diff options
118 files changed, 1717 insertions, 1500 deletions
diff --git a/docs/index.rst b/docs/index.rst index c8048d142e..c933a726fb 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -16,3 +16,4 @@ OOM Documentation Repository oom_cloud_setup_guide.rst release-notes.rst oom_setup_kubernetes_rancher.rst + oom_setup_ingress_controller.rst diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst index 7706f2cd2d..552950b225 100644 --- a/docs/oom_hardcoded_certificates.rst +++ b/docs/oom_hardcoded_certificates.rst @@ -30,6 +30,10 @@ Here's the list of these certificates: +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.p12 | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | MSB | Yes | No? | Yes | kubernetes/msb/resources/config/certificates | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | MUSIC | Yes | No? | No? | kubernetes/common/music/charts/music/resources/keys/ | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | SDC | Yes | No? | No? | kubernetes/sdc/resources/cert | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | SO | Yes | No? | Yes | kubernetes/so/resources/config/certificates | diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst index 565c43f467..364f14e923 100644 --- a/docs/oom_quickstart_guide.rst +++ b/docs/oom_quickstart_guide.rst @@ -193,6 +193,10 @@ All override files may be customized (or replaced by other overrides) as per nee `onap-all.yaml` Enables the modules in the ONAP deployment. As ONAP is very modular, it is possible to customize ONAP and disable some components through this configuration file. +`onap-all-ingress-nginx-vhost.yaml` + Alternative version of the `onap-all.yaml` but with global ingress controller enabled. It requires the cluster configured with the nginx ingress controller and load balancer. + Please use this file instad `onap-all.yaml` if you want to use experimental ingress controller feature. + `environment.yaml` Includes configuration values specific to the deployment environment. diff --git a/docs/oom_setup_ingress_controller.rst b/docs/oom_setup_ingress_controller.rst new file mode 100644 index 0000000000..a4abc2b390 --- /dev/null +++ b/docs/oom_setup_ingress_controller.rst @@ -0,0 +1,159 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. Copyright 2020, Samsung Electronics + +.. Links +.. _HELM Best Practices Guide: https://docs.helm.sh/chart_best_practices/#requirements +.. _kubectl Cheat Sheet: https://kubernetes.io/docs/reference/kubectl/cheatsheet/ +.. _Kubernetes documentation for emptyDir: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir +.. _metallb Metal Load Balancer installation: https://metallb.universe.tf/installation/ +.. _http://cd.onap.info:30223/mso/logging/debug: http://cd.onap.info:30223/mso/logging/debug +.. _Onboarding and Distributing a Vendor Software Product: https://wiki.onap.org/pages/viewpage.action?pageId=1018474 +.. _README.md: https://gerrit.onap.org/r/gitweb?p=oom.git;a=blob;f=kubernetes/README.md + +.. figure:: oomLogoV2-medium.png + :align: right + +.. _onap-on-kubernetes-with-rancher: + + +Ingress controller setup on HA Kubernetes Cluster +################################################# + +This guide provides instruction how to setup experimental ingress controller feature. +For this, we are hosting our cluster on OpenStack VMs and using the Rancher Kubernetes Engine (RKE) +to deploy and manage our Kubernetes Cluster and ingress controller + +.. contents:: + :depth: 1 + :local: +.. + +The result at the end of this tutorial will be: + +#. Customization of the cluster.yaml file for ingress controller support + +#. Installation and configuration test DNS server for ingress host resolution on testing machines + +#. Instalation and configuration MLB (Metal Load Balancer) required for exposing ingress service + +#. Instalation and configuration NGINX ingress controller + +#. Additional info howto deploy onap with services exposed via Ingress controller + +Customize cluster.yml file +=========================== +Before setup cluster for ingress purposes DNS cluster IP and ingress provider should be configured and follwing: + +.. code-block:: yaml + <...> + restore: + restore: false + snapshot_name: "" + ingress: + provider: none + dns: + provider: coredns + upstreamnameservers: + - <custer_dns_ip>:31555 + +Where the <cluster_dns_ip> should be set to the same IP as the CONTROLPANE node. + +For external load balacer purposes minimum one of the worker node should be configured with external IP +address accessible outside the cluster. It can be done using the following example node configuration: + +.. code-block:: yaml + <...> + - address: <external_ip> + internal_address: <internal_ip> + port: "22" + role: + - worker + hostname_override: "onap-worker-0" + user: ubuntu + ssh_key_path: "~/.ssh/id_rsa" + <...> + +Where the <external_ip> is external worker node IP address, and <internal_ip> is internal node IP address if it is required + + + +DNS server configuration and instalation +======================== +DNS server deployed on the Kubernetes cluster makes it easy to use services exposed through ingress controller because it +resolves all subdomain related to the onap cluster to the load balancer IP. +Testing ONAP cluster requires a lot of entries on the target machines in the /etc/hosts. +Adding many entries into the configuration files on testing machines is quite problematic and error prone. +The better wait is to create central DNS server with entries for all virtual host pointed to simpledemo.onap.org and add custom DNS server as a target DNS server for testing machines and/or as external DNS for kubernetes cluster. + +DNS server has automatic instalation and configuration script, so instalation is quite easy:: + + > cd kubernetes/contrib/dns-server-for-vhost-ingress-testing + + > ./deploy\_dns.sh + +After DNS deploy you need to setup DNS entry on the target testing machine. +Because DNS listen on non standard port configuration require iptables rules +on the target machine. Please follow the configuation proposed by the deploy scripts +Example output depends on the IP address and example output looks like bellow:: + + + DNS server already deployed: + 1. You can add the DNS server to the target machine using following commands: + sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555 + sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555 + sudo sysctl -w net.ipv4.conf.all.route_localnet=1 + sudo sysctl -w net.ipv4.ip_forward=1 + 2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine + + +MetalLB Load Balancer instalation and configuration +==================================================== + +By default pure Kubernetes cluster requires external load balancer if we want to expose +external port using LoadBalancer settings. For this purpose MetalLB can be used. +Before installing the MetalLB you need to ensure that at least one worker has assigned IP acessible outside the cluster. + +MetalLB Load balanancer can be easily installed using automatic install script:: + + > cd kubernetes/contrib/metallb-loadbalancer-inst + + > ./install-metallb-on-cluster.sh + + +Configuration NGINX ingress controller +======================================= + +After installation DNS server and ingress controller we can install and configure ingress controller. +It can be done using the following commands:: + + > cd kubernetes/contrib/ingress-nginx-post-inst + + > kubectl apply -f nginx_ingress_cluster_config.yaml + + > kubectl apply -f nginx_ingress_enable_optional_load_balacer_service.yaml + +After deploy NGINX ingress controller you can ensure that the ingress port is exposed as load balancer service +with external IP address:: + + > kubectl get svc -n ingress-nginx + NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE + default-http-backend ClusterIP 10.10.10.10 <none> 80/TCP 25h + ingress-nginx LoadBalancer 10.10.10.11 10.12.13.14 80:31308/TCP,443:30314/TCP 24h + + +ONAP with ingress exposed services +===================================== +If you want to deploy onap with services exposed through ingress controller you can use full onap deploy script:: + > onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml + +Ingress also can be enabled on any onap setup override using following code: + +.. code-block:: yaml + <...> + #ingress virtualhost based configuration + global: + <...> + ingress: + enabled: true + diff --git a/kubernetes/aaf/charts/aaf-cm/values.yaml b/kubernetes/aaf/charts/aaf-cm/values.yaml index befbdc191d..37d6c5e2c5 100644 --- a/kubernetes/aaf/charts/aaf-cm/values.yaml +++ b/kubernetes/aaf/charts/aaf-cm/values.yaml @@ -52,7 +52,7 @@ ingress: name: "aaf-cm" port: 8150 config: - ssl: "none" + ssl: "redirect" # Configure resource requests and limits resources: diff --git a/kubernetes/aaf/charts/aaf-gui/values.yaml b/kubernetes/aaf/charts/aaf-gui/values.yaml index bc013d07f7..8811b3300a 100644 --- a/kubernetes/aaf/charts/aaf-gui/values.yaml +++ b/kubernetes/aaf/charts/aaf-gui/values.yaml @@ -54,7 +54,7 @@ ingress: name: "aaf-gui" port: 8200 config: - ssl: "none" + ssl: "redirect" # Configure resource requests and limits resources: diff --git a/kubernetes/aaf/charts/aaf-locate/templates/ingress.yaml b/kubernetes/aaf/charts/aaf-locate/templates/ingress.yaml index 40b4bba0ce..1b33c1f8d1 100644 --- a/kubernetes/aaf/charts/aaf-locate/templates/ingress.yaml +++ b/kubernetes/aaf/charts/aaf-locate/templates/ingress.yaml @@ -1,4 +1,2 @@ {{ include "common.ingress" . }} - - diff --git a/kubernetes/aaf/charts/aaf-locate/values.yaml b/kubernetes/aaf/charts/aaf-locate/values.yaml index 2083f1af3d..9209b9d027 100644 --- a/kubernetes/aaf/charts/aaf-locate/values.yaml +++ b/kubernetes/aaf/charts/aaf-locate/values.yaml @@ -51,7 +51,7 @@ ingress: name: "aaf-locate" port: 8095 config: - ssl: "none" + ssl: "redirect" # Configure resource requests and limits resources: diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/ingress.yaml b/kubernetes/aaf/charts/aaf-oauth/templates/ingress.yaml new file mode 100644 index 0000000000..1b33c1f8d1 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-oauth/templates/ingress.yaml @@ -0,0 +1,2 @@ + +{{ include "common.ingress" . }} diff --git a/kubernetes/aaf/charts/aaf-oauth/values.yaml b/kubernetes/aaf/charts/aaf-oauth/values.yaml index deadf2976f..c25327ce03 100644 --- a/kubernetes/aaf/charts/aaf-oauth/values.yaml +++ b/kubernetes/aaf/charts/aaf-oauth/values.yaml @@ -51,7 +51,7 @@ ingress: name: "aaf-oauth" port: 8140 config: - ssl: "none" + ssl: "redirect" # Configure resource requests and limits resources: diff --git a/kubernetes/aaf/charts/aaf-service/values.yaml b/kubernetes/aaf/charts/aaf-service/values.yaml index 5f3c1878dd..1eb5bb2523 100644 --- a/kubernetes/aaf/charts/aaf-service/values.yaml +++ b/kubernetes/aaf/charts/aaf-service/values.yaml @@ -52,7 +52,7 @@ ingress: name: "aaf-service" port: 8100 config: - ssl: "none" + ssl: "redirect" # Configure resource requests and limits resources: diff --git a/kubernetes/appc/charts/appc-cdt/values.yaml b/kubernetes/appc/charts/appc-cdt/values.yaml index 118d19c1b3..bd99bcac15 100644 --- a/kubernetes/appc/charts/appc-cdt/values.yaml +++ b/kubernetes/appc/charts/appc-cdt/values.yaml @@ -65,7 +65,7 @@ ingress: name: "appc-cdt" port: 18080 config: - ssl: "none" + ssl: "redirect" # Configure resource requests and limits # ref: http://kubernetes.io/docs/user-guide/compute-resources/ diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml index 6cd3c2b554..f120f12072 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml @@ -62,7 +62,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-blueprintsprocessor:0.7.1 +image: onap/ccsdk-blueprintsprocessor:0.7.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/cds/charts/cds-command-executor/values.yaml b/kubernetes/cds/charts/cds-command-executor/values.yaml index 3f9fb87e13..2bc84bd299 100755 --- a/kubernetes/cds/charts/cds-command-executor/values.yaml +++ b/kubernetes/cds/charts/cds-command-executor/values.yaml @@ -40,7 +40,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-commandexecutor:0.7.1 +image: onap/ccsdk-commandexecutor:0.7.2 pullPolicy: Always # application configuration diff --git a/kubernetes/cds/charts/cds-sdc-listener/values.yaml b/kubernetes/cds/charts/cds-sdc-listener/values.yaml index b9c329a124..c784a82ba1 100644 --- a/kubernetes/cds/charts/cds-sdc-listener/values.yaml +++ b/kubernetes/cds/charts/cds-sdc-listener/values.yaml @@ -37,7 +37,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-sdclistener:0.7.1 +image: onap/ccsdk-sdclistener:0.7.2 name: sdc-listener pullPolicy: Always diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/charts/cds-ui/values.yaml index 5810f39672..d084307bbb 100644 --- a/kubernetes/cds/charts/cds-ui/values.yaml +++ b/kubernetes/cds/charts/cds-ui/values.yaml @@ -28,7 +28,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-cds-ui-server:0.7.1 +image: onap/ccsdk-cds-ui-server:0.7.2 pullPolicy: Always # application configuration @@ -88,9 +88,9 @@ ingress: service: - baseaddr: "cdsui" name: "cds-ui" - port: 8080 - config: - ssl: "none" + port: 3000 + config: + ssl: "redirect" # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml index fa00ffed1a..5e473bc12e 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml +++ b/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml @@ -78,11 +78,17 @@ spec: name: {{ include "common.fullname" . }}-config subPath: sdc-controllers-config.json env: - - name: SPRING_APPLICATION_JSON - valueFrom: - configMapKeyRef: - name: {{ template "common.fullname" . }} - key: spring_application_json + - name: MYSQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: MYSQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + - name: MYSQL_DATABASE + value: {{ tpl .Values.db.databaseName .}} + - name: SPRING_APPLICATION_JSON + valueFrom: + configMapKeyRef: + name: {{ template "common.fullname" . }} + key: spring_application_json resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml b/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml new file mode 100644 index 0000000000..57f88ce32d --- /dev/null +++ b/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/clamp/charts/clamp-backend/values.yaml b/kubernetes/clamp/charts/clamp-backend/values.yaml index ca444aa175..f354ad14a7 100644 --- a/kubernetes/clamp/charts/clamp-backend/values.yaml +++ b/kubernetes/clamp/charts/clamp-backend/values.yaml @@ -23,11 +23,19 @@ global: # global defaults readinessImage: readiness-check:2.0.0 persistence: {} +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required + flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-backend:5.0.4 +image: onap/clamp-backend:5.0.6 pullPolicy: Always # flag to enable debugging - application support required @@ -40,6 +48,9 @@ log: ################################################################# # Application configuration defaults. ################################################################# + +db: {} + config: log: logstashServiceName: log-ls @@ -47,8 +58,10 @@ config: mysqlPassword: strong_pitchou dataRootDir: /dockerdata-nfs springApplicationJson: > - { - "spring.datasource.cldsdb.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3", + { + "spring.datasource.username": "${MYSQL_USER}", + "spring.datasource.password": "${MYSQL_PASSWORD}", + "spring.datasource.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3", "spring.profiles.active": "clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements", "clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json", "clamp.config.dcae.inventory.url": "https4://inventory.{{ include "common.namespace" . }}:8080", @@ -63,7 +76,7 @@ config: "clamp.config.policy.pap.userName": "healthcheck", "clamp.config.policy.pap.password": "zb!XztG34", "clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095" - } + } # default number of instances replicaCount: 1 diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml b/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml new file mode 100644 index 0000000000..0cd8cfbd36 --- /dev/null +++ b/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.ingress" . }} diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml index 8e640a4b3a..96a30f9e5f 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml @@ -87,6 +87,12 @@ service: nodePort: 90 ingress: enabled: false + service: + - baseaddr: "cdash-kibana" + name: "cdash-kibana" + port: 5601 + config: + ssl: "redirect" #resources: {} # We usually recommend not to specify default resources and to leave this as a conscious diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh deleted file mode 100755 index 2e2ad2e1af..0000000000 --- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh - -### -# ============LICENSE_START======================================================= -# ONAP CLAMP -# ================================================================================ -# Copyright (C) 2017 AT&T Intellectual Property. All rights -# reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END============================================ -# =================================================================== -# -### - -mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < /docker-entrypoint-initdb.d/bulkload/create-db.sql -## New model creation -mysql -uroot -p$MYSQL_ROOT_PASSWORD -f cldsdb4 < /docker-entrypoint-initdb.d/bulkload/create-tables.sql diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-db.sql b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-db.sql deleted file mode 100644 index ea4d97c1b5..0000000000 --- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-db.sql +++ /dev/null @@ -1,11 +0,0 @@ -# -# Create CLDS database objects (tables, etc.) -# -# -CREATE DATABASE `cldsdb4`; -USE `cldsdb4`; -DROP USER 'clds'; -CREATE USER 'clds'; -GRANT ALL on cldsdb4.* to 'clds' identified by 'sidnnd83K' with GRANT OPTION; -FLUSH PRIVILEGES; - diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql index 1f153bce04..1f153bce04 100644 --- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql +++ b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql diff --git a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml b/kubernetes/clamp/charts/mariadb/templates/configmap.yaml index 705c38fa19..522c5f9bf8 100644 --- a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml +++ b/kubernetes/clamp/charts/mariadb/templates/configmap.yaml @@ -17,19 +17,6 @@ apiVersion: v1 kind: ConfigMap metadata: - name: clamp-entrypoint-initdb-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: name: clamp-entrypoint-bulkload-configmap namespace: {{ include "common.namespace" . }} labels: @@ -38,7 +25,7 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }} --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml b/kubernetes/clamp/charts/mariadb/templates/deployment.yaml index be46f89433..7d22930b6a 100644 --- a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml +++ b/kubernetes/clamp/charts/mariadb/templates/deployment.yaml @@ -52,19 +52,19 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password + - name: MYSQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: MYSQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + - name: MYSQL_ROOT_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12 }} + - name: MYSQL_DATABASE + value: {{ tpl .Values.db.databaseName .}} volumeMounts: - - mountPath: /docker-entrypoint-initdb.d/bootstrap-database.sh - name: docker-entrypoint-initdb - subPath: bootstrap-database.sh - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /docker-entrypoint-initdb.d/bulkload/ + - mountPath: /docker-entrypoint-initdb.d/ name: docker-entrypoint-bulkload - mountPath: /etc/mysql/conf.d/conf1/ name: clamp-mariadb-conf @@ -88,9 +88,6 @@ spec: {{- else }} emptyDir: {} {{- end }} - - name: docker-entrypoint-initdb - configMap: - name: clamp-entrypoint-initdb-configmap - name: docker-entrypoint-bulkload configMap: name: clamp-entrypoint-bulkload-configmap diff --git a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml b/kubernetes/clamp/charts/mariadb/templates/secrets.yaml index 8f3a21752d..57f88ce32d 100644 --- a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml +++ b/kubernetes/clamp/charts/mariadb/templates/secrets.yaml @@ -13,16 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - db-root-password: {{ .Values.config.mysqlPassword | b64enc | quote }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/clamp/charts/mariadb/values.yaml b/kubernetes/clamp/charts/mariadb/values.yaml index 8bf6100563..df651dd9ea 100644 --- a/kubernetes/clamp/charts/mariadb/values.yaml +++ b/kubernetes/clamp/charts/mariadb/values.yaml @@ -20,18 +20,27 @@ global: # global defaults nodePortPrefix: 302 persistence: {} - # application image repository: nexus3.onap.org:10001 image: mariadb:10.3.12 pullPolicy: Always flavor: small - ################################################################# -# Application configuration defaults. +# Secrets metaconfig ################################################################# -config: - mysqlPassword: strong_pitchou +secrets: + - uid: db-root-pass + type: password + externalSecret: '{{ tpl (default "" .Values.db.rootCredsExternalSecret) . }}' + password: '{{ .Values.db.rootPass }}' + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + +# Application configuration +db: {} # default number of instances replicaCount: 1 diff --git a/kubernetes/clamp/templates/secrets.yaml b/kubernetes/clamp/templates/secrets.yaml new file mode 100644 index 0000000000..57f88ce32d --- /dev/null +++ b/kubernetes/clamp/templates/secrets.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml index 0e6ad57c2e..9446ca8eb3 100644 --- a/kubernetes/clamp/values.yaml +++ b/kubernetes/clamp/values.yaml @@ -24,6 +24,33 @@ global: # global defaults loggingImage: beats/filebeat:5.5.0 centralizedLoggingEnabled: false +secrets: + - uid: db-root-pass + name: &dbRootPass '{{ include "common.release" . }}-clamp-db-root-pass' + type: password + password: '{{ .Values.db.rootPass }}' + - uid: db-secret + name: &dbUserPass '{{ include "common.release" . }}-clamp-db-user-pass' + type: basicAuth + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + +db: + user: clds +# password: sidnnd83K + databaseName: &dbName cldsdb4 +# rootPass: emrys user: testos + +clamp-backend: + db: + userCredsExternalSecret: *dbUserPass + databaseName: *dbName +mariadb: + db: + rootCredsExternalSecret: *dbRootPass + userCredsExternalSecret: *dbUserPass + databaseName: *dbName + subChartsOnly: enabled: true @@ -31,7 +58,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-frontend:5.0.3 +image: onap/clamp-frontend:5.0.6 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml index 90922791bc..e5484dff5b 100644 --- a/kubernetes/cli/values.yaml +++ b/kubernetes/cli/values.yaml @@ -71,7 +71,7 @@ ingress: name: cli port: 9090 config: - ssl: "none" + ssl: "redirect" # Configure resource requests and limits # ref: http://kubernetes.io/docs/user-guide/compute-resources/ diff --git a/kubernetes/common/certInitializer/Chart.yaml b/kubernetes/common/certInitializer/Chart.yaml new file mode 100644 index 0000000000..3b20045b1f --- /dev/null +++ b/kubernetes/common/certInitializer/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Template used to obtain certificates in onap +name: certInitializer +version: 6.0.0 diff --git a/kubernetes/common/music/charts/music-tomcat/requirements.yaml b/kubernetes/common/certInitializer/requirements.yaml index 7aed47bc52..237f1d1354 100755..100644 --- a/kubernetes/common/music/charts/music-tomcat/requirements.yaml +++ b/kubernetes/common/certInitializer/requirements.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# Copyright © 2018 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,8 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. - dependencies: - name: common version: ~6.x-0 - repository: '@local'
\ No newline at end of file + repository: 'file://../common' diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml new file mode 100644 index 0000000000..e4a878b420 --- /dev/null +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -0,0 +1,152 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + + + +{{- define "common.certInitializer._aafConfigVolumeName" -}} + {{ include "common.fullname" . }}-aaf-config +{{- end -}} + +{{- define "common.certInitializer._aafAddConfigVolumeName" -}} + {{ print "aaf-add-config" }} +{{- end -}} + +{{/* + common templates to enable cert initialization for applictaions + + In deployments/jobs/stateful include: + initContainers: + {{ include "common.certInitializer.initContainer" . | nindent XX }} + + containers: + volumeMounts: + {{- include "common.certInitializer.volumeMount" . | nindent XX }} + volumes: + {{- include "common.certInitializer.volume" . | nindent XX}} +*/}} +{{- define "common.certInitializer._initContainer" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} +{{- $initName := default "certInitializer" -}} +{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}} +{{- $subchartDot := mergeOverwrite (fromJson (toJson $dot)) (dict "Chart" (set (fromJson (toJson .Chart)) "Name" $initRoot.nameOverride) "Values" $initRoot) }} +- name: {{ include "common.name" $dot }}-aaf-readiness + image: "{{ $dot.Values.global.readinessRepository }}/{{ $dot.Values.global.readinessImage }}" + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - aaf-locate + - --container-name + - aaf-cm + - --container-name + - aaf-service + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace +- name: {{ include "common.name" $dot }}-aaf-config + image: {{ (default $dot.Values.repository $dot.Values.global.repository) }}/{{ $dot.Values.global.aafAgentImage }} + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} + volumeMounts: + - mountPath: {{ $initRoot.mountPath }} + name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} +{{- if $initRoot.aaf_add_config }} + - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} + mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh + subPath: aaf-add-config.sh +{{- end }} + command: + - sh + - -c + - | + #!/usr/bin/env bash + /opt/app/aaf_config/bin/agent.sh +{{- if $initRoot.aaf_add_config }} + /opt/app/aaf_config/bin/aaf-add-config.sh +{{- end }} + env: + - name: APP_FQI + value: "{{ $initRoot.fqi }}" + - name: aaf_locate_url + value: "https://aaf-locate.{{ $dot.Release.Namespace}}:8095" + - name: aaf_locator_container + value: "oom" + - name: aaf_locator_container_ns + value: "{{ $dot.Release.Namespace }}" + - name: aaf_locator_fqdn + value: "{{ $initRoot.fqdn }}" + - name: aaf_locator_app_ns + value: "{{ $initRoot.app_ns }}" + - name: DEPLOY_FQI + {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "login") | indent 6 }} + - name: DEPLOY_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "password") | indent 6 }} + #Note: want to put this on Nodes, eventually + - name: cadi_longitude + value: "{{ default "52.3" $initRoot.cadi_longitude }}" + - name: cadi_latitude + value: "{{ default "13.2" $initRoot.cadi_latitude }}" + #Hello specific. Clients don't don't need this, unless Registering with AAF Locator + - name: aaf_locator_public_fqdn + value: "{{ $initRoot.public_fqdn | default "" }}" +{{- end -}} + +{{- define "common.certInitializer._volumeMount" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} +- mountPath: {{ $initRoot.mountPath }} + name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} +{{- end -}} + +{{- define "common.certInitializer._volumes" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} +{{- $subchartDot := mergeOverwrite (fromJson (toJson $dot)) (dict "Chart" (set (fromJson (toJson .Chart)) "Name" $initRoot.nameOverride) "Values" $initRoot) }} +- name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} + emptyDir: + medium: Memory +{{- if $initRoot.aaf_add_config }} +- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} + configMap: + name: {{ include "common.fullname" $subchartDot }}-add-config + defaultMode: 0700 +{{- end -}} +{{- end -}} + +{{- define "common.certInitializer.initContainer" -}} +{{- $dot := default . .dot -}} + {{- if $dot.Values.global.aafEnabled }} + {{ include "common.certInitializer._initContainer" . }} + {{- end -}} +{{- end -}} + +{{- define "common.certInitializer.volumeMount" -}} +{{- $dot := default . .dot -}} + {{- if $dot.Values.global.aafEnabled }} + {{- include "common.certInitializer._volumeMount" . }} + {{- end -}} +{{- end -}} + +{{- define "common.certInitializer.volumes" -}} +{{- $dot := default . .dot -}} + {{- if $dot.Values.global.aafEnabled }} + {{- include "common.certInitializer._volumes" . }} + {{- end -}} +{{- end -}} diff --git a/kubernetes/nbi/templates/configmap-aaf-add-config.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml index fe099b140d..640dafd67e 100644 --- a/kubernetes/nbi/templates/configmap-aaf-add-config.yaml +++ b/kubernetes/common/certInitializer/templates/configmap.yaml @@ -1,6 +1,5 @@ -{{ if .Values.global.aafEnabled }} {{/* -# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies, Orange +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,14 +14,12 @@ # limitations under the License. */}} -{{- if .Values.aafConfig.addconfig -}} +{{ if .Values.aaf_add_config }} apiVersion: v1 kind: ConfigMap -{{- $suffix := "aaf-add-config" }} +{{- $suffix := "add-config" }} metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} data: - aaf-add-config.sh: |- - /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \ - {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop -{{- end -}} + aaf-add-config.sh: | + {{ tpl .Values.aaf_add_config . | indent 4 }} {{- end -}} diff --git a/kubernetes/common/certInitializer/templates/secret.yaml b/kubernetes/common/certInitializer/templates/secret.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/common/certInitializer/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml new file mode 100644 index 0000000000..b55ba5e2f3 --- /dev/null +++ b/kubernetes/common/certInitializer/values.yaml @@ -0,0 +1,42 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + aafEnabled: true + +pullPolicy: Always + +secrets: + - uid: deployer-creds + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aafDeployFqi }}' + password: '{{ .Values.aafDeployPass }}' + passwordPolicy: required + +aafDeployFqi: "changeme" +fqdn: "" +app_ns: "org.osaaf.aaf" +fqi: "" +fqi_namespace: "" +public_fqdn: "aaf.osaaf.org" +aafDeployFqi: "deployer@people.osaaf.org" +aafDeployPass: demo123456! +cadi_latitude: "38.0" +cadi_longitude: "-72.0" +aaf_add_config: "" +mountPath: "/opt/app/osaaf" diff --git a/kubernetes/common/common/templates/_secret.tpl b/kubernetes/common/common/templates/_secret.tpl index 064b0c16af..990c476f29 100644 --- a/kubernetes/common/common/templates/_secret.tpl +++ b/kubernetes/common/common/templates/_secret.tpl @@ -476,7 +476,6 @@ stringData: {{- if eq $type "generic" }} data: {{- range $curFilePath := $secret.filePaths }} - {{- fail (printf "%s" $curFilePath) }} {{ tpl ($global.Files.Glob $curFilePath).AsSecrets $global | indent 2 }} {{- end }} {{- if $secret.filePath }} diff --git a/kubernetes/common/dgbuilder/templates/ingress.yaml b/kubernetes/common/dgbuilder/templates/ingress.yaml new file mode 100644 index 0000000000..0cd8cfbd36 --- /dev/null +++ b/kubernetes/common/dgbuilder/templates/ingress.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.ingress" . }} diff --git a/kubernetes/common/music/charts/music-tomcat/resources/config/music.properties b/kubernetes/common/music/charts/music-tomcat/resources/config/music.properties deleted file mode 100755 index b977ca58ee..0000000000 --- a/kubernetes/common/music/charts/music-tomcat/resources/config/music.properties +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -my.public.ip=localhost -all.public.ips=localhost -my.id=0 -all.ids=0 -### Host Info ### -zookeeper.host={{.Values.properties.zookeeperHost}} -cassandra.host={{.Values.properties.cassandraHost}} -### User Info ### -cassandra.user={{.Values.properties.cassandraUser}} -cassandra.password={{.Values.properties.cassandraPassword}} -### AAF Endpoint ### -aaf.endpoint.url={{.Values.properties.aafEndpointUrl}} -### Admin API ### -# AAF UAT -aaf.admin.url={{.Values.properties.aafAdminUrl}} -# AAF PROD -admin.aaf.role={{.Values.properties.adminAafRole}} -music.namespace={{.Values.properties.musicNamespace}} diff --git a/kubernetes/common/music/charts/music-tomcat/templates/deployment.yaml b/kubernetes/common/music/charts/music-tomcat/templates/deployment.yaml deleted file mode 100755 index dcbd4e2d88..0000000000 --- a/kubernetes/common/music/charts/music-tomcat/templates/deployment.yaml +++ /dev/null @@ -1,115 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: {{ include "common.name" . }}-zookeeper-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /root/ready.py - args: - - --container-name - - zookeeper - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: {{ include "common.name" . }}-cassandra-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /root/job_complete.py - args: - - -j - - "{{ include "common.release" . }}-music-cassandra-job-config" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace -# War Container - - name: "{{ .Chart.Name }}-war" - image: "{{ include "common.repository" . }}/{{ .Values.warImage }}" - command: ["cp","/app/MUSIC.war","/webapps"] - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - volumeMounts: - - mountPath: /webapps - name: shared-data - containers: - # Tomcat Container - - name: "{{ include "common.name" . }}" - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /usr/local/tomcat/webapps - name: shared-data - - name: properties-music - mountPath: /opt/app/music/etc/music.properties - subPath: music.properties - resources: -{{ include "common.resources" . | indent 12 }} - volumes: - - name: shared-data - emptyDir: {} - - name: localtime - hostPath: - path: /etc/localtime - - name: properties-music - configMap: - name: {{ include "common.fullname" . }}-configmap - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/music/charts/music-tomcat/templates/service.yaml b/kubernetes/common/music/charts/music-tomcat/templates/service.yaml deleted file mode 100755 index d808bf957a..0000000000 --- a/kubernetes/common/music/charts/music-tomcat/templates/service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/common/music/charts/music-tomcat/values.yaml b/kubernetes/common/music/charts/music-tomcat/values.yaml deleted file mode 100755 index b91ffbd4e4..0000000000 --- a/kubernetes/common/music/charts/music-tomcat/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - nodePortPrefixExt: 304 - repository: nexus3.onap.org:10001 - - # readiness check - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - - # logging agent - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: library/tomcat:8.5 -pullPolicy: Always -warImage: onap/music/music:3.0.24 - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: - usernameCassandra: cassandra1 - passwordCassandra: cassandra1 - -# default number of instances -replicaCount: 3 - -job: - host: cassandra - port: 9042 - busybox: - image: library/busybox:latest - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: NodePort - name: music-tomcat - externalPort: 8080 - internalPort: 8080 - nodePort: 76 - portName: tomcat -ingress: - enabled: false - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 900m - memory: 460Mi - requests: - cpu: 550m - memory: 360Mi - large: - limits: - cpu: 4 - memory: 2Gi - requests: - cpu: 2 - memory: 1Gi - unlimited: {} - - - -properties: - zookeeperHost: zookeeper - cassandraHost: music-cassandra - cassandraUser: nelson24 - cassandraPassword: nelson24 - - # Admin API - # ONAP AAF - aafAdminUrl: diff --git a/kubernetes/common/music/charts/music-tomcat/Chart.yaml b/kubernetes/common/music/charts/music/Chart.yaml index ec3934a2c5..7264b93e8a 100755..100644 --- a/kubernetes/common/music/charts/music-tomcat/Chart.yaml +++ b/kubernetes/common/music/charts/music/Chart.yaml @@ -13,6 +13,6 @@ # limitations under the License. apiVersion: v1 -description: ONAP - MUSIC Tomcat Container -name: music-tomcat +description: MUSIC api as a Service API Spring boot container. +name: music version: 6.0.0 diff --git a/kubernetes/common/music/charts/music/resources/config/logback.xml b/kubernetes/common/music/charts/music/resources/config/logback.xml new file mode 100755 index 0000000000..51423e547d --- /dev/null +++ b/kubernetes/common/music/charts/music/resources/config/logback.xml @@ -0,0 +1,302 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ============LICENSE_START========================================== + org.onap.music + =================================================================== + Copyright (c) 2017 AT&T Intellectual Property + =================================================================== + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + ============LICENSE_END============================================= + ==================================================================== +--> + +<configuration scan="true" scanPeriod="3 seconds"> + <!--<jmxConfigurator /> --> + <!-- directory path for all other type logs --> + <property name="logDir" value="/opt/app/music/logs" /> + + <!-- directory path for debugging type logs --> + <property name="debugDir" value="debug-logs" /> + + <!-- specify the component name --> + <!-- <property name="componentName" value="EELF"></property> --> + <property name="componentName" value="MUSIC"></property> + + <!-- log file names --> + <property name="generalLogName" value="music" /> + <property name="securityLogName" value="security" /> + <property name="errorLogName" value="error" /> + <property name="metricsLogName" value="metrics" /> + <property name="auditLogName" value="audit" /> + <property name="debugLogName" value="debug" /> + <property name="defaultPattern" value="%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n" /> + <!-- <property name="applicationLoggerPattern" value="%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %msg%n" /> --> + <property name="applicationLoggerPattern" value="%d{yyyy-MM-dd HH:mm:ss} %-5level %X{keyspace} [transactionId:%X{transactionId}] - %msg%n" /> + <property name="auditLoggerPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" /> + <property name="metricsLoggerPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" /> + <!-- <property name="errorLoggerPattern" value= "%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %msg%n " /> --> + <property name="errorLoggerPattern" value="%d{yyyy-MM-dd HH:mm:ss} %-5level %X{keyspace} - %msg%n" /> + <property name="debugLoggerPattern" value="%date{ISO8601,UTC}|%X{RequestId}| %msg%n" ></property> + <property name="logDirectory" value="${logDir}/${componentName}" /> + <property name="debugLogDirectory" value="${debugDir}/${componentName}" /> + <!-- Example evaluator filter applied against console appender --> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <!-- <encoder> + <pattern>${defaultPattern}</pattern> + </encoder> --> + <!-- <filter class="org.onap.music.eelf.logging.CustomLoggingFilter" />--> + <encoder> + <pattern>%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %X{keyspace} %msg%n</pattern> + </encoder> + </appender> + + <!-- ============================================================================ --> + <!-- EELF Appenders --> + <!-- ============================================================================ --> + + <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${generalLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>5</maxHistory> + <totalSizeCap>5GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>${applicationLoggerPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="EELF" /> + </appender> + + <!-- Sift Appender --> + <appender name="KSEELF" class="ch.qos.logback.classic.sift.SiftingAppender"> + <!-- <discriminator class="org.onap.music.eelf.logging.AuxDiscriminator"> --> + <discriminator> + <key>keyspace</key> + <defaultValue>unknown</defaultValue> + </discriminator> + <sift> + <appender name="EELFSift" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${generalLogName}-keyspace.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${generalLogName}-${keyspace}.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxHistory>30</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${applicationLoggerPattern}</pattern> + </encoder> + </appender> + </sift> + </appender> + + <appender name="asyncKSEELF" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="KSEELF" /> + </appender> + + + + + <!-- <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${generalLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>5</maxHistory> + <totalSizeCap>5GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>${applicationLoggerPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="EELF" /> + </appender> --> + + <!-- EELF Security Appender. This appender is used to record security events + to the security log file. Security events are separate from other loggers + in EELF so that security log records can be captured and managed in a secure + way separate from the other logs. This appender is set to never discard any + events. --> + <appender name="EELFSecurity" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${securityLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <fileNamePattern>${logDirectory}/${securityLogName}.%i.log.zip</fileNamePattern> + <minIndex>1</minIndex> + <maxIndex>9</maxIndex> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <maxFileSize>5MB</maxFileSize> + </triggeringPolicy> + <encoder> + <pattern>%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n </pattern> + </encoder> + </appender> + + <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <discardingThreshold>0</discardingThreshold> + <appender-ref ref="EELFSecurity" /> + </appender> + + + + + <!-- EELF Audit Appender. This appender is used to record audit engine + related logging events. The audit logger and appender are specializations + of the EELF application root logger and appender. This can be used to segregate + Policy engine events from other components, or it can be eliminated to record + these events as part of the application root log. --> + + <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${auditLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <fileNamePattern>${logDirectory}/${auditLogName}.%i.log.zip</fileNamePattern> + <minIndex>1</minIndex> + <maxIndex>9</maxIndex> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <maxFileSize>5MB</maxFileSize> + </triggeringPolicy> + <encoder> + <pattern>${auditLoggerPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFAudit" /> + </appender> + + <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${metricsLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <fileNamePattern>${logDirectory}/${metricsLogName}.%i.log.zip + </fileNamePattern> + <minIndex>1</minIndex> + <maxIndex>9</maxIndex> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <maxFileSize>5MB</maxFileSize> + </triggeringPolicy> + <encoder> + <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> --> + <pattern>${metricsLoggerPattern}</pattern> + </encoder> + </appender> + + + <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFMetrics"/> + </appender> + + <appender name="EELFError" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${errorLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <fileNamePattern>${logDirectory}/${errorLogName}.%i.log.zip</fileNamePattern> + <minIndex>1</minIndex> + <maxIndex>9</maxIndex> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <maxFileSize>5MB</maxFileSize> + </triggeringPolicy> + <encoder> + <pattern>${errorLoggerPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFError"/> + </appender> + + <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${debugLogDirectory}/${debugLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <fileNamePattern>${debugLogDirectory}/${debugLogName}.%i.log.zip</fileNamePattern> + <minIndex>1</minIndex> + <maxIndex>9</maxIndex> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <maxFileSize>5MB</maxFileSize> + </triggeringPolicy> + <encoder> + <pattern>${debugLoggerPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFDebug" /> + <includeCallerData>true</includeCallerData> + </appender> + + + <!-- ============================================================================ --> + <!-- EELF loggers --> + <!-- ============================================================================ --> + <logger name="com.att.eelf" level="{{.Values.logback.applicationLogLevel}}" additivity="false"> + <appender-ref ref="asyncEELF" /> + <appender-ref ref="asyncKSEELF" /> + </logger> + + <logger name="com.att.eelf.security" level="{{.Values.logback.securityLogLevel}}" additivity="false"> + <appender-ref ref="asyncEELFSecurity" /> + </logger> + + + <logger name="com.att.eelf.audit" level="{{.Values.logback.auditLogLevel}}" additivity="false"> + <appender-ref ref="asyncEELFAudit" /> + </logger> + + <logger name="com.att.eelf.metrics" level="{{.Values.logback.metricsLogLevel}}" additivity="false"> + <appender-ref ref="asyncEELFMetrics" /> + </logger> + + + <logger name="com.att.eelf.error" level="{{.Values.logback.errorLogLevel}}" additivity="false"> + <appender-ref ref="asyncEELFError" /> + </logger> + + <logger name="com.att.eelf.debug" level="debug" additivity="false"> + <appender-ref ref="asyncEELFDebug" /> + + </logger> + + <!-- Springboot??? --> + <!-- <logger name="org.springframework.web" level="DEBUG"> + <appender-ref ref="asyncEELF" /> + </logger> --> + + <root level="{{.Values.logback.rootLogLevel}}"> + <appender-ref ref="asyncEELF" /> + <appender-ref ref="asyncKSEELF" /> + <appender-ref ref="STDOUT" /> + </root> + + <!-- Conductor Specific additions to squash WARNING and INFO --> + <logger name="com.datastax.driver.core.Cluster" level="ERROR"/> + <logger name="org.onap.music.main.MusicCore" level="ERROR"/> +</configuration> + diff --git a/kubernetes/common/music/charts/music/resources/config/music-sb.properties b/kubernetes/common/music/charts/music/resources/config/music-sb.properties new file mode 100755 index 0000000000..751a351737 --- /dev/null +++ b/kubernetes/common/music/charts/music/resources/config/music-sb.properties @@ -0,0 +1,13 @@ +server.port=8443 +server.servlet.context-path=/MUSIC/rest +spring.jackson.mapper.ACCEPT_CASE_INSENSITIVE_ENUMS=true +#server.ssl.enabled=false +server.tomcat.max-threads=100 +#logging.file=/opt/app/music/logs/MUSIC/music-app.log +#logging.config=file:/opt/app/music/etc/logback.xml +security.require-ssl=true +server.ssl.key-store=/opt/app/aafcertman/org.onap.music.jks +server.ssl.key-store-password=${KEYSTORE_PASSWORD} +server.ssl.key-store-provider=SUN +server.ssl.key-store-type=JKS + diff --git a/kubernetes/common/music/charts/music/resources/config/music.properties b/kubernetes/common/music/charts/music/resources/config/music.properties new file mode 100755 index 0000000000..a7681d0a02 --- /dev/null +++ b/kubernetes/common/music/charts/music/resources/config/music.properties @@ -0,0 +1,24 @@ +lock.using={{.Values.properties.lockUsing}} +cassandra.host={{.Values.properties.cassandraHost}} +cassandra.port={{ .Values.properties.cassandraPort }} +lock.lease.period={{.Values.properties.lockLeasePeriod}} +cassandra.user=${CASSA_USER} +cassandra.password=${CASSA_PASSWORD} +cassandra.connecttimeoutms={{.Values.properties.cassandraConnecttimeoutms}} +cassandra.readtimeoutms={{.Values.properties.cassandraReadtimeoutms}} +cadi={{.Values.properties.cadi}} +music.aaf.ns={{.Values.properties.musicAafNs}} +keyspace.active={{.Values.properties.keyspaceActive}} +transId.header.required={{.Values.properties.transIdRequired}} +transId.header.prefix={{.Values.properties.transIdPrefix}} +conversation.header.required={{.Values.properties.conversationRequired}} +conversation.header.prefix={{.Values.properties.conversationPrefix}} +clientId.header.required={{.Values.properties.clientIdRequired}} +clientId.header.prefix={{.Values.properties.clientIdPrefix}} +messageId.header.required={{.Values.properties.messageIdRequired}} +messageId.header.prefix={{.Values.properties.messageIdPrefix}} +retry.count={{.Values.properties.retryCount}} +lock.daemon.sleeptime.ms={{.Values.properties.lockDaemonSleeptimeMs}} +keyspaces.for.lock.cleanup={{.Values.properties.keyspaceForLockCleanup}} +create.lock.wait.period.ms=0 +create.lock.wait.increment.ms=0 diff --git a/kubernetes/common/music/charts/music/resources/config/startup.sh b/kubernetes/common/music/charts/music/resources/config/startup.sh new file mode 100755 index 0000000000..7ab32558b4 --- /dev/null +++ b/kubernetes/common/music/charts/music/resources/config/startup.sh @@ -0,0 +1,67 @@ +#!/bin/bash +# +# ============LICENSE_START========================================== +# org.onap.music +# =================================================================== +# Copyright (c) 2019 AT&T Intellectual Property +# =================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================= +# ==================================================================== + +echo "Running startup script to get password from certman" +PWFILE=/opt/app/aafcertman/.password +LOGFILE=/opt/app/music/logs/MUSIC/music-sb.log +PROPS=/opt/app/music/etc/music-sb.properties +LOGBACK=/opt/app/music/etc/logback.xml +LOGGING= +DEBUG_PROP= +# Debug Setup. Uses env variables +# DEBUG and DEBUG_PORT +# DEBUG=true/false | DEBUG_PORT=<Port valie must be integer> +if [ "${DEBUG}" == "true" ]; then + if [ "${DEBUG_PORT}" == "" ]; then + DEBUG_PORT=8000 + fi + echo "Debug mode on" + DEBUG_PROP="-Xdebug -Xrunjdwp:server=y,transport=dt_socket,address=${DEBUG_PORT},suspend=n" +fi + +# LOGBACK file: if /opt/app/music/etc/logback.xml exists thenuse that. +if [ -f $LOGBACK ]; then + LOGGING="--logging.config=file:${LOGBACK}" +fi + +# Get Passwords from /opt/app/aafcertman +if [ -f $PWFILE ]; then + echo "Found ${PWFILE}" >> $LOGFILE + PASSWORD=$(cat ${PWFILE}) +else + PASSWORD=changeit + echo "#### Using Default Password for Certs" >> ${LOGFILE} +fi + +# If music-sb.properties exists in /opt/app/music/etc then use that to override the application.properties +if [ -f $PROPS ]; then + # Run with different Property file + #echo "java ${DEBUG_PROP} -jar MUSIC.jar --spring.config.location=file:${PROPS} ${LOGGING} 2>&1 | tee ${LOGFILE}" + java ${DEBUG_PROP} ${JAVA_OPTS} -jar MUSIC-SB.jar ${SPRING_OPTS} --spring.config.location=file:${PROPS} ${LOGGING} 2>&1 | tee ${LOGFILE} +else + #echo "java ${DEBUG_PROP} -jar MUSIC.jar --server.ssl.key-store-password=${PASSWORD} ${LOGGING} 2>&1 | tee ${LOGFILE}" + java ${DEBUG_PROP} ${JAVA_OPTS} -jar MUSIC-SB.jar ${SPRING_OPTS} --server.ssl.key-store-password="${PASSWORD}" ${LOGGING} 2>&1 | tee ${LOGFILE} +fi + + + + diff --git a/kubernetes/common/music/charts/music/resources/keys/org.onap.music.jks b/kubernetes/common/music/charts/music/resources/keys/org.onap.music.jks Binary files differnew file mode 100644 index 0000000000..35d27c3ef7 --- /dev/null +++ b/kubernetes/common/music/charts/music/resources/keys/org.onap.music.jks diff --git a/kubernetes/common/music/charts/music/resources/keys/truststoreONAPall.jks b/kubernetes/common/music/charts/music/resources/keys/truststoreONAPall.jks Binary files differnew file mode 100644 index 0000000000..ff844b109d --- /dev/null +++ b/kubernetes/common/music/charts/music/resources/keys/truststoreONAPall.jks diff --git a/kubernetes/common/music/charts/music-tomcat/templates/configmap.yaml b/kubernetes/common/music/charts/music/templates/configmap.yaml index 15859345e8..4023f343df 100755..100644 --- a/kubernetes/common/music/charts/music-tomcat/templates/configmap.yaml +++ b/kubernetes/common/music/charts/music/templates/configmap.yaml @@ -1,5 +1,4 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,12 +11,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} apiVersion: v1 kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-configmap - namespace: {{ include "common.namespace" . }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/music/charts/music/templates/deployment.yaml b/kubernetes/common/music/charts/music/templates/deployment.yaml new file mode 100644 index 0000000000..c3b30b22b7 --- /dev/null +++ b/kubernetes/common/music/charts/music/templates/deployment.yaml @@ -0,0 +1,119 @@ +# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - name: {{ include "common.name" . }}-cassandra-readiness + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/job_complete.py + args: + - -j + - "{{ include "common.release" . }}-music-cassandra-job-config" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: KEYSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-keystore-pw" "key" "password") | indent 12}} + - name: CASSA_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cassa-secret" "key" "login") | indent 12 }} + - name: CASSA_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cassa-secret" "key" "password") | indent 12 }} + volumeMounts: + - mountPath: /config-input + name: properties-music-scrubbed + - mountPath: /config + name: properties-music + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + containers: + # MUSIC Container + - name: "{{ include "common.name" . }}-springboot" + image: "{{ .Values.repository }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{ if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ toYaml .Values.resources | indent 12 }} + env: + - name: SPRING_OPTS + value: "{{ .Values.springOpts }}" + - name: JAVA_OPTS + value: "{{ .Values.javaOpts }}" + - name: DEBUG + value: "{{ .Values.debug }}" + volumeMounts: + - name: localtime + mountPath: /etc/localtime + readOnly: true + - name: properties-music + mountPath: /opt/app/music/etc/music.properties + subPath: music.properties + - name: properties-music + mountPath: /opt/app/music/etc/music-sb.properties + subPath: music-sb.properties + - name: properties-music-scrubbed + mountPath: /opt/app/music/etc/logback.xml + subPath: logback.xml + - name: certs-aaf + mountPath: /opt/app/aafcertman/ + volumes: + - name: shared-data + emptyDir: {} + - name: certificate-vol + emptyDir: {} + - name: localtime + hostPath: + path: /etc/localtime + - name: properties-music-scrubbed + configMap: + name: {{ include "common.fullname" . }} + - name: properties-music + emptyDir: + medium: Memory + - name: certs-aaf + secret: + secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "music-certs") }} diff --git a/kubernetes/common/music/charts/music/templates/secrets.yaml b/kubernetes/common/music/charts/music/templates/secrets.yaml new file mode 100644 index 0000000000..5d5f5bb397 --- /dev/null +++ b/kubernetes/common/music/charts/music/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/music/charts/music/templates/service.yaml b/kubernetes/common/music/charts/music/templates/service.yaml new file mode 100644 index 0000000000..ca774c9b5b --- /dev/null +++ b/kubernetes/common/music/charts/music/templates/service.yaml @@ -0,0 +1,15 @@ +# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/common/music/charts/music/values.yaml b/kubernetes/common/music/charts/music/values.yaml new file mode 100644 index 0000000000..faa5a6223d --- /dev/null +++ b/kubernetes/common/music/charts/music/values.yaml @@ -0,0 +1,178 @@ +# Copyright © 2020 AT&T, Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + + envsubstImage: dibi/envsubst + + # readiness check + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + + # logging agent + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + + truststore: truststoreONAPall.jks + + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: music-certs + name: keystore.jks + type: generic + filePaths: + - resources/keys/org.onap.music.jks + - uid: music-keystore-pw + name: keystore-pw + type: password + password: '{{ .Values.keystorePassword }}' + passwordPolicy: required + - uid: cassa-secret + type: basicAuth + login: '{{ .Values.properties.cassandraUser }}' + password: '{{ .Values.properties.cassandraPassword }}' + passwordPolicy: required + + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/music/music_sb:3.2.40 +pullPolicy: Always + +job: + host: cassandra + port: 9042 + busybox: + image: library/busybox:latest + + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 30 + periodSeconds: 6 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: false + port: 8443 + + +# Java options that need to be passed to jave on CLI +#javaOpts: -Xms256m -Xmx2048m +javaOpts: +# Options that need to be passed to CLI for Sprngboot, pw is a secret passed in through ENV +springOpts: --spring.config.location=file:/opt/app/music/etc/music-sb.properties +# Resource Limit flavor -By Default using small +flavor: large +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 1000m + memory: 1G + requests: + cpu: 300m + memory: 512Mi + large: + limits: + cpu: 1500m + memory: 3Gi + requests: + cpu: 1000m + memory: 2Gi + unlimited: {} + +readiness: + initialDelaySeconds: 350 + periodSeconds: 120 + port: 8443 + +service: + useNodePortExt: true + type: NodePort + name: music + ports: + - name: https-api + port: 8443 + nodePort: '07' + +# Turn on Debugging true/false +debug: false +ingress: + enabled: false + +keystorePassword: "ysF9CVS+xvuXr0vf&fRa5lew" + +properties: + lockUsing: "cassandra" + # Comma dilimited list of hosts + cassandraHost: "music-cassandra" + cassandraUser: "nelson24" + cassandraPassword: "nelson24" + cassandraConnecttimeoutms: 12000 + cassandraPort: 9042 + # Connection Timeout for Cassandra in ms + # Read Timeout for Cassandra in ms + cassandraReadtimeoutms: 12000 + keyspaceActive: true + # Enable CADI + cadi: false + # Special headers that may be passed and if they are required. + # With the ability to add a Prefix if required. + transIdRequired: false + transIdPrefix: X-ATT- + conversationRequired: false + conversationPrefix: X-CSI- + clientIdRequired: false + clientIdPrefix: + messageIdRequired: false + messageIdPrefix: + + # sleep time for lock cleanup daemon, negative values turn off daemon +##### Lock settings + retryCount: 3 + lockLeasePeriod: 6000 + # sleep time for lock cleanup daemon, negative values turn off daemon + lockDaemonSleeptimeMs: 30000 + #comma separated list of keyspace names + keyspaceForLockCleanup: + + +logback: + errorLogLevel: info + securityLogLevel: info + applicationLogLevel: info + metricsLogLevel: info + auditLogLevel: info + # Values must be uppercase: INFO, WARN, CRITICAL,DEBUG etc.. + rootLogLevel: INFO + diff --git a/kubernetes/common/music/charts/zookeeper/.helmignore b/kubernetes/common/music/charts/zookeeper/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/common/music/charts/zookeeper/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/common/music/charts/zookeeper/Chart.yaml b/kubernetes/common/music/charts/zookeeper/Chart.yaml deleted file mode 100644 index 01e81736f6..0000000000 --- a/kubernetes/common/music/charts/zookeeper/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -name: zookeeper -home: https://zookeeper.apache.org/ -version: 1.0.2 -appVersion: 3.4.10 -description: Centralized service for maintaining configuration information, naming, - providing distributed synchronization, and providing group services. -icon: https://zookeeper.apache.org/images/zookeeper_small.gif -sources: -- https://github.com/apache/zookeeper -- https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper -maintainers: -- name: lachie83 - email: lachlan.evenson@microsoft.com -- name: kow3ns - email: owensk@google.com diff --git a/kubernetes/common/music/charts/zookeeper/OWNERS b/kubernetes/common/music/charts/zookeeper/OWNERS deleted file mode 100644 index dd9facde2a..0000000000 --- a/kubernetes/common/music/charts/zookeeper/OWNERS +++ /dev/null @@ -1,6 +0,0 @@ -approvers: -- lachie83 -- kow3ns -reviewers: -- lachie83 -- kow3ns diff --git a/kubernetes/common/music/charts/zookeeper/README.md b/kubernetes/common/music/charts/zookeeper/README.md deleted file mode 100644 index 22bbac49dc..0000000000 --- a/kubernetes/common/music/charts/zookeeper/README.md +++ /dev/null @@ -1,140 +0,0 @@ -# incubator/zookeeper - -This helm chart provides an implementation of the ZooKeeper [StatefulSet](http://kubernetes.io/docs/concepts/abstractions/controllers/statefulsets/) found in Kubernetes Contrib [Zookeeper StatefulSet](https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper). - -## Prerequisites -* Kubernetes 1.6+ -* PersistentVolume support on the underlying infrastructure -* A dynamic provisioner for the PersistentVolumes -* A familiarity with [Apache ZooKeeper 3.4.x](https://zookeeper.apache.org/doc/current/) - -## Chart Components -This chart will do the following: - -* Create a fixed size ZooKeeper ensemble using a [StatefulSet](http://kubernetes.io/docs/concepts/abstractions/controllers/statefulsets/). -* Create a [PodDisruptionBudget](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-disruption-budget/) so kubectl drain will respect the Quorum size of the ensemble. -* Create a [Headless Service](https://kubernetes.io/docs/concepts/services-networking/service/) to control the domain of the ZooKeeper ensemble. -* Create a Service configured to connect to the available ZooKeeper instance on the configured client port. -* Optionally apply a [Pod Anti-Affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature) to spread the ZooKeeper ensemble across nodes. -* Optionally start JMX Exporter and Zookeeper Exporter containers inside Zookeeper pods. -* Optionally create a job which creates Zookeeper chroots (e.g. `/kafka1`). - -## Installing the Chart -You can install the chart with the release name `zookeeper` as below. - -```console -$ helm repo add incubator http://storage.googleapis.com/kubernetes-charts-incubator -$ helm install --name zookeeper incubator/zookeeper -``` - -If you do not specify a name, helm will select a name for you. - -### Installed Components -You can use `kubectl get` to view all of the installed components. - -```console{%raw} -$ kubectl get all -l app=zookeeper -NAME: zookeeper -LAST DEPLOYED: Wed Apr 11 17:09:48 2018 -NAMESPACE: default -STATUS: DEPLOYED - -RESOURCES: -==> v1beta1/PodDisruptionBudget -NAME MIN AVAILABLE MAX UNAVAILABLE ALLOWED DISRUPTIONS AGE -zookeeper N/A 1 1 2m - -==> v1/Service -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -zookeeper-headless ClusterIP None <none> 2181/TCP,3888/TCP,2888/TCP 2m -zookeeper ClusterIP 10.98.179.165 <none> 2181/TCP 2m - -==> v1beta1/StatefulSet -NAME DESIRED CURRENT AGE -zookeeper 3 3 2m -``` - -1. `statefulsets/zookeeper` is the StatefulSet created by the chart. -1. `po/zookeeper-<0|1|2>` are the Pods created by the StatefulSet. Each Pod has a single container running a ZooKeeper server. -1. `svc/zookeeper-headless` is the Headless Service used to control the network domain of the ZooKeeper ensemble. -1. `svc/zookeeper` is a Service that can be used by clients to connect to an available ZooKeeper server. - -## Configuration -You can specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install --name my-release -f values.yaml incubator/zookeeper -``` - -## Default Values - -- You can find all user-configurable settings, their defaults and commentary about them in [values.yaml](values.yaml). - -## Deep Dive - -## Image Details -The image used for this chart is based on Ubuntu 16.04 LTS. This image is larger than Alpine or BusyBox, but it provides glibc, rather than ulibc or mucl, and a JVM release that is built against it. You can easily convert this chart to run against a smaller image with a JVM that is built against that image's libc. However, as far as we know, no Hadoop vendor supports, or has verified, ZooKeeper running on such a JVM. - -## JVM Details -The Java Virtual Machine used for this chart is the OpenJDK JVM 8u111 JRE (headless). - -## ZooKeeper Details -The ZooKeeper version is the latest stable version (3.4.10). The distribution is installed into /opt/zookeeper-3.4.10. This directory is symbolically linked to /opt/zookeeper. Symlinks are created to simulate a rpm installation into /usr. - -## Failover -You can test failover by killing the leader. Insert a key: -```console -$ kubectl exec zookeeper-0 -- /opt/zookeeper/bin/zkCli.sh create /foo bar; -$ kubectl exec zookeeper-2 -- /opt/zookeeper/bin/zkCli.sh get /foo; -``` - -Watch existing members: -```console -$ kubectl run --attach bbox --image=busybox --restart=Never -- sh -c 'while true; do for i in 0 1 2; do echo zk-${i} $(echo stats | nc <pod-name>-${i}.<headless-service-name>:2181 | grep Mode); sleep 1; done; done'; - -zk-2 Mode: follower -zk-0 Mode: follower -zk-1 Mode: leader -zk-2 Mode: follower -``` - -Delete Pods and wait for the StatefulSet controller to bring them back up: -```console -$ kubectl delete po -l app=zookeeper -$ kubectl get po --watch-only -NAME READY STATUS RESTARTS AGE -zookeeper-0 0/1 Running 0 35s -zookeeper-0 1/1 Running 0 50s -zookeeper-1 0/1 Pending 0 0s -zookeeper-1 0/1 Pending 0 0s -zookeeper-1 0/1 ContainerCreating 0 0s -zookeeper-1 0/1 Running 0 19s -zookeeper-1 1/1 Running 0 40s -zookeeper-2 0/1 Pending 0 0s -zookeeper-2 0/1 Pending 0 0s -zookeeper-2 0/1 ContainerCreating 0 0s -zookeeper-2 0/1 Running 0 19s -zookeeper-2 1/1 Running 0 41s -``` - -Check the previously inserted key: -```console -$ kubectl exec zookeeper-1 -- /opt/zookeeper/bin/zkCli.sh get /foo -ionid = 0x354887858e80035, negotiated timeout = 30000 - -WATCHER:: - -WatchedEvent state:SyncConnected type:None path:null -bar -``` - -## Scaling -ZooKeeper can not be safely scaled in versions prior to 3.5.x. This chart currently uses 3.4.x. There are manual procedures for scaling a 3.4.x ensemble, but as noted in the [ZooKeeper 3.5.2 documentation](https://zookeeper.apache.org/doc/r3.5.2-alpha/zookeeperReconfig.html) these procedures require a rolling restart, are known to be error prone, and often result in a data loss. - -While ZooKeeper 3.5.x does allow for dynamic ensemble reconfiguration (including scaling membership), the current status of the release is still alpha, and 3.5.x is therefore not recommended for production use. - -## Limitations -* StatefulSet and PodDisruptionBudget are beta resources. -* Only supports storage options that have backends for persistent volume claims. diff --git a/kubernetes/common/music/charts/zookeeper/templates/NOTES.txt b/kubernetes/common/music/charts/zookeeper/templates/NOTES.txt deleted file mode 100644 index 4f7a27bd99..0000000000 --- a/kubernetes/common/music/charts/zookeeper/templates/NOTES.txt +++ /dev/null @@ -1,7 +0,0 @@ -Thank you for installing ZooKeeper on your Kubernetes cluster. More information -about ZooKeeper can be found at https://zookeeper.apache.org/doc/current/ - -Your connection string should look like: - {{ template "common.fullname" . }}-0.{{ template "common.fullname" . }}-headless:{{ .Values.service.ports.client.port }},{{ template "common.fullname" . }}-1.{{ template "common.fullname" . }}-headless:{{ .Values.service.ports.client.port }},... - -You can also use the client service {{ template "common.fullname" . }}:{{ .Values.service.ports.client.port }} to connect to an available ZooKeeper server. diff --git a/kubernetes/common/music/charts/zookeeper/templates/config-jmx-exporter.yaml b/kubernetes/common/music/charts/zookeeper/templates/config-jmx-exporter.yaml deleted file mode 100644 index 72fedbcbbb..0000000000 --- a/kubernetes/common/music/charts/zookeeper/templates/config-jmx-exporter.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.exporters.jmx.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.release" . }}-jmx-exporter - labels: - app: {{ template "common.name" . }} - chart: {{ .Chart.Name }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: - config.yml: |- - hostPort: 127.0.0.1:{{ .Values.env.JMXPORT }} - lowercaseOutputName: {{ .Values.exporters.jmx.config.lowercaseOutputName }} - rules: -{{ .Values.exporters.jmx.config.rules | toYaml | indent 6 }} - ssl: false - startDelaySeconds: {{ .Values.exporters.jmx.config.startDelaySeconds }} -{{- end }} diff --git a/kubernetes/common/music/charts/zookeeper/templates/job-chroots.yaml b/kubernetes/common/music/charts/zookeeper/templates/job-chroots.yaml deleted file mode 100644 index b857a0d7b1..0000000000 --- a/kubernetes/common/music/charts/zookeeper/templates/job-chroots.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- if .Values.jobs.chroots.enabled }} -{{- $root := . }} -{{- $job := .Values.jobs.chroots }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "common.fullname" . }}-chroots - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "common.name" . }} - chart: {{ .Chart.Name }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - component: jobs - job: chroots -spec: - activeDeadlineSeconds: {{ $job.activeDeadlineSeconds }} - backoffLimit: {{ $job.backoffLimit }} - completions: {{ $job.completions }} - parallelism: {{ $job.parallelism }} - template: - metadata: - labels: - app: {{ template "common.name" . }} - release: {{ include "common.release" . }} - component: jobs - job: chroots - spec: - restartPolicy: {{ $job.restartPolicy }} - containers: - - name: main - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.image.pullPolicy }} - command: - - /bin/bash - - -o - - pipefail - - -euc - {{- $port := .Values.service.ports.client.port }} - - > - sleep 15; - export SERVER={{ template "common.fullname" $root }}:{{ $port }}; - {{- range $job.config.create }} - echo '==> {{ . }}'; - echo '====> Create chroot if does not exist.'; - zkCli.sh -server {{ template "common.fullname" $root }}:{{ $port }} get {{ . }} 2>&1 >/dev/null | grep 'cZxid' - || zkCli.sh -server {{ template "common.fullname" $root }}:{{ $port }} create {{ . }} ""; - echo '====> Confirm chroot exists.'; - zkCli.sh -server {{ template "common.fullname" $root }}:{{ $port }} get {{ . }} 2>&1 >/dev/null | grep 'cZxid'; - echo '====> Chroot exists.'; - {{- end }} - env: - {{- range $key, $value := $job.env }} - - name: {{ $key | upper | replace "." "_" }} - value: {{ $value | quote }} - {{- end }} - resources: -{{ toYaml $job.resources | indent 12 }} -{{- end -}} diff --git a/kubernetes/common/music/charts/zookeeper/templates/poddisruptionbudget.yaml b/kubernetes/common/music/charts/zookeeper/templates/poddisruptionbudget.yaml deleted file mode 100644 index a4bc322a31..0000000000 --- a/kubernetes/common/music/charts/zookeeper/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "common.fullname" . }} - labels: - app: {{ template "common.name" . }} - chart: {{ .Chart.Name }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - component: server -spec: - selector: - matchLabels: - app: {{ template "common.name" . }} - release: {{ include "common.release" . }} - component: server -{{ toYaml .Values.podDisruptionBudget | indent 2 }} diff --git a/kubernetes/common/music/charts/zookeeper/templates/pv.yaml b/kubernetes/common/music/charts/zookeeper/templates/pv.yaml deleted file mode 100644 index 6e53a9543d..0000000000 --- a/kubernetes/common/music/charts/zookeeper/templates/pv.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{/* -# Copyright © 2019 Amdocs, Bell Canada, Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- $global := . }} -{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) -}} -{{- range $i := until (int $global.Values.replicaCount)}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-data-{{ $i }} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ include "common.fullname" $global }} - chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" $global }}" - heritage: "{{ $global.Release.Service }}" - name: {{ include "common.fullname" $global }} -spec: - capacity: - storage: {{ $global.Values.persistence.size}} - accessModes: - - {{ $global.Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" $global }}-data" - hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} -{{if ne $i (int $global.Values.replicaCount) }} ---- -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/kubernetes/common/music/charts/zookeeper/templates/service-headless.yaml b/kubernetes/common/music/charts/zookeeper/templates/service-headless.yaml deleted file mode 100644 index 31475a1c76..0000000000 --- a/kubernetes/common/music/charts/zookeeper/templates/service-headless.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.fullname" . }}-headless - labels: - app: {{ template "common.name" . }} - chart: {{ .Chart.Name }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - clusterIP: None - ports: -{{- range $key, $port := .Values.ports }} - - name: {{ $key }} - port: {{ $port.containerPort }} - targetPort: {{ $port.name }} - protocol: {{ $port.protocol }} -{{- end }} - selector: - app: {{ template "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/common/music/charts/zookeeper/templates/service.yaml b/kubernetes/common/music/charts/zookeeper/templates/service.yaml deleted file mode 100644 index 0ef3a28b27..0000000000 --- a/kubernetes/common/music/charts/zookeeper/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - labels: - app: {{ template "common.name" . }} - chart: {{ .Chart.Name }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -{{- with .Values.service.annotations }} -{{ toYaml . | indent 4 }} -{{- end }} -spec: - type: {{ .Values.service.type }} - ports: - {{- range $key, $value := .Values.service.ports }} - - name: {{ $key }} -{{ toYaml $value | indent 6 }} - {{- end }} - selector: - app: {{ template "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/common/music/charts/zookeeper/templates/statefulset.yaml b/kubernetes/common/music/charts/zookeeper/templates/statefulset.yaml deleted file mode 100644 index 73224addef..0000000000 --- a/kubernetes/common/music/charts/zookeeper/templates/statefulset.yaml +++ /dev/null @@ -1,182 +0,0 @@ -apiVersion: apps/v1beta1 -kind: StatefulSet -metadata: - name: {{ template "common.fullname" . }} - labels: - app: {{ template "common.name" . }} - chart: {{ .Chart.Name }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - component: server -spec: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - "{{ .Chart.Name }}" - serviceName: {{ template "common.fullname" . }}-headless - replicas: {{ .Values.replicaCount }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - selector: - matchLabels: - app: {{ template "common.name" . }} - release: {{ include "common.release" . }} - component: server - updateStrategy: -{{ toYaml .Values.updateStrategy | indent 4 }} - template: - metadata: - labels: - app: {{ template "common.name" . }} - release: {{ include "common.release" . }} - component: server - {{- if .Values.podLabels }} - ## Custom pod labels - {{- range $key, $value := .Values.podLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - annotations: - {{- if .Values.podAnnotations }} - ## Custom pod annotations - {{- range $key, $value := .Values.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - spec: -{{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" -{{- end }} - securityContext: -{{ toYaml .Values.securityContext | indent 8 }} - containers: - - - name: zookeeper - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.image.pullPolicy }} - command: - - /bin/bash - - -xec - - zkGenConfig.sh && exec zkServer.sh start-foreground - ports: -{{- range $key, $port := .Values.ports }} - - name: {{ $key }} -{{ toYaml $port | indent 14 }} -{{- end }} - livenessProbe: -{{ toYaml .Values.livenessProbe | indent 12 }} - readinessProbe: -{{ toYaml .Values.readinessProbe | indent 12 }} - env: - - name: ZK_REPLICAS - value: {{ .Values.replicaCount | quote }} - {{- range $key, $value := .Values.env }} - - name: {{ $key | upper | replace "." "_" }} - value: {{ $value | quote }} - {{- end }} - resources: -{{ include "common.resources" . }} - volumeMounts: - - name: {{ include "common.fullname" . }}-data - mountPath: /var/lib/zookeeper - -{{- if .Values.exporters.jmx.enabled }} - - name: jmx-exporter - image: "{{ .Values.exporters.jmx.image.repository }}:{{ .Values.exporters.jmx.image.tag }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.exporters.jmx.image.pullPolicy }} - ports: - {{- range $key, $port := .Values.exporters.jmx.ports }} - - name: {{ $key }} -{{ toYaml $port | indent 14 }} - {{- end }} - livenessProbe: -{{ toYaml .Values.exporters.jmx.livenessProbe | indent 12 }} - readinessProbe: -{{ toYaml .Values.exporters.jmx.readinessProbe | indent 12 }} - env: - - name: SERVICE_PORT - value: {{ .Values.exporters.jmx.ports.jmxxp.containerPort | quote }} - {{- with .Values.exporters.jmx.env }} - {{- range $key, $value := . }} - - name: {{ $key | upper | replace "." "_" }} - value: {{ $value | quote }} - {{- end }} - {{- end }} - resources: -{{ toYaml .Values.exporters.jmx.resources | indent 12 }} - volumeMounts: - - name: config-jmx-exporter - mountPath: /opt/jmx_exporter/config.yml - subPath: config.yml -{{- end }} - -{{- if .Values.exporters.zookeeper.enabled }} - - name: zookeeper-exporter - image: "{{ .Values.exporters.zookeeper.image.repository }}:{{ .Values.exporters.zookeeper.image.tag }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.exporters.zookeeper.image.pullPolicy }} - args: - - -bind-addr=:{{ .Values.exporters.zookeeper.ports.zookeeperxp.containerPort }} - - -metrics-path={{ .Values.exporters.zookeeper.path }} - - -zookeeper=localhost:{{ .Values.ports.client.containerPort }} - - -log-level={{ .Values.exporters.zookeeper.config.logLevel }} - - -reset-on-scrape={{ .Values.exporters.zookeeper.config.resetOnScrape }} - ports: - {{- range $key, $port := .Values.exporters.zookeeper.ports }} - - name: {{ $key }} -{{ toYaml $port | indent 14 }} - {{- end }} - livenessProbe: -{{ toYaml .Values.exporters.zookeeper.livenessProbe | indent 12 }} - readinessProbe: -{{ toYaml .Values.exporters.zookeeper.readinessProbe | indent 12 }} - env: - {{- range $key, $value := .Values.exporters.zookeeper.env }} - - name: {{ $key | upper | replace "." "_" }} - value: {{ $value | quote }} - {{- end }} - resources: -{{ toYaml .Values.exporters.zookeeper.resources | indent 12 }} -{{- end }} - - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - {{- if (or .Values.exporters.jmx.enabled (not .Values.persistence.enabled)) }} - volumes: - {{- if .Values.exporters.jmx.enabled }} - - name: config-jmx-exporter - configMap: - name: {{ include "common.release" . }}-jmx-exporter - {{- end }} - {{- end }} - {{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: {{ include "common.fullname" . }}-data - labels: - name: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- end }} diff --git a/kubernetes/common/music/charts/zookeeper/values.yaml b/kubernetes/common/music/charts/zookeeper/values.yaml deleted file mode 100644 index 28c9711e84..0000000000 --- a/kubernetes/common/music/charts/zookeeper/values.yaml +++ /dev/null @@ -1,282 +0,0 @@ -## As weighted quorums are not supported, it is imperative that an odd number of replicas -## be chosen. Moreover, the number of replicas should be either 1, 3, 5, or 7. -## -## ref: https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper#stateful-set -replicaCount: 3 # Desired quantity of ZooKeeper pods. This should always be (1,3,5, or 7) - -podDisruptionBudget: - maxUnavailable: 1 # Limits how many Zokeeper pods may be unavailable due to voluntary disruptions. - -terminationGracePeriodSeconds: 1800 # Duration in seconds a Zokeeper pod needs to terminate gracefully. - -## OnDelete requires you to manually delete each pod when making updates. -## This approach is at the moment safer than RollingUpdate because replication -## may be incomplete when replication source pod is killed. -## -## ref: http://blog.kubernetes.io/2017/09/kubernetes-statefulsets-daemonsets.html -updateStrategy: - type: OnDelete # Pods will only be created when you manually delete old pods. - -## refs: -## - https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper -## - https://github.com/kubernetes/contrib/blob/master/statefulsets/zookeeper/Makefile#L1 -image: - #repository: nexus3.onap.org:10001/library/zookeeper - #tag: 3.3 - repository: gcr.io/google_samples/k8szk # Container image repository for zookeeper container. - tag: v3 # Container image tag for zookeeper container. - pullPolicy: IfNotPresent # Image pull criteria for zookeeper container. - -service: - name: zookeeper - type: ClusterIP # Exposes zookeeper on a cluster-internal IP. - annotations: {} # Arbitrary non-identifying metadata for zookeeper service. - ## AWS example for use with LoadBalancer service type. - # external-dns.alpha.kubernetes.io/hostname: zookeeper.cluster.local - # service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" - # service.beta.kubernetes.io/aws-load-balancer-internal: "true" - ports: - client: - port: 2181 # Service port number for client port. - targetPort: client # Service target port for client port. - protocol: TCP # Service port protocol for client port. - - -ports: - client: - containerPort: 2181 # Port number for zookeeper container client port. - protocol: TCP # Protocol for zookeeper container client port. - election: - containerPort: 3888 # Port number for zookeeper container election port. - protocol: TCP # Protocol for zookeeper container election port. - server: - containerPort: 2888 # Port number for zookeeper container server port. - protocol: TCP # Protocol for zookeeper container server port. - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 500m - memory: 900Mi - requests: - cpu: 10m - memory: 730Mi - large: - limits: - cpu: 3 - memory: 2Gi - requests: - cpu: 2 - memory: 1Gi - unlimited: {} - -nodeSelector: {} # Node label-values required to run zookeeper pods. - -tolerations: [] # Node taint overrides for zookeeper pods. - -affinity: {} # Criteria by which pod label-values influence scheduling for zookeeper pods. -affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: "kubernetes.io/hostname" - labelSelector: - matchLabels: - release: zookeeper - -podAnnotations: {} # Arbitrary non-identifying metadata for zookeeper pods. - -podLabels: {} # Key/value pairs that are attached to zookeeper pods. - -livenessProbe: - exec: - command: - - zkOk.sh - initialDelaySeconds: 20 - -readinessProbe: - exec: - command: - - zkOk.sh - initialDelaySeconds: 20 - -securityContext: - fsGroup: 1000 - #runAsUser: 1000 - -persistence: - enabled: true - ## zookeeper data Persistent Volume Storage Class - ## If defined, storageClassName: <storageClass> - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - mountPath: /dockerdata-nfs - mountSubPath: music/zookeeper - size: 4Gi - -## Exporters query apps for metrics and make those metrics available for -## Prometheus to scrape. -exporters: - - jmx: - enabled: false - image: - repository: sscaling/jmx-prometheus-exporter - tag: 0.3.0 - pullPolicy: IfNotPresent - config: - lowercaseOutputName: false - rules: - - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+)><>(\\w+)" - name: "zookeeper_$2" - - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+)><>(\\w+)" - name: "zookeeper_$3" - labels: - replicaId: "$2" - - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+)><>(\\w+)" - name: "zookeeper_$4" - labels: - replicaId: "$2" - memberType: "$3" - - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+), name3=(\\w+)><>(\\w+)" - name: "zookeeper_$4_$5" - labels: - replicaId: "$2" - memberType: "$3" - startDelaySeconds: 30 - env: {} - resources: {} - path: /metrics - ports: - jmxxp: - containerPort: 9404 - protocol: TCP - livenessProbe: - httpGet: - path: /metrics - port: jmxxp - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 60 - failureThreshold: 8 - successThreshold: 1 - readinessProbe: - httpGet: - path: /metrics - port: jmxxp - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 60 - failureThreshold: 8 - successThreshold: 1 - - zookeeper: - enabled: false - image: - repository: josdotso/zookeeper-exporter - tag: v1.1.2 - pullPolicy: IfNotPresent - config: - logLevel: info - resetOnScrape: "true" - env: {} - resources: {} - path: /metrics - ports: - zookeeperxp: - containerPort: 9141 - protocol: TCP - livenessProbe: - httpGet: - path: /metrics - port: zookeeperxp - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 60 - failureThreshold: 8 - successThreshold: 1 - readinessProbe: - httpGet: - path: /metrics - port: zookeeperxp - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 60 - failureThreshold: 8 - successThreshold: 1 - -env: - - ## Options related to JMX exporter. - JMXAUTH: "false" - JMXDISABLE: "false" - JMXPORT: 1099 - JMXSSL: "false" - - ## The port on which the server will accept client requests. - ZK_CLIENT_PORT: 2181 - - ## The port on which the ensemble performs leader election. - ZK_ELECTION_PORT: 3888 - - ## The JVM heap size. - ZK_HEAP_SIZE: 2G - - ## The number of Ticks that an ensemble member is allowed to perform leader - ## election. - ZK_INIT_LIMIT: 5 - - ## The Log Level that for the ZooKeeper processes logger. - ## Choices are `TRACE,DEBUG,INFO,WARN,ERROR,FATAL`. - ZK_LOG_LEVEL: INFO - - ## The maximum number of concurrent client connections that - ## a server in the ensemble will accept. - ZK_MAX_CLIENT_CNXNS: 60 - - ## The maximum session timeout that the ensemble will allow a client to request. - ## Upstream default is `20 * ZK_TICK_TIME` - ZK_MAX_SESSION_TIMEOUT: 40000 - - ## The minimum session timeout that the ensemble will allow a client to request. - ## Upstream default is `2 * ZK_TICK_TIME`. - ZK_MIN_SESSION_TIMEOUT: 4000 - - ## The delay, in hours, between ZooKeeper log and snapshot cleanups. - ZK_PURGE_INTERVAL: 0 - - ## The port on which the leader will send events to followers. - ZK_SERVER_PORT: 2888 - - ## The number of snapshots that the ZooKeeper process will retain if - ## `ZK_PURGE_INTERVAL` is set to a value greater than `0`. - ZK_SNAP_RETAIN_COUNT: 3 - - ## The number of Tick by which a follower may lag behind the ensembles leader. - ZK_SYNC_LIMIT: 10 - - ## The number of wall clock ms that corresponds to a Tick for the ensembles - ## internal time. - ZK_TICK_TIME: 2000 - -jobs: - chroots: - enabled: false - activeDeadlineSeconds: 300 - backoffLimit: 5 - completions: 1 - config: - create: [] - # - /kafka - # - /ureplicator - env: [] - parallelism: 1 - resources: {} - restartPolicy: Never diff --git a/kubernetes/common/music/values.yaml b/kubernetes/common/music/values.yaml index 51c467cf2f..fe4cbaee9c 100644 --- a/kubernetes/common/music/values.yaml +++ b/kubernetes/common/music/values.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# Copyright © 2018-2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml index 0defa97c26..a9f2a5bbd4 100644 --- a/kubernetes/common/network-name-gen/values.yaml +++ b/kubernetes/common/network-name-gen/values.yaml @@ -73,7 +73,7 @@ mariadb-init: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-apps-ms-neng:0.6.3 +image: onap/ccsdk-apps-ms-neng:0.7.1 pullPolicy: IfNotPresent # application configuration diff --git a/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml index 67d13cf477..56315285cd 100755 --- a/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml +++ b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml @@ -60,7 +60,7 @@ spec: name: localtime readOnly: true - name: {{ include "common.fullname" . }}-data - mountPath: /var/lib/postgresql/data + mountPath: /var/lib/postgresql/ resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml b/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml index 45468e4969..3a4bb90b98 100755 --- a/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml +++ b/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml @@ -50,7 +50,7 @@ spec: name: localtime readOnly: true - name: {{ include "common.fullname" . }}-data - mountPath: /var/lib/postgresql/data + mountPath: /var/lib/postgresql/ resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-pgaas-initdb-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-pgaas-initdb-inputs.yaml index 23bb080690..eb4cf252d4 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-pgaas-initdb-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-pgaas-initdb-inputs.yaml @@ -16,4 +16,4 @@ # ============LICENSE_END========================================================= k8s_pgaas_instance_fqdn: {{ .Values.postgres.service.name2 }}.{{include "common.namespace" . }} -k8s_initial_password: {{ .Values.postgres.config.pgRootPassword }} +k8s_initial_password: $PG_ROOT_PASSWORD diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml index a36164d164..9009f6b114 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml @@ -1,130 +1,150 @@ -#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: 1
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - dcae-cloudify-manager
- - --container-name
- - consul-server
- - --container-name
- - msb-discovery
- - --container-name
- - kube2msb
- - --container-name
- - dcae-config-binding-service
- - --container-name
- - dcae-db
- - --container-name
- - dcae-inventory-api
- - "-t"
- - "15"
-
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: init-tls
- env:
- - name: POD_IP
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: status.podIP
- - name: aaf_locator_fqdn
- value: dcae
- image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources: {}
- volumeMounts:
- - mountPath: /opt/app/osaaf
- name: tls-info
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- volumeMounts:
- - mountPath: /inputs
- name: {{ include "common.fullname" . }}-dcae-inputs
- - mountPath: /dcae-configs
- name: {{ include "common.fullname" . }}-dcae-config
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /certs
- name: tls-info
- readOnly: true
- env:
- - name: CMADDR
- value: {{ .Values.config.address.cm.host }}
- - name: CMPASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.name" . }}-cmpass
- key: password
- - name: CMPROTO
- value: {{ .Values.config.address.cm.proto }}
- - name: CMPORT
- value: !!string {{ .Values.config.address.cm.port }}
- - name: CONSUL
- value: {{ .Values.config.address.consul.host }}:{{ .Values.config.address.consul.port }}
- - name: DCAE_NAMESPACE
- value: {{ .Values.dcae_ns | default "" }}
- - name: ONAP_NAMESPACE
- value: {{ include "common.namespace" . }}
- volumes:
- - name: {{ include "common.fullname" . }}-dcae-inputs
- configMap:
- name: {{ include "common.fullname" . }}-dcae-inputs
- - name: {{ include "common.fullname" . }}-dcae-config
- configMap:
- name: {{ include "common.fullname" . }}-dcae-config
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: tls-info
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: 1 + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: PG_ROOT_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-root-pass" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: {{ include "common.fullname" . }}-dcae-inputs-input + - mountPath: /config + name: {{ include "common.fullname" . }}-dcae-inputs + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + + - name: {{ include "common.name" . }}-readiness + image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - dcae-cloudify-manager + - --container-name + - consul-server + - --container-name + - msb-discovery + - --container-name + - kube2msb + - --container-name + - dcae-config-binding-service + - --container-name + - dcae-db + - --container-name + - dcae-inventory-api + - "-t" + - "15" + + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: init-tls + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: aaf_locator_fqdn + value: dcae + image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: {} + volumeMounts: + - mountPath: /opt/app/osaaf + name: tls-info + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: +{{ include "common.resources" . | indent 12 }} + volumeMounts: + - mountPath: /inputs + name: {{ include "common.fullname" . }}-dcae-inputs + - mountPath: /dcae-configs + name: {{ include "common.fullname" . }}-dcae-config + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /certs + name: tls-info + readOnly: true + env: + - name: CMADDR + value: {{ .Values.config.address.cm.host }} + - name: CMPASS + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-cmpass + key: password + - name: CMPROTO + value: {{ .Values.config.address.cm.proto }} + - name: CMPORT + value: !!string {{ .Values.config.address.cm.port }} + - name: CONSUL + value: {{ .Values.config.address.consul.host }}:{{ .Values.config.address.consul.port }} + - name: DCAE_NAMESPACE + value: {{ .Values.dcae_ns | default "" }} + - name: ONAP_NAMESPACE + value: {{ include "common.namespace" . }} + volumes: + - name: {{ include "common.fullname" . }}-dcae-inputs-input + configMap: + name: {{ include "common.fullname" . }}-dcae-inputs + - name: {{ include "common.fullname" . }}-dcae-inputs + emptyDir: + medium: Memory + - name: {{ include "common.fullname" . }}-dcae-config + configMap: + name: {{ include "common.fullname" . }}-dcae-config + - name: localtime + hostPath: + path: /etc/localtime + - name: tls-info + emptyDir: {} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml index d8b2ba2220..44395e48e8 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml @@ -29,3 +29,5 @@ metadata: type: Opaque data: password: YWRtaW4= +--- +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index a5bd69af02..5fcd916989 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -28,6 +28,15 @@ global: loggingImage: beats/filebeat:5.5.0 tlsRepository: nexus3.onap.org:10001 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 + envsubstImage: dibi/envsubst + +secrets: + - uid: pg-root-pass + name: &pgRootPassSecretName '{{ include "common.release" . }}-dcae-bootstrap-pg-root-pass' + type: password + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dcae-bootstrap-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' + password: '{{ .Values.postgres.config.pgRootpassword }}' + policy: generate config: logstashServiceName: log-ls @@ -77,21 +86,10 @@ postgres: primary: dcae-pg-primary replica: dcae-pg-replica config: - pgPrimaryPassword: onapdemodb - pgRootPassword: onapdemodb + pgRootPasswordExternalSecret: *pgRootPassSecretName persistence: mountSubPath: dcae/data mountInitPath: dcae - pgpool: - nameOverride: dcae-pgpool - service: - name: dcae-pgpool - credentials: - pgpassword: onapdemodb - container: - name: - primary: dcae-pgpool-primary - replica: dcae-pgpool-replica mongo: nameOverride: dcae-mongo diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml index a926fb396b..bab034469b 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml @@ -126,11 +126,11 @@ spec: - name: consul_url value: http://consul-server-ui:8500 - name: postgres_user_dashboard - value: {{ .Values.postgres.config.pgUserName }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 14 }} + - name: postgres_password_dashboard + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 14 }} - name: postgres_db_name value: {{ .Values.postgres.config.pgDatabase }} - - name: postgres_password_dashboard - value: {{ .Values.postgres.config.pgUserPassword }} - name: postgres_ip value: {{ .Values.postgres.service.name2 }} - name: POD_IP @@ -169,4 +169,3 @@ spec: name: tls-info imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml new file mode 100644 index 0000000000..b143034d8f --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml index fd7069450e..8e3f94dc64 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml @@ -27,6 +27,15 @@ global: tlsRepository: nexus3.onap.org:10001 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 +secrets: + - uid: pg-user-creds + name: &pgUserCredsSecretName '{{ include "common.release" . }}-dcae-dashboard-pg-user-creds' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "dcae-dashboard-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' + login: '{{ .Values.postgres.config.pgUserName }}' + password: '{{ .Values.postgres.config.pgUserPassword }}' + passwordPolicy: generate + config: logstashServiceName: log-ls logstashPort: 5044 @@ -81,10 +90,8 @@ postgres: replica: dcae-dashboard-pg-replica config: pgUserName: dashboard_pg_admin + pgUserExternalSecret: *pgUserCredsSecretName pgDatabase: dashboard_pg_db_common - pgPrimaryPassword: onapdemodb - pgUserPassword: onapdemodb - pgRootPassword: onapdemodb pgPort: "5432" persistence: mountSubPath: dcae-dashboard/data diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/resources/config/config.json b/kubernetes/dcaegen2/components/dcae-inventory-api/resources/config/config.json index d9927314e1..4be8c195d2 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/resources/config/config.json +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/resources/config/config.json @@ -1,8 +1,8 @@ { "database": { "driverClass": "org.postgresql.Driver", - "user": "{{ .Values.postgres.config.pgUserName }}", - "password": "{{ .Values.postgres.config.pgUserPassword }}", + "user": "${PG_USER}", + "password": "${PG_PASSWORD}", "url": "jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }}", "properties": { "charSet": "UTF-8" diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml index 6769c00a2d..bf49157762 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml @@ -34,6 +34,25 @@ spec: release: {{ include "common.release" . }} spec: initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: PG_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }} + - name: PG_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }} + volumeMounts: + - mountPath: /config-input + name: {{ include "common.fullname" . }}-inv-config-input + - mountPath: /config + name: {{ include "common.fullname" . }}-inv-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - name: {{ include "common.name" . }}-readiness image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -135,11 +154,13 @@ spec: defaultMode: 420 name: {{ include "common.fullname" . }}-filebeat-configmap name: filebeat-conf - - name: {{ include "common.fullname" . }}-inv-config + - name: {{ include "common.fullname" . }}-inv-config-input configMap: name: {{ include "common.fullname" . }}-configmap + - name: {{ include "common.fullname" . }}-inv-config + emptyDir: + medium: Memory - emptyDir: {} name: tls-info imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/secret.yaml new file mode 100644 index 0000000000..b143034d8f --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/secret.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml index 51af963343..a26ae5d196 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml @@ -26,10 +26,20 @@ global: loggingImage: beats/filebeat:5.5.0 tlsRepository: nexus3.onap.org:10001 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 + envsubstImage: dibi/envsubst repositoryCred: user: docker password: docker +secrets: + - uid: pg-user-creds + name: &pgUserCredsSecretName '{{ include "common.release" . }}-dcae-inventory-api-pg-user-creds' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "dcae-inventory-api-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' + login: '{{ .Values.postgres.config.pgUserName }}' + password: '{{ .Values.postgres.config.pgUserPassword }}' + passwordPolicy: generate + config: logstashServiceName: log-ls logstashPort: 5044 @@ -82,24 +92,11 @@ postgres: replica: dcae-inv-pg-replica config: pgUserName: dcae_inv + pgUserExternalSecret: *pgUserCredsSecretName pgDatabase: dcae_inventory - pgPrimaryPassword: onapdemodb - pgUserPassword: onapdemodb - pgRootPassword: onapdemodb persistence: mountSubPath: dcae-inv/data mountInitPath: dcae-inv - pgpool: - nameOverride: dcae-inv-pgpool - service: - name: dcae-inv-pgpool - credentials: - pgusername: ddcae_inv - pgpassword: onapdemodb - container: - name: - primary: dcae-inv-pgpool-primary - replica: dcae-inv-pgpool-replica # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml index aca2fc407d..f742419b46 100644 --- a/kubernetes/dmaap/components/message-router/values.yaml +++ b/kubernetes/dmaap/components/message-router/values.yaml @@ -100,7 +100,7 @@ ingress: name: "message-router" port: 3905 config: - ssl: "none" + ssl: "redirect" # Resource Limit flavor -By Default using small diff --git a/kubernetes/msb/charts/kube2msb/values.yaml b/kubernetes/msb/charts/kube2msb/values.yaml index af845939a5..556931d07e 100644 --- a/kubernetes/msb/charts/kube2msb/values.yaml +++ b/kubernetes/msb/charts/kube2msb/values.yaml @@ -24,7 +24,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/oom/kube2msb:1.1.0 +image: onap/oom/kube2msb:1.2.6 pullPolicy: Always istioSidecar: true @@ -70,4 +70,4 @@ resources: requests: cpu: 1 memory: 1Gi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/msb/charts/msb-eag/values.yaml b/kubernetes/msb/charts/msb-eag/values.yaml index c5820ae3dc..60c197327e 100644 --- a/kubernetes/msb/charts/msb-eag/values.yaml +++ b/kubernetes/msb/charts/msb-eag/values.yaml @@ -24,7 +24,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/msb/msb_apigateway:1.2.6 +image: onap/msb/msb_apigateway:1.2.7 pullPolicy: Always istioSidecar: true diff --git a/kubernetes/msb/charts/msb-iag/values.yaml b/kubernetes/msb/charts/msb-iag/values.yaml index 00adb83658..a927816492 100644 --- a/kubernetes/msb/charts/msb-iag/values.yaml +++ b/kubernetes/msb/charts/msb-iag/values.yaml @@ -24,7 +24,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/msb/msb_apigateway:1.2.6 +image: onap/msb/msb_apigateway:1.2.7 pullPolicy: Always istioSidecar: true diff --git a/kubernetes/msb/resources/config/certificates/ca.crt b/kubernetes/msb/resources/config/certificates/ca.crt new file mode 100644 index 0000000000..62da777a58 --- /dev/null +++ b/kubernetes/msb/resources/config/certificates/ca.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDkjCCAnoCCQCHtNgoWafiHzANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC +Q04xETAPBgNVBAgMCHNpY2h1YW5nMRAwDgYDVQQHDAdjaGVuZ2R1MQwwCgYDVQQK +DAN6dGUxDjAMBgNVBAsMBXplbmFwMTgwNgYDVQQDDC9aVEUgT3BlblBhbGV0dGUg +Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNzAeFw0xNzAzMTcwMTU2MjBa +Fw0yNzAzMTUwMTU2MjBaMIGKMQswCQYDVQQGEwJDTjERMA8GA1UECAwIc2ljaHVh +bmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAKBgNVBAoMA3p0ZTEOMAwGA1UECwwFemVu +YXAxODA2BgNVBAMML1pURSBPcGVuUGFsZXR0ZSBSb290IENlcnRpZmljYXRlIEF1 +dGhvcml0eSAyMDE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23LK +Eq56pVzsRbYJ6NMdk82QfLjnp+f7KzdQ46SfwldG3gmipasPwDXV9jT9FvUlX8s/ +mRphOyuZ7vDzL2QjlS/FBATTWrJ2VCJmBVlzVu4STZ6YrxpQrSAalGkiYd9uT2Yt +2quNUPCsZSlJ8qJCYs098bJ2XTsK0JBby94j3nTdvNWhhErrheWdG/CHje32sKog +6BxN4GzMeZ2fUd0vKsqBs89M0pApdjpRMqEGHg+Lri4iiE9kKa/Y8S3V6ggJZjbp +7xs7N0miy/paeosjfFe5U6mhumUSZPFy8ueAgGxqBkwvLJwCY3HYcrsFGaXTu+c3 +p2q1Adygif1h43HrvQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAb/cgmsCxvQmvu +5e4gpn5WEMo0k7F6IAghd8139i9vmtQ88reYZvfiVsp/5ZjNnNj75lLbjjexDkPA +bdnAiJfRKOrMaPqY6Bem4v8lPu1B/kj1umn4BXOCC1kpcH/2JCmvI8uh49SSlT9J +wUSKWw8Qhy9XKN692y02QZke9Xp2HoFvMUlntglmQUIRO5eBYLQCSWpfv/iyMs6w +ar7Tk1p2rURpRh02P7WFQ5j5fxXEOrkMT7FX80EB3AddSthstj2iDlUcqfG3jXH/ +FA5r1q45kMUaMYxV9WIE67Vt0RaxrUJYWDR2kDSSox7LR5GpjWiSlPAfcLCeVuA3 +3lR7lW/J +-----END CERTIFICATE----- diff --git a/kubernetes/msb/resources/config/certificates/cert.crt b/kubernetes/msb/resources/config/certificates/cert.crt new file mode 100644 index 0000000000..7d1314f59e --- /dev/null +++ b/kubernetes/msb/resources/config/certificates/cert.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqjCCApKgAwIBAgIJAOQWcdss4Qu5MA0GCSqGSIb3DQEBCwUAMIGKMQswCQYD +VQQGEwJDTjERMA8GA1UECAwIc2ljaHVhbmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAK +BgNVBAoMA3p0ZTEOMAwGA1UECwwFemVuYXAxODA2BgNVBAMML1pURSBPcGVuUGFs +ZXR0ZSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE3MB4XDTIwMDQyMjAy +NTc1MFoXDTIyMDQyMjAyNTc1MFowYDELMAkGA1UEBhMCQ04xEDAOBgNVBAgMB1Np +Y2h1YW4xEDAOBgNVBAcMB0NoZW5nZHUxDTALBgNVBAoMBE9OQVAxDDAKBgNVBAsM +A01TQjEQMA4GA1UEAwwHbXNiLWlhZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAMa1YlTIL8APcmASbxrD7Q9BhWL9Hwi+FKO4HsIrSiJj/A/FLVe3kV2a +xA7b5wdv44P0qQnh3pc0djlnZ47Fgli3lhEZ33+j5vrXHCjEFKiZZVeO+y/p+OcZ +VMNiL+MPJNTNgMkPoaljs/U6fn6fFyAgMMIqqigxHJaNvz7IH+UpqbWWzZo7+JqC +lBi8t5ZIDk18/3cPQWXIne+3MoYULdEayAS8/4wYoJANH1knmSG+J07f9uCXniiz +4zFFngMGHm4kuKXJCAl5E6S5fPzsLKqtwbbn9kJNyWoNFDuc7zW5dPfqPVckHHQ8 +Dx0q2111UgrzrBZMW1RKmcwB+1YXip8CAwEAAaM8MDowCQYDVR0TBAIwADALBgNV +HQ8EBAMCBeAwIAYDVR0RBBkwF4IVKi5zaW1wbGVkZW1vLm9uYXAub3JnMA0GCSqG +SIb3DQEBCwUAA4IBAQCXSECDNzsg2MhVIVvviqxhpZWZ3sa7KxXlyd9iSmBzkneS ++XiyUC575ZM3lmh1Kme35bWgz5R/w76XLSMBPxIX6uZ4HVNQqwSPv63Nk9+ON3IN +iCn6ehHKJgT0rpx/aB3sIcE1hEtIWLGaaKVEb3DOuDbkbBT9eJbIgHKkT80PKynK +l35dQRMiGBQiD8cBUxTOJaj7QohZ/aUWArZCOl0uvddkrs/IOCMY3BDQ0WZ7RYp3 +LwpgZVPzkVRaSLSq3TS07Re+nZcaht69T6mdMY5V0gW20O4J2nWMaldSmlNqcddb +Nl5Xn0lRMW651ZzxEkcaXNtR78yLYi2JXtyQBgVA +-----END CERTIFICATE----- diff --git a/kubernetes/nbi/requirements.yaml b/kubernetes/nbi/requirements.yaml index 4bd4fd863e..7ce343627a 100644 --- a/kubernetes/nbi/requirements.yaml +++ b/kubernetes/nbi/requirements.yaml @@ -20,6 +20,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' - name: mongo version: ~6.x-0 repository: '@local' diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml index 1b4195c733..22dd4a1ded 100644 --- a/kubernetes/nbi/templates/deployment.yaml +++ b/kubernetes/nbi/templates/deployment.yaml @@ -33,7 +33,7 @@ spec: name: {{ include "common.fullname" . }} spec: {{- if .Values.global.aafEnabled }} - initContainers: {{ include "common.aaf-config" . | nindent 6 }} + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} {{- end }} containers: - name: {{ include "common.name" . }} @@ -49,11 +49,11 @@ spec: args: - -c - | - export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0) + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) export JAVA_OPTS="-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \ - -Dserver.ssl.key-store={{ .Values.aafConfig.credsPath }}/org.onap.nbi.p12 \ + -Dserver.ssl.key-store={{ .Values.certInitializer.credsPath }}/org.onap.nbi.p12 \ -Dserver.ssl.key-store-type=PKCS12 \ - -Djavax.net.ssl.trustStore={{ .Values.aafConfig.credsPath }}/org.onap.nbi.trust.jks \ + -Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/org.onap.nbi.trust.jks \ -Dserver.ssl.key-store-password=$cadi_keystore_password_p12 \ -Djavax.net.ssl.trustStoreType=jks\ -Djava.security.egd=file:/dev/./urandom -Dserver.port=8443" @@ -122,7 +122,7 @@ spec: value: "msb-discovery.{{ include "common.namespace" . }}" - name: MSB_DISCOVERY_PORT value: "10081" - volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 12 }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -148,7 +148,7 @@ spec: # name: esr-server-logs # - mountPath: /usr/share/filebeat/data # name: esr-server-filebeat - volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }} + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/nbi/templates/ingress.yaml b/kubernetes/nbi/templates/ingress.yaml new file mode 100644 index 0000000000..0cd8cfbd36 --- /dev/null +++ b/kubernetes/nbi/templates/ingress.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.ingress" . }} diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index 6381d83e27..4fe092e603 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -36,7 +36,8 @@ global: ################################################################# # AAF part ################################################################# -aafConfig: +certInitializer: + nameOverride: nbi-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! # aafDeployCredsExternalSecret: some secret @@ -45,13 +46,16 @@ aafConfig: public_fqdn: nbi.onap.org cadi_longitude: "0.0" cadi_latitude: "0.0" - credsPath: /opt/app/osaaf/local app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop + +aafConfig: permission_user: 1000 permission_group: 999 - addconfig: true - secret_uid: &aaf_secret_uid nbi-aaf-deploy-creds - ################################################################# # Secrets metaconfig @@ -63,12 +67,6 @@ secrets: externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' login: '{{ .Values.config.db.userName }}' password: '{{ .Values.config.db.userPassword }}' - - uid: *aaf_secret_uid - type: basicAuth - externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' - login: '{{ .Values.aafConfig.aafDeployFqi }}' - password: '{{ .Values.aafConfig.aafDeployPass }}' - passwordPolicy: required subChartsOnly: enabled: true diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 5839addf6a..9e593c2e42 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -147,7 +147,7 @@ global: # to customize the ONAP deployment. ################################################################# aaf: - enabled: true + enabled: false aai: enabled: false appc: diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/ingress.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/ingress.yaml new file mode 100644 index 0000000000..0cd8cfbd36 --- /dev/null +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/ingress.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.ingress" . }} diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml index df13309087..da6ab9b548 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml @@ -56,3 +56,13 @@ liveness: readiness: initialDelaySeconds: 10 periodSeconds: 10 + + +ingress: + enabled: false + service: + - baseaddr: "oof-has-api.onap" + name: "oof-has-api" + port: 8091 + config: + ssl: "redirect" diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml index f3e1d1fb2f..3dac4788cb 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml @@ -37,7 +37,7 @@ spec: - /root/ready.py args: - --container-name - - music-tomcat + - music-springboot - --container-name - aaf-sms env: diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml index f144424f9f..85fbd96221 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml @@ -37,7 +37,7 @@ spec: - /root/ready.py args: - --container-name - - music-tomcat + - music-springboot env: - name: NAMESPACE valueFrom: diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml index 0c9e8c33e8..cb83643ed3 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml @@ -37,7 +37,7 @@ spec: - /root/ready.py args: - --container-name - - music-tomcat + - music-springboot env: - name: NAMESPACE valueFrom: diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml index 881d6fa9f7..858bf8908e 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml @@ -37,7 +37,7 @@ spec: - /root/ready.py args: - --container-name - - music-tomcat + - music-springboot env: - name: NAMESPACE valueFrom: diff --git a/kubernetes/oof/charts/oof-has/resources/config/conductor.conf b/kubernetes/oof/charts/oof-has/resources/config/conductor.conf index c3d9307836..94a47fed2f 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/conductor.conf +++ b/kubernetes/oof/charts/oof-has/resources/config/conductor.conf @@ -428,7 +428,7 @@ server_url = http://{{.Values.config.msb.serviceName}}.{{ include "common.namesp # Base URL for Music REST API without a trailing slash. (string value) #server_url = http://oof-has-music:8080/MUSIC/rest/v2 -server_url = http://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2 +server_url = https://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2 version = v2 # DEPRECATED: List of hostnames (round-robin access) (list value) @@ -492,7 +492,7 @@ music_new_version = True # for version (string value) #music_version = <None> -music_version = "3.0.21" +music_version = "3.2.40" # username value that used for creating basic authorization header (string # value) @@ -508,6 +508,13 @@ aafpass = c0nduct0r #aafns = <None> aafns = conductor +# Enabling HTTPs mode (boolean value) +enable_https_mode = True + +# Certificate Authority Bundle file in pem format. Must contain the appropriate +# trust chain for the Certificate file. (string value) +certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer + [prometheus] diff --git a/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml b/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml index 92d6cbf441..34f215c9ab 100755 --- a/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml +++ b/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml @@ -59,7 +59,7 @@ spec: sleep 15; resp="FAILURE"; until [ $resp = "200" ]; do - resp=$(curl -s -o /dev/null --write-out %{http_code} -X POST http://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/keyspaces/conductor/tables/plans/rows?id=healthcheck \ + resp=$(curl -k -s -o /dev/null --write-out %{http_code} -X POST https://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/keyspaces/conductor/tables/plans/rows?id=healthcheck \ -H "Content-Type: application/json" \ -H "ns: conductor" \ -H "Authorization: Basic Y29uZHVjdG9yOmMwbmR1Y3Qwcg==" \ diff --git a/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml b/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml index 499d0923c8..ad42a1fe08 100755 --- a/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml +++ b/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml @@ -40,7 +40,7 @@ spec: - /root/ready.py args: - --container-name - - "music-tomcat" + - "music-springboot" - --container-name - "music-cassandra" env: @@ -71,10 +71,7 @@ spec: - "/bin/sh" - "-c" - | - curl -X POST http://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/admin/onboardAppWithMusic \ - -H "Content-Type: application/json" \ - -H "Authorization: Basic Y29uZHVjdG9yOmMwbmR1Y3Qwcg==" \ - --data @onboard.json + echo "job-onboard" workingDir: /has volumeMounts: - mountPath: /etc/localtime diff --git a/kubernetes/oof/charts/oof-has/values.yaml b/kubernetes/oof/charts/oof-has/values.yaml index 730d6e20a1..f4debe93fc 100755 --- a/kubernetes/oof/charts/oof-has/values.yaml +++ b/kubernetes/oof/charts/oof-has/values.yaml @@ -25,7 +25,7 @@ global: commonConfigPrefix: onap-oof-has image: readiness: oomk8s/readiness-check:2.0.0 - optf_has: onap/optf-has:2.0.2 + optf_has: onap/optf-has:2.0.3 filebeat: docker.elastic.co/beats/filebeat:5.5.0 pullPolicy: Always @@ -42,8 +42,8 @@ config: serviceName: msb-iag port: 80 music: - serviceName: music-tomcat - port: 8080 + serviceName: music + port: 8443 sms: serviceName: aaf-sms port: 10443 diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml index 0cdfa9dfe7..5205a1df1f 100644 --- a/kubernetes/oof/values.yaml +++ b/kubernetes/oof/values.yaml @@ -125,4 +125,4 @@ ingress: name: "oof-osdf" port: 8698 config: - ssl: "none"
\ No newline at end of file + ssl: "redirect" diff --git a/kubernetes/portal/charts/portal-sdk/values.yaml b/kubernetes/portal/charts/portal-sdk/values.yaml index 02104414d6..7f3aa70a2c 100644 --- a/kubernetes/portal/charts/portal-sdk/values.yaml +++ b/kubernetes/portal/charts/portal-sdk/values.yaml @@ -119,7 +119,7 @@ ingress: name: "portal-sdk" port: 8443 config: - ssl: "none" + ssl: "redirect" # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml index ad46842393..6dbec2bc24 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml @@ -61,12 +61,9 @@ ingress: service: - baseaddr: "dcaedt" name: "sdc-dcae-dt" - port: 8186 - - baseaddr: "dcaedt2" - name: "sdc-dcae-dt" port: 9446 config: - ssl: "none" + ssl: "redirect" # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml index b6572f5d3d..eae409a431 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml @@ -68,7 +68,7 @@ ingress: name: "sdc-dcae-fe" port: 9444 config: - ssl: "none" + ssl: "redirect" # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/sdnc/charts/dmaap-listener/values.yaml b/kubernetes/sdnc/charts/dmaap-listener/values.yaml index 51f7afeeb5..bcbad0d68e 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/charts/dmaap-listener/values.yaml @@ -56,7 +56,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-dmaap-listener-image:1.8.1 +image: onap/sdnc-dmaap-listener-image:1.8.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml index c08e53a84a..d0455d5647 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml @@ -56,7 +56,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ansible-server-image:1.8.1 +image: onap/sdnc-ansible-server-image:1.8.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/ingress.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/ingress.yaml new file mode 100644 index 0000000000..0cd8cfbd36 --- /dev/null +++ b/kubernetes/sdnc/charts/sdnc-portal/templates/ingress.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.ingress" . }} diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml index 280a2af5e9..71ebb69819 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/values.yaml @@ -73,7 +73,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/admportal-sdnc-image:1.8.1 +image: onap/admportal-sdnc-image:1.8.2 config: dbFabricDB: mysql dbFabricUser: admin @@ -133,6 +133,12 @@ service: ingress: enabled: false + service: + - baseaddr: "sdnc-portal.api" + name: "sdnc-portal" + port: 8443 + config: + ssl: "redirect" #Resource limit flavor -By default using small flavor: small diff --git a/kubernetes/sdnc/charts/ueb-listener/values.yaml b/kubernetes/sdnc/charts/ueb-listener/values.yaml index a02a38531c..7a19b12865 100644 --- a/kubernetes/sdnc/charts/ueb-listener/values.yaml +++ b/kubernetes/sdnc/charts/ueb-listener/values.yaml @@ -62,7 +62,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ueb-listener-image:1.8.1 +image: onap/sdnc-ueb-listener-image:1.8.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 65aae857ae..96ea6e33fd 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -119,7 +119,7 @@ secrets: # application images repository: nexus3.onap.org:10001 pullPolicy: Always -image: onap/sdnc-image:1.8.1 +image: onap/sdnc-image:1.8.2 # flag to enable debugging - application support required diff --git a/kubernetes/uui/charts/uui-server/values.yaml b/kubernetes/uui/charts/uui-server/values.yaml index 567baabbdf..03265d4014 100644 --- a/kubernetes/uui/charts/uui-server/values.yaml +++ b/kubernetes/uui/charts/uui-server/values.yaml @@ -69,7 +69,7 @@ ingress: name: "uui-server" port: 8082 config: - ssl: "none" + ssl: "redirect" # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml index 47182d4e19..2c15c9683c 100644 --- a/kubernetes/uui/values.yaml +++ b/kubernetes/uui/values.yaml @@ -69,7 +69,7 @@ ingress: name: "uui" port: 8443 config: - ssl: "none" + ssl: "redirect" # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index 04d79380f5..63c6307f06 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -118,9 +118,9 @@ ingress: service: - baseaddr: "vid.api" name: "vid-http" - port: 8080 + port: 8443 config: - ssl: "none" + ssl: "redirect" # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml index 96cacfbf82..28dea47cfc 100644 --- a/kubernetes/vnfsdk/values.yaml +++ b/kubernetes/vnfsdk/values.yaml @@ -105,6 +105,6 @@ ingress: service: - baseaddr: "refrepo" name: "refrepo" - port: 97 + port: 8703 config: - ssl: "none" + ssl: "redirect" |