diff options
223 files changed, 2083 insertions, 671 deletions
diff --git a/kubernetes/Makefile b/kubernetes/Makefile index b25381fd81..dfad45ff24 100644 --- a/kubernetes/Makefile +++ b/kubernetes/Makefile @@ -19,6 +19,7 @@ ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) OUTPUT_DIR := $(ROOT_DIR)/dist PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets +HELM_VER := $(shell helm version --template "{{.Version}}") ifneq ($(SKIP_LINT),TRUE) HELM_LINT_CMD := helm lint @@ -65,7 +66,12 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif + @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml index 827a51de93..ac26f9b575 100644 --- a/kubernetes/a1policymanagement/values.yaml +++ b/kubernetes/a1policymanagement/values.yaml @@ -30,7 +30,7 @@ secrets: passwordPolicy: required repository: nexus3.onap.org:10001 -image: onap/ccsdk-oran-a1policymanagementservice:1.0.0 +image: onap/ccsdk-oran-a1policymanagementservice:1.1.0 pullPolicy: IfNotPresent replicaCount: 1 diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml index bf1179d49a..84d69ed127 100644 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml @@ -28,7 +28,7 @@ spec: selector: matchLabels: app: {{ include "common.name" . }} - serviceName: + serviceName: {{ include "common.servicename" . }} template: metadata: labels: diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml index 45bf399437..b50fe7789c 100644 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml @@ -28,7 +28,7 @@ spec: selector: matchLabels: app: {{ include "common.name" . }} - serviceName: + serviceName: {{ include "common.servicename" . }} template: metadata: labels: diff --git a/kubernetes/aaf/components/aaf-sms/templates/job.yaml b/kubernetes/aaf/components/aaf-sms/templates/job.yaml index b3745e1e52..3650990b99 100644 --- a/kubernetes/aaf/components/aaf-sms/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/job.yaml @@ -25,7 +25,6 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: - replicas: {{ .Values.replicaCount }} template: metadata: labels: diff --git a/kubernetes/aaf/components/aaf-sms/values.yaml b/kubernetes/aaf/components/aaf-sms/values.yaml index dccf57ca96..148d10da13 100644 --- a/kubernetes/aaf/components/aaf-sms/values.yaml +++ b/kubernetes/aaf/components/aaf-sms/values.yaml @@ -104,6 +104,11 @@ service: internalPort: 10443 externalPort: 10443 +#define value for aaf-sms-quorumclient subchart +aaf-sms-quorumclient: + service: + name: aaf-sms + persistence: enabled: true volumeReclaimPolicy: Retain diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/deployment.yaml index 53ea99524b..2715120ba9 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/deployment.yaml @@ -17,7 +17,7 @@ {{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} apiVersion: apps/v1 -kind: StatefulSet +kind: Deployment metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: selector: {{- include "common.selectors" . | nindent 4 }} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml index 23fe79d716..90d18997ac 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml @@ -48,17 +48,16 @@ spec: - name: {{ include "common.fullname" . }}-tpmconfig mountPath: "/abrmd/cred/" readOnly: true - resources: {{ toYaml .Values.resources | nindent 10 }} + resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} - {{- end -}} {{- if .Values.global.tpm.enabled }} {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} {{- end -}} + {{- end -}} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} - resources: {{ include "common.resources" . | nindent 10 }} volumes: - name: {{ include "common.fullname" . }}-data persistentVolumeClaim: diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml index c6041d124d..c40c6b075a 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml @@ -20,7 +20,6 @@ apiVersion: batch/v1 kind: Job metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - replicas: {{ .Values.replicaCount }} serviceName: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml index 1643c15c5d..021276b06d 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml @@ -20,7 +20,6 @@ apiVersion: batch/v1 kind: Job metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - replicas: {{ .Values.replicaCount }} template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: diff --git a/kubernetes/aai b/kubernetes/aai -Subproject 944970742185cccb73110875d1b4ad9f7305337 +Subproject 628ecd0d519acc6b4717d05aa12fd4f7b7dfc55 diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml index f1b00c09f4..b23a1b05c2 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml @@ -61,7 +61,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-blueprintsprocessor:0.7.5 +image: onap/ccsdk-blueprintsprocessor:1.0.0 pullPolicy: Always # flag to enable debugging - application support required @@ -167,21 +167,21 @@ logback: hibernate: INFO onapCcsdkCds: INFO -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi +flavor: small + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} diff --git a/kubernetes/cds/charts/cds-command-executor/values.yaml b/kubernetes/cds/charts/cds-command-executor/values.yaml index 5fcfbc4787..fff3fc7298 100755 --- a/kubernetes/cds/charts/cds-command-executor/values.yaml +++ b/kubernetes/cds/charts/cds-command-executor/values.yaml @@ -39,7 +39,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-commandexecutor:0.7.5 +image: onap/ccsdk-commandexecutor:1.0.0 pullPolicy: Always # application configuration diff --git a/kubernetes/cds/charts/cds-py-executor/values.yaml b/kubernetes/cds/charts/cds-py-executor/values.yaml index 6a29b1c80c..6a7f30fdce 100755 --- a/kubernetes/cds/charts/cds-py-executor/values.yaml +++ b/kubernetes/cds/charts/cds-py-executor/values.yaml @@ -37,7 +37,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-py-executor:0.7.5 +image: onap/ccsdk-py-executor:1.0.0 pullPolicy: Always # default number of instances diff --git a/kubernetes/cds/charts/cds-sdc-listener/values.yaml b/kubernetes/cds/charts/cds-sdc-listener/values.yaml index 50462bbed7..102ea0f36c 100644 --- a/kubernetes/cds/charts/cds-sdc-listener/values.yaml +++ b/kubernetes/cds/charts/cds-sdc-listener/values.yaml @@ -36,7 +36,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-sdclistener:0.7.5 +image: onap/ccsdk-sdclistener:1.0.0 name: sdc-listener pullPolicy: Always @@ -88,21 +88,21 @@ logback: hibernate: INFO onapCcsdkCds: INFO -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory -# Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi +flavor: small + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/charts/cds-ui/values.yaml index da8bf8c871..9fad2aa667 100644 --- a/kubernetes/cds/charts/cds-ui/values.yaml +++ b/kubernetes/cds/charts/cds-ui/values.yaml @@ -26,7 +26,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-cds-ui-server:0.7.5 +image: onap/ccsdk-cds-ui-server:1.0.0 pullPolicy: Always # application configuration diff --git a/kubernetes/clamp/Makefile b/kubernetes/clamp/Makefile index 8af301d7ae..248fb056ab 100644 --- a/kubernetes/clamp/Makefile +++ b/kubernetes/clamp/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/application.properties b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties index b2cee395b9..5bea37aaa3 100644 --- a/kubernetes/clamp/components/clamp-backend/resources/config/application.properties +++ b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties @@ -43,7 +43,7 @@ server.ssl.trust-store-password=${cadi_truststore_password} spring.datasource.username=${MYSQL_USER} spring.datasource.password=${MYSQL_PASSWORD} spring.datasource.url=jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3 -spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements +spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements #The log folder that will be used in logback.xml file clamp.config.files.sdcController=file:/opt/clamp/sdc-controllers-config.json @@ -66,4 +66,4 @@ clamp.config.dcae.deployment.userName=none clamp.config.dcae.deployment.password=none #AAF related parameters -clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095
\ No newline at end of file +clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095 diff --git a/kubernetes/clamp/components/clamp-backend/values.yaml b/kubernetes/clamp/components/clamp-backend/values.yaml index a6d5ca0b4c..97eebeb187 100644 --- a/kubernetes/clamp/components/clamp-backend/values.yaml +++ b/kubernetes/clamp/components/clamp-backend/values.yaml @@ -66,7 +66,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-backend:5.1.0 +image: onap/clamp-backend:5.1.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/components/clamp-dash-es/requirements.yaml b/kubernetes/clamp/components/clamp-dash-es/requirements.yaml index caff1e5dc4..317d5b5d79 100644 --- a/kubernetes/clamp/components/clamp-dash-es/requirements.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/requirements.yaml @@ -17,3 +17,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml index 1eb20fce89..9e04d5ae01 100644 --- a/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml +++ b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml @@ -106,14 +106,24 @@ transport.tcp.port: {{.Values.service.externalPort2}} ######## Start OpenDistro for Elasticsearch Security Demo Configuration ######## # WARNING: revise all the lines below before you go into production +{{- if .Values.global.aafEnabled }} +opendistro_security.ssl.transport.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }} +opendistro_security.ssl.transport.pemkey_filepath: {{ .Values.certInitializer.clamp_key }} +opendistro_security.ssl.transport.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }} +opendistro_security.ssl.http.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }} +opendistro_security.ssl.http.pemkey_filepath: {{ .Values.certInitializer.clamp_key }} +opendistro_security.ssl.http.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }} +{{- else }} opendistro_security.ssl.transport.pemcert_filepath: esnode.pem opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem -opendistro_security.ssl.transport.enforce_hostname_verification: false -opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}} opendistro_security.ssl.http.pemcert_filepath: esnode.pem opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem +{{- end }} +opendistro_security.ssl.transport.enforce_hostname_verification: false +opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}} + opendistro_security.allow_unsafe_democertificates: true opendistro_security.allow_default_init_securityindex: true opendistro_security.authcz.admin_dn: diff --git a/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml index 0ec38b08e3..0e37df7ddc 100644 --- a/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml @@ -59,10 +59,22 @@ spec: mountPath: /usr/share/elasticsearch/logs/ - name: {{ include "common.fullname" . }}-data mountPath: /usr/share/elasticsearch/data/ +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_key }} + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_pem }} + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_ca_certs_pem }} + /usr/local/bin/docker-entrypoint.sh + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} name: {{ include "common.servicename" . }} @@ -85,7 +97,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} env: - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -104,7 +116,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/clamp/components/clamp-dash-es/values.yaml b/kubernetes/clamp/components/clamp-dash-es/values.yaml index 27158a6668..04580a0354 100644 --- a/kubernetes/clamp/components/clamp-dash-es/values.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/values.yaml @@ -20,6 +20,44 @@ global: nodePortPrefix: 302 repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== persistence: {} + centralizedLoggingEnabled: true + #AAF service + aafEnabled: true + +################################################################# +# AAF part +################################################################# +certInitializer: + permission_user: 1000 + permission_group: 999 + addconfig: true + keystoreFile: "org.onap.clamp.p12" + truststoreFile: "org.onap.clamp.trust.jks" + keyFile: "org.onap.clamp.keyfile" + truststoreFileONAP: "truststoreONAPall.jks" + clamp_key: "org.onap.clamp.crt.key" + clamp_pem: "org.onap.clamp.key.pem" + clamp_ca_certs_pem: "clamp-ca-certs.pem" + nameOverride: clamp-es-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: clamp + fqi: clamp@clamp.onap.org + public_fqdn: clamp.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; + export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); + cd {{ .Values.credsPath }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; + chmod a+rx *; + flavor: small ################################################################# @@ -32,7 +70,7 @@ busyboxImage: library/busybox:latest # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-elasticsearch:5.0.3 +image: onap/clamp-dashboard-elasticsearch:5.0.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml b/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml index caff1e5dc4..317d5b5d79 100644 --- a/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml @@ -17,3 +17,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml b/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml index db81e3da00..acfb4cc081 100644 --- a/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml +++ b/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml @@ -18,9 +18,13 @@ server.host: "0" server.port: {{.Values.service.externalPort}} server.ssl.enabled: {{.Values.config.sslEnabled}} +{{- if .Values.global.aafEnabled }} +server.ssl.certificate: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }} +server.ssl.key: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }} +{{ else }} server.ssl.certificate: {{.Values.config.sslPemCertFilePath}} server.ssl.key: {{.Values.config.sslPemkeyFilePath}} - +{{- end }} # The URL of the Elasticsearch instance to use for all your queries. elasticsearch.hosts: ${elasticsearch_base_url} diff --git a/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml index 0e5f65cabb..d9a3035123 100644 --- a/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml @@ -49,6 +49,7 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -73,7 +74,7 @@ spec: env: - name: elasticsearch_base_url value: "{{ternary "https" "http" .Values.security.ssl.enabled}}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}" - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -90,7 +91,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml index 0cd8cfbd36..e5d7174e85 100644 --- a/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020 Samsung, Orange +{{/* # Copyright © 2020 Samsung, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,5 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.ingress" . }} diff --git a/kubernetes/clamp/components/clamp-dash-kibana/values.yaml b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml index 11f29570bd..37dae0ffb1 100644 --- a/kubernetes/clamp/components/clamp-dash-kibana/values.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml @@ -21,6 +21,44 @@ global: repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== readinessImage: onap/oom/readiness:3.0.1 persistence: {} + centralizedLoggingEnabled: true + #AAF service + aafEnabled: true + +################################################################# +# AAF part +################################################################# +certInitializer: + permission_user: 1000 + permission_group: 999 + addconfig: true + keystoreFile: "org.onap.clamp.p12" + truststoreFile: "org.onap.clamp.trust.jks" + keyFile: "org.onap.clamp.keyfile" + truststoreFileONAP: "truststoreONAPall.jks" + clamp_key: "org.onap.clamp.crt.key" + clamp_pem: "org.onap.clamp.key.pem" + clamp_ca_certs_pem: "clamp-ca-certs.pem" + nameOverride: clamp-kibana-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: clamp + fqi: clamp@clamp.onap.org + public_fqdn: clamp.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; + export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); + cd {{ .Values.credsPath }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; + chmod a+rx *; + flavor: small ################################################################# @@ -33,7 +71,7 @@ busyboxImage: library/busybox:latest # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-kibana:5.0.3 +image: onap/clamp-dashboard-kibana:5.0.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml b/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml index caff1e5dc4..317d5b5d79 100644 --- a/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml +++ b/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml @@ -17,3 +17,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf index c005fcca3e..87c8f06e42 100644 --- a/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf +++ b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf @@ -46,7 +46,11 @@ input { request_timeout => 30 schedule => { "every" => "1m" } codec => "plain" +{{- if .Values.global.aafEnabled }} + cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}" +{{- else }} cacert => "/certs.d/aafca.pem" +{{- end }} } } @@ -217,8 +221,13 @@ output { if "error" in [tags] { elasticsearch { + ilm_enabled => false codec => "json" +{{- if .Values.global.aafEnabled }} + cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}" +{{- else }} cacert => "/clamp-cert/ca-certs.pem" +{{- end }} ssl_certificate_verification => false hosts => ["${elasticsearch_base_url}"] user => ["${logstash_user}"] @@ -229,9 +238,14 @@ output { } else if "event-cl-aggs" in [tags] { elasticsearch { + ilm_enabled => false codec => "json" hosts => ["${elasticsearch_base_url}"] +{{- if .Values.global.aafEnabled }} + cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}" +{{- else }} cacert => "/clamp-cert/ca-certs.pem" +{{- end }} ssl_certificate_verification => false user => ["${logstash_user}"] password => ["${logstash_pwd}"] @@ -243,9 +257,14 @@ output { } else { elasticsearch { + ilm_enabled => false codec => "json" hosts => ["${elasticsearch_base_url}"] +{{- if .Values.global.aafEnabled }} + cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}" +{{- else }} cacert => "/clamp-cert/ca-certs.pem" +{{- end }} ssl_certificate_verification => false user => ["${logstash_user}"] password => ["${logstash_pwd}"] diff --git a/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml index acd108d2cf..887f722179 100644 --- a/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml +++ b/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml @@ -49,6 +49,7 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -91,7 +92,7 @@ spec: periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} {{ end -}} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -111,7 +112,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/clamp/components/clamp-dash-logstash/values.yaml b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml index c2a522b1c8..2b3c9f1712 100644 --- a/kubernetes/clamp/components/clamp-dash-logstash/values.yaml +++ b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml @@ -21,6 +21,44 @@ global: repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== readinessImage: onap/oom/readiness:3.0.1 persistence: {} + centralizedLoggingEnabled: true + #AAF service + aafEnabled: true + +################################################################# +# AAF part +################################################################# +certInitializer: + permission_user: 1000 + permission_group: 999 + addconfig: true + keystoreFile: "org.onap.clamp.p12" + truststoreFile: "org.onap.clamp.trust.jks" + keyFile: "org.onap.clamp.keyfile" + truststoreFileONAP: "truststoreONAPall.jks" + clamp_key: "org.onap.clamp.crt.key" + clamp_pem: "org.onap.clamp.key.pem" + clamp_ca_certs_pem: "clamp-ca-certs.pem" + nameOverride: clamp-logstash-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: clamp + fqi: clamp@clamp.onap.org + public_fqdn: clamp.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; + export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); + cd {{ .Values.credsPath }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; + chmod a+rx *; + flavor: small ################################################################# @@ -29,7 +67,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-logstash:5.0.3 +image: onap/clamp-dashboard-logstash:5.0.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml index d180fbf729..7a7609955e 100644 --- a/kubernetes/clamp/values.yaml +++ b/kubernetes/clamp/values.yaml @@ -93,7 +93,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-frontend:5.1.0 +image: onap/clamp-frontend:5.1.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/common/Makefile b/kubernetes/common/Makefile index eb782b4fd8..0e923b7a75 100644 --- a/kubernetes/common/Makefile +++ b/kubernetes/common/Makefile @@ -22,7 +22,7 @@ COMMON_CHARTS_DIR := common EXCLUDES := HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER != helm version --template "{{.Version}}" +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml index 1a188355d0..f6feee6e06 100644 --- a/kubernetes/common/cmpv2Config/values.yaml +++ b/kubernetes/common/cmpv2Config/values.yaml @@ -14,7 +14,8 @@ global: platform: certServiceClient: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.0.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 + secretName: oom-cert-service-client-tls-secret envVariables: # Certificate related cmpv2Organization: "Linux-Foundation" @@ -27,3 +28,6 @@ global: requestTimeout: "30000" keystorePassword: "secret" truststorePassword: "secret" + certPostProcessor: + image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0 + diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index cf88fe5c3f..6d1412ee39 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -83,7 +83,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-dgbuilder-image:0.7.4 +image: onap/ccsdk-dgbuilder-image:1.0.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/common/elasticsearch/components/data/values.yaml b/kubernetes/common/elasticsearch/components/data/values.yaml index 5624bee78b..a9e3d78ac1 100644 --- a/kubernetes/common/elasticsearch/components/data/values.yaml +++ b/kubernetes/common/elasticsearch/components/data/values.yaml @@ -46,7 +46,7 @@ service: - name: http-transport port: 9300 -image: bitnami/elasticsearch:6.8.6-debian-9-r23 +image: bitnami/elasticsearch:7.6.1 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/kubernetes/common/elasticsearch/components/master/values.yaml b/kubernetes/common/elasticsearch/components/master/values.yaml index 22c4987a98..23302335ea 100644 --- a/kubernetes/common/elasticsearch/components/master/values.yaml +++ b/kubernetes/common/elasticsearch/components/master/values.yaml @@ -43,7 +43,7 @@ replicaCount: 3 ## master acts as master only node, choose 'no' if no further data nodes are deployed) dedicatednode: "yes" ## dedicatednode: "no" -image: bitnami/elasticsearch:6.8.6-debian-9-r23 +image: bitnami/elasticsearch:7.6.1 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml index e6e532d168..31edcabfa1 100644 --- a/kubernetes/common/elasticsearch/values.yaml +++ b/kubernetes/common/elasticsearch/values.yaml @@ -40,7 +40,7 @@ sysctlImage: enabled: true # application image -image: bitnami/elasticsearch:6.8.6-debian-9-r23 +image: bitnami/elasticsearch:7.6.1 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml b/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml index 4d80c9e448..74c02bcd5f 100644 --- a/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml +++ b/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml @@ -37,7 +37,7 @@ spec: restartPolicy: Never initContainers: - name: {{ include "common.name" . }}-init-readiness - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /app/ready.py @@ -122,4 +122,4 @@ spec: name: {{ include "common.fullname" . }}-rabbitmq name: rabbitmq-config imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml b/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml index cfc517660a..6023bb4fdb 100644 --- a/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml +++ b/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml @@ -44,7 +44,7 @@ spec: initContainers: - name: {{ include "common.name" . }}-init-readiness - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /app/ready.py @@ -210,4 +210,4 @@ spec: name: {{ include "common.fullname" . }}-rabbitmq name: rabbitmq-config imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/contrib/components/awx/values.yaml b/kubernetes/contrib/components/awx/values.yaml index bf862b6b63..1ed35c2c23 100755 --- a/kubernetes/contrib/components/awx/values.yaml +++ b/kubernetes/contrib/components/awx/values.yaml @@ -16,6 +16,7 @@ # Global configuration defaults. ################################################################# global: + readinessRepository: nexus3.onap.org:10001 nodePortPrefixExt: 304 commonConfigPrefix: awx readinessImage: onap/oom/readiness:3.0.1 diff --git a/kubernetes/contrib/components/ejbca/values.yaml b/kubernetes/contrib/components/ejbca/values.yaml index 060dcd98a7..1a9a34bcd1 100644 --- a/kubernetes/contrib/components/ejbca/values.yaml +++ b/kubernetes/contrib/components/ejbca/values.yaml @@ -37,6 +37,7 @@ secrets: password: '{{ .Values.config.ejbca.clientIak }}' # application configuration +repository: nexus3.onap.org:10001 config: db: userName: ejbca diff --git a/kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml b/kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml index 2c4e668699..a1b8cf1aae 100644 --- a/kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml +++ b/kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml @@ -33,7 +33,7 @@ spec: restartPolicy: Never initContainers: - name: {{ include "common.name" . }}-init-readiness - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /app/ready.py diff --git a/kubernetes/contrib/components/netbox/values.yaml b/kubernetes/contrib/components/netbox/values.yaml index 0749d2d948..5dc4535ca3 100755 --- a/kubernetes/contrib/components/netbox/values.yaml +++ b/kubernetes/contrib/components/netbox/values.yaml @@ -16,6 +16,7 @@ # Global configuration defaults. ################################################################# global: + readinessRepository: nexus3.onap.org:10001 nodePortPrefixExt: 304 commonConfigPrefix: netbox readinessImage: onap/oom/readiness:3.0.1 diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json index 3979dd2407..d0413192c8 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json @@ -49,8 +49,12 @@ "state": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2State }}", "organizational_unit": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }}", "location": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Location }}", + "cert_secret_name": "{{ .Values.cmpv2Config.global.platform.certServiceClient.secretName }}", "keystore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.keystorePassword }}", "truststore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.truststorePassword }}" + }, + "truststore_merger": + { + "image_tag": "{{ .Values.global.tlsRepository }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}" } } - diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml index a0cbbbdba2..f571affec0 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml @@ -1,6 +1,7 @@ #============LICENSE_START======================================================== #================================================================================= -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2020 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,4 +20,9 @@ tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.hv_ves }} {{ end }} use_tls: true -security_ssl_disable: false
\ No newline at end of file +security_ssl_disable: false +external_cert_ca_name: "RA" +external_cert_common_name: "dcae-hv-ves-collector" +external_cert_sans: "dcae-hv-ves-collector:hv-ves-collector:hv-ves" +external_cert_cert_type: "JKS" +external_cert_use_external_tls: false diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml index 5074cb8a7f..02e4dd68fd 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml @@ -19,4 +19,4 @@ tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.tcagen2 }} {{ end }} tca_handle_in_subscribe_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/" -tca_handle_out_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.TCAGEN2_OUTPUT/" +tca_handle_out_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.DCAE_CL_OUTPUT/" diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml index 5a2a595ca6..4ff23b7b2d 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml @@ -30,4 +30,13 @@ ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/ ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/" ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/" ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/" +ves_3gpp_fault_supervision_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT/" +ves_3gpp_provisioning_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT/" +ves_3gpp_hearbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT/" +ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT/" user_list: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce" +external_cert_ca_name: "RA" +external_cert_common_name: "dcae-ves-collector" +external_cert_sans: "dcae-ves-collector:ves-collector:ves" +external_cert_cert_type: "JKS" +external_cert_use_external_tls: false diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml index dda75dd874..0cbe71a224 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml @@ -31,3 +31,7 @@ ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/ ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/" ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/" ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/" +ves_3gpp_fault_supervision_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT/" +ves_3gpp_provisioning_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT/" +ves_3gpp_hearbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT/" +ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT/"
\ No newline at end of file diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml index afacc26733..4d10bcc0c9 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -128,10 +128,7 @@ spec: - name: CMADDR value: {{ .Values.config.address.cm.host }} - name: CMPASS - valueFrom: - secretKeyRef: - name: {{ include "common.name" . }}-cmpass - key: password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14}} - name: CMPROTO value: {{ .Values.config.address.cm.proto }} - name: CMPORT diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml index 44395e48e8..6489659d86 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,18 +16,4 @@ # limitations under the License. # ============LICENSE_END========================================================= -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.name" . }}-cmpass - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - password: YWRtaW4= ---- {{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 367014d551..f35a6863d4 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -36,6 +36,10 @@ secrets: externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dcae-bootstrap-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' password: '{{ .Values.postgres.config.pgRootpassword }}' policy: generate + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' config: logstashServiceName: log-ls @@ -104,7 +108,7 @@ mongo: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.0.4 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.1.6 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager @@ -113,10 +117,10 @@ componentImages: holmes_rules: onap/holmes/rule-management:1.2.7 holmes_engine: onap/holmes/engine-management:1.2.6 tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.0 - ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.3 + ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.6 snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0 - prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2 - hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.4.0 + prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.4 + hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml index 539d202c0f..428c7816cd 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml @@ -1,7 +1,8 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada +# Copyright (c) 2020 J. F. Lucas. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -68,7 +69,6 @@ spec: - {{ include "common.namespace" . }} - --configmap - {{ .Values.multisiteConfigMapName }} - restartPolicy: Never - name: init-tls env: - name: POD_IP @@ -116,6 +116,7 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} {{ end }} readinessProbe: exec: @@ -123,6 +124,7 @@ spec: - /scripts/readiness-check.sh initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} volumeMounts: - mountPath: /opt/onap/config.txt subPath: config.txt @@ -144,6 +146,9 @@ spec: name: cm-persistent - mountPath: /opt/onap/certs name: tls-info + - mountPath: /opt/onap/cm-secrets + name: cm-secrets + readOnly: true securityContext: privileged: True volumes: @@ -171,5 +176,8 @@ spec: {{- end }} - emptyDir: {} name: tls-info + - name: cm-secrets + secret: + secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "cm-pass") }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml index 57cbe89cc1..960ec786b2 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. @@ -15,7 +16,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= - +*/}} {{ if .Values.dcae_ns}} # Create the namespace apiVersion: v1 diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml index dee9200eff..876b971db1 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml @@ -41,3 +41,5 @@ metadata: annotations: kubernetes.io/service-account.name: default type: kubernetes.io/service-account-token +--- +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index a727b1a41b..bb2987881c 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -1,7 +1,8 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada +# Copyright (c) 2020 J. F. Lucas. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -31,7 +32,15 @@ global: user: docker password: docker +secrets: + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + policy: required + config: + cloudifyManagerPassword: "override me" logstashServiceName: log-ls logstashPort: 5044 # Addresses of other ONAP entities @@ -45,7 +54,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.cm-container:3.1.0 +image: onap/org.onap.dcaegen2.deployments.cm-container:3.3.4 pullPolicy: Always # name of shared ConfigMap with kubeconfig for multiple clusters @@ -61,6 +70,7 @@ cleanupImage: onap/org.onap.dcaegen2.deployments.dcae-k8s-cleanup-container:1.0. liveness: initialDelaySeconds: 10 periodSeconds: 10 + timeoutSeconds: 5 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container # liveness not desirable for Cloudify Manager container @@ -68,7 +78,13 @@ liveness: readiness: initialDelaySeconds: 60 - periodSeconds: 10 + # In some environments we see CM coming up + # properly but readiness probe timing out. + # Increasing the timeout and adjusting the + # period so it's longer than the timeout. + # (DCAEGEN2-2465) + periodSeconds: 30 + timeoutSeconds: 10 service: type: ClusterIP @@ -79,21 +95,23 @@ service: # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) +# Due to memory issues in ONAP integration environment, +# we've increased the memory amounts for both flavors. resources: small: limits: cpu: 2 - memory: 2Gi + memory: 4Gi requests: cpu: 1 - memory: 1Gi + memory: 2Gi large: limits: cpu: 4 - memory: 4Gi + memory: 8Gi requests: cpu: 2 - memory: 2Gi + memory: 4Gi unlimited: {} # Kubernetes namespace for components deployed via Cloudify manager # If empty, use the common namespace diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml index 299e3ef878..e0e45c457a 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml @@ -89,7 +89,7 @@ spec: port: {{ .Values.service.secure.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} + {{ end }} readinessProbe: httpGet: scheme: "HTTPS" @@ -139,7 +139,7 @@ spec: port: {{ .Values.service.insecure.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} + {{ end }} readinessProbe: httpGet: scheme: "HTTP" diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml index 0d3082819f..a7be74a7ad 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml @@ -44,7 +44,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.configbinding:2.5.2 +image: onap/org.onap.dcaegen2.platform.configbinding:2.5.3 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml index e46901bc94..404927cda8 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -105,7 +105,7 @@ spec: successThreshold: 1 timeoutSeconds: 1 volumeMounts: - - mountPath: /usr/local/share/ca-certificates/ + - mountPath: /opt/app/osaaf/ name: tls-info - mountPath: /opt/logs/dcae/dashboard name: component-log @@ -119,7 +119,7 @@ spec: - name: postgres_port value: "{{ .Values.postgres.config.pgPort }}" - name: cloudify_password - value: admin + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }} - name: dhandler_url value: {{ .Values.config.dhandler_url }} - name: cfy_url diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml index b143034d8f..34932b713d 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml @@ -1,16 +1,17 @@ {{/* # Copyright © 2020 Samsung Electronics -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. */}} + {{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml index 884a753ff8..a86a1eed49 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml @@ -34,8 +34,14 @@ secrets: login: '{{ .Values.postgres.config.pgUserName }}' password: '{{ .Values.postgres.config.pgUserPassword }}' passwordPolicy: generate + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + policy: required config: + cloudifyManagerPassword: "override me" logstashServiceName: log-ls logstashPort: 5044 dhandler_url: https://deployment-handler:8443 @@ -52,7 +58,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.2 +image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.4.0 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml index 1a28bc45c0..88ec5cbe66 100755 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2020 Nokia # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -124,7 +124,7 @@ spec: - name: CLOUDIFY_USER value: admin - name: CLOUDIFY_PASSWORD - value: admin + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }} - name: CONFIG_BINDING_SERVICE value: config-binding-service - name: NODE_EXTRA_CA_CERTS diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml index fd705499d0..7e340db628 100644 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml @@ -31,7 +31,15 @@ global: user: docker password: docker +secrets: + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + policy: required + config: + cloudifyManagerPassword: "override me" logstashServiceName: log-ls logstashPort: 5044 # Addresses of other ONAP entities @@ -45,7 +53,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.deployment-handler:4.3.0 +image: onap/org.onap.dcaegen2.platform.deployment-handler:4.4.1 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml index ee2c03e237..3fec537716 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml @@ -53,7 +53,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.inventory-api:3.4.1 +image: onap/org.onap.dcaegen2.platform.inventory-api:3.5.1 pullPolicy: Always diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml index a29e334a25..61084fa26c 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -117,7 +117,7 @@ spec: - name: CLOUDIFY_USER value: admin - name: CLOUDIFY_PASSWORD - value: admin + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }} - name: CONFIG_BINDING_SERVICE value: config-binding-service - name: POD_IP diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml index 2d0930846f..4a587d82eb 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml @@ -31,7 +31,15 @@ global: user: docker password: docker +secrets: + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + policy: required + config: + cloudifyManagerPassword: "override me" logstashServiceName: log-ls logstashPort: 5044 # Addresses of other ONAP entities diff --git a/kubernetes/dcaegen2/templates/secrets.yaml b/kubernetes/dcaegen2/templates/secrets.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/dcaegen2/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml index 939bd115a4..1918a8fea7 100644 --- a/kubernetes/dcaegen2/values.yaml +++ b/kubernetes/dcaegen2/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2018 Amdocs, Bell Canada # Modifications Copyright © 2018-2019 AT&T +# Modifications Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,22 +26,47 @@ global: busyboxRepository: docker.io busyboxImage: library/busybox:1.30 +################################################################# +# Secrets metaconfig +################################################################# +secrets: +- name: &cmPassSecretName '{{ include "common.release" . }}-dcaegen2-cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + +config: {} + +# To work around DCAEGEN2-2450, set password strength to "basic" +# to ensure password contains only alphanumerics +passwordStrengthOverride: basic + # Enable all DCAE components by default dcae-bootstrap: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-cloudify-manager: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-config-binding-service: enabled: true dcae-dashboard: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-deployment-handler: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-healthcheck: enabled: true dcae-inventory-api: enabled: true dcae-policy-handler: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-servicechange-handler: enabled: true diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml index f373888ab8..c717ca3309 100644 --- a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml @@ -35,7 +35,7 @@ config: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.0.1 +image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.1.0 service: type: ClusterIP diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml index a83770ea45..161b3621a0 100644 --- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml @@ -92,7 +92,7 @@ postgres: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.2 +image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.3 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml index e2251e00fb..2d136c8324 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml @@ -34,7 +34,7 @@ config: #dashboardPassword: doesntmatter mrTopicURL: http://message-router:3904/events importCloudify: https://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml - importK8S: plugin:k8splugin?version=3.3.0 + importK8S: plugin:k8splugin?version=3.4.2 importPostgres: plugin:pgaas?version=1.3.0 importClamp: plugin:clamppolicyplugin?version=1.1.0 importDMaaP: plugin:dmaap?version=1.5.0 @@ -71,7 +71,7 @@ readiness: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.6 +image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.1.1 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index 2b4b722bfb..1e08954b66 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -24,7 +24,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/datarouter-node:2.1.6 +image: onap/dmaap/datarouter-node:2.1.7 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml index c4ca4edc8b..d33cb297db 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml @@ -15,7 +15,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ .Values.global.dmaapDrProvName }} + name: {{ default "dmaap-dr-prov" .Values.global.dmaapDrProvName }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index 1cf2e583d1..3d4febcde1 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -35,7 +35,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/datarouter-prov:2.1.6 +image: onap/dmaap/datarouter-prov:2.1.7 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml index fd4a67acfb..8a4caf6747 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml @@ -40,29 +40,12 @@ spec: prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }} {{- end }} spec: - podAntiAffinity: - {{if eq .Values.podAntiAffinityType "hard" -}} - requiredDuringSchedulingIgnoredDuringExecution: - {{- else -}} - preferredDuringSchedulingIgnoredDuringExecution: - {{- end}} - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - {{ include "common.name" . }} - - key: "release" - operator: In - values: - - {{ include "common.release" . }} - topologyKey: "kubernetes.io/hostname" {{- if .Values.nodeAffinity }} nodeAffinity: {{ toYaml .Values.nodeAffinity | indent 10 }} {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" initContainers: - name: {{ include "common.name" . }}-initcontainer image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}" @@ -286,5 +269,3 @@ spec: requests: storage: {{ .Values.persistence.size | quote }} {{ end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml index 7c6334c76d..ad9e5319f4 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml @@ -45,25 +45,12 @@ spec: prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }} {{- end }} spec: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - {{ include "common.name" . }} - - key: "release" - operator: In - values: - - {{ include "common.release" . }} - topologyKey: "kubernetes.io/hostname" {{- if .Values.nodeAffinity }} nodeAffinity: {{ toYaml .Values.nodeAffinity | indent 10 }} {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" initContainers: - name: {{ include "common.name" . }}-permission-fixer command: @@ -148,7 +135,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} resources: -{{ toYaml .Values.resources | indent 10 }} +{{ include "common.resources" . | indent 10 }} env: - name : KAFKA_HEAP_OPTS value: "{{ .Values.zkConfig.heapOptions }}" @@ -234,5 +221,3 @@ spec: requests: storage: {{ .Values.persistence.size | quote }} {{ end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/requirements.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/requirements.yaml index 7fdc969094..7d89fefe8d 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/requirements.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/requirements.yaml @@ -19,3 +19,11 @@ dependencies: - name: mariadb-galera version: ~6.x-0 repository: '@local' + condition: global.mariadbGalera.localCluster + - name: mariadb-init + version: ~6.x-0 + repository: '@local' + condition: not global.mariadbGalera.localCluster + - name: readinessCheck + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml index 91fa4830e2..52d675a39e 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml @@ -39,8 +39,8 @@ spec: - command: - /app/ready.py args: - - --container-name - - modeling-mariadb + - -j + - "{{ include "common.release" . }}-{{ include "common.name" . }}-config-job" env: - name: NAMESPACE valueFrom: @@ -49,7 +49,8 @@ spec: fieldPath: metadata.namespace image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + name: {{ include "common.name" . }}-job-readiness + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for.msb ) | indent 6 | trim }} - command: - /bin/sh - -c @@ -62,11 +63,6 @@ spec: mountPath: /service/modeling/etsicatalog/static containers: - name: {{ include "common.name" . }} - command: - - bash - args: - - -c - - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: @@ -86,16 +82,20 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbProtocol }}" - - name: SSL_ENABLED - value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - - name: MYSQL_ADDR - value: {{ (index .Values "mariadb-galera" "service" "name") }}:{{ (index .Values "mariadb-galera" "service" "internalPort") }} - - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}} + value: "{{ .Values.config.msbProtocol }}://{{ .Values.config.msbServiceName }}:{{ .Values.config.msbPort }}" + - name: SSL_ENABLED + value: "{{ .Values.config.ssl_enabled }}" + - name: MSB_ENABLED + value: "{{ .Values.config.msb_enabled }}" + - name: DB_IP + value: "{{ include "common.mariadbService" . }}" + - name: DB_PORT + value: "{{ include "common.mariadbPort" . }}" + - name: DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-db-secret" "key" "login") | indent 12 }} + - name: DB_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-db-secret" "key" "password") | indent 12 }} volumeMounts: - name: {{ include "common.fullname" . }}-etsicatalog mountPath: /service/modeling/etsicatalog/static diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml index b0cc27bd8d..8bfebf1679 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml @@ -1,4 +1,4 @@ -# Copyright (c) 2020 Samsung Electronics +{{/*# Copyright (c) 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,5 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml index 61aefa570c..4dbace3c0c 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml @@ -30,7 +30,7 @@ metadata: "url": "/api/parser/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.global.config.ssl_enabled }}, + "enable_ssl": {{ .Values.config.ssl_enabled }}, "visualRange":"1" }, { @@ -39,7 +39,7 @@ metadata: "url": "/api/catalog/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.global.config.ssl_enabled }}, + "enable_ssl": {{ .Values.config.ssl_enabled }}, "visualRange":"1" }, { @@ -48,7 +48,7 @@ metadata: "url": "/api/nsd/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.global.config.ssl_enabled }}, + "enable_ssl": {{ .Values.config.ssl_enabled }}, "visualRange":"1" }, { @@ -57,7 +57,7 @@ metadata: "url": "/api/vnfpkgm/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.global.config.ssl_enabled }}, + "enable_ssl": {{ .Values.config.ssl_enabled }}, "visualRange":"1" } ]' diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml index d4719dad5f..9bc8aa0433 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml @@ -21,29 +21,43 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 - config: - ssl_enabled: false - msbProtocol: https - msbServiceName: msb-iag - msbPort: 443 - persistence: mountPath: /dockerdata-nfs + mariadbGalera: + #This flag allows Modeling to instantiate its own mariadb-galera cluster + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera + +readinessCheck: + wait_for: + msb: + name: msb + containers: + - msb-iag + ################################################################# # Secrets metaconfig ################################################################# secrets: - - uid: "db-root-pass" - externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}' - type: password + - uid: modeling-db-secret + name: &dbSecretName '{{ include "common.release" . }}-modeling-db-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.db.userPassword }}' ################################################################# # Dependencies configuration ################################################################# mariadb-galera: - nameOverride: modeling-mariadb + config: &mariadbConfig + userCredentialsExternalSecret: *dbSecretName + mysqlDatabase: etsicatalog + nameOverride: modeling-db service: name: modeling-db portName: modeling-db @@ -54,14 +68,32 @@ mariadb-galera: enabled: true disableNfsProvisioner: true +mariadb-init: + config: *mariadbConfig + # nameOverride should be the same with common.name + nameOverride: modeling-etsicatalog + ################################################################# # Application configuration defaults. ################################################################# +config: + #application configuration about msb + ssl_enabled: false + msbProtocol: https + msbServiceName: msb-iag + msbPort: 443 + msb_enabled: true + #application configuration user password about mariadb + db: + userName: etsicatalog + # userPassword: password + # userCredentialsExternalSecret: some-secret + # application image flavor: small repository: nexus3.onap.org:10001 -image: onap/modeling/etsicatalog:1.0.6 +image: onap/modeling/etsicatalog:1.0.7 initImage: busybox:latest pullPolicy: Always diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml index 631cb7cba8..febb8a9624 100644 --- a/kubernetes/nbi/templates/deployment.yaml +++ b/kubernetes/nbi/templates/deployment.yaml @@ -51,7 +51,7 @@ spec: # so K8s doesn't restart unresponsive container {{- if .Values.global.aafEnabled }} command: - - bash + - sh args: - -c - | diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index 1fc1600374..0f3fd1a352 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -71,7 +71,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/externalapi/nbi:7.0.0 +image: onap/externalapi/nbi:7.0.2 pullPolicy: IfNotPresent sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU= aai_authorization: Basic QUFJOkFBSQ== diff --git a/kubernetes/onap/templates/clusterrolebinding.yaml b/kubernetes/onap/templates/clusterrolebinding.yaml index 2367143b11..c2f48d9ba8 100644 --- a/kubernetes/onap/templates/clusterrolebinding.yaml +++ b/kubernetes/onap/templates/clusterrolebinding.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ include "common.namespace" . }}-binding diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index e699581727..3413c3840e 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -106,8 +106,8 @@ global: ingress: enabled: false virtualhost: - enabled: true - baseurl: "simpledemo.onap.org" + enabled: true + baseurl: "simpledemo.onap.org" # Global Service Mesh configuration # POC Mode, don't use it in production @@ -125,7 +125,7 @@ global: cmpv2Enabled: true platform: certServiceClient: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.0.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 secret: name: oom-cert-service-client-tls-secret mountPath: /etc/onap/oom/certservice/certs/ @@ -141,6 +141,7 @@ global: requestURL: "https://oom-cert-service:8443/v1/certificate/" requestTimeout: "30000" keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks" + outputType: "P12" keystorePassword: "secret" truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks" truststorePassword: "secret" @@ -156,13 +157,12 @@ global: # default centralizedLoggingEnabled: ¢ralizedLogging false - -# Example of specific for the components where you want to disable TLS only for -# it: -# if set this element will force or not tls even if global.serviceMesh.tls and -# global.tlsEnabled is set otherwise. -# robot: -# tlsOverride: false + # Example of specific for the components where you want to disable TLS only for + # it: + # if set this element will force or not tls even if global.serviceMesh.tls and + # global.tlsEnabled is set otherwise. + # robot: + # tlsOverride: false # Global storage configuration # Set to "-" for default, or with the name of the storage class diff --git a/kubernetes/oof/Makefile b/kubernetes/oof/Makefile index 8af301d7ae..4628206e87 100644 --- a/kubernetes/oof/Makefile +++ b/kubernetes/oof/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,12 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif + @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/oof/components/Makefile b/kubernetes/oof/components/Makefile index 2fc0cbe4ab..02371366f6 100755 --- a/kubernetes/oof/components/Makefile +++ b/kubernetes/oof/components/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/oof/components/oof-cmso/Makefile b/kubernetes/oof/components/oof-cmso/Makefile index 52df18adad..48cebe96e7 100644 --- a/kubernetes/oof/components/oof-cmso/Makefile +++ b/kubernetes/oof/components/oof-cmso/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/oof/components/oof-cmso/components/Makefile b/kubernetes/oof/components/oof-cmso/components/Makefile index 35be2140e1..f7a698d0ec 100755 --- a/kubernetes/oof/components/oof-cmso/components/Makefile +++ b/kubernetes/oof/components/oof-cmso/components/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml index e7be354153..6b04cdb0d9 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml @@ -25,12 +25,12 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/optf-cmso-optimizer:2.2.0 +image: onap/optf-cmso-optimizer:2.3.0 pullPolicy: Always #init container image dbinit: - image: onap/optf-cmso-dbinit:2.2.0 + image: onap/optf-cmso-dbinit:2.3.0 # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml index 2906fb77c2..4f4503be62 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml @@ -25,13 +25,13 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/optf-cmso-service:2.2.0 -robotimage: onap/optf-cmso-robot:2.2.0 +image: onap/optf-cmso-service:2.3.0 +robotimage: onap/optf-cmso-robot:2.3.0 pullPolicy: Always #init container image dbinit: - image: onap/optf-cmso-dbinit:2.2.0 + image: onap/optf-cmso-dbinit:2.3.0 # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml index 4920113b41..1c1ae7ab43 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml @@ -24,7 +24,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/optf-cmso-ticketmgt:2.2.0 +image: onap/optf-cmso-ticketmgt:2.3.0 pullPolicy: Always diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml index a8911aa910..9d5cec1014 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml @@ -24,7 +24,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/optf-cmso-topology:2.2.0 +image: onap/optf-cmso-topology:2.3.0 pullPolicy: Always diff --git a/kubernetes/oof/components/oof-has/Makefile b/kubernetes/oof/components/oof-has/Makefile index 52df18adad..48cebe96e7 100644 --- a/kubernetes/oof/components/oof-has/Makefile +++ b/kubernetes/oof/components/oof-has/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/oof/components/oof-has/components/Makefile b/kubernetes/oof/components/oof-has/components/Makefile index 35be2140e1..f7a698d0ec 100755 --- a/kubernetes/oof/components/oof-has/components/Makefile +++ b/kubernetes/oof/components/oof-has/components/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml index c61be424fe..1538b47343 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml @@ -93,7 +93,7 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/bin/bash","-c"] - args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --logto /var/log/conductor/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"] + args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"] ports: - containerPort: {{ .Values.uwsgi.internalPort }} # disable liveness probe when breakpoints set in debugger diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml index 0cd8cfbd36..2afc5dad2a 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020 Samsung, Orange +{{/*# Copyright © 2020 Samsung, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,5 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.ingress" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml index 81c14afead..f19ecb61ee 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml @@ -16,7 +16,7 @@ global: # global defaults nodePortPrefix: 302 image: - optf_has: onap/optf-has:2.0.4 + optf_has: onap/optf-has:2.1.1 service: type: NodePort diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml index 83c3c43b40..5fa0f2408e 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml @@ -16,7 +16,7 @@ global: readinessImage: onap/oom/readiness:3.0.1 repository: nexus3.onap.org:10001 image: - optf_has: onap/optf-has:2.0.4 + optf_has: onap/optf-has:2.1.1 ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml index 83c3c43b40..5fa0f2408e 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml @@ -16,7 +16,7 @@ global: readinessImage: onap/oom/readiness:3.0.1 repository: nexus3.onap.org:10001 image: - optf_has: onap/optf-has:2.0.4 + optf_has: onap/optf-has:2.1.1 ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml index 83c3c43b40..5fa0f2408e 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml @@ -16,7 +16,7 @@ global: readinessImage: onap/oom/readiness:3.0.1 repository: nexus3.onap.org:10001 image: - optf_has: onap/optf-has:2.0.4 + optf_has: onap/optf-has:2.1.1 ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml index 83c3c43b40..5fa0f2408e 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml @@ -16,7 +16,7 @@ global: readinessImage: onap/oom/readiness:3.0.1 repository: nexus3.onap.org:10001 image: - optf_has: onap/optf-has:2.0.4 + optf_has: onap/optf-has:2.1.1 ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/resources/config/conductor.conf b/kubernetes/oof/components/oof-has/resources/config/conductor.conf index 881ed22562..4c7228a301 100755 --- a/kubernetes/oof/components/oof-has/resources/config/conductor.conf +++ b/kubernetes/oof/components/oof-has/resources/config/conductor.conf @@ -327,6 +327,8 @@ concurrent = true # Minimum value: 1 #max_translation_counter = 1 +# (string value) +opt_schema_file = /opt/has/conductor/etc/conductor/opt_schema.json [data] @@ -361,7 +363,7 @@ concurrent = true # # Extensions list to use (list value) -#extensions = aai +extensions = aai,generator [messaging_server] diff --git a/kubernetes/oof/components/oof-has/resources/config/log.conf b/kubernetes/oof/components/oof-has/resources/config/log.conf index c476d0b6c8..374d02abcd 100755 --- a/kubernetes/oof/components/oof-has/resources/config/log.conf +++ b/kubernetes/oof/components/oof-has/resources/config/log.conf @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T,VMware +# Modifications Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,7 +26,7 @@ handlers=trfhand,consoleHandler,audithand,metrichand,errhand,debughand [handler_consoleHandler] class=StreamHandler -level=NOTSET +level=INFO formatter=generic args=(sys.stdout,) diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml index 66780735db..c7799cdc02 100755 --- a/kubernetes/oof/components/oof-has/values.yaml +++ b/kubernetes/oof/components/oof-has/values.yaml @@ -23,7 +23,7 @@ global: repository: nexus3.onap.org:10001 commonConfigPrefix: onap-oof-has image: - optf_has: onap/optf-has:2.0.4 + optf_has: onap/optf-has:2.1.1 filebeat: docker.elastic.co/beats/filebeat:5.5.0 persistence: enabled: true diff --git a/kubernetes/oof/resources/config/common_config.yaml b/kubernetes/oof/resources/config/common_config.yaml index a91c1d1d23..7e8fe5dc72 100644 --- a/kubernetes/oof/resources/config/common_config.yaml +++ b/kubernetes/oof/resources/config/common_config.yaml @@ -40,12 +40,11 @@ osdf_temp: # special configuration required for "workarounds" or testing - vnfPolicy_vPGN_TD.json - affinity_vFW_TD.json - QueryPolicy_vFW_TD.json - - slice_selection_policy_dir_urllc_1: "./test/policy-local-files/" - slice_selection_policy_files_urllc_1: - - vnfPolicy_URLLC_Core_1.json - - thresholdPolicy_URLLC_Core_1.json - - subscriber_policy_URLLC_1.json + slice_selection_policy_dir_embb-nst: "./test/policy-local-files/slice-selection-files/" + slice_selection_policy_files_embb-nst: + - query_policy_nsi.json + - threshold_policy_nsi.json + - vnf_policy_nsi_shared_case.json service_info: vCPE: @@ -65,6 +64,12 @@ references: subscriber_role: source: onap.policies.optimization.SubscriberPolicy value: properties.properties.subscriberRole + resource_sharing_level: + source: request + value: serviceProfile.resourceSharingLevel + reuse_preference: + source: request + value: preferReuse policy_info: prioritization_attributes: @@ -81,10 +86,19 @@ policy_info: policy_scope: - scope: - - OSDF_FRANKFURT + - get_param: resource_sharing_level + - get_param: reuse_preference services: - get_param: service_name + subnet_selection: + policy_fetch: by_scope + policy_scope: + - scope: + - OSDF_GUILIN + services: + - get_param: service_name + placement: policy_fetch: by_scope policy_scope: @@ -103,3 +117,13 @@ policy_info: default: # if no explicit service related information is needed policy_fetch: by_name policy_scope: none + +PCI: + ML: + average_ho_threshold: 10000 + latest_ho_threshold: 500 + DES: + service_id: ho_metric + filter: + interval: 10 + ml_enabled: false diff --git a/kubernetes/oof/resources/config/log.yml b/kubernetes/oof/resources/config/log.yml new file mode 100644 index 0000000000..3966ea28c0 --- /dev/null +++ b/kubernetes/oof/resources/config/log.yml @@ -0,0 +1,101 @@ +version: 1 +disable_existing_loggers: True + +loggers: + error: + handlers: [error_handler, console_handler] + level: "WARN" + propagate: True + debug: + handlers: [debug_handler, console_handler] + level: "DEBUG" + propagate: True + metrics: + handlers: [metrics_handler, console_handler] + level: "INFO" + propagate: True + audit: + handlers: [audit_handler, console_handler] + level: "INFO" + propagate: True +handlers: + debug_handler: + level: "DEBUG" + class: "logging.handlers.TimedRotatingFileHandler" + filename: "logs/debug.log" + formatter: "debugFormat" + when: midnight + interval: 1 + utc: True + delay: False + backupCount: 10 + error_handler: + level: "WARN" + class: "logging.handlers.TimedRotatingFileHandler" + filename: "logs/error.log" + formatter: "errorFormat" + when: midnight + interval: 1 + utc: True + delay: False + backupCount: 10 + metrics_handler: + level: "INFO" + class: "logging.handlers.TimedRotatingFileHandler" + filename: "logs/metrics.log" + formatter: "metricsFormat" + when: midnight + interval: 1 + utc: True + delay: False + backupCount: 10 + audit_handler: + level: "INFO" + class: "logging.handlers.TimedRotatingFileHandler" + filename: "logs/audit.log" + formatter: "auditFormat" + when: midnight + interval: 1 + utc: True + delay: False + backupCount: 10 + console_handler: + level: "DEBUG" + class: "logging.StreamHandler" + formatter: "metricsFormat" + +formatters: + standard: + format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" + debugFormat: + format: "%(mdc)s" + datefmt: "%Y-%m-%dT%H:%M:%S" + mdcfmt: "%(asctime)s.%(msecs)03d+00:00|{requestID}|%(threadName)s|{server}|%(levelname)s|%(message)s" + (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter + errorFormat: + format: "%(mdc)s" + datefmt: "%Y-%m-%dT%H:%M:%S" + mdcfmt: "%(asctime)s.%(msecs)03d+00:00|{requestID}|%(threadName)s|{serviceName}|{partnerName}\ + |{targetEntity}|{targetServiceName}|%(levelname)s|{errorCode}|{errorDescription}|%(message)s" + (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter + auditFormat: + format: "%(mdc)s" + datefmt: "%Y-%m-%dT%H:%M:%S" + mdcfmt: "{entryTimestamp}+00:00|%(asctime)s.%(msecs)03d+00:00|{requestID}|{serviceInstanceID}\ + |%(threadName)s|{server}|{serviceName}|{partnerName}|{statusCode}|{responseCode}|{responseDescription}\ + |{instanceUUID}|%(levelname)s|{severity}|{serverIPAddress}|{timer}|{server}|{IPAddress}||{unused}\ + |{processKey}|{customField1}|{customField2}|{customField3}|{customField4}|%(message)s" + (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter + metricsFormat: + format: "%(mdc)s" + datefmt: "%Y-%m-%dT%H:%M:%S" + mdcfmt: "{entryTimestamp}+00:00|%(asctime)s.%(msecs)03d+00:00|{requestID}|{serviceInstanceID}\ + |%(threadName)s|{server}|{serviceName}|{partnerName}|{targetEntity}|{targetServiceName}|{statusCode}|{responseCode}|{responseDescription}\ + |{instanceUUID}|%(levelname)s|{severity}|{serverIPAddress}|{timer}|{server}|{IPAddress}||{unused}\ + |{processKey}|{TargetVirtualEntity}|{customField1}|{customField2}|{customField3}|{customField4}|%(message)s" + (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter + mdcFormat: + format: "%(asctime)s.%(msecs)03d+00:00|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s" + mdcfmt: "{requestID} {invocationID} {serviceName} {serverIPAddress}" + (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter + diff --git a/kubernetes/oof/resources/config/osdf_config.yaml b/kubernetes/oof/resources/config/osdf_config.yaml index b544c42e7a..5c9aa2bb64 100755 --- a/kubernetes/oof/resources/config/osdf_config.yaml +++ b/kubernetes/oof/resources/config/osdf_config.yaml @@ -48,5 +48,20 @@ configDbUrl: {{ .Values.config.configDbUrl }} configDbGetCellListUrl: {{ .Values.config.configDbGetCellListUrl }} configDbGetNbrListUrl: {{ .Values.config.configDbGetNbrListUrl }} +# AAI api +aaiUrl: {{ .Values.config.aaiUrl }} +aaiGetLinksUrl: {{ .Values.config.aaiGetLinksUrl }} +aaiServiceInstanceUrl : {{ .Values.config.aaiServiceInstanceUrl }} +aaiGetControllersUrl: {{ .Values.config.aaiGetControllersUrl }} +controllerQueryUrl: {{ .Values.config.controllerQueryUrl }} +aaiGetInterDomainLinksUrl: {{ .Values.config.aaiGetInterDomainLinksUrl }} + +#DES api +desUrl: {{ .Values.config.desUrl }} +desApiPath: {{ .Values.config.desApiPath }} +desHeaders: + Accept: application/json + Content-Type: application/json + #key appkey: '' diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml index 70eadd9d6c..76d1a62604 100644 --- a/kubernetes/oof/templates/deployment.yaml +++ b/kubernetes/oof/templates/deployment.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T,VMware +# Modifications Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -103,6 +104,9 @@ spec: - mountPath: /opt/osdf/config/common_config.yaml name: {{ include "common.fullname" . }}-config subPath: common_config.yaml + - mountPath: /opt/osdf/config/log.yml + name: {{ include "common.fullname" . }}-config + subPath: log.yml resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -129,5 +133,7 @@ spec: path: aaf_root_ca.cer - key: common_config.yaml path: common_config.yaml + - key: log.yml + path: log.yml imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml index 97b5767a1f..0dc035494b 100644 --- a/kubernetes/oof/values.yaml +++ b/kubernetes/oof/values.yaml @@ -26,7 +26,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/optf-osdf:2.0.4 +image: onap/optf-osdf:3.0.0 pullPolicy: Always # flag to enable debugging - application support required @@ -78,6 +78,17 @@ config: configDbUrl: http://config.db.url:8080 configDbGetCellListUrl: 'SDNCConfigDBAPI/getCellList' configDbGetNbrListUrl: 'SDNCConfigDBAPI/getNbrList' + #aai api + aaiUrl: https://aai:8443 + aaiGetLinksUrl: /aai/v16/network/logical-links + aaiServiceInstanceUrl : /aai/v20/nodes/service-instances/service-instance/ + aaiGetControllersUrl: /aai/v19/external-system/esr-thirdparty-sdnc-list + controllerQueryUrl: /aai/v19/query?format=resource + aaiGetInterDomainLinksUrl: /aai/v19/network/logical-links?link-type=inter-domain&operational-status=up + #des api + desUrl: https://des.url:9000 + desApiPath: /datalake/v1/exposure/ + # default number of instances replicaCount: 1 nodeSelector: {} diff --git a/kubernetes/platform/Makefile b/kubernetes/platform/Makefile index 7a55c2ed59..d3fa8b70d1 100644 --- a/kubernetes/platform/Makefile +++ b/kubernetes/platform/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/platform/components/Makefile b/kubernetes/platform/components/Makefile index 27e17db9ff..cf69fa68be 100644 --- a/kubernetes/platform/components/Makefile +++ b/kubernetes/platform/components/Makefile @@ -20,6 +20,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -40,7 +41,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile new file mode 100644 index 0000000000..c4723dfdd1 --- /dev/null +++ b/kubernetes/platform/components/oom-cert-service/Makefile @@ -0,0 +1,148 @@ +CERTS_DIR = resources +CURRENT_DIR := ${CURDIR} +DOCKER_CONTAINER = generate-certs +DOCKER_EXEC = docker exec ${DOCKER_CONTAINER} + +all: start_docker \ + clear_all \ + root_generate_keys \ + root_create_certificate \ + root_self_sign_certificate \ + client_generate_keys \ + client_generate_csr \ + client_sign_certificate_by_root \ + client_import_root_certificate \ + client_convert_certificate_to_jks \ + server_generate_keys \ + server_generate_csr \ + server_sign_certificate_by_root \ + server_import_root_certificate \ + server_convert_certificate_to_jks \ + server_convert_certificate_to_p12 \ + clear_unused_files \ + stop_docker + +.PHONY: all + +# Starts docker container for generating certificates - deletes first, if already running +start_docker: + @make stop_docker + docker run -d --rm --name ${DOCKER_CONTAINER} --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs docker.io/openjdk:11-jre-slim tail -f /dev/null + +# Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted +stop_docker: + docker rm ${DOCKER_CONTAINER} -f 1>/dev/null || true + +#Clear all files related to certificates +clear_all: + @make clear_existing_certificates + @make clear_unused_files + +#Clear certificates +clear_existing_certificates: + @echo "Clear certificates" + ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 + @echo "#####done#####" + +#Generate root private and public keys +root_generate_keys: + @echo "Generate root private and public keys" + ${DOCKER_EXEC} keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \ + -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \ + -storepass secret -ext BasicConstraints:critical="ca:true" + @echo "#####done#####" + +#Export public key as certificate +root_create_certificate: + @echo "(Export public key as certificate)" + ${DOCKER_EXEC} keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc + @echo "#####done#####" + +#Self-signed root (import root certificate into truststore) +root_self_sign_certificate: + @echo "(Self-signed root (import root certificate into truststore))" + ${DOCKER_EXEC} keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt + @echo "#####done#####" + +#Generate certService's client private and public keys +client_generate_keys: + @echo "Generate certService's client private and public keys" + ${DOCKER_EXEC} keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 365 \ + -keystore certServiceClient-keystore.jks -storetype JKS \ + -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \ + -keypass secret -storepass secret + @echo "####done####" + +#Generate certificate signing request for certService's client +client_generate_csr: + @echo "Generate certificate signing request for certService's client" + ${DOCKER_EXEC} keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr + @echo "####done####" + +#Sign certService's client certificate by root CA +client_sign_certificate_by_root: + @echo "Sign certService's client certificate by root CA" + ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \ + -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" + @echo "####done####" + +#Import root certificate into client +client_import_root_certificate: + @echo "Import root certificate into intermediate" + ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceClientByRoot.crt" + @echo "####done####" + +#Import signed certificate into certService's client +client_convert_certificate_to_jks: + @echo "Import signed certificate into certService's client" + ${DOCKER_EXEC} keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt + @echo "####done####" + +#Generate certService private and public keys +server_generate_keys: + @echo "Generate certService private and public keys" + ${DOCKER_EXEC} keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 365 \ + -keystore certServiceServer-keystore.jks -storetype JKS \ + -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \ + -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false" + @echo "####done####" + +#Generate certificate signing request for certService +server_generate_csr: + @echo "Generate certificate signing request for certService" + ${DOCKER_EXEC} keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr + @echo "####done####" + +#Sign certService certificate by root CA +server_sign_certificate_by_root: + @echo "Sign certService certificate by root CA" + ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \ + -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \ + -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost" + @echo "####done####" + +#Import root certificate into server +server_import_root_certificate: + @echo "Import root certificate into intermediate(server)" + ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceServerByRoot.crt" + @echo "####done####" + +#Import signed certificate into certService +server_convert_certificate_to_jks: + @echo "Import signed certificate into certService" + ${DOCKER_EXEC} keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \ + -storepass secret -noprompt + @echo "####done####" + +#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12) +server_convert_certificate_to_p12: + @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)" + ${DOCKER_EXEC} keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \ + -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret + @echo "#####done#####" + +#Clear unused certificates +clear_unused_files: + @echo "Clear unused certificates" + ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr + @echo "#####done#####" diff --git a/kubernetes/platform/components/oom-cert-service/resources/certServiceClient-keystore.jks b/kubernetes/platform/components/oom-cert-service/resources/certServiceClient-keystore.jks Binary files differdeleted file mode 100644 index c089764466..0000000000 --- a/kubernetes/platform/components/oom-cert-service/resources/certServiceClient-keystore.jks +++ /dev/null diff --git a/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.jks b/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.jks Binary files differdeleted file mode 100644 index e3882b1357..0000000000 --- a/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.jks +++ /dev/null diff --git a/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.p12 b/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.p12 Binary files differdeleted file mode 100644 index ce9261146c..0000000000 --- a/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.p12 +++ /dev/null diff --git a/kubernetes/platform/components/oom-cert-service/resources/root.crt b/kubernetes/platform/components/oom-cert-service/resources/root.crt deleted file mode 100644 index 242e437f75..0000000000 --- a/kubernetes/platform/components/oom-cert-service/resources/root.crt +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFnjCCA4agAwIBAgIEHn8h9TANBgkqhkiG9w0BAQwFADB3MQswCQYDVQQGEwJV -UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZyYW5jaXNjbzEZ -MBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05BUDERMA8GA1UE -AxMIb25hcC5vcmcwHhcNMjAwODI3MDg1MjQ3WhcNMzAwODI1MDg1MjQ3WjB3MQsw -CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZy -YW5jaXNjbzEZMBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05B -UDERMA8GA1UEAxMIb25hcC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK -AoICAQCOQ8TArFljhDu9EXKqAppV/eslelFAGG1NhDnh3PI6jK7qKKSTIcUpKPiG -u9CagyNq4Y1dNt1LsP/KSDDkm6CGYW2z4E0Nm0ckcGc4izdoFDFhoXkrMoKvQxct -az3YD1AiEH7kIYqDp7S3LMP8FbAXlcV62J2AEPqWtbFGszi6Pj65InNnFTGT4Oon -E46egKcSWAhNR6vN29MO9/0wZHxwXWlcS2CKt6+2QKpfimHf48EJ0idntsKpj302 -i93jWGVNtORZbDddmVZG6XaVQkfRrJiivPQHvIXU5bWCsV7OQsrzbbsSscnqDuAr -5DjR1Jbm2394e3DkXZTnqLGKReaaz0roA7ybLSesU1Fu0ZjD5Zq6ZezpXEQvcxcd -wmq1A8ugeuRKhizeBO9YddjYTHWflHLBpiEyIwDCUsXfdNdS0nHQNKMDNbkC9512 -SLbG1N6iLGt85BriMLzJrlMP48feuheu3G/Mrit01yBzIgbqP30DcAIox5bgnJOY -knxPctNaGsBup76msBzk+aBeDU5N/zirEJYxTmC3okeISzcLFlqYUUSsEzlqh8SS -pNDK6ZbnX1khJJdUbCJGmgFS6N4RPXdxX12OCJDyjjCXcn7RXcZsYb3A+eF09+EM -l0Vp3P+Aj6+eSN+t1Ez0sjGfSv/I8q1zV/trYZBq/LZIznfBFwIDAQABozIwMDAd -BgNVHQ4EFgQUC0e3vObokYFDHM21OlRF4UO6L7EwDwYDVR0TAQH/BAUwAwEB/zAN -BgkqhkiG9w0BAQwFAAOCAgEAWLrsWPcRJb81ozx1O8lytX4aUagjYyWIDOst1mqI -VH+U5bHo7oReKdfFcy4Zen2bKh9DITGD7jweqTxAVx3scLq/3PE2HSG+6fNJ6wt7 -amrMZA6IdWqDWnaFMZQug3JTMH7s6v3rD7FU7awVc6lY+7TjR3qunU2m8F5GvATF -ag+VmMSLiaBBbbmQqd1JkvCzPXlwwN3rg2u81zMys1AIbgeOlE5ZmWppOQpi7UrZ -C8PTsRKzapgENlgxtsqVjsAMJI6OGk20bNcQKDn5fU6QwYLfnLPlkuRmFD8FeluI -jz+ROjzxdC7E/BA80uZctvEEvn2VnD01IlEm6HoC+71erT+zmvM4AGd7EJa6mklb -X+tGSkfzbIAR2gcn9sdNdhYA2hXXpQaeEp19bB8MAoSp5raCtbqZDQVHofJFY7gG -FW+yKLlqBTCTm1XOPriUwbP6gkpLlkeTxeIAx8QbucoFx11J7jAeXY7oTXfSQw3h -OR0/CHlG0BjVep6RNGA0k9cDNRyIdkxvA31rtgYCSbtepR5IhZyFhiN25Djxu/g9 -krspoxAS9ModBSiswjl4Q26eoYT4pnFXMfYbh5E4qNZNv0/S3YQ0HSTupls6M77J -KHMx17m8EWtdsv2KyUkFqu1Q1nGky7SjpFUsVlp65Q+au3ftKxUDIRWK6jgpRH1e -YIk= ------END CERTIFICATE----- diff --git a/kubernetes/platform/components/oom-cert-service/resources/truststore.jks b/kubernetes/platform/components/oom-cert-service/resources/truststore.jks Binary files differdeleted file mode 100644 index 3d857e34af..0000000000 --- a/kubernetes/platform/components/oom-cert-service/resources/truststore.jks +++ /dev/null diff --git a/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml index 666e83c5f8..a6ce2825ec 100644 --- a/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml +++ b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020, Nokia +{{/*# Copyright © 2020, Nokia # Modifications Copyright © 2020, Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,7 +11,7 @@ # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and -# limitations under the License. +# limitations under the License.*/}} {{- if .Values.global.cmpv2Enabled }} apiVersion: apps/v1 diff --git a/kubernetes/platform/components/oom-cert-service/templates/secret.yaml b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml index 33056c79fd..280922a014 100644 --- a/kubernetes/platform/components/oom-cert-service/templates/secret.yaml +++ b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020, Nokia +{{/*# Copyright © 2020, Nokia # Modifications Copyright © 2020, Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,7 +11,7 @@ # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and -# limitations under the License. +# limitations under the License.*/}} {{- if .Values.global.cmpv2Enabled }} {{ include "common.secretFast" . }} diff --git a/kubernetes/platform/components/oom-cert-service/templates/service.yaml b/kubernetes/platform/components/oom-cert-service/templates/service.yaml index 60e2afa41d..5ae6b36dad 100644 --- a/kubernetes/platform/components/oom-cert-service/templates/service.yaml +++ b/kubernetes/platform/components/oom-cert-service/templates/service.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020, Nokia +{{/*# Copyright © 2020, Nokia # Modifications Copyright © 2020, Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,7 +11,7 @@ # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and -# limitations under the License. +# limitations under the License.*/}} {{- if .Values.global.cmpv2Enabled }} {{ include "common.service" . }} {{ end -}}
\ No newline at end of file diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml index 4a3a289484..3ab9895037 100644 --- a/kubernetes/platform/components/oom-cert-service/values.yaml +++ b/kubernetes/platform/components/oom-cert-service/values.yaml @@ -47,7 +47,7 @@ service: # Deployment configuration repository: nexus3.onap.org:10001 -image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.0.0 +image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0 pullPolicy: Always replicaCount: 1 @@ -117,6 +117,7 @@ credentials: #truststorePasswordExternalSecret: # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled cmp: + # Used only if cmpv2 testing is enabled clientIakExternalSecret: '{{ include "common.release" . }}-ejbca-client-iak' #clientRvExternalSecret: raIakExternalSecret: '{{ include "common.release" . }}-ejbca-ra-iak' diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json index 767d1452cc..539ef5a465 100755 --- a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json +++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json @@ -14,10 +14,6 @@ "description":"Pdp Heartbeat", "supportedPolicyTypes": [ { - "name": "onap.policies.controlloop.operational.Apex", - "version": "1.0.0" - }, - { "name": "onap.policies.native.Apex", "version": "1.0.0" }, diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml index 4deb21a79b..6b27103660 100755 --- a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml @@ -44,7 +44,7 @@ spec: - sh args: - -c - - "export TRUSTSTORE_PASSWORD_BASE64=`echo -n ${TRUSTSTORE_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: TRUSTSTORE_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 10 }} diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index e149aa596a..ee40ac8359 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -52,7 +52,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-apex-pdp:2.4.1 +image: onap/policy-apex-pdp:2.4.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-api/resources/config/config.json b/kubernetes/policy/components/policy-api/resources/config/config.json index 8db1f5a99f..cebfbc1628 100755 --- a/kubernetes/policy/components/policy-api/resources/config/config.json +++ b/kubernetes/policy/components/policy-api/resources/config/config.json @@ -31,11 +31,11 @@ "databaseDriver": "org.mariadb.jdbc.Driver", "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin", "databaseUser": "${SQL_USER}", - "databasePassword": "${SQL_PASSWORD_BASE64}", + "databasePassword": "${SQL_PASSWORD}", "persistenceUnit": "PolicyMariaDb" }, "preloadPolicyTypes": [ - "policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app.yaml", + "policytypes/onap.policies.monitoring.tcagen2.yaml", "policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml", "policytypes/onap.policies.Optimization.yaml", "policytypes/onap.policies.optimization.Resource.yaml", @@ -53,9 +53,10 @@ "policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml", "policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml", "policytypes/onap.policies.controlloop.guard.common.MinMax.yaml", + "policytypes/onap.policies.controlloop.guard.common.Filter.yaml", "policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml", - "policytypes/onap.policies.controlloop.Operational.yaml", "policytypes/onap.policies.Naming.yaml", + "policytypes/onap.policies.Match.yaml", "policytypes/onap.policies.native.Drools.yaml", "policytypes/onap.policies.native.Xacml.yaml", "policytypes/onap.policies.native.Apex.yaml", diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml index 5774344fd3..021b49dc6d 100755 --- a/kubernetes/policy/components/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml @@ -38,7 +38,7 @@ spec: - sh args: - -c - - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: SQL_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }} diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index a94031ac95..b108fd8d8d 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -84,7 +84,7 @@ certInitializer: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-api:2.3.1 +image: onap/policy-api:2.3.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index 9d20941773..748c5ccc61 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -70,7 +70,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-distribution:2.4.1 +image: onap/policy-distribution:2.4.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index 5e8c8be179..b723ec2e13 100755 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -39,7 +39,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pdpd-cl:1.7.1 +image: onap/policy-pdpd-cl:1.7.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-pap/resources/config/config.json b/kubernetes/policy/components/policy-pap/resources/config/config.json index 72c318042f..065e5c47ea 100755 --- a/kubernetes/policy/components/policy-pap/resources/config/config.json +++ b/kubernetes/policy/components/policy-pap/resources/config/config.json @@ -42,7 +42,7 @@ "databaseDriver": "org.mariadb.jdbc.Driver", "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin", "databaseUser": "${SQL_USER}", - "databasePassword": "${SQL_PASSWORD_BASE64}", + "databasePassword": "${SQL_PASSWORD}", "persistenceUnit": "PolicyMariaDb" }, "topicParameterGroup": { diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml index f07ed4a7ba..a756beed34 100755 --- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml @@ -44,7 +44,7 @@ spec: - sh args: - -c - - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: SQL_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 008fefd1a9..5c3efcda9c 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -98,7 +98,7 @@ certInitializer: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pap:2.3.1 +image: onap/policy-pap:2.3.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties index b53200be9a..a4b3309e80 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties @@ -50,4 +50,4 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/operationshistory javax.persistence.jdbc.user=${SQL_USER} -javax.persistence.jdbc.password=${SQL_PASSWORD_BASE64} +javax.persistence.jdbc.password=${SQL_PASSWORD} diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml index a4d060ccfe..bdf4e6cf9b 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml @@ -56,7 +56,7 @@ spec: - sh args: - -c - - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: RESTSERVER_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} @@ -119,8 +119,6 @@ spec: readOnly: true - mountPath: /opt/app/policy/pdpx/etc/mounted name: pdpxconfig-processed - emptyDir: - medium: Memory resources: {{ include "common.resources" . }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index 81196e1236..cdfa5bde56 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -89,7 +89,7 @@ certInitializer: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-xacml-pdp:2.3.1 +image: onap/policy-xacml-pdp:2.3.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/portal/Makefile b/kubernetes/portal/Makefile index 8af301d7ae..248fb056ab 100644 --- a/kubernetes/portal/Makefile +++ b/kubernetes/portal/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/portal/components/Makefile b/kubernetes/portal/components/Makefile index 2fc0cbe4ab..02371366f6 100644 --- a/kubernetes/portal/components/Makefile +++ b/kubernetes/portal/components/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties new file mode 100644 index 0000000000..368cbe75b8 --- /dev/null +++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties @@ -0,0 +1,2 @@ +# Encrypted Properties +cipher.enc.key = ${CIPHER_ENC_KEY} diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml index 99fe917de5..e707e259ca 100644 --- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml +++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml @@ -40,6 +40,8 @@ <!-- specify the component name -->
<property name="componentName" value="onapportal"></property>
+ <!-- specify the application name -->
+ <property name="application_name" value="Portal"></property>
<!-- specify the base path of the log directory -->
<property name="logDirPrefix" value="/var/log/onap"></property>
@@ -67,7 +69,7 @@ value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
<property name="errorLoggerPattern"
- value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ClassName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />
+ value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ErrorCategory}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />
<property name="defaultLoggerPattern"
value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />
@@ -274,15 +276,15 @@ <appender-ref ref="asyncEELFServer" /> </logger> <logger name="com.att.eelf.policy"
level="info" additivity="false"> <appender-ref ref="asyncEELFPolicy" /> </logger> -->
- <logger name="com.att.eelf.audit" level="info" additivity="false">
+ <logger name="EELFAudit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
- <logger name="com.att.eelf.metrics" level="info" additivity="false">
+ <logger name="EELFMetrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
- <logger name="com.att.eelf.error" level="info" additivity="false">
+ <logger name="EELFError" level="info" additivity="false">
<appender-ref ref="asyncEELFError" />
</logger>
@@ -292,6 +294,7 @@ <root level="INFO">
<appender-ref ref="asyncEELF" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties index 37544d11e3..e0724c6d06 100644 --- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties +++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties @@ -27,7 +27,7 @@ music.serialize.compress = true #By default it's eventual music.atomic.get = false -music.atomic.put = true +music.atomic.put = false cassandra.host={{.Values.cassandra.service.name}} -cassandra.user={{.Values.cassandra.config.cassandraUsername}} -cassandra.password={{.Values.cassandra.config.cassandraPassword}} +cassandra.user=${CASSA_USER} +cassandra.password=${CASSA_PASSWORD} diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties index b5b4e48b97..c8a292f60b 100755 --- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties +++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties @@ -16,8 +16,8 @@ #mysql db.driver = org.mariadb.jdbc.Driver db.connectionURL = jdbc:mariadb:failover://portal-db:3306/portal -db.userName =root -db.password =Aa123456 +db.userName =${PORTAL_DB_USER} +db.password =${PORTAL_DB_PASSWORD} db.hib.dialect = org.hibernate.dialect.MySQLDialect db.min_pool_size = 5 db.max_pool_size = 10 @@ -122,4 +122,4 @@ remote_centralized_system_access = {{.Values.global.aafEnabled}} ext_central_access_user_name = aaf_admin@people.osaaf.org ext_central_access_password = demo123456! ext_central_access_url = {{.Values.aafURL}} -ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file +ext_central_access_user_domain = @people.osaaf.org diff --git a/kubernetes/portal/components/portal-app/templates/deployment.yaml b/kubernetes/portal/components/portal-app/templates/deployment.yaml index 6964715ef1..8c434c55ff 100644 --- a/kubernetes/portal/components/portal-app/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-app/templates/deployment.yaml @@ -49,6 +49,42 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-portal-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - "-c" + - | + cd /config-input && \ + for PFILE in `ls -1 *.xml` + do + cp ${PFILE} /config + chmod 0755 /config/${PFILE} + done + cd /config-input && \ + for PFILE in `ls -1 *.properties` + do + envsubst <${PFILE} >/config/${PFILE} + chmod 0755 /config/${PFILE} + done + env: + - name: CASSA_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }} + - name: CASSA_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }} + - name: CIPHER_ENC_KEY + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }} + - name: PORTAL_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }} + - name: PORTAL_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }} + volumeMounts: + - mountPath: /config-input + name: properties-onapportal-scrubbed + - mountPath: /config + name: properties-onapportal {{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} @@ -103,6 +139,9 @@ spec: mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/portal.properties" subPath: portal.properties - name: properties-onapportal + mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties" + subPath: key.properties + - name: properties-onapportal mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/music.properties" subPath: music.properties - name: properties-onapportal @@ -114,6 +153,8 @@ spec: - name: properties-onapportal mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml" subPath: web.xml + - name: properties-onapportal + mountPath: "{{ .Values.global.env.tomcatDir }}/temp" - name: var-log-onap mountPath: /var/log/onap resources: @@ -122,7 +163,7 @@ spec: nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} {{- end -}} - {{- if .Values.affinity }} +{{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} @@ -143,6 +184,9 @@ spec: hostPath: path: /etc/localtime - name: properties-onapportal + emptyDir: + medium: Memory + - name: properties-onapportal-scrubbed configMap: name: {{ include "common.fullname" . }}-onapportal defaultMode: 0755 diff --git a/kubernetes/portal/components/portal-app/values.yaml b/kubernetes/portal/components/portal-app/values.yaml index 73306ba773..3f55f4a08e 100644 --- a/kubernetes/portal/components/portal-app/values.yaml +++ b/kubernetes/portal/components/portal-app/values.yaml @@ -23,18 +23,47 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + envsubstImage: dibi/envsubst #AAF service aafEnabled: true +################################################################ +# Secrets metaconfig +################################################################# + +secrets: + - uid: portal-cass + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}' + login: '{{ .Values.cassandra.config.cassandraUsername }}' + password: '{{ .Values.cassandra.config.cassandraPassword }}' + passwordPolicy: required + - uid: cipher-enc-key + type: password + externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}' + password: '{{ .Values.config.cipherEncKey }}' + passwordPolicy: required + - uid: portal-backend-db + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}' + login: '{{ .Values.mariadb.config.backendUserName }}' + password: '{{ .Values.mariadb.config.backendPassword }}' + passwordPolicy: required + ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/portal-app:3.2.3 +image: onap/portal-app:3.4.1 pullPolicy: Always +# application configuration +config: + # cipherEncKeyExternalSecret: some secret + cipherEncKey: AGLDdG4D04BKm2IxIWEr8o==! + #AAF local config aafURL: https://aaf-service:8100/authz/ @@ -97,6 +126,10 @@ service: mariadb: service: name: portal-db + config: + # backendDbExternalSecret: some secret + backendUserName: portal + backendPassword: portal widget: service: name: portal-widget @@ -104,6 +137,7 @@ cassandra: service: name: portal-cassandra config: + # cassandraExternalSecret: some secret cassandraUsername: root cassandraPassword: Aa123456 messageRouter: diff --git a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml index 5b4bf0c0e7..16b8971339 100644 --- a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml @@ -64,9 +64,9 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: CASSUSER - value: "{{ .Values.config.cassandraUsername }}" + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12}} - name: CASSPASS - value: "{{ .Values.config.cassandraPassword }}" + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12}} - name: JVM_OPTS value: "{{ .Values.config.cassandraJvmOpts }}" - name: POD_IP diff --git a/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml b/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/portal/components/portal-cassandra/values.yaml b/kubernetes/portal/components/portal-cassandra/values.yaml index 65fcdbe84a..eb6fc12274 100644 --- a/kubernetes/portal/components/portal-cassandra/values.yaml +++ b/kubernetes/portal/components/portal-cassandra/values.yaml @@ -26,10 +26,21 @@ repository: nexus3.onap.org:10001 image: onap/music/cassandra_music:3.0.0 pullPolicy: Always +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: 'db-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.cassandraExternalSecret) . }}' + login: '{{ .Values.config.cassandraUsername }}' + password: '{{ .Values.config.cassandraPassword }}' + # application configuration config: cassandraUsername: root cassandraPassword: Aa123456 +# cassandraCredsExternalSecret: some secret cassandraJvmOpts: -Xmx2536m -Xms2536m # default number of instances diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh index 28fcee1551..390241fa1d 100644 --- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh +++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh @@ -2,21 +2,21 @@ set -eo pipefail shopt -s nullglob -# if command starts with an option, prepend mysqld -if [ "${1:0:1}" = '-' ]; then - set -- mysqld "$@" -fi - -# skip setup if they want an option that stops mysqld -wantHelp= -for arg; do - case "$arg" in - -'?'|--help|--print-defaults|-V|--version) - wantHelp=1 - break - ;; - esac -done +# logging functions +mysql_log() { + local type="$1"; shift + printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*" +} +mysql_note() { + mysql_log Note "$@" +} +mysql_warn() { + mysql_log Warn "$@" >&2 +} +mysql_error() { + mysql_log ERROR "$@" >&2 + exit 1 +} # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' @@ -27,8 +27,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 + mysql_error "Both $var and $fileVar are set (but are exclusive)" fi local val="$def" if [ "${!var:-}" ]; then @@ -40,157 +39,328 @@ file_env() { unset "$fileVar" } -_check_config() { - toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions +docker_process_init_files() { + # mysql here for backwards compatibility "${mysql[@]}" + mysql=( docker_process_sql ) + + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + mysql_note "$0: running $f" + "$f" + else + mysql_note "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;; + *.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *) mysql_warn "$0: ignoring $f" ;; + esac + echo + done +} + +mysql_check_config() { + local toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) errors if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then - cat >&2 <<-EOM - ERROR: mysqld failed while attempting to check config - command was: "${toRun[*]}" - $errors - EOM - exit 1 + mysql_error $'mysqld failed while attempting to check config\n\tcommand was: '"${toRun[*]}"$'\n\t'"$errors" fi } # Fetch value from server config # We use mysqld --verbose --help instead of my_print_defaults because the # latter only show values present in config files, and not server defaults -_get_config() { +mysql_get_config() { local conf="$1"; shift "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \ - | awk '$1 == "'"$conf"'" && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }' + | awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }' # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)" } -# allow the container to be started with `--user` -if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then - _check_config "$@" - DATADIR="$(_get_config 'datadir' "$@")" +# Do a temporary startup of the MySQL server, for init purposes +docker_temp_server_start() { + "$@" --skip-networking --socket="${SOCKET}" & + mysql_note "Waiting for server startup" + local i + for i in {30..0}; do + # only use the root password if the database has already been initializaed + # so that it won't try to fill in a password file when it hasn't been set yet + extraArgs=() + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + extraArgs+=( '--dont-use-mysql-root-password' ) + fi + if docker_process_sql "${extraArgs[@]}" --database=mysql <<<'SELECT 1' &> /dev/null; then + break + fi + sleep 1 + done + if [ "$i" = 0 ]; then + mysql_error "Unable to start server." + fi +} + +# Stop the server. When using a local socket file mysqladmin will block until +# the shutdown is complete. +docker_temp_server_stop() { + if ! mysqladmin --defaults-extra-file=<( _mysql_passfile ) shutdown -uroot --socket="${SOCKET}"; then + mysql_error "Unable to shut down server." + fi +} + +# Verify that the minimally required password settings are set for new databases. +docker_verify_minimum_env() { + if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then + mysql_error $'Database is uninitialized and password option is not specified\n\tYou need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD' + fi +} + +# creates folders for the database +# also ensures permission for user mysql of run as root +docker_create_db_directories() { + local user; user="$(id -u)" + + # TODO other directories that are used by default? like /var/lib/mysql-files + # see https://github.com/docker-library/mysql/issues/562 mkdir -p "$DATADIR" - find "$DATADIR" \! -user mysql -exec chown mysql '{}' + - exec gosu mysql "$BASH_SOURCE" "$@" -fi -if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then - # still need to check config, container may have started with --user - _check_config "$@" + if [ "$user" = "0" ]; then + # this will cause less disk access than `chown -R` + find "$DATADIR" \! -user mysql -exec chown mysql '{}' + + fi +} + +# initializes the database directory +docker_init_database_dir() { + mysql_note "Initializing database files" + installArgs=( --datadir="$DATADIR" --rpm ) + if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then + # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password + # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3 + # (this flag doesn't exist in 10.0 and below) + installArgs+=( --auth-root-authentication-method=normal ) + fi + # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here) + mysql_install_db "${installArgs[@]}" "${@:2}" + mysql_note "Database files initialized" +} + +# Loads various settings that are used elsewhere in the script +# This should be called after mysql_check_config, but before any other functions +docker_setup_env() { # Get config - DATADIR="$(_get_config 'datadir' "$@")" - - if [ ! -d "$DATADIR/mysql" ]; then - file_env 'MYSQL_ROOT_PASSWORD' - if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then - echo >&2 'error: database is uninitialized and password option is not specified ' - echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD' - exit 1 - fi + declare -g DATADIR SOCKET + DATADIR="$(mysql_get_config 'datadir' "$@")" + SOCKET="$(mysql_get_config 'socket' "$@")" - mkdir -p "$DATADIR" + # Initialize values that might be stored in a file + file_env 'MYSQL_ROOT_HOST' '%' + file_env 'MYSQL_DATABASE' + file_env 'MYSQL_USER' + file_env 'MYSQL_PASSWORD' + file_env 'MYSQL_ROOT_PASSWORD' + file_env 'PORTAL_DB_TABLES' - echo 'Initializing database' - installArgs=( --datadir="$DATADIR" --rpm ) - if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then - # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password - # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3 - # (this flag doesn't exist in 10.0 and below) - installArgs+=( --auth-root-authentication-method=normal ) - fi - # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here) - mysql_install_db "${installArgs[@]}" "${@:2}" - echo 'Database initialized' - - SOCKET="$(_get_config 'socket' "$@")" - "$@" --skip-networking --socket="${SOCKET}" & - pid="$!" - - mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" ) - - for i in {60..0}; do - if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then - break - fi - echo 'MySQL init process in progress...' - sleep 1 - done - if [ "$i" = 0 ]; then - echo >&2 'MySQL init process failed.' - exit 1 - fi + declare -g DATABASE_ALREADY_EXISTS + if [ -d "$DATADIR/mysql" ]; then + DATABASE_ALREADY_EXISTS='true' + fi +} - if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then - # sed is for https://bugs.mysql.com/bug.php?id=20545 - mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql - fi +# Execute sql script, passed via stdin +# usage: docker_process_sql [--dont-use-mysql-root-password] [mysql-cli-args] +# ie: docker_process_sql --database=mydb <<<'INSERT ...' +# ie: docker_process_sql --dont-use-mysql-root-password --database=mydb <my-file.sql +docker_process_sql() { + passfileArgs=() + if [ '--dont-use-mysql-root-password' = "$1" ]; then + passfileArgs+=( "$1" ) + shift + fi + # args sent in can override this db, since they will be later in the command + if [ -n "$MYSQL_DATABASE" ]; then + set -- --database="$MYSQL_DATABASE" "$@" + fi - if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then - export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)" - echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD" - fi + mysql --defaults-extra-file=<( _mysql_passfile "${passfileArgs[@]}") --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@" +} - rootCreate= - # default root to listen for connections from anywhere - file_env 'MYSQL_ROOT_HOST' '%' - if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then - # no, we don't care if read finds a terminating character in this heredoc - # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151 - read -r -d '' rootCreate <<-EOSQL || true - CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; - GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ; - EOSQL - fi +# Initializes database with timezone info and root password, plus optional extra db/user +docker_setup_db() { + # Load timezone info into database + if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then + { + # Aria in 10.4+ is slow due to "transactional" (crash safety) + # https://jira.mariadb.org/browse/MDEV-23326 + # https://github.com/docker-library/mariadb/issues/262 + local tztables=( time_zone time_zone_leap_second time_zone_name time_zone_transition time_zone_transition_type ) + for table in "${tztables[@]}"; do + echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=0 */;" + done - "${mysql[@]}" <<-EOSQL - -- What's done in this file shouldn't be replicated - -- or products like mysql-fabric won't work - SET @@SESSION.SQL_LOG_BIN=0; - DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ; - SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ; - GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ; - ${rootCreate} - DROP DATABASE IF EXISTS test ; - FLUSH PRIVILEGES ; + # sed is for https://bugs.mysql.com/bug.php?id=20545 + mysql_tzinfo_to_sql /usr/share/zoneinfo \ + | sed 's/Local time zone must be set--see zic manual page/FCTY/' + + for table in "${tztables[@]}"; do + echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=1 */;" + done + } | docker_process_sql --dont-use-mysql-root-password --database=mysql + # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is not set yet + fi + # Generate random root password + if [ -n "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then + export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)" + mysql_note "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD" + fi + # Sets root password and creates root users for non-localhost hosts + local rootCreate= + # default root to listen for connections from anywhere + if [ -n "$MYSQL_ROOT_HOST" ] && [ "$MYSQL_ROOT_HOST" != 'localhost' ]; then + # no, we don't care if read finds a terminating character in this heredoc + # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151 + read -r -d '' rootCreate <<-EOSQL || true + CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; + GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ; EOSQL + fi - if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then - mysql+=( -p"${MYSQL_ROOT_PASSWORD}" ) - fi + # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is just now being set + docker_process_sql --dont-use-mysql-root-password --database=mysql <<-EOSQL + -- What's done in this file shouldn't be replicated + -- or products like mysql-fabric won't work + SET @@SESSION.SQL_LOG_BIN=0; - file_env 'MYSQL_DATABASE' - if [ "$MYSQL_DATABASE" ]; then - echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}" - mysql+=( "$MYSQL_DATABASE" ) - fi + DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mariadb.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ; + SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ; + -- 10.1: https://github.com/MariaDB/server/blob/d925aec1c10cebf6c34825a7de50afe4e630aff4/scripts/mysql_secure_installation.sh#L347-L365 + -- 10.5: https://github.com/MariaDB/server/blob/00c3a28820c67c37ebbca72691f4897b57f2eed5/scripts/mysql_secure_installation.sh#L351-L369 + DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' ; - file_env 'MYSQL_USER' - file_env 'MYSQL_PASSWORD' - if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then - echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}" + GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ; + FLUSH PRIVILEGES ; + ${rootCreate} + DROP DATABASE IF EXISTS test ; + EOSQL - if [ "$MYSQL_DATABASE" ]; then - echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" - fi + # Creates a custom database and user if specified + if [ -n "$MYSQL_DATABASE" ]; then + mysql_note "Creating database ${MYSQL_DATABASE}" + docker_process_sql --database=mysql <<<"CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" + fi + + if [ -n "$MYSQL_USER" ] && [ -n "$MYSQL_PASSWORD" ]; then + mysql_note "Creating user ${MYSQL_USER}" + docker_process_sql --database=mysql <<<"CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" + + if [ -n "$MYSQL_DATABASE" ]; then + mysql_note "Giving user ${MYSQL_USER} access to schema ${MYSQL_DATABASE}" + docker_process_sql --database=mysql <<<"GRANT ALL ON \`${MYSQL_DATABASE//_/\\_}\`.* TO '$MYSQL_USER'@'%' ;" fi - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; - *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done + docker_process_sql --database=mysql <<<"FLUSH PRIVILEGES ;" + fi +} - if ! kill -s TERM "$pid" || ! wait "$pid"; then - echo >&2 'MySQL init process failed.' - exit 1 +_mysql_passfile() { + # echo the password to the "file" the client uses + # the client command will use process substitution to create a file on the fly + # ie: --defaults-extra-file=<( _mysql_passfile ) + if [ '--dont-use-mysql-root-password' != "$1" ] && [ -n "$MYSQL_ROOT_PASSWORD" ]; then + cat <<-EOF + [client] + password="${MYSQL_ROOT_PASSWORD}" + EOF + fi +} + +# check arguments for an option that would cause mysqld to stop +# return true if there is one +_mysql_want_help() { + local arg + for arg; do + case "$arg" in + -'?'|--help|--print-defaults|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if command starts with an option, prepend mysqld + if [ "${1:0:1}" = '-' ]; then + set -- mysqld "$@" + fi + + # skip setup if they aren't running mysqld or want an option that stops mysqld + if [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then + mysql_note "Entrypoint script for MySQL Server ${MARIADB_VERSION} started." + + mysql_check_config "$@" + # Load various environment variables + docker_setup_env "$@" + docker_create_db_directories + + # If container is started as root user, restart as dedicated mysql user + if [ "$(id -u)" = "0" ]; then + mysql_note "Switching to dedicated user 'mysql'" + exec gosu mysql "$BASH_SOURCE" "$@" fi - echo - echo 'MySQL init process done. Ready for start up.' - echo + # there's no database, so it needs to be initialized + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir "$@" + + mysql_note "Starting temporary server" + docker_temp_server_start "$@" + mysql_note "Temporary server started." + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + for i in $(echo $PORTAL_DB_TABLES | sed "s/,/ /g") + do + echo "Granting portal user ALL PRIVILEGES for table $i" + echo "GRANT ALL ON \`$i\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" + done + + mysql_note "Stopping temporary server" + docker_temp_server_stop + mysql_note "Temporary server stopped" + + echo + mysql_note "MySQL init process done. Ready for start up." + echo + fi fi -fi + exec "$@" +} -exec "$@"
\ No newline at end of file +# If we are sourced from elsewhere, don't perform any further actions +if ! _is_sourced; then + _main "$@" +fi diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql index 7502e9322a..1e2806759f 100644 --- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql +++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql @@ -23,7 +23,7 @@ while the OOM K8s version has these service split up. */ -- app_url is the FE, app_rest_endpoint is the BE --portal-sdk => TODO: doesn't open a node port yet -update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App'; +update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8443/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App'; --dmaap-bc => the dmaap-bc doesn't open a node port.. update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl'; --sdc-be => 8443:30204 @@ -74,6 +74,9 @@ update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS -- aai sparky update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7MLhzo03aoOx7dTvdjKQ=', ueb_key='ueb_key_7' where app_id = 7; +-- Disabled Policy APP +UPDATE fn_app fa SET fa.enabled = 'N' WHERE app_name = 'Policy'; + /* Replace spaces with underscores for role names to match AAF role names diff --git a/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml b/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml index ec6cc50634..196a2d1ad4 100644 --- a/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml @@ -69,6 +69,18 @@ spec: secretKeyRef: name: {{ template "common.fullname" . }} key: db-root-password + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: backend-db-user + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: backend-db-password + - name: PORTAL_DB_TABLES + value: {{ .Values.config.backend_portal_tables }} volumeMounts: - mountPath: /var/lib/mysql name: mariadb-data diff --git a/kubernetes/portal/components/portal-mariadb/templates/job.yaml b/kubernetes/portal/components/portal-mariadb/templates/job.yaml index e8a6e0fb12..b05b9208cc 100644 --- a/kubernetes/portal/components/portal-mariadb/templates/job.yaml +++ b/kubernetes/portal/components/portal-mariadb/templates/job.yaml @@ -72,7 +72,9 @@ spec: value: "{{ .Values.service.internalPort }}" - name: DB_PASS valueFrom: - secretKeyRef: {name: {{ include "common.fullname" . }}, key: db-root-password} + secretKeyRef: + name: {{ include "common.fullname" . }} + key: db-root-password command: - /bin/sh - -x diff --git a/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml b/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml index ad1db77298..4415c5ebd0 100644 --- a/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml +++ b/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml @@ -26,3 +26,6 @@ metadata: type: Opaque data: db-root-password: {{ .Values.config.mariadbRootPassword | b64enc | quote }} +stringData: + backend-db-user: {{ .Values.config.backendDbUser }} + backend-db-password: {{ .Values.config.backendDbPassword }} diff --git a/kubernetes/portal/components/portal-mariadb/values.yaml b/kubernetes/portal/components/portal-mariadb/values.yaml index 3435feb43e..5061593739 100644 --- a/kubernetes/portal/components/portal-mariadb/values.yaml +++ b/kubernetes/portal/components/portal-mariadb/values.yaml @@ -25,7 +25,7 @@ global: # global defaults # application image repository: nexus3.onap.org:10001 -image: onap/portal-db:3.2.3 +image: onap/portal-db:3.4.1 pullPolicy: Always @@ -35,6 +35,11 @@ mariadbInitImage: "oomk8s/mariadb-client-init:3.0.0" config: mariadbUser: root mariadbRootPassword: Aa123456 + backendDbUser: portal + backendDbPassword: portal + #backend_portal_tables is a comma delimited string listing back-end tables + #that backendDbUser needs access to, such as to portal and ecomp_sdk tables + backend_portal_tables: portal,ecomp_sdk #The directory where sql files are found in the projects gerrit repo. sqlSourceDirectory: portal/deliveries # sdc frontend assignment for port 9443 diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties new file mode 100644 index 0000000000..0025a58e46 --- /dev/null +++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties @@ -0,0 +1,40 @@ +### +# ============LICENSE_START========================================== +# ONAP Portal SDK +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# +### + +# Properties read by the ECOMP Framework library (epsdk-fw) +cipher.enc.key = ${CIPHER_ENC_KEY} diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml index 85e1eed648..2c2cd00f1c 100644 --- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml +++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml @@ -41,6 +41,8 @@ <!--<jmxConfigurator /> -->
<!-- specify the component name -->
<property name="componentName" value="onapsdk"></property>
+ <!-- specify the application name -->
+ <property name="application_name" value="PortalSDK"></property>
<!-- specify the base path of the log directory -->
<property name="logDirPrefix" value="/var/log/onap"></property>
<!-- The directories where logs are written -->
@@ -60,7 +62,7 @@ <!-- 1610 Logging Fields Format Revisions -->
<property name="auditLoggerPattern" value="%X{AuditLogBeginTimestamp}|%X{AuditLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
<property name="metricsLoggerPattern" value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
- <property name="errorLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ClassName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />
+ <property name="errorLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ErrorCategory}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />
<property name="defaultLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />
<!-- use %class so library logging calls yield their class name -->
<property name="applicationLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%class{36}| %msg%n" />
@@ -204,19 +206,20 @@ <logger name="org.onap.eelf" level="info" additivity="false">
<appender-ref ref="asyncEELF" />
</logger>
- <logger name="org.onap.eelf.audit" level="info" additivity="false">
+ <logger name="EELFAudit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
<logger name="org.onap.eelf.debug" level="debug" additivity="false">
<appender-ref ref="asyncEELFDebug" />
</logger>
- <logger name="org.onap.eelf.error" level="info" additivity="false">
+ <logger name="EELFError" level="info" additivity="false">
<appender-ref ref="asyncEELFError" />
</logger>
- <logger name="org.onap.eelf.metrics" level="info" additivity="false">
+ <logger name="EELFMetrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
<root level="DEBUG">
<appender-ref ref="asyncEELF" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties index 83ce9ca983..a4c0acc9d0 100644 --- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties +++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties @@ -27,8 +27,8 @@ music.serialize.compress = true #By default it's eventual music.atomic.get = false -music.atomic.put = true +music.atomic.put = false cassandra.host={{.Values.cassandra.service.name}} -cassandra.user={{.Values.cassandra.config.cassandraUsername}} -cassandra.password={{.Values.cassandra.config.cassandraPassword}} +cassandra.user=${CASSA_USER} +cassandra.password=${CASSA_PASSWORD} diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties index 2a2ec59d5c..1faed41b85 100755 --- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties +++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties @@ -40,8 +40,8 @@ decryption_key = AGLDdG4D04BKm2IxIWEr8o== db.driver = org.mariadb.jdbc.Driver db.connectionURL = jdbc:mariadb://portal-db:3306/ecomp_sdk -db.userName = root -db.password = Aa123456 +db.userName =${PORTAL_DB_USER} +db.password =${PORTAL_DB_PASSWORD} db.min_pool_size = 5 db.max_pool_size = 10 hb.dialect = org.hibernate.dialect.MySQLDialect @@ -90,4 +90,4 @@ remote_centralized_system_access = {{.Values.global.aafEnabled}} ext_central_access_user_name = aaf_admin@people.osaaf.org ext_central_access_password = demo123456! ext_central_access_url = {{.Values.aafURL}} -ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file +ext_central_access_user_domain = @people.osaaf.org diff --git a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml index 104c2df34a..52bf49b972 100644 --- a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml @@ -49,6 +49,42 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-portalsdk-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - "-c" + - | + cd /config-input && \ + for PFILE in `ls -1 *.xml` + do + cp ${PFILE} /config + chmod 0755 /config/${PFILE} + done + cd /config-input && \ + for PFILE in `ls -1 *.properties` + do + envsubst <${PFILE} >/config/${PFILE} + chmod 0755 /config/${PFILE} + done + env: + - name: CASSA_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }} + - name: CASSA_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }} + - name: CIPHER_ENC_KEY + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }} + - name: PORTAL_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }} + - name: PORTAL_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }} + volumeMounts: + - mountPath: /config-input + name: properties-onapportalsdk-scrubbed + - mountPath: /config + name: properties-onapportalsdk {{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} @@ -100,6 +136,9 @@ spec: mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/portal.properties" subPath: portal.properties - name: properties-onapportalsdk + mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties" + subPath: key.properties + - name: properties-onapportalsdk mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/music.properties" subPath: music.properties - name: properties-onapportalsdk @@ -135,6 +174,9 @@ spec: hostPath: path: /etc/localtime - name: properties-onapportalsdk + emptyDir: + medium: Memory + - name: properties-onapportalsdk-scrubbed configMap: name: {{ include "common.fullname" . }}-onapportalsdk defaultMode: 0755 diff --git a/kubernetes/portal/components/portal-sdk/values.yaml b/kubernetes/portal/components/portal-sdk/values.yaml index ebe49e08c2..ae373a2f54 100644 --- a/kubernetes/portal/components/portal-sdk/values.yaml +++ b/kubernetes/portal/components/portal-sdk/values.yaml @@ -24,18 +24,48 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 persistence: {} + envsubstImage: dibi/envsubst #AAF service aafEnabled: true +################################################################ +# Secrets metaconfig +################################################################# + +secrets: + - uid: portal-cass + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}' + login: '{{ .Values.cassandra.config.cassandraUsername }}' + password: '{{ .Values.cassandra.config.cassandraPassword }}' + passwordPolicy: required + - uid: portal-backend-db + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}' + login: '{{ .Values.mariadb.config.backendUserName }}' + password: '{{ .Values.mariadb.config.backendPassword }}' + passwordPolicy: required + - uid: cipher-enc-key + type: password + externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}' + password: '{{ .Values.config.cipherEncKey }}' + passwordPolicy: required + ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/portal-sdk:3.2.0 +image: onap/portal-sdk:3.4.1 pullPolicy: Always +# application configuration +config: + # cipherEncKeyExternalSecret: some secret + cipherEncKey: AGLDdG4D04BKm2IxIWEr8o== + + #AAF local config aafURL: https://aaf-service:8100/authz/ certInitializer: @@ -91,6 +121,10 @@ service: mariadb: service: name: portal-db + config: + # backendDbExternalSecret: some secret + backendUserName: portal + backendPassword: portal widget: service: name: portal-widget @@ -98,6 +132,7 @@ cassandra: service: name: portal-cassandra config: + # cassandraExternalSecret: some secret cassandraUsername: root cassandraPassword: Aa123456 messageRouter: diff --git a/kubernetes/portal/components/portal-widget/values.yaml b/kubernetes/portal/components/portal-widget/values.yaml index 3afb4c6f60..94da33019c 100644 --- a/kubernetes/portal/components/portal-widget/values.yaml +++ b/kubernetes/portal/components/portal-widget/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/portal-wms:3.2.3 +image: onap/portal-wms:3.4.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/portal/templates/secrets.yaml b/kubernetes/portal/templates/secrets.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/portal/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/portal/values.yaml b/kubernetes/portal/values.yaml index a7d1e09c5d..0d4b023b12 100644 --- a/kubernetes/portal/values.yaml +++ b/kubernetes/portal/values.yaml @@ -21,14 +21,42 @@ global: portalFEPort: "30225" # application's front end hostname. Must be resolvable on the client side environment portalHostName: "portal.api.simpledemo.onap.org" + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: portal-cass + name: &dbSecretName '{{ include "common.release" . }}-portal-cass-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.casandraCredsExternalSecret) . }}' + login: '{{ .Values.config.cassandraUsername }}' + password: '{{ .Values.config.cassandraPassword }}' + - uid: portal-backend-db + name: &backendDbSecretName '{{ include "common.release" . }}-portal-backend-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}' + login: '{{ .Values.mariadb.config.backendUserName }}' + password: '{{ .Values.mariadb.config.backendPassword }}' + passwordPolicy: required + config: logstashServiceName: log-ls logstashPort: 5044 + cassandraUsername: root + cassandraPassword: Aa123456 +# casandraCredsExternalSecret: some secret + portal-mariadb: nameOverride: portal-db mariadb: service: name: portal-db + config: +# backendDbExternalSecret: some secret + backendUserName: portal + backendPassword: portal + widget: service: name: portal-widget @@ -36,8 +64,21 @@ cassandra: service: name: portal-cassandra config: - cassandraUsername: root - cassandraPassword: Aa123456 + cassandraExternalSecret: *dbSecretName +portal-app: + mariadb: + config: + backendDbExternalSecret: *backendDbSecretName + cassandra: + config: + cassandraExternalSecret: *dbSecretName +portal-sdk: + mariadb: + config: + backendDbExternalSecret: *backendDbSecretName + cassandra: + config: + cassandraExternalSecret: *dbSecretName messageRouter: service: name: message-router diff --git a/kubernetes/robot b/kubernetes/robot -Subproject b093c77b4faa2c4f0bfc67e481f724b6d67c722 +Subproject 34913f2223539640c81ae9e7a65744a09a95c9c diff --git a/kubernetes/sdc/Makefile b/kubernetes/sdc/Makefile index f2670c552d..3dab31fad0 100644 --- a/kubernetes/sdc/Makefile +++ b/kubernetes/sdc/Makefile @@ -20,6 +20,8 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") + .PHONY: $(EXCLUDES) $(HELM_CHARTS) all: $(HELM_CHARTS) @@ -39,7 +41,12 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif + @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/sdc/components/Makefile b/kubernetes/sdc/components/Makefile index 8d3bf2be4f..0d5b9e0c1f 100644 --- a/kubernetes/sdc/components/Makefile +++ b/kubernetes/sdc/components/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml index e2329d7ca5..d3a47de65b 100644 --- a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml @@ -37,6 +37,13 @@ spec: fieldPath: metadata.namespace image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi - name: {{ include "common.name" . }}-job-completion image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" @@ -51,6 +58,13 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config image: "{{ .Values.global.envsubstImage }}" @@ -72,6 +86,13 @@ spec: envsubst <${PFILE} >/config-output/${PFILE} chmod 0755 /config-output/${PFILE} done + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - name: {{ include "common.fullname" . }}-environments mountPath: /config-input/ @@ -154,6 +175,13 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: {{ include "common.fullname" . }}-localtime hostPath: diff --git a/kubernetes/sdc/components/sdc-be/templates/job.yaml b/kubernetes/sdc/components/sdc-be/templates/job.yaml index d9c3e510eb..554b3c357e 100644 --- a/kubernetes/sdc/components/sdc-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/job.yaml @@ -39,19 +39,28 @@ spec: args: - --container-name - sdc-be + - "-t" + - "35" env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi containers: - name: {{ include "common.name" . }}-job image: "{{ include "common.repository" . }}/{{ .Values.backendInitImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-environments - mountPath: /home/sdc/chef-solo/environments/ + mountPath: /home/onap/chef-solo/environments/ - name: sdc-logs mountPath: /var/lib/jetty/logs env: @@ -61,6 +70,13 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP + resources: + limits: + cpu: 800m + memory: 1024Mi + requests: + cpu: 200m + memory: 200Mi volumes: - name: {{ include "common.fullname" . }}-environments configMap: diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index 03894869e4..b825b703b4 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -39,8 +39,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-backend:1.6.7 -backendInitImage: onap/sdc-backend-init:1.6.7 +image: onap/sdc-backend-all-plugins:1.7.1 +backendInitImage: onap/sdc-backend-init:1.7.1 pullPolicy: Always # flag to enable debugging - application support required @@ -140,15 +140,15 @@ resources: small: limits: cpu: 1 - memory: 4Gi + memory: 2Gi requests: - cpu: 10m + cpu: 100m memory: 1Gi large: limits: cpu: 2 - memory: 8Gi + memory: 4Gi requests: - cpu: 20m + cpu: 200m memory: 2Gi unlimited: {} diff --git a/kubernetes/sdc/components/sdc-cs/templates/job.yaml b/kubernetes/sdc/components/sdc-cs/templates/job.yaml index 0c98d67be4..19dd11281f 100644 --- a/kubernetes/sdc/components/sdc-cs/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-cs/templates/job.yaml @@ -45,12 +45,21 @@ spec: {{- else }} - cassandra {{- end }} + - "-t" + - "15" env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi containers: - name: {{ include "common.name" . }}-job image: "{{ include "common.repository" . }}/{{ .Values.cassandraInitImage }}" @@ -78,6 +87,13 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP + resources: + limits: + cpu: 800m + memory: 1024Mi + requests: + cpu: 200m + memory: 300Mi volumes: - name: {{ include "common.fullname" . }}-environments configMap: diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index 0738ca755d..e80f64844e 100644 --- a/kubernetes/sdc/components/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -38,8 +38,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.6.7 -cassandraInitImage: onap/sdc-cassandra-init:1.6.7 +image: onap/sdc-cassandra:1.7.1 +cassandraInitImage: onap/sdc-cassandra-init:1.7.1 pullPolicy: Always @@ -104,23 +104,3 @@ persistence: ingress: enabled: false - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 10m - memory: 1Gi - large: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 20m - memory: 2Gi - unlimited: {} diff --git a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml index 0571f4bb5d..bca3c477a1 100644 --- a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml @@ -43,12 +43,21 @@ spec: args: - --job-name - {{ include "common.release" . }}-sdc-be-config-backend + - "-t" + - "35" env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config image: "{{ .Values.global.envsubstImage }}" @@ -75,6 +84,13 @@ spec: mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{- end }} containers: - name: {{ include "common.name" . }} @@ -106,8 +122,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} env: - name: ENVNAME value: {{ .Values.env.name }} @@ -153,6 +168,13 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-localtime hostPath: diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index e9ff284ffe..1389d05c02 100644 --- a/kubernetes/sdc/components/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -51,7 +51,7 @@ certInitializer: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-frontend:1.6.7 +image: onap/sdc-frontend:1.7.1 pullPolicy: Always config: @@ -123,16 +123,16 @@ flavor: small resources: small: limits: - cpu: 1 - memory: 4Gi + cpu: 500m + memory: 2Gi requests: - cpu: 10m + cpu: 40m memory: 1Gi large: limits: - cpu: 2 - memory: 8Gi + cpu: 1 + memory: 4Gi requests: - cpu: 20m + cpu: 80m memory: 2Gi unlimited: {} diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml index 6f1e2a9b61..527dddef89 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml @@ -49,6 +49,13 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config image: "{{ .Values.global.envsubstImage }}" @@ -75,6 +82,13 @@ spec: mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{- end }} containers: - name: {{ include "common.name" . }} @@ -99,8 +113,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} env: - name: ENVNAME value: {{ .Values.env.name }} @@ -155,6 +168,13 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: {{ include "common.fullname" . }}-localtime hostPath: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml index 936c7c41b5..c3003e2d1d 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml @@ -41,12 +41,21 @@ spec: args: - --job-name - {{ include "common.release" . }}-sdc-cs-config-cassandra + - "-t" + - "20" env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi containers: - name: {{ include "common.name" . }}-job image: "{{ include "common.repository" . }}/{{ .Values.onboardingInitImage }}" @@ -72,6 +81,13 @@ spec: secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_password} - name: CS_HOST_IP value: "{{ .Values.global.cassandra.serviceName }}" + resources: + limits: + cpu: 800m + memory: 1024Mi + requests: + cpu: 200m + memory: 200Mi volumes: - name: {{ include "common.fullname" . }}-environments configMap: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index 2e5d91e76b..6ec08db43a 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -63,8 +63,8 @@ certInitializer: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-onboard-backend:1.6.7 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.7 +image: onap/sdc-onboard-backend:1.7.1 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.7.1 pullPolicy: Always # flag to enable debugging - application support required @@ -155,16 +155,16 @@ flavor: small resources: small: limits: - cpu: 1 - memory: 4Gi + cpu: 500m + memory: 2Gi requests: - cpu: 10m + cpu: 40m memory: 1Gi large: limits: - cpu: 2 - memory: 8Gi + cpu: 1 + memory: 4Gi requests: - cpu: 20m + cpu: 80m memory: 2Gi unlimited: {} diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml index b188cdae98..c61c41fc85 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml @@ -50,6 +50,13 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{ end }} containers: - name: {{ include "common.name" . }} @@ -123,6 +130,7 @@ spec: - name: SERVER_SSL_TRUSTSTORE_TYPE value: "{{ .Values.config.serverSSLTrustStoreType }}" volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + resources: {{ include "common.resources" . | nindent 12 }} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml index 9235cb441c..be7d519924 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml @@ -34,37 +34,47 @@ spec: spec: restartPolicy: Never initContainers: - - name: {{ include "common.name" . }}-init-readiness - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-sdc-cs-config-cassandra - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-init-readiness + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-sdc-cs-config-cassandra + - "-t" + - "20" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi containers: - - name: {{ include "common.name" . }}-job - image: "{{ include "common.repository" . }}/{{ .Values.configInitImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CS_HOST - value: "{{ .Values.global.cassandra.serviceName }}" - - name: CS_PORT - value: "{{ .Values.config.cassandraClientPort }}" - - name: CS_AUTHENTICATE - value: "{{ .Values.config.cassandraAuthenticationEnabled }}" - - name: CS_USER - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user} - - name: CS_PASSWORD - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password} + - name: {{ include "common.name" . }}-job + image: "{{ include "common.repository" . }}/{{ .Values.configInitImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CS_HOST + value: "{{ .Values.global.cassandra.serviceName }}" + - name: CS_PORT + value: "{{ .Values.config.cassandraClientPort }}" + - name: CS_AUTHENTICATE + value: "{{ .Values.config.cassandraAuthenticationEnabled }}" + - name: CS_USER + valueFrom: + secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user} + - name: CS_PASSWORD + valueFrom: + secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password} + resources: {{ include "common.resources" . | nindent 12 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" {{ end }} diff --git a/kubernetes/sdc/components/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml index da5ae38ad5..893a1b9f31 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml @@ -62,8 +62,8 @@ certInitializer: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-backend:1.6.4 -configInitImage: onap/workflow-init:1.6.4 +image: onap/sdc-workflow-backend:1.7.0 +configInitImage: onap/sdc-workflow-init:1.7.0 pullPolicy: Always initJob: @@ -123,21 +123,22 @@ ingress: config: ssl: "redirect" -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi +# Resource Limit flavor -By Default using small +# Segregation for Different environment (Small and Large) +flavor: small +resources: + small: + limits: + cpu: 500m + memory: 2Gi + requests: + cpu: 40m + memory: 1Gi + large: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 80m + memory: 2Gi + unlimited: {} diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml index ad10480a3f..a5d312f308 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml @@ -48,6 +48,13 @@ spec: fieldPath: metadata.namespace image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{- if .Values.global.aafEnabled }} - name: {{ include "common.fullname" . }}-move-cert command: @@ -63,6 +70,13 @@ spec: volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: sdc-certs mountPath: /sdc-certs + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{- end }} containers: - name: {{ include "common.name" . }} @@ -114,8 +128,8 @@ spec: readOnly: true {{- if .Values.global.aafEnabled }} - name: sdc-certs - mountPath: /sdc-certs - subpath: mycreds.prop + mountPath: /sdc-certs/mycreds.prop + subPath: mycreds.prop - name: sdc-certs mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.keystoreFile }} subPath: {{ .Values.certInitializer.keystoreFile }} @@ -123,8 +137,7 @@ spec: mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.truststoreFile }} subPath: {{ .Values.certInitializer.truststoreFile }} {{ end }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -145,6 +158,13 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-localtime hostPath: diff --git a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml index 7bb1b24ad6..e88139832f 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml @@ -51,7 +51,7 @@ certInitializer: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-frontend:1.6.4 +image: onap/sdc-workflow-frontend:1.7.0 pullPolicy: Always # flag to enable debugging - application support required @@ -114,21 +114,22 @@ ingress: nginx.ingress.kubernetes.io/backend-protocol: "HTTP" nginx.ingress.kubernetes.io/rewrite-target: "/workflows/" -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi +# Resource Limit flavor -By Default using small +# Segregation for Different environment (Small and Large) +flavor: small +resources: + small: + limits: + cpu: 500m + memory: 2Gi + requests: + cpu: 40m + memory: 1Gi + large: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 80m + memory: 2Gi + unlimited: {} diff --git a/kubernetes/sdnc/Makefile b/kubernetes/sdnc/Makefile index e4b5dda95d..1518f3c3c6 100644 --- a/kubernetes/sdnc/Makefile +++ b/kubernetes/sdnc/Makefile @@ -20,6 +20,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -40,7 +41,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/sdnc/components/Makefile b/kubernetes/sdnc/components/Makefile index 4e737638a6..c38171c1e5 100644 --- a/kubernetes/sdnc/components/Makefile +++ b/kubernetes/sdnc/components/Makefile @@ -20,6 +20,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -40,7 +41,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml index 1a70926f4f..f3a2b98397 100644 --- a/kubernetes/sdnc/components/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml @@ -55,7 +55,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-dmaap-listener-image:1.8.4 +image: onap/sdnc-dmaap-listener-image:2.0.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml index 7eb32b10e5..e4024c7d77 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml @@ -55,7 +55,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ansible-server-image:1.8.4 +image: onap/sdnc-ansible-server-image:2.0.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml index bcf3cff752..2c0b3eabe2 100644 --- a/kubernetes/sdnc/components/sdnc-web/values.yaml +++ b/kubernetes/sdnc/components/sdnc-web/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: "onap/sdnc-web-image:1.8.3" +image: "onap/sdnc-web-image:2.0.2" pullPolicy: Always config: diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml index a8b7c13550..a32628df6f 100644 --- a/kubernetes/sdnc/components/ueb-listener/values.yaml +++ b/kubernetes/sdnc/components/ueb-listener/values.yaml @@ -61,7 +61,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ueb-listener-image:1.8.4 +image: onap/sdnc-ueb-listener-image:2.0.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/resources/config/bin/startODL.sh b/kubernetes/sdnc/resources/config/bin/startODL.sh index 6aa796a163..a83fc92890 100755 --- a/kubernetes/sdnc/resources/config/bin/startODL.sh +++ b/kubernetes/sdnc/resources/config/bin/startODL.sh @@ -162,6 +162,7 @@ then fi cp /opt/opendaylight/current/certs/* /tmp +cp /var/custom-certs/* /tmp nohup python ${SDNC_BIN}/installCerts.py & diff --git a/kubernetes/sdnc/resources/config/conf/setenv b/kubernetes/sdnc/resources/config/conf/setenv index 7476e6849a..52c9ff76b4 100644 --- a/kubernetes/sdnc/resources/config/conf/setenv +++ b/kubernetes/sdnc/resources/config/conf/setenv @@ -54,8 +54,8 @@ if [ "x$JAVA_MAX_MEM" = "x" ]; then export JAVA_MAX_MEM="2048m" fi -EXTRA_JAVA_OPTS: "-XX:+UseG1GC -XX:MaxGCPauseMillis={{.Values.config.odl.javaOptions.maxGCPauseMillis}} \ - -XX:ParallelGCThreads={{.Values.config.odl.javaOptions.parallelGCThreads}} -XX:+ParallelRefProcEnabled \ - -XX:+UseStringDeduplication -XX:+PrintGC -XX:+PrintGCDateStamps -XX:+PrintGCDetails \ - -XX:+PrintGCTimeStamps -XX:+UseGCLogFileRotation \ - -XX:NumberOfGCLogFiles={{.Values.config.odl.javaOptions.numberGGLogFiles}} -Xloggc:/var/log/onap/sdnc/gc-%t.log" +EXTRA_JAVA_OPTS=${EXTRA_JAVA_OPTS:-"-XX:+UseG1GC \ + -XX:MaxGCPauseMillis={{.Values.config.odl.javaOptions.maxGCPauseMillis}} \ + -XX:ParallelGCThreads={{.Values.config.odl.javaOptions.parallelGCThreads}} \ + -XX:+ParallelRefProcEnabled \ + -XX:+UseStringDeduplication {{.Values.config.odl.javaOptions.gcLogOptions}}"} diff --git a/kubernetes/sdnc/templates/sdnrdb-init-job.yaml b/kubernetes/sdnc/templates/sdnrdb-init-job.yaml index aa156b598f..42b3f25483 100755 --- a/kubernetes/sdnc/templates/sdnrdb-init-job.yaml +++ b/kubernetes/sdnc/templates/sdnrdb-init-job.yaml @@ -51,7 +51,7 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/bin/bash"] - args: ["-c", "{{ .Values.config.binDir }}/startODL.oom.sh"] + args: ["-c", "{{ .Values.config.binDir }}/startODL.sh"] env: - name: SDNC_AAF_ENABLED value: "{{ .Values.global.aafEnabled}}" diff --git a/kubernetes/sdnc/templates/service.yaml b/kubernetes/sdnc/templates/service.yaml index b434c4025f..e3be4bc46a 100644 --- a/kubernetes/sdnc/templates/service.yaml +++ b/kubernetes/sdnc/templates/service.yaml @@ -49,9 +49,9 @@ spec: targetPort: {{ .Values.service.internalPort4 }} {{ end }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }} - {{ if .Values.config.sdnr.enabled }} - Session Affinity: ClientIP - {{ end }} + {{ if .Values.config.sdnr.enabled }} + sessionAffinity: ClientIP + {{ end }} selector: app.kubernetes.io/name: {{ include "common.name" . }} app.kubernetes.io/instance: {{ include "common.release" . }} diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index b1da64a748..488c050bfb 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2020 Samsung Electronics, highstreet technologies GmbH +# Copyright © 2020 Samsung Electronics # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -94,6 +94,48 @@ spec: {{ end -}} {{ include "common.certInitializer.initContainer" . | indent 6 }} + {{ if .Values.global.cmpv2Enabled }} + - name: certs-init + image: "{{ .Values.global.repository }}/{{ .Values.global.platform.certServiceClient.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: REQUEST_URL + value: {{ .Values.global.platform.certServiceClient.envVariables.requestURL }} + - name: REQUEST_TIMEOUT + value: "30000" + - name: OUTPUT_PATH + value: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }} + - name: CA_NAME + value: {{ .Values.global.platform.certServiceClient.envVariables.caName }} + - name: COMMON_NAME + value: {{ .Values.global.platform.certServiceClient.envVariables.common_name }} + - name: ORGANIZATION + value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Organization }} + - name: ORGANIZATION_UNIT + value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }} + - name: LOCATION + value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Location }} + - name: STATE + value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2State }} + - name: COUNTRY + value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Country }} + - name: KEYSTORE_PATH + value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePath }} + - name: KEYSTORE_PASSWORD + value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePassword }} + - name: TRUSTSTORE_PATH + value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePath }} + - name: TRUSTSTORE_PASSWORD + value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePassword }} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }} + name: certs + - mountPath: {{ .Values.global.platform.certServiceClient.secret.mountPath }} + name: certservice-tls-volume + {{ end }} + - name: {{ include "common.name" . }}-chown image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} command: @@ -160,6 +202,8 @@ spec: value: {{ include "common.mariadbService" . }} - name: JAVA_HOME value: "{{ .Values.config.javaHome}}" + - name: JAVA_OPTS + value: "-Xms{{.Values.config.odl.javaOptions.minMemory}} -Xmx{{.Values.config.odl.javaOptions.maxMemory}}" - name: KARAF_CONSOLE_LOG_LEVEL value: "{{ include "common.log.level" . }}" - name: SDNRWT @@ -238,6 +282,10 @@ spec: - mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-state-provider.properties name: properties subPath: mountpoint-state-provider.properties + {{ if .Values.global.cmpv2Enabled }} + - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }} + name: certs + {{- end }} resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -288,6 +336,14 @@ spec: - name: properties emptyDir: medium: Memory + {{ if .Values.global.cmpv2Enabled }} + - name: certs + emptyDir: + medium: Memory + - name: certservice-tls-volume + secret: + secretName: {{ .Values.global.platform.certServiceClient.secret.name }} + {{- end }} {{ if not .Values.persistence.enabled }} - name: {{ include "common.fullname" . }}-data emptyDir: {} diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 244a7d5d9a..c41f5eadbf 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -35,6 +35,31 @@ global: service: mariadb-galera internalPort: 3306 nameOverride: mariadb-galera + # Enabling CMPv2 + cmpv2Enabled: true + platform: + certServiceClient: + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.0.0 + secret: + name: oom-cert-service-client-tls-secret + mountPath: /etc/onap/oom/certservice/certs/ + envVariables: + # Certificate related + cert_path: /var/custom-certs + cmpv2Organization: "Linux-Foundation" + cmpv2OrganizationalUnit: "ONAP" + cmpv2Location: "San-Francisco" + cmpv2Country: "US" + # Client configuration related + caName: "RA" + common_name: "sdnc.simpledemo.onap.org" + requestURL: "https://oom-cert-service:8443/v1/certificate/" + requestTimeout: "30000" + keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks" + outputType: "P12" + keystorePassword: "secret" + truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks" + truststorePassword: "secret" ################################################################# # Secrets metaconfig @@ -110,7 +135,7 @@ secrets: # application images repository: nexus3.onap.org:10001 pullPolicy: Always -image: onap/sdnc-image:1.8.4 +image: onap/sdnc-image:2.0.2 busyboxRepository: docker.io busyboxImage: busybox:1.30 @@ -160,11 +185,12 @@ config: logstashPort: 5044 ansibleServiceName: sdnc-ansible-server ansiblePort: 8000 - javaHome: /usr/lib/jvm/java-1.8-openjdk + javaHome: /opt/java/openjdk odl: etcDir: /opt/opendaylight/etc binDir: /opt/opendaylight/bin + gcLogDir: /opt/opendaylight/data/log salConfigDir: /opt/opendaylight/system/org/opendaylight/controller/sal-clustering-config salConfigVersion: 1.9.1 akka: @@ -184,7 +210,12 @@ config: javaOptions: maxGCPauseMillis: 100 parallelGCThreads : 3 - numberGGLogFiles: 10 + numberGCLogFiles: 10 + minMemory: 512m + maxMemory: 2048m + gcLogOptions: "" + # Next line enables gc logging + # gcLogOptions: "-Xlog:gc=trace:file={{.Values.config.odl.gcLogDir}}/gc-%t.log}:time,level,tags:filecount={{.Values.config.odl.javaOptions.numberGCLogFiles}}" # enables sdnr functionality sdnr: enabled: true @@ -406,6 +437,22 @@ persistence: mountSubPath: sdnc/mdsal mdsalPath: /opt/opendaylight/current/daexim +certpersistence: + enabled: true + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 50Mi + mountPath: /dockerdata-nfs + mountSubPath: sdnc/certs + certPath: /opt/app/osaaf + ##storageClass: "manual" + ingress: enabled: false service: diff --git a/kubernetes/sniro-emulator/templates/deployment.yaml b/kubernetes/sniro-emulator/templates/deployment.yaml index 2e76895278..0a1525c280 100644 --- a/kubernetes/sniro-emulator/templates/deployment.yaml +++ b/kubernetes/sniro-emulator/templates/deployment.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -24,6 +24,10 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} template: metadata: labels: diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml index 2dbfa4ea4a..ee84d60905 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml @@ -72,7 +72,7 @@ spec: readOnly: true - name: {{ include "common.fullname" . }}-truststore mountPath: /app/client - readonly: true + readOnly: true livenessProbe: tcpSocket: port: {{ index .Values.livenessProbe.port }} diff --git a/kubernetes/uui/charts/uui-server/values.yaml b/kubernetes/uui/charts/uui-server/values.yaml index e8acab2350..a43ae6eff0 100644 --- a/kubernetes/uui/charts/uui-server/values.yaml +++ b/kubernetes/uui/charts/uui-server/values.yaml @@ -25,7 +25,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/usecase-ui-server:3.0.4 +image: onap/usecase-ui-server:3.0.6 pullPolicy: Always # application configuration diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml index 758200eede..77351f9f3e 100644 --- a/kubernetes/uui/values.yaml +++ b/kubernetes/uui/values.yaml @@ -26,7 +26,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/usecase-ui:3.0.4 +image: onap/usecase-ui:3.0.6 pullPolicy: Always # application configuration diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/resources/config/logging/log.yml index 123bb298ab..844f993df1 100644 --- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/resources/config/logging/log.yml +++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/resources/config/logging/log.yml @@ -11,6 +11,9 @@ loggers: level: "DEBUG" propagate: False handlers: + console: + class: "logging.StreamHandler" + formatter: "standard" gvnfmdriverlocal_handler: level: "DEBUG" class: diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml index c6987f14ee..a9c92ef7b3 100644 --- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml @@ -56,12 +56,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: REG_TO_MSB_WHEN_START value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml index 21118603f5..96736f6c66 100644 --- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml @@ -28,7 +28,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/gvnfmdriver:1.3.9 +image: onap/vfc/gvnfmdriver:1.4.0 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-nslcm/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-nslcm/resources/config/logging/log.yml index 4ae7ab16a8..c88606239e 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/resources/config/logging/log.yml +++ b/kubernetes/vfc/charts/vfc-nslcm/resources/config/logging/log.yml @@ -11,6 +11,9 @@ loggers: level: "DEBUG" propagate: False handlers: + console: + class: "logging.StreamHandler" + formatter: "standard" nslcmlocal_handler: level: "DEBUG" class: diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml index 9b085f8a36..544834d199 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml @@ -76,12 +76,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" - name: MYSQL_ROOT_USER diff --git a/kubernetes/vfc/charts/vfc-nslcm/values.yaml b/kubernetes/vfc/charts/vfc-nslcm/values.yaml index 547874145f..7d37810020 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/values.yaml +++ b/kubernetes/vfc/charts/vfc-nslcm/values.yaml @@ -38,7 +38,7 @@ secrets: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/nslcm:1.3.9 +image: onap/vfc/nslcm:1.4.0 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml index 9eee5c7f81..8b32fa4e6e 100644 --- a/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml @@ -53,11 +53,6 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - - name: REG_TO_MSB_WHEN_START - value: "{{ .Values.global.config.reg_to_msb_when_start }}" resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/vfc/charts/vfc-redis/values.yaml b/kubernetes/vfc/charts/vfc-redis/values.yaml index 80924a897a..2761d05999 100644 --- a/kubernetes/vfc/charts/vfc-redis/values.yaml +++ b/kubernetes/vfc/charts/vfc-redis/values.yaml @@ -28,7 +28,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/db:1.3.3 +image: onap/vfc/db:1.3.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/vfc/charts/vfc-vnflcm/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-vnflcm/resources/config/logging/log.yml index 4af8faa40f..9dbf475beb 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/resources/config/logging/log.yml +++ b/kubernetes/vfc/charts/vfc-vnflcm/resources/config/logging/log.yml @@ -11,6 +11,9 @@ loggers: level: "DEBUG" propagate: False handlers: + console: + class: "logging.StreamHandler" + formatter: "standard" vnfmgrlocal_handler: level: "DEBUG" class: diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml index d61dc9ddfa..7fd74b93f0 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml @@ -76,12 +76,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" - name: MYSQL_ROOT_USER diff --git a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml index 89847ca158..fafef0c5f0 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml +++ b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml @@ -38,7 +38,7 @@ secrets: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/vnflcm:1.3.9 +image: onap/vfc/vnflcm:1.4.0 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-vnfmgr/resources/config/logging/log.yml index 4af8faa40f..9dbf475beb 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/resources/config/logging/log.yml +++ b/kubernetes/vfc/charts/vfc-vnfmgr/resources/config/logging/log.yml @@ -11,6 +11,9 @@ loggers: level: "DEBUG" propagate: False handlers: + console: + class: "logging.StreamHandler" + formatter: "standard" vnfmgrlocal_handler: level: "DEBUG" class: diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml index 3eede1904d..bd0b377f79 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml @@ -76,12 +76,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" - name: REDIS_HOST diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml index 6fbc0338e5..67b087fcd0 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml +++ b/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml @@ -38,7 +38,7 @@ secrets: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/vnfmgr:1.3.8 +image: onap/vfc/vnfmgr:1.3.9 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-vnfres/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-vnfres/resources/config/logging/log.yml index c4cc1e3072..7644af1e1b 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/resources/config/logging/log.yml +++ b/kubernetes/vfc/charts/vfc-vnfres/resources/config/logging/log.yml @@ -11,6 +11,9 @@ loggers: level: "DEBUG" propagate: False handlers: + console: + class: "logging.StreamHandler" + formatter: "standard" vnflcmlocal_handler: level: "DEBUG" class: diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml index 32c7cd2348..9f2a4c739b 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml @@ -76,12 +76,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" - name: REDIS_HOST diff --git a/kubernetes/vfc/charts/vfc-vnfres/values.yaml b/kubernetes/vfc/charts/vfc-vnfres/values.yaml index 82b74e08f6..1b6fc792a1 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/values.yaml +++ b/kubernetes/vfc/charts/vfc-vnfres/values.yaml @@ -38,7 +38,7 @@ secrets: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/vnfres:1.3.7 +image: onap/vfc/vnfres:1.3.8 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/resources/config/logging/log.yml index a0bf170fe6..6c00048ff7 100644 --- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/resources/config/logging/log.yml +++ b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/resources/config/logging/log.yml @@ -11,6 +11,9 @@ loggers: level: "DEBUG" propagate: False handlers: + console: + class: "logging.StreamHandler" + formatter: "standard" ztevnfmdriverlocal_handler: level: "DEBUG" class: diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml index bcae4acf52..32e4133a16 100644 --- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml @@ -72,12 +72,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: REG_TO_MSB_WHEN_START value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml index 18cd207051..8c349e0098 100644 --- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml @@ -28,7 +28,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/ztevnfmdriver:1.3.6 +image: onap/vfc/ztevnfmdriver:1.3.8 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index 4cd3321b7d..3c9b8ceb63 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -38,7 +38,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/vid:6.0.4 +image: onap/vid:7.0.0 pullPolicy: Always # mariadb image for initializing diff --git a/kubernetes/vnfsdk/resources/config/configuration.xml b/kubernetes/vnfsdk/resources/config/configuration.xml index 6bd4e1c8eb..09b6551c00 100644 --- a/kubernetes/vnfsdk/resources/config/configuration.xml +++ b/kubernetes/vnfsdk/resources/config/configuration.xml @@ -23,7 +23,7 @@ PUBLIC "//mybatis.org//DTD Config 3.0//EN" <transactionManager type="JDBC" /> <dataSource type="UNPOOLED"> <property name="driver" value="org.postgresql.Driver" /> - <property name="url" value="jdbc:postgresql://{{ .Values.postgres.service.name }}:{{ .Values.postgres.service.externalPort }}/marketplaceDB" /> + <property name="url" value="jdbc:postgresql://{{.Values.postgres.service.name2}}:{{.Values.postgres.service.externalPort}}/marketplaceDB" /> <property name="username" value="${PG_USER}" /> <property name="password" value="${PG_PASSWORD}" /> </dataSource> diff --git a/kubernetes/vnfsdk/templates/deployment.yaml b/kubernetes/vnfsdk/templates/deployment.yaml index 06ce21274e..60edcffbbf 100644 --- a/kubernetes/vnfsdk/templates/deployment.yaml +++ b/kubernetes/vnfsdk/templates/deployment.yaml @@ -73,7 +73,7 @@ spec: name: {{ include "common.name" . }} resources: {{ include "common.resources" . | indent 12 }} - volumes: + volumeMounts: - mountPath: /service/webapps/ROOT/WEB-INF/classes/mybatis/configuration/configuration.xml name: init-data subPath: configuration.xml diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml index b72f39652c..3e0e235717 100644 --- a/kubernetes/vnfsdk/values.yaml +++ b/kubernetes/vnfsdk/values.yaml @@ -43,7 +43,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/vnfsdk/refrepo:1.5.2 +image: onap/vnfsdk/refrepo:1.6.0 postgresRepository: crunchydata postgresImage: crunchy-postgres:centos7-10.3-1.8.2 pullPolicy: Always |