diff options
24 files changed, 444 insertions, 55 deletions
@@ -78,10 +78,15 @@ committers: company: 'Orange' id: 'sdesbure' timezone: 'Paris/France' + - name: 'Krzysztof Opasiak' + email: 'k.opasiak@samsung.com' + company: 'Samsung' + id: 'kopasiak' + timezone: 'Poland/Warsaw' tsc: approval: 'https://lists.onap.org/pipermail/onap-tsc' changes: - type: 'Addition' name: 'Brian Freeman' name: 'Yang Xu' - link: 'TBD'
\ No newline at end of file + link: 'TBD' diff --git a/kubernetes/aaf/charts/aaf-cm/values.yaml b/kubernetes/aaf/charts/aaf-cm/values.yaml index 2bd05d81ed..4078fb3c22 100644 --- a/kubernetes/aaf/charts/aaf-cm/values.yaml +++ b/kubernetes/aaf/charts/aaf-cm/values.yaml @@ -63,7 +63,7 @@ ingress: resources: small: limits: - cpu: 20m + cpu: 400m memory: 300Mi requests: cpu: 1m diff --git a/kubernetes/aaf/charts/aaf-locate/values.yaml b/kubernetes/aaf/charts/aaf-locate/values.yaml index ce59d2dec9..74638d17a8 100644 --- a/kubernetes/aaf/charts/aaf-locate/values.yaml +++ b/kubernetes/aaf/charts/aaf-locate/values.yaml @@ -63,7 +63,7 @@ ingress: resources: small: limits: - cpu: 40m + cpu: 100m memory: 320Mi requests: cpu: 1m diff --git a/kubernetes/aaf/charts/aaf-sms/values.yaml b/kubernetes/aaf/charts/aaf-sms/values.yaml index 2de7466209..41bde75677 100644 --- a/kubernetes/aaf/charts/aaf-sms/values.yaml +++ b/kubernetes/aaf/charts/aaf-sms/values.yaml @@ -89,9 +89,9 @@ resources: small: limits: cpu: 100m - memory: 15Mi + memory: 30Mi requests: - cpu: 10m + cpu: 25m memory: 10Mi large: limits: diff --git a/kubernetes/aai b/kubernetes/aai -Subproject 764cd8514707c1630dbfa6792b8d15953d5b9a5 +Subproject 23f076495d36081f34a367067918d15fcc5ada8 diff --git a/kubernetes/common/postgres/templates/pvc-primary.yaml b/kubernetes/common/postgres/templates/pvc-primary.yaml index fa25f19077..a47d3ed56e 100644 --- a/kubernetes/common/postgres/templates/pvc-primary.yaml +++ b/kubernetes/common/postgres/templates/pvc-primary.yaml @@ -41,5 +41,4 @@ spec: {{- else }} storageClassName: {{ include "common.storageClass" . }} {{- end }} - storageClassName: "{{ include "common.fullname" . }}-primary" {{- end -}} diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/README.md b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/README.md new file mode 100644 index 0000000000..dced68d7c6 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/README.md @@ -0,0 +1,23 @@ +# Motivations +Ingress controller implementation in the ONAP cluster is based on the virtual host routing. +Testing ONAP cluster requires a lot of entries on the target machines in the /etc/hosts. +Adding many entries into the configuration files on testing machines is quite problematic and error prone. +The better wait is to create central DNS server with entries for all virtual host pointed to simpledemo.onap.org and add custom DNS server as a target DNS server for testing machines and/or as external DNS for kubernetes cluster. + +# How to deploy test DNS server: +Run script ./deploy\_dns.sh + +# How to add DNS address on testing machines: +See post deploy info + +# Test DNS inside cluster (optional) +1. You can add the following entry after DNS deploy on running cluster at the end of cluster.yaml file (rke) +~~~yaml +dns: + provider: coredns + upstreamnameservers: + - <cluster_ip>:31555 +~~~ +2. You can edit coredns configuration with command: + kubectl -n kube-system edit configmap coredns + diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/.helmignore b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/.helmignore new file mode 100644 index 0000000000..dacad44a66 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/.helmignore @@ -0,0 +1,37 @@ +# +# Copyright 2020 Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/Chart.yaml b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/Chart.yaml new file mode 100644 index 0000000000..a618fd792c --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/Chart.yaml @@ -0,0 +1,20 @@ +# +# Copyright 2020 Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +appVersion: "1.0" +description: bind9 DNS server for kubernetes cluster +name: bind9dns +version: 0.1.0 diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/NOTES.txt b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/NOTES.txt new file mode 100644 index 0000000000..7211966b89 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/NOTES.txt @@ -0,0 +1,21 @@ +1. Get the installed DNS host and port by running this commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range $.Values.ingress.paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "bind9dns.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo DNS host: $NODE_IP dns port: $NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "bind9dns.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "bind9dns.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "bind9dns.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/_helpers.tpl b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/_helpers.tpl new file mode 100644 index 0000000000..3efbbbf831 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/_helpers.tpl @@ -0,0 +1,49 @@ +{{/* + + Copyright 2020 Samsung Electronics Co., Ltd. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "bind9dns.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "bind9dns.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "bind9dns.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/deployment.yaml b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/deployment.yaml new file mode 100644 index 0000000000..1a76ba0a96 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/deployment.yaml @@ -0,0 +1,76 @@ +{{/* + Copyright 2020 Samsung Electronics Co., Ltd. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "bind9dns.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + helm.sh/chart: {{ include "bind9dns.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: DNS_FORWARDER + value: {{ .Values.dnsconf.forwarder }} + - name: WILDCARD_DNS + value: {{ .Values.dnsconf.wildcard }} + - name: ALLOW_RECURSION + value: any + - name: ALLOW_QUERY + value: any + ports: + - name: dnsport + containerPort: {{ .Values.service.port }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/service.yaml b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/service.yaml new file mode 100644 index 0000000000..715f2ff78e --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/service.yaml @@ -0,0 +1,39 @@ +{{/* + Copyright 2020 Samsung Electronics Co., Ltd. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "bind9dns.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + helm.sh/chart: {{ include "bind9dns.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + nodePort: {{ .Values.service.nodePort }} + protocol: TCP + name: dnstcp + - port: {{ .Values.service.port }} + nodePort: {{ .Values.service.nodePort }} + protocol: UDP + name: dnsudp + selector: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/tests/test-connection.yaml b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/tests/test-connection.yaml new file mode 100644 index 0000000000..4fe5d05b02 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/tests/test-connection.yaml @@ -0,0 +1,34 @@ +{{/* + Copyright 2020 Samsung Electronics Co., Ltd. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "bind9dns.fullname" . }}-test-connection" + labels: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + helm.sh/chart: {{ include "bind9dns.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "bind9dns.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/values.yaml b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/values.yaml new file mode 100644 index 0000000000..c9e19f41d0 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/values.yaml @@ -0,0 +1,46 @@ +# +# Copyright 2020 Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +replicaCount: 1 + +image: + repository: luccksam/docker-bind + tag: 0.1.0 + pullPolicy: IfNotPresent + +nameOverride: "" +fullnameOverride: "" + +service: + type: NodePort + port: 53 + nodePort: 31555 + +ingress: + enabled: false + annotations: {} + paths: [] + hosts: + - dnsserver.local + tls: [] + +resources: {} +nodeSelector: {} +tolerations: [] +affinity: {} + +dnsconf: + forwarder: "8.8.8.8,8.8.4.4" + wildcard: "simpledemo.onap.org=0.0.0.0" diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh new file mode 100755 index 0000000000..a78bc077d8 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh @@ -0,0 +1,62 @@ +#!/bin/bash -e +# +# Copyright 2020 Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +DNS_PORT=31555 +CLUSTER_CONTROL=$( kubectl get no -l node-role.kubernetes.io/controlplane=true -o jsonpath='{.items..metadata.name}') +CLUSTER_IP=$(kubectl get no $CLUSTER_CONTROL -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }') +SPATH="$( dirname "$( which "$0" )" )" + + + +usage() { +cat << ==usage +$0 [cluster_domain] [helm_chart_args ...] + [cluster_domain] Default value simpledemo.onap.org + [helm_chart_args...] Optional arguments passed to helm install command +==usage +} + + +target_machine_notice_info() { +cat << ==infodeploy +Extra DNS server already deployed: +1. You can add the DNS server to the target machine using following commands: + sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT + sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT + sudo sysctl -w net.ipv4.conf.all.route_localnet=1 + sudo sysctl -w net.ipv4.ip_forward=1 +2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine +==infodeploy +} + +deploy() { + pushd "$SPATH/bind9dns" > /dev/null + if [ $# -eq 0 ]; then + local cl_domain="simpledemo.onap.org" + else + local cl_domain=$1 + shift + fi + helm install . --set dnsconf.wildcard="$cl_domain=$CLUSTER_IP" $@ + popd > /dev/null + target_machine_notice_info +} + +if [[ $# -eq 1 ]] && [[ $1 == "-h" || $1 == "--help" ]]; then + usage +else + deploy $@ +fi diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml index 30e4c77576..aa97e32a9a 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml @@ -75,6 +75,7 @@ spec: - -exec - | chown -R 1000:1000 /opt/kafka/data; + rm -rf '/opt/kafka/data/lost+found'; cp /opt/kafka/tmpconfig/server.properties /opt/kafka/config/; chown 1000:1000 /opt/kafka/config/server.properties; cd /opt/kafka/config; diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml index a2e03b8bf6..fb31b8b65e 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml @@ -79,8 +79,6 @@ spec: value: {{ (index .Values "mariadb-galera" "service" "name") }}:{{ (index .Values "mariadb-galera" "service" "internalPort") }} - name: MYSQL_ROOT_PASSWORD {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}} - - name: REDIS_ADDR - value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" volumeMounts: - name: {{ include "common.fullname" . }}-etsicatalog mountPath: /service/modeling/etsicatalog/static diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml index bb5a76b0ee..05f73e841c 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml @@ -25,8 +25,6 @@ global: config: msbServiceName: msb-iag msbPort: 80 - redisServiceName: vfc-redis - redisPort: 6379 persistence: mountPath: /dockerdata-nfs diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml index a6a3f6bd22..a7deeaeca0 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml @@ -99,7 +99,7 @@ cert: persistence: enabled: true size: 10Mi - accessMode: ReadOnlyMany + accessMode: ReadWriteOnce volumeReclaimPolicy: Retain mountSubPath: /sdc/onbaording/cert diff --git a/kubernetes/vid/templates/deployment.yaml b/kubernetes/vid/templates/deployment.yaml index 0a5c0c5ba4..d449da1140 100644 --- a/kubernetes/vid/templates/deployment.yaml +++ b/kubernetes/vid/templates/deployment.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -105,14 +106,9 @@ spec: - name: VID_MYSQL_DBNAME value: {{ index .Values "mariadb-galera" "config" "mysqlDatabase" }} - name: VID_MYSQL_USER - value: {{ index .Values "mariadb-galera" "config" "userName" }} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 14 }} - name: VID_MYSQL_PASS - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }}-db - key: db-user-password - #valueFrom: - # secretKeyRef: {name: {{ include "common.fullname" . }}, key: vid-password} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 14 }} - name: VID_MYSQL_MAXCONNECTIONS value: "{{ .Values.config.vidmysqlmaxconnections }}" volumeMounts: diff --git a/kubernetes/vid/templates/job.yaml b/kubernetes/vid/templates/job.yaml index 625fb0c6a1..75e40a1201 100644 --- a/kubernetes/vid/templates/job.yaml +++ b/kubernetes/vid/templates/job.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -60,14 +61,11 @@ spec: - /dbcmd-config/db_cmd.sh env: - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }}-db - key: db-user-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 10 }} - name: MYSQL_HOST value: {{ index .Values "mariadb-galera" "service" "name" }} - name: MYSQL_USER - value: {{ index .Values "mariadb-galera" "config" "userName" }} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 10 }} - name: MYSQL_PORT value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}" restartPolicy: Never diff --git a/kubernetes/vid/templates/secrets.yaml b/kubernetes/vid/templates/secrets.yaml index 2a66c4fbec..44a9b3e9e0 100644 --- a/kubernetes/vid/templates/secrets.yaml +++ b/kubernetes/vid/templates/secrets.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,19 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - vid-password: {{ .Values.config.vidmysqlpassword | b64enc | quote }} +{{ include "common.secret" . }} --- apiVersion: v1 kind: Secret @@ -39,18 +28,3 @@ metadata: type: Opaque data: {{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-db - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -type: Opaque -data: - db-user-password: {{ index .Values "mariadb-galera" "config" "userPassword" | b64enc | quote }} - db-root-password: {{ index .Values "mariadb-galera" "config" "mariadbRootPassword" | b64enc | quote }} diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index 805e337f57..e8d0595284 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,6 +23,17 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: vid-db-user-secret + name: '{{ include "common.release" . }}-vid-db-user-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.db.userPassword }}' + subChartsOnly: enabled: true @@ -35,7 +47,10 @@ mariadb_image: library/mariadb:10 # application configuration config: - vidmysqlpassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + db: + userName: vidadmin +# userCredentialsExternalSecret: some secret +# userPassword: password vidkeystorepassword: '\^7w\!f+aR\{EJcTRsDuA7x\,+c\!' asdcclientrestauth: "Basic dmlkOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=" asdcclientrestport: "8443" @@ -54,9 +69,7 @@ config: mariadb-galera: config: - userName: vidadmin - userPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U - mariadbRootPassword: kjgsdhjqhawxvnbpoiawsfgjsqhsgjhjhdqihhjqdvcbxkjchizpw + userCredentialsExternalSecret: '{{ include "common.release" . }}-vid-db-user-secret' mysqlDatabase: vid_openecomp_epsdk nameOverride: vid-galera service: |