summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docs/oom_cloud_setup_guide.rst22
-rw-r--r--docs/oom_setup_kubernetes_rancher.rst4
-rw-r--r--docs/openstack-k8s-node.sh2
-rw-r--r--docs/openstack-rancher.sh2
-rw-r--r--kubernetes/aai/charts/aai-resources/resources/config/aaf/truststoreONAPall.jksbin114865 -> 0 bytes
-rw-r--r--kubernetes/aai/charts/aai-resources/templates/configmap.yaml1
-rw-r--r--kubernetes/aai/charts/aai-resources/templates/deployment.yaml5
-rw-r--r--kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml20
-rw-r--r--kubernetes/aai/charts/aai-traversal/resources/config/aaf/truststoreONAPall.jksbin114865 -> 0 bytes
-rw-r--r--kubernetes/aai/charts/aai-traversal/templates/configmap.yaml1
-rw-r--r--kubernetes/aai/charts/aai-traversal/templates/deployment.yaml5
-rw-r--r--kubernetes/aai/resources/config/auth/truststoreONAPall.jks (renamed from kubernetes/aai/charts/aai-sparky-be/resources/config/auth/truststoreONAPall.jks)bin117990 -> 117990 bytes
-rw-r--r--kubernetes/aai/templates/secret.yaml22
-rw-r--r--kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties17
-rw-r--r--kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/rule-data-dictionary.properties9
-rw-r--r--kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy33
-rw-r--r--kubernetes/pomba/charts/pomba-validation-service/templates/deployment.yaml2
-rw-r--r--kubernetes/pomba/charts/pomba-validation-service/values.yaml5
-rw-r--r--kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh190
-rw-r--r--kubernetes/portal/charts/portal-mariadb/templates/deployment.yaml7
-rw-r--r--kubernetes/sdc/charts/sdc-be/templates/deployment.yaml5
-rw-r--r--kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml5
22 files changed, 312 insertions, 45 deletions
diff --git a/docs/oom_cloud_setup_guide.rst b/docs/oom_cloud_setup_guide.rst
index 9fb3ab73b1..f43531a03a 100644
--- a/docs/oom_cloud_setup_guide.rst
+++ b/docs/oom_cloud_setup_guide.rst
@@ -1,18 +1,18 @@
.. This work is licensed under a Creative Commons Attribution 4.0
.. International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2018 Amdocs, Bell Canada
+.. Copyright 2019 Amdocs, Bell Canada
.. Links
-.. _Microsoft Azure: https://wiki.onap.org/display/DW/ONAP+on+Kubernetes+on+Microsoft+Azure
-.. _Amazon AWS: https://wiki.onap.org/display/DW/ONAP+on+Kubernetes+on+Amazon+EC2
-.. _Google GCE: https://wiki.onap.org/display/DW/ONAP+on+Kubernetes+on+Google+Compute+Engine
+.. _Microsoft Azure: https://wiki.onap.org/display/DW/Cloud+Native+Deployment#CloudNativeDeployment-MicrosoftAzure
+.. _Amazon AWS: https://wiki.onap.org/display/DW/Cloud+Native+Deployment#CloudNativeDeployment-AmazonAWS
+.. _Google GCE: https://wiki.onap.org/display/DW/Cloud+Native+Deployment#CloudNativeDeployment-GoogleGCE
.. _VMware VIO: https://wiki.onap.org/display/DW/ONAP+on+VMware+Integrated+OpenStack+-+Container+Orchestration
.. _OpenStack: https://wiki.onap.org/display/DW/ONAP+on+Kubernetes+on+OpenStack?src=contextnavpagetreemode
-.. _Setting Up Kubernetes with Rancher: https://wiki.onap.org/display/DW/ONAP+on+Kubernetes+on+Rancher
+.. _Setting Up Kubernetes with Rancher: https://wiki.onap.org/display/DW/Cloud+Native+Deployment
.. _Setting Up Kubernetes with Kubeadm: https://wiki.onap.org/display/DW/Deploying+Kubernetes+Cluster+with+kubeadm
-.. _Setting Up Kubernetes with Cloudify: https://wiki.onap.org/display/DW/ONAP+on+Kubernetes+on+Cloudify
-.. _ONAP on Kubernetes Wiki: https://wiki.onap.org/display/DW/ONAP+on+Kubernetes
+.. _Cloud Native Deployment Wiki: https://wiki.onap.org/display/DW/Cloud+Native+Deployment
+.. _ONAP Development - 110 pod limit Wiki: https://wiki.onap.org/display/DW/ONAP+Development#ONAPDevelopment-Changemax-podsfromdefault110podlimit
.. figure:: oomLogoV2-medium.png
:align: right
@@ -50,7 +50,7 @@ The versions of Kubernetes that are supported by OOM are as follows:
============== =========== ===== ======== ========
amsterdam 1.7.x 2.3.x 1.7.x 1.12.x
beijing 1.8.10 2.8.2 1.8.10 17.03.x
- casablanca 1.11.2 2.9.1 1.11.2 17.03.x
+ casablanca 1.11.5 2.9.1 1.11.5 17.03.x
============== =========== ===== ======== ========
Minimum Hardware Configuration
@@ -69,7 +69,9 @@ components that are needed will drastically reduce the requirements.
===== ===== ====== ====================
.. note::
- Kubernetes supports a maximum of 110 pods per node. The use of many small
+ Kubernetes supports a maximum of 110 pods per node - configurable in the --max-pods=n setting off the
+ "additional kubelet flags" box in the kubernetes template window described in 'ONAP Development - 110 pod limit Wiki'
+ - this limit does not need to be modified . The use of many small
nodes is preferred over a few larger nodes (for example 14x16GB - 8 vCores each).
Subsets of ONAP may still be deployed on a single node.
@@ -98,4 +100,4 @@ OOM can be deployed on a private set of physical hosts or VMs (or even a
combination of the two). The following guide describe the recommended method to
setup a Kubernetes cluster: :ref:`onap-on-kubernetes-with-rancher`.
-There are alternative deployment methods described on the `ONAP on Kubernetes Wiki`_
+There are alternative deployment methods described on the `Cloud Native Deployment Wiki`_
diff --git a/docs/oom_setup_kubernetes_rancher.rst b/docs/oom_setup_kubernetes_rancher.rst
index fddccf8068..35ab88eb06 100644
--- a/docs/oom_setup_kubernetes_rancher.rst
+++ b/docs/oom_setup_kubernetes_rancher.rst
@@ -415,10 +415,6 @@ procedure would remain the same.
- name: "SB4"
user:
token: "QmFzaWMgTlRBd01qZzBOemc)TkRrMk1UWkNOMFpDTlVFNlExcHdSa1JhVZreE5XSm1TRGhWU2t0Vk1sQjVhalZaY0dWaFVtZGFVMHQzWW1WWVJtVmpSQT09"
- ~
- ~
- ~
- - INSERT --
5. Validate that kubectl is able to connect to the kubernetes cluster::
diff --git a/docs/openstack-k8s-node.sh b/docs/openstack-k8s-node.sh
index b8462aa5e9..308f2204ff 100644
--- a/docs/openstack-k8s-node.sh
+++ b/docs/openstack-k8s-node.sh
@@ -1,7 +1,7 @@
#!/bin/bash
DOCKER_VERSION=17.03
-KUBECTL_VERSION=1.11.2
+KUBECTL_VERSION=1.11.5
HELM_VERSION=2.9.1
# setup root access - default login: oom/oom - comment out to restrict access too ssh key only
diff --git a/docs/openstack-rancher.sh b/docs/openstack-rancher.sh
index bcf542aedc..ac91ff5566 100644
--- a/docs/openstack-rancher.sh
+++ b/docs/openstack-rancher.sh
@@ -2,7 +2,7 @@
DOCKER_VERSION=17.03
RANCHER_VERSION=1.6.22
-KUBECTL_VERSION=1.11.2
+KUBECTL_VERSION=1.11.5
HELM_VERSION=2.9.1
# setup root access - default login: oom/oom - comment out to restrict access too ssh key only
diff --git a/kubernetes/aai/charts/aai-resources/resources/config/aaf/truststoreONAPall.jks b/kubernetes/aai/charts/aai-resources/resources/config/aaf/truststoreONAPall.jks
deleted file mode 100644
index 2da1dcc4b4..0000000000
--- a/kubernetes/aai/charts/aai-resources/resources/config/aaf/truststoreONAPall.jks
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/charts/aai-resources/templates/configmap.yaml b/kubernetes/aai/charts/aai-resources/templates/configmap.yaml
index 4fd939dbd0..b5a7fc562f 100644
--- a/kubernetes/aai/charts/aai-resources/templates/configmap.yaml
+++ b/kubernetes/aai/charts/aai-resources/templates/configmap.yaml
@@ -134,7 +134,6 @@ type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/truststoreONAPall.jks").AsSecrets . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
{{ if .Values.global.installSidecarSecurity }}
diff --git a/kubernetes/aai/charts/aai-resources/templates/deployment.yaml b/kubernetes/aai/charts/aai-resources/templates/deployment.yaml
index d93ab5af46..cac8f4b89f 100644
--- a/kubernetes/aai/charts/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-resources/templates/deployment.yaml
@@ -641,7 +641,7 @@ spec:
name: {{ include "common.fullname" . }}-aaf-certs
subPath: org.onap.aai.p12
- mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks
- name: {{ include "common.fullname" . }}-aaf-certs
+ name: aai-common-aai-auth-mount
subPath: truststoreONAPall.jks
- mountPath: /opt/app/aai-resources/resources/application.properties
name: {{ include "common.fullname" . }}-springapp-conf
@@ -773,6 +773,9 @@ spec:
{{ end }}
volumes:
+ - name: aai-common-aai-auth-mount
+ secret:
+ secretName: aai-common-aai-auth
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml
index a596a6b77d..ac9cf77fbb 100644
--- a/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml
@@ -63,8 +63,21 @@ spec:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /opt/app/sparky/config/auth/
+ - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12
name: {{ include "common.fullname" . }}-auth-config
+ subPath: client-cert-onap.p12
+
+ - mountPath: /opt/app/sparky/config/auth/csp-cookie-filter.properties
+ name: {{ include "common.fullname" . }}-auth-config
+ subPath: csp-cookie-filter.properties
+
+ - mountPath: /opt/app/sparky/config/auth/org.onap.aai.p12
+ name: {{ include "common.fullname" . }}-auth-config
+ subPath: org.onap.aai.p12
+
+ - mountPath: /opt/app/sparky/config/auth/truststoreONAPall.jks
+ name: aai-common-aai-auth-mount
+ subPath: truststoreONAPall.jks
- mountPath: /opt/app/sparky/config/portal/
name: {{ include "common.fullname" . }}-portal-config
@@ -171,6 +184,11 @@ spec:
- name: {{ include "common.fullname" . }}-auth-config
secret:
secretName: {{ include "common.fullname" . }}
+
+ - name: aai-common-aai-auth-mount
+ secret:
+ secretName: aai-common-aai-auth
+
- name: filebeat-conf
configMap:
name: aai-filebeat
diff --git a/kubernetes/aai/charts/aai-traversal/resources/config/aaf/truststoreONAPall.jks b/kubernetes/aai/charts/aai-traversal/resources/config/aaf/truststoreONAPall.jks
deleted file mode 100644
index 2da1dcc4b4..0000000000
--- a/kubernetes/aai/charts/aai-traversal/resources/config/aaf/truststoreONAPall.jks
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/charts/aai-traversal/templates/configmap.yaml b/kubernetes/aai/charts/aai-traversal/templates/configmap.yaml
index 79d6abd6c0..106031edbc 100644
--- a/kubernetes/aai/charts/aai-traversal/templates/configmap.yaml
+++ b/kubernetes/aai/charts/aai-traversal/templates/configmap.yaml
@@ -133,5 +133,4 @@ type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/truststoreONAPall.jks").AsSecrets . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
diff --git a/kubernetes/aai/charts/aai-traversal/templates/deployment.yaml b/kubernetes/aai/charts/aai-traversal/templates/deployment.yaml
index 84dd900722..3785de0bba 100644
--- a/kubernetes/aai/charts/aai-traversal/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-traversal/templates/deployment.yaml
@@ -392,7 +392,7 @@ spec:
name: {{ include "common.fullname" . }}-aaf-certs
subPath: org.onap.aai.p12
- mountPath: /opt/app/aai-traversal/resources/aaf/truststoreONAPall.jks
- name: {{ include "common.fullname" . }}-aaf-certs
+ name: aai-common-aai-auth-mount
subPath: truststoreONAPall.jks
- mountPath: /opt/app/aai-traversal/resources/application.properties
name: {{ include "common.fullname" . }}-springapp-conf
@@ -475,6 +475,9 @@ spec:
- name: {{ include "common.fullname" . }}-aaf-certs
secret:
secretName: {{ include "common.fullname" . }}-aaf-keys
+ - name: aai-common-aai-auth-mount
+ secret:
+ secretName: aai-common-aai-auth
- name: {{ include "common.fullname" . }}-springapp-conf
configMap:
name: {{ include "common.fullname" . }}-springapp-configmap
diff --git a/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/truststoreONAPall.jks b/kubernetes/aai/resources/config/auth/truststoreONAPall.jks
index ff844b109d..ff844b109d 100644
--- a/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/truststoreONAPall.jks
+++ b/kubernetes/aai/resources/config/auth/truststoreONAPall.jks
Binary files differ
diff --git a/kubernetes/aai/templates/secret.yaml b/kubernetes/aai/templates/secret.yaml
new file mode 100644
index 0000000000..8d00a9d41c
--- /dev/null
+++ b/kubernetes/aai/templates/secret.yaml
@@ -0,0 +1,22 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-common-aai-auth
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties
index cccba6b7bc..a5aeb71ec1 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties
+++ b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties
@@ -13,23 +13,6 @@
# limitations under the License
spring.jersey.type=filter
-spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars
-
-
-server.contextPath=/network-discovery
-spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-
-#This property is used to set the Tomcat connector attributes.developers can define multiple attributes separated by comma
-#tomcat.connector.attributes=allowTrace-true
-#The max number of active threads in this pool
-server.tomcat.max-threads=200
-#The minimum number of threads always kept alive
-server.tomcat.min-Spare-Threads=25
-#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads
-server.tomcat.max-idle-time=60000
-
-#Servlet context parameters
-server.context_parameters.p-name=value #context parameter with p-name as key and value as value.
#Enable HTTPS
server.port={{ .Values.config.serverSslPort }}
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/rule-data-dictionary.properties b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/rule-data-dictionary.properties
new file mode 100644
index 0000000000..d93f030395
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/rule-data-dictionary.properties
@@ -0,0 +1,9 @@
+rule.datadictionary.hostport={{ .Values.config.dataDictHostPort }}
+rule.datadictionary.connect.timeout=1000
+rule.datadictionary.read.timeout=1000
+
+# basic authentication: base64 encoding of username:password
+rule.datadictionary.credentials={{ .Values.config.dataDictCredentials }}
+
+# ex: /commonModelElements/instance~nfValuesCatalog~1.0/
+rule.datadictionary.uri=/commonModelElements/{0}~{1}~1.0/validateInstance
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy b/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy
index 1dc97da288..fd2385af08 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy
+++ b/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy
@@ -481,3 +481,36 @@ rule {
return new Tuple2(result, details)
'''
}
+
+/*
+ * The data-dictionary rule below can be used with this useRule clause:
+ * useRule {
+ * name 'Data-Dictionary validate VF type'
+ * attributes 'context-list.ndcb.vfList[*].vfModuleList[*].networkList[*].type'
+ * }
+ */
+rule {
+ name 'Data-Dictionary validate VF type'
+ category 'INVALID_VALUE'
+ description 'Validate all VF type values against data-dictionary'
+ errorText 'VF type [{0}] failed data-dictionary validation: {1}'
+ severity 'ERROR'
+ attributes 'typeList'
+ validate '''
+ boolean success = true
+ List<String> details = new ArrayList<>()
+ typeList.any {
+ if(!success) {
+ // break out of 'any' loop
+ return false
+ }
+ def result = org.onap.aai.validation.ruledriven.rule.builtin.DataDictionary.validate("instance", "vfModuleNetworkType", "type", "$it")
+ if(!result.isEmpty()) {
+ success = false
+ details.add("$it")
+ details.add("$result")
+ }
+ }
+ return new Tuple2(success, details)
+ '''
+}
diff --git a/kubernetes/pomba/charts/pomba-validation-service/templates/deployment.yaml b/kubernetes/pomba/charts/pomba-validation-service/templates/deployment.yaml
index f802245c5a..df62915b64 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/templates/deployment.yaml
+++ b/kubernetes/pomba/charts/pomba-validation-service/templates/deployment.yaml
@@ -104,6 +104,8 @@ spec:
path: validation-service-auth.properties
- key: rule-indexing.properties
path: rule-indexing.properties
+ - key: rule-data-dictionary.properties
+ path: rule-data-dictionary.properties
- key: aai-environment.properties
path: aai-environment.properties
- key: schemaIngest.properties
diff --git a/kubernetes/pomba/charts/pomba-validation-service/values.yaml b/kubernetes/pomba/charts/pomba-validation-service/values.yaml
index bb513cf001..2cb175a265 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/values.yaml
+++ b/kubernetes/pomba/charts/pomba-validation-service/values.yaml
@@ -37,7 +37,6 @@ pullPolicy: IfNotPresent
debugEnabled: false
# application configuration
-# Example:
config:
appDir: /opt/app/validation-service
configDir: /opt/app/validation-service/appconfig
@@ -45,8 +44,8 @@ config:
configTopicsDir: /opt/app/validation-service/appconfig/topics
rulesDir: /opt/app/validation-service/bundleconfig/etc/rules/poa-event
maxHeap: 1024
-# username: myusername
-# password: mypassword
+ dataDictHostPort: http://dummy-host:443
+ dataDictCredentials: cG9tYmE6cG9tYmE=
# default number of instances
replicaCount: 1
diff --git a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
new file mode 100644
index 0000000000..f00bf8b71d
--- /dev/null
+++ b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
@@ -0,0 +1,190 @@
+#!/bin/bash
+set -eo pipefail
+shopt -s nullglob
+
+# if command starts with an option, prepend mysqld
+if [ "${1:0:1}" = '-' ]; then
+ set -- mysqld "$@"
+fi
+
+# skip setup if they want an option that stops mysqld
+wantHelp=
+for arg; do
+ case "$arg" in
+ -'?'|--help|--print-defaults|-V|--version)
+ wantHelp=1
+ break
+ ;;
+ esac
+done
+
+# usage: file_env VAR [DEFAULT]
+# ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+ local var="$1"
+ local fileVar="${var}_FILE"
+ local def="${2:-}"
+ if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+ echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+ exit 1
+ fi
+ local val="$def"
+ if [ "${!var:-}" ]; then
+ val="${!var}"
+ elif [ "${!fileVar:-}" ]; then
+ val="$(< "${!fileVar}")"
+ fi
+ export "$var"="$val"
+ unset "$fileVar"
+}
+
+_check_config() {
+ toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" )
+ if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
+ cat >&2 <<-EOM
+
+ ERROR: mysqld failed while attempting to check config
+ command was: "${toRun[*]}"
+
+ $errors
+ EOM
+ exit 1
+ fi
+}
+
+# Fetch value from server config
+# We use mysqld --verbose --help instead of my_print_defaults because the
+# latter only show values present in config files, and not server defaults
+_get_config() {
+ local conf="$1"; shift
+ "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null | awk '$1 == "'"$conf"'" { print $2; exit }'
+}
+
+# allow the container to be started with `--user`
+if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then
+ _check_config "$@"
+ DATADIR="$(_get_config 'datadir' "$@")"
+ mkdir -p "$DATADIR"
+ find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
+ exec gosu mysql "$BASH_SOURCE" "$@"
+fi
+
+if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then
+ # still need to check config, container may have started with --user
+ _check_config "$@"
+ # Get config
+ DATADIR="$(_get_config 'datadir' "$@")"
+
+ if [ ! -d "$DATADIR/mysql" ]; then
+ file_env 'MYSQL_ROOT_PASSWORD'
+ if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+ echo >&2 'error: database is uninitialized and password option is not specified '
+ echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD'
+ exit 1
+ fi
+
+ mkdir -p "$DATADIR"
+
+ echo 'Initializing database'
+ # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
+ mysql_install_db --datadir="$DATADIR" --rpm "${@:2}"
+ echo 'Database initialized'
+
+ SOCKET="$(_get_config 'socket' "$@")"
+ "$@" --skip-networking --socket="${SOCKET}" &
+ pid="$!"
+
+ mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" )
+
+ for i in {60..0}; do
+ if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then
+ break
+ fi
+ echo 'MySQL init process in progress...'
+ sleep 1
+ done
+ if [ "$i" = 0 ]; then
+ echo >&2 'MySQL init process failed.'
+ exit 1
+ fi
+
+ if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
+ # sed is for https://bugs.mysql.com/bug.php?id=20545
+ mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
+ fi
+
+ if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+ export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
+ echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
+ fi
+
+ rootCreate=
+ # default root to listen for connections from anywhere
+ file_env 'MYSQL_ROOT_HOST' '%'
+ if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then
+ # no, we don't care if read finds a terminating character in this heredoc
+ # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
+ read -r -d '' rootCreate <<-EOSQL || true
+ CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
+ GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
+ EOSQL
+ fi
+
+ "${mysql[@]}" <<-EOSQL
+ -- What's done in this file shouldn't be replicated
+ -- or products like mysql-fabric won't work
+ SET @@SESSION.SQL_LOG_BIN=0;
+
+ DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
+ SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
+ GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
+ ${rootCreate}
+ DROP DATABASE IF EXISTS test ;
+ FLUSH PRIVILEGES ;
+ EOSQL
+
+ if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
+ mysql+=( -p"${MYSQL_ROOT_PASSWORD}" )
+ fi
+
+ file_env 'MYSQL_DATABASE'
+ if [ "$MYSQL_DATABASE" ]; then
+ echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
+ mysql+=( "$MYSQL_DATABASE" )
+ fi
+
+ file_env 'MYSQL_USER'
+ file_env 'MYSQL_PASSWORD'
+ if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
+ echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}"
+
+ if [ "$MYSQL_DATABASE" ]; then
+ echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
+ fi
+ fi
+
+ echo
+ for f in /docker-entrypoint-initdb.d/*; do
+ case "$f" in
+ *.sh) echo "$0: running $f"; . "$f" ;;
+ *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;;
+ *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;;
+ *) echo "$0: ignoring $f" ;;
+ esac
+ echo
+ done
+
+ if ! kill -s TERM "$pid" || ! wait "$pid"; then
+ echo >&2 'MySQL init process failed.'
+ exit 1
+ fi
+
+ echo
+ echo 'MySQL init process done. Ready for start up.'
+ echo
+ fi
+fi
+
+exec "$@" \ No newline at end of file
diff --git a/kubernetes/portal/charts/portal-mariadb/templates/deployment.yaml b/kubernetes/portal/charts/portal-mariadb/templates/deployment.yaml
index 20fa9cecc2..f826c9c297 100644
--- a/kubernetes/portal/charts/portal-mariadb/templates/deployment.yaml
+++ b/kubernetes/portal/charts/portal-mariadb/templates/deployment.yaml
@@ -65,6 +65,9 @@ spec:
- mountPath: /etc/localtime
name: localtime
readOnly: true
+ - mountPath: /usr/local/bin/docker-entrypoint.sh
+ subPath: docker-entrypoint.sh
+ name: docker-entry
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -86,5 +89,9 @@ spec:
- name: localtime
hostPath:
path: /etc/localtime
+ - name: docker-entry
+ configMap:
+ name: {{ include "common.fullname" . }}-mariadb
+ defaultMode: 0755
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
index 4f8339fd05..063e2d868f 100644
--- a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
@@ -69,8 +69,9 @@ spec:
- containerPort: {{ .Values.service.internalPort2 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
+ exec:
+ command:
+ - "/var/lib/ready-probe.sh"
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
index ee5f78b3a4..87556b0b55 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
@@ -55,8 +55,9 @@ spec:
- containerPort: {{ .Values.service.internalPort2 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
+ exec:
+ command:
+ - "/var/lib/ready-probe.sh"
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}