diff options
88 files changed, 2460 insertions, 616 deletions
diff --git a/docs/oom_developer_guide.rst b/docs/oom_developer_guide.rst index c3fb603d04..3cced83f62 100644 --- a/docs/oom_developer_guide.rst +++ b/docs/oom_developer_guide.rst @@ -373,6 +373,9 @@ Templates are provided in order to create Kubernetes resources (Secrets, Ingress, Services, ...) or part of Kubernetes resources (names, labels, resources requests and limits, ...). +a full list and simple description is done in +`kubernetes/common/common/documentation.rst`. + Service template ---------------- diff --git a/kubernetes/aai b/kubernetes/aai -Subproject ac0ea8aa12226ac95683838e92d22928eb22163 +Subproject 4f4d14ab45a2225953961136220041189d56601 diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml index 35661c29e9..9bcf03ad3e 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml @@ -76,11 +76,10 @@ readiness: service: http: - type: NodePort + type: ClusterIP portName: blueprints-processor-http internalPort: 8080 externalPort: 8080 - nodePort: 99 grpc: type: ClusterIP portName: blueprints-processor-grpc diff --git a/kubernetes/cds/charts/cds-sdc-listener/resources/config/application.yaml b/kubernetes/cds/charts/cds-sdc-listener/resources/config/application.yaml index cc611a129b..b3e95a2a21 100644 --- a/kubernetes/cds/charts/cds-sdc-listener/resources/config/application.yaml +++ b/kubernetes/cds/charts/cds-sdc-listener/resources/config/application.yaml @@ -1,8 +1,8 @@ listenerservice: config: - asdcAddress: sdc-be:8443 #SDC-BE - messageBusAddress: message-router #Message-Router - user: vid #SDC-username + asdcAddress: sdc-be.{{include "common.namespace" .}}:8443 #SDC-BE + messageBusAddress: message-router.{{include "common.namespace" .}} #Message-Router + user: cds #SDC-username password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U #SDC-password pollingInterval: 15 pollingTimeout: 60 diff --git a/kubernetes/common/common/documentation.rst b/kubernetes/common/common/documentation.rst new file mode 100644 index 0000000000..e6cf948d79 --- /dev/null +++ b/kubernetes/common/common/documentation.rst @@ -0,0 +1,549 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International +.. License. +.. http://creativecommons.org/licenses/by/4.0 +.. Copyright 2020 Orange. All rights reserved. + +.. _developer-guide-label: + + +Current given templating functions +================================== + + +In order to have a consistent deployments of ONAP components, several templating +functions are proposed in `kubernets/common/common/templates` folder. +This file list them and gives examples for the most used. +All these templating functions have a description in their own file, here we +only give an overview. + +* conditional functions + + +----------------------------------------------------+-----------------------+ + | Function | File | + +----------------------------------------------------+-----------------------+ + | `common.needPV` | `_storage.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.onServiceMesh` | `_serviceMesh.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.common.needTLS` | `_service.tpl` | + +----------------------------------------------------+-----------------------+ + +* template generation functions + + +----------------------------------------------------+-----------------------+ + | Function | File | + +----------------------------------------------------+-----------------------+ + | `common.masterPassword` | `_createPassword.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.createPassword` | `_createPassword.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.secret.genName` | `_secret.yaml` | + +----------------------------------------------------+-----------------------+ + | `common.secret.getSecretName` | `_secret.yaml` | + +----------------------------------------------------+-----------------------+ + | `common.secret.envFromSecret` | `_secret.yaml` | + +----------------------------------------------------+-----------------------+ + | `common.secret` | `_secret.yaml` | + +----------------------------------------------------+-----------------------+ + | `ingress.config.port` | `_ingress.tpl` | + +----------------------------------------------------+-----------------------+ + | `ingress.config.annotations.ssl` | `_ingress.tpl` | + +----------------------------------------------------+-----------------------+ + | `ingress.config.annotations` | `_ingress.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.ingress` | `_ingress.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.labels` | `_labels.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.matchLabels` | `_labels.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.resourceMetadata` | `_labels.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.templateMetadata` | `_labels.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.selectors` | `_labels.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.name` | `_name.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.fullname` | `_name.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.fullnameExplicit` | `_name.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.release` | `_name.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.chart` | `_name.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.namespace` | `_namespace.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.repository` | `_repository.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.repository.secret` | `_repository.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.flavor` | `_resources.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.resources` | `_resources.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.storageClass` | `_storage.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.replicaPV` | `_storage.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.servicename` | `_service.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.serviceMetadata` | `_service.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.servicePorts` | `_service.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.genericService` | `_service.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.service` | `_service.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.headlessService` | `_service.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadb.secret.rootPassUID` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadb.secret.rootPassSecretName` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadb.secret.userCredentialsUID` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadb.secret.userCredentialsSecretName` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadbService` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadbPort` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadbSecret` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadbSecretParam` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.postgres.secret.rootPassUID` | `_postgres.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.postgres.secret.rootPassSecretName` | `_postgres.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.postgres.secret.userCredentialsUID` | `_postgres.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.postgres.secret.userCredentialsSecretName` | `_postgres.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.postgres.secret.primaryPasswordUID` | `_postgres.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.postgres.secret.primaryPasswordSecretName` | `_postgres.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.tplValue` | `_tplValue.tpl` | + +----------------------------------------------------+-----------------------+ + + +Passwords +--------- + +These functions are defined in +`kubernetes/common/common/templates/_createPassword.tpl`. + +* `common.masterPassword`: Resolve the master password to be used to derive + other passwords. +* `common.createPassword`: Generate a new password based on masterPassword. + +Secrets +------- + +These functions are defined in +`kubernetes/common/common/templates/_secret.yaml`. + +* `common.secret.genName`: Generate a secret name based on provided name or UID. +* `common.secret.getSecretName`: Get the real secret name by UID or name, based + on the configuration provided by user. +* `common.secret.envFromSecret`: Convenience template which can be used to + easily set the value of environment variable to the value of a key in a + secret. +* `common.secret`: Define secrets to be used by chart. + +The most widely use templates is the last (`common.secret`). +It should be the only (except license part) line of your secret file: + +.. code-block:: yaml + + {{ include "common.secret" . }} + +In order to have the right values set, you need to create the right +configuration in `values.yaml` (example taken from mariadb configuration): + +.. code-block:: yaml + + secrets: + - uid: 'db-root-password' + type: password + externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' + password: '{{ .Values.config.dbRootPassword }}' + - uid: 'db-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.dbSdnctlPassword }}' + +Ingress +------- + +These functions are defined in +`kubernetes/common/common/templates/_ingress.tpl`. + +* `ingress.config.port`: generate the port path on an Ingress resource. +* `ingress.config.annotations.ssl`: generate the ssl annotations of an Ingress + resource. +* `ingress.config.annotations`: generate the annotations of an Ingress resource. +* `common.ingress`: generate an Ingress resource (if needed). + +The most widely use templates is the last (`common.ingress`) . + +It should be the only (except license part) line of your ingress file: + +.. code-block:: yaml + + {{ include "common.ingress" . }} + +In order to have the right values set, you need to create the right +configuration in `values.yaml` (example taken from clamp configuration): + +.. code-block:: yaml + + ingress: + enabled: false + service: + - baseaddr: "clamp" + name: "clamp" + port: 443 + config: + ssl: "redirect" + +Labels +------ + +These functions are defined in `kubernetes/common/common/templates/_labels.tpl`. + +The goal of these functions is to always create the right labels for all the +resource in a consistent way. + +* `common.labels`: generate the common labels for a resource +* `common.matchLabels`: generate the labels to match (to be used in conjunction + with `common.labels` or `common.resourceMetadata`) +* `common.resourceMetadata`: generate the "top" metadatas for a resource + (Deployment, StatefulSet, Service, ConfigMap, ...) +* `common.templateMetadata`: generate the metadata put in the template part + (for example `spec.template.metadata` for a Deployment) +* `common.selectors`: generate the right selectors for Service / Deployment / + StatefulSet, ... (to be used in conjunction with `common.labels` or + `common.resourceMetadata`) + + +Here's an example of use of these functions in a Deployment template (example +taken on nbi): + +.. code-block:: yaml + + apiVersion: apps/v1 + kind: Deployment + metadata: {{- include "common.resourceMetadata" . | nindent 2 }} + spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + ... + +Name +---- + +These functions are defined in `kubernetes/common/common/templates/_name.tpl`. + +The goal of these functions is to always name the resource the same way. + +* `common.name`: Generate the name for a chart. +* `common.fullname`: Create a default fully qualified application name. +* `common.fullnameExplicit`: The same as common.full name but based on passed + dictionary instead of trying to figure out chart name on its own. +* `common.release`: Retrieve the "original" release from the component release. +* `common.chart`: Generate the chart name + +Here's an example of use of these functions in a Deployment template (example +taken on mariadb-galera): + +.. code-block:: yaml + + apiVersion: apps/v1beta1 + kind: StatefulSet + ... + spec: + serviceName: {{ .Values.service.name }} + replicas: {{ .Values.replicaCount }} + template: + ... + spec: + {{- if .Values.nodeSelector }} + nodeSelector: + {{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + volumes: + {{- if .Values.externalConfig }} + - name: config + configMap: + name: {{ include "common.fullname" . }}-external-config + {{- end}} + ... + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + ... + +Namespace +--------- + +These functions are defined in +`kubernetes/common/common/templates/_namespace.tpl`. + +The goal of these functions is to always retrieve the namespace the same way. + +* `common.namespace`: Generate the namespace for a chart. Shouldn't be used + directly but use `common.resourceMetadata` (which uses it). + + +Repository +---------- + +These functions are defined in +`kubernetes/common/common/templates/_repository.tpl`. + +The goal of these functions is to generate image name the same way. + +* `common.repository`: Resolve the name of the common image repository. +* `common.repository.secret`: Resolve the image repository secret token. + + +Resources +--------- + +These functions are defined in +`kubernetes/common/common/templates/_resources.tpl`. + +The goal of these functions is to generate resources for pods the same way. + +* `common.flavor`: Resolve the name of the common resource limit/request flavor. + Shouldn't be used alone. +* `common.resources`: Resolve the resource limit/request flavor using the + desired flavor value. + + +Storage +------- + +These functions are defined in +`kubernetes/common/common/templates/_storage.tpl`. + +The goal of these functions is to generate storage part of Deployment / +Statefulset and storage resource (PV, PVC, ...) in a consistent way. + +* `common.storageClass`: Expand the name of the storage class. +* `common.needPV`: Calculate if we need a PV. If a storageClass is provided, + then we don't need. +* `common.replicaPV`: Generate N PV for a statefulset + + +Pod +--- + +These functions are defined in `kubernetes/common/common/templates/_pod.tpl`. + +* `common.containerPorts`: generate the port list for containers. See Service + part to know how to declare the port list. + +Here's an example of use of these functions in a Deployment template (example +taken on nbi): + +.. code-block:: yaml + + apiVersion: apps/v1 + kind: Deployment + ... + spec: + ... + template: + ... + spec: + containers: + - name: {{ include "common.name" . }} + ports: {{- include "common.containerPorts" . | nindent 8 } + + +Service +------- + +These functions are defined in +`kubernetes/common/common/templates/_service.tpl`. + +The goal of these functions is to generate services in a consistent way. + +* `common.servicename`: Expand the service name for a chart. +* `common.serviceMetadata`: Define the metadata of Service. Shouldn't be used + directly but used through `common.service` or `common.headlessService`. +* `common.servicePorts`: Define the ports of Service. Shouldn't be used directly + but used through `common.service` or `common.headlessService`. +* `common.genericService`: Template for creating any Service. Shouldn't be used + directly but used through `common.service` or `common.headlessService`. May be + used if you want to create a Service with some specificities (on the ports for + example). +* `common.needTLS`: Calculate if we need to use TLS ports on services +* `common.service`: Create service template. +* `common.headlessService`: Create headless service template + + +The most widely used templates are the two last (`common.service` and +`common.headlessService`). +It should use with only one (except license part) line of your service (or +service-headless) file: + +.. code-block:: yaml + + {{ include "common.service" . }} + +In order to have the right values set, you need to create the right +configuration in `values.yaml` (example taken from nbi configuration + other +part): + +.. code-block:: yaml + + service: + type: NodePort + name: nbi + annotations: + my: super-annotation + ports: + - name: api + port: 8443 + plain_port: 8080 + port_protocol: http + nodePort: 74 + - name: tcp-raw + port: 8459 + nodePort: 89 + + +would generate: + +.. code-block:: yaml + + apiVersion: v1 + kind: Service + metadata: + annotations: + my: super-annotation + name: nbi + namespace: default + labels: + app.kubernetes.io/name: nbi + helm.sh/chart: nbi-5.0.0 + app.kubernetes.io/instance: release + app.kubernetes.io/managed-by: Tiller + spec: + ports: + - port: 8443 + targetPort: api + name: https-api + nodePort: 30274 + - port: 8459 + targetPort: tcp-raw + name: tcp-raw + nodePort: 30289 + type: NodePort + selector: + app.kubernetes.io/name: nbi + app.kubernetes.io/instance: release + + +`plain_port` is used only if we mandate to use http (see ServiceMesh part). +Today a port can be http or https but not both. +headless configuration is equivalent (example taken from cassandra): + +.. code-block:: yaml + + service: + name: cassandra + headless: + suffix: "" + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + publishNotReadyAddresses: true + headlessPorts: + - name: tcp-intra + port: 7000 + - name: tls + port: 7001 + - name: tcp-jmx + port: 7199 + - name: tcp-cql + port: 9042 + - name: tcp-thrift + port: 9160 + - name: tcp-agent + port: 61621 + + +ServiceMesh +----------- + +These functions are defined in +`kubernetes/common/common/templates/_serviceMesh.tpl`. + +The goal of these functions is to handle onboarding of ONAP on service mesh. + +* `common.onServiceMesh`: Calculate if we if we are on service mesh + + + +MariaDB +------- + +These functions are defined in +`kubernetes/common/common/templates/_mariadb.tpl`. + +The goal of these functions is to simplify use of mariadb and its different +values. + +* `common.mariadb.secret.rootPassUID`: UID of mariadb root password +* `common.mariadb.secret.rootPassSecretName`: Name of mariadb root password + secret +* `common.mariadb.secret.userCredentialsUID`: UID of mariadb user credentials +* `common.mariadb.secret.userCredentialsSecretName`: Name of mariadb user + credentials secret +* `common.mariadbService`: Choose the name of the mariadb service to use +* `common.mariadbPort`: Choose the value of mariadb port to use +* `common.mariadbSecret`: Choose the value of secret to retrieve user value +* `common.mariadbSecretParam`: Choose the value of secret param to retrieve user + value + +PostgreSQL +---------- + +These functions are defined in +`kubernetes/common/common/templates/_postgres.tpl`. + +The goal of these functions is to simplify use of postgres and its different +values. + +* `common.postgres.secret.rootPassUID`: UID of postgres root password +* `common.postgres.secret.rootPassSecretName`: Name of postgres root password + secret +* `common.postgres.secret.userCredentialsUID`: UID of postgres user credentials +* `common.postgres.secret.userCredentialsSecretName`: Name of postgres user + credentials secret +* `common.postgres.secret.primaryPasswordUID`: UID of postgres primary password +* `common.postgres.secret.primaryPasswordSecretName`: Name of postgres primary + credentials secret + + +Utilities +--------- + +These functions are defined in +`kubernetes/common/common/templates/_tplValue.tpl`. + +The goal of these functions is provide utility function, usually used in other +templating functions. + +* `common.tplValue`: Renders a value that contains template. diff --git a/kubernetes/common/common/templates/_pod.tpl b/kubernetes/common/common/templates/_pod.tpl index 9329572a92..d3fc25ad6e 100644 --- a/kubernetes/common/common/templates/_pod.tpl +++ b/kubernetes/common/common/templates/_pod.tpl @@ -19,10 +19,12 @@ Will use first ".Values.service.ports" list. Will append ports from ".Values.service.headlessPorts" only if port number is not already in port list. + Will add tls port AND plain port if both_tls_and_plain is set to true */}} {{- define "common.containerPorts" -}} {{- $ports := default (list) .Values.service.ports }} {{- $portsNumber := list }} +{{- $both_tls_and_plain:= default false .Values.service.both_tls_and_plain }} {{- range $index, $port := $ports }} {{- $portsNumber = append $portsNumber $port.port }} {{- end }} @@ -31,8 +33,17 @@ {{- $ports = append $ports $port }} {{- end }} {{- end }} +{{- $global := . }} {{- range $index, $port := $ports }} +{{- if (include "common.needTLS" $global) }} - containerPort: {{ $port.port }} +{{- else }} +- containerPort: {{ default $port.port $port.plain_port }} +{{- end }} name: {{ $port.name }} +{{- if (and $port.plain_port (and (include "common.needTLS" $global) $both_tls_and_plain)) }} +- containerPort: {{ $port.plain_port }} + name: {{ $port.name }}-plain +{{- end }} {{- end }} {{- end -}} diff --git a/kubernetes/common/common/templates/_secret.yaml b/kubernetes/common/common/templates/_secret.yaml index e24a2e4ba7..9f41906c9e 100644 --- a/kubernetes/common/common/templates/_secret.yaml +++ b/kubernetes/common/common/templates/_secret.yaml @@ -22,6 +22,7 @@ The template takes two arguments: - .global: environment (.) - .name: name of the secret + - .annotations: annotations which should be used Example call: {{ include "common.secret._header" (dict "global" . "name" "myFancyName") }} @@ -39,6 +40,9 @@ metadata: chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }} release: {{ include "common.release" $global }} heritage: {{ $global.Release.Service }} +{{- if .annotations }} + annotations: {{- include "common.tplValue" (dict "value" .annotations "context" $global) | nindent 4 }} +{{- end }} type: Opaque {{- end -}} @@ -204,6 +208,8 @@ valueFrom: - name: Overrides default secret name generation and allows to set immutable and globaly unique name + - annotations: + List of annotations to be used while defining a secret To allow sharing a secret between the components and allow to pre-deploy secrets before ONAP deployment it is possible to use already existing secret instead of @@ -239,11 +245,12 @@ valueFrom: {{- range $secret := .Values.secrets }} {{- $uid := tpl (default "" $secret.uid) $global }} {{- $name := include "common.secret.genName" (dict "global" $global "uid" $uid "name" $secret.name) }} + {{- $annotations := default "" $secret.annotations }} {{- $type := default "generic" $secret.type }} {{- $externalSecret := tpl (default "" $secret.externalSecret) $global }} {{- if not $externalSecret }} --- - {{ include "common.secret._header" (dict "global" $global "name" $name) }} + {{ include "common.secret._header" (dict "global" $global "name" $name "annotations" $annotations) }} {{- if eq $type "generic" }} data: diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index 55f73c1635..cd1595b0ca 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -35,6 +35,7 @@ - .dot : environment (.) - .suffix : a string which will be added at the end of the name (with a '-'). - .annotations: the annotations to add + - .msb_informations: msb information in order to create msb annotation Usage example: {{ include "common.serviceMetadata" ( dict "suffix" "myService" "dot" .) }} {{ include "common.serviceMetadata" ( dict "annotations" .Values.service.annotation "dot" .) }} @@ -43,8 +44,24 @@ {{- $dot := default . .dot -}} {{- $suffix := default "" .suffix -}} {{- $annotations := default "" .annotations -}} -{{- if $annotations -}} -annotations: {{- include "common.tplValue" (dict "value" $annotations "context" $dot) | nindent 2 }} + {{- $msb_informations := default "" .msb_informations -}} +{{- if or $annotations $msb_informations -}} +annotations: +{{- if $annotations }} +{{ include "common.tplValue" (dict "value" $annotations "context" $dot) | indent 2 }} +{{- end }} +{{- if $msb_informations }} + msb.onap.org/service-info: '[ + { + "serviceName": "{{ include "common.servicename" $dot }}", + "version": "{{ default "v1" $msb_informations.version }}", + "url": "{{ default "/" $msb_informations.url }}", + "protocol": "{{ default "REST" $msb_informations.protocol }}", + "port": "{{ $msb_informations.port }}", + "visualRange":"{{ default "1" $msb_informations.visualRange }}" + } + ]' +{{- end}} {{- end }} name: {{ include "common.servicename" $dot }}{{ if $suffix }}{{ print "-" $suffix }}{{ end }} namespace: {{ include "common.namespace" $dot }} @@ -55,65 +72,121 @@ labels: {{- include "common.labels" $dot | nindent 2 -}} The function takes three arguments (inside a dictionary): - .dot : environment (.) - .ports : an array of ports - - .portType: the type of the service - - .prefix: NodePort prefix to be used - + - .serviceType: the type of the service + - .add_plain_port: add tls port AND plain port */}} {{- define "common.servicePorts" -}} -{{- $portType := .portType -}} -{{- $dot := .dot -}} -{{- range $index, $port := .ports }} -{{- $portPrefix := default "nodePortPrefix" $port.prefix }} +{{- $serviceType := .serviceType }} +{{- $dot := .dot }} +{{- $add_plain_port := default false .add_plain_port }} +{{- range $index, $port := .ports }} +{{- if (include "common.needTLS" $dot) }} - port: {{ $port.port }} targetPort: {{ $port.name }} - {{- if (eq $portType "NodePort") }} - nodePort: {{ index $dot.Values "global" $portPrefix | default (index $dot.Values $portPrefix) }}{{ $port.nodePort }} - {{- end }} +{{- if $port.port_protocol }} + name: {{ printf "%ss-%s" $port.port_protocol $port.name }} +{{- else }} name: {{ $port.name }} -{{- end -}} +{{- end }} +{{- if (eq $serviceType "NodePort") }} + nodePort: {{ $dot.Values.global.nodePortPrefix | default $dot.Values.nodePortPrefix }}{{ $port.nodePort }} +{{- end }} +{{- else }} +- port: {{ default $port.port $port.plain_port }} + targetPort: {{ $port.name }} +{{- if $port.port_protocol }} + name: {{ printf "%s-%s" $port.port_protocol $port.name }} +{{- else }} + name: {{ $port.name }} +{{- end }} +{{- end }} +{{- if (and (and (include "common.needTLS" $dot) $add_plain_port) $port.plain_port) }} +{{- if (eq $serviceType "ClusterIP") }} +- port: {{ $port.plain_port }} + targetPort: {{ $port.name }}-plain +{{- if $port.port_protocol }} + name: {{ printf "%s-%s" $port.port_protocol $port.name }} +{{- else }} + name: {{ $port.name }}-plain +{{- end }} +{{- end }} +{{- end }} +{{- end }} {{- end -}} {{/* Create generic service template The function takes several arguments (inside a dictionary): - .dot : environment (.) - .ports : an array of ports - - .portType: the type of the service + - .serviceType: the type of the service - .suffix : a string which will be added at the end of the name (with a '-') - .annotations: the annotations to add + - .msb_informations: msb information in order to create msb annotation - .publishNotReadyAddresses: if we publish not ready address - .headless: if the service is headless + - .add_plain_port: add tls port AND plain port */}} {{- define "common.genericService" -}} {{- $dot := default . .dot -}} {{- $suffix := default "" .suffix -}} {{- $annotations := default "" .annotations -}} +{{- $msb_informations := default "" .msb_informations -}} {{- $publishNotReadyAddresses := default false .publishNotReadyAddresses -}} -{{- $portType := .portType -}} +{{- $serviceType := .serviceType -}} {{- $ports := .ports -}} {{- $headless := default false .headless -}} +{{- $add_plain_port := default false .add_plain_port }} apiVersion: v1 kind: Service -metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "dot" $dot ) | nindent 2 }} +metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" $dot) | nindent 2 }} spec: {{- if $headless }} clusterIP: None {{- end }} - ports: {{- include "common.servicePorts" (dict "portType" $portType "ports" $ports "dot" $dot) | nindent 4 }} + ports: {{- include "common.servicePorts" (dict "serviceType" $serviceType "ports" $ports "dot" $dot "add_plain_port" $add_plain_port) | nindent 4 }} {{- if $publishNotReadyAddresses }} publishNotReadyAddresses: true {{- end }} - type: {{ $portType }} + type: {{ $serviceType }} selector: {{- include "common.matchLabels" $dot | nindent 4 }} {{- end -}} -{{/* Create service template */}} +{{/* + Create service template + Will create one or two service templates according to this table: + + | serviceType | both_tls_and_plain | result | + |---------------|--------------------|--------------| + | ClusterIP | any | one Service | + | Not ClusterIP | not present | one Service | + | Not ClusterIP | false | one Service | + | Not ClusterIP | true | two Services | + + If two services are created, one is ClusterIP with both crypted and plain + ports and the other one is NodePort (or LoadBalancer) with crypted port only. +*/}} {{- define "common.service" -}} -{{- $suffix := default "" .Values.service.suffix -}} -{{- $annotations := default "" .Values.service.annotations -}} -{{- $publishNotReadyAddresses := default false .Values.service.publishNotReadyAddresses -}} -{{- $portType := .Values.service.type -}} -{{- $ports := .Values.service.ports -}} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "portType" $portType) }} +{{- $suffix := default "" .Values.service.suffix -}} +{{- $annotations := default "" .Values.service.annotations -}} +{{- $publishNotReadyAddresses := default false .Values.service.publishNotReadyAddresses -}} +{{- $msb_informations := default "" .Values.service.msb -}} +{{- $serviceType := .Values.service.type -}} +{{- $ports := .Values.service.ports -}} +{{- $both_tls_and_plain:= default false .Values.service.both_tls_and_plain }} +{{- if (and (include "common.needTLS" .) $both_tls_and_plain) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true) }} +{{- if (ne $serviceType "ClusterIP") }} +--- +{{- if $suffix }} +{{- $suffix = printf "%s-external" $suffix }} +{{- else }} +{{- $suffix = "external" }} +{{- end }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType) }} +{{- end }} +{{- else }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType) }} +{{- end }} {{- end -}} {{/* Create headless service template */}} @@ -122,7 +195,7 @@ spec: {{- $annotations := default "" .Values.service.headless.annotations -}} {{- $publishNotReadyAddresses := default false .Values.service.headless.publishNotReadyAddresses -}} {{- $ports := .Values.service.headlessPorts -}} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "portType" "ClusterIP" "headless" true ) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "headless" true ) }} {{- end -}} {{/* @@ -135,3 +208,45 @@ spec: {{- print "headless" }} {{- end }} {{- end -}} + +{{/* + Calculate if we need to use TLS ports. + We use TLS by default unless we're on service mesh with TLS. + We can also override this behavior with override toggles: + - .Values.global.tlsEnabled : override default TLS behavior for all charts + - .Values.tlsOverride : override global and default TLS on a per chart basis + + this will give these combinations: + | tlsOverride | global.tlsEnabled | global.serviceMesh.enabled | global.serviceMesh.tls | result | + |-------------|-------------------|----------------------------|------------------------|--------| + | not present | not present | not present | any | true | + | not present | not present | false | any | true | + | not present | not present | true | false | true | + | not present | not present | true | true | false | + | not present | true | any | any | true | + | not present | false | any | any | false | + | true | any | any | any | true | + | false | any | any | any | false | + +*/}} +{{- define "common.needTLS" -}} +{{- if hasKey .Values "tlsOverride" }} +{{- if .Values.tlsOverride -}} +true +{{- end }} +{{- else }} +{{- if hasKey .Values.global "tlsEnabled" }} +{{- if .Values.global.tlsEnabled }} +true +{{- end }} +{{- else }} +{{- if not (include "common.onServiceMesh" .) -}} +true +{{- else }} +{{- if not (default false .Values.global.serviceMesh.tls) -}} +true +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/kubernetes/common/common/templates/_serviceMesh.tpl b/kubernetes/common/common/templates/_serviceMesh.tpl new file mode 100644 index 0000000000..6b6a26fc45 --- /dev/null +++ b/kubernetes/common/common/templates/_serviceMesh.tpl @@ -0,0 +1,27 @@ +{/* +# Copyright © 2020 Amdocs, Bell Canada, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + + +{/* + Calculate if we are on service mesh. +*/}} +{{- define "common.onServiceMesh" -}} +{{- if .Values.global.serviceMesh -}} +{{- if (default false .Values.global.serviceMesh.enabled) -}} +true +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/common/templates/_storage.tpl b/kubernetes/common/common/templates/_storage.tpl index ae9335909d..45c8b7504a 100644 --- a/kubernetes/common/common/templates/_storage.tpl +++ b/kubernetes/common/common/templates/_storage.tpl @@ -15,6 +15,13 @@ */}} {{/* + Give the root folder for ONAP when using host pathes +*/}} +{{- define "common.persistencePath" -}} +{{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} +{{- end -}} + +{{/* Expand the name of the storage class. The value "common.fullname"-data is used by default, unless either override mechanism is used. @@ -55,6 +62,31 @@ {{- end -}} {{/* + Generate a PV +*/}} +{{- define "common.PV" -}} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if (include "common.needPV" .) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-data + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} +spec: + capacity: + storage: {{ .Values.persistence.size }} + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: "{{ include "common.fullname" . }}-data" + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ include "common.persistencePath" . }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* Generate N PV for a statefulset */}} {{- define "common.replicaPV" -}} @@ -77,8 +109,30 @@ spec: persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} storageClassName: "{{ include "common.fullname" $global }}-data" hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} + path: {{ include "common.persistencePath" $global }}-{{$i}} +{{- end -}} +{{- end -}} {{- end -}} {{- end -}} + +{{/* + Generate a PVC +*/}} +{{- define "common.PVC" -}} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: {{ include "common.storageClass" . }} + resources: + requests: + storage: {{ .Values.persistence.size }} {{- end -}} {{- end -}} diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json index e5057427e8..a0ec3b4a6d 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== #================================================================================= -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -34,6 +34,7 @@ { "cert_path": "/opt/app/osaaf", "image": "{{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}", + "component_cert_dir": "/opt/dcae/cacert", "component_ca_cert_path": "/opt/dcae/cacert/cacert.pem", "ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert" } diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml index 7a28812278..a36164d164 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml @@ -53,8 +53,11 @@ spec: - dcae-config-binding-service
- --container-name
- dcae-db
+ - --container-name
+ - dcae-inventory-api
- "-t"
- "15"
+
env:
- name: NAMESPACE
valueFrom:
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index cfdff5ad72..872d01d6ae 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -109,7 +109,7 @@ mongo: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.10.0 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.0 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager @@ -118,8 +118,7 @@ componentImages: holmes_rules: onap/holmes/rule-management:1.2.7 holmes_engine: onap/holmes/engine-management:1.2.6 tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2 - #placeholder until tca-gen2 release image is available - #tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.0 + tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.0 ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.3 snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0 prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.0 diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index 673b01776e..d2bda88577 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -46,7 +46,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.cm-container:2.0.2 +image: onap/org.onap.dcaegen2.deployments.cm-container:2.1.0 pullPolicy: Always # name of shared ConfigMap with kubeconfig for multiple clusters diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml index 22076e5c6a..9d38659f61 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -44,7 +44,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.0 +image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.1 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml index f056079fe4..6769c00a2d 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml @@ -52,6 +52,8 @@ spec: fieldPath: metadata.namespace - name: init-tls env: + - name: aaf_locator_fqdn + value: dcae - name: POD_IP valueFrom: fieldRef: @@ -61,7 +63,7 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {} volumeMounts: - - mountPath: /opt/tls/shared + - mountPath: /opt/app/osaaf name: tls-info containers: - name: {{ include "common.name" . }} diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml index a6e51256b9..51af963343 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml @@ -25,7 +25,7 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 tlsRepository: nexus3.onap.org:10001 - tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 repositoryCred: user: docker password: docker diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml index dfc4dbf949..25ddfc7558 100644 --- a/kubernetes/dcaegen2/values.yaml +++ b/kubernetes/dcaegen2/values.yaml @@ -19,8 +19,7 @@ global: nodePortPrefix: 302 tlsRepository: nexus3.onap.org:10001 -# Have to use locally-define tlsImage until inventory API can use 2.x.y -# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 consulLoaderRepository: nexus3.onap.org:10001 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 redis: diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index 871a4228a2..84dadaf17b 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -22,7 +22,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/datarouter-node:2.1.4 +image: onap/dmaap/datarouter-node:2.1.5 pullPolicy: Always # flag to enable debugging - application support required @@ -69,7 +69,7 @@ persistence: #AAF local config aafConfig: - aafDeployFqi: dmaap-dr@dmaap-dr.onap.org + aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! fqdn: dmaap-dr-node fqi: dmaap-dr-node@dmaap-dr.onap.org diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index 6165568971..461906981f 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -34,7 +34,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/datarouter-prov:2.1.4 +image: onap/dmaap/datarouter-prov:2.1.5 pullPolicy: Always # flag to enable debugging - application support required @@ -122,7 +122,7 @@ mariadb: #AAF local config aafConfig: - aafDeployFqi: dmaap-dr@dmaap-dr.onap.org + aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! fqdn: dmaap-dr-prov fqi: dmaap-dr-prov@dmaap-dr.onap.org diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml index 5dac1c0de7..f02a2db764 100644 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml @@ -6,207 +6,203 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 - + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - ============LICENSE_END========================================================= + ============LICENSE_END========================================================= --> <configuration scan="true" scanPeriod="3 seconds" debug="false"> - <contextName>${module.ajsc.namespace.name}</contextName> - <jmxConfigurator /> - <property name="logDirectory" value="${AJSC_HOME}/log" /> - <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>ERROR</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - <encoder> - <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n - </pattern> - </encoder> - </appender> - - <appender name="INFO" - class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>INFO</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - </appender> - - <appender name="DEBUG" class="ch.qos.logback.core.ConsoleAppender"> - - <encoder> - <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> - </encoder> - </appender> - - <appender name="ERROR" class="ch.qos.logback.core.ConsoleAppender"> - class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>ERROR</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - <encoder> - <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> - </encoder> - </appender> - - - <!-- Msgrtr related loggers --> - <logger name="org.onap.dmaap.dmf.mr.service" level="INFO" /> - <logger name="org.onap.dmaap.dmf.mr.service.impl" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.resources" level="INFO" /> - <logger name="org.onap.dmaap.dmf.mr.resources.streamReaders" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.backends" level="INFO" /> - <logger name="org.onap.dmaap.dmf.mr.backends.kafka" level="INFO" /> - <logger name="org.onap.dmaap.dmf.mr.backends.memory" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.beans" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.constants" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.exception" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.listener" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.metrics.publisher" level="INFO" /> - <logger name="org.onap.dmaap.dmf.mr.metrics.publisher.impl" level="INFO" /> - - - - <logger name="org.onap.dmaap.dmf.mr.security" level="INFO" /> - <logger name="org.onap.dmaap.dmf.mr.security.impl" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.transaction" level="INFO" /> - <logger name="com.att.dmf.mr.transaction.impl" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" /> - <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.utils" level="INFO" /> - <logger name="org.onap.dmaap.mr.filter" level="INFO" /> - - <!--<logger name="com.att.nsa.cambria.*" level="INFO" />--> - - <!-- Msgrtr loggers in ajsc --> - <logger name="org.onap.dmaap.service" level="INFO" /> - <logger name="org.onap.dmaap" level="INFO" /> - - - <!-- Spring related loggers --> - <logger name="org.springframework" level="WARN" additivity="false"/> - <logger name="org.springframework.beans" level="WARN" additivity="false"/> - <logger name="org.springframework.web" level="WARN" additivity="false" /> - <logger name="com.blog.spring.jms" level="WARN" additivity="false" /> - - <!-- AJSC Services (bootstrap services) --> - <logger name="ajsc" level="WARN" additivity="false"/> - <logger name="ajsc.RouteMgmtService" level="INFO" additivity="false"/> - <logger name="ajsc.ComputeService" level="INFO" additivity="false" /> - <logger name="ajsc.VandelayService" level="WARN" additivity="false"/> - <logger name="ajsc.FilePersistenceService" level="WARN" additivity="false"/> - <logger name="ajsc.UserDefinedJarService" level="WARN" additivity="false" /> - <logger name="ajsc.UserDefinedBeansDefService" level="WARN" additivity="false" /> - <logger name="ajsc.LoggingConfigurationService" level="WARN" additivity="false" /> - - <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet - logging) --> - <logger name="ajsc.utils" level="WARN" additivity="false"/> - <logger name="ajsc.utils.DME2Helper" level="INFO" additivity="false" /> - <logger name="ajsc.filters" level="DEBUG" additivity="false" /> - <logger name="ajsc.beans.interceptors" level="DEBUG" additivity="false" /> - <logger name="ajsc.restlet" level="DEBUG" additivity="false" /> - <logger name="ajsc.servlet" level="DEBUG" additivity="false" /> - <logger name="com.att" level="WARN" additivity="false" /> - <logger name="com.att.ajsc.csi.logging" level="WARN" additivity="false" /> - <logger name="com.att.ajsc.filemonitor" level="WARN" additivity="false"/> - - <logger name="com.att.nsa.dmaap.util" level="INFO" additivity="false"/> - <logger name="com.att.cadi.filter" level="INFO" additivity="false" /> - - - <!-- Other Loggers that may help troubleshoot --> - <logger name="net.sf" level="WARN" additivity="false" /> - <logger name="org.apache.commons.httpclient" level="WARN" additivity="false"/> - <logger name="org.apache.commons" level="WARN" additivity="false" /> - <logger name="org.apache.coyote" level="WARN" additivity="false"/> - <logger name="org.apache.jasper" level="WARN" additivity="false"/> - - <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. - May aid in troubleshooting) --> - <logger name="org.apache.camel" level="WARN" additivity="false" /> - <logger name="org.apache.cxf" level="WARN" additivity="false" /> - <logger name="org.apache.camel.processor.interceptor" level="WARN" additivity="false"/> - <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" additivity="false" /> - <logger name="org.apache.cxf.service" level="WARN" additivity="false" /> - <logger name="org.restlet" level="DEBUG" additivity="false" /> - <logger name="org.apache.camel.component.restlet" level="DEBUG" additivity="false" /> - <logger name="org.apache.kafka" level="DEBUG" additivity="false" /> - <logger name="org.apache.zookeeper" level="INFO" additivity="false" /> - <logger name="org.I0Itec.zkclient" level="DEBUG" additivity="false" /> - - <!-- logback internals logging --> - <logger name="ch.qos.logback.classic" level="INFO" additivity="false"/> - <logger name="ch.qos.logback.core" level="INFO" additivity="false" /> - - <!-- logback jms appenders & loggers definition starts here --> - <!-- logback jms appenders & loggers definition starts here --> - <appender name="auditLogs" - class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - </filter> - <encoder> - <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> - </encoder> - </appender> - <appender name="perfLogs" - class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - </filter> - <encoder> - <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> - </encoder> - </appender> - <appender name="ASYNC-audit" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>1000</queueSize> - <discardingThreshold>0</discardingThreshold> - <appender-ref ref="Audit-Record-Queue" /> - </appender> - - <logger name="AuditRecord" level="INFO" additivity="FALSE"> - <appender-ref ref="STDOUT" /> - </logger> - <logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE"> - <appender-ref ref="STDOUT" /> - </logger> - <appender name="ASYNC-perf" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>1000</queueSize> - <discardingThreshold>0</discardingThreshold> - <appender-ref ref="Performance-Tracker-Queue" /> - </appender> - <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE"> - <appender-ref ref="ASYNC-perf" /> - <appender-ref ref="perfLogs" /> - </logger> - <!-- logback jms appenders & loggers definition ends here --> - - <root level="DEBUG"> - <appender-ref ref="DEBUG" /> - <appender-ref ref="ERROR" /> - <appender-ref ref="INFO" /> - <appender-ref ref="STDOUT" /> - </root> - -</configuration>
\ No newline at end of file + <contextName>${module.ajsc.namespace.name}</contextName> + <jmxConfigurator /> + <property name="logDirectory" value="${AJSC_HOME}/log" /> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>ERROR</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <encoder> + <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n + </pattern> + </encoder> + </appender> + + <appender name="INFO" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>INFO</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + </appender> + + <appender name="DEBUG" class="ch.qos.logback.core.ConsoleAppender"> + + <encoder> + <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> + </encoder> + </appender> + + <appender name="ERROR" class="ch.qos.logback.core.ConsoleAppender"> class="ch.qos.logback.core.ConsoleAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>ERROR</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <encoder> + <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> + </encoder> + </appender> + + + <!-- Msgrtr related loggers --> + <logger name="org.onap.dmaap.dmf.mr.service" level="INFO" /> + <logger name="org.onap.dmaap.dmf.mr.service.impl" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.resources" level="INFO" /> + <logger name="org.onap.dmaap.dmf.mr.resources.streamReaders" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.backends" level="INFO" /> + <logger name="org.onap.dmaap.dmf.mr.backends.kafka" level="INFO" /> + <logger name="org.onap.dmaap.dmf.mr.backends.memory" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.beans" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.constants" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.exception" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.listener" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.metrics.publisher" level="INFO" /> + <logger name="org.onap.dmaap.dmf.mr.metrics.publisher.impl" level="INFO" /> + + + + <logger name="org.onap.dmaap.dmf.mr.security" level="INFO" /> + <logger name="org.onap.dmaap.dmf.mr.security.impl" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.transaction" level="INFO" /> + <logger name="com.att.dmf.mr.transaction.impl" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" /> + <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.utils" level="INFO" /> + <logger name="org.onap.dmaap.mr.filter" level="INFO" /> + + <!--<logger name="com.att.nsa.cambria.*" level="INFO" />--> + + <!-- Msgrtr loggers in ajsc --> + <logger name="org.onap.dmaap.service" level="INFO" /> + <logger name="org.onap.dmaap" level="INFO" /> + + + <!-- Spring related loggers --> + <logger name="org.springframework" level="WARN" additivity="false"/> + <logger name="org.springframework.beans" level="WARN" additivity="false"/> + <logger name="org.springframework.web" level="WARN" additivity="false" /> + <logger name="com.blog.spring.jms" level="WARN" additivity="false" /> + + <!-- AJSC Services (bootstrap services) --> + <logger name="ajsc" level="WARN" additivity="false"/> + <logger name="ajsc.RouteMgmtService" level="INFO" additivity="false"/> + <logger name="ajsc.ComputeService" level="INFO" additivity="false" /> + <logger name="ajsc.VandelayService" level="WARN" additivity="false"/> + <logger name="ajsc.FilePersistenceService" level="WARN" additivity="false"/> + <logger name="ajsc.UserDefinedJarService" level="WARN" additivity="false" /> + <logger name="ajsc.UserDefinedBeansDefService" level="WARN" additivity="false" /> + <logger name="ajsc.LoggingConfigurationService" level="WARN" additivity="false" /> + + <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet + logging) --> + <logger name="ajsc.utils" level="WARN" additivity="false"/> + <logger name="ajsc.utils.DME2Helper" level="INFO" additivity="false" /> + <logger name="ajsc.filters" level="DEBUG" additivity="false" /> + <logger name="ajsc.beans.interceptors" level="DEBUG" additivity="false" /> + <logger name="ajsc.restlet" level="DEBUG" additivity="false" /> + <logger name="ajsc.servlet" level="DEBUG" additivity="false" /> + <logger name="com.att" level="WARN" additivity="false" /> + <logger name="com.att.ajsc.csi.logging" level="WARN" additivity="false" /> + <logger name="com.att.ajsc.filemonitor" level="WARN" additivity="false"/> + + <logger name="com.att.nsa.dmaap.util" level="INFO" additivity="false"/> + <logger name="com.att.cadi.filter" level="INFO" additivity="false" /> + + + <!-- Other Loggers that may help troubleshoot --> + <logger name="net.sf" level="WARN" additivity="false" /> + <logger name="org.apache.commons.httpclient" level="WARN" additivity="false"/> + <logger name="org.apache.commons" level="WARN" additivity="false" /> + <logger name="org.apache.coyote" level="WARN" additivity="false"/> + <logger name="org.apache.jasper" level="WARN" additivity="false"/> + + <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. + May aid in troubleshooting) --> + <logger name="org.apache.camel" level="WARN" additivity="false" /> + <logger name="org.apache.cxf" level="WARN" additivity="false" /> + <logger name="org.apache.camel.processor.interceptor" level="WARN" additivity="false"/> + <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" additivity="false" /> + <logger name="org.apache.cxf.service" level="WARN" additivity="false" /> + <logger name="org.restlet" level="DEBUG" additivity="false" /> + <logger name="org.apache.camel.component.restlet" level="DEBUG" additivity="false" /> + <logger name="org.apache.kafka" level="DEBUG" additivity="false" /> + <logger name="org.apache.zookeeper" level="INFO" additivity="false" /> + <logger name="org.I0Itec.zkclient" level="DEBUG" additivity="false" /> + + <!-- logback internals logging --> + <logger name="ch.qos.logback.classic" level="INFO" additivity="false"/> + <logger name="ch.qos.logback.core" level="INFO" additivity="false" /> + + <!-- logback jms appenders & loggers definition starts here --> + <!-- logback jms appenders & loggers definition starts here --> + <appender name="auditLogs" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + </filter> + <encoder> + <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> + </encoder> + </appender> + <appender name="perfLogs" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + </filter> + <encoder> + <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> + </encoder> + </appender> + <appender name="ASYNC-audit" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <discardingThreshold>0</discardingThreshold> + <appender-ref ref="Audit-Record-Queue" /> + </appender> + + <logger name="AuditRecord" level="INFO" additivity="FALSE"> + <appender-ref ref="STDOUT" /> + </logger> + <logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE"> + <appender-ref ref="STDOUT" /> + </logger> + <appender name="ASYNC-perf" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <discardingThreshold>0</discardingThreshold> + <appender-ref ref="Performance-Tracker-Queue" /> + </appender> + <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE"> + <appender-ref ref="ASYNC-perf" /> + <appender-ref ref="perfLogs" /> + </logger> + <!-- logback jms appenders & loggers definition ends here --> + + <root level="DEBUG"> + <appender-ref ref="DEBUG" /> + <appender-ref ref="ERROR" /> + <appender-ref ref="INFO" /> + <appender-ref ref="STDOUT" /> + </root> + +</configuration> diff --git a/kubernetes/dmaap/components/message-router/resources/topics/mirrormakeragent.json b/kubernetes/dmaap/components/message-router/resources/topics/mirrormakeragent.json index 7ae77cd8a8..ff1a5732e2 100644 --- a/kubernetes/dmaap/components/message-router/resources/topics/mirrormakeragent.json +++ b/kubernetes/dmaap/components/message-router/resources/topics/mirrormakeragent.json @@ -1,7 +1,7 @@ { "topicName": "mirrormakeragent", "topicDescription": "the topic used to provision the MM agent whitelist", - "replicationCase": "REPLICATION_NONE", + "replicationCase": "REPLICATION_NONE", "owner": "dmaap", "txenabled": false, "partitionCount": "1", @@ -10,33 +10,28 @@ "dcaeLocationName": "san-francisco", "clientIdentity": "dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org", "action": [ - "pub", + "pub", "sub", - "view" + "view" ] - }, - { + { "dcaeLocationName": "san-francisco", "clientIdentity": "dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org", "action": [ - "pub", + "pub", "sub", - "view" + "view" ] - }, - { + { "dcaeLocationName": "san-francisco", "clientIdentity": "demo@people.osaaf.org", "action": [ - "pub", + "pub", "sub", - "view" + "view" ] - } - ] -} - +}
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/templates/service.yaml b/kubernetes/dmaap/components/message-router/templates/service.yaml index db3bc76c6a..2b0b44e246 100644 --- a/kubernetes/dmaap/components/message-router/templates/service.yaml +++ b/kubernetes/dmaap/components/message-router/templates/service.yaml @@ -13,45 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "{{ include "common.servicename" . }}", - "version": "v1", - "url": "/", - "protocol": "REST", - "port": "{{.Values.service.internalPort}}", - "visualRange":"1" - } - ]' - -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - {{- if .Values.global.allow_http }} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }} - {{- end}} - - port: {{ .Values.service.externalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }} diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml index 35cc5e7405..c17fda1108 100644 --- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml @@ -12,23 +12,16 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: apps/v1beta1 + +apiVersion: apps/v1 kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: + selector: {{- include "common.selectors" . | nindent 4 }} + serviceName: {{ include "common.servicename" . }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - command: @@ -51,20 +44,18 @@ spec: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.externalPort }} - - containerPort: {{ .Values.service.externalPort2 }} + ports: {{ include "common.containerPorts" . | nindent 10 }} {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ .Values.service.externalPort }} + port: {{ .Values.liveness.port }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{ .Values.service.externalPort }} + port: {{ .Values.readiness.port }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} @@ -87,8 +78,7 @@ spec: - mountPath: /appl/dmaapMR1/etc/keyfile subPath: mykey name: mykey - resources: -{{ include "common.resources" . }} + resources: {{ include "common.resources" . | nindent 12 }} volumes: - name: localtime hostPath: diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml index 935c090751..b14c35f183 100644 --- a/kubernetes/dmaap/components/message-router/values.yaml +++ b/kubernetes/dmaap/components/message-router/values.yaml @@ -58,21 +58,31 @@ liveness: timeoutSeconds: 1 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container + port: api enabled: true readiness: initialDelaySeconds: 70 periodSeconds: 10 timeoutSeconds: 1 + port: api service: type: NodePort name: message-router - portName: message-router - externalPort: 3904 - nodePort: 27 - externalPort2: 3905 - nodePort2: 26 + both_tls_and_plain: true + msb: + port: api + url: "/" + version: "v1" + protocol: "REST" + visualRange: "1" + ports: + - name: api + port: 3905 + plain_port: 3904 + port_protocol: http + nodePort: 26 ingress: enabled: false diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml index 4c0d8d584e..ecc5689668 100644 --- a/kubernetes/dmaap/values.yaml +++ b/kubernetes/dmaap/values.yaml @@ -29,7 +29,7 @@ global: busyBoxRepository: docker.io #Global DMaaP app config - allow_http: true + allow_http: false #Logstash config logstashServiceName: log-ls diff --git a/kubernetes/esr/charts/esr-server/values.yaml b/kubernetes/esr/charts/esr-server/values.yaml index 354e8e3624..f3f4f88ebf 100644 --- a/kubernetes/esr/charts/esr-server/values.yaml +++ b/kubernetes/esr/charts/esr-server/values.yaml @@ -27,7 +27,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/aai/esr-server:1.5.1 +image: onap/aai/esr-server:1.5.2 pullPolicy: Always msbaddr: msb-iag.{{ include "common.namespace" . }}:443 diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml new file mode 100644 index 0000000000..545359efea --- /dev/null +++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml @@ -0,0 +1,172 @@ +# Copyright © 2019 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration overrides. +# +# These overrides will affect all helm charts (ie. applications) +# that are listed below and are 'enabled'. +################################################################# +global: + # Change to an unused port prefix range to prevent port conflicts + # with other instances running within the same k8s cluster + nodePortPrefix: 302 + nodePortPrefixExt: 304 + + # ONAP Repository + # Uncomment the following to enable the use of a single docker + # repository but ONLY if your repository mirrors all ONAP + # docker images. This includes all images from dockerhub and + # any other repository that hosts images for ONAP components. + #repository: nexus3.onap.org:10001 + repositoryCred: + user: docker + password: docker + + # readiness check - temporary repo until images migrated to nexus3 + readinessRepository: oomk8s + # logging agent - temporary repo until images migrated to nexus3 + loggingRepository: docker.elastic.co + + # image pull policy + pullPolicy: IfNotPresent + + # default mount path root directory referenced + # by persistent volumes and log files + persistence: + mountPath: /dockerdata-nfs + enableDefaultStorageclass: false + parameters: {} + storageclassProvisioner: kubernetes.io/no-provisioner + volumeReclaimPolicy: Retain + + # override default resource limit flavor for all charts + flavor: small + + # flag to enable debugging - application support required + debugEnabled: false + + #Global ingress configuration + ingress: + enabled: false + virtualhost: + enabled: true + baseurl: "simpledemo.onap.org" +################################################################# +# Enable/disable and configure helm charts (ie. applications) +# to customize the ONAP deployment. +################################################################# +aaf: + enabled: true +aai: + enabled: true +appc: + enabled: false + config: + openStackType: OpenStackProvider + openStackName: OpenStack + openStackKeyStoneUrl: http://localhost:8181/apidoc/explorer/index.html + openStackServiceTenantName: default + openStackDomain: default + openStackUserName: admin + openStackEncryptedPassword: admin +cassandra: + enabled: true +cds: + enabled: true +clamp: + enabled: false +cli: + enabled: false +consul: + enabled: false +contrib: + enabled: false +dcaegen2: + enabled: false +pnda: + enabled: false +dmaap: + enabled: true +esr: + enabled: true +log: + enabled: true +sniro-emulator: + enabled: false +oof: + enabled: true +mariadb-galera: + enabled: true +msb: + enabled: true +multicloud: + enabled: false +nbi: + enabled: false + config: + # openstack configuration + openStackRegion: "Yolo" + openStackVNFTenantId: "1234" +policy: + enabled: true +pomba: + enabled: false +portal: + enabled: true +robot: + enabled: false + config: + # openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment + openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" +sdc: + enabled: true +sdnc: + enabled: false + + replicaCount: 1 + + mysql: + replicaCount: 1 +so: + enabled: true + + replicaCount: 1 + + liveness: + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: false + + # so server configuration + config: + # message router configuration + dmaapTopic: "AUTO" + # openstack configuration + openStackUserName: "vnf_user" + openStackRegion: "RegionOne" + openStackKeyStoneUrl: "http://1.2.3.4:5000" + openStackServiceTenantName: "service" + openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" + +uui: + enabled: true +vfc: + enabled: false +vid: + enabled: false +vnfsdk: + enabled: false +modeling: + enabled: false diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 2395495df3..86fd2635c7 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -63,6 +63,57 @@ global: virtualhost: enabled: true baseurl: "simpledemo.onap.org" + + # Global Service Mesh configuration + # POC Mode, don't use it in production + serviceMesh: + enabled: false + tls: true + + # Disabling AAF + # POC Mode, don't use it in production + aafEnabled: true + + # TLS + # Set to false if you want to disable TLS for NodePorts. Be aware that this + # will loosen your security. + # if set this element will force or not tls even if serviceMesh.tls is set. + # tlsEnabled: false + + +# Example of specific for the components where you want to disable TLS only for +# it: +# if set this element will force or not tls even if global.serviceMesh.tls and +# global.tlsEnabled is set otherwise. +# robot: +# tlsOverride: false + + # Global storage configuration + # Set to "-" for default, or with the name of the storage class + # Please note that if you use AAF, CDS, SDC, Netbox or Robot, you need a + # storageclass with RWX capabilities (or set specific configuration for these + # components). + # persistence: + # storageClass: "-" + +# Example of specific for the components which requires RWX: +# aaf: +# persistence: +# storageClassOverride: "My_RWX_Storage_Class" +# contrib: +# netbox: +# netbox-app: +# persistence: +# storageClassOverride: "My_RWX_Storage_Class" +# cds: +# cds-blueprints-processor: +# persistence: +# storageClassOverride: "My_RWX_Storage_Class" +# sdc: +# sdc-onboarding-be: +# persistence: +# storageClassOverride: "My_RWX_Storage_Class" + ################################################################# # Enable/disable and configure helm charts (ie. applications) # to customize the ONAP deployment. diff --git a/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties b/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties index 3bbb1a7f9b..063ba3d122 100755 --- a/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties +++ b/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties @@ -81,3 +81,14 @@ authenticate_user_server=http://{{.Values.global.portalHostName}}:8383/openid-co #cookie domain cookie_domain = onap.org + +{{- if .Values.global.aafEnabled }} +# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now) +ext_central_access_user_name = aaf_admin@people.osaaf.org +ext_central_access_password = thiswillbereplacedatruntime +ext_central_access_url = {{ .Values.aafURL }}/authz/ +ext_central_access_user_domain = @people.osaaf.org + +# External Central Auth system access +remote_centralized_system_access = true +{{- end }}
\ No newline at end of file diff --git a/kubernetes/portal/charts/portal-sdk/resources/server/server.xml b/kubernetes/portal/charts/portal-sdk/resources/server/server.xml new file mode 100644 index 0000000000..506a1ca4cd --- /dev/null +++ b/kubernetes/portal/charts/portal-sdk/resources/server/server.xml @@ -0,0 +1,155 @@ +<?xml version='1.0' encoding='utf-8'?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + Modifications to this file for use in ONAP are also subject to the Apache-2.0 license. +--> +<!-- Note: A "Server" is not itself a "Container", so you may not + define subcomponents such as "Valves" at this level. + Documentation at /docs/config/server.html + --> +<Server port="8005" shutdown="SHUTDOWN"> + <Listener className="org.apache.catalina.startup.VersionLoggerListener" logArgs="false"/> + <!-- Security listener. Documentation at /docs/config/listeners.html + <Listener className="org.apache.catalina.security.SecurityListener" /> + --> + <!--APR library loader. Documentation at /docs/apr.html --> + <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> + <!-- Prevent memory leaks due to use of particular java/javax APIs--> + <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> + <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> + <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> + + <!-- Global JNDI resources + Documentation at /docs/jndi-resources-howto.html + --> + <GlobalNamingResources> + <!-- Editable user database that can also be used by + UserDatabaseRealm to authenticate users + --> + <Resource name="UserDatabase" auth="Container" + type="org.apache.catalina.UserDatabase" + description="User database that can be updated and saved" + factory="org.apache.catalina.users.MemoryUserDatabaseFactory" + pathname="conf/tomcat-users.xml" /> + </GlobalNamingResources> + + <!-- A "Service" is a collection of one or more "Connectors" that share + a single "Container" Note: A "Service" is not itself a "Container", + so you may not define subcomponents such as "Valves" at this level. + Documentation at /docs/config/service.html + --> + <Service name="Catalina"> + + <!--The connectors can use a shared executor, you can define one or more named thread pools--> + <!-- + <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" + maxThreads="150" minSpareThreads="4"/> + --> + + + <!-- A "Connector" represents an endpoint by which requests are received + and responses are returned. Documentation at : + Java HTTP Connector: /docs/config/http.html (blocking & non-blocking) + Java AJP Connector: /docs/config/ajp.html + APR (HTTP/AJP) Connector: /docs/apr.html + Define a non-SSL/TLS HTTP/1.1 Connector on port 8080 + --> + <Connector port="8080" protocol="HTTP/1.1" + connectionTimeout="20000" + {{ if .Values.global.aafEnabled }} + redirectPort="8443" + {{ end }} + /> + <!-- A "Connector" using the shared thread pool--> + <!-- + <Connector executor="tomcatThreadPool" + port="8080" protocol="HTTP/1.1" + connectionTimeout="20000" + redirectPort="8443" /> + --> + <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 + This connector uses the NIO implementation that requires the JSSE + style configuration. When using the APR/native implementation, the + OpenSSL style configuration is required as described in the APR/native + documentation --> + <!-- + <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" + maxThreads="150" SSLEnabled="true" scheme="https" secure="true" + clientAuth="false" sslProtocol="TLS" /> + --> + {{ if .Values.global.aafEnabled }} + <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" + maxThreads="150" SSLEnabled="true" scheme="https" secure="true" + keystoreFile="{{.Values.persistence.aafCredsPath}}/{{.Values.aafConfig.keystoreFile}}" + keystorePass="${javax.net.ssl.keyStorePassword}" + clientAuth="false" sslProtocol="TLS" /> + {{ end }} + <!-- Define an AJP 1.3 Connector on port 8009 --> + <Connector port="8009" protocol="AJP/1.3" + {{ if .Values.global.aafEnabled }} + redirectPort="8443" + {{ end }} + /> + + + <!-- An Engine represents the entry point (within Catalina) that processes + every request. The Engine implementation for Tomcat stand alone + analyzes the HTTP headers included with the request, and passes them + on to the appropriate Host (virtual host). + Documentation at /docs/config/engine.html --> + + <!-- You should set jvmRoute to support load-balancing via AJP ie : + <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> + --> + <Engine name="Catalina" defaultHost="localhost"> + + <!--For clustering, please take a look at documentation at: + /docs/cluster-howto.html (simple how to) + /docs/config/cluster.html (reference documentation) --> + <!-- + <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> + --> + + <!-- Use the LockOutRealm to prevent attempts to guess user passwords + via a brute-force attack --> + <Realm className="org.apache.catalina.realm.LockOutRealm"> + <!-- This Realm uses the UserDatabase configured in the global JNDI + resources under the key "UserDatabase". Any edits + that are performed against this UserDatabase are immediately + available for use by the Realm. --> + <Realm className="org.apache.catalina.realm.UserDatabaseRealm" + resourceName="UserDatabase"/> + </Realm> + + <Host name="localhost" appBase="webapps" + unpackWARs="true" autoDeploy="true"> + + <!-- SingleSignOn valve, share authentication between web applications + Documentation at: /docs/config/valve.html --> + <!-- + <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> + --> + <!-- Access log processes all example. + Documentation at: /docs/config/valve.html + Note: The pattern used is equivalent to using pattern="common" --> + <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" + prefix="localhost_access_log" suffix=".txt" + pattern="%h %l %u %t "%r" %s %b" /> + </Host> + </Engine> + </Service> +</Server>
\ No newline at end of file diff --git a/kubernetes/portal/charts/portal-sdk/templates/configmap.yaml b/kubernetes/portal/charts/portal-sdk/templates/configmap.yaml index 51346197db..154276ea26 100644 --- a/kubernetes/portal/charts/portal-sdk/templates/configmap.yaml +++ b/kubernetes/portal/charts/portal-sdk/templates/configmap.yaml @@ -25,3 +25,4 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTALSDK/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml index ccdd013cbc..09080fca94 100644 --- a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml +++ b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018,2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -46,14 +46,75 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.global.aafEnabled }} + - name: {{ include "common.name" . }}-aaf-readiness + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - aaf-locate + - --container-name + - aaf-cm + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-aaf-config + image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["bash","-c"] + args: ["/opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.persistence.aafCredsPath }}/mycreds.prop"] + volumeMounts: + - mountPath: {{ .Values.persistence.aafCredsPath }} + name: {{ include "common.fullname" . }}-aaf-config-vol + env: + - name: APP_FQI + value: "{{ .Values.aafConfig.fqi }}" + - name: aaf_locate_url + value: "https://aaf-locate.{{ .Release.Namespace }}:8095" + - name: aaf_locator_container + value: "{{ .Values.global.aafLocatorContainer }}" + - name: aaf_locator_container_ns + value: "{{ .Release.Namespace }}" + - name: aaf_locator_fqdn + value: "{{ .Values.aafConfig.fqdn }}" + - name: aaf_locator_public_fqdn + value: "{{.Values.aafConfig.publicFqdn}}" + - name: aaf_locator_app_ns + value: "{{ .Values.global.aafAppNs }}" + - name: DEPLOY_FQI + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 12 }} + - name: DEPLOY_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 12 }} + - name: cadi_longitude + value: "{{ .Values.aafConfig.cadiLongitude }}" + - name: cadi_latitude + value: "{{ .Values.aafConfig.cadiLatitude }}" + {{ end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /start-apache-tomcat.sh - - -b - - "{{ .Values.global.env.tomcatDir }}" + command: ["bash","-c"] + {{- if .Values.global.aafEnabled }} + args: ["export $(grep '^c' {{ .Values.persistence.aafCredsPath }}/mycreds.prop | xargs -0);\ + export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \ + -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\ + cat /dev/null > {{ .Values.persistence.aafCredsPath }}/mycreds.prop;\ + /start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"] + env: + - name: _CATALINA_OPTS + value: > + -Djavax.net.ssl.keyStore="{{ .Values.persistence.aafCredsPath }}/{{ .Values.aafConfig.keystoreFile }}" + -Djavax.net.ssl.trustStore="{{ .Values.persistence.aafCredsPath }}/{{ .Values.aafConfig.truststoreFile }}" + {{- else }} + args: ["/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"] + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} {{- if eq .Values.liveness.enabled true }} @@ -69,6 +130,13 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: + {{- if .Values.global.aafEnabled }} + - mountPath: {{ .Values.persistence.aafCredsPath }} + name: {{ include "common.fullname" . }}-aaf-config-vol + {{- end }} + - name: properties-onapportalsdk + mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml" + subPath: server.xml - mountPath: /etc/localtime name: localtime readOnly: true @@ -129,5 +197,10 @@ spec: emptyDir: {} - name: portal-tomcat-logs emptyDir: {} + {{- if .Values.global.aafEnabled }} + - name: {{ include "common.fullname" . }}-aaf-config-vol + emptyDir: + medium: Memory + {{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/portal/charts/portal-sdk/templates/secrets.yaml b/kubernetes/portal/charts/portal-sdk/templates/secrets.yaml new file mode 100644 index 0000000000..b79179bc6b --- /dev/null +++ b/kubernetes/portal/charts/portal-sdk/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/portal/charts/portal-sdk/values.yaml b/kubernetes/portal/charts/portal-sdk/values.yaml index 8572ff83da..34c29b5be1 100644 --- a/kubernetes/portal/charts/portal-sdk/values.yaml +++ b/kubernetes/portal/charts/portal-sdk/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018, 2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,15 +22,48 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 - + persistence: {} + #AAF global config overrides + aafEnabled: true + aafAgentImage: onap/aaf/aaf_agent:2.1.15 + aafAppNs: org.osaaf.aaf + aafLocatorContainer: oom ################################################################# # Application configuration defaults. ################################################################# +secrets: + - uid: aaf-deploy-creds + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aafConfig.aafDeployFqi }}' + password: '{{ .Values.aafConfig.aafDeployPass }}' + passwordPolicy: required + +## Persist cert data to a memory volume +persistence: + aafCredsPath: /opt/app/osaaf/local + # application image repository: nexus3.onap.org:10001 image: onap/portal-sdk:2.6.0 pullPolicy: Always +#AAF service +aafURL: https://aaf-service:8100/ +aafLocateUrl: https://aaf-locate:8095 + +#AAF local config +aafConfig: + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: portal + fqi: portal@portal.onap.org + publicFqdn: portal.onap.org + cadiLatitude: 0.0 + cadiLongitude: 0.0 + keystoreFile: "org.onap.portal.p12" + truststoreFile: "org.onap.portal.trust.jks" + # flag to enable debugging - application support required debugEnabled: false @@ -57,8 +90,8 @@ service: type: NodePort name: portal-sdk portName: portal-sdk - internalPort: 8080 - externalPort: 8080 + internalPort: 8443 + externalPort: 8443 nodePort: 12 mariadb: @@ -85,7 +118,7 @@ ingress: service: - baseaddr: portalsdk name: "portal-sdk" - port: 8080 + port: 8443 config: ssl: "none" diff --git a/kubernetes/robot b/kubernetes/robot -Subproject 591bfdea4f1d833abee3c7e60f084da546d9082 +Subproject c854b484ebbd5e0c1be1e6a032a79beeb4cab6f diff --git a/kubernetes/sdnc/charts/ueb-listener/values.yaml b/kubernetes/sdnc/charts/ueb-listener/values.yaml index 9b7dcb054b..254d76a05e 100644 --- a/kubernetes/sdnc/charts/ueb-listener/values.yaml +++ b/kubernetes/sdnc/charts/ueb-listener/values.yaml @@ -52,7 +52,7 @@ secrets: passwordPolicy: required - uid: ueb-creds type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}' + externalSecret: '{{ tpl (default "" .Values.config.uebCredsExternalSecret) . }}' login: '{{ .Values.config.uebUser }}' password: '{{ .Values.config.uebPassword }}' passwordPolicy: required diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml index c3b757ae14..58db6ad7a0 100644 --- a/kubernetes/sdnc/requirements.yaml +++ b/kubernetes/sdnc/requirements.yaml @@ -29,5 +29,4 @@ dependencies: - name: mariadb-galera version: ~5.x-0 repository: '@local' - condition: config.localDBCluster - + condition: .global.mariadbGalera.localCluster diff --git a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh index 455cb834f9..754ff2c5cc 100644..100755 --- a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh +++ b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh @@ -25,11 +25,11 @@ SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc} ETC_DIR=${ETC_DIR:-${SDNC_HOME}/data} BIN_DIR=${BIN_DIR-${SDNC_HOME}/bin} MYSQL_HOST=${MYSQL_HOST:-dbhost} -MYSQL_PASSWORD=${MYSQL_PASSWORD:-openECOMP1.0} +MYSQL_PASSWORD=${MYSQL_ROOT_PASSWORD} -SDNC_DB_USER=${SDNC_DB_USER:-sdnctl} -SDNC_DB_PASSWORD=${SDNC_DB_PASSWORD:-gamma} -SDNC_DB_DATABASE=${SDN_DB_DATABASE:-sdnctl} +SDNC_DB_USER=${SDNC_DB_USER} +SDNC_DB_PASSWORD=${SDNC_DB_PASSWORD} +SDNC_DB_DATABASE=${SDNC_DB_DATABASE} # Create tablespace and user account @@ -46,12 +46,12 @@ END # load schema if [ -f ${ETC_DIR}/sdnctl.dump ] then - mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} sdnctl < ${ETC_DIR}/sdnctl.dump + mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} ${SDNC_DB_DATABASE} < ${ETC_DIR}/sdnctl.dump fi for datafile in ${ETC_DIR}/*.data.dump do - mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} sdnctl < $datafile + mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} ${SDNC_DB_DATABASE} < $datafile done # Create VNIs 100-199 diff --git a/kubernetes/sdnc/resources/config/bin/startODL.sh b/kubernetes/sdnc/resources/config/bin/startODL.sh index 5f5f811fd0..af5c36207c 100755 --- a/kubernetes/sdnc/resources/config/bin/startODL.sh +++ b/kubernetes/sdnc/resources/config/bin/startODL.sh @@ -65,7 +65,7 @@ function enable_odl_cluster(){ addToFeatureBoot odl-jolokia #${ODL_HOME}/bin/client feature:install odl-mdsal-clustering #${ODL_HOME}/bin/client feature:install odl-jolokia - + echo "Update cluster information statically" hm=$(hostname) @@ -113,8 +113,8 @@ function enable_odl_cluster(){ # Install SDN-C platform components if not already installed and start container ODL_HOME=${ODL_HOME:-/opt/opendaylight/current} -ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME:-admin} -ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U} +ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME} +ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD} SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc} SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin} CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk} @@ -166,4 +166,3 @@ nohup python ${SDNC_BIN}/installCerts.py & exec ${ODL_HOME}/bin/karaf server - diff --git a/kubernetes/sdnc/resources/config/conf/aaiclient.properties b/kubernetes/sdnc/resources/config/conf/aaiclient.properties index 035942b304..5d4473c978 100755 --- a/kubernetes/sdnc/resources/config/conf/aaiclient.properties +++ b/kubernetes/sdnc/resources/config/conf/aaiclient.properties @@ -2,8 +2,7 @@ # ============LICENSE_START======================================================= # openECOMP : SDN-C # ================================================================================ -# Copyright (C) 2018 ONAP Intellectual Property. All rights -# reserved. +# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,8 +29,8 @@ org.onap.ccsdk.sli.adaptors.aai.ssl.trust=/opt/onap/sdnc/data/stores/truststoreO org.onap.ccsdk.sli.adaptors.aai.ssl.trust.psswd=changeit org.onap.ccsdk.sli.adaptors.aai.host.certificate.ignore=true -org.onap.ccsdk.sli.adaptors.aai.client.name=sdnc@sdnc.onap.org -org.onap.ccsdk.sli.adaptors.aai.client.psswd=demo123456! +org.onap.ccsdk.sli.adaptors.aai.client.name=${AAI_CLIENT_NAME} +org.onap.ccsdk.sli.adaptors.aai.client.psswd=${AAI_CLIENT_PASSWORD} org.onap.ccsdk.sli.adaptors.aai.application=openECOMP # diff --git a/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties b/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties index 3a6b5a08f0..224e84b3a7 100644 --- a/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties +++ b/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties @@ -24,12 +24,12 @@ org.onap.ccsdk.features.blueprints.adaptors.envtype=solo org.onap.ccsdk.features.blueprints.adaptors.modelservice.type=generic org.onap.ccsdk.features.blueprints.adaptors.modelservice.enable=true org.onap.ccsdk.features.blueprints.adaptors.modelservice.url=http://controller-blueprints:8080/api/v1/ -org.onap.ccsdk.features.blueprints.adaptors.modelservice.user=ccsdkapps -org.onap.ccsdk.features.blueprints.adaptors.modelservice.passwd=ccsdkapps +org.onap.ccsdk.features.blueprints.adaptors.modelservice.user=${MODELSERVICE_USER} +org.onap.ccsdk.features.blueprints.adaptors.modelservice.passwd=${MODELSERVICE_PASSWORD} # Generic RESTCONF Adaptor org.onap.ccsdk.features.blueprints.adaptors.restconf.type=generic org.onap.ccsdk.features.blueprints.adaptors.restconf.enable=true -org.onap.ccsdk.features.blueprints.adaptors.restconf.user=admin -org.onap.ccsdk.features.blueprints.adaptors.restconf.passwd={{ .Values.config.odlPassword}} +org.onap.ccsdk.features.blueprints.adaptors.restconf.user=${RESTCONF_USER} +org.onap.ccsdk.features.blueprints.adaptors.restconf.passwd=${RESTCONF_PASSWORD} org.onap.ccsdk.features.blueprints.adaptors.restconf.url=http://sdnc:8282/restconf/ diff --git a/kubernetes/sdnc/resources/config/conf/dblib.properties b/kubernetes/sdnc/resources/config/conf/dblib.properties index 1849053411..1fb6fb8732 100644 --- a/kubernetes/sdnc/resources/config/conf/dblib.properties +++ b/kubernetes/sdnc/resources/config/conf/dblib.properties @@ -1,7 +1,6 @@ ### # ============LICENSE_START======================================================= -# Copyright (C) 2018 AT&T Intellectual Property. All rights -# reserved. +# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,11 +17,11 @@ ### org.onap.ccsdk.sli.dbtype=jdbc org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01 -org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl +org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{$.Values.config.dbSdnctlDatabase}} org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver -org.onap.ccsdk.sli.jdbc.database=sdnctl -org.onap.ccsdk.sli.jdbc.user=sdnctl -org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}} +org.onap.ccsdk.sli.jdbc.database={{$.Values.config.dbSdnctlDatabase}} +org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER} +org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD} org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01 org.onap.ccsdk.sli.jdbc.connection.timeout=50 org.onap.ccsdk.sli.jdbc.request.timeout=100 diff --git a/kubernetes/sdnc/resources/config/conf/lcm-dg.properties b/kubernetes/sdnc/resources/config/conf/lcm-dg.properties index f91c62c98b..44ee0b998f 100644 --- a/kubernetes/sdnc/resources/config/conf/lcm-dg.properties +++ b/kubernetes/sdnc/resources/config/conf/lcm-dg.properties @@ -1,7 +1,7 @@ #ANSIBLE ansible.agenturl=http://{{.Values.config.ansibleServiceName}}:{{.Values.config.ansiblePort}}/Dispatch -ansible.user=sdnc -ansible.password=sdnc +ansible.user=${ANSIBLE_USER} +ansible.password=${ANSIBLE_PASSWORD} ansible.lcm.localparameters= ansible.nodelist= ansible.timeout=60 @@ -23,10 +23,10 @@ restapi.templateDir=/opt/onap/sdnc/restapi/templates lcm.restconf.configscaleout.templatefile=lcm-restconf-configscaleout.json lcm.restconf.configscaleout.urlpath=/restconf/config/vlb-business-vnf-onap-plugin:vlb-business-vnf-onap-plugin/vdns-instances/vdns-instance/ lcm.restconf.configscaleout.geturlpath=/restconf/operational/health-vnf-onap-plugin:health-vnf-onap-plugin-state/health-check -lcm.restconf.configscaleout.user=admin -lcm.restconf.configscaleout.password=admin -lcm.restconf.user=admin -lcm.restconf.password=admin +lcm.restconf.configscaleout.user=${SCALEOUT_USER} +lcm.restconf.configscaleout.password=${SCALEOUT_PASSWORD} +lcm.restconf.user=${RESTCONF_USER} +lcm.restconf.password=${RESTCONF_PASSWORD} lcm.restconf.port=8183 #DMAAP diff --git a/kubernetes/sdnc/resources/config/conf/netbox.properties b/kubernetes/sdnc/resources/config/conf/netbox.properties index 9cd3880614..a768041945 100755 --- a/kubernetes/sdnc/resources/config/conf/netbox.properties +++ b/kubernetes/sdnc/resources/config/conf/netbox.properties @@ -16,4 +16,4 @@ # Configuration file for Netbox client org.onap.ccsdk.sli.adaptors.netbox.url=http://netbox-app.{{.Release.Namespace}}:8001 -org.onap.ccsdk.sli.adaptors.netbox.apikey=onceuponatimeiplayedwithnetbox20180814
\ No newline at end of file +org.onap.ccsdk.sli.adaptors.netbox.apikey=${NETBOX_API_KEY}
\ No newline at end of file diff --git a/kubernetes/sdnc/resources/config/conf/svclogic.properties b/kubernetes/sdnc/resources/config/conf/svclogic.properties index 55ef8e7e85..adbba660c5 100644 --- a/kubernetes/sdnc/resources/config/conf/svclogic.properties +++ b/kubernetes/sdnc/resources/config/conf/svclogic.properties @@ -2,8 +2,7 @@ # ============LICENSE_START======================================================= # openECOMP : SDN-C # ================================================================================ -# Copyright (C) 2017 AT&T Intellectual Property. All rights -# reserved. +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,8 +19,7 @@ ### org.onap.ccsdk.sli.dbtype = jdbc -org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl -org.onap.ccsdk.sli.jdbc.database = sdnctl -org.onap.ccsdk.sli.jdbc.user = sdnctl -org.onap.ccsdk.sli.jdbc.password = {{.Values.config.dbSdnctlPassword}} - +org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{$.Values.config.dbSdnctlDatabase}} +org.onap.ccsdk.sli.jdbc.database = {{$.Values.config.dbSdnctlDatabase}} +org.onap.ccsdk.sli.jdbc.user = ${SDNC_DB_USER} +org.onap.ccsdk.sli.jdbc.password = ${SDNC_DB_PASSWORD} diff --git a/kubernetes/sdnc/templates/job.yaml b/kubernetes/sdnc/templates/job.yaml index dc77006a60..0cd0eae610 100755 --- a/kubernetes/sdnc/templates/job.yaml +++ b/kubernetes/sdnc/templates/job.yaml @@ -36,12 +36,53 @@ spec: name: {{ include "common.name" . }} spec: initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: AAI_CLIENT_NAME + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }} + - name: AAI_CLIENT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }} + - name: MODELSERVICE_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }} + - name: MODELSERVICE_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "password") | indent 10 }} + - name: RESTCONF_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }} + - name: RESTCONF_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }} + - name: ANSIBLE_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "login") | indent 10 }} + - name: ANSIBLE_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "password") | indent 10 }} + - name: SCALEOUT_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "login") | indent 10 }} + - name: SCALEOUT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "password") | indent 10 }} + - name: NETBOX_APIKEY + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "netbox-apikey" "key" "password") | indent 10 }} + - name: SDNC_DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: SDNC_DB_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: config-input + - mountPath: /config + name: properties + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - name: {{ include "common.name" . }}-readiness command: - /root/ready.py args: - --container-name - - {{ .Values.config.mariadbGalera.chartName }} + - {{ include "common.mariadbService" . }} env: - name: NAMESPACE valueFrom: @@ -55,31 +96,24 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password + - name: MYSQL_ROOT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }} + - name: ODL_ADMIN_USERNAME + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }} - name: ODL_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }}-odl - key: odl-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }} + - name: SDNC_DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - name: SDNC_DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }}-sdnctl - key: db-sdnctl-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} - name: MYSQL_HOST - value: "{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}" + value: {{ include "common.mariadbService" . }} - name: SDNC_HOME value: "{{.Values.config.sdncHome}}" - name: ETC_DIR value: "{{.Values.config.etcDir}}" - name: BIN_DIR value: "{{.Values.config.binDir}}" - - name: SDNC_DB_USER - value: "{{.Values.config.dbSdnctlUser}}" - name: SDNC_DB_DATABASE value: "{{.Values.config.dbSdnctlDatabase}}" volumeMounts: @@ -119,11 +153,13 @@ spec: configMap: name: {{ include "common.fullname" . }}-bin defaultMode: 0755 - - name: properties + - name: config-input configMap: name: {{ include "common.fullname" . }}-properties defaultMode: 0644 + - name: properties + emptyDir: + medium: Memory restartPolicy: Never imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - diff --git a/kubernetes/sdnc/templates/secret-aaf.yaml b/kubernetes/sdnc/templates/secret-aaf.yaml deleted file mode 100644 index cd2e539b28..0000000000 --- a/kubernetes/sdnc/templates/secret-aaf.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{ if .Values.global.aafEnabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-aaf - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -type: Opaque -data: - aaf-password: {{ .Values.aaf_init.deploy_pass | b64enc | quote }} -{{ end }} diff --git a/kubernetes/sdnc/templates/secrets.yaml b/kubernetes/sdnc/templates/secrets.yaml index e8cb336883..dee311c336 100644 --- a/kubernetes/sdnc/templates/secrets.yaml +++ b/kubernetes/sdnc/templates/secrets.yaml @@ -1,41 +1,15 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - db-root-password: {{ .Values.config.dbRootPassword | b64enc | quote }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-odl - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - odl-password: {{ .Values.config.odlPassword | b64enc | quote }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-sdnctl - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - db-sdnctl-password: {{ .Values.config.dbSdnctlPassword | b64enc | quote }} +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 1611449095..6054546d58 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -34,10 +34,51 @@ spec: spec: initContainers: - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: AAI_CLIENT_NAME + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }} + - name: AAI_CLIENT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }} + - name: MODELSERVICE_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }} + - name: MODELSERVICE_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "password") | indent 10 }} + - name: RESTCONF_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }} + - name: RESTCONF_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }} + - name: ANSIBLE_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "login") | indent 10 }} + - name: ANSIBLE_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "password") | indent 10 }} + - name: SCALEOUT_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "login") | indent 10 }} + - name: SCALEOUT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "password") | indent 10 }} + - name: NETBOX_APIKEY + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "netbox-apikey" "key" "password") | indent 10 }} + - name: SDNC_DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: SDNC_DB_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: config-input + - mountPath: /config + name: properties + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + + - command: - /root/ready.py args: - --container-name - - {{ .Values.config.mariadbGalera.chartName }} + - {{ include "common.mariadbService" . }} env: - name: NAMESPACE valueFrom: @@ -89,12 +130,9 @@ spec: - name: aaf_locator_app_ns value: "{{ .Values.aaf_init.app_ns }}" - name: DEPLOY_FQI - value: "{{ .Values.aaf_init.deploy_fqi }}" + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 12 }} - name: DEPLOY_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" .}}-aaf - key: aaf-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 12 }} - name: cadi_longitude value: "{{ .Values.aaf_init.cadi_longitude }}" - name: cadi_latitude @@ -125,41 +163,36 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password - - name: ODL_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }}-odl - key: odl-password - - name: SDNC_DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }}-sdnctl - key: db-sdnctl-password - - name: SDNC_CONFIG_DIR - value: "{{ .Values.config.configDir }}" - - name: ENABLE_ODL_CLUSTER - value: "{{ .Values.config.enableClustering }}" - - name: MY_ODL_CLUSTER - value: "{{ .Values.config.myODLCluster }}" - - name: PEER_ODL_CLUSTER - value: "{{ .Values.config.peerODLCluster }}" - - name: IS_PRIMARY_CLUSTER - value: "{{ .Values.config.isPrimaryCluster }}" - - name: GEO_ENABLED - value: "{{ .Values.config.geoEnabled}}" - - name: SDNC_AAF_ENABLED - value: "{{ .Values.global.aafEnabled}}" - - name: SDNC_REPLICAS - value: "{{ .Values.replicaCount }}" - - name: MYSQL_HOST - value: "{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}" - - name: JAVA_HOME - value: "{{ .Values.config.javaHome}}" + - name: MYSQL_ROOT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }} + - name: ODL_ADMIN_USERNAME + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }} + - name: ODL_ADMIN_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }} + - name: SDNC_DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: SDNC_DB_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + - name: SDNC_CONFIG_DIR + value: "{{ .Values.config.configDir }}" + - name: ENABLE_ODL_CLUSTER + value: "{{ .Values.config.enableClustering }}" + - name: MY_ODL_CLUSTER + value: "{{ .Values.config.myODLCluster }}" + - name: PEER_ODL_CLUSTER + value: "{{ .Values.config.peerODLCluster }}" + - name: IS_PRIMARY_CLUSTER + value: "{{ .Values.config.isPrimaryCluster }}" + - name: GEO_ENABLED + value: "{{ .Values.config.geoEnabled}}" + - name: SDNC_AAF_ENABLED + value: "{{ .Values.global.aafEnabled}}" + - name: SDNC_REPLICAS + value: "{{ .Values.replicaCount }}" + - name: MYSQL_HOST + value: {{ include "common.mariadbService" . }} + - name: JAVA_HOME + value: "{{ .Values.config.javaHome}}" volumeMounts: - mountPath: /etc/localtime name: localtime @@ -252,10 +285,13 @@ spec: configMap: name: {{ include "common.fullname" . }}-bin defaultMode: 0755 - - name: properties + - name: config-input configMap: name: {{ include "common.fullname" . }}-properties defaultMode: 0644 + - name: properties + emptyDir: + medium: Memory - name: {{ include "common.fullname" . }}-certs {{ if .Values.certpersistence.enabled }} persistentVolumeClaim: diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 4447a7dfaa..8fd7590863 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -26,6 +26,83 @@ global: persistence: mountPath: /dockerdata-nfs aafEnabled: true + # envsusbt + envsubstImage: dibi/envsubst + mariadbGalera: + #This flag allows SO to instantiate its own mariadb-galera cluster + #If shared instance is used, this chart assumes that DB already exists + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-root-password + name: '{{ include "common.release" . }}-sdnc-db-root-password' + type: password + externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride"))) (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}' + password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword" }}' + - uid: db-secret + name: &dbSecretName '{{ include "common.release" . }}-sdnc-db-secret' + type: basicAuth + # This is a nasty trick that allows you override this secret using external one + # with the same field that is used to pass this to subchart + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "config" "userName" }}' + password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' + - uid: odl-creds + name: &odlCredsSecretName '{{ include "common.release" . }}-sdnc-odl-creds' + type: basicAuth + externalSecret: '{{ .Values.config.odlCredsExternalSecret }}' + login: '{{ .Values.config.odlUser }}' + password: '{{ .Values.config.odlPassword }}' + # For now this is left hardcoded but should be revisited in a future + passwordPolicy: required + - uid: aaf-creds + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aaf_init.deploy_fqi }}' + password: '{{ .Values.aaf_init.deploy_pass }}' + passwordPolicy: required + - uid: netbox-apikey + type: password + externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}' + password: '{{ .Values.config.netboxApikey }}' + passwordPolicy: required + - uid: aai-user-creds + type: basicAuth + externalSecret: '{{ .Values.config.aaiCredsExternalSecret}}' + login: '{{ .Values.config.aaiUser }}' + password: '{{ .Values.config.aaiPassword }}' + passwordPolicy: required + - uid: modeling-user-creds + type: basicAuth + externalSecret: '{{ .Values.config.modelingCredsExternalSecret}}' + login: '{{ .Values.config.modelingUser }}' + password: '{{ .Values.config.modelingPassword }}' + passwordPolicy: required + - uid: restconf-creds + type: basicAuth + externalSecret: '{{ .Values.config.restconfCredsExternalSecret}}' + login: '{{ .Values.config.restconfUser }}' + password: '{{ .Values.config.restconfPassword }}' + passwordPolicy: required + - uid: ansible-creds + name: &ansibleSecretName '{{ include "common.release" . }}-sdnc-ansible-creds' + type: basicAuth + externalSecret: '{{ .Values.config.ansibleCredsExternalSecret}}' + login: '{{ .Values.config.ansibleUser }}' + password: '{{ .Values.config.ansiblePassword }}' + passwordPolicy: required + - uid: scaleout-creds + type: basicAuth + externalSecret: '{{ .Values.config.scaleoutCredsExternalSecret}}' + login: '{{ .Values.config.scaleoutUser }}' + password: '{{ .Values.config.scaleoutPassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -43,11 +120,27 @@ debugEnabled: false config: odlUid: 100 odlGid: 101 + odlUser: admin odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U - dbRootPassword: secretpassword - dbSdnctlUser: sdnctl - dbSdnctlDatabase: sdnctl - dbSdnctlPassword: gamma + # odlCredsExternalSecret: some secret + netboxApikey: onceuponatimeiplayedwithnetbox20180814 + # netboxApikeyExternalSecret: some secret + aaiUser: sdnc@sdnc.onap.org + aaiPassword: demo123456! + # aaiCredsExternalSecret: some secret + modelingUser: ccsdkapps + modelingPassword: ccsdkapps + # modelingCredsExternalSecret: some secret + restconfUser: admin + restconfPassword: admin + # restconfCredsExternalSecret: some secret + scaleoutUser: admin + scaleoutPassword: admin + # scaleoutExternalSecret: some secret + ansibleUser: sdnc + ansiblePassword: sdnc + # ansibleCredsExternalSecret: some secret + dbSdnctlDatabase: &sdncDbName sdnctl enableClustering: true sdncHome: /opt/onap/sdnc binDir: /opt/onap/sdnc/bin @@ -91,17 +184,6 @@ config: parallelGCThreads : 3 numberGGLogFiles: 10 - - - #local Mariadb-galera cluster - localDBCluster: false - - #Shared mariadb-galera details - mariadbGalera: - chartName: mariadb-galera - serviceName: mariadb-galera - internalPort: 3306 - # dependency / sub-chart configuration aaf_init: agentImage: onap/aaf/aaf_agent:2.1.15 @@ -114,63 +196,82 @@ aaf_init: cadi_latitude: "38.0" cadi_longitude: "-72.0" +mariadb-galera: &mariadbGalera + nameOverride: sdnc-db + config: + rootPasswordExternalSecret: '{{ ternary (include "common.release" .)-sdnc-db-root-password "" .Values.global.mariadbGalera.localCluster }}' + userName: sdnctl + userCredentialsExternalSecret: *dbSecretName + service: + name: sdnc-dbhost + internalPort: 3306 + sdnctlPrefix: sdnc + persistence: + mountSubPath: sdnc/mariadb-galera + enabled: true + replicaCount: 1 + cds: enabled: false dmaap-listener: nameOverride: sdnc-dmaap-listener + mariadb-galera: + << : *mariadbGalera + config: + mysqlDatabase: *sdncDbName config: sdncChartName: sdnc - mysqlChartName: mariadb-galera dmaapPort: 3904 sdncPort: 8282 configDir: /opt/onap/sdnc/data/properties - odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + odlCredsExternalSecret: *odlCredsSecretName ueb-listener: + mariadb-galera: + << : *mariadbGalera + config: + mysqlDatabase: *sdncDbName nameOverride: sdnc-ueb-listener config: sdncPort: 8282 sdncChartName: sdnc - mysqlChartName: mariadb-galera configDir: /opt/onap/sdnc/data/properties - odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + odlCredsExternalSecret: *odlCredsSecretName sdnc-portal: + mariadb-galera: + << : *mariadbGalera + config: + mysqlDatabase: *sdncDbName config: sdncChartName: sdnc - mysqlChartName: mariadb-galera configDir: /opt/onap/sdnc/data/properties - dbRootPassword: secretpassword - dbSdnctlPassword: gamma - odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + odlCredsExternalSecret: *odlCredsSecretName sdnc-ansible-server: + config: + restCredsExternalSecret: *ansibleSecretName + mariadb-galera: + << : *mariadbGalera + config: + mysqlDatabase: ansible service: name: sdnc-ansible-server internalPort: 8000 - config: - mysqlServiceName: mariadb-galera - -mariadb-galera: - nameOverride: sdnc-db - service: - name: sdnc-dbhost - internalPort: 3306 - sdnctlPrefix: sdnc - persistence: - mountSubPath: sdnc/mariadb-galera - enabled: true - replicaCount: 1 dgbuilder: nameOverride: sdnc-dgbuilder config: + db: + dbName: *sdncDbName + rootPasswordExternalSecret: '{{ ternary (printf "%s-sdnc-db-root-password" (include "common.release" .)) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" "mariadb-galera")) .Values.global.mariadbGalera.localCluster }}' + userCredentialsExternalSecret: *dbSecretName dbPodName: mariadb-galera dbServiceName: mariadb-galera - dbRootPassword: secretpassword - dbSdnctlPassword: gamma + # This should be revisited and changed to plain text dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5 + mariadb-galera: service: name: sdnc-dgbuilder nodePort: "03" diff --git a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml index a714ba9328..02947c6643 100755 --- a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml @@ -289,6 +289,15 @@ sdnc: si: svc: types: PORT-MIRROR,PPROBE + dmaap: + host: http://message-router.{{ include "common.namespace" . }}:3904 + timeout: 30000 + lcm: + path: '/restconf/operations/LCM:' + actionTimeout: 300000 + dmapp: + readTopic: SDNC-LCM-WRITE + writeTopic: SDNC-LCM-READ appc: client: topic: diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml b/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml index b57205223e..a2e27548ba 100755 --- a/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml @@ -38,3 +38,12 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} + diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml index 91e9be6376..40b19871da 100755 --- a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml @@ -66,26 +66,14 @@ spec: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.readwrite.port - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.rolename + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} - name: DB_ADMIN_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.rolename + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.password - {{- if eq .Values.global.security.aaf.enabled true }} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + {{- if eq .Values.global.security.aaf.enabled true }} - name: TRUSTSTORE value: /app/org.onap.so.trust.jks - name: TRUSTSTORE_PASSWORD @@ -111,16 +99,42 @@ spec: - name: config mountPath: /app/config readOnly: true + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap {{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: logs + mountPath: /var/log/onap/so + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap volumes: - name: logs emptyDir: {} - name: config configMap: name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-so-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/secret.yaml b/kubernetes/so/charts/so-bpmn-infra/templates/secret.yaml new file mode 100644 index 0000000000..dee311c336 --- /dev/null +++ b/kubernetes/so/charts/so-bpmn-infra/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/so/charts/so-bpmn-infra/values.yaml b/kubernetes/so/charts/so-bpmn-infra/values.yaml index a7925b79e5..357a8fd62c 100755 --- a/kubernetes/so/charts/so-bpmn-infra/values.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/values.yaml @@ -24,12 +24,39 @@ global: mountPath: /dockerdata-nfs ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + name: '{{ include "common.release" . }}-so-bpmn-infra-db-user-creds' + type: basicAuth + externalSecret: '{{ .Values.db.userCredsExternalSecret }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + name: '{{ include "common.release" . }}-so-bpmn-infra-db-admin-creds' + type: basicAuth + externalSecret: '{{ .Values.db.adminCredsExternalSecret }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + + +################################################################# # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 image: onap/so/bpmn-infra:1.5.3 pullPolicy: Always +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret replicaCount: 1 minReadySeconds: 10 containerPort: 8081 diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml index 91e9be6376..63a10b0d83 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml @@ -66,25 +66,13 @@ spec: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.readwrite.port - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.rolename + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} - name: DB_ADMIN_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.rolename + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} {{- if eq .Values.global.security.aaf.enabled true }} - name: TRUSTSTORE value: /app/org.onap.so.trust.jks diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/secret.yaml b/kubernetes/so/charts/so-catalog-db-adapter/templates/secret.yaml new file mode 100644 index 0000000000..dee311c336 --- /dev/null +++ b/kubernetes/so/charts/so-catalog-db-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml index c4e23164f2..889f2e83ec 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml @@ -24,12 +24,39 @@ global: mountPath: /dockerdata-nfs ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-user-creds' + type: basicAuth + externalSecret: '{{ .Values.db.userCredsExternalSecret }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-admin-creds' + type: basicAuth + externalSecret: '{{ .Values.db.adminCredsExternalSecret }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + +################################################################# # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 image: onap/so/catalog-db-adapter:1.5.3 pullPolicy: Always +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + replicaCount: 1 minReadySeconds: 10 containerPort: 8082 diff --git a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml index 4710fea218..ffebc4c794 100755 --- a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml @@ -99,7 +99,8 @@ mso: auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}} logPath: ./logs/openstack msb-ip: msb-iag.{{ include "common.namespace" . }} - msb-port: 80 + msb-port: 443 + msb-scheme: https workflow: endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine msoKey: {{ .Values.mso.msoKey }} diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml index b57205223e..21544798cf 100755 --- a/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml @@ -38,3 +38,11 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml index 91e9be6376..c0ac078039 100755 --- a/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml @@ -111,16 +111,42 @@ spec: - name: config mountPath: /app/config readOnly: true + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap {{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: logs + mountPath: /var/log/onap/so + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap volumes: - name: logs emptyDir: {} - name: config configMap: name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-so-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml b/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml index b57205223e..104daae051 100755 --- a/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml +++ b/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml @@ -38,3 +38,11 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml index 91e9be6376..c0ac078039 100755 --- a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml +++ b/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml @@ -111,16 +111,42 @@ spec: - name: config mountPath: /app/config readOnly: true + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap {{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: logs + mountPath: /var/log/onap/so + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap volumes: - name: logs emptyDir: {} - name: config configMap: name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-so-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml index a20d2178ba..6235bd2c88 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml @@ -151,6 +151,7 @@ org: sdncurl7: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/L3UCPE-API:' sdncurl8: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NBNC-API:' sdncurl9: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NORTHBOUND-API:service-topology-operation' + sdncurl20: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/LCM:' service: infra: service-topology-infra-activate-operation: POST|90000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1 @@ -160,6 +161,12 @@ org: vfmodule: '': query: GET|60000|sdncurl12| + lcm: + download-n-e-sw: POST|1800000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm + activate-n-e-sw: POST|300000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm + upgrade-pre-check: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm + upgrade-post-check: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm + default: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm network: encryptionKey: {{ index .Values.org.onap.so.adapters.sdnc.network.encryptionKey }} spring: diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml index b57205223e..104daae051 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml @@ -38,3 +38,11 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml index 5c7f3ab0ca..3b3d189190 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml @@ -96,16 +96,42 @@ spec: - name: config mountPath: /app/config readOnly: true + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap {{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: logs + mountPath: /var/log/onap/so + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap volumes: - name: logs emptyDir: {} - name: config configMap: name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-so-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/templates/configmap.yaml b/kubernetes/so/templates/configmap.yaml index b57205223e..6aa4b5f4f0 100755 --- a/kubernetes/so/templates/configmap.yaml +++ b/kubernetes/so/templates/configmap.yaml @@ -38,3 +38,19 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-so-filebeat-configmap + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }} diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml index 91e9be6376..c0ac078039 100755 --- a/kubernetes/so/templates/deployment.yaml +++ b/kubernetes/so/templates/deployment.yaml @@ -111,16 +111,42 @@ spec: - name: config mountPath: /app/config readOnly: true + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap {{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: logs + mountPath: /var/log/onap/so + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap volumes: - name: logs emptyDir: {} - name: config configMap: name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-so-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 5a06253863..a792ff9acd 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -20,6 +20,8 @@ global: repository: nexus3.onap.org:10001 readinessRepository: oomk8s readinessImage: readiness-check:2.0.2 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 mariadbGalera: nameOverride: mariadb-galera serviceName: mariadb-galera @@ -119,6 +121,12 @@ livenessProbe: nodeSelector: {} affinity: {} +# application configuration +config: + logstashServiceName: log-ls + logstashPort: 5044 + + #Used only if localCluster is enabled. Instantiates SO's own cassandra cluster #helm deploy demo local/onap --namespace onap --verbose --set so.enabled=true \ # --set so.global.mariadbGalera.localCluster=true \ diff --git a/kubernetes/uui/charts/uui-server/values.yaml b/kubernetes/uui/charts/uui-server/values.yaml index 3da0bdf976..2035c63a1a 100644 --- a/kubernetes/uui/charts/uui-server/values.yaml +++ b/kubernetes/uui/charts/uui-server/values.yaml @@ -84,16 +84,16 @@ ingress: resources: small: limits: - cpu: 250m - memory: 500Mi + cpu: 1.5 + memory: 350Mi requests: - cpu: 250m - memory: 500Mi + cpu: 1 + memory: 245Mi large: limits: - cpu: 500m + cpu: 2 memory: 500Mi requests: - cpu: 500m + cpu: 1 memory: 500Mi unlimited: {} diff --git a/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml index 8e5d097e40..b5246d1d92 100644 --- a/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml @@ -37,7 +37,7 @@ spec: - /root/ready.py args: - --container-name - - vfc-mariadb + - {{ .Values.config.mariadbService }} env: - name: NAMESPACE valueFrom: @@ -49,6 +49,11 @@ spec: name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} + command: + - sh + args: + - -c + - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: @@ -75,9 +80,11 @@ spec: - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR - value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}" - - name: MYSQL_AUTH - value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}" + value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" + - name: MYSQL_ROOT_USER + value: "{{ .Values.global.config.mariadb_admin }}" + - name: MYSQL_ROOT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} - name: REDIS_ADDR value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" volumeMounts: diff --git a/kubernetes/vfc/charts/vfc-catalog/templates/secrets.yaml b/kubernetes/vfc/charts/vfc-catalog/templates/secrets.yaml new file mode 100644 index 0000000000..d053c484be --- /dev/null +++ b/kubernetes/vfc/charts/vfc-catalog/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/vfc/charts/vfc-catalog/values.yaml b/kubernetes/vfc/charts/vfc-catalog/values.yaml index 1a8808b358..8914d668fa 100644 --- a/kubernetes/vfc/charts/vfc-catalog/values.yaml +++ b/kubernetes/vfc/charts/vfc-catalog/values.yaml @@ -23,6 +23,16 @@ global: loggingImage: beats/filebeat:5.5.0 ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: "db-root-pass" + externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' + type: password + password: '{{ .Values.config.mariadbRootPassword }}' + policy: required + +################################################################# # Application configuration defaults. ################################################################# # application image @@ -39,7 +49,11 @@ istioSidecar: true debugEnabled: false # application configuration -config: {} +config: + mariadbService: vfc-mariadb + mariadbPort: 3306 + # mariadbRootPassword: secretpassword + # mariadbRootPasswordExternalSecret: some secret # default number of instances replicaCount: 1 @@ -108,4 +122,4 @@ resources: requests: cpu: 200m memory: 500Mi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml index fc6c736fbd..395eedcb84 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml @@ -37,7 +37,7 @@ spec: - /root/ready.py args: - --container-name - - vfc-mariadb + - {{ .Values.config.mariadbService }} env: - name: NAMESPACE valueFrom: @@ -49,6 +49,11 @@ spec: name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} + command: + - sh + args: + - -c + - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: @@ -75,9 +80,11 @@ spec: - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR - value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}" - - name: MYSQL_AUTH - value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}" + value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" + - name: MYSQL_ROOT_USER + value: "{{ .Values.global.config.mariadb_admin }}" + - name: MYSQL_ROOT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} - name: REDIS_ADDR value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" - name: REG_TO_MSB_WHEN_START diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/secrets.yaml b/kubernetes/vfc/charts/vfc-nslcm/templates/secrets.yaml new file mode 100644 index 0000000000..d053c484be --- /dev/null +++ b/kubernetes/vfc/charts/vfc-nslcm/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/vfc/charts/vfc-nslcm/values.yaml b/kubernetes/vfc/charts/vfc-nslcm/values.yaml index a3d03032c9..35637f33f7 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/values.yaml +++ b/kubernetes/vfc/charts/vfc-nslcm/values.yaml @@ -23,6 +23,16 @@ global: loggingImage: beats/filebeat:5.5.0 ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: "db-root-pass" + externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' + type: password + password: '{{ .Values.config.mariadbRootPassword }}' + policy: required + +################################################################# # Application configuration defaults. ################################################################# # application image @@ -39,7 +49,12 @@ istioSidecar: true debugEnabled: false # application configuration -config: {} +config: + mariadbService: vfc-mariadb + mariadbPort: 3306 + # mariadbRootPassword: secretpassword + # mariadbRootPasswordExternalSecret: some secret + # default number of instances replicaCount: 1 @@ -88,4 +103,4 @@ resources: requests: cpu: 200m memory: 500Mi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml index e99f4d1120..465f4cf115 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml @@ -37,7 +37,7 @@ spec: - /root/ready.py args: - --container-name - - vfc-mariadb + - {{ .Values.config.mariadbService }} env: - name: NAMESPACE valueFrom: @@ -49,6 +49,11 @@ spec: name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} + command: + - sh + args: + - -c + - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: @@ -75,9 +80,11 @@ spec: - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR - value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}" - - name: MYSQL_AUTH - value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}" + value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" + - name: MYSQL_ROOT_USER + value: "{{ .Values.global.config.mariadb_admin }}" + - name: MYSQL_ROOT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} - name: REDIS_ADDR value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" volumeMounts: diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/secrets.yaml b/kubernetes/vfc/charts/vfc-vnflcm/templates/secrets.yaml new file mode 100644 index 0000000000..d053c484be --- /dev/null +++ b/kubernetes/vfc/charts/vfc-vnflcm/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml index 4883833182..b58f30b28d 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml +++ b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml @@ -23,6 +23,16 @@ global: loggingImage: beats/filebeat:5.5.0 ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: "db-root-pass" + externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' + type: password + password: '{{ .Values.config.mariadbRootPassword }}' + policy: required + +################################################################# # Application configuration defaults. ################################################################# # application image @@ -39,7 +49,12 @@ istioSidecar: true debugEnabled: false # application configuration -config: {} +config: + mariadbService: vfc-mariadb + mariadbPort: 3306 + # mariadbRootPassword: secretpassword + # mariadbRootPasswordExternalSecret: some secret + # default number of instances replicaCount: 1 @@ -88,4 +103,4 @@ resources: requests: cpu: 200m memory: 500Mi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml index 66db39ec36..c4c070d583 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml @@ -37,7 +37,7 @@ spec: - /root/ready.py args: - --container-name - - vfc-mariadb + - {{ .Values.config.mariadbService }} env: - name: NAMESPACE valueFrom: @@ -49,6 +49,11 @@ spec: name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} + command: + - sh + args: + - -c + - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: @@ -75,11 +80,13 @@ spec: - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR - value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}" + value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" - name: REDIS_ADDR value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" - - name: MYSQL_AUTH - value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}" + - name: MYSQL_ROOT_USER + value: "{{ .Values.global.config.mariadb_admin }}" + - name: MYSQL_ROOT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} volumeMounts: - name: {{ include "common.fullname" . }}-localtime diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/secrets.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/templates/secrets.yaml new file mode 100644 index 0000000000..d053c484be --- /dev/null +++ b/kubernetes/vfc/charts/vfc-vnfmgr/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml index fdd38e68e9..9cceb9f051 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml +++ b/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml @@ -23,6 +23,16 @@ global: loggingImage: beats/filebeat:5.5.0 ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: "db-root-pass" + externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' + type: password + password: '{{ .Values.config.mariadbRootPassword }}' + policy: required + +################################################################# # Application configuration defaults. ################################################################# # application image @@ -39,7 +49,11 @@ istioSidecar: true debugEnabled: false # application configuration -config: {} +config: + mariadbService: vfc-mariadb + mariadbPort: 3306 + # mariadbRootPassword: secretpassword + # mariadbRootPasswordExternalSecret: some secret # default number of instances replicaCount: 1 @@ -87,4 +101,4 @@ resources: requests: cpu: 200m memory: 500Mi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml index f5fc28466a..e70bf0e655 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml @@ -37,7 +37,7 @@ spec: - /root/ready.py args: - --container-name - - vfc-mariadb + - {{ .Values.config.mariadbService }} env: - name: NAMESPACE valueFrom: @@ -49,6 +49,11 @@ spec: name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} + command: + - sh + args: + - -c + - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: @@ -75,11 +80,14 @@ spec: - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR - value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}" + value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" - name: REDIS_ADDR value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" - - name: MYSQL_AUTH - value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}" + - name: MYSQL_ROOT_USER + value: "{{ .Values.global.config.mariadb_admin }}" + - name: MYSQL_ROOT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} + volumeMounts: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/secrets.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/secrets.yaml new file mode 100644 index 0000000000..d053c484be --- /dev/null +++ b/kubernetes/vfc/charts/vfc-vnfres/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/vfc/charts/vfc-vnfres/values.yaml b/kubernetes/vfc/charts/vfc-vnfres/values.yaml index 9c51d6658f..1a6440279b 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/values.yaml +++ b/kubernetes/vfc/charts/vfc-vnfres/values.yaml @@ -23,6 +23,16 @@ global: loggingImage: beats/filebeat:5.5.0 ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: "db-root-pass" + externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' + type: password + password: '{{ .Values.config.mariadbRootPassword }}' + policy: required + +################################################################# # Application configuration defaults. ################################################################# # application image @@ -39,7 +49,12 @@ istioSidecar: true debugEnabled: false # application configuration -config: {} +config: + mariadbService: vfc-mariadb + mariadbPort: 3306 + # mariadbRootPassword: secretpassword + # mariadbRootPasswordExternalSecret: some secret + # default number of instances replicaCount: 1 @@ -88,4 +103,4 @@ resources: requests: cpu: 200m memory: 500Mi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/vfc/templates/secrets.yaml b/kubernetes/vfc/templates/secrets.yaml new file mode 100644 index 0000000000..d053c484be --- /dev/null +++ b/kubernetes/vfc/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/vfc/values.yaml b/kubernetes/vfc/values.yaml index eb6638b18b..88275aea83 100644 --- a/kubernetes/vfc/values.yaml +++ b/kubernetes/vfc/values.yaml @@ -18,40 +18,65 @@ global: msbprotocol: https msbServiceName: msb-iag msbPort: 443 - dbServiceName: vfc-db - dbPort: 3306 - dbUser: root - mariadbRootPassword: secretpassword redisServiceName: vfc-redis redisPort: 6379 reg_to_msb_when_start: False + mariadb_admin: root persistence: mountPath: /dockerdata-nfs +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: "db-root-pass" + name: &dbRootPassSecret '{{ include "common.release" . }}-vfc-db-root-pass' + type: password + password: '{{ .Values.config.mariadbRootPassword }}' + # application configuration config: logstashServiceName: log-ls logstashPort: 5044 mariadb-galera: + config: + mariadbRootPasswordExternalSecret: *dbRootPassSecret nameOverride: vfc-mariadb service: - name: vfc-db - portName: vfc-db + name: vfc-mariadb + portName: vfc-mariadb nfsprovisionerPrefix: vfc persistence: mountSubPath: vfc/data enabled: true disableNfsProvisioner: true -catalog: +db: &dbConfig + mariadbService: vfc-mariadb + mariadbPort: 3306 + mariadbRootPasswordExternalSecret: *dbRootPassSecret + +vfc-catalog: config: - dbPodName: vfc-db - dbServiceName: vfc-db -nslcm: + << : *dbConfig + +vfc-nslcm: + config: + << : *dbConfig + +vfc-vnflcm: config: - dbPodName: vfc-db - dbServiceName: vfc-db + << : *dbConfig + +vfc-vnfmgr: + config: + << : *dbConfig + +vfc-vnfres: + config: + << : *dbConfig + # sub-chart configuration vfc-workflow: service: |