diff options
203 files changed, 1297 insertions, 835 deletions
diff --git a/kubernetes/aai b/kubernetes/aai -Subproject 1990a02ce9295df7c94009401c24fa226a10f8e +Subproject 48ae4e9d7a9ef5f9e73f6a3c90fd808f086089f diff --git a/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml b/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml index f9c3377dd8..80c8fca37e 100755 --- a/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml +++ b/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml @@ -51,9 +51,9 @@ spec: - name: AUTH_TYPE value: {{ .Values.config.authType }} - name: API_USERNAME - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }} - name: API_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }} - name: LOG_FILE value: {{ .Values.config.logFile }} - name: ARTIFACT_MANAGER_PORT diff --git a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh b/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh index 6c69694011..71f32e2eff 100755 --- a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh +++ b/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh @@ -18,6 +18,11 @@ for arg; do esac done +prepare_password() +{ + echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" +} + # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of @@ -36,7 +41,7 @@ file_env() { elif [ "${!fileVar:-}" ]; then val="$(< "${!fileVar}")" fi - val=`echo -n $val | sed -e "s/'/''/g"` + val=`prepare_password $val` export "$var"="$val" unset "$fileVar" } diff --git a/kubernetes/common/cassandra/templates/pv.yaml b/kubernetes/common/cassandra/templates/pv.yaml index 76a224ab5f..a0d998cd07 100644 --- a/kubernetes/common/cassandra/templates/pv.yaml +++ b/kubernetes/common/cassandra/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.replicaPV" . }} diff --git a/kubernetes/common/cassandra/templates/service.yaml b/kubernetes/common/cassandra/templates/service.yaml index 0b91076f82..8934d41c33 100644 --- a/kubernetes/common/cassandra/templates/service.yaml +++ b/kubernetes/common/cassandra/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.headlessService" . }} diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index 96139ce988..2bcafd9ade 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml index c453f11c85..6734e0be81 100644 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -144,7 +144,7 @@ {{- define "common.certInitializer._volumeMount" -}} {{- $dot := default . .dot -}} {{- $initRoot := default $dot.Values.certInitializer .initRoot -}} -- mountPath: {{ $initRoot.mountPath }} +- mountPath: {{ $initRoot.appMountPath }} name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} {{- end -}} diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml index 271e410069..642fe7799b 100644 --- a/kubernetes/common/certInitializer/values.yaml +++ b/kubernetes/common/certInitializer/values.yaml @@ -51,6 +51,7 @@ cadi_latitude: "38.0" cadi_longitude: "-72.0" aaf_add_config: "" mountPath: "/opt/app/osaaf" +appMountPath: "/opt/app/osaaf" importCustomCertsEnabled: false truststoreMountpath: "" truststoreOutputFileName: truststore.jks diff --git a/kubernetes/common/common/templates/_aafconfig.tpl b/kubernetes/common/common/templates/_aafconfig.tpl index afc402f648..b1021ab9d7 100644 --- a/kubernetes/common/common/templates/_aafconfig.tpl +++ b/kubernetes/common/common/templates/_aafconfig.tpl @@ -117,9 +117,9 @@ - name: aaf_locator_app_ns value: "{{ $aafRoot.app_ns }}" - name: DEPLOY_FQI - {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "login") | indent 6 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "login") | indent 6 }} - name: DEPLOY_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "password") | indent 6 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "password") | indent 6 }} #Note: want to put this on Nodes, eventually - name: cadi_longitude value: "{{ default "52.3" $aafRoot.cadi_longitude }}" diff --git a/kubernetes/common/common/templates/_createPassword.tpl b/kubernetes/common/common/templates/_createPassword.tpl index bfa96daf64..bfd0999e16 100644 --- a/kubernetes/common/common/templates/_createPassword.tpl +++ b/kubernetes/common/common/templates/_createPassword.tpl @@ -32,6 +32,9 @@ {{ else if eq "testRelease" (include "common.release" .) }} {{/* Special case for chart liniting. DON"T NAME YOUR PRODUCTION RELEASE testRelease */}} {{- printf "testRelease" -}} + {{ else if eq "test-release" .Release.Name }} + {{/* Special case for chart linting in helm3. DON"T NAME YOUR PRODUCTION RELEASE test-release */}} + {{- printf "testRelease" -}} {{ else }} {{ fail "masterPassword not provided" }} {{ end }} diff --git a/kubernetes/common/dgbuilder/templates/ingress.yaml b/kubernetes/common/dgbuilder/templates/ingress.yaml index 0cd8cfbd36..4392308e38 100644 --- a/kubernetes/common/dgbuilder/templates/ingress.yaml +++ b/kubernetes/common/dgbuilder/templates/ingress.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +*/}} {{ include "common.ingress" . }} diff --git a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml index 9e826ae311..583c2d7429 100644 --- a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml +++ b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.enabled }} {{- range $kind, $enabled := .Values.hooks }} {{- if $enabled }} diff --git a/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml index dc2a430922..2af57aae77 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.enabled }} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml index ea769d1291..b9e2c05d1a 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.enabled }} {{ $role := "curator" -}} {{ $suffix := $role -}} diff --git a/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml index 6fe032d818..628cdd1d73 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.psp.create }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy diff --git a/kubernetes/common/elasticsearch/components/curator/templates/role.yaml b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml index 0d189f448b..f124a44c85 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/role.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.rbac.enabled }} kind: Role apiVersion: rbac.authorization.k8s.io/v1 diff --git a/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml index b112468dc3..f10b14231f 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.rbac.enabled }} kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml index 0bd4ae0999..a1732cfedc 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.serviceAccount.create .Values.rbac.enabled }} apiVersion: v1 kind: ServiceAccount diff --git a/kubernetes/common/elasticsearch/components/data/templates/pv.yaml b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml index c713ec81ac..133984c800 100644 --- a/kubernetes/common/elasticsearch/components/data/templates/pv.yaml +++ b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}} diff --git a/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml index 2ac3880886..4a8ef08946 100644 --- a/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount diff --git a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml index aeb14a1b61..98d533d4e2 100644 --- a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml +++ b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet {{ $role := "data" -}} diff --git a/kubernetes/common/elasticsearch/components/master/templates/pv.yaml b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml index c713ec81ac..133984c800 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/pv.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}} diff --git a/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml index 05a3af37f2..323b9fc318 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.serviceAccount.create }} diff --git a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml index 626747f075..6744f75f26 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet diff --git a/kubernetes/common/elasticsearch/components/master/templates/svc.yaml b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml index 8d66ef082e..ca94e242a4 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/svc.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,9 +12,10 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ $role := "master" -}} {{ $labels := (dict "role" $role) -}} {{ $matchLabels := (dict "role" $role) }} -{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }}
\ No newline at end of file +{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }} diff --git a/kubernetes/common/elasticsearch/templates/_helpers.tpl b/kubernetes/common/elasticsearch/templates/_helpers.tpl index fdbe82f855..6e745bd560 100644 --- a/kubernetes/common/elasticsearch/templates/_helpers.tpl +++ b/kubernetes/common/elasticsearch/templates/_helpers.tpl @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. diff --git a/kubernetes/common/elasticsearch/templates/configmap-es.yaml b/kubernetes/common/elasticsearch/templates/configmap-es.yaml index 38234da0cf..7138e4e094 100644 --- a/kubernetes/common/elasticsearch/templates/configmap-es.yaml +++ b/kubernetes/common/elasticsearch/templates/configmap-es.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.config }} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml index 8ec38626e6..cf9ef73e52 100644 --- a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml +++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment {{ $role := "coordinating-only" -}} diff --git a/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml index 610c7d68c1..d7fd447846 100644 --- a/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml +++ b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ $role := "coordinating-only" -}} {{ $labels := (dict "role" $role) -}} diff --git a/kubernetes/common/elasticsearch/templates/discovery-svc.yaml b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml index fa79c29eca..9750be7b80 100644 --- a/kubernetes/common/elasticsearch/templates/discovery-svc.yaml +++ b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- $matchLabels := (dict "discovery" (include "elasticsearch.clustername" .) "nameNoMatch" "useDiscoveryService") }} {{ include "common.headlessService" (dict "matchLabels" $matchLabels "dot" .) }} diff --git a/kubernetes/common/elasticsearch/templates/secrets.yaml b/kubernetes/common/elasticsearch/templates/secrets.yaml index 359e8975e1..b8cd0686c4 100644 --- a/kubernetes/common/elasticsearch/templates/secrets.yaml +++ b/kubernetes/common/elasticsearch/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada # Copyright © 2019 Samsung Electronics # @@ -12,4 +13,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/common/elasticsearch/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml index 49ad504da6..a9b54882f1 100644 --- a/kubernetes/common/elasticsearch/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount diff --git a/kubernetes/common/etcd/templates/pv.yaml b/kubernetes/common/etcd/templates/pv.yaml index ed1344d4c1..ac5b7b975d 100644 --- a/kubernetes/common/etcd/templates/pv.yaml +++ b/kubernetes/common/etcd/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- $global := . }} {{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} diff --git a/kubernetes/common/etcd/templates/service.yaml b/kubernetes/common/etcd/templates/service.yaml index 4268dd6d2c..04fc93af00 100644 --- a/kubernetes/common/etcd/templates/service.yaml +++ b/kubernetes/common/etcd/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright 2019 Intel Corporation Inc # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index fcab51cb59..c45648f757 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Intel Corporation Inc # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet metadata: diff --git a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh index 42c5c89726..678761736a 100755 --- a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh +++ b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh @@ -32,8 +32,9 @@ if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql fi -function prepare_password { - echo -n $1 | sed -e "s/'/''/g" +prepare_password() +{ + echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" } mysql_root_password=`prepare_password $MYSQL_ROOT_PASSWORD` diff --git a/kubernetes/common/mariadb-init/templates/_mariadb.tpl b/kubernetes/common/mariadb-init/templates/_mariadb.tpl index af9a4f5f02..5563fe714d 100644 --- a/kubernetes/common/mariadb-init/templates/_mariadb.tpl +++ b/kubernetes/common/mariadb-init/templates/_mariadb.tpl @@ -1,5 +1,6 @@ {{/* # Copyright © 2019 Orange +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,3 +21,15 @@ {{- define "mariadbInit.mariadbClusterSecret" -}} {{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride)) -}} {{- end -}} + +{{- define "mariadbInit._updateSecrets" -}} + {{- if not .Values.secretsUpdated }} + {{- $global := . }} + {{- range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }} + {{- $item := dict "uid" $db "type" "basicAuth" "externalSecret" (default "" $dbInfos.externalSecret) "login" (default "" $dbInfos.user) "password" (default "" $dbInfos.password) "passwordPolicy" "required" }} + {{- $newList := append $global.Values.secrets $item }} + {{- $_ := set $global.Values "secrets" $newList }} + {{- end -}} + {{ $_ := set $global.Values "secretsUpdated" true }} + {{- end -}} +{{- end -}} diff --git a/kubernetes/common/mariadb-init/templates/configmap.yaml b/kubernetes/common/mariadb-init/templates/configmap.yaml index 0144ec1907..d021d60b8d 100644 --- a/kubernetes/common/mariadb-init/templates/configmap.yaml +++ b/kubernetes/common/mariadb-init/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Orange # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml index 3149f94611..cccb118787 100644 --- a/kubernetes/common/mariadb-init/templates/job.yaml +++ b/kubernetes/common/mariadb-init/templates/job.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Orange # Copyright © 2020 Samsung Electronics # @@ -12,6 +13,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} + +{{ include "mariadbInit._updateSecrets" . -}} apiVersion: batch/v1 kind: Job @@ -38,7 +42,7 @@ spec: - /app/ready.py args: - --container-name - - {{ .Values.global.mariadbGalera.nameOverride }} + - {{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.containerName }} env: - name: NAMESPACE valueFrom: @@ -56,21 +60,21 @@ spec: - /db_init/db_init.sh env: - name: DB_HOST - value: "{{ .Values.global.mariadbGalera.nameOverride }}" + value: "{{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.serviceName }}" - name: DB_PORT - value: "{{ .Values.global.mariadbGalera.servicePort }}" + value: "{{ default .Values.global.mariadbGalera.servicePort .Values.mariadbGalera.servicePort }}" - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }} - name: {{ printf "MYSQL_USER_%s" .Values.config.mysqlDatabase | upper }} - {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }} - name: {{ printf "MYSQL_PASSWORD_%s" .Values.config.mysqlDatabase | upper }} - {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }} {{- $root := . }} {{ range $db, $_values := .Values.config.mysqlAdditionalDatabases }} - name: {{ printf "MYSQL_USER_%s" $db | upper }} - {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "login") | indent 10 }} - name: {{ printf "MYSQL_PASSWORD_%s" $db | upper }} - {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "password") | indent 10 }} {{ end }} volumeMounts: - mountPath: /etc/localtime diff --git a/kubernetes/common/mariadb-init/templates/secret.yaml b/kubernetes/common/mariadb-init/templates/secret.yaml index 71a89d019b..a9d9e0b704 100644 --- a/kubernetes/common/mariadb-init/templates/secret.yaml +++ b/kubernetes/common/mariadb-init/templates/secret.yaml @@ -1,4 +1,6 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada, Orange +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,27 +13,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -{{- define "mariadb-init._update-secrets" -}} - {{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }} -{{ printf "- uid: %s" $db }} -{{ printf " type: basicAuth" }} - {{- if $dbInfos.externalSecret }} -{{ printf " externalSecret: %s" $dbInfos.externalSecret }} - {{- end }} -{{ printf " login: %s" $dbInfos.user }} -{{ printf " password: %s" $dbInfos.password }} -{{ printf " passwordPolicy: required" }} - {{- end -}} -{{- end -}} +{{ include "mariadbInit._updateSecrets" . -}} -{{ $global := . }} -{{ $secretsString := .Values.secrets | toYaml | indent 2 }} -{{ $additionalSecretsString := (include "mariadb-init._update-secrets" .) | indent 2 }} -{{ $finalSecretsString := (cat "\nsecrets:\n" $secretsString $additionalSecretsString) | replace " -" " -" }} -{{ $finalSecrets := ($finalSecretsString | fromYaml).secrets }} - -{{ $newValues := set $global.Values "secrets" $finalSecrets }} -{{ $tmpGlobal := set $global "Values" $newValues }} - -{{ include "common.secret" $tmpGlobal }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml index 0f6d4f8a1e..dd5d208190 100644 --- a/kubernetes/common/mariadb-init/values.yaml +++ b/kubernetes/common/mariadb-init/values.yaml @@ -32,8 +32,8 @@ global: secrets: - uid: root-password type: password - externalSecret: '{{ tpl (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) . }}' - password: '{{ tpl (default "" .global.mariadbGalera.userRootPassword) . }}' + externalSecret: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootSecret) (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}' + password: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootPassword) (default "" .Values.global.mariadbGalera.userRootPassword) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}' - uid: '{{ .Values.config.mysqlDatabase }}' type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}' @@ -51,6 +51,15 @@ pullPolicy: IfNotPresent # Set it if you want to change the name of the different components # nameOverride: +mariadbGalera: {} +# serviceName: some-name +# containerName: some-name +# servicePort: 3306 +# userRootPassword: some-password +# userRootSecret: some-secret-name +# userRootSecretKey: password + + config: userPassword: Ci@shsOd3pky1Vji userName: u5WZ1GMSIS1wHZF diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml index 111bc80586..abc71b3133 100644 --- a/kubernetes/common/mongo/templates/statefulset.yaml +++ b/kubernetes/common/mongo/templates/statefulset.yaml @@ -36,10 +36,15 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: +{{ include "common.podSecurityContext" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - docker-entrypoint.sh + args: + - --nounixsocket env: - name: MONGO_INITDB_DATABASE value: "{{ .Values.config.dbName }}" @@ -68,6 +73,7 @@ spec: mountPath: /var/lib/mongo resources: {{ include "common.resources" . | indent 12 }} +{{ include "common.containerSecurityContext" . | indent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} diff --git a/kubernetes/common/mongo/values.yaml b/kubernetes/common/mongo/values.yaml index d272f706ea..d8988c3ae7 100644 --- a/kubernetes/common/mongo/values.yaml +++ b/kubernetes/common/mongo/values.yaml @@ -83,6 +83,10 @@ service: rpcbindPort: 111 rpcbindUdpPort: 111 +securityContext: + user_id: 999 + group_id: 999 + ingress: enabled: false diff --git a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml b/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml index fbdac61a9e..5ae944a568 100644 --- a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml +++ b/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml @@ -26,17 +26,6 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - {{ .Chart.Name }} - topologyKey: kubernetes.io/hostname serviceName: {{ include "common.servicename" . }} replicas: {{ .Values.replicaCount }} selector: @@ -133,5 +122,3 @@ spec: requests: storage: {{ .Values.persistence.size | quote }} {{- end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/music/charts/music/templates/configmap.yaml b/kubernetes/common/music/charts/music/templates/configmap.yaml index 4023f343df..d42cf2e7e0 100644 --- a/kubernetes/common/music/charts/music/templates/configmap.yaml +++ b/kubernetes/common/music/charts/music/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017-2020 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/music/charts/music/templates/deployment.yaml b/kubernetes/common/music/charts/music/templates/deployment.yaml index 81c3c2049d..63b5ab0974 100644 --- a/kubernetes/common/music/charts/music/templates/deployment.yaml +++ b/kubernetes/common/music/charts/music/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017-2020 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -77,7 +79,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: -{{ toYaml .Values.resources | indent 12 }} +{{ include "common.resources" . | indent 12 }} env: - name: SPRING_OPTS value: "{{ .Values.springOpts }}" diff --git a/kubernetes/common/music/charts/music/templates/secrets.yaml b/kubernetes/common/music/charts/music/templates/secrets.yaml index 5d5f5bb397..15791a85d7 100644 --- a/kubernetes/common/music/charts/music/templates/secrets.yaml +++ b/kubernetes/common/music/charts/music/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/common/music/charts/music/templates/service.yaml b/kubernetes/common/music/charts/music/templates/service.yaml index ca774c9b5b..3bd32a9419 100644 --- a/kubernetes/common/music/charts/music/templates/service.yaml +++ b/kubernetes/common/music/charts/music/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017-2020 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }} diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index 456aa32bc0..9ce9b88644 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -30,7 +30,6 @@ metadata: heritage: {{ $dot.Release.Service }} name: "{{ index $dot.Values "container" "name" $pgMode }}" spec: - serviceName: {{ $dot.Values.service.name }} replicas: 1 selector: matchLabels: diff --git a/kubernetes/common/postgres/templates/configmap.yaml b/kubernetes/common/postgres/templates/configmap.yaml index 26ba390040..e8bfd1194a 100644 --- a/kubernetes/common/postgres/templates/configmap.yaml +++ b/kubernetes/common/postgres/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml index 64268abb33..28d974c815 100644 --- a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml @@ -36,13 +36,13 @@ spec: {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ ( index .Values.service.ports 0).port }} + port: {{ include "common.getPort" (dict "global" . "name" "http") }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{ ( index .Values.service.ports 0).port }} + port: {{ include "common.getPort" (dict "global" . "name" "http") }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml index 8756d57516..8b8c16c287 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml +++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml @@ -217,6 +217,7 @@ <appender-ref ref="asyncDebug" /> <appender-ref ref="asyncError" /> <appender-ref ref="asyncJettyLog" /> + <appender-ref ref="STDOUT" /> </root> </configuration>
\ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml index dba613c33c..73446ee3ec 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml @@ -402,6 +402,7 @@ <appender-ref ref="asyncEELFError" /> <appender-ref ref="asyncEELFjettylog" /> <appender-ref ref="asyncEELFDebug" /> + <appender-ref ref="STDOUT" /> </root> </configuration>
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml index f02a2db764..ad2ce2b92a 100644 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml @@ -20,11 +20,6 @@ <jmxConfigurator /> <property name="logDirectory" value="${AJSC_HOME}/log" /> <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>ERROR</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> <encoder> <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n </pattern> diff --git a/kubernetes/esr/charts/esr-server/resources/config/logback.xml b/kubernetes/esr/charts/esr-server/resources/config/logback.xml index c647f3d1e1..fcc9f250d9 100644 --- a/kubernetes/esr/charts/esr-server/resources/config/logback.xml +++ b/kubernetes/esr/charts/esr-server/resources/config/logback.xml @@ -15,35 +15,38 @@ # limitations under the License. --> -<configuration scan="false" debug="true"> - <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/> - <property name="p_lvl" value="%level"/> - <property name="p_log" value="%logger"/> - <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/> - <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/> - <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/> - <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/> - <property name="p_thr" value="%thread"/> - <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/> - - <property name="logDir" value="/var/log/onap" /> - <property name="debugDir" value="/var/log/onap" /> - - <property name="componentName" value="esr"></property> - <property name="subComponentName" value="esr-server"></property> +<configuration scan="{{ .Values.log.scan.enabled }}" debug="{{ .Values.log.debug }}"> + + <property name="componentName" value='{{default "UNSET_COMPONENT" .Values.log.componentName}}'/> + <property name="subcomponentName" value='{{default "UNSET_SUBCOMPONENT" .Values.log.subcomponentName}}'/> + + <property name="logDir" value="{{ .Values.log.logDir }}" /> + <property name="queueSize" value="{{ .Values.log.queueSize }}"/> + + <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/> + <property name="p_lvl" value="%level"/> + <property name="p_log" value="%logger"/> + <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/> + <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/> + <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/> + <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/> + <property name="p_thr" value="%thread"/> + <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/> <property name="errorLogName" value="error" /> <property name="metricsLogName" value="metrics" /> <property name="auditLogName" value="audit" /> <property name="debugLogName" value="debug" /> - <property name="errorPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" /> - <property name="debugPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" /> - + <property name="errorPattern" value="${p_tim}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" /> + <property name="debugPattern" value="${p_tim}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" /> <property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" /> <property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" /> + <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" /> + + <!-- Console (human-readable) logging --> + <property name="consolePattern" value="%nopexception${p_log}\t${p_tim}\t${p_lvl}\t%message\t${p_mdc}\t%rootException\t${p_mak}\t${p_thr}%n"/> <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender"> @@ -57,7 +60,7 @@ </appender> <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> + <queueSize>${queueSize}</queueSize> <appender-ref ref="EELFAudit" /> </appender> @@ -73,7 +76,7 @@ </appender> <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> + <queueSize>${queueSize}</queueSize> <appender-ref ref="EELFMetrics"/> </appender> @@ -93,16 +96,16 @@ </appender> <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> + <queueSize>${queueSize}</queueSize> <appender-ref ref="EELFError"/> </appender> <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${debugLogDirectory}/${debugLogName}.log</file> + <file>${logDirectory}/${debugLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${debugLogDirectory}/${debugLogName}.log.%d</fileNamePattern> + <fileNamePattern>${logDirectory}/${debugLogName}.log.%d</fileNamePattern> </rollingPolicy> <encoder> <pattern>${debugPattern}</pattern> @@ -110,11 +113,17 @@ </appender> <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> + <queueSize>${queueSize}</queueSize> <appender-ref ref="EELFDebug" /> <includeCallerData>true</includeCallerData> </appender> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${consolePattern}</pattern> + </encoder> + </appender> + <logger name="com.att.eelf.audit" level="info" additivity="false"> <appender-ref ref="asyncEELFAudit" /> </logger> @@ -127,9 +136,9 @@ <appender-ref ref="asyncEELFError" /> </logger> - <root level="INFO"> + <root level="{{ .Values.log.root.level }}"> <appender-ref ref="asyncEELFDebug" /> + <appender-ref ref="STDOUT" /> </root> -</configuration> - +</configuration>
\ No newline at end of file diff --git a/kubernetes/esr/charts/esr-server/values.yaml b/kubernetes/esr/charts/esr-server/values.yaml index 6008f1f747..0177690e80 100644 --- a/kubernetes/esr/charts/esr-server/values.yaml +++ b/kubernetes/esr/charts/esr-server/values.yaml @@ -64,6 +64,17 @@ service: ingress: enabled: false +log: + componentName: esr + subcomponentName: esr-server + debug: true + scan: + enabled: false + logDir: /var/log/onap + queueSize: 256 + root: + level: INFO + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little diff --git a/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml b/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml index af0b2b975c..3781d96328 100644 --- a/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml +++ b/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml @@ -41,6 +41,12 @@ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" /> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${errorPattern}</pattern> + </encoder> + </appender> + <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender"> <file>${logDirectory}/${auditLogName}.log</file> @@ -125,6 +131,7 @@ <root level="INFO"> <appender-ref ref="asyncEELFDebug" /> + <appender-ref ref="STDOUT" /> </root> </configuration> diff --git a/kubernetes/msb/charts/msb-eag/resources/config/logback.xml b/kubernetes/msb/charts/msb-eag/resources/config/logback.xml index 49d5e64896..6dc4443d6e 100644 --- a/kubernetes/msb/charts/msb-eag/resources/config/logback.xml +++ b/kubernetes/msb/charts/msb-eag/resources/config/logback.xml @@ -41,6 +41,12 @@ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" /> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${errorPattern}</pattern> + </encoder> + </appender> + <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender"> <file>${logDirectory}/${auditLogName}.log</file> @@ -125,6 +131,7 @@ <root level="INFO"> <appender-ref ref="asyncEELFDebug" /> + <appender-ref ref="STDOUT" /> </root> </configuration> diff --git a/kubernetes/msb/charts/msb-iag/resources/config/logback.xml b/kubernetes/msb/charts/msb-iag/resources/config/logback.xml index bceefc500c..65ff43485a 100644 --- a/kubernetes/msb/charts/msb-iag/resources/config/logback.xml +++ b/kubernetes/msb/charts/msb-iag/resources/config/logback.xml @@ -41,6 +41,12 @@ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" /> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${errorPattern}</pattern> + </encoder> + </appender> + <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender"> <file>${logDirectory}/${auditLogName}.log</file> @@ -125,6 +131,7 @@ <root level="INFO"> <appender-ref ref="asyncEELFDebug" /> + <appender-ref ref="STDOUT" /> </root> </configuration> diff --git a/kubernetes/multicloud/charts/multicloud-k8s/values.yaml b/kubernetes/multicloud/charts/multicloud-k8s/values.yaml index 2cdbba77c0..b9fa617d94 100644 --- a/kubernetes/multicloud/charts/multicloud-k8s/values.yaml +++ b/kubernetes/multicloud/charts/multicloud-k8s/values.yaml @@ -73,6 +73,23 @@ mongo: mountSubPath: multicloud-k8s/mongo/data enabled: true disableNfsProvisioner: true + flavor: &storage_flavor large + resources: &storage_resources + small: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 10m + memory: 75Mi + large: + limits: + cpu: 200m + memory: 1Gi + requests: + cpu: 50m + memory: 300Mi + unlimited: {} #etcd chart overrides for k8splugin etcd: @@ -82,6 +99,8 @@ etcd: persistence: mountSubPath: multicloud-k8s/etcd/data enabled: true + flavor: *storage_flavor + resources: *storage_resources # No persistence right now as we rely on Mongo to handle that persistence: diff --git a/kubernetes/oof/Makefile b/kubernetes/oof/Makefile index e27258aafc..a116386dce 100644 --- a/kubernetes/oof/Makefile +++ b/kubernetes/oof/Makefile @@ -15,3 +15,7 @@ make-has: cd charts && helm dep up oof-has cd charts && helm dep up oof-cmso + +clean: + @find . -type f -name '*.tgz' -delete + @find . -type f -name '*.lock' -delete diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml index 15ce71b716..2f12eec5c0 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -48,6 +49,20 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + - name: {{ include "common.name" . }}-db-config-readiness + command: + - /app/ready.py + args: + - -j + - "{{ include "common.release" . }}-cmso-db-config-config-job" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-chown command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"] image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" @@ -64,11 +79,11 @@ spec: - name: DB_PORT value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db.root }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} - name: DB_SCHEMA value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}} terminationMessagePolicy: File volumeMounts: - name: {{ include "common.fullname" . }}-config @@ -85,11 +100,11 @@ spec: - name: DB_PORT value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db.root }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} - name: DB_SCHEMA value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}} - name: JAVA_TRUSTSTORE value: /share/etc/certs/{{ .Values.global.truststoreFile }} - name: SSL_KEYSTORE diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml index 5de87f5be1..e511728261 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2019 AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -39,11 +40,6 @@ debugEnabled: false # Secrets metaconfig ################################################################# secrets: - - uid: cmso-db-root-password - type: password - password: '{{ .Values.config.db.rootPassword }}' - externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' - policy: required - uid: cmso-db-user-secret type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' @@ -88,7 +84,6 @@ service: config: db: port: 3306 - root: root # rootPassword: pass # rootPasswordExternalSecret: some secret # user: cmso-admin diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml index ff37e8f218..cb7a76f546 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml @@ -1,4 +1,5 @@ # Copyright (c) 2018 AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -48,6 +49,20 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + - name: {{ include "common.name" . }}-db-config-readiness + command: + - /app/ready.py + args: + - -j + - "{{ include "common.release" . }}-cmso-db-config-config-job" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-chown command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"] image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" @@ -64,11 +79,11 @@ spec: - name: DB_PORT value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db.root }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} - name: DB_SCHEMA value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}} terminationMessagePolicy: File volumeMounts: - name: {{ include "common.fullname" . }}-config diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml index f8326272c6..d086411704 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2018-2019 AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -39,11 +40,6 @@ debugEnabled: false # Secrets metaconfig ################################################################# secrets: - - uid: cmso-db-root-password - type: password - password: '{{ .Values.config.db.rootPassword }}' - externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' - policy: required - uid: cmso-db-user-secret type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' @@ -88,7 +84,6 @@ service: config: db: port: 3306 - root: root # rootPassword: pass # rootPasswordExternalSecret: some secret # user: cmso-admin diff --git a/kubernetes/oof/charts/oof-cmso/requirements.yaml b/kubernetes/oof/charts/oof-cmso/requirements.yaml index d95b2e76ae..e631333861 100644 --- a/kubernetes/oof/charts/oof-cmso/requirements.yaml +++ b/kubernetes/oof/charts/oof-cmso/requirements.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,3 +23,6 @@ dependencies: - name: mariadb-galera version: ~6.x-0 repository: '@local' + - name: mariadb-init + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/oof/charts/oof-cmso/values.yaml b/kubernetes/oof/charts/oof-cmso/values.yaml index b1c3561538..d712965d59 100644 --- a/kubernetes/oof/charts/oof-cmso/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,24 +18,31 @@ ################################################################# secrets: - uid: cmso-db-root-password - name: '{{ include "common.release" . }}-cmso-db-root-password' + name: &rootPassword '{{ include "common.release" . }}-cmso-db-root-password' type: password password: '' policy: generate + - uid: cmso-service-db-secret + name: &serviceDbCreds '{{ include "common.release" . }}-cmso-service-db-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.service.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.service.userName }}' + password: '{{ .Values.config.db.service.userPassword }}' + passwordPolicy: generate - uid: cmso-db-secret - name: '{{ include "common.release" . }}-cmso-db-secret' + name: &optimizerDbCreds '{{ include "common.release" . }}-cmso-optimizer-db-secret' type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' - login: '{{ .Values.config.db.userName }}' - password: '{{ .Values.config.db.userPassword }}' + externalSecret: '{{ tpl (default "" .Values.config.db.optimizer.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.optimizer.userName }}' + password: '{{ .Values.config.db.optimizer.userPassword }}' passwordPolicy: generate mariadb-galera: replicaCount: 1 - nameOverride: cmso-db + nameOverride: &containerName cmso-db service: type: ClusterIP - name: oof-cmso-dbhost + name: &serviceName oof-cmso-dbhost portName: cmso-dbhost nfsprovisionerPrefix: cmso sdnctlPrefix: cmso @@ -43,9 +51,9 @@ mariadb-galera: enabled: true disableNfsProvisioner: true config: - mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' - userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' - mysqlDatabase: cmso + mariadbRootPasswordExternalSecret: *rootPassword + # userCredentialsExternalSecret: *dbCreds + # mysqlDatabase: cmso externalConfig: | [mysqld] lower_case_table_names = 1 @@ -62,6 +70,20 @@ global: busyBoxImage: busybox:1.30 busyBoxRepository: docker.io +mariadb-init: + mariadbGalera: + containerName: *containerName + serviceName: *serviceName + servicePort: 3306 + userRootSecret: *rootPassword + config: + userCredentialsExternalSecret: *serviceDbCreds + mysqlDatabase: cmso + mysqlAdditionalDatabases: + optimizer: + externalSecret: *optimizerDbCreds + nameOverride: cmso-db-config + flavor: small config: @@ -69,15 +91,17 @@ config: logstashServiceName: log-ls logstashPort: 5044 db: - # userCredentialsExternalsecret: some secret - userName: cmso-admin - # userPassword: password + service: + # userCredentialsExternalsecret: some secret + userName: cmso-admin + # userPassword: password + optimizer: + userName: cmso-optimizer oof-cmso-service: config: db: - userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' - rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' + userCredentialsExternalSecret: *serviceDbCreds host: oof-cmso-dbhost container: cmso-db mysqlDatabase: cmso @@ -85,8 +109,7 @@ oof-cmso-service: oof-cmso-optimizer: config: db: - userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' - rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' + userCredentialsExternalSecret: *optimizerDbCreds host: oof-cmso-dbhost container: cmso-db mysqlDatabase: optimizer diff --git a/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml b/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml index c006eebf05..393a6bbf2e 100755 --- a/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml +++ b/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml @@ -76,7 +76,7 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: healthcheck.json resources: -{{ toYaml .Values.resources | indent 10 }} +{{ include "common.resources" . | indent 10 }} nodeSelector: {{- if .Values.nodeSelector }} {{ toYaml .Values.nodeSelector | indent 8 }} diff --git a/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml b/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml index 22cb5a17eb..a82435bccc 100755 --- a/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml +++ b/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml @@ -81,7 +81,7 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: onboard.json resources: -{{ toYaml .Values.resources | indent 10 }} +{{ include "common.resources" . | indent 10 }} nodeSelector: {{- if .Values.nodeSelector }} {{ toYaml .Values.nodeSelector | indent 8 }} diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index 79fed0c79c..e149aa596a 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -52,7 +52,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-apex-pdp:2.4.0 +image: onap/policy-apex-pdp:2.4.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml index f4360063be..5774344fd3 100755 --- a/kubernetes/policy/components/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml @@ -64,7 +64,6 @@ spec: {{- if .Values.global.aafEnabled }} command: ["bash","-c"] args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/config.json"] {{- else }} command: ["/opt/app/policy/api/bin/policy-api.sh"] diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index e6f68cba99..a94031ac95 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -84,7 +84,7 @@ certInitializer: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-api:2.3.0 +image: onap/policy-api:2.3.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml index add085f94d..414d617f77 100755 --- a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml @@ -76,7 +76,6 @@ spec: {{- if .Values.global.aafEnabled }} command: ["bash","-c"] args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ /opt/app/policy/distribution/bin/policy-dist.sh /opt/app/policy/distribution/etc/mounted/config.json"] {{- else }} command: ["/opt/app/policy/distribution/bin/policy-dist.sh"] diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index e437de06aa..9d20941773 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -70,7 +70,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-distribution:2.4.0 +image: onap/policy-distribution:2.4.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf index 184ae9aee7..a0f5ceb777 100755 --- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf @@ -57,6 +57,7 @@ PDPD_CONFIGURATION_PARTITION_KEY= POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP POLICY_PDP_PAP_GROUP=defaultGroup +POLICY_PDP_PAP_POLICYTYPES=onap.policies.controlloop.operational.common.Drools # Symmetric Key for encoded sensitive data diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf b/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf index bb2b90c1a7..17efdbc44e 100755 --- a/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf @@ -16,7 +16,10 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +{{- if not .Values.global.aafEnabled }} KEYSTORE_PASSWD={{.Values.keystore.password}} +{{- end }} + TRUSTSTORE_PASSWD={{.Values.truststore.password}} TELEMETRY_USER={{.Values.telemetry.user}} diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml index 7fb84b5ddc..29f2ef2215 100755 --- a/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} --- apiVersion: v1 kind: Secret diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml index eb1ef4203a..1498d273b2 100755 --- a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml @@ -74,6 +74,7 @@ spec: command: ["bash","-c"] args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \ source {{ .Values.certInitializer.credsPath }}/.ci; fi;\ + cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"] ports: - containerPort: {{ .Values.service.externalPort }} @@ -94,9 +95,9 @@ spec: - name: REPLICAS value: "{{ .Values.replicaCount }}" - name: SQL_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - name: SQL_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index 8a8e3c23a4..5e8c8be179 100755 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -39,7 +39,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pdpd-cl:1.7.0 +image: onap/policy-pdpd-cl:1.7.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml index 57812d4add..f07ed4a7ba 100755 --- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml @@ -78,7 +78,6 @@ spec: {{- if .Values.global.aafEnabled }} command: ["bash","-c"] args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/config.json"] {{- else }} command: ["/opt/app/policy/pap/bin/policy-pap.sh"] diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 34e322ce76..008fefd1a9 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -98,7 +98,7 @@ certInitializer: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pap:2.3.0 +image: onap/policy-pap:2.3.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml index fe8c74d4cc..a4d060ccfe 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml @@ -86,7 +86,6 @@ spec: {{- if .Values.global.aafEnabled }} command: ["bash","-c"] args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ /opt/app/policy/pdpx/bin/policy-pdpx.sh /opt/app/policy/pdpx/etc/mounted/config.json"] {{- else }} command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"] diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index e7984fb9cc..81196e1236 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -89,7 +89,7 @@ certInitializer: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-xacml-pdp:2.3.0 +image: onap/policy-xacml-pdp:2.3.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml index aea18a604e..463877b96a 100755 --- a/kubernetes/policy/templates/job.yaml +++ b/kubernetes/policy/templates/job.yaml @@ -65,6 +65,8 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: MYSQL_PORT value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}" + resources: +{{ include "common.resources" . }} restartPolicy: Never volumes: - name: {{ include "common.fullname" . }}-config diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index b337383485..714f9d928c 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -69,7 +69,7 @@ policy-distribution: enabled: true db: *dbSecretsHook policy-nexus: - enabled: true + enabled: false ################################################################# # DB configuration defaults. @@ -122,3 +122,23 @@ mariadb-galera: [mysqld] lower_case_table_names = 1 +# Resource Limit flavor -By Default using small +# Segregation for Different environment (small, large, or unlimited) +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} + diff --git a/kubernetes/sdc/Makefile b/kubernetes/sdc/Makefile new file mode 100644 index 0000000000..f2670c552d --- /dev/null +++ b/kubernetes/sdc/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pv.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/pv.yaml deleted file mode 100644 index bc110c3b0f..0000000000 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pv.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# ================================================================================ -# Copyright (C) 2019, Nordix Foundation. All rights reserved. -# ================================================================================ -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- if and .Values.persistence.enabled (not .Values.cert.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.cert.persistence.size}} - accessModes: - - {{ .Values.cert.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.cert.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" . }}-data" - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.cert.persistence.mountSubPath }} -{{- end -}} -{{- end -}} diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pvc.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/pvc.yaml deleted file mode 100644 index 006d736b63..0000000000 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pvc.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -# ================================================================================ -# Copyright (C) 2019, Nordix Foundation. All rights reserved. -# ================================================================================ -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- if and .Values.cert.persistence.enabled (not .Values.cert.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-cert - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.cert.persistence.annotations }} - annotations: -{{ toYaml .Values.cert.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.cert.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.cert.persistence.size }} -{{- end -}} diff --git a/kubernetes/sdc/components/Makefile b/kubernetes/sdc/components/Makefile new file mode 100644 index 0000000000..8d3bf2be4f --- /dev/null +++ b/kubernetes/sdc/components/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/sdc/charts/sdc-be/.helmignore b/kubernetes/sdc/components/sdc-be/.helmignore index daebc7da77..daebc7da77 100644 --- a/kubernetes/sdc/charts/sdc-be/.helmignore +++ b/kubernetes/sdc/components/sdc-be/.helmignore diff --git a/kubernetes/sdc/charts/sdc-be/Chart.yaml b/kubernetes/sdc/components/sdc-be/Chart.yaml index 3189bebf01..3189bebf01 100644 --- a/kubernetes/sdc/charts/sdc-be/Chart.yaml +++ b/kubernetes/sdc/components/sdc-be/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-be/requirements.yaml b/kubernetes/sdc/components/sdc-be/requirements.yaml new file mode 100644 index 0000000000..b1d52ae32a --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-be/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml index 0f044d7646..0f044d7646 100644 --- a/kubernetes/sdc/charts/sdc-be/resources/config/logging/logback.xml +++ b/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml diff --git a/kubernetes/sdc/charts/sdc-be/templates/NOTES.txt b/kubernetes/sdc/components/sdc-be/templates/NOTES.txt index 3a5553b84f..3a5553b84f 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/NOTES.txt +++ b/kubernetes/sdc/components/sdc-be/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-be/templates/configmap.yaml b/kubernetes/sdc/components/sdc-be/templates/configmap.yaml index ea5009914a..ea5009914a 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/configmap.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/configmap.yaml diff --git a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml index 78f2912021..e2329d7ca5 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml @@ -22,7 +22,7 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-readiness command: - /app/ready.py @@ -51,34 +51,46 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - sh args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output + cd /config-input && \ + for PFILE in `find . -not -type d | grep -v -F ..` + do + envsubst <${PFILE} >/config-output/${PFILE} + chmod 0755 /config-output/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - name: {{ include "common.fullname" . }}-environments mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ + {{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - "-c" + - | + sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh + ${JETTY_BASE}/startup.sh + {{- end }} ports: {{ include "common.containerPorts" . | nindent 10 }} {{ if eq .Values.liveness.enabled true }} livenessProbe: @@ -100,7 +112,7 @@ spec: resources: {{ include "common.resources" . | nindent 12 }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: cassandra_ssl_enabled @@ -112,10 +124,10 @@ spec: volumeMounts: - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime @@ -142,13 +154,10 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap diff --git a/kubernetes/sdc/charts/sdc-be/templates/ingress.yaml b/kubernetes/sdc/components/sdc-be/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/ingress.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/ingress.yaml diff --git a/kubernetes/sdc/charts/sdc-be/templates/job.yaml b/kubernetes/sdc/components/sdc-be/templates/job.yaml index 8a5f2fae18..d9c3e510eb 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/job.yaml @@ -56,7 +56,7 @@ spec: mountPath: /var/lib/jetty/logs env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: HOST_IP valueFrom: fieldRef: diff --git a/kubernetes/sdc/charts/sdc-be/templates/service.yaml b/kubernetes/sdc/components/sdc-be/templates/service.yaml index a0d0f5b438..a0d0f5b438 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/service.yaml diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index a2f1f0c93c..03894869e4 100644 --- a/kubernetes/sdc/charts/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -21,6 +21,18 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + cassandra: + #This flag allows SDC to instantiate its own cluster, serviceName + #should be sdc-cs if this flag is enabled + localCluster: false + #The cassandra service name to connect to (default: shared cassandra service) + serviceName: cassandra + #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled + #to match with its own cluster replica + replicaCount: 3 + clusterName: cassandra + dataCenter: Pod ################################################################# # Application configuration defaults. @@ -34,6 +46,33 @@ pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false +#environment file +env: + name: AUTO + +certInitializer: + nameOverride: sdc-be-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop + +################################################################# +# SDC Config part +################################################################# config: javaOptions: "-Xmx1536m -Xms1536m" cassandraSslEnabled: "false" diff --git a/kubernetes/sdc/charts/sdc-cs/.helmignore b/kubernetes/sdc/components/sdc-cs/.helmignore index daebc7da77..daebc7da77 100644 --- a/kubernetes/sdc/charts/sdc-cs/.helmignore +++ b/kubernetes/sdc/components/sdc-cs/.helmignore diff --git a/kubernetes/sdc/charts/sdc-cs/Chart.yaml b/kubernetes/sdc/components/sdc-cs/Chart.yaml index 973ca4512e..973ca4512e 100644 --- a/kubernetes/sdc/charts/sdc-cs/Chart.yaml +++ b/kubernetes/sdc/components/sdc-cs/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-cs/requirements.yaml b/kubernetes/sdc/components/sdc-cs/requirements.yaml new file mode 100644 index 0000000000..5969143629 --- /dev/null +++ b/kubernetes/sdc/components/sdc-cs/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-cs/templates/NOTES.txt b/kubernetes/sdc/components/sdc-cs/templates/NOTES.txt index 3a5553b84f..3a5553b84f 100644 --- a/kubernetes/sdc/charts/sdc-cs/templates/NOTES.txt +++ b/kubernetes/sdc/components/sdc-cs/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-cs/templates/job.yaml b/kubernetes/sdc/components/sdc-cs/templates/job.yaml index ff32a87588..0c98d67be4 100644 --- a/kubernetes/sdc/charts/sdc-cs/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-cs/templates/job.yaml @@ -62,7 +62,7 @@ spec: mountPath: /home/sdc/chef-solo/cache env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: RELEASE value: {{ .Values.config.release }} - name: SDC_USER diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index 5cf3065a09..0738ca755d 100644 --- a/kubernetes/sdc/charts/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -21,6 +21,17 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + cassandra: + #This flag allows SDC to instantiate its own cluster, serviceName + #should be sdc-cs if this flag is enabled + localCluster: false + #The cassandra service name to connect to (default: shared cassandra service) + serviceName: cassandra + #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled + #to match with its own cluster replica + replicaCount: 3 + clusterName: cassandra + dataCenter: Pod ################################################################# # Application configuration defaults. @@ -37,6 +48,10 @@ config: maxHeapSize: "1536M" heapNewSize: "512M" +#environment file +env: + name: AUTO + # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/charts/sdc-dcae-be/.helmignore b/kubernetes/sdc/components/sdc-dcae-be/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/.helmignore +++ b/kubernetes/sdc/components/sdc-dcae-be/.helmignore diff --git a/kubernetes/sdc/charts/sdc-dcae-be/Chart.yaml b/kubernetes/sdc/components/sdc-dcae-be/Chart.yaml index ca6e48d03d..ca6e48d03d 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/Chart.yaml +++ b/kubernetes/sdc/components/sdc-dcae-be/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-dcae-be/requirements.yaml b/kubernetes/sdc/components/sdc-dcae-be/requirements.yaml new file mode 100644 index 0000000000..b1d52ae32a --- /dev/null +++ b/kubernetes/sdc/components/sdc-dcae-be/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-dcae-be/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-dcae-be/resources/config/logging/logback.xml index 8d1e5cd4ea..8d1e5cd4ea 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/resources/config/logging/logback.xml +++ b/kubernetes/sdc/components/sdc-dcae-be/resources/config/logging/logback.xml diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/NOTES.txt b/kubernetes/sdc/components/sdc-dcae-be/templates/NOTES.txt index 41f9706fec..41f9706fec 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/templates/NOTES.txt +++ b/kubernetes/sdc/components/sdc-dcae-be/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/configmap.yaml b/kubernetes/sdc/components/sdc-dcae-be/templates/configmap.yaml index 5c6af2085a..5c6af2085a 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/templates/configmap.yaml +++ b/kubernetes/sdc/components/sdc-dcae-be/templates/configmap.yaml diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-dcae-be/templates/deployment.yaml index a8e9403ef4..4ddb229876 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-dcae-be/templates/deployment.yaml @@ -33,7 +33,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-readiness command: - /app/ready.py @@ -62,34 +62,46 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - sh + - sh args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output + cd /config-input && \ + for PFILE in `find . -not -type d | grep -v -F ..` + do + envsubst <${PFILE} >/config-output/${PFILE} + chmod 0755 /config-output/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: {{ include "common.fullname" . }}-environments mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ + {{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - "-c" + - | + sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh + ${JETTY_BASE}/startup.sh + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} @@ -109,7 +121,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: HOST_IP @@ -119,10 +131,10 @@ spec: volumeMounts: - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime @@ -160,13 +172,10 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml b/kubernetes/sdc/components/sdc-dcae-be/templates/job.yaml index 5be29eee97..d85c6bf491 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-dcae-be/templates/job.yaml @@ -55,7 +55,7 @@ spec: mountPath: /var/lib/jetty/chef-solo/environments env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: HOST_IP valueFrom: fieldRef: diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/service.yaml b/kubernetes/sdc/components/sdc-dcae-be/templates/service.yaml index 71edaf5734..71edaf5734 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-dcae-be/templates/service.yaml diff --git a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml b/kubernetes/sdc/components/sdc-dcae-be/values.yaml index ece8ed5426..351c88c70d 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml +++ b/kubernetes/sdc/components/sdc-dcae-be/values.yaml @@ -20,6 +20,30 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-dcae-be-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. @@ -33,6 +57,10 @@ backendInitImage: onap/dcae-tools:1.3.4 # flag to enable debugging - application support required debugEnabled: false +#environment file +env: + name: AUTO + config: javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-be/logback-spring.xml cassandraSslEnabled: "false" diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/Chart.yaml b/kubernetes/sdc/components/sdc-dcae-dt/Chart.yaml index ae38135e2e..ae38135e2e 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/Chart.yaml +++ b/kubernetes/sdc/components/sdc-dcae-dt/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-dcae-dt/requirements.yaml b/kubernetes/sdc/components/sdc-dcae-dt/requirements.yaml new file mode 100644 index 0000000000..b1d52ae32a --- /dev/null +++ b/kubernetes/sdc/components/sdc-dcae-dt/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-dcae-dt/resources/config/logging/logback.xml index 89fd30159c..89fd30159c 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/resources/config/logging/logback.xml +++ b/kubernetes/sdc/components/sdc-dcae-dt/resources/config/logging/logback.xml diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/NOTES.txt b/kubernetes/sdc/components/sdc-dcae-dt/templates/NOTES.txt index 0063bb6c80..0063bb6c80 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/NOTES.txt +++ b/kubernetes/sdc/components/sdc-dcae-dt/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/configmap.yaml b/kubernetes/sdc/components/sdc-dcae-dt/templates/configmap.yaml index 257803fd91..257803fd91 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/configmap.yaml +++ b/kubernetes/sdc/components/sdc-dcae-dt/templates/configmap.yaml diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml b/kubernetes/sdc/components/sdc-dcae-dt/templates/deployment.yaml index e3f1b5da1e..58410ecf66 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-dcae-dt/templates/deployment.yaml @@ -33,7 +33,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-readiness command: - /app/ready.py @@ -62,30 +62,33 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - sh + - sh args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output + cd /config-input && \ + for PFILE in `find . -not -type d | grep -v -F ..` + do + envsubst <${PFILE} >/config-output/${PFILE} + chmod 0755 /config-output/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: {{ include "common.fullname" . }}-environments mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ + {{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -108,7 +111,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: HOST_IP @@ -118,10 +121,10 @@ spec: volumeMounts: - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime @@ -155,13 +158,10 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/ingress.yaml b/kubernetes/sdc/components/sdc-dcae-dt/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/ingress.yaml +++ b/kubernetes/sdc/components/sdc-dcae-dt/templates/ingress.yaml diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/service.yaml b/kubernetes/sdc/components/sdc-dcae-dt/templates/service.yaml index 88445c1d56..88445c1d56 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-dcae-dt/templates/service.yaml diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml b/kubernetes/sdc/components/sdc-dcae-dt/values.yaml index 96ba894fbf..17826716f6 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml +++ b/kubernetes/sdc/components/sdc-dcae-dt/values.yaml @@ -20,6 +20,30 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-dcae-dt-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. @@ -31,6 +55,10 @@ pullPolicy: IfNotPresent config: javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml +#environment file +env: + name: AUTO + # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/.helmignore b/kubernetes/sdc/components/sdc-dcae-fe/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/.helmignore +++ b/kubernetes/sdc/components/sdc-dcae-fe/.helmignore diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/Chart.yaml b/kubernetes/sdc/components/sdc-dcae-fe/Chart.yaml index 7eb7782cac..7eb7782cac 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/Chart.yaml +++ b/kubernetes/sdc/components/sdc-dcae-fe/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-dcae-fe/requirements.yaml b/kubernetes/sdc/components/sdc-dcae-fe/requirements.yaml new file mode 100644 index 0000000000..b1d52ae32a --- /dev/null +++ b/kubernetes/sdc/components/sdc-dcae-fe/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-dcae-fe/resources/config/logging/logback.xml index 8dbf347dc7..8dbf347dc7 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/resources/config/logging/logback.xml +++ b/kubernetes/sdc/components/sdc-dcae-fe/resources/config/logging/logback.xml diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/NOTES.txt b/kubernetes/sdc/components/sdc-dcae-fe/templates/NOTES.txt index 0063bb6c80..0063bb6c80 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/NOTES.txt +++ b/kubernetes/sdc/components/sdc-dcae-fe/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/configmap.yaml b/kubernetes/sdc/components/sdc-dcae-fe/templates/configmap.yaml index 257803fd91..257803fd91 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/configmap.yaml +++ b/kubernetes/sdc/components/sdc-dcae-fe/templates/configmap.yaml diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-dcae-fe/templates/deployment.yaml index 4f3f700084..f916ce5337 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-dcae-fe/templates/deployment.yaml @@ -33,7 +33,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-readiness command: - /app/ready.py @@ -62,30 +62,33 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - sh + - sh args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output + cd /config-input && \ + for PFILE in `find . -not -type d | grep -v -F ..` + do + envsubst <${PFILE} >/config-output/${PFILE} + chmod 0755 /config-output/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: {{ include "common.fullname" . }}-environments mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ + {{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -108,7 +111,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: HOST_IP @@ -118,10 +121,10 @@ spec: volumeMounts: - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime @@ -159,13 +162,10 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/ingress.yaml b/kubernetes/sdc/components/sdc-dcae-fe/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/ingress.yaml +++ b/kubernetes/sdc/components/sdc-dcae-fe/templates/ingress.yaml diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-dcae-fe/templates/service.yaml index e1f541b6b1..e1f541b6b1 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-dcae-fe/templates/service.yaml diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml b/kubernetes/sdc/components/sdc-dcae-fe/values.yaml index f4a9dfb08f..f4d06454a3 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-dcae-fe/values.yaml @@ -20,6 +20,30 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-dcae-fe-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. @@ -31,6 +55,10 @@ pullPolicy: Always config: javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml +#environment file +env: + name: AUTO + # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/.helmignore b/kubernetes/sdc/components/sdc-dcae-tosca-lab/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/.helmignore +++ b/kubernetes/sdc/components/sdc-dcae-tosca-lab/.helmignore diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/Chart.yaml b/kubernetes/sdc/components/sdc-dcae-tosca-lab/Chart.yaml index f851518a4e..f851518a4e 100644 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/Chart.yaml +++ b/kubernetes/sdc/components/sdc-dcae-tosca-lab/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-dcae-tosca-lab/requirements.yaml b/kubernetes/sdc/components/sdc-dcae-tosca-lab/requirements.yaml new file mode 100644 index 0000000000..5969143629 --- /dev/null +++ b/kubernetes/sdc/components/sdc-dcae-tosca-lab/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/NOTES.txt b/kubernetes/sdc/components/sdc-dcae-tosca-lab/templates/NOTES.txt index 41f9706fec..41f9706fec 100644 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/NOTES.txt +++ b/kubernetes/sdc/components/sdc-dcae-tosca-lab/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml b/kubernetes/sdc/components/sdc-dcae-tosca-lab/templates/deployment.yaml index 0c886a0b08..6eb1b3bae4 100644 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-dcae-tosca-lab/templates/deployment.yaml @@ -71,7 +71,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: HOST_IP diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/service.yaml b/kubernetes/sdc/components/sdc-dcae-tosca-lab/templates/service.yaml index 04661b9ea1..04661b9ea1 100644 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-dcae-tosca-lab/templates/service.yaml diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml b/kubernetes/sdc/components/sdc-dcae-tosca-lab/values.yaml index ec5dc98893..c714ec81ee 100644 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml +++ b/kubernetes/sdc/components/sdc-dcae-tosca-lab/values.yaml @@ -36,6 +36,10 @@ config: javaOptions: -XX:MaxPermSize=256m -Xmx1024m cassandraSslEnabled: "false" +#environment file +env: + name: AUTO + # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/charts/sdc-fe/.helmignore b/kubernetes/sdc/components/sdc-fe/.helmignore index daebc7da77..daebc7da77 100644 --- a/kubernetes/sdc/charts/sdc-fe/.helmignore +++ b/kubernetes/sdc/components/sdc-fe/.helmignore diff --git a/kubernetes/sdc/charts/sdc-fe/Chart.yaml b/kubernetes/sdc/components/sdc-fe/Chart.yaml index 4794092b6c..4794092b6c 100644 --- a/kubernetes/sdc/charts/sdc-fe/Chart.yaml +++ b/kubernetes/sdc/components/sdc-fe/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-fe/requirements.yaml b/kubernetes/sdc/components/sdc-fe/requirements.yaml new file mode 100644 index 0000000000..b1d52ae32a --- /dev/null +++ b/kubernetes/sdc/components/sdc-fe/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-fe/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-fe/resources/config/logging/logback.xml index 1000982b6e..1000982b6e 100644 --- a/kubernetes/sdc/charts/sdc-fe/resources/config/logging/logback.xml +++ b/kubernetes/sdc/components/sdc-fe/resources/config/logging/logback.xml diff --git a/kubernetes/sdc/charts/sdc-fe/resources/config/plugins/plugins-configuration.yaml b/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml index f9a3b17e03..f9a3b17e03 100644 --- a/kubernetes/sdc/charts/sdc-fe/resources/config/plugins/plugins-configuration.yaml +++ b/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml diff --git a/kubernetes/sdc/charts/sdc-fe/templates/NOTES.txt b/kubernetes/sdc/components/sdc-fe/templates/NOTES.txt index 6319bfb6a3..6319bfb6a3 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/NOTES.txt +++ b/kubernetes/sdc/components/sdc-fe/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-fe/templates/configmap.yaml b/kubernetes/sdc/components/sdc-fe/templates/configmap.yaml index ba24fd705b..ba24fd705b 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/configmap.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/configmap.yaml diff --git a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml index 8b3d4e7e44..0571f4bb5d 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-job-completion image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" @@ -49,34 +49,46 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - sh + - sh args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output + cd /config-input && \ + for PFILE in `find . -not -type d | grep -v -F ..` + do + envsubst <${PFILE} >/config-output/${PFILE} + chmod 0755 /config-output/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: {{ include "common.fullname" . }}-environments mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ + {{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - "-c" + - | + sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh + ${JETTY_BASE}/startup.sh + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} @@ -98,7 +110,7 @@ spec: {{ include "common.resources" . | indent 12 }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: HOST_IP valueFrom: fieldRef: @@ -108,10 +120,10 @@ spec: volumeMounts: - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime @@ -141,13 +153,10 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap diff --git a/kubernetes/sdc/charts/sdc-fe/templates/ingress.yaml b/kubernetes/sdc/components/sdc-fe/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/ingress.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/ingress.yaml diff --git a/kubernetes/sdc/charts/sdc-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-fe/templates/service.yaml index 2133990b60..efcde572a3 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/service.yaml @@ -37,7 +37,7 @@ metadata: spec: type: {{ .Values.service.type }} ports: - {{ if not .Values.global.security.disableHttp }} + {{ if not .Values.security.disableHttp }} # setting http port only if enabled {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index 63c8ce7e72..e9ff284ffe 100644 --- a/kubernetes/sdc/charts/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -21,6 +21,30 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-fe-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. @@ -40,6 +64,13 @@ config: workflow_discovery_url: "https://sdc-wfd-fe:8443/workflows" workflow_source_url: "https://sdc.workflow.plugin.simpledemo.onap.org:30256/workflows/" +#environment file +env: + name: AUTO + +security: + disableHttp: true + # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/.helmignore b/kubernetes/sdc/components/sdc-onboarding-be/.helmignore index daebc7da77..daebc7da77 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/.helmignore +++ b/kubernetes/sdc/components/sdc-onboarding-be/.helmignore diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/Chart.yaml b/kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml index dadcc730d0..dadcc730d0 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/Chart.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml b/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml new file mode 100644 index 0000000000..aad984e8d9 --- /dev/null +++ b/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml index 515076fe30..515076fe30 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/resources/config/logging/logback.xml +++ b/kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/NOTES.txt b/kubernetes/sdc/components/sdc-onboarding-be/templates/NOTES.txt index edfb08642a..edfb08642a 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/NOTES.txt +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/configmap.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/configmap.yaml index ea5009914a..ea5009914a 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/configmap.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/configmap.yaml diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml index f2baa1fd90..6f1e2a9b61 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-job-completion image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" @@ -49,43 +49,33 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - sh + - sh args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output + cd /config-input && \ + for PFILE in `find . -not -type d | grep -v -F ..` + do + envsubst <${PFILE} >/config-output/${PFILE} + chmod 0755 /config-output/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: {{ include "common.fullname" . }}-environments mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ - - name: volume-permissions - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /bin/sh - - -c - - | - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert - securityContext: - runAsUser: 0 - volumeMounts: - - name: {{ include "common.fullname" . }}-cert-storage - mountPath: "/onboard/cert" + {{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -113,11 +103,11 @@ spec: {{ include "common.resources" . | indent 12 }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: SDC_CLUSTER_NAME - value: "SDC-CS-{{ .Values.global.env.name }}" + value: "SDC-CS-{{ .Values.env.name }}" - name: cassandra_ssl_enabled value: {{ .Values.config.cassandraSslEnabled | quote }} - name: HOST_IP @@ -135,10 +125,10 @@ spec: volumeMounts: - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime @@ -149,8 +139,6 @@ spec: - name: {{ include "common.fullname" . }}-logback mountPath: /tmp/logback.xml subPath: logback.xml - - name: {{ include "common.fullname" . }}-cert-storage - mountPath: "{{ .Values.cert.certDir }}" lifecycle: postStart: exec: @@ -167,13 +155,10 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap @@ -190,8 +175,5 @@ spec: emptyDir: { medium: "Memory" } - name: {{ include "common.fullname" . }}-logs emptyDir: {} - - name: {{ include "common.fullname" . }}-cert-storage - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-cert imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/job.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml index 39758bc943..936c7c41b5 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml @@ -56,7 +56,7 @@ spec: mountPath: /home/sdc/chef-solo/environments/ env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: HOST_IP valueFrom: fieldRef: diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/service.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml index ad6650aa86..ad6650aa86 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index f42b500376..2e5d91e76b 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -21,6 +21,42 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + persistence: {} + cassandra: + #This flag allows SDC to instantiate its own cluster, serviceName + #should be sdc-cs if this flag is enabled + localCluster: false + #The cassandra service name to connect to (default: shared cassandra service) + serviceName: cassandra + #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled + #to match with its own cluster replica + replicaCount: 3 + clusterName: cassandra + dataCenter: Pod + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-onboarding-be-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. @@ -38,6 +74,10 @@ config: javaOptions: "-Xmx1g -Xms1g" cassandraSslEnabled: "false" +#environment file +env: + name: AUTO + # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/charts/sdc-wfd-be/.helmignore b/kubernetes/sdc/components/sdc-wfd-be/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/.helmignore +++ b/kubernetes/sdc/components/sdc-wfd-be/.helmignore diff --git a/kubernetes/sdc/charts/sdc-wfd-be/Chart.yaml b/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml index 7201db2fee..7201db2fee 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/Chart.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml b/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml new file mode 100644 index 0000000000..b1d52ae32a --- /dev/null +++ b/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/NOTES.txt b/kubernetes/sdc/components/sdc-wfd-be/templates/NOTES.txt index a3c79b12a4..a3c79b12a4 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/NOTES.txt +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/_helper.tpl b/kubernetes/sdc/components/sdc-wfd-be/templates/_helper.tpl index 298a2cd673..298a2cd673 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/_helper.tpl +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/_helper.tpl diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml index 92fe5f22af..b188cdae98 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} {{- if .Values.initJob.enabled }} - name: {{ include "common.name" . }}-job-completion image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" @@ -55,6 +55,20 @@ spec: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export SERVER_SSL_KEY_PASSWORD=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export SERVER_SSL_TRUST_PASSWORD=$cadi_truststore_password + export SERVER_SSL_KEYSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} + export SERVER_SSL_TRUSTSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} + ./startup.sh + {{- end }} ports: - containerPort: {{ template "wfd-be.internalPort" . }} # disable liveness probe when breakpoints set in debugger @@ -106,28 +120,9 @@ spec: value: "{{ .Values.config.serverSSLEnabled }}" - name: SERVER_SSL_KEYSTORE_TYPE value: "{{ .Values.config.serverSSLKeyStoreType }}" - - name: SERVER_SSL_KEYSTORE_PATH - value: "{{ .Values.config.serverSSLKeyStorePath }}" - - name: SERVER_SSL_KEY_PASSWORD - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: keystore_password} - name: SERVER_SSL_TRUSTSTORE_TYPE value: "{{ .Values.config.serverSSLTrustStoreType }}" - - name: SERVER_SSL_TRUSTSTORE_PATH - value: "{{ .Values.config.serverSSLTrustStorePath }}" - - name: SERVER_SSL_TRUST_PASSWORD - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password} - volumeMounts: - - name: sdc-cert - mountPath: /keystore - subPath: org.onap.sdc.p12 - - name: sdc-cert - mountPath: /truststore - subPath: org.onap.sdc.trust.jks - volumes: - - name: sdc-cert - secret: - secretName: sdc-cert + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/ingress.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/ingress.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml index 9235cb441c..9235cb441c 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml index d9ea066ab3..d9ea066ab3 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml index 4ab95048ca..da5ae38ad5 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml @@ -21,6 +21,41 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + cassandra: + #This flag allows SDC to instantiate its own cluster, serviceName + #should be sdc-cs if this flag is enabled + localCluster: false + #The cassandra service name to connect to (default: shared cassandra service) + serviceName: cassandra + #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled + #to match with its own cluster replica + replicaCount: 3 + clusterName: cassandra + dataCenter: Pod + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-wfd-be-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. @@ -38,22 +73,19 @@ config: javaOptions: "-Xmx1536m -Xms1536m" cassandraAuthenticationEnabled: true cassandraClientPort: 9042 - sdcProtocol: HTTPS sdcEndpoint: sdc-be:8443 sdcExternalUser: workflow - serverSSLEnabled: true - serverSSLKeyStoreType: jks - serverSSLKeyStorePath: /home/sdc/etc/keystore - serverSSLTrustStoreType: jks - serverSSLTrustStorePath: /home/sdc/etc/truststore - cassandraSSLEnabled: false cassandraTrustStorePath: /home/sdc/etc/truststore +# environment file +env: + name: AUTO + # default number of instances replicaCount: 1 @@ -82,7 +114,6 @@ service: externalPort2: 8443 nodePort: "57" # only one node port. set to http or https port depending on isHttpsEnabled property - ingress: enabled: false service: @@ -91,7 +122,7 @@ ingress: port: 8443 config: ssl: "redirect" - + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/.helmignore b/kubernetes/sdc/components/sdc-wfd-fe/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/.helmignore +++ b/kubernetes/sdc/components/sdc-wfd-fe/.helmignore diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/Chart.yaml b/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml index d5ef0a4db7..d5ef0a4db7 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/Chart.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml b/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml new file mode 100644 index 0000000000..b1d52ae32a --- /dev/null +++ b/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/NOTES.txt b/kubernetes/sdc/components/sdc-wfd-fe/templates/NOTES.txt index a3c79b12a4..a3c79b12a4 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/NOTES.txt +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl b/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl index 546bab7ddf..546bab7ddf 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml index 061b765f9a..ad10480a3f 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml @@ -33,7 +33,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-readiness command: - /app/ready.py @@ -48,10 +48,39 @@ spec: fieldPath: metadata.namespace image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + - name: {{ include "common.fullname" . }}-move-cert + command: + - /bin/sh + args: + - -c + - | + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /sdc-certs/{{ .Values.certInitializer.keystoreFile }} + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /sdc-certs/{{ .Values.certInitializer.truststoreFile }} + cp {{ .Values.certInitializer.credsPath }}/mycreds.prop /sdc-certs/mycreds.prop + image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + - name: sdc-certs + mountPath: /sdc-certs + {{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - "-c" + - | + export $(grep '^c' /sdc-certs/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + export KEYSTORE_PATH=/etc/{{ .Values.certInitializer.keystoreFile }} + export TRUSTSTORE_PATH=/etc/{{ .Values.certInitializer.truststoreFile }} + ./startup.sh + {{- end }} ports: - containerPort: {{ template "wfd-fe.internalPort" . }} {{ if .Values.liveness.enabled }} @@ -68,7 +97,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: BACKEND @@ -76,16 +105,6 @@ spec: - name: IS_HTTPS value: "{{ .Values.config.isHttpsEnabled}}" {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }} - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: keystore_password} - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password} - - name: TRUSTSTORE_PATH - value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}" - - name: KEYSTORE_PATH - value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}" - name: TRUST_ALL value: "{{ .Values.config.isTrustAll}}" {{ end }} @@ -93,12 +112,17 @@ spec: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true - - name: sdc-cert - mountPath: /var/lib/jetty/etc/org.onap.sdc.p12 - subPath: org.onap.sdc.p12 - - name: sdc-cert - mountPath: /var/lib/jetty/etc/org.onap.sdc.trust.jks - subPath: org.onap.sdc.trust.jks + {{- if .Values.global.aafEnabled }} + - name: sdc-certs + mountPath: /sdc-certs + subpath: mycreds.prop + - name: sdc-certs + mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.keystoreFile }} + subPath: {{ .Values.certInitializer.keystoreFile }} + - name: sdc-certs + mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.truststoreFile }} + subPath: {{ .Values.certInitializer.truststoreFile }} + {{ end }} resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -121,13 +145,15 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert + {{- if .Values.global.aafEnabled }} + - name: sdc-certs + emptyDir: + medium: "Memory" + {{- end }} - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/ingress.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/ingress.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml index 96e1c0aee4..96e1c0aee4 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml index 1e6e3fe018..7bb1b24ad6 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml @@ -21,6 +21,30 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-wfd-fe-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. @@ -40,11 +64,13 @@ config: # following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties isTrustAll: true # https relevant settings. Change in case you have other trust files then default ones. + +#environment file +env: + name: AUTO + security: isDefaultStore: false - truststoreFilename: "org.onap.sdc.trust.jks" - keystoreFilename: "org.onap.sdc.p12" - storePath: "etc" # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/requirements.yaml b/kubernetes/sdc/requirements.yaml index 2ce7b9dc24..fc27a7b634 100644 --- a/kubernetes/sdc/requirements.yaml +++ b/kubernetes/sdc/requirements.yaml @@ -14,15 +14,39 @@ # limitations under the License. dependencies: - - name: common + - name: sdc-be version: ~6.x-0 - repository: '@local' - - - name: cassandra + repository: 'file://components/sdc-be' + - name: sdc-cs version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' - condition: global.cassandra.localCluster - + repository: 'file://components/sdc-cs' + - name: sdc-fe + version: ~6.x-0 + repository: 'file://components/sdc-fe' + - name: sdc-onboarding-be + version: ~6.x-0 + repository: 'file://components/sdc-onboarding-be' + - name: sdc-wfd-be + version: ~6.x-0 + repository: 'file://components/sdc-wfd-be' + condition: sdc-wfd.enabled + - name: sdc-wfd-fe + version: ~6.x-0 + repository: 'file://components/sdc-wfd-fe' + condition: sdc-wfd.enabled + - name: sdc-dcae-be + version: ~6.x-0 + repository: 'file://components/sdc-dcae-be' + condition: sdc-dcaed.enabled + - name: sdc-dcae-dt + version: ~6.x-0 + repository: 'file://components/sdc-dcae-dt' + condition: sdc-dcaed.enabled + - name: sdc-dcae-tosca-lab + version: ~6.x-0 + repository: 'file://components/sdc-dcae-tosca-lab' + condition: sdc-dcaed.enabled + - name: sdc-dcae-fe + version: ~6.x-0 + repository: 'file://components/sdc-dcae-fe' + condition: sdc-dcaed.enabled
\ No newline at end of file diff --git a/kubernetes/sdc/resources/cert/org.onap.sdc.p12 b/kubernetes/sdc/resources/cert/org.onap.sdc.p12 Binary files differdeleted file mode 100644 index 446856071b..0000000000 --- a/kubernetes/sdc/resources/cert/org.onap.sdc.p12 +++ /dev/null diff --git a/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks b/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks Binary files differdeleted file mode 100644 index e6686cc08c..0000000000 --- a/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks +++ /dev/null diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json index 2bd165b723..b38b1f65aa 100755 --- a/kubernetes/sdc/resources/config/environments/AUTO.json +++ b/kubernetes/sdc/resources/config/environments/AUTO.json @@ -1,6 +1,6 @@ { - "name": "{{ .Values.global.env.name }}", - "description": "OpenSource-{{ .Values.global.env.name }}", + "name": "{{ .Values.env.name }}", + "description": "OpenSource-{{ .Values.env.name }}", "cookbook_versions": { "Deploy-SDandC": "= 1.0.0" }, @@ -107,7 +107,8 @@ }, "jetty": { "keystore_pwd": "${KEYSTORE_PASS}", - "truststore_pwd": "${TRUSTSTORE_PASS}" + "truststore_pwd": "${TRUSTSTORE_PASS}", + "keymanager_pwd": "${KEYMANAGER_PASS}" } } } diff --git a/kubernetes/sdc/templates/secrets.yaml b/kubernetes/sdc/templates/secrets.yaml index 6187104ce6..dd61412d40 100644 --- a/kubernetes/sdc/templates/secrets.yaml +++ b/kubernetes/sdc/templates/secrets.yaml @@ -36,17 +36,3 @@ data: keystore_password: "{{ .Values.global.secrets.keystore_password }}" # workflow wf_external_user_password: "{{ .Values.global.secrets.wf_external_user_password }}" ---- -apiVersion: v1 -kind: Secret -metadata: - name: sdc-cert - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/cert/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index 2694b5de80..af0d2a9750 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -15,8 +15,6 @@ global: persistence: {} - env: - name: AUTO secrets: sdc_user: YXNkY191c2Vy sdc_password: QWExMjM0JV4h @@ -30,6 +28,7 @@ global: ubuntuInitImage: ubuntu-init:1.0.0 busyboxRepository: registry.hub.docker.com busyboxImage: library/busybox:latest + aafEnabled: true cassandra: #This flag allows SDC to instantiate its own cluster, serviceName #should be sdc-cs if this flag is enabled @@ -44,6 +43,11 @@ global: security: disableHttp: true envsubstImage: dibi/envsubst + +# Environment file +env: + name: AUTO + config: logstashServiceName: log-ls logstashPort: 5044 @@ -60,3 +64,9 @@ cassandra: persistence: mountSubPath: sdc/sdc-cs/CS enabled: true + +# dependency / sub-chart configuration +sdc-wfd: + enabled: true +sdc-dcaed: + enabled: true
\ No newline at end of file diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties new file mode 100644 index 0000000000..f114a9c65b --- /dev/null +++ b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties @@ -0,0 +1,35 @@ +TransportType=HTTPNOAUTH +Latitude =50.000000 +Longitude =-100.000000 +Version =1.0 +ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events +Environment =TEST +Partner = +routeOffer=MR1 +SubContextPath =/ +Protocol =http +MethodType =GET +username =UNUSED +password =UNUSED +contenttype =application/json +authKey=UNUSED +authDate=UNUSED +host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +topic=RAN-Slice-Mgmt +group=users +id=sdnc1 +timeout=15000 +limit=1000 +filter= +AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler +AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler +AFT_DME2_REQ_TRACE_ON=true +AFT_ENVIRONMENT=AFTUAT +AFT_DME2_EP_CONN_TIMEOUT=15000 +AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 +AFT_DME2_EP_READ_TIMEOUT_MS=50000 +sessionstickinessrequired=NO +DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt +sdnc.odl.user=${ODL_USER} +sdnc.odl.password=${ODL_PASSWORD} +sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml index 4c288b2a6f..e3dfa869ee 100644 --- a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml @@ -104,6 +104,9 @@ spec: - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-oofpcipoc.properties name: properties subPath: dmaap-consumer-oofpcipoc.properties + - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-RANSlice.properties + name: properties + subPath: dmaap-consumer-RANSlice.properties resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index be4adf4bcd..aee6f25f87 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -187,7 +187,7 @@ config: numberGGLogFiles: 10 # enables sdnr functionality sdnr: - enabled: true + enabled: false # mode: web - SDNC contains device manager only plus dedicated webserver service for ODLUX (default), # mode: dm - SDNC contains sdnr device manager + ODLUX components mode: dm diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/Chart.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/Chart.yaml deleted file mode 100644 index c4fb9a49d5..0000000000 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2020 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP SO ETSI NFVO NS LCM -name: so-etsi-nfvo-ns-lcm -version: 6.0.0 diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml deleted file mode 100644 index 13d72d891b..0000000000 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright © 2020 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -aai: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} - version: v19 - endpoint: https://aai.{{ include "common.namespace" . }}:8443 -spring: - security: - usercredentials: - - username: ${ETSI_NFVO_USERNAME} - password: ${ETSI_NFVO_PASSWORD} - role: ETSI-NFVO-Client -server: - port: {{ .Values.containerPort }} - tomcat: - max-threads: 50 -mso: - key: {{ .Values.mso.key }} -so: - adapters: - sol003-adapter: - url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1 - auth: {{ .Values.so.sol003.adapter.auth }} -etsi-catalog-manager: - base: - {{- if .Values.global.msbEnabled }} - endpoint: https://msb-iag:443/api - http: - client: - ssl: - trust-store: ${TRUSTSTORE} - trust-store-password: ${TRUSTSTORE_PASSWORD} - {{- else }} - endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api - {{- end }} diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/configmap.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/configmap.yaml deleted file mode 100644 index 3b2e50cd0c..0000000000 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/configmap.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright © 2020 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: - LOG_PATH: {{ index .Values.logPath }} - APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-app-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/deployment.yaml deleted file mode 100644 index 0d16ded26d..0000000000 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/deployment.yaml +++ /dev/null @@ -1,92 +0,0 @@ -# Copyright © 2020 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ index .Values.replicaCount }} - minReadySeconds: {{ index .Values.minReadySeconds }} - strategy: - type: {{ index .Values.updateStrategy.type }} - rollingUpdate: - maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} - maxSurge: {{ index .Values.updateStrategy.maxSurge }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }} - containers: - - name: {{ include "common.name" . }} - command: - - sh - args: - - -c - - export ETSI_NFVO_PASSWORD=`htpasswd -bnBC 10 "" $ETSI_NFVO_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; ./start-app.sh - image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: {{ include "common.resources" . | nindent 12 }} - env: - - name: TRUSTSTORE - value: {{ .Values.global.client.certs.truststore }} - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - {{- if eq .Values.global.security.aaf.enabled true }} - - name: KEYSTORE - value: {{ .Values.global.client.certs.keystore }} - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} - - name: ETSI_NFVO_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "login") | indent 14 }} - - name: ETSI_NFVO_PASSWORD_INPUT - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "password") | indent 14 }} - envFrom: - - configMapRef: - name: {{ include "common.fullname" . }}-configmap - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }} - - name: logs - mountPath: /app/logs - - name: config - mountPath: /app/config - readOnly: true - - name: {{ include "common.fullname" . }}-truststore - mountPath: /app/client - readonly: true - livenessProbe: - tcpSocket: - port: {{ index .Values.livenessProbe.port }} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} - ports: {{ include "common.containerPorts" . | nindent 12 }} - volumes: {{ include "so.certificate.volumes" . | nindent 8 }} - - name: logs - emptyDir: {} - - name: config - configMap: - name: {{ include "common.fullname" . }}-app-configmap - - name: {{ include "common.fullname" . }}-truststore - secret: - secretName: {{ include "common.release" . }}-so-truststore-secret - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/ingress.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/ingress.yaml deleted file mode 100644 index 443e76b76e..0000000000 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/ingress.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.ingress" . }} diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/secret.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/secret.yaml deleted file mode 100644 index 493cfe5f88..0000000000 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/service.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/service.yaml deleted file mode 100644 index a1290de24b..0000000000 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.service" . }} diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/values.yaml deleted file mode 100644 index 20f5de8a60..0000000000 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/values.yaml +++ /dev/null @@ -1,105 +0,0 @@ -# Copyright © 2020 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefixExt: 304 - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - persistence: - mountPath: /dockerdata-nfs - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' - - uid: etsi-nfvo-nslcm-creds - name: '{{ include "common.release" . }}-so-etsi-nfvo-nslcm-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.etsi.nfvo.nslcm.credsExternalSecret) . }}' - login: '{{ .Values.etsi.nfvo.nslcm.username }}' - password: '{{ .Values.etsi.nfvo.nslcm.password }}' - -################################################################# -# Application configuration defaults. -################################################################# -repository: nexus3.onap.org:10001 -image: onap/so/so-etsi-nfvo-ns-lcm:1.7.1 -pullPolicy: Always - -etsi: - nfvo: - nslcm: - username: so-etsi-nfvo-ns-lcm -replicaCount: 1 -minReadySeconds: 10 -containerPort: 9095 -logPath: ./logs/so-etsi-nfvo-ns-lcm/ -app: so-etsi-nfvo-ns-lcm -service: - type: ClusterIP - name: so-etsi-nfvo-ns-lcm - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" - ports: - - name: nfvo-nslcm-port - port: 9095 -updateStrategy: - type: RollingUpdate - maxUnavailable: 1 - maxSurge: 1 -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - memory: 4Gi - cpu: 2000m - requests: - memory: 1Gi - cpu: 500m - large: - limits: - memory: 8Gi - cpu: 4000m - requests: - memory: 2Gi - cpu: 1000m - unlimited: {} -livenessProbe: - port: 9095 - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 -ingress: - enabled: false - service: - - baseaddr: "soetsinfvonslcm" - name: "so-etsi-nfvo-ns-lcm" - port: 9095 - config: - ssl: "redirect" -nodeSelector: {} -tolerations: [] -affinity: {} diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml index 88d805d81e..89b6ada3fd 100755 --- a/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml @@ -13,7 +13,7 @@ # limitations under the License. server: - port: {{ (index .Values.service.ports 0).port }} + port: {{ include "common.getPort" (dict "global" . "name" "http") }} vevnfmadapter: endpoint: https://msb-iag:30283/api/{{ include "common.servicename" . }}/v1 diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml index d244f7abf5..0620a0b052 100755 --- a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml @@ -50,7 +50,7 @@ service: "version": "v1", "url": "/", "protocol": "REST", - "port": "{{ (index .Values.service.ports 0).port }}", + "port": "{{ include "common.getPort" (dict "global" . "name" "http") }}", "visualRange": "1" } ]{{ end }} diff --git a/kubernetes/so/templates/secret.yaml b/kubernetes/so/templates/secret.yaml index bdcecddfa3..5e9a62f00d 100644 --- a/kubernetes/so/templates/secret.yaml +++ b/kubernetes/so/templates/secret.yaml @@ -13,4 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 8d037868a2..328f4f296e 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -449,17 +449,6 @@ so-vnfm-adapter: apiEnforcement: org.onap.so.vnfmAdapterPerm noAuthn: /manage/health -so-etsi-nfvo-ns-lcm: - certSecret: *so-certs - aai: - auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 - mso: - key: 07a7159d3bf51a0e53be7a8f89699be7 - so: - sol003: - adapter: - auth: Basic dm5mbTpwYXNzd29yZDEk - so-mariadb: db: rootPasswordExternalSecretLocalDb: *dbRootPassSecretName |