diff options
61 files changed, 1066 insertions, 326 deletions
diff --git a/kubernetes/.gitignore b/kubernetes/.gitignore new file mode 100644 index 0000000000..bc3a4f1ee0 --- /dev/null +++ b/kubernetes/.gitignore @@ -0,0 +1 @@ +chartstorage/ diff --git a/kubernetes/cli/requirements.yaml b/kubernetes/cli/requirements.yaml index f5931d50ed..1e08aaf3cd 100644 --- a/kubernetes/cli/requirements.yaml +++ b/kubernetes/cli/requirements.yaml @@ -19,3 +19,6 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: repositoryGenerator + version: ~7.x-0 + repository: '@local' diff --git a/kubernetes/cli/templates/deployment.yaml b/kubernetes/cli/templates/deployment.yaml index 0823daffb6..74b2d2df37 100644 --- a/kubernetes/cli/templates/deployment.yaml +++ b/kubernetes/cli/templates/deployment.yaml @@ -37,7 +37,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml index bf3ba5b099..6e711c51c0 100644 --- a/kubernetes/cli/values.yaml +++ b/kubernetes/cli/values.yaml @@ -17,12 +17,10 @@ ################################################################# global: nodePortPrefix: 302 - readinessImage: onap/oom/readiness:3.0.1 ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/cli:6.0.0 pullPolicy: Always flavor: small diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml index f6feee6e06..c22f9731b5 100644 --- a/kubernetes/common/cmpv2Config/values.yaml +++ b/kubernetes/common/cmpv2Config/values.yaml @@ -14,7 +14,7 @@ global: platform: certServiceClient: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1 secretName: oom-cert-service-client-tls-secret envVariables: # Certificate related @@ -29,5 +29,5 @@ global: keystorePassword: "secret" truststorePassword: "secret" certPostProcessor: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.1 diff --git a/kubernetes/common/music/Makefile b/kubernetes/common/music/Makefile new file mode 100644 index 0000000000..4c79718d02 --- /dev/null +++ b/kubernetes/common/music/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/common/music/charts/music-cassandra-job/values.yaml b/kubernetes/common/music/charts/music-cassandra-job/values.yaml deleted file mode 100644 index eee1a3a522..0000000000 --- a/kubernetes/common/music/charts/music-cassandra-job/values.yaml +++ /dev/null @@ -1,71 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Default values for cassandra. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -global: - pullPolicy: Always - repository: nexus3.onap.org:10001 - - # readiness check - readinessImage: onap/oom/readiness:3.0.1 - # Set default to 4 hrs. - # On slow environments dealys this long have been seen. - readinessTimeout: 240 - # logging agent - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - - replicaCount: 3 - -job: - host: music-cassandra - port: 9042 - busybox: - image: library/busybox:latest - cassandra: - image: onap/music/cassandra_job:3.0.24 - timeout: 30 - delay: 120 -cql: - keyspace: - replicationClass: "SimpleStrategy" - replicationFactor: 3 - adminUser: - username: nelson24 - password: nelson24 - passwordReplace: A2C4E6G8I0J2L4O6Q8S0U2W4Y6 - -podManagementPolicy: OrderedReady -updateStrategy: - type: OnDelete - -ingress: - enabled: false - -tolerations: [] - -affinity: {} - -persistence: - enabled: true - -resources: - limits: - cpu: 1 - memory: 1Gi - requests: - cpu: 1 - memory: 1Gi diff --git a/kubernetes/common/music/charts/music/values.yaml b/kubernetes/common/music/charts/music/values.yaml deleted file mode 100644 index bf3ad2279c..0000000000 --- a/kubernetes/common/music/charts/music/values.yaml +++ /dev/null @@ -1,177 +0,0 @@ -# Copyright © 2020 AT&T, Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - nodePortPrefixExt: 304 - repository: nexus3.onap.org:10001 - - envsubstImage: dibi/envsubst - - # readiness check - readinessImage: onap/oom/readiness:3.0.1 - - # logging agent - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - - truststore: truststoreONAPall.jks - - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: music-certs - name: keystore.jks - type: generic - filePaths: - - resources/keys/org.onap.music.jks - - uid: music-keystore-pw - name: keystore-pw - type: password - password: '{{ .Values.keystorePassword }}' - passwordPolicy: required - - uid: cassa-secret - type: basicAuth - login: '{{ .Values.properties.cassandraUser }}' - password: '{{ .Values.properties.cassandraPassword }}' - passwordPolicy: required - - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/music/music_sb:3.2.40 -pullPolicy: Always - -job: - host: cassandra - port: 9042 - busybox: - image: library/busybox:latest - - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 30 - periodSeconds: 6 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: false - port: 8443 - - -# Java options that need to be passed to jave on CLI -#javaOpts: -Xms256m -Xmx2048m -javaOpts: -# Options that need to be passed to CLI for Sprngboot, pw is a secret passed in through ENV -springOpts: --spring.config.location=file:/opt/app/music/etc/music-sb.properties -# Resource Limit flavor -By Default using small -flavor: large -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1000m - memory: 1G - requests: - cpu: 300m - memory: 512Mi - large: - limits: - cpu: 1500m - memory: 3Gi - requests: - cpu: 1000m - memory: 2Gi - unlimited: {} - -readiness: - initialDelaySeconds: 350 - periodSeconds: 120 - port: 8443 - -service: - useNodePortExt: true - type: NodePort - name: music - ports: - - name: https-api - port: 8443 - nodePort: '07' - -# Turn on Debugging true/false -debug: false -ingress: - enabled: false - -keystorePassword: "ysF9CVS+xvuXr0vf&fRa5lew" - -properties: - lockUsing: "cassandra" - # Comma dilimited list of hosts - cassandraHost: "music-cassandra" - cassandraUser: "nelson24" - cassandraPassword: "nelson24" - cassandraConnecttimeoutms: 12000 - cassandraPort: 9042 - # Connection Timeout for Cassandra in ms - # Read Timeout for Cassandra in ms - cassandraReadtimeoutms: 12000 - keyspaceActive: true - # Enable CADI - cadi: false - # Special headers that may be passed and if they are required. - # With the ability to add a Prefix if required. - transIdRequired: false - transIdPrefix: X-ATT- - conversationRequired: false - conversationPrefix: X-CSI- - clientIdRequired: false - clientIdPrefix: - messageIdRequired: false - messageIdPrefix: - - # sleep time for lock cleanup daemon, negative values turn off daemon -##### Lock settings - retryCount: 3 - lockLeasePeriod: 6000 - # sleep time for lock cleanup daemon, negative values turn off daemon - lockDaemonSleeptimeMs: 30000 - #comma separated list of keyspace names - keyspaceForLockCleanup: - - -logback: - errorLogLevel: info - securityLogLevel: info - applicationLogLevel: info - metricsLogLevel: info - auditLogLevel: info - # Values must be uppercase: INFO, WARN, CRITICAL,DEBUG etc.. - rootLogLevel: INFO - diff --git a/kubernetes/common/music/components/Makefile b/kubernetes/common/music/components/Makefile new file mode 100644 index 0000000000..bf267b7720 --- /dev/null +++ b/kubernetes/common/music/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/common/music/charts/music-cassandra-job/.helmignore b/kubernetes/common/music/components/music-cassandra/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/common/music/charts/music-cassandra-job/.helmignore +++ b/kubernetes/common/music/components/music-cassandra/.helmignore diff --git a/kubernetes/common/music/charts/music-cassandra/Chart.yaml b/kubernetes/common/music/components/music-cassandra/Chart.yaml index ed2488cc36..ed2488cc36 100644 --- a/kubernetes/common/music/charts/music-cassandra/Chart.yaml +++ b/kubernetes/common/music/components/music-cassandra/Chart.yaml diff --git a/kubernetes/common/music/charts/music-cassandra/requirements.yaml b/kubernetes/common/music/components/music-cassandra/requirements.yaml index 58fe07b90b..3d71e307d6 100644 --- a/kubernetes/common/music/charts/music-cassandra/requirements.yaml +++ b/kubernetes/common/music/components/music-cassandra/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~7.x-0 repository: 'file://../../../common' + - name: repositoryGenerator + version: ~7.x-0 + repository: 'file://../../../repositoryGenerator' diff --git a/kubernetes/common/music/charts/music-cassandra-job/resources/LICENSE.txt b/kubernetes/common/music/components/music-cassandra/resources/LICENSE.txt index 7f60913d26..7f60913d26 100644 --- a/kubernetes/common/music/charts/music-cassandra-job/resources/LICENSE.txt +++ b/kubernetes/common/music/components/music-cassandra/resources/LICENSE.txt diff --git a/kubernetes/common/music/charts/music-cassandra-job/resources/cql/admin.cql b/kubernetes/common/music/components/music-cassandra/resources/cql/admin.cql index a76d774bd3..a76d774bd3 100644 --- a/kubernetes/common/music/charts/music-cassandra-job/resources/cql/admin.cql +++ b/kubernetes/common/music/components/music-cassandra/resources/cql/admin.cql diff --git a/kubernetes/common/music/charts/music-cassandra-job/resources/cql/admin_pw.cql b/kubernetes/common/music/components/music-cassandra/resources/cql/admin_pw.cql index 24f2ad77f7..24f2ad77f7 100644 --- a/kubernetes/common/music/charts/music-cassandra-job/resources/cql/admin_pw.cql +++ b/kubernetes/common/music/components/music-cassandra/resources/cql/admin_pw.cql diff --git a/kubernetes/common/music/charts/music-cassandra-job/resources/cql/extra/check.cql b/kubernetes/common/music/components/music-cassandra/resources/cql/extra/check.cql index a516be857b..a516be857b 100644 --- a/kubernetes/common/music/charts/music-cassandra-job/resources/cql/extra/check.cql +++ b/kubernetes/common/music/components/music-cassandra/resources/cql/extra/check.cql diff --git a/kubernetes/common/music/charts/music-cassandra-job/templates/configmap.yaml b/kubernetes/common/music/components/music-cassandra/templates/configmap.yaml index 011dccda25..011dccda25 100755 --- a/kubernetes/common/music/charts/music-cassandra-job/templates/configmap.yaml +++ b/kubernetes/common/music/components/music-cassandra/templates/configmap.yaml diff --git a/kubernetes/common/music/charts/music-cassandra-job/templates/configmap_extra.yaml b/kubernetes/common/music/components/music-cassandra/templates/configmap_extra.yaml index 72733b3088..72733b3088 100755 --- a/kubernetes/common/music/charts/music-cassandra-job/templates/configmap_extra.yaml +++ b/kubernetes/common/music/components/music-cassandra/templates/configmap_extra.yaml diff --git a/kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml b/kubernetes/common/music/components/music-cassandra/templates/job.yaml index 2c6c3379c2..3cf1ae34fd 100644 --- a/kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml +++ b/kubernetes/common/music/components/music-cassandra/templates/job.yaml @@ -34,13 +34,13 @@ spec: restartPolicy: Never initContainers: - name: {{ include "common.name" . }}-readiness - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /app/ready.py args: - --timeout - - "{{ .Values.global.readinessTimeout }}" + - "{{ .Values.readinessTimeout }}" - --container-name - music-cassandra env: @@ -51,7 +51,7 @@ spec: fieldPath: metadata.namespace containers: - name: {{ include "common.name" . }}-update-job - image: "{{ .Values.global.repository }}/{{ .Values.job.cassandra.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.job.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: CASS_HOSTNAME @@ -64,7 +64,7 @@ spec: value: "{{ .Values.cql.adminUser.password }}" - name: TIMEOUT value: "{{ .Values.job.timeout }}" - - name: DELAY + - name: DELAY value: "{{ .Values.job.delay }}" volumeMounts: # Admin cql Files that setup Admin Keyspace and Change Admin user. diff --git a/kubernetes/common/music/charts/music-cassandra/templates/pv.yaml b/kubernetes/common/music/components/music-cassandra/templates/pv.yaml index 8399bff77d..8399bff77d 100644 --- a/kubernetes/common/music/charts/music-cassandra/templates/pv.yaml +++ b/kubernetes/common/music/components/music-cassandra/templates/pv.yaml diff --git a/kubernetes/common/music/charts/music-cassandra/templates/service.yaml b/kubernetes/common/music/components/music-cassandra/templates/service.yaml index 5a26d6701c..5a26d6701c 100644 --- a/kubernetes/common/music/charts/music-cassandra/templates/service.yaml +++ b/kubernetes/common/music/components/music-cassandra/templates/service.yaml diff --git a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml b/kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml index 5ae944a568..665cdaad0a 100644 --- a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml +++ b/kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml @@ -43,7 +43,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ .Values.global.repository }}/{{ .Values.image.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} diff --git a/kubernetes/common/music/charts/music-cassandra/values.yaml b/kubernetes/common/music/components/music-cassandra/values.yaml index 0402a3207c..317087cf24 100644 --- a/kubernetes/common/music/charts/music-cassandra/values.yaml +++ b/kubernetes/common/music/components/music-cassandra/values.yaml @@ -16,16 +16,7 @@ # Declare variables to be passed into your templates. global: nodePortPrefix: 302 - - pullPolicy: Always - repository: nexus3.onap.org:10001 - - # readiness check - readinessImage: onap/oom/readiness:3.0.1 - - # logging agent - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 + persistence: {} replicaCount: 3 @@ -33,9 +24,8 @@ replicaCount: 3 # Docker Hub where the Security has been turned on. # When logging into DB the default username and password are 'cassandra' # kubectl exec -it <cassandra-n> -n <namespace> cqlsh -u cassandra -p cassandra -image: - image: onap/music/cassandra_3_11:3.0.24 - pullPolicy: Always +image: onap/music/cassandra_3_11:3.0.24 +pullPolicy: Always # Cassandra ENV configuration config: @@ -48,22 +38,38 @@ config: rackName: Rack1 autoBootstrap: true ports: - cql: 9042 - thrift: 9160 + cql: &cqlPort 9042 + thrift: &thriftPort 9160 # If a JVM Agent is in place # agent: 61621 service: expose: true type: ClusterIP - name: music-cassandra - internalPort: 9042 + name: &cassandraService music-cassandra + internalPort: *cqlPort portName: cql - internalPort2: 9160 + internalPort2: *thriftPort portName2: thrift internalPort3: 61621 portName3: agent +job: + host: *cassandraService + port: *cqlPort + timeout: 30 + delay: 120 + image: onap/music/cassandra_job:3.0.24 + +cql: + keyspace: + replicationClass: "SimpleStrategy" + replicationFactor: 3 + adminUser: + username: nelson24 + password: nelson24 + passwordReplace: A2C4E6G8I0J2L4O6Q8S0U2W4Y6 + # probe configuration parameters liveness: initialDelaySeconds: 120 @@ -72,6 +78,8 @@ liveness: # in debugger so K8s doesn't restart unresponsive container enabled: true +readinessTimeout: 240 + readiness: initialDelaySeconds: 10 periodSeconds: 10 diff --git a/kubernetes/common/music/requirements.yaml b/kubernetes/common/music/requirements.yaml index f16f6df288..a9566c1811 100644 --- a/kubernetes/common/music/requirements.yaml +++ b/kubernetes/common/music/requirements.yaml @@ -13,6 +13,12 @@ # limitations under the License. dependencies: + - name: music-cassandra + version: ~7.x-0 + repository: 'file://components/music-cassandra' - name: common version: ~7.x-0 repository: 'file://../common' + - name: repositoryGenerator + version: ~7.x-0 + repository: 'file://../repositoryGenerator' diff --git a/kubernetes/common/music/charts/music/resources/config/logback.xml b/kubernetes/common/music/resources/config/logback.xml index 51423e547d..51423e547d 100755 --- a/kubernetes/common/music/charts/music/resources/config/logback.xml +++ b/kubernetes/common/music/resources/config/logback.xml diff --git a/kubernetes/common/music/charts/music/resources/config/music-sb.properties b/kubernetes/common/music/resources/config/music-sb.properties index 751a351737..751a351737 100755 --- a/kubernetes/common/music/charts/music/resources/config/music-sb.properties +++ b/kubernetes/common/music/resources/config/music-sb.properties diff --git a/kubernetes/common/music/charts/music/resources/config/music.properties b/kubernetes/common/music/resources/config/music.properties index a7681d0a02..a7681d0a02 100755 --- a/kubernetes/common/music/charts/music/resources/config/music.properties +++ b/kubernetes/common/music/resources/config/music.properties diff --git a/kubernetes/common/music/charts/music/resources/config/startup.sh b/kubernetes/common/music/resources/config/startup.sh index 37bb84de8b..37bb84de8b 100755 --- a/kubernetes/common/music/charts/music/resources/config/startup.sh +++ b/kubernetes/common/music/resources/config/startup.sh diff --git a/kubernetes/common/music/charts/music/resources/keys/org.onap.music.jks b/kubernetes/common/music/resources/keys/org.onap.music.jks Binary files differindex 35d27c3ef7..35d27c3ef7 100644 --- a/kubernetes/common/music/charts/music/resources/keys/org.onap.music.jks +++ b/kubernetes/common/music/resources/keys/org.onap.music.jks diff --git a/kubernetes/common/music/charts/music/resources/keys/truststoreONAPall.jks b/kubernetes/common/music/resources/keys/truststoreONAPall.jks Binary files differindex ff844b109d..ff844b109d 100644 --- a/kubernetes/common/music/charts/music/resources/keys/truststoreONAPall.jks +++ b/kubernetes/common/music/resources/keys/truststoreONAPall.jks diff --git a/kubernetes/common/music/charts/music/templates/configmap.yaml b/kubernetes/common/music/templates/configmap.yaml index d42cf2e7e0..d42cf2e7e0 100644 --- a/kubernetes/common/music/charts/music/templates/configmap.yaml +++ b/kubernetes/common/music/templates/configmap.yaml diff --git a/kubernetes/common/music/charts/music/templates/deployment.yaml b/kubernetes/common/music/templates/deployment.yaml index 63b5ab0974..cf0ce8f899 100644 --- a/kubernetes/common/music/charts/music/templates/deployment.yaml +++ b/kubernetes/common/music/templates/deployment.yaml @@ -25,13 +25,13 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-cassandra-readiness - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /app/ready.py args: - -j - - "{{ include "common.release" . }}-music-cassandra-job-config" + - "{{ include "common.release" . }}-music-cassandra-config" env: - name: NAMESPACE valueFrom: @@ -55,13 +55,13 @@ spec: name: properties-music-scrubbed - mountPath: /config name: properties-music - image: "{{ .Values.global.envsubstImage }}" + image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config containers: # MUSIC Container - name: "{{ include "common.name" . }}-springboot" - image: "{{ .Values.repository }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger diff --git a/kubernetes/common/music/charts/music/templates/secrets.yaml b/kubernetes/common/music/templates/secrets.yaml index 15791a85d7..15791a85d7 100644 --- a/kubernetes/common/music/charts/music/templates/secrets.yaml +++ b/kubernetes/common/music/templates/secrets.yaml diff --git a/kubernetes/common/music/charts/music/templates/service.yaml b/kubernetes/common/music/templates/service.yaml index 3bd32a9419..3bd32a9419 100644 --- a/kubernetes/common/music/charts/music/templates/service.yaml +++ b/kubernetes/common/music/templates/service.yaml diff --git a/kubernetes/common/music/values.yaml b/kubernetes/common/music/values.yaml index 7e89b02e02..31df352de7 100644 --- a/kubernetes/common/music/values.yaml +++ b/kubernetes/common/music/values.yaml @@ -17,17 +17,45 @@ ################################################################# global: nodePortPrefix: 302 - repository: nexus3.onap.org:10001 + nodePortPrefixExt: 304 + truststore: truststoreONAPall.jks - readinessImage: onap/oom/readiness:3.0.1 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 -# flag to enable debugging - application support required -debugEnabled: false +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: music-certs + name: keystore.jks + type: generic + filePaths: + - resources/keys/org.onap.music.jks + - uid: music-keystore-pw + name: keystore-pw + type: password + password: '{{ .Values.keystorePassword }}' + passwordPolicy: required + - uid: cassa-secret + type: basicAuth + login: '{{ .Values.properties.cassandraUser }}' + password: '{{ .Values.properties.cassandraPassword }}' + passwordPolicy: required + + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/music/music_sb:3.2.40 +pullPolicy: Always + +job: + host: cassandra + port: 9042 + # default number of instances -replicaCount: 3 +replicaCount: 1 nodeSelector: {} @@ -35,15 +63,100 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 10 - periodSeconds: 10 + initialDelaySeconds: 30 + periodSeconds: 6 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container - enabled: true + enabled: false + port: 8443 + + +# Java options that need to be passed to jave on CLI +#javaOpts: -Xms256m -Xmx2048m +javaOpts: +# Options that need to be passed to CLI for Sprngboot, pw is a secret passed in through ENV +springOpts: --spring.config.location=file:/opt/app/music/etc/music-sb.properties +# Resource Limit flavor -By Default using small +flavor: large +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 1000m + memory: 1G + requests: + cpu: 300m + memory: 512Mi + large: + limits: + cpu: 1500m + memory: 3Gi + requests: + cpu: 1000m + memory: 2Gi + unlimited: {} readiness: - initialDelaySeconds: 10 - periodSeconds: 10 + initialDelaySeconds: 350 + periodSeconds: 120 + port: 8443 + +service: + useNodePortExt: true + type: NodePort + name: music + ports: + - name: https-api + port: 8443 + nodePort: '07' + +# Turn on Debugging true/false +debug: false +ingress: + enabled: false + +keystorePassword: "ysF9CVS+xvuXr0vf&fRa5lew" + +properties: + lockUsing: "cassandra" + # Comma dilimited list of hosts + cassandraHost: "music-cassandra" + cassandraUser: "nelson24" + cassandraPassword: "nelson24" + cassandraConnecttimeoutms: 12000 + cassandraPort: 9042 + # Connection Timeout for Cassandra in ms + # Read Timeout for Cassandra in ms + cassandraReadtimeoutms: 12000 + keyspaceActive: true + # Enable CADI + cadi: false + # Special headers that may be passed and if they are required. + # With the ability to add a Prefix if required. + transIdRequired: false + transIdPrefix: X-ATT- + conversationRequired: false + conversationPrefix: X-CSI- + clientIdRequired: false + clientIdPrefix: + messageIdRequired: false + messageIdPrefix: + + # sleep time for lock cleanup daemon, negative values turn off daemon +##### Lock settings + retryCount: 3 + lockLeasePeriod: 6000 + # sleep time for lock cleanup daemon, negative values turn off daemon + lockDaemonSleeptimeMs: 30000 + #comma separated list of keyspace names + keyspaceForLockCleanup: -resources: {} +logback: + errorLogLevel: info + securityLogLevel: info + applicationLogLevel: info + metricsLogLevel: info + auditLogLevel: info + # Values must be uppercase: INFO, WARN, CRITICAL,DEBUG etc.. + rootLogLevel: INFO
\ No newline at end of file diff --git a/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml index 19d872fe12..ec51a80d5e 100644 --- a/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml +++ b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml @@ -60,19 +60,19 @@ <int>1</int> </void> <void method="add"> - <int>0</int> + <int>3</int> </void> <void method="add"> <int>3</int> </void> <void method="add"> - <int>0</int> + <int>3</int> </void> <void method="add"> <int>0</int> </void> <void method="add"> - <int>0</int> + <int>3</int> </void> <void method="add"> <int>0</int> @@ -354,6 +354,33 @@ <void method="add"> <int>1802</int> </void> + <void method="add"> + <int>1700</int> + </void> + <void method="add"> + <int>1701</int> + </void> + <void method="add"> + <int>1702</int> + </void> + <void method="add"> + <int>1900</int> + </void> + <void method="add"> + <int>1901</int> + </void> + <void method="add"> + <int>1902</int> + </void> + <void method="add"> + <int>2100</int> + </void> + <void method="add"> + <int>2101</int> + </void> + <void method="add"> + <int>2102</int> + </void> </object> </void> <void method="put"> @@ -570,7 +597,7 @@ </void> <void method="put"> <int>37</int> - <string>-1501801709</string> + <string>-29939301</string> </void> <void method="put"> <int>20037</int> @@ -932,5 +959,149 @@ <int>30218</int> <boolean>true</boolean> </void> + <void method="put"> + <int>17</int> + <string></string> + </void> + <void method="put"> + <int>20017</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10017</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30017</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>117</int> + <string></string> + </void> + <void method="put"> + <int>20117</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10117</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30117</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>217</int> + <string></string> + </void> + <void method="put"> + <int>20217</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10217</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30217</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>19</int> + <string></string> + </void> + <void method="put"> + <int>20019</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10019</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30019</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>119</int> + <string></string> + </void> + <void method="put"> + <int>20119</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10119</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30119</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>219</int> + <string></string> + </void> + <void method="put"> + <int>20219</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10219</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30219</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>21</int> + <string></string> + </void> + <void method="put"> + <int>20021</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10021</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30021</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>121</int> + <string></string> + </void> + <void method="put"> + <int>20121</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10121</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30121</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>221</int> + <string></string> + </void> + <void method="put"> + <int>20221</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10221</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30221</int> + <boolean>true</boolean> + </void> </object> </java> diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json index 568d6f77c9..5e37856d19 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json @@ -54,7 +54,7 @@ "keystore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.keystorePassword }}", "truststore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.truststorePassword }}" }, - "truststore_merger": { + "cert_post_processor": { "image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}" } -}
\ No newline at end of file +} diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml index 08a3c357ba..0108d9a8ce 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml @@ -25,6 +25,6 @@ use_tls: true security_ssl_disable: false external_cert_ca_name: "RA" external_cert_common_name: "dcae-hv-ves-collector" -external_cert_sans: "dcae-hv-ves-collector:hv-ves-collector:hv-ves" +external_cert_sans: "dcae-hv-ves-collector,hv-ves-collector,hv-ves" external_cert_cert_type: "JKS" external_cert_use_external_tls: false diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml index e09e37dd31..c284612c79 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml @@ -40,6 +40,6 @@ ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.me user_list: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce" external_cert_ca_name: "RA" external_cert_common_name: "dcae-ves-collector" -external_cert_sans: "dcae-ves-collector:ves-collector:ves" +external_cert_sans: "dcae-ves-collector,ves-collector,ves" external_cert_cert_type: "JKS" external_cert_use_external_tls: false diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 668dcc7e18..a3bff07fb2 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -103,7 +103,7 @@ mongo: disableNfsProvisioner: true # application image -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.1.8 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.2.1 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager @@ -115,7 +115,7 @@ componentImages: ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.9 snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0 prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.4 - hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.0 + hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.1 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index fd4e1217c4..c13d3cebe6 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -49,7 +49,7 @@ config: # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.deployments.cm-container:3.3.4 +image: onap/org.onap.dcaegen2.deployments.cm-container:3.4.1 pullPolicy: Always # name of shared ConfigMap with kubeconfig for multiple clusters diff --git a/kubernetes/onap/Chart.yaml b/kubernetes/onap/Chart.yaml index a9be436ae5..fceda43e73 100644 --- a/kubernetes/onap/Chart.yaml +++ b/kubernetes/onap/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 name: onap version: 7.0.0 -appVersion: Frankfurt +appVersion: Guilin description: Open Network Automation Platform (ONAP) home: https://www.onap.org/ sources: diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 3c8b1e9d90..5b29afc194 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -164,7 +164,7 @@ global: cmpv2Enabled: true platform: certServiceClient: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1 secret: name: oom-cert-service-client-tls-secret mountPath: /etc/onap/oom/certservice/certs/ diff --git a/kubernetes/oof/components/oof-has/templates/job-onboard.yaml b/kubernetes/oof/components/oof-has/templates/job-onboard.yaml index a60372f30a..e63aeb369a 100755 --- a/kubernetes/oof/components/oof-has/templates/job-onboard.yaml +++ b/kubernetes/oof/components/oof-has/templates/job-onboard.yaml @@ -53,7 +53,7 @@ spec: - /app/ready.py args: - -j - - "{{ include "common.release" . }}-music-cassandra-job-config" + - "{{ include "common.release" . }}-music-cassandra-config" env: - name: NAMESPACE valueFrom: diff --git a/kubernetes/common/music/charts/music-cassandra/.helmignore b/kubernetes/platform/components/cmpv2-cert-provider/.helmignore index f0c1319444..50af031725 100644 --- a/kubernetes/common/music/charts/music-cassandra/.helmignore +++ b/kubernetes/platform/components/cmpv2-cert-provider/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +.vscode/ diff --git a/kubernetes/common/music/charts/music/Chart.yaml b/kubernetes/platform/components/cmpv2-cert-provider/Chart.yaml index 105f447bd3..38446f1bfa 100644 --- a/kubernetes/common/music/charts/music/Chart.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/Chart.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +13,6 @@ # limitations under the License. apiVersion: v1 -description: MUSIC api as a Service API Spring boot container. -name: music +description: ONAP CMPv2 certificate external provider for cert-manager +name: cmpv2-cert-provider version: 7.0.0 diff --git a/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml b/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml new file mode 100644 index 0000000000..0bc24afe86 --- /dev/null +++ b/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml @@ -0,0 +1,138 @@ +# ============LICENSE_START======================================================= +# Copyright (c) 2020 Nokia +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: cmpv2issuers.certmanager.onap.org +spec: + group: certmanager.onap.org + names: + kind: CMPv2Issuer + listKind: CMPv2IssuerList + plural: cmpv2issuers + singular: cmpv2issuer + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + description: CMPv2Issuer is the Schema for the cmpv2issuers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/cmpv2api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/cmpv2api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CMPv2IssuerSpec defines the desired state of CMPv2Issuer + properties: + url: + description: URL to CertService API. + type: string + healthEndpoint: + description: Path of health check endpoint. + type: string + certEndpoint: + description: Path of cerfificate signing enpoint. + type: string + caName: + description: Name of the external CA server configured on CertService API side. + type: string + certSecretRef: + description: Reference to K8s secret which contains certificate, private key and CA certificate + needed to connect to CertService API (which requires client certificate authentication) + properties: + name: + description: The name of K8s secret to select certificates from. Secret must be in the same + namespace as CMPv2Issuer. + type: string + keyRef: + description: The key of the secret to select private key from. Must be a + valid secret key. + type: string + certRef: + description: The key of the secret to select cert from. Must be a + valid secret key. + type: string + cacertRef: + description: The key of the secret to select cacert from. Must be a + valid secret key. + type: string + required: + - name + - keyRef + - certRef + - cacertRef + type: object + required: + - url + - healthEndpoint + - certEndpoint + - caName + - certSecretRef + type: object + status: + description: CMPv2IssuerStatus defines the observed state of CMPv2Issuer + properties: + conditions: + items: + description: CMPv2IssuerCondition contains condition information for + the certservice issuer. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details + of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for + the condition's last transition. + type: string + status: + allOf: + - enum: + - "True" + - "False" + - Unknown + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + type: string + type: + description: Type of the condition, currently ('Ready'). + enum: + - Ready + type: string + required: + - status + - type + type: object + type: array + type: object + type: object diff --git a/kubernetes/common/music/charts/music-cassandra-job/Chart.yaml b/kubernetes/platform/components/cmpv2-cert-provider/requirements.yaml index b4feb7114b..def35866d7 100644 --- a/kubernetes/common/music/charts/music-cassandra-job/Chart.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/requirements.yaml @@ -1,5 +1,4 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# +# Copyright © 2020 Nokia # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -12,8 +11,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -description: Cassandra Job - Run CQL Scripts after Cassandra Starts. -name: music-cassandra-job -version: 7.0.0 - + dependencies: + - name: common + version: ~7.x-0 + repository: '@local' diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml new file mode 100644 index 0000000000..9ba61a5f57 --- /dev/null +++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml @@ -0,0 +1,34 @@ +{{ if .Values.global.CMPv2CertManagerIntegration }} + +# ============LICENSE_START======================================================= +# Copyright (c) 2020 Nokia +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: certmanager.onap.org/v1 +kind: CMPv2Issuer +metadata: + name: {{ .Values.cmpv2issuer.name }} + namespace: {{ include "common.namespace" . }} +spec: + url: {{ .Values.cmpv2issuer.url }} + healthEndpoint: {{ .Values.cmpv2issuer.healthcheckEndpoint }} + certEndpoint: {{ .Values.cmpv2issuer.certEndpoint }} + caName: {{ .Values.cmpv2issuer.caName }} + certSecretRef: + name: {{ .Values.cmpv2issuer.certSecretRef.name }} + keyRef: {{ .Values.cmpv2issuer.certSecretRef.keyRef }} + certRef: {{ .Values.cmpv2issuer.certSecretRef.certRef }} + cacertRef: {{ .Values.cmpv2issuer.certSecretRef.cacertRef }} +{{ end }} diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml new file mode 100644 index 0000000000..3f0027f1be --- /dev/null +++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml @@ -0,0 +1,71 @@ +{{ if .Values.global.CMPv2CertManagerIntegration }} + +# ============LICENSE_START======================================================= +# Copyright (c) 2020 Nokia +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + labels: + control-plane: controller-manager + spec: + containers: + - name: {{ .Values.deploymentProxy.name }} + image: {{ .Values.deploymentProxy.image }} + imagePullPolicy: {{ .Values.deploymentProxy.pullPolicy }} + args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + ports: + - containerPort: 8443 + name: https + resources: + limits: + cpu: {{ .Values.deploymentProxy.resources.limits.cpu }} + memory: {{ .Values.deploymentProxy.resources.limits.memory }} + requests: + cpu: {{ .Values.deploymentProxy.resources.requests.cpu }} + memory: {{ .Values.deploymentProxy.resources.requests.memory }} + - name: provider + image: {{ .Values.global.repository }}{{if .Values.global.repository }}/{{ end }}{{ .Values.deployment.image }} + imagePullPolicy: {{ .Values.deployment.pullPolicy }} + command: + - /oom-certservice-cmpv2issuer + args: + - --metrics-addr=127.0.0.1:8080 + - --log-level={{ .Values.deployment.logLevel }} + resources: + limits: + cpu: {{ .Values.deployment.resources.limits.cpu }} + memory: {{ .Values.deployment.resources.limits.memory }} + requests: + cpu: {{ .Values.deployment.resources.requests.cpu }} + memory: {{ .Values.deployment.resources.requests.memory }} + terminationGracePeriodSeconds: 10 +{{ end }} diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml new file mode 100644 index 0000000000..add5622f41 --- /dev/null +++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml @@ -0,0 +1,167 @@ +{{ if .Values.global.CMPv2CertManagerIntegration }} + +# ============LICENSE_START======================================================= +# Copyright (c) 2020 Nokia +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: cmpv2-issuer-leader-election-role + namespace: {{ include "common.namespace" . }} +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cmpv2-issuer-manager-role +rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - cert-manager.io + resources: + - certificaterequests + verbs: + - get + - list + - update + - watch + - apiGroups: + - cert-manager.io + resources: + - certificaterequests/status + verbs: + - get + - patch + - update + - apiGroups: + - certmanager.onap.org + resources: + - cmpv2issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - certmanager.onap.org + resources: + - cmpv2issuers/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cmpv2-issuer-proxy-role +rules: + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cmpv2-issuer-leader-election-rolebinding + namespace: {{ include "common.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cmpv2-issuer-leader-election-role +subjects: + - kind: ServiceAccount + name: default + namespace: {{ include "common.namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cmpv2-issuer-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cmpv2-issuer-manager-role +subjects: + - kind: ServiceAccount + name: default + namespace: {{ include "common.namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cmpv2-issuer-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cmpv2-issuer-proxy-role +subjects: + - kind: ServiceAccount + name: default + namespace: {{ include "common.namespace" . }} +{{ end }} diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml new file mode 100644 index 0000000000..152bd68ba6 --- /dev/null +++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml @@ -0,0 +1,38 @@ +{{ if .Values.global.CMPv2CertManagerIntegration }} + +# ============LICENSE_START======================================================= +# Copyright (c) 2020 Nokia +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "8443" + prometheus.io/scheme: https + prometheus.io/scrape: "true" + labels: + control-plane: controller-manager + name: {{ .Values.service.name }} + namespace: {{ include "common.namespace" . }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.ports.name }} + port: {{ .Values.service.ports.port }} + targetPort: {{ .Values.service.ports.targetPort }} + selector: + control-plane: controller-manager +{{ end }} diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml new file mode 100644 index 0000000000..5ea763a812 --- /dev/null +++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml @@ -0,0 +1,79 @@ +# Copyright © 2020, Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Global +global: + nodePortPrefix: 302 + readinessImage: onap/oom/readiness:3.0.1 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:latest + repository: "nexus3.onap.org:10001" + CMPv2CertManagerIntegration: false + +namespace: onap + +# Service configuration +service: + name: oom-certservice-cmpv2issuer-metrics-service + type: ClusterIP + ports: + name: https + port: 8443 + targetPort: https + +# Deployment configuration +deployment: + name: oom-certservice-cmpv2issuer + image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.0 + proxyImage: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 + # fol local development use IfNotPresent + pullPolicy: Always + logLevel: debug + resources: + limits: + cpu: 250m + memory: 128Mi + requests: + cpu: 100m + memory: 64Mi +deploymentProxy: + name: kube-rbac-proxy + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 + pullPolicy: IfNotPresent + resources: + limits: + cpu: 250m + memory: 128Mi + requests: + cpu: 50m + memory: 32Mi + +# CMPv2Issuer +cmpv2issuer: + name: cmpv2-issuer-onap + url: https://oom-cert-service:8443 + healthcheckEndpoint: actuator/health + certEndpoint: v1/certificate + caName: RA + certSecretRef: + name: cmpv2-issuer-secret + certRef: certServiceServer-cert.pem + keyRef: certServiceServer-key.pem + cacertRef: truststore.pem + + + + diff --git a/kubernetes/platform/components/oom-cert-service/.gitignore b/kubernetes/platform/components/oom-cert-service/.gitignore new file mode 100644 index 0000000000..d5e121c17d --- /dev/null +++ b/kubernetes/platform/components/oom-cert-service/.gitignore @@ -0,0 +1,5 @@ +resources/*.jks +resources/*.pem +resources/*.p12 +resources/*.crt +resources/*.csr diff --git a/kubernetes/platform/components/oom-cert-service/.helmignore b/kubernetes/platform/components/oom-cert-service/.helmignore index 50af031725..5d9272cd5d 100644 --- a/kubernetes/platform/components/oom-cert-service/.helmignore +++ b/kubernetes/platform/components/oom-cert-service/.helmignore @@ -20,3 +20,4 @@ .idea/ *.tmproj .vscode/ + diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile index 736a19fbd4..ea0cb8aae4 100644 --- a/kubernetes/platform/components/oom-cert-service/Makefile +++ b/kubernetes/platform/components/oom-cert-service/Makefile @@ -19,6 +19,10 @@ all: start_docker \ server_import_root_certificate \ server_convert_certificate_to_jks \ server_convert_certificate_to_p12 \ + convert_truststore_to_p12 \ + convert_truststore_to_pem \ + server_export_certificate_to_pem \ + server_export_key_to_pem \ clear_unused_files \ stop_docker @@ -32,7 +36,7 @@ start_docker: $(eval FULL_JAVA_IMAGE := $(REPOSITORY)/$(JAVA_IMAGE)) $(eval USERNAME :=$(shell id -u)) $(eval GROUP :=$(shell id -g)) - docker run --rm --name ${DOCKER_CONTAINER} --user "$(USERNAME):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/app -w /app --entrypoint "sh" -td $(FULL_JAVA_IMAGE) + docker run --rm --name ${DOCKER_CONTAINER} --user "$(USERNAME):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs --entrypoint "sh" -td $(FULL_JAVA_IMAGE) # Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted stop_docker: @@ -46,7 +50,7 @@ clear_all: #Clear certificates clear_existing_certificates: @echo "Clear certificates" - ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 + ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 truststore.pem certServiceServer-cert.pem certServiceServer-key.pem @echo "#####done#####" #Generate root private and public keys @@ -146,8 +150,34 @@ server_convert_certificate_to_p12: -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret @echo "#####done#####" +#Convert truststore(.jks) to PCKS12 format(.p12) +convert_truststore_to_p12: + @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)" + ${DOCKER_EXEC} keytool -importkeystore -srckeystore truststore.jks -srcstorepass secret \ + -destkeystore truststore.p12 -deststoretype PKCS12 -deststorepass secret + @echo "#####done#####" + +#Convert truststore(.p12) to PEM format(.pem) +convert_truststore_to_pem: + @echo "Convert certServiceServer-keystore(.p12) to PEM format(.pem)" + ${DOCKER_EXEC} openssl pkcs12 -nodes -in truststore.p12 -out truststore.pem -passin pass:secret + @echo "#####done#####" + +#Export certificates from certServiceServer-keystore(.p12) to PEM format(.pem) +server_export_certificate_to_pem: + @echo "Export certificates from certServiceClient-keystore(.p12) to PEM format(.pem)" + ${DOCKER_EXEC} openssl pkcs12 -in certServiceServer-keystore.p12 -passin 'pass:secret' -nodes -nokeys -out certServiceServer-cert.pem + @echo "#####done#####" + +#Export keys from certServiceServer-keystore(.p12) to PEM format(.pem) +server_export_key_to_pem: + @echo "Export keys from certServiceClient-keystore(.p12) to PEM format(.pem)" + ${DOCKER_EXEC} openssl pkcs12 -in certServiceServer-keystore.p12 -passin 'pass:secret' -nodes -nocerts -out certServiceServer-key.pem + @echo "#####done#####" + + #Clear unused certificates clear_unused_files: @echo "Clear unused certificates" - ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr + ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr truststore.p12 @echo "#####done#####" diff --git a/kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json b/kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json index 358f2a82c7..c6d76c1f57 100644 --- a/kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json +++ b/kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json @@ -1,3 +1,3 @@ { "cmpv2Servers": [] -}
\ No newline at end of file +} diff --git a/kubernetes/platform/components/oom-cert-service/templates/secret.yaml b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml index 280922a014..2d47e6f57c 100644 --- a/kubernetes/platform/components/oom-cert-service/templates/secret.yaml +++ b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml @@ -53,4 +53,17 @@ data: {{ (.Files.Glob "resources/truststore.jks").AsSecrets }} root.crt: {{ (.Files.Glob "resources/root.crt").AsSecrets }} -{{ end -}}
\ No newline at end of file +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.tls.provider.secret.name }} +type: Opaque +data: + certServiceServer-key.pem: + {{ (.Files.Glob "resources/certServiceServer-key.pem").AsSecrets }} + certServiceServer-cert.pem: + {{ (.Files.Glob "resources/certServiceServer-cert.pem").AsSecrets }} + truststore.pem: + {{ (.Files.Glob "resources/truststore.pem").AsSecrets }} +{{ end -}} diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml index ee51ec7a7d..bd415c06b1 100644 --- a/kubernetes/platform/components/oom-cert-service/values.yaml +++ b/kubernetes/platform/components/oom-cert-service/values.yaml @@ -34,11 +34,11 @@ service: port_protocol: http # Certificates generation configuration -certificateGenerationImage: onap/integration-java11:7.1.0 +certificateGenerationImage: onap/integration-java11:7.2.0 # Deployment configuration repository: "nexus3.onap.org:10001" -image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0 +image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.1 pullPolicy: Always replicaCount: 1 @@ -88,14 +88,19 @@ tls: client: secret: defaultName: oom-cert-service-client-tls-secret + provider: + secret: + name: cmpv2-issuer-secret envs: keystore: jksName: certServiceServer-keystore.jks p12Name: certServiceServer-keystore.p12 + pemName: certServiceServer-keystore.pem truststore: jksName: truststore.jks crtName: root.crt + pemName: truststore.pem httpsPort: 8443 # External secrets with credentials can be provided to override default credentials defined below, diff --git a/kubernetes/platform/requirements.yaml b/kubernetes/platform/requirements.yaml index a7ff4de4e1..7ddef473db 100644 --- a/kubernetes/platform/requirements.yaml +++ b/kubernetes/platform/requirements.yaml @@ -18,4 +18,7 @@ dependencies: - name: oom-cert-service version: ~7.x-0 - repository: 'file://components/oom-cert-service'
\ No newline at end of file + repository: 'file://components/oom-cert-service' + - name: cmpv2-cert-provider + version: ~7.x-0 + repository: 'file://components/cmpv2-cert-provider' diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index edac61b24e..7282f305c5 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -33,7 +33,7 @@ global: cmpv2Enabled: true platform: certServiceClient: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1 secret: name: oom-cert-service-client-tls-secret mountPath: /etc/onap/oom/certservice/certs/ |