #Log configuration log: path: /var/log/onap diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/_helper.tpl b/kubernetes/sdc/components/sdc-wfd-be/templates/_helper.tpl deleted file mode 100644 index 298a2cd673..0000000000 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/_helper.tpl +++ /dev/null @@ -1 +0,0 @@ -{{- define "wfd-be.internalPort" }}{{ if .Values.config.serverSSLEnabled }}{{ .Values.service.internalPort2 }}{{ else }}{{ .Values.service.internalPort }}{{ end }}{{- end }} diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml index 1cfcad4f56..a187e19a75 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml @@ -79,13 +79,13 @@ spec: ./startup.sh {{- end }} ports: - - containerPort: {{ template "wfd-be.internalPort" . }} + - containerPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{ if .Values.liveness.enabled }} livenessProbe: tcpSocket: - port: {{ template "wfd-be.internalPort" . }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} successThreshold: {{ .Values.liveness.successThreshold }} @@ -93,14 +93,14 @@ spec: {{ end }} readinessProbe: tcpSocket: - port: {{ template "wfd-be.internalPort" . }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} successThreshold: {{ .Values.readiness.successThreshold }} failureThreshold: {{ .Values.readiness.failureThreshold }} startupProbe: tcpSocket: - port: {{ template "wfd-be.internalPort" . }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} periodSeconds: {{ .Values.startup.periodSeconds }} successThreshold: {{ .Values.startup.successThreshold }} @@ -128,20 +128,25 @@ spec: valueFrom: secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_truststore_password} - name: SDC_PROTOCOL - value: "{{ .Values.config.sdcProtocol }}" + value: "{{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }}" - name: SDC_ENDPOINT - value: "{{ .Values.config.sdcEndpoint }}" + value: "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdcEndpoint.https .Values.config.sdcEndpoint.http }}" - name: SDC_USER value: "{{ .Values.config.sdcExternalUser }}" - name: SDC_PASSWORD valueFrom: secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: wf_external_user_password} + {{- if (include "common.needTLS" .) }} - name: SERVER_SSL_ENABLED - value: "{{ .Values.config.serverSSLEnabled }}" + value: "true" - name: SERVER_SSL_KEYSTORE_TYPE value: "{{ .Values.config.serverSSLKeyStoreType }}" - name: SERVER_SSL_TRUSTSTORE_TYPE value: "{{ .Values.config.serverSSLTrustStoreType }}" + {{- else }} + - name: SERVER_SSL_ENABLED + value: "false" + {{- end }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} resources: {{ include "common.resources" . | nindent 12 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml index 8f87c68f1e..171442dfdc 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml @@ -1 +1 @@ -{{ include "common.ingress" . }} +{{include "common.ingress" .}} diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml index da3df9062f..2e5826d229 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml @@ -60,23 +60,31 @@ spec: cpu: 3m memory: 20Mi containers: - - name: {{ include "common.name" . }}-job - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.configInitImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: + - name: {{ include "common.name" . }}-job + image: + {{ include "repositoryGenerator.repository" . }}/{{ .Values.configInitImage }} + imagePullPolicy: + {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if include "common.onServiceMesh" . }} + args: + - echo "waiting 10s for istio side cars to be up"; sleep 10s; /start.sh + command: + - /bin/sh + - -c + {{- end }} + env: - name: CS_HOST value: "{{ .Values.global.sdc_cassandra.serviceName }}" - name: CS_PORT - value: "{{ .Values.config.cassandraClientPort }}" + value: {{ .Values.config.cassandraClientPort | quote }} - name: CS_AUTHENTICATE - value: "{{ .Values.config.cassandraAuthenticationEnabled }}" + value: {{ .Values.config.cassandraAuthenticationEnabled | quote }} - name: CS_USER - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user} + valueFrom: {secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}} - name: CS_PASSWORD - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password} - resources: {{ include "common.resources" . | nindent 12 }} + valueFrom: {secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}} + resources: {{ include "common.resources" . | nindent 12 }} + {{ include "common.waitForJobContainer" . | indent 6 | trim }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + - name: "{{ include "common.namespace" . }}-docker-registry-key" {{ end }} diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml index 2af5e2ba26..2f4129b03f 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml @@ -30,13 +30,13 @@ spec: type: {{ .Values.service.type }} ports: {{if eq .Values.service.type "NodePort" -}} - - port: {{ template "wfd-be.internalPort" . }} + - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- else -}} - - port: {{ if .Values.config.serverSslEnabled }}{{ .Values.service.externalPort2 }}{{ else }}{{ .Values.service.externalPort }}{{ end }} - targetPort: {{ template "wfd-be.internalPort" . }} - name: {{ .Values.service.portName }} + - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort2 .Values.service.externalPort }} + targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/sdc/components/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml index d5e4eaaebb..6b18f47d66 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml @@ -20,13 +20,14 @@ global: nodePortPrefix: 302 aafEnabled: true sdc_cassandra: - #This flag allows SDC to instantiate its own cluster, serviceName - #should be sdc-cs if this flag is enabled + # This flag allows SDC to instantiate its own cluster, serviceName + # should be sdc-cs if this flag is enabled localCluster: false - #The cassandra service name to connect to (default: shared cassandra service) + # The cassandra service name to connect to + # (default: shared cassandra service) serviceName: cassandra - #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled - #to match with its own cluster replica + # Shared cassandra cluster replicaCount, should be changed if + # localCluster is enabled to match with its own cluster replica replicaCount: 3 clusterName: cassandra dataCenter: Pod @@ -69,10 +70,10 @@ config: javaOptions: "-Xmx1536m -Xms1536m" cassandraAuthenticationEnabled: true cassandraClientPort: 9042 - sdcProtocol: HTTPS - sdcEndpoint: sdc-be:8443 + sdcEndpoint: + https: sdc-be:8443 + http: sdc-be:8080 sdcExternalUser: workflow - serverSSLEnabled: true serverSSLKeyStoreType: jks serverSSLTrustStoreType: jks cassandraSSLEnabled: false @@ -90,16 +91,16 @@ nodeSelector: {} affinity: {} # probe configuration parameters -liveness: - initialDelaySeconds: 60 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true +#liveness: +# initialDelaySeconds: 60 +# periodSeconds: 10 +# # necessary to disable liveness probe when setting breakpoints +# # in debugger so K8s doesn't restart unresponsive container +# enabled: true -readiness: - initialDelaySeconds: 60 - periodSeconds: 10 +#readiness: +# initialDelaySeconds: 60 +# periodSeconds: 10 # probe configuration parameters liveness: @@ -125,7 +126,7 @@ startup: service: type: NodePort - portName: sdc-wfd-be + portName: http internalPort: 8080 externalPort: 8080 internalPort2: 8443 @@ -166,3 +167,7 @@ serviceAccount: nameOverride: sdc-wfd-be roles: - read + +wait_for_job_container: + containers: + - '{{ include "common.name" . }}-job' diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl b/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl deleted file mode 100644 index 546bab7ddf..0000000000 --- a/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl +++ /dev/null @@ -1 +0,0 @@ -{{- define "wfd-fe.internalPort" }}{{ if .Values.config.isHttpsEnabled }}{{ .Values.service.internalPort2 }}{{ else }}{{ .Values.service.internalPort }}{{ end }}{{- end }} diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml index b703e6656c..d57309004d 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml @@ -98,11 +98,11 @@ spec: ./startup.sh {{- end }} ports: - - containerPort: {{ template "wfd-fe.internalPort" . }} + - containerPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} {{ if .Values.liveness.enabled }} livenessProbe: tcpSocket: - port: {{ template "wfd-fe.internalPort" . }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} successThreshold: {{ .Values.liveness.successThreshold }} @@ -110,14 +110,14 @@ spec: {{ end }} readinessProbe: tcpSocket: - port: {{ template "wfd-fe.internalPort" . }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} successThreshold: {{ .Values.readiness.successThreshold }} failureThreshold: {{ .Values.readiness.failureThreshold }} startupProbe: tcpSocket: - port: {{ template "wfd-fe.internalPort" . }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} periodSeconds: {{ .Values.startup.periodSeconds }} successThreshold: {{ .Values.startup.successThreshold }} @@ -128,13 +128,13 @@ spec: - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: BACKEND - value: {{ .Values.config.backendServerURL }} + value: "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.backendServerURL.https .Values.config.backendServerURL.http }}" - name: IS_HTTPS - value: "{{ .Values.config.isHttpsEnabled}}" - {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }} + value: "{{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}" + {{- if and (include "common.needTLS" .) (eq .Values.security.isDefaultStore false) }} - name: TRUST_ALL value: "{{ .Values.config.isTrustAll}}" - {{ end }} + {{- end }} volumeMounts: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml index bc838ac22f..08feb5a6ed 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml @@ -31,7 +31,7 @@ metadata: "version": "v1", "url": "/", "protocol": "UI", - "port": "{{ .Values.service.internalPort2 }}", + "port": "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}", "visualRange":"0|1" } ]' @@ -39,13 +39,13 @@ spec: type: {{ .Values.service.type }} ports: {{if eq .Values.service.type "NodePort" -}} - - port: {{ template "wfd-fe.internalPort" . }} + - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- else -}} - - port: {{ if .Values.config.isHttpsEnabled }}{{ .Values.service.externalPort2 }}{{ else }}{{ .Values.service.externalPort }}{{ end }} - targetPort: {{ template "wfd-fe.internalPort" . }} - name: {{ .Values.service.portName }} + - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort2 .Values.service.externalPort }} + targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml index b3e3b39a41..c7e680a745 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml @@ -55,8 +55,9 @@ debugEnabled: false config: javaOptions: "-Xmx256m -Xms256m" - backendServerURL: "https://sdc-wfd-be:8443" - isHttpsEnabled: true + backendServerURL: + https: "https://sdc-wfd-be:8443" + http: "http://sdc-wfd-be:8080" # following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties isTrustAll: true # https relevant settings. Change in case you have other trust files then default ones. diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json index 3b03205ffc..c9535592d8 100755 --- a/kubernetes/sdc/resources/config/environments/AUTO.json +++ b/kubernetes/sdc/resources/config/environments/AUTO.json @@ -8,7 +8,7 @@ "chef_type": "environment", "default_attributes": { - "disableHttp": {{ .Values.global.security.disableHttp }}, + "disableHttp": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}, "CS_VIP": "{{.Values.global.sdc_cassandra.serviceName}}.{{include "common.namespace" .}}", "BE_VIP": "sdc-be.{{include "common.namespace" .}}", "ONBOARDING_BE_VIP": "sdc-onboarding-be.{{include "common.namespace" .}}", @@ -112,11 +112,13 @@ "username": "user1@sdc.com", "password": "password==" } + {{- if .Values.global.aafEnabled }} }, "jetty": { "keystore_pwd": "${KEYSTORE_PASS}", "truststore_pwd": "${TRUSTSTORE_PASS}", "keymanager_pwd": "${KEYMANAGER_PASS}" + {{- end }} } } } diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index 73e9654328..e7643069bf 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -40,8 +40,6 @@ global: writeConsistencyLevel: ALL clusterName: cassandra dataCenter: Pod - security: - disableHttp: true centralizedLoggingEnabled: true sdc-be: diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml index 486426139b..a1a583b3f9 100644 --- a/kubernetes/sdnc/components/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-dmaap-listener-image:2.2.4 +image: onap/sdnc-dmaap-listener-image:2.2.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml index 1824e161b9..b247e71452 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ansible-server-image:2.2.4 +image: onap/sdnc-ansible-server-image:2.2.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml index 3f335e6885..f75b56726c 100644 --- a/kubernetes/sdnc/components/sdnc-web/values.yaml +++ b/kubernetes/sdnc/components/sdnc-web/values.yaml @@ -23,7 +23,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: "onap/sdnc-web-image:2.2.4" +image: "onap/sdnc-web-image:2.2.5" pullPolicy: Always config: diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml index e0bafb6b32..795ffeaa79 100644 --- a/kubernetes/sdnc/components/ueb-listener/values.yaml +++ b/kubernetes/sdnc/components/ueb-listener/values.yaml @@ -55,7 +55,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ueb-listener-image:2.2.4 +image: onap/sdnc-ueb-listener-image:2.2.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 33bbc8ab33..5d2f5be9b2 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -210,7 +210,7 @@ certificates: # application images pullPolicy: Always -image: onap/sdnc-image:2.2.4 +image: onap/sdnc-image:2.2.5 # flag to enable debugging - application support required debugEnabled: false |