diff options
11 files changed, 191 insertions, 69 deletions
diff --git a/kubernetes/common/network-name-gen/requirements.yaml b/kubernetes/common/network-name-gen/requirements.yaml index 9ef8db89a4..eda693f832 100644 --- a/kubernetes/common/network-name-gen/requirements.yaml +++ b/kubernetes/common/network-name-gen/requirements.yaml @@ -18,4 +18,9 @@ dependencies: repository: '@local'
- name: mariadb-galera
version: ~5.x-0
- repository: file://../mariadb-galera/
+ repository: '@local'
+ condition: global.mariadbGalera.localCluster
+ - name: mariadb-init
+ version: ~5.x-0
+ repository: '@local'
+ condition: not global.mariadbGalera.localCluster
diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml index 2f9cd6a158..a6d18e7a59 100644 --- a/kubernetes/common/network-name-gen/templates/deployment.yaml +++ b/kubernetes/common/network-name-gen/templates/deployment.yaml @@ -31,11 +31,19 @@ spec: release: {{ include "common.release" . }} spec: initContainers: +{{- if .Values.global.mariadbGalera.localCluster }} - command: - /root/ready.py args: - --container-name - {{ index .Values "mariadb-galera" "nameOverride" }} +{{- else }} + - command: + - /root/job_complete.py + args: + - --job-name + - {{ include "common.release" . }}-{{ index .Values "mariadb-init" "nameOverride" }}-config-job +{{- end }} env: - name: NAMESPACE valueFrom: @@ -53,11 +61,11 @@ spec: - name: SPRING_PROFILE value: "{{ .Values.config.springProfile }}" - name: NENG_DB_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10}} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "neng-db-secret" "key" "login") | indent 10}} - name: NENG_DB_PASS - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}} - name: NENG_DB_URL - value: {{ .Values.config.dbUrl }} + value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }} - name: POL_CLIENT_AUTH value: "{{ .Values.config.polClientAuth }}" - name: POL_BASIC_AUTH diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml index d5897013c4..0defa97c26 100644 --- a/kubernetes/common/network-name-gen/values.yaml +++ b/kubernetes/common/network-name-gen/values.yaml @@ -32,24 +32,29 @@ global: # image pull policy pullPolicy: IfNotPresent + mariadbGalera: &mariadbGalera + #This flag allows SO to instantiate its own mariadb-galera cluster + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera + ################################################################# # Secrets metaconfig ################################################################# secrets: - - uid: "db-user-creds" - externalSecret: '{{- include "common.mariadb.secret.userCredentialsSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}' + - uid: neng-db-secret + name: '{{ include "common.release" . }}-neng-db-secret' type: basicAuth - - uid: "db-root-pass" - externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}' - type: password + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.db.userPassword }}' # sub-chart config mariadb-galera: - config: - userName: nenguser - userPassword: nenguser123 - mariadbRootPassword: nenguser123 - mysqlDatabase: nengdb + config: &mariadbConfig + userCredentialsExternalSecret: '{{ include "common.release" . }}-neng-db-secret' + mysqlDatabase: nengdb nameOverride: nengdb service: name: nengdb @@ -59,6 +64,9 @@ mariadb-galera: enabled: true mountSubPath: network-name-gen/data +mariadb-init: + config: *mariadbConfig + nameOverride: nengdb-init ################################################################# # Application configuration defaults. @@ -70,7 +78,10 @@ pullPolicy: IfNotPresent # application configuration config: - dbUrl: jdbc:mysql://nengdb:3306/nengdb + db: + userName: nenguser + # userPassword: password + # userCredentialsExternalSecret: some-secret springProfile: live polClientAuth: cHl0aG9uOnRlc3Q= polBasicAuth: dGVzdHBkcDphbHBoYTEyMw== diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml index d7a0ea5ca3..f623496537 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml @@ -35,7 +35,7 @@ spec: - /root/ready.py args: - --container-name - - {{ .Values.mariadb.nameOverride }} + - {{ .Values.config.db.container }} env: - name: NAMESPACE valueFrom: @@ -50,18 +50,15 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST - value: {{ .Values.config.db_host }}.{{.Release.Namespace}} + value: {{ .Values.config.db.host }}.{{.Release.Namespace}} - name: DB_PORT - value: {{ .Values.config.db_port | quote}} + value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db_root }} + value: {{ .Values.config.db.root }} - name: DB_SCHEMA - value: {{ .Values.config.mysqlDatabase }} + value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-cmso-db-db-root-password - key: password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} terminationMessagePolicy: File volumeMounts: - name: {{ include "common.fullname" . }}-config @@ -74,18 +71,15 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST - value: {{ .Values.config.db_host }}.{{.Release.Namespace}} + value: {{ .Values.config.db.host }}.{{.Release.Namespace}} - name: DB_PORT - value: {{ .Values.config.db_port | quote}} + value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db_root }} + value: {{ .Values.config.db.root }} - name: DB_SCHEMA - value: {{ .Values.config.mysqlDatabase }} + value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-cmso-db-db-root-password - key: password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} - name: JAVA_TRUSTSTORE value: /share/etc/certs/{{ .Values.global.truststoreFile }} - name: SSL_KEYSTORE diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml new file mode 100644 index 0000000000..dee311c336 --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml index af56717fdc..a9a89ddd72 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml @@ -35,6 +35,23 @@ dbinit: # flag to enable debugging - application support required debugEnabled: false + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: cmso-db-root-password + type: password + password: '{{ .Values.config.db.rootPassword }}' + externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' + policy: required + - uid: cmso-db-user-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.user }}' + password: '{{ .Values.config.db.password }}' + passwordPolicy: required + ################################################################# # Application configuration defaults. ################################################################# @@ -70,19 +87,22 @@ service: config: - db_root: root - db_user: cmso-admin - mysqlDatabase: optimizer - db_host: oof-cmso-dbhost - db_port: 3306 + db: + port: 3306 + root: root +# rootPassword: pass +# rootPasswordExternalSecret: some secret +# user: cmso-admin +# password: pass +# userCredentialsExternalSecret: some-secret +# host: host +# container: container +# mysqlDatabase: optimizer topology_host: oof-cmso-topology topology_port: 7998 ticketmgt_host: oof-cmso-ticketmgt ticketmgt_port: 7999 -mariadb: - nameOverride: cmso-db - ingress: enabled: false diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml index 385d61684f..b0afb6e285 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml @@ -35,7 +35,7 @@ spec: - /root/ready.py args: - --container-name - - {{ .Values.mariadb.nameOverride }} + - {{ .Values.config.db.container }} env: - name: NAMESPACE valueFrom: @@ -50,18 +50,15 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST - value: {{ .Values.config.db_host }}.{{.Release.Namespace}} + value: {{ .Values.config.db.host }}.{{.Release.Namespace}} - name: DB_PORT - value: {{ .Values.config.db_port | quote}} + value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db_root }} + value: {{ .Values.config.db.root }} - name: DB_SCHEMA - value: {{ .Values.config.mysqlDatabase }} + value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-cmso-db-db-root-password - key: password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} terminationMessagePolicy: File volumeMounts: - name: {{ include "common.fullname" . }}-config @@ -98,18 +95,15 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST - value: {{ .Values.config.db_host }}.{{.Release.Namespace}} + value: {{ .Values.config.db.host }}.{{.Release.Namespace}} - name: DB_PORT - value: {{ .Values.config.db_port | quote}} + value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db_user }} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} - name: DB_SCHEMA - value: {{ .Values.config.mysqlDatabase }} + value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-cmso-db-db-user-credentials - key: password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}} - name: JAVA_TRUSTSTORE value: /share/etc/certs/{{ .Values.global.truststoreFile }} - name: SSL_KEYSTORE diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml new file mode 100644 index 0000000000..dee311c336 --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml index 85f6094615..345f03d4d3 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml @@ -37,6 +37,22 @@ dbinit: debugEnabled: false ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: cmso-db-root-password + type: password + password: '{{ .Values.config.db.rootPassword }}' + externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' + policy: required + - uid: cmso-db-user-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.user }}' + password: '{{ .Values.config.db.password }}' + passwordPolicy: required + +################################################################# # Application configuration defaults. ################################################################# # default number of instances @@ -71,17 +87,20 @@ service: config: - db_root: root - db_user: cmso-admin - mysqlDatabase: cmso - db_host: oof-cmso-dbhost - db_port: 3306 + db: + port: 3306 + root: root +# rootPassword: pass +# rootPasswordExternalSecret: some secret +# user: cmso-admin +# password: pass +# userCredentialsExternalSecret: some-secret +# host: host +# container: container +# mysqlDatabase: cmso optimizer_host: oof-cmso-optimizer optimizer_port: 7997 -mariadb: - nameOverride: cmso-db - ingress: enabled: false diff --git a/kubernetes/oof/charts/oof-cmso/templates/secret.yaml b/kubernetes/oof/charts/oof-cmso/templates/secret.yaml index 11a9221fed..3c61bf3bdc 100644 --- a/kubernetes/oof/charts/oof-cmso/templates/secret.yaml +++ b/kubernetes/oof/charts/oof-cmso/templates/secret.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +{{ include "common.secret" . }} +--- apiVersion: v1 kind: Secret metadata: diff --git a/kubernetes/oof/charts/oof-cmso/values.yaml b/kubernetes/oof/charts/oof-cmso/values.yaml index c97138bded..2b8ad9487d 100644 --- a/kubernetes/oof/charts/oof-cmso/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/values.yaml @@ -12,6 +12,23 @@ # See the License for the specific language governing permissions and # limitations under the License. +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: cmso-db-root-password + name: '{{ include "common.release" . }}-cmso-db-root-password' + type: password + password: '' + policy: generate + - uid: cmso-db-secret + name: '{{ include "common.release" . }}-cmso-db-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.db.userPassword }}' + passwordPolicy: generate + mariadb-galera: replicaCount: 1 nameOverride: cmso-db @@ -26,9 +43,8 @@ mariadb-galera: enabled: true disableNfsProvisioner: true config: - mariadbRootPassword: beer - userName: cmso-admin - userPassword: nimda-osmc + mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' + userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' mysqlDatabase: cmso externalConfig: | [mysqld] @@ -49,4 +65,26 @@ flavor: small config: log: logstashServiceName: log-ls - logstashPort: 5044
\ No newline at end of file + logstashPort: 5044 + db: + # userCredentialsExternalsecret: some secret + userName: cmso-admin + # userPassword: password + +oof-cmso-service: + config: + db: + userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' + rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' + host: oof-cmso-dbhost + container: cmso-db + mysqlDatabase: cmso + +oof-cmso-optimizer: + config: + db: + userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' + rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' + host: oof-cmso-dbhost + container: cmso-db + mysqlDatabase: optimizer |