diff options
22 files changed, 99 insertions, 23 deletions
diff --git a/kubernetes/aai b/kubernetes/aai -Subproject 40aacd4952fc1d8a37f4ad44c89bef093762b81 +Subproject ed292323735ea0b366960474d15fcfa23b209d0 diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh index 6aad5912f4..512f38020b 100755 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh @@ -139,8 +139,6 @@ then if $ENABLE_AAF then cp ${APPC_HOME}/data/properties/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml - else - cp ${APPC_HOME}/data/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml fi fi diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index a4200c3fd1..c2261d1ded 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -109,7 +109,7 @@ mongo: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.2 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.3 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager @@ -118,7 +118,7 @@ componentImages: holmes_rules: onap/holmes/rule-management:1.2.7 holmes_engine: onap/holmes/engine-management:1.2.6 tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2 - tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.0 + tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.1 ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.4 snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0 prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2 diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml index 592def272f..a56552e6c0 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml @@ -72,7 +72,7 @@ readiness: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.0 +image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.1 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml index 4d87c0655e..45dc30e4ee 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml @@ -70,6 +70,7 @@ configurationOverrides: "log.retention.hours": "168" "zookeeper.connection.timeout.ms": "6000" "default.replication.factor": "3" + "zookeeper.set.acl": "true" jmx: port: 5555 diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml index 30f4abd588..e48982319f 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml @@ -171,8 +171,6 @@ spec: value: "{{ .Values.zkConfig.clientPort }}" - name: KAFKA_OPTS value: "{{ .Values.zkConfig.kafkaOpts }}" - - name: EXTRA_ARGS - value: "{{ .Values.zkConfig.extraArgs }}" - name: ZOOKEEPER_SERVER_ID valueFrom: fieldRef: diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml index 4abb6e3c4a..4f861f8789 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml @@ -31,7 +31,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/zookeeper:6.0.2 +image: onap/dmaap/zookeeper:6.0.3 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 busyBoxImage: busybox:1.30 @@ -75,8 +75,7 @@ zkConfig: autoPurgeSnapRetainCount: 3 autoPurgePurgeInterval: 24 heapOptions: -Xmx2G -Xms2G - kafkaOpts: -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider - extraArgs: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf + kafkaOpts: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl clientPort: 2181 jmx: diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml index ecc5689668..f9f20a3665 100644 --- a/kubernetes/dmaap/values.yaml +++ b/kubernetes/dmaap/values.yaml @@ -42,7 +42,7 @@ global: #AAF global config overrides aafEnabled: true - aafAgentImage: onap/aaf/aaf_agent:2.1.15 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 aafAppNs: org.osaaf.aaf aafLocatorContainer: oom diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml index f623496537..c2d6f8c7ef 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml @@ -58,7 +58,7 @@ spec: - name: DB_SCHEMA value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} terminationMessagePolicy: File volumeMounts: - name: {{ include "common.fullname" . }}-config @@ -79,7 +79,7 @@ spec: - name: DB_SCHEMA value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} - name: JAVA_TRUSTSTORE value: /share/etc/certs/{{ .Values.global.truststoreFile }} - name: SSL_KEYSTORE diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml index dee311c336..bd7eb8ea40 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml index b0afb6e285..b41b840fde 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml @@ -58,7 +58,7 @@ spec: - name: DB_SCHEMA value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} terminationMessagePolicy: File volumeMounts: - name: {{ include "common.fullname" . }}-config @@ -99,11 +99,11 @@ spec: - name: DB_PORT value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} - name: DB_SCHEMA value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}} - name: JAVA_TRUSTSTORE value: /share/etc/certs/{{ .Values.global.truststoreFile }} - name: SSL_KEYSTORE diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml index dee311c336..bd7eb8ea40 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/charts/oof-cmso/templates/secret.yaml b/kubernetes/oof/charts/oof-cmso/templates/secret.yaml index 3c61bf3bdc..3dbdd31b1f 100644 --- a/kubernetes/oof/charts/oof-cmso/templates/secret.yaml +++ b/kubernetes/oof/charts/oof-cmso/templates/secret.yaml @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} --- apiVersion: v1 kind: Secret diff --git a/kubernetes/policy/charts/pdp/templates/secrets.yaml b/kubernetes/policy/charts/pdp/templates/secrets.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/policy/charts/pdp/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/pdp/templates/statefulset.yaml b/kubernetes/policy/charts/pdp/templates/statefulset.yaml index 127c400c12..16d5fb5cec 100644 --- a/kubernetes/policy/charts/pdp/templates/statefulset.yaml +++ b/kubernetes/policy/charts/pdp/templates/statefulset.yaml @@ -58,6 +58,11 @@ spec: name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: JDBC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: JDBC_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} resources: {{ include "common.resources" . | indent 12 }} ports: diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml index 8b3b9d4a3b..7b9c561a61 100644 --- a/kubernetes/policy/charts/pdp/values.yaml +++ b/kubernetes/policy/charts/pdp/values.yaml @@ -24,6 +24,17 @@ global: loggingImage: beats/filebeat:5.5.0 ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required + +################################################################# # Application configuration defaults. ################################################################# # application image @@ -35,6 +46,11 @@ pullPolicy: Always debugEnabled: false # application configuration + +db: + user: policy_user + password: policy_user + config: papPort: 9091 diff --git a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh index 052b6f2c2f..0e473105a2 100644 --- a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh +++ b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh @@ -78,8 +78,17 @@ else # wait for DB up # now that DB is up, invoke database upgrade # (which does nothing if the db is already up-to-date) - dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=)) - dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=)) + if [[ -v JDBC_USER ]]; then + dbuser=${JDBC_USER}; + else + dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=)) + fi + + if [[ -v JDBC_PASSWORD ]]; then + dbpw=${JDBC_PASSWORD} + else + dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=)) + fi db_upgrade_remote.sh $dbuser $dbpw {{.Values.global.mariadb.service.name}} fi diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties index 29feeb6e24..f2c2cd7765 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties +++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties @@ -49,5 +49,5 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome # javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory -javax.persistence.jdbc.user={{ .Values.global.mariadb.config.userName }} -javax.persistence.jdbc.password={{ .Values.global.mariadb.config.userPassword | b64enc }} +javax.persistence.jdbc.user=${SQL_USER} +javax.persistence.jdbc.password=${SQL_PASSWORD} diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml index 57e7c78218..5b02c177b5 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml @@ -37,6 +37,11 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"] args: ["/opt/app/policy/pdpx/etc/mounted/config.json"] + env: + - name: SQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml index 5c062a0e7a..dc7266e9a1 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml @@ -23,6 +23,17 @@ global: persistence: {} ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required + +################################################################# # Application configuration defaults. ################################################################# # application image @@ -35,6 +46,10 @@ debugEnabled: false # application configuration +db: + user: policy_user + password: policy_user + # default number of instances replicaCount: 1 diff --git a/kubernetes/robot b/kubernetes/robot -Subproject a8e1918a02156ecec86409948d400669c2e67bb +Subproject 60271b7510ea9d57ed56cd9958d1c07f5ceaf3c |